Cannot Save Unsigned Tx | Bitcointalksearch.org

Master1781

member

Activity: 125

Merit: 10

Quote from: TryNinja on October 18, 2018, 07:51:27 AM

Quote from: Master1781 on October 18, 2018, 07:11:43 AM

The attack metioned is quite interesting to think about. For example, I use Bitkey in conjunction with an watch-only wallet on Android, where I create the unsigned tx. It could happen that a virus hacks the apk, and creates a new address in the tx, to send the amount to the hacker. But I believe when I import the tx to Bitkey (to be signed) it won't recognize the address (showing that error - Transaction unrelated to your account). Not 100% sure, though. I'd need to test and see.

I actually think that it will change the output address to one owned by the hacker. Thus, if you don't double check the transaction details before signing and broadcasting it, you will send your coins to a different address. No error will show since it's going to look like a normal transaction.

Yes, indeed it makes sense. Nothing blocks a hacked apk (or another executable on Win/Mac/Unix) to change the sending address to theirs. Only by double checking the details, as you said. Also, by using the "hot-online" method above can at least reduce the possibility to use a hacked electrum app.

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: Master1781 on October 18, 2018, 07:11:43 AM

The attack metioned is quite interesting to think about. For example, I use Bitkey in conjunction with an watch-only wallet on Android, where I create the unsigned tx. It could happen that a virus hacks the apk, and creates a new address in the tx, to send the amount to the hacker. But I believe when I import the tx to Bitkey (to be signed) it won't recognize the address (showing that error - Transaction unrelated to your account). Not 100% sure, though. I'd need to test and see.

I actually think that it will change the output address to one owned by the hacker. Thus, if you don't double check the transaction details before signing and broadcasting it, you will send your coins to a different address. No error will show since it's going to look like a normal transaction.

Master1781

member

Activity: 125

Merit: 10

Quote from: pooya87 on October 17, 2018, 10:59:51 PM

if you are using a malicious software instead of a wallet then disconnecting from the rest of the world may not even work if the malicious software already has the keys.

Quote from: jackg on October 17, 2018, 05:53:06 AM

~
Only good thing to me seemed to be that they copied everything to ram when you ran it. It didnt' seem to be using segwit in the version I got one or two months ago but maybe the developer has stopped hibernating... Do they allow multisig now too? That's the only thing I wanted it for.

As for the second part, a history of the bitcoin addresses should be checked and maybe even the master public keys that correspond to it, not doing so means that you are running the risk of using someone else's address. Everyone should check bitcoin addresses anway based on the tiny probability of a collision (I mean we're talking an extremely low percentage but it is technically possible)...

- it has Electrum on it and Electrum has been supporting Multi Signature for a long time now so yes they do allow multisig. FWIW i have not used bitkey ever though. i am only aware of it and checked it out before.

Exactly, Bitkey runs the previous Electrum 3.1.3, so it should give option to use multisig, Segwit, etc, just like the normal installation of Electrum.

The attack metioned is quite interesting to think about. For example, I use Bitkey in conjunction with an watch-only wallet on Android, where I create the unsigned tx. It could happen that a virus hacks the apk, and creates a new address in the tx, to send the amount to the hacker. But I believe when I import the tx to Bitkey (to be signed) it won't recognize the address (showing that error - Transaction unrelated to your account). Not 100% sure, though. I'd need to test and see.

It's still possible to avoid this risk, by using the "hot-online" feature in Bitkey. Here you boot the Live CD, then it will be on RAM (supposedly without any virus, also check the CD signatures), and you create a watch-only wallet with your Xpub key. Now you generate the txid, and then reboot the CD in a "cold-offline" mode, to sign it. All this would reduce the risks mentioned.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: jackg on October 17, 2018, 05:53:06 AM

~
Only good thing to me seemed to be that they copied everything to ram when you ran it. It didnt' seem to be using segwit in the version I got one or two months ago but maybe the developer has stopped hibernating... Do they allow multisig now too? That's the only thing I wanted it for.

As for the second part, a history of the bitcoin addresses should be checked and maybe even the master public keys that correspond to it, not doing so means that you are running the risk of using someone else's address. Everyone should check bitcoin addresses anway based on the tiny probability of a collision (I mean we're talking an extremely low percentage but it is technically possible)...

- it has Electrum on it and Electrum has been supporting Multi Signature for a long time now so yes they do allow multisig. FWIW i have not used bitkey ever though. i am only aware of it and checked it out before.

- collision is just not going to happen the chance is not just small, it is extremely minuscule that is negligible. if collusion was "technically possible" then it would have been the end of bitcoin and Elliptic Curve cryptography as we know it.

Master1781

member

Activity: 125

Merit: 10

I'm using Bitkey as a cold wallet with the Phone Android as watch-only. Worth noting that as Bitkey runs Electrum 3.1.3, you may need to check the older versions for Android here https://download.electrum.org/3.1.3/

This way you can work both ways and export the signed/unsigned tx over qrcode, for example

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

Quote from: pooya87 on October 16, 2018, 11:01:51 PM

for what it's worth, bitkey is a special linux distro that has been around for long enough time to not be that bad (https://github.com/bitkey/bitkey) although it doesn't seem to be that popular which makes it less safe because of lack of extensive usage and review. (last PR there is upgrading Electrum from 3.2.1 to 3.2.2)

as for second part about disconnecting,... if you are using a malicious software instead of a wallet then disconnecting from the rest of the world may not even work if the malicious software already has the keys. for instance it may be creating wallets from a hardcoded key that the hacker already has. in your eyes it will look random specially since you will be offline but it may be in control of the hacker already.

Only good thing to me seemed to be that they copied everything to ram when you ran it. It didnt' seem to be using segwit in the version I got one or two months ago but maybe the developer has stopped hibernating... Do they allow multisig now too? That's the only thing I wanted it for.

As for the second part, a history of the bitcoin addresses should be checked and maybe even the master public keys that correspond to it, not doing so means that you are running the risk of using someone else's address. Everyone should check bitcoin addresses anway based on the tiny probability of a collision (I mean we're talking an extremely low percentage but it is technically possible)...

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: jackg on October 16, 2018, 02:58:13 PM

Quote from: Master1781 on October 12, 2018, 10:13:47 PM

If you have Win XP, a Linux distro (in a live CD) that contains Electrum 3.x is https://bitkey.io . I think it's the easiest way to run Electrum in your system, just burn the ISO in a CD or flash drive and reboot the PC.

It doesn't run electrum 3.
.
Unless it's been updated to using it since about a month ago as for me it was still running a 2.something version.

Nonetheless, I don't like the idea of running software like that as it seems a bit stupid. Unless you're gonig to pull out every drive and every non-vital cable for storing large amounts of bitcoin there and one day if you do an update and you have an online wallet and it steals all of your coins, therein lies the issues... Are the developers known that have signed the ISO.

for what it's worth, bitkey is a special linux distro that has been around for long enough time to not be that bad (https://github.com/bitkey/bitkey) although it doesn't seem to be that popular which makes it less safe because of lack of extensive usage and review. (last PR there is upgrading Electrum from 3.2.1 to 3.2.2)

as for second part about disconnecting,... if you are using a malicious software instead of a wallet then disconnecting from the rest of the world may not even work if the malicious software already has the keys. for instance it may be creating wallets from a hardcoded key that the hacker already has. in your eyes it will look random specially since you will be offline but it may be in control of the hacker already.

Abdussamad

legendary

Activity: 3682

Merit: 1580

you will have problems because they changed the unsigned tx format in recent versions:

https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES#L48

adaseb

legendary

Activity: 3808

Merit: 1723

On the offline machine, you might get away with using an older version and use a newer version on the online machine.

I think as long as you avoid receiving and sending any segwit type of transaction you shouldn't have any problems getting your transaction signed offline.

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

Quote from: Master1781 on October 12, 2018, 10:13:47 PM

If you have Win XP, a Linux distro (in a live CD) that contains Electrum 3.x is https://bitkey.io . I think it's the easiest way to run Electrum in your system, just burn the ISO in a CD or flash drive and reboot the PC.

It doesn't run electrum 3.
.
Unless it's been updated to using it since about a month ago as for me it was still running a 2.something version.

Nonetheless, I don't like the idea of running software like that as it seems a bit stupid. Unless you're gonig to pull out every drive and every non-vital cable for storing large amounts of bitcoin there and one day if you do an update and you have an online wallet and it steals all of your coins, therein lies the issues... Are the developers known that have signed the ISO.

Master1781

member

Activity: 125

Merit: 10

If you have Win XP, a Linux distro (in a live CD) that contains Electrum 3.x is https://bitkey.io . I think it's the easiest way to run Electrum in your system, just burn the ISO in a CD or flash drive and reboot the PC.

HCP

legendary

Activity: 2086

Merit: 4361

Quote from: ssmc2 on October 12, 2018, 09:26:36 AM

Thanks for all the replies. The only reason I haven't upgraded the offline machine is it's an older netbook running XP so I figured it wouldn't be compatible with newer versions. Guess it's time to get something newer.

You are correct that you're likely to encounter issues running newer versions of Electrum on Windows XP... the updated Python version used since Electrum 3.x does not play nicely with older versions of Windows Undecided

As jackg suggested, you may want to consider moving to a Linux distro if your computer is not able to handle an update to Windows 10.

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

Quote from: ssmc2 on October 12, 2018, 09:26:36 AM

Thanks for all the replies. The only reason I haven't upgraded the offline machine is it's an older netbook running XP so I figured it wouldn't be compatible with newer versions. Guess it's time to get something newer.

Updating the whole os might be a good idea. Maybe you could try to use ubuntu or another linux software if it's an old computer, that way, your machine can run a bit faster with old hardware.

ssmc2

legendary

Activity: 2002

Merit: 1040

Thanks for all the replies. The only reason I haven't upgraded the offline machine is it's an older netbook running XP so I figured it wouldn't be compatible with newer versions. Guess it's time to get something newer.

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: ssmc2 on October 10, 2018, 04:35:26 PM

My offline machine is running 2. something.

Backup your seed and walletfile, then get the latest version (3.2.3: https://electrum.org/#download).
Also, make sure to verify the signature using the downloaded file and the signature file using this command:

Code:

gpg --verify signaturefile downloadedfile

You should see this line:

Code:

gpg: Good signature from "Thomas Voegtlin (https://electrum.org) "

If you see this line, the file is legit. Even if another line says that you are not trusting this signature. This just comes from not adding ThomasV's key to your keyring.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: ssmc2 on October 10, 2018, 04:35:26 PM

My offline machine is running 2. something.

do you mean its version? if it is 2.x then that is the problem. you should upgrade to a newer version (latest is 3.2.3 currently). that should solve the problem since it probably is because your old version doesn't recognize the new transaction structure that the new version is using.

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

Quote from: ssmc2 on October 10, 2018, 04:35:26 PM

Thanks I figured that out after a bit but then the next problem I had was my offline machine was not loading the unsigned file when I tried to load file from transaction. No clue what's going on there I've never had that problem. My offline machine is running 2. something.

How many transactions have you sent? Check the address you're trying to send from and use the ismine(ADDRESS) if not try extending the gap limit (search google as to how to do this as I'm not entirely Serbian of the syntax).

ssmc2

legendary

Activity: 2002

Merit: 1040

Thanks I figured that out after a bit but then the next problem I had was my offline machine was not loading the unsigned file when I tried to load file from transaction. No clue what's going on there I've never had that problem. My offline machine is running 2. something.

pooya87

legendary

Activity: 3472

Merit: 10611

"Save" button is disabled because what that button does is that it stores the transaction you are previewing inside your wallet file locally. so it needs the transaction to be signed before it stores it in your wallet file.

in other words this button is not the button you need! you aren't trying to store it locally in your watch-only wallet file. you are trying to get a raw tx out to transfer elsewhere to sign.
for that purpose there is another button called "Export" on the bottom left which you need to use in order to "export" the unsigned tx file.

ssmc2

legendary

Activity: 2002

Merit: 1040

Hi hopefully someone can help me out.... I'm trying to create an offline TX but when I create a TX from my watch only wallet and go to preview biuttom, the save button is greyed out and not allowing me to save to my USB???...first time i've had this problem..

using 3.2.2 help!

thanks

Topic: Cannot Save Unsigned Tx (Read 349 times)