Author

Topic: BTCapsule- a Bitcoin Time Capsule- is now Open Source (Read 350 times)

legendary
Activity: 3472
Merit: 3507
Crypto Swap Exchange
I realize this, but when I set my host file to use time.google.com’s IP address and try to run BTCapsule, it never starts. Which means I need to add another “Please enable internet” somewhere, but not opening at all is still enough to keep the private keys encrypted. When I change the IP address to my localhost, but keep time.google.com as the DNS, the program runs and alerts the user to turn on their internet.

you know that google uses more than one IP address and any binding to only a specific IP address (or several of them) is certainly not a good solution for something that needs to be used for 15 or more years. Also, add to all that the already large shortage of IPv4 addresses, and it is difficult to predict now in which direction that protocol will go in 20-30 years.
why did you get attached to Google times at all? maybe in 20 years, we won't live by that timer, it would be much more basic if you used a timestamp from the blockchain.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
when I set my host file to use time.google.com’s IP address and try to run BTCapsule, it never starts. Which means I need to add another “Please enable internet” somewhere, but not opening at all is still enough to keep the private keys encrypted.
It sounds like you're patching holes, while the setup is fundamentally flawed. The next step would be to run your own DNS server.

Quote
Which means I need to add another “Please enable internet” somewhere
That's one thing I never want to see when dealing with private keys.
member
Activity: 74
Merit: 83
If someone sets up a fake NTP server, would they be able to replicate time.google.com’s IP address?
I can set any IP address I want on my local network Smiley

I realize this, but when I set my host file to use time.google.com’s IP address and try to run BTCapsule, it never starts. Which means I need to add another “Please enable internet” somewhere, but not opening at all is still enough to keep the private keys encrypted. When I change the IP address to my localhost, but keep time.google.com as the DNS, the program runs and alerts the user to turn on their internet.

I’m glad I decided to make it open source.
Doesn't that make it even easier for anyone to decrypt anything without waiting for a specific time server answer?

Not really. The Python code is open source, but for my .exe, the Python code is converted to C and compiled. From what I understand, it’s theoretically possible to decompile C code, but you can never get back all the information. At first I used PyInstaller, but I figured out I can extract the pyc files, change the HEX, make Decompyle++ from CMake, and extract the original code. I have searched through countless forums, and have not found a way to extract or decompile my exe with the method of compilation.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
If someone sets up a fake NTP server, would they be able to replicate time.google.com’s IP address?
I can set any IP address I want on my local network Smiley

I’m glad I decided to make it open source.
Doesn't that make it even easier for anyone to decrypt anything without waiting for a specific time server answer?
member
Activity: 74
Merit: 83
If you set up a time server on a local PC and register a redirect from the specified domains, will your capsule open?

I had no idea how to do this, but after many hours of learning, I successfully set up a local time server, edited my host file, and was able to unlock the keys by changing the system clock.

This has now been fixed. Please see the updated code at:

https://github.com/BTCapsule/BTCapsule

Now when requesting the date from time.google.com, BTCapsule checks the IP address. If the IP address in the host file is pointed to the localhost, BTCapsule alerts the user to enable their internet. If the IP address in the host file is pointed to the IP of time.google.com, and the computer is offline, the program fails to run.

I'm afraid that won't be enough. Anyone can set up a fake NTP server on any host, not just the local computer. In addition, it is possible to redirect Internet traffic without using the hosts file, for example, at the router level or by spoofing DNS records.


If someone sets up a fake NTP server, would they be able to replicate time.google.com’s IP address? Here is the code:

def get_ntp_time() -> datetime:
         try:
            ntp_pool = 'time.google.com'
            ip = socket.gethostbyname(ntp_pool)
            ip1 = ip[:-2]
            ip2 = ip[:-3]
            
            
            if (ip1 == "216.239.35" or ip2 == "216.239.35"):
               call = ntplib.NTPClient()
               response = call.request(ntp_pool, version = 3)
               
            else:
               canvas1 = tk.Canvas(root, width = 400,
                  height = 240,
                  bg = 'white',
                  highlightthickness=0
                  )


               canvas1.pack()

               canvas1.create_text(200,110,
                  width= 350,
            
                  fill="black",
                  font="Arial 10",
                  text="Please enable internet")


               root.title('Bitcoin Time Capsule')

               
               root.mainloop()
               quit()




BTCapsule is a Bitcoin Time Capsule for your private keys. Enter a year and your private keys, and when the year arrives, your private keys will be available to whoever you give the program to. This is perfect for inheritance of Bitcoin, very easy to use, and allows you full access to your Bitcoin.
Good project, but the only way for me to use something like this, is to give a certain type of hint [as opposed to entering my private key] that could "only" mean something to a specific person, and judging by the screenshots on your website, looks like it can be used for such a thing.

Yes, you can actually write whatever you want into the keys section. It’s technically just a time capsule software, but I love Bitcoin and what it stands for, so I chose to make it about Bitcoin.



Have you checked if the year 2038 problem would affect the software in any way? Would there be any exploits based on that?

That's only about 16 years into the future.

Personally I would prefer a method that doesn't rely on software as there are just many things that could go wrong in the long term.

For example, can you still run a program from 16 years ago in your current laptop? Libraries, OS, programs, etc, move on with the times and it's difficult to run older software in modern devices.

I read about this problem, but I don’t see any reason why BTCapsule would be effected. My program doesn’t use Unix time. Any issues with 2038 would be managed by the NTP servers that BTCapsule calls, and that won’t be a problem:

https://unix.stackexchange.com/questions/272048/failure-of-ntpdate-if-the-system-is-set-to-a-date-beyond-2038



BTCapsule is a Bitcoin Time Capsule for your private keys. Enter a year and your private keys, and when the year arrives, your private keys will be available to whoever you give the program to. This is perfect for inheritance of Bitcoin, very easy to use, and allows you full access to your Bitcoin.
Nice move on listening to bitcointalk community and releasing your code with open source license, but I don't think you needed to create one more topic for BTCapsule.
I know few websites that are doing verification of open source bitcoin wallets, but you would need to find other people to review and audit your code.
Maybe you could contact someone like Andreas Antonopoulos or Jameson Lopp, and get their opinion about BTCapsule.
This would be good for getting more attention from more Bitcoiners, and they could make useful suggestions for improving your software.

Question for OP:
- Is it possible to test and see how BTCapsule works with Bitcoin testnet coins?

I’m glad I decided to make it open source. The suggestions I’ve received have already made BTCapsule much more secure. I would love to talk to prominent Bitcoiners about BTCapsule, and I’ve been trying through Twitter.

You shouldn’t have a problem using BTCapsule for testnet coins. You can write anything into BTCapsule, but I chose to make it about Bitcoin because I love Bitcoin.


[moderator's note: consecutive posts merged]
legendary
Activity: 1820
Merit: 2700
Crypto Swap Exchange
If you set up a time server on a local PC and register a redirect from the specified domains, will your capsule open?

I had no idea how to do this, but after many hours of learning, I successfully set up a local time server, edited my host file, and was able to unlock the keys by changing the system clock.

This has now been fixed. Please see the updated code at:

https://github.com/BTCapsule/BTCapsule

Now when requesting the date from time.google.com, BTCapsule checks the IP address. If the IP address in the host file is pointed to the localhost, BTCapsule alerts the user to enable their internet. If the IP address in the host file is pointed to the IP of time.google.com, and the computer is offline, the program fails to run.

I'm afraid that won't be enough. Anyone can set up a fake NTP server on any host, not just the local computer. In addition, it is possible to redirect Internet traffic without using the hosts file, for example, at the router level or by spoofing DNS records.
member
Activity: 74
Merit: 83
If you set up a time server on a local PC and register a redirect from the specified domains, will your capsule open?

I had no idea how to do this, but after many hours of learning, I successfully set up a local time server, edited my host file, and was able to unlock the keys by changing the system clock.

This has now been fixed. Please see the updated code at:

https://github.com/BTCapsule/BTCapsule

Now when requesting the date from time.google.com, BTCapsule checks the IP address. If the IP address in the host file is pointed to the localhost, BTCapsule alerts the user to enable their internet. If the IP address in the host file is pointed to the IP of time.google.com, and the computer is offline, the program fails to run.
hero member
Activity: 1008
Merit: 960
Have you checked if the year 2038 problem would affect the software in any way? Would there be any exploits based on that?

That's only about 16 years into the future.

Personally I would prefer a method that doesn't rely on software as there are just many things that could go wrong in the long term.

For example, can you still run a program from 16 years ago in your current laptop? Libraries, OS, programs, etc, move on with the times and it's difficult to run older software in modern devices.
hero member
Activity: 700
Merit: 577
It is a nice saver of private keys .But I have some questions to ask. Like, does your Time Capsule is free from registration? What I mean is that does it accept sign up or free from registration? That is as you download it, you use it at once?
Now after saving my private key in this site, can I access it without internet?
In what way your Capsule would be stolen because it is not registered app to be used, or physical address to be. But online so I have not really gotten the stolen part of the story. That was why I asked if the app is for registered before using. If it is not registered before using then it is not safe to keep or save keys there. It is prone to attack.

Save measure taken by your site is not clear for me

legendary
Activity: 2212
Merit: 7064
BTCapsule is a Bitcoin Time Capsule for your private keys. Enter a year and your private keys, and when the year arrives, your private keys will be available to whoever you give the program to. This is perfect for inheritance of Bitcoin, very easy to use, and allows you full access to your Bitcoin.
Nice move on listening to bitcointalk community and releasing your code with open source license, but I don't think you needed to create one more topic for BTCapsule.
I know few websites that are doing verification of open source bitcoin wallets, but you would need to find other people to review and audit your code.
Maybe you could contact someone like Andreas Antonopoulos or Jameson Lopp, and get their opinion about BTCapsule.
This would be good for getting more attention from more Bitcoiners, and they could make useful suggestions for improving your software.

Question for OP:
- Is it possible to test and see how BTCapsule works with Bitcoin testnet coins?
legendary
Activity: 1820
Merit: 2700
Crypto Swap Exchange
the only way for me to use something like this, is to give a certain type of hint [as opposed to entering my private key] that could "only" mean something to a specific person
I'd love to have a secure private method to delay sharing information, but this project isn't what I'm looking for.

If the software relies only on the response from certain NTP servers, then I can't consider this as a very reliable time lock method. Such a response can be very easily spoofed and trick the software into revealing hidden information.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
the only way for me to use something like this, is to give a certain type of hint [as opposed to entering my private key] that could "only" mean something to a specific person
I'd love to have a secure private method to delay sharing information, but this project isn't what I'm looking for.

For a while now, I've been thinking about a service that provides PGP encryption and allows to decrypt it only after a certain Bitcoin block was mined. The service can for instance create 2 million different PGP signatures, which is enough to last 30 years. The user first encrypts a text with his own PGP keys, then with the service's keys that match the desired future date (and if needed with his own keys again). This ensures the service never knows your data.
Then, you give the encrypted data to someone, who can decrypt the data after a certain Bitcoin block has been mined.

The flaw in this system is of course the centralized service: if it disappears, decryption is no longer possible. And if it provides the keys too early, decryption can happen before the Bitcoin block was mined.
The first problem can be mitigated by having several (trusted) services that share and store the same (2 million) PGP signatures. If one of them disappears, another takes over. But this increases the risk of leaking the keys. So this idea isn't perfect either, but if someone can improved upon it, that would be great!
Ideally, it should be completely trustless.
legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
BTCapsule is a Bitcoin Time Capsule for your private keys. Enter a year and your private keys, and when the year arrives, your private keys will be available to whoever you give the program to. This is perfect for inheritance of Bitcoin, very easy to use, and allows you full access to your Bitcoin.
Good project, but the only way for me to use something like this, is to give a certain type of hint [as opposed to entering my private key] that could "only" mean something to a specific person, and judging by the screenshots on your website, looks like it can be used for such a thing.
member
Activity: 174
Merit: 12
If you set up a time server on a local PC and register a redirect from the specified domains, will your capsule open?
member
Activity: 74
Merit: 83
BTCapsule is a Bitcoin Time Capsule for your private keys. Enter a year and your private keys, and when the year arrives, your private keys will be available to whoever you give the program to. This is perfect for inheritance of Bitcoin, very easy to use, and allows you full access to your Bitcoin.

You can view the source code here:

https://github.com/BTCapsule

On my website, BTCapsule has been converted to C and compiled to machine code. The method of compilation makes it very hard, if not impossible, to decompile. You are more than welcome to use the code, but please consider purchasing to help with future development and operational fees. Thanks!

https://btcapsule.com/


Jump to: