CIYAM mentioned he heard Qora has been sick, which is what problably explains the prolonged silence. See the post below.
https://bitcointalksearch.org/topic/m.9652412
Topic: [ANN] Qora | Released 16 May | 100% POS | New Source - page 4. (Read 748249 times)
When Qora will goes OS? And is the problem solved with Dzarmush and Renat0??
same doubt here for these two quesions.the dev say something new about OS?
forge pls
Simply being on-line also helps to secure the swarm and chain.
what time qora open source.
I want to make a qora clone.
I want to make a qora clone.
forge pls
I did decompile and analyze Qora already some weeks ago.
I think "qora\c\a.class" is the block Class which is very important for the understanding of the forging algo.
Here are three methods of that decompiled class:
public final JSONObject bO()
{
JSONObject jsonobject;
(jsonobject = new JSONObject()).put("version", Integer.valueOf(version));
jsonobject.put("reference", qora.crypto.a.encode(ef));
jsonobject.put("timestamp", Long.valueOf(timestamp));
jsonobject.put("generatingBalance", Long.valueOf(ep));
jsonobject.put("generator", eq.getAddress());
jsonobject.put("fee", bJ().toPlainString());
jsonobject.put("transactionsSignature", qora.crypto.a.encode(ev));
jsonobject.put("generatorSignature", qora.crypto.a.encode(er));
jsonobject.put("signature", qora.crypto.a.encode(getSignature()));
JSONArray jsonarray = new JSONArray();
m m1;
for(Iterator iterator = bL().iterator(); iterator.hasNext(); jsonarray.add(m1.bO()))
m1 = (m)iterator.next();
jsonobject.put("transactions", jsonarray);
return jsonobject;
}
public boolean bP()
{
byte abyte0[] = new byte[0];
byte abyte1[] = Arrays.copyOfRange(ef, 0, 64); // ef = reference (?Hash of last block i think)
abyte0 = Bytes.concat(new byte[][] {
abyte0, abyte1
});
abyte1 = Longs.toByteArray(ep); // generatingBalance
abyte0 = Bytes.concat(new byte[][] {
abyte0, abyte1
});
abyte1 = Bytes.ensureCapacity(eq.bp(), 32, 0); // eq.bp = public key of block creator
abyte0 = Bytes.concat(new byte[][] {
abyte0, abyte1
});
b.bS();
if(!b.a(eq.bp(), er, abyte0))
return false;
abyte0 = er;
for(Iterator iterator = bL().iterator(); iterator.hasNext();)
{
m m1;
if(!(m1 = (m)iterator.next()).bP())
return false;
abyte0 = Bytes.concat(new byte[][] {
abyte0, m1.getSignature()
});
}
b.bS();
return b.a(eq.bp(), ev, abyte0);
}
public boolean n(j j1)
{
if(ef == null || l(j1) == null)
return false;
if(timestamp - 500L > c.a.getTime() || timestamp < l(j1).timestamp)
return false;
if(timestamp % 1000L != l(j1).timestamp % 1000L)
return false;
if(ep != qora.d.b(j1, l(j1)))
return false;
byte abyte0[];
Arrays.fill(abyte0 = new byte[32], (byte)127);
BigInteger biginteger = new BigInteger(1, abyte0);
Object obj = BigInteger.valueOf(qora.d.e(ep));
biginteger = (biginteger = biginteger.divide(((BigInteger) (obj)))).multiply(eq.c(j1).toBigInteger());
long l1 = (timestamp - ((a) (obj = l(j1))).timestamp) / 1000L;
obj = biginteger.multiply(BigInteger.valueOf(l1 - 1L));
biginteger = biginteger.multiply(BigInteger.valueOf(l1));
b.bS();
byte abyte1[] = b.digest(er);
BigInteger biginteger1;
if((biginteger1 = new BigInteger(1, abyte1)).compareTo(biginteger) >= 0)
return false;
if(biginteger1.compareTo(((BigInteger) (obj))) < 0)
return false;
j1 = j1.X();
m m1;
for(Iterator iterator = bL().iterator(); iterator.hasNext(); m1.k(j1))
{
if((m1 = (m)iterator.next()) instanceof qora.f.g)
return false;
if(m1.p(j1) != 1)
return false;
if(m1.getTimestamp() > timestamp || m1.getDeadline() <= timestamp)
return false;
}
return true;
}
I have added the bO() method which creates an JSON Object from that Object because it helps to understand what which variable is.
b.a (Not shown here) is the Crypto-verify method.
"bP()" obviously checks if the transactionsSignature (ev) and the generatorSignature (er) are valid Crypto signatures.
generatorSignature = signature of (ef + ep + eq.bp())
Where
ef = reference (?Hash of last block i think)
ep=generatingBalance
eq.bp = public key of block creator
transactionsSignature = signature of ( generatorSignature + all transactions) in that block
"n(j j1)" Checks if the Block is valid in terms of whether the creator was allowed to build on top of the last block at that given time.
Therefore the generatorSignature is beeing hashed and the result is somehow beeing compared to the time since the last block multiplied with the generatingBalance.
I think "qora\c\a.class" is the block Class which is very important for the understanding of the forging algo.
Here are three methods of that decompiled class:
Code:
public final JSONObject bO()
{
JSONObject jsonobject;
(jsonobject = new JSONObject()).put("version", Integer.valueOf(version));
jsonobject.put("reference", qora.crypto.a.encode(ef));
jsonobject.put("timestamp", Long.valueOf(timestamp));
jsonobject.put("generatingBalance", Long.valueOf(ep));
jsonobject.put("generator", eq.getAddress());
jsonobject.put("fee", bJ().toPlainString());
jsonobject.put("transactionsSignature", qora.crypto.a.encode(ev));
jsonobject.put("generatorSignature", qora.crypto.a.encode(er));
jsonobject.put("signature", qora.crypto.a.encode(getSignature()));
JSONArray jsonarray = new JSONArray();
m m1;
for(Iterator iterator = bL().iterator(); iterator.hasNext(); jsonarray.add(m1.bO()))
m1 = (m)iterator.next();
jsonobject.put("transactions", jsonarray);
return jsonobject;
}
public boolean bP()
{
byte abyte0[] = new byte[0];
byte abyte1[] = Arrays.copyOfRange(ef, 0, 64); // ef = reference (?Hash of last block i think)
abyte0 = Bytes.concat(new byte[][] {
abyte0, abyte1
});
abyte1 = Longs.toByteArray(ep); // generatingBalance
abyte0 = Bytes.concat(new byte[][] {
abyte0, abyte1
});
abyte1 = Bytes.ensureCapacity(eq.bp(), 32, 0); // eq.bp = public key of block creator
abyte0 = Bytes.concat(new byte[][] {
abyte0, abyte1
});
b.bS();
if(!b.a(eq.bp(), er, abyte0))
return false;
abyte0 = er;
for(Iterator iterator = bL().iterator(); iterator.hasNext();)
{
m m1;
if(!(m1 = (m)iterator.next()).bP())
return false;
abyte0 = Bytes.concat(new byte[][] {
abyte0, m1.getSignature()
});
}
b.bS();
return b.a(eq.bp(), ev, abyte0);
}
public boolean n(j j1)
{
if(ef == null || l(j1) == null)
return false;
if(timestamp - 500L > c.a.getTime() || timestamp < l(j1).timestamp)
return false;
if(timestamp % 1000L != l(j1).timestamp % 1000L)
return false;
if(ep != qora.d.b(j1, l(j1)))
return false;
byte abyte0[];
Arrays.fill(abyte0 = new byte[32], (byte)127);
BigInteger biginteger = new BigInteger(1, abyte0);
Object obj = BigInteger.valueOf(qora.d.e(ep));
biginteger = (biginteger = biginteger.divide(((BigInteger) (obj)))).multiply(eq.c(j1).toBigInteger());
long l1 = (timestamp - ((a) (obj = l(j1))).timestamp) / 1000L;
obj = biginteger.multiply(BigInteger.valueOf(l1 - 1L));
biginteger = biginteger.multiply(BigInteger.valueOf(l1));
b.bS();
byte abyte1[] = b.digest(er);
BigInteger biginteger1;
if((biginteger1 = new BigInteger(1, abyte1)).compareTo(biginteger) >= 0)
return false;
if(biginteger1.compareTo(((BigInteger) (obj))) < 0)
return false;
j1 = j1.X();
m m1;
for(Iterator iterator = bL().iterator(); iterator.hasNext(); m1.k(j1))
{
if((m1 = (m)iterator.next()) instanceof qora.f.g)
return false;
if(m1.p(j1) != 1)
return false;
if(m1.getTimestamp() > timestamp || m1.getDeadline() <= timestamp)
return false;
}
return true;
}
I have added the bO() method which creates an JSON Object from that Object because it helps to understand what which variable is.
b.a (Not shown here) is the Crypto-verify method.
"bP()" obviously checks if the transactionsSignature (ev) and the generatorSignature (er) are valid Crypto signatures.
generatorSignature = signature of (ef + ep + eq.bp())
Where
ef = reference (?Hash of last block i think)
ep=generatingBalance
eq.bp = public key of block creator
transactionsSignature = signature of ( generatorSignature + all transactions) in that block
"n(j j1)" Checks if the Block is valid in terms of whether the creator was allowed to build on top of the last block at that given time.
Therefore the generatorSignature is beeing hashed and the result is somehow beeing compared to the time since the last block multiplied with the generatingBalance.
Just a quick update, a couple nights ago I found the oldest version of Qora (without a broken download link), the original nxt source and I downloaded and installed some Java dev tools. I haven't gotten far because I haven't figured out how to turn the decompiled source files into a Java project.
Anyway, I've also been sick for this past week, so other than my real job, I've spent moat of the past 36 hours trying to sleep as much as I can. I'll keep looking into this as I can because I've had a pretty bad cold. Nothing to conclude, yet. As requested, I'll see about looking into the forging code. No promises, though. I have a few areas of the app that I want to look at which be easy to tell if they were copies or newly written.
Developers have "fingerprints" of how they write and structure their code. Using simpler, but necessary, sections of the applications for inspection will make this process a little easier/quicker.
Also, if I'm a little incoherent these next couple of days, please forgive me and blame the cough syrup. O_o
I've been in a fog for the past couple of days and this sucks.
Anyway, I've also been sick for this past week, so other than my real job, I've spent moat of the past 36 hours trying to sleep as much as I can. I'll keep looking into this as I can because I've had a pretty bad cold. Nothing to conclude, yet. As requested, I'll see about looking into the forging code. No promises, though. I have a few areas of the app that I want to look at which be easy to tell if they were copies or newly written.
Developers have "fingerprints" of how they write and structure their code. Using simpler, but necessary, sections of the applications for inspection will make this process a little easier/quicker.
Also, if I'm a little incoherent these next couple of days, please forgive me and blame the cough syrup. O_o
I've been in a fog for the past couple of days and this sucks.
Sorry to hear this. Take your time and get well soon!
When Qora will goes OS? And is the problem solved with Dzarmush and Renat0??
Just a quick update, a couple nights ago I found the oldest version of Qora (without a broken download link), the original nxt source and I downloaded and installed some Java dev tools. I haven't gotten far because I haven't figured out how to turn the decompiled source files into a Java project.
Anyway, I've also been sick for this past week, so other than my real job, I've spent moat of the past 36 hours trying to sleep as much as I can. I'll keep looking into this as I can because I've had a pretty bad cold. Nothing to conclude, yet. As requested, I'll see about looking into the forging code. No promises, though. I have a few areas of the app that I want to look at which be easy to tell if they were copies or newly written.
Developers have "fingerprints" of how they write and structure their code. Using simpler, but necessary, sections of the applications for inspection will make this process a little easier/quicker.
Also, if I'm a little incoherent these next couple of days, please forgive me and blame the cough syrup. O_o
I've been in a fog for the past couple of days and this sucks.
Anyway, I've also been sick for this past week, so other than my real job, I've spent moat of the past 36 hours trying to sleep as much as I can. I'll keep looking into this as I can because I've had a pretty bad cold. Nothing to conclude, yet. As requested, I'll see about looking into the forging code. No promises, though. I have a few areas of the app that I want to look at which be easy to tell if they were copies or newly written.
Developers have "fingerprints" of how they write and structure their code. Using simpler, but necessary, sections of the applications for inspection will make this process a little easier/quicker.
Also, if I'm a little incoherent these next couple of days, please forgive me and blame the cough syrup. O_o
I've been in a fog for the past couple of days and this sucks.
Get well soon rlh!
Take a good rest first rlh. We all understand that you can only do it properly with a clear mind. We've waited long for the answer since the start of this Qora project and don't mind to wait for a few more days.
Thanks so much for your efforts.
Just a quick update, a couple nights ago I found the oldest version of Qora (without a broken download link), the original nxt source and I downloaded and installed some Java dev tools. I haven't gotten far because I haven't figured out how to turn the decompiled source files into a Java project.
Anyway, I've also been sick for this past week, so other than my real job, I've spent moat of the past 36 hours trying to sleep as much as I can. I'll keep looking into this as I can because I've had a pretty bad cold. Nothing to conclude, yet. As requested, I'll see about looking into the forging code. No promises, though. I have a few areas of the app that I want to look at which be easy to tell if they were copies or newly written.
Developers have "fingerprints" of how they write and structure their code. Using simpler, but necessary, sections of the applications for inspection will make this process a little easier/quicker.
Also, if I'm a little incoherent these next couple of days, please forgive me and blame the cough syrup. O_o
I've been in a fog for the past couple of days and this sucks.
Anyway, I've also been sick for this past week, so other than my real job, I've spent moat of the past 36 hours trying to sleep as much as I can. I'll keep looking into this as I can because I've had a pretty bad cold. Nothing to conclude, yet. As requested, I'll see about looking into the forging code. No promises, though. I have a few areas of the app that I want to look at which be easy to tell if they were copies or newly written.
Developers have "fingerprints" of how they write and structure their code. Using simpler, but necessary, sections of the applications for inspection will make this process a little easier/quicker.
Also, if I'm a little incoherent these next couple of days, please forgive me and blame the cough syrup. O_o
I've been in a fog for the past couple of days and this sucks.
Get well soon rlh!
I am sorry, not everyone can be as sophisticated as you.
I suggest you let go of this handle and continue to swim through this FUD-SEWER only with your multiple sock-puppets!
Yeah, I have made 4500 posts here, 1200 on nxtforum and several thousand on other crypto forums and I still have time to maintain dozens, DOZENS of sockpuppets.
PS: smaragda is also one of my sockpuppets. Look through his history atleast 100 of his posts are directly connected to me.
Wow that is a lot of posts!
Just a quick update, a couple nights ago I found the oldest version of Qora (without a broken download link), the original nxt source and I downloaded and installed some Java dev tools. I haven't gotten far because I haven't figured out how to turn the decompiled source files into a Java project.
Anyway, I've also been sick for this past week, so other than my real job, I've spent moat of the past 36 hours trying to sleep as much as I can. I'll keep looking into this as I can because I've had a pretty bad cold. Nothing to conclude, yet. As requested, I'll see about looking into the forging code. No promises, though. I have a few areas of the app that I want to look at which be easy to tell if they were copies or newly written.
Developers have "fingerprints" of how they write and structure their code. Using simpler, but necessary, sections of the applications for inspection will make this process a little easier/quicker.
Also, if I'm a little incoherent these next couple of days, please forgive me and blame the cough syrup. O_o
I've been in a fog for the past couple of days and this sucks.
Anyway, I've also been sick for this past week, so other than my real job, I've spent moat of the past 36 hours trying to sleep as much as I can. I'll keep looking into this as I can because I've had a pretty bad cold. Nothing to conclude, yet. As requested, I'll see about looking into the forging code. No promises, though. I have a few areas of the app that I want to look at which be easy to tell if they were copies or newly written.
Developers have "fingerprints" of how they write and structure their code. Using simpler, but necessary, sections of the applications for inspection will make this process a little easier/quicker.
Also, if I'm a little incoherent these next couple of days, please forgive me and blame the cough syrup. O_o
I've been in a fog for the past couple of days and this sucks.
Specifically, I'll try to find and dig into the crypto code. If Qora is building and signing this data using different mechanisms and algorthims from Nxt then that should be pretty darn good evidence that the code is unique.
If you are examining the decompiled code in detail, please try to focus on the forging algorithm. How does a node decide that it can forge a block with its account(s), and similarly how do nodes decide whether to accept/reject a forged block that it receives. It should be possible to describe this in mathematical or pseduo-code terms.
Although I no longer agree with his decision, I can understand why Qora dev has not open-sourced the code. But not to give a technical description of the forging process doesn't inspire confidence, especially when we frequently see strange forging behaviour (such as long chains of blocks forged by a single account). I have no doubt that Qora is new code, but I currently don't have any confidence that it is secure against various attack vectors, i.e. that it is a crypto-currency in any real sense.
Awesome, great answer.
So just by looking at this you can be 100% sure that it is original code!
So just by looking at this you can be 100% sure that it is original code!
I didn't say that (sorry, I'm hyper-objective) but I am highly suspect that it is original. Still, your question makes me want to look into this issue just to put it to rest. I think tonight I may take a moment to see If I can find portions of the Qora code that are easily discernable and distinguishable and compare them to Nxt.
Specifically, I'll try to find and dig into the crypto code. If Qora is building and signing this data using different mechanisms and algorthims from Nxt then that should be pretty darn good evidence that the code is unique.
Personally, I'm fairly confident that Qora is unique and is not a fork of Nxt. Still, I can't make that claim with certainty until I take the neccessary steps to inspect and compare the code.
If I take this upon myself, I'll start a new thread and I'll post what I find with verifiable results. If my conclusions are incorrect, people will be able to follow my work and verify/criticize my conclusion(s).
Yay, forensic coding!!
. This should be fun.Cool
In RLH i trust
Faucet is dry, please donate ... http://qora.co.in/faucet.php
Quote
Faucet account: QXbn5VKQLUCbpHbmaQKRRpouTGXLtyWTut
Remaining balance: 2.5796437 Qora
Remaining balance: 2.5796437 Qora
Since 18:28 almost all Blocks have been created by:
QPVknSmwDryB98Hh8xB7E6U75dGFYwNkJ4
Have already deleted Data folder and restarted. Same on Qora Blockexplorer http://qora.co.in.
This doesn't really look healthy to me.
rhl have you found and exploited some forging flaw in qora?
QPVknSmwDryB98Hh8xB7E6U75dGFYwNkJ4
Have already deleted Data folder and restarted. Same on Qora Blockexplorer http://qora.co.in.
This doesn't really look healthy to me.
rhl have you found and exploited some forging flaw in qora?
Crap, I set my buy order to low. I am hoping to get a 1% safety net before I release, but I think I can do without. I have time so I may move my funds back to Nxt (taking 7% profit!) Which I can use in the future, but who knows if Nxt is near it's bottom. I might just hold my BTC.
FYI, I inspected the QORA code and Qora was telling the truth (not that I doubted,) there is no API implemented in the code for the AE so this isn't a problem of lack of documentation. If I actually finish this project and Qora hasn't updated the client API, I might decompile the app to source, annotate the ofuscated code around what manages the AE GUI and API and see if I can hack together my own client/API.
Again, I'm not a Java dev (c# guy...) but I think I could do it so long as it's easy to recompile the decompiled source. To be sure, I'm a ways off from being finished with this project. I keep thinking of more ways to improve the service for both myself and for future-users and that compounds requirements.
Also, I am going to continue to stay mostly silent because I don't want to instigate a pump that could easily deflate if it takes me a long time to release my work. I, too, am a weekend coder and sometimes there are delays. However, once I feel that my work is 60-70% complete and that I've done enough work that it would be tough for a competitor to catch up, then I may make a pre-ann to all boards that this applies too. The good news is I'm not going to need an IPO or any form of fund raising. I think this service can be self-sustaining from the revenue it receives from day #1.
FYI, I inspected the QORA code and Qora was telling the truth (not that I doubted,) there is no API implemented in the code for the AE so this isn't a problem of lack of documentation. If I actually finish this project and Qora hasn't updated the client API, I might decompile the app to source, annotate the ofuscated code around what manages the AE GUI and API and see if I can hack together my own client/API.
Again, I'm not a Java dev (c# guy...) but I think I could do it so long as it's easy to recompile the decompiled source. To be sure, I'm a ways off from being finished with this project. I keep thinking of more ways to improve the service for both myself and for future-users and that compounds requirements.
Also, I am going to continue to stay mostly silent because I don't want to instigate a pump that could easily deflate if it takes me a long time to release my work. I, too, am a weekend coder and sometimes there are delays. However, once I feel that my work is 60-70% complete and that I've done enough work that it would be tough for a competitor to catch up, then I may make a pre-ann to all boards that this applies too. The good news is I'm not going to need an IPO or any form of fund raising. I think this service can be self-sustaining from the revenue it receives from day #1.
Good to know that you inspected the code!!! I never had doubts about qora
I am very happy with the news!
we all believe the qora. more confident now.
Awesome, great answer.
So just by looking at this you can be 100% sure that it is original code!
So just by looking at this you can be 100% sure that it is original code!
I didn't say that (sorry, I'm hyper-objective) but I am highly suspect that it is original. Still, your question makes me want to look into this issue just to put it to rest. I think tonight I may take a moment to see If I can find portions of the Qora code that are easily discernable and distinguishable and compare them to Nxt.
Specifically, I'll try to find and dig into the crypto code. If Qora is building and signing this data using different mechanisms and algorthims from Nxt then that should be pretty darn good evidence that the code is unique.
Personally, I'm fairly confident that Qora is unique and is not a fork of Nxt. Still, I can't make that claim with certainty until I take the neccessary steps to inspect and compare the code.
If I take this upon myself, I'll start a new thread and I'll post what I find with verifiable results. If my conclusions are incorrect, people will be able to follow my work and verify/criticize my conclusion(s).
Yay, forensic coding!!
. This should be fun.
That sounds amazing. Thank you for doing this.
Awesome, great answer.
So just by looking at this you can be 100% sure that it is original code!
So just by looking at this you can be 100% sure that it is original code!
I didn't say that (sorry, I'm hyper-objective) but I am highly suspect that it is original. Still, your question makes me want to look into this issue just to put it to rest. I think tonight I may take a moment to see If I can find portions of the Qora code that are easily discernable and distinguishable and compare them to Nxt.
Specifically, I'll try to find and dig into the crypto code. If Qora is building and signing this data using different mechanisms and algorthims from Nxt then that should be pretty darn good evidence that the code is unique.
Personally, I'm fairly confident that Qora is unique and is not a fork of Nxt. Still, I can't make that claim with certainty until I take the neccessary steps to inspect and compare the code.
If I take this upon myself, I'll start a new thread and I'll post what I find with verifiable results. If my conclusions are incorrect, people will be able to follow my work and verify/criticize my conclusion(s).
Yay, forensic coding!!
. This should be fun. Jump to: