Topic: decryption of wallet (Read 743 times)

It doesn't work like this.

The bitcoin themselves are never "in" your wallet or "on" your computer. The bitcoin never leave the blockchain. All that your wallet stores are the private keys necessary to allow you to tell the network how you want to spend or move those bitcoin. If you copy your wallet file, then you will have two wallet files containing the same private keys which will both have access to the same bitcoin on the blockchain, but the bitcoin themselves are not cloned.

Think of it like if an attacker cloned your bank card. Both the original and the clone can spend the same money from the same account, but the actual money in your account is not cloned.

Thank you stalker22, that's the answer I needed. I thought the cloning could have an effect the Bitcoins. There's no telling what hackers and scammers are capable of.

Please explain. What do you mean by "rewrite the program"?

If you have some programming skill, then it is possible to "rewrite" Bitcoin Core source code and make a clone of the program that can do everything that original program does and more. But there is no real benefit to doing so, because nobody will care about your clone. What exactly do you want to achieve?

By the way, bitcoins are not in the program but on the blockchain.

Hello guys, I'm a newbie. I'll love to know if it can be possible to rewrite the program of a Bitcoin wallet application software that has bitcoins in it?
Thanks

There are literally millions of sites out there which are 100% scams. Not just in bitcoin, but in general. Malicious clones of exchanges, platforms, mixers, wallets, shops, etc. MLM schemes. Fake charities, casinos, lotteries, marketplaces, etc. Fake investment companies. Fake employment companies. Fake companies in general. The list is endless.

You can report these sites if you want, but what incentive do web hosts have to take down these sites? Scammers pay them, and they don't take a hit to their reputation by continuing to host scammers because almost nobody even bothers to find out who is hosting these scams in the first place. Register themselves to the Seychelles or similar and they can pretty much do what they like. And even if you succeed in taking down a scam site, it will be re-hosted at a different address within hours.

I do like and support this idea! My main question would be how to handle the cryptography. Use existing ('tried & tested') crypto-libraries that have been around forever and avoid relatively hard to verify (the whole purpose of the project) code segments completely or attempt rewriting just the parts of the cryptography that are required, but make the code less trivial to understand and verify, thus allowing to verify the whole, compact, codebase, but making it a bit larger and a bit harder to understand in the process?

maybe but maybe it just means its not a proven scam. not 100%. you can't just go taking sites off line because you THINK they are a scam. and if you can't prove it then all you really got is anecdotal stories. not saying there isn't something to them but i think almost every software for bitcoin has some people that lose funds due to something they can't explain. some things have more complaints then others but does that mean some of them are scam and some arent?

now with that said, would i use some software to generate addresses that was not open source that had complaints about people saying they lost their funds? probably not.

 You must be new to the internet

Seriously tho, it's actually really difficult to get scam sites taken down a lot of the time... even 100% proven scams. Based on personal experience, about the only recourse you have is to complain to the DNS provider and/or webhost and hope that their complaints/abuse team care enough to do something about it

I love CLI, but I can't read Electrum's code. I would guess that applies to more people, thoroughly checking a lot of code is much more work (and more complicated) than following CLI-instructions.

I was picturing a very minimal GUI, as presumably most people who are able to navigate CLI transaction creation from scratch would also be able to read code well enough to vet a wallet like Electrum.

Scammers make a living by scamming people, of course they don't take their site offline.
What might work, is going through their registrar of web host, but in the latter case they'll just move somewhere else.

Hard-core CLI transaction creation? I think you're right, there's not much of a market for that.

I mean, it is a well known scam based on how many reports we have of people losing money on it, and reports of it generating addresses which have already been used. I suppose you could try to examine the back end (although since being sold and turning in to a scam then obviously the source code is no longer available on Github), or use it to generate some addresses to fund and watch your coins being stolen.

Being a scam is rarely enough to get a site taken down altogether, though.

The thousands of lines of extra code are to program additional functions like a GUI, coin control, being able to choose a fee, different address types, multi-sig, Lightning support, and so on. The code usually isn't there for no good reason. Perhaps there is a market for a bare bones wallet which can only generate segwit addresses, sign transactions, and nothing else, but I can't imagine it would be a very big market.

sorry about that. but i fixed it, they should make it easier to quote people without having to type in "quote" blocks manually.

i know it's still running today. the question is how and why? can i prove to myself somehow that the site is a scam? maybe that's why it never got took offline because they can't prove it 100%.


which is why i like simple code minimal code. code that i can understand. code that isn't thousands of lines long when it doesn't need to be.


i replied on that thread.

Your quotes are all messed up.

No, it is still running today. The original owner (who was honest) sold the site, and the new owner turned it in to a malicious scam, which people continued (and continue) to use without realizing it due to the original site's good reputation.

There is no way your validity checker could be accurate enough to guarantee safety without also declaring a lot of perfectly safe code invalid. If you are going to write a program that locks down your wallet software to only doing the absolute minimum with no deviation allowed, then better to just write minimalist wallet software in the first place, which even someone with a low amount of coding knowledge could verify themselves.

Not necessarily. There are lot of things to consider when trying to extract entropy from a physical process, things which most people don't even know exist and so make the mistake of thinking it is a straightforward process. I've spoken about this before: https://bitcointalksearch.org/topic/m.59983088

well viruses are different since computers have to connect to the internet and be forced to interact with all different types of software that a user might decide to install. you can't just lock them down too much or else the user wouldn't be able to do anything.

so they took the website offline then once it became a scam right? they can't allow a provable scam to continue operating and stealing peoples' money.
imagine that website still existing on the internet and someone downloaded it before it became a scam and used it with no ill affects but then they decided to "upgrade" by downloading the latest version and then got scammed. that would really throw them for a loop   and it would be their fault though for not monitoring the situation.



the validity checker could publish a list of methods that were allowed and then inside each method it would inspect to make sure that the only things that were happening were the standard bitcoin address generation process. anything that was there that did not belong would mean "invalid program". simple as that. a seed phrase inside the random number generator? invalid. some unknown decimal or hex number just being defined somewhere? invalid. an attempt to connect to the internet? invalid. anything unknown? need to write better code. invalid!


i would think rolling dice or flipping coins is better than any algorithm that produces pseudo random numbers. now if you're talking about true random like linux /dev/random maybe that's different. windows doesn't have that though.

If this were true, then malware would no longer exist because every possible workaround had been patched. There will also be a new workaround.

Depends on the random number generator on your computer. Is it better than some javascript RNG? Yes. Is it better than /dev/urandom? Probably not. However, it is also harder to do, easier to make a mistake, and easier to do in an insecure manner, so I wouldn't generally recommend it to most people.

That sounds a lot like virus scanners, where companies make a living of selling updates for dozens of new virusses per day. It will never be secure.

thats better than using the random number generator on your computer?