Bitcoin Forum
November 12, 2024, 12:13:51 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 »  All
  Print  
Author Topic: Show Me The Bitcoin! - use plain images as Bitcoin keys, send BTC via email  (Read 3244 times)
drazvan (OP)
Full Member
***
Offline Offline

Activity: 191
Merit: 100



View Profile WWW
April 27, 2014, 04:24:46 PM
 #1

Hello everyone,

I've just published a small Android app called "Show Me The Bitcoin!" that allows you to use any image in your phone gallery as a Bitcoin private key and wallet. You can add funds to an image using your regular wallet, email it to someone else and claim/sweep funds received from a third party in the form of a simple image email attachment.


Possible uses are:
1. Covert transfer of funds (to an outside observer you are simply emailing that person a funny photo).

2. Hidden Bitcoin storage (add funds to a personal image in your gallery and remove the Bitcoin wallet app). If your device is searched, they will find no trace of Bitcoins, just a few personal photos in your Gallery. At a later time, you can reinstall the app and reclaim the funds.

3. Bitcoin shared wallet for family/friends (anyone with access to the image can claim the funds and also deposit funds on that image for use by other members).

4. Reward website users by hiding Bitcoins in images on your blog / website (scavenger-hunt style).


Here are a few screenshots:






A demo video is at http://www.youtube.com/watch?v=rTmnLlyUjHQ.

Give it a try at https://play.google.com/store/apps/details?id=com.cayennegraphics.showmethebitcoin , it's free! It will nag you after you've sent $50 (0.1 BTC) or more through it for a donation, you can donate as much (or as little) as you want or not donate at all, your call. Or you could send directly to 1Razvan4KEK2q5DNxemvsHwGncF1T3NqR Smiley.

For the technically inclined, the way it works is by doing a SHA-256 hash of the image and using that as a Bitcoin private key - it derives an address from it, then allows you to send funds to that address or sweep them to your wallet. Nothing fancy, just pure old fun Smiley.

Finally, if you've read this far, I have a tip for you: I've hidden 3 small amounts (0.05 BTC) into 3 logo images present on Bitcoin-related sites (or vendors related to Bitcoin). So you just need to navigate to the site, save the logo image and then load it into Show Me The Bitcoin! to sweep the funds (or add more if you're into that sort of fun Smiley ). I will post tips and possibly more bounties here over the next days, feel free to join in.

Cheers,
Razvan
KaChingCoinDev
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250


View Profile
April 27, 2014, 04:31:28 PM
 #2

Cool! But then you have to keep the image secret, right?
drazvan (OP)
Full Member
***
Offline Offline

Activity: 191
Merit: 100



View Profile WWW
April 27, 2014, 04:34:25 PM
 #3

Yes, anyone that has access to the image has access to the funds. The trick is that the image is not modified in any way, it's just an image, so an attacker that finds your phone would not know where to start (or even know that you've used this at all), unless they start hashing any and all images found on stolen phones to look for funds Smiley.
KaChingCoinDev
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250


View Profile
April 27, 2014, 04:39:14 PM
 #4

Ah yes, that makes sense. Do you have any plan on A. Making this for altcoins, or B. making this Open Source?
KaChingCoinDev
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250


View Profile
April 27, 2014, 04:44:13 PM
 #5

Oh, 1 more thing.

I have two android phones, neither are letting me download saying it is incompatable Sad
drazvan (OP)
Full Member
***
Offline Offline

Activity: 191
Merit: 100



View Profile WWW
April 27, 2014, 04:44:31 PM
 #6

I haven't thought about making this for altcoins, it shouldn't be too hard, as long as there's interest and the altcoin private keys are 256-bit values (or smaller, I can truncate the output of the SHA256 hash), they should be fine. And yes, it will eventually be open-sourced, just need to clean up the code a bit (it was essentially hacked together over the Easter holidays, it works fine but it reuses parts of my OtherCoin and VisualBTC projects).
drazvan (OP)
Full Member
***
Offline Offline

Activity: 191
Merit: 100



View Profile WWW
April 27, 2014, 04:46:09 PM
 #7

Oh, 1 more thing.

I have two android phones, neither are letting me download saying it is incompatable Sad

What version of Android are you running? It should install all the way down to 4.0.3. I have only tried it on 4.3 and 4.4 myself, but it's declared to support everything above 4.0.3.
Abdussamad
Legendary
*
Offline Offline

Activity: 3682
Merit: 1580



View Profile
April 27, 2014, 04:49:38 PM
 #8

So the private key is not encrypted in any way? It's just the sha256 hash of the image. What could possibly go wrong!

Also number 1 is people emailing the private key to others?!
drazvan (OP)
Full Member
***
Offline Offline

Activity: 191
Merit: 100



View Profile WWW
April 27, 2014, 04:55:53 PM
 #9

The hash of the image is the key, so no, it's not encrypted. The recipient is not meant to leave the funds there indefinitely, I expect them to sweep them to their own wallets on receipt. And unless an attacker has access to your email and starts hashing all image attachments and checking the blockchain for a match, they would not even know you're sending (or receiving) money.

Also, if you're using this to store your own funds, it's similar to a brainwallet - that is not encrypted with anything either Smiley. But instead of remembering it, you just save/secure an image that hashes to the key. It's not as secure as a true 256-bit random key and it's not meant to be - it's just way easier to covertly store and transfer.
drazvan (OP)
Full Member
***
Offline Offline

Activity: 191
Merit: 100



View Profile WWW
April 27, 2014, 05:05:18 PM
 #10

Of course, this doesn't mean I can't add a password or a PIN into the mix - but I wanted to minimize the amount of extra information needed to claim the funds. If I have a channel to securely send you an extra PIN or password, I might as well send you the whole key.

And for storing personal funds, I wanted to be able to take a picture of my family for instance, then secretly add some funds to it, then tell my daughter when she's older to look for that family photo and find a little "surprise present" in it if she knows where to look Smiley.
KaChingCoinDev
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250


View Profile
April 27, 2014, 05:24:13 PM
 #11

Oh, one is 2.3.6, the other is 4.1.2. I got it working on 4.1.2, but when I go to deposit funds, it crashes. Huh
drazvan (OP)
Full Member
***
Offline Offline

Activity: 191
Merit: 100



View Profile WWW
April 27, 2014, 05:32:13 PM
 #12

Oh, one is 2.3.6, the other is 4.1.2. I got it working on 4.1.2, but when I go to deposit funds, it crashes. Huh

Do you have the Android Bitcoin Wallet installed? This one: https://play.google.com/store/apps/details?id=de.schildbach.wallet .

I should probably add some code to check if the Bitcoin Wallet is installed and if it's not, take the user to the download page.

KaChingCoinDev
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250


View Profile
April 27, 2014, 05:33:35 PM
 #13

Ah, I don't. That is a good idea Smiley
Abdussamad
Legendary
*
Offline Offline

Activity: 3682
Merit: 1580



View Profile
April 27, 2014, 06:31:02 PM
 #14

The hash of the image is the key, so no, it's not encrypted. The recipient is not meant to leave the funds there indefinitely, I expect them to sweep them to their own wallets on receipt. And unless an attacker has access to your email and starts hashing all image attachments and checking the blockchain for a match, they would not even know you're sending (or receiving) money.

Attacker?? You expect people to send their private keys off to someone expecting money. Instead the recipient of their email is just going to clean them out.

Quote
Also, if you're using this to store your own funds, it's similar to a brainwallet - that is not encrypted with anything either Smiley.

Brain wallets are another bad idea. You are comparing your app to a known bad idea?
KaChingCoinDev
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250


View Profile
April 27, 2014, 06:46:19 PM
 #15

The hash of the image is the key, so no, it's not encrypted. The recipient is not meant to leave the funds there indefinitely, I expect them to sweep them to their own wallets on receipt. And unless an attacker has access to your email and starts hashing all image attachments and checking the blockchain for a match, they would not even know you're sending (or receiving) money.

Attacker?? You expect people to send their private keys off to someone expecting money. Instead the recipient of their email is just going to clean them out.

Quote
Also, if you're using this to store your own funds, it's similar to a brainwallet - that is not encrypted with anything either Smiley.

Brain wallets are another bad idea. You are comparing your app to a known bad idea?

Give the guy a break. He tried to make something practical, and IMO he did. It is free, not like he's charging a BTC for it.
davidgdg
Hero Member
*****
Offline Offline

Activity: 552
Merit: 501


View Profile
April 27, 2014, 07:37:19 PM
 #16

The hash of the image is the key, so no, it's not encrypted. The recipient is not meant to leave the funds there indefinitely, I expect them to sweep them to their own wallets on receipt. And unless an attacker has access to your email and starts hashing all image attachments and checking the blockchain for a match, they would not even know you're sending (or receiving) money.

Attacker?? You expect people to send their private keys off to someone expecting money. Instead the recipient of their email is just going to clean them out.

Quote
Also, if you're using this to store your own funds, it's similar to a brainwallet - that is not encrypted with anything either Smiley.

Brain wallets are another bad idea. You are comparing your app to a known bad idea?

Why are they a bad idea? A properly done brain wallet is simple to remember and impossible to crack.

"There is only one thing that is seriously morally wrong with the world, and that is politics. By 'politics' I mean all that, and only what, involves the State." Jan Lester "Escape from Leviathan"
drazvan (OP)
Full Member
***
Offline Offline

Activity: 191
Merit: 100



View Profile WWW
April 27, 2014, 07:57:48 PM
 #17


Quote
Attacker?? You expect people to send their private keys off to someone expecting money. Instead the recipient of their email is just going to clean them out.

No, you are not sending them your private key! You are creating a private key for the purpose of that transaction, deriving a Bitcoin address from it, then sending only the funds you want to transfer to that newly created address. This is similar to the current payment process, where the recipient of the funds creates a new address to receive the funds - but it's the trusted sender that creates it, not the recipient. The recipient can not clean you out, they only have access to the funds you have attached to the image, nothing else.

Better now?
drazvan (OP)
Full Member
***
Offline Offline

Activity: 191
Merit: 100



View Profile WWW
April 27, 2014, 08:04:34 PM
 #18

Looks like someone claimed 2 of the 3 bounties I've posted (funds attached to images on the net). The first one was attached to the top-left image on Reddit (/r/Bitcoin), the second one was attached to our logo on www.veri.fi Smiley. Good work people! There's just one left!
Abdussamad
Legendary
*
Offline Offline

Activity: 3682
Merit: 1580



View Profile
April 27, 2014, 08:20:34 PM
 #19


Quote
Attacker?? You expect people to send their private keys off to someone expecting money. Instead the recipient of their email is just going to clean them out.

No, you are not sending them your private key! You are creating a private key for the purpose of that transaction, deriving a Bitcoin address from it, then sending only the funds you want to transfer to that newly created address. This is similar to the current payment process, where the recipient of the funds creates a new address to receive the funds - but it's the trusted sender that creates it, not the recipient. The recipient can not clean you out, they only have access to the funds you have attached to the image, nothing else.

Better now?

Ok this is just a whole lot of horse crap. I can only conclude that the OP is a scammer and he's got a lot of shill accounts supporting him in this. I am done with this thread.
drazvan (OP)
Full Member
***
Offline Offline

Activity: 191
Merit: 100



View Profile WWW
April 27, 2014, 08:28:06 PM
 #20

Ok this is just a whole lot of horse crap. I can only conclude that the OP is a scammer and he's got a lot of shill accounts supporting him in this. I am done with this thread.

Could you be bothered to look at my post history to see what other projects I am involved in? Here, in case you can't find it: https://bitcointalk.org/index.php?action=profile;u=82497;sa=showPosts . Also, that's me https://www.linkedin.com/profile/view?id=4926501 . That's also me http://www.theregister.co.uk/2004/06/03/pocket_rendezvous/ . And this http://www.othercoin.com/OtherCoin.pdf . Busy scammer, huh?

But hey, "scammer" is a nice hint word for the location of the last of the three bounties I've posted. Let's see if anyone claims it.
Pages: [1] 2 3 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!