Pages:
Author

Topic: darkcoin exploit found in 2 hours by amateur (why open source matters for anon) - page 7. (Read 10066 times)

legendary
Activity: 896
Merit: 1001
Just now:

 I found out what's going on, I'll have an update out in a few minutes

Edit:

 props to whoever figured this out, pretty cool hack
 I could use some help programming whoever you are Smiley
Not interested. I'm not so good at C++, really.
Btw, you should hire some real penetration tester, not me or what was the name of that guy?

Ok, could the person who found the bug post here, I promise no one's gonna hate on you. Would be interesting to hear how long it took to find it, and how did you approach it? And also, would you help testing DRK in the future? Smiley

About 6 hours to look through the code to get the main idea of darksend, 2 more hours (got lucky) to find this vulnerability and about 8 hours to code and deploy the exploit.
I will definitely run some more tests with darksend. Will I help or just going to abuse it? Dunno lol. It seems to be more vulnerabilities in darkcoin. Code looks terrible (nothing personal  Smiley)

Proof of identity:
Code:
./darkcoind verifymessage XwzmEE1cJ6HG84CgJvAt7ADmJ8W9Wh65Tq \
"ILLG8hT+bkKUDznBD8R+EGowIal/QFVhEJM2HvrAREeE+LXl++HqeI+Go9+976p7iZ7CTgybpTGIucb3ycMwwek=" \
"XwzmEE1cJ6HG84CgJvAt7ADmJ @ bitcointalk.org, darkcoin thread. Signed with XwzmEE1cJ6HG84CgJvAt7ADmJ8W9Wh65Tq"

https://bitcointalksearch.org/topic/m.9121343

Spaghetti code
legendary
Activity: 896
Merit: 1001
This is exactly what's going to happen when you have a centralized network of nodes and a bunch of convoluted spaghetti code keeping everything running.  The darkcoin masternode network is nothing but an overcomplicated clusterfuck of a mess.  darkcoin is already outdated.  Anonymity on the blockchain is the path forward.  Not a screwed up centralized masternode network which is nothing more than a way for the drk instaminers and other large holders to continue to generate income. 

It won't be long before another exploit is discovered in the darkcoin code.  It's not a matter of if but when.

darkcoins time has come and gone.  This pump and dump scam is running out of gas.

I thought that they paid for a code review?  It is now blatantly obvious that the purpose of the code review was nothing more than a way to try and hype the coin so that people could dump their coins while they claimed they were buying and were working feverishly to get others to buy while at the same time they were dumping what they could.

darkcoin isn't a coin.  darkcoin is a cult.  Just look through the darkcoin thread.  One guy even goes as far as to give the hacker kudos for exposing the bug that allowed him to hack the masternode network and get free drk. 

They don't have a big enough rug to sweep all this shit under.

member
Activity: 112
Merit: 10
This is also why you should be open sourced from the beginning

darkcoin is JUST open sourcing.  god only knows what else they're going to find.

xc doesn't really even deserve a mention.

anonymity should always be trusted to open sourced solutions
member
Activity: 112
Merit: 10
Just now:

 I found out what's going on, I'll have an update out in a few minutes

Edit:

 props to whoever figured this out, pretty cool hack
 I could use some help programming whoever you are Smiley
Not interested. I'm not so good at C++, really.
Btw, you should hire some real penetration tester, not me or what was the name of that guy?

Ok, could the person who found the bug post here, I promise no one's gonna hate on you. Would be interesting to hear how long it took to find it, and how did you approach it? And also, would you help testing DRK in the future? Smiley

About 6 hours to look through the code to get the main idea of darksend, 2 more hours (got lucky) to find this vulnerability and about 8 hours to code and deploy the exploit.
I will definitely run some more tests with darksend. Will I help or just going to abuse it? Dunno lol. It seems to be more vulnerabilities in darkcoin. Code looks terrible (nothing personal  Smiley)

Proof of identity:
Code:
./darkcoind verifymessage XwzmEE1cJ6HG84CgJvAt7ADmJ8W9Wh65Tq \
"ILLG8hT+bkKUDznBD8R+EGowIal/QFVhEJM2HvrAREeE+LXl++HqeI+Go9+976p7iZ7CTgybpTGIucb3ycMwwek=" \
"XwzmEE1cJ6HG84CgJvAt7ADmJ @ bitcointalk.org, darkcoin thread. Signed with XwzmEE1cJ6HG84CgJvAt7ADmJ8W9Wh65Tq"

https://bitcointalksearch.org/topic/m.9121343
Pages:
Jump to: