Topic: Is it dangerous to load other people's wallet files in the Bitcoin client? (Read 433 times)

1) we do not deceive anyone and cannot do this by definition, we do not receive wallets from those customers who are the owners of their wallets.
2) there are other customers who are not the owners of the wallets, but they sell them and very often these are fake wallets or empty ones.
3) so we invited everyone to buy such wallets to contact us first, so that the seller sends us a wallet for research.
4) I did not initially clarify this point, that we have two types of customers, so the people who gave me the answer did not know about this and got confused, sorry.
5) we don’t understand why we have a negative rating, because we didn’t deceive anyone, why do we have -2 points of trust?
6) we have many video cards, but they are without work, so we have to look for ways to make money, although the main thing that we are interested in doing is working with a client who knows at least something about the password that he forgot. But we do not have such clients, there is one, but there it is a very difficult task and it is not yet possible to find a password.
7) if someone has the opportunity to make “0” in the trust, it would be wonderful, because we did nothing wrong with anyone.

I'm sorry, but I'm really confused. You keep making contradicting statements... and then you call valid responses to your comments "nonsense".

You said "we get wallet.dats"... people say, you should take precautions "just in case"... and you should only be using the "hash" extract... you say "yes, we don't get wallets and with hash we can't hurt customer, don't write nonsense"??!?

Then you, in the same post, say "actually, we DO get wallet.dats... and we want to check them."

I'm not sure if it is just a language barrier and/or bad translations somewhere, but it seems to me you are just talking around in circles and confusing good advice with people insulting you.


Summary:

- If you are receiving and inspecting wallet.dat's, common sense would dictate that you should do so in a "sandboxed" environment (ie. stand alone, non-network workstation or VM etc)
- If you are just trying to brute force passwords, you should only be receiving the "hash" from the client, and not their wallet.dat
- All those "HUGE REWARD!" wallet.dat's being sold are scams

1) "I should hope not... the clients should be sending you a "hash" extracted from their wallet.dat file which you can then try and bruteforce using hashcat etc."

- And what next? Suppose we were sent a wallet "hash" (for Hashcat software) or "mkey" (for Thegrideon software), we found a password, and then what?
How can we harm a client if we don’t have his wallet? Why are you writing nonsense? Ask Dave, there were his answers to this question longtime ago!


2) "But you are now claiming that you don't get wallets, but in the very first post in this thread, you said:
Quote from: walletrecovery on April 18, 2020, 12:58:33 PM
Wallets are sent to us to check the availability of private keys inside,
so we can confirm whether this wallet is real or not, but we are worried about our wallets."

- Yes, you are absolutely right this is our additional service for those who want to buy a wallet from a private person and be sure that they will not be deceived and they will not sell an empty wallet.
In Russia, there are very few clients who have forgotten the password, they are not there or they have ended. Therefore, we came up with an additional service, while it is completely free.
There are many scammers on the Russian forum who sell "wallet.dat" files, so we opened the topic https://bitcointalksearch.org/topic/walletdat-5240546 to guarantee a clean deal.
Only in this case we get wallets from people, usually wallets that no one can open for a long time and they are sold everywhere by everyone, for example, on this site allprivatekeys dot com
In principle, we can’t harm the client in any way, we can only harm scammers who, because of us, cannot sell air to gullible people,
therefore these scammers complain about us to the moderator and, as you can see, we have a -1 point in the trust.

---

THANK YOU

---

THANK YOU

---

"percenter"

We have nothing to do with this account, the person was fired last month.

it seems to me that you are asking this question for your "recovery service" in which case it makes no sense to "load the wallet in the bitcoin client" because while doing recovery or brute forcing password all you need to do is to work with the content of the wallet file and that happens in your own program that is separate and different from the client that wallet file belonged to.
in which case it is up to you to know how to handle the file and make sure there is nothing malicious in it. you should ask this question from the developer who create the program that you are supposedly using to "recover wallets".

otherwise i don't see any reason why you should even have other people's wallet files in first place.

I should hope not... the clients should be sending you a "hash" extracted from their wallet.dat file which you can then try and bruteforce using hashcat etc.


But you are now claiming that you don't get wallets, but in the very first post in this thread, you said:

So which is correct?


In any case, the original answer you got from ranochingo is still valid:

There is no known exploit that will do "Bad Things"™ to your computer if you load a foreign wallet.dat into Bitcoin Core. However, this does not mean that it doesn't exist. "Absence of evidence is not evidence of absence".

So, it would be prudent to take adequate precautions.

Personally, I would just create a simple VM that contains the OS and Bitcoin Core... then take a backup/snapshot of that "clean" install... every time you need to load a new wallet.dat, simply create a new instance copied from your "clean" backup and then try and load the wallet.dat and/or dump it with PyWallet.

If all you're doing is attempting to load/inspect a wallet.dat, you don't even need the block data!

I advise anyone to not deal with this user in any way.
[/quote]

You write that we cannot be trusted, that we cannot be dealt with.
You are wrong and you must apologize because you do not know the truth.
The truth is that we do not receive "wallet.dat" files from our customers.
We can find the password, give this password to the client, and the client may not pay us anything!
Only we can become a victim of fraud and deception, and our client never.
Do not write nonsense here, you have a lot of stars and you should be smarter than any other member of the forum.

Of course I understand everything that you write, but you write about your assumptions.
We assume that the source of the wallet program is only one.
If there were options for different wallet programs, then there would not be this topic.
I am talking only about one source of origin for a client program.
How difficult it is to explain something through a Google translator, but without it I could not explain anything at all.

---

Then you are also paranoid or God forbid the madman.
I’m very scared for you, I worry about your health, sir!

2 Accounts connected:
walletrecovery and percenter

percenter - This person no longer works for us,
I bought part of his video cards and he left.
We do not know his fate and we are not interested.
I have a couple more employees, one of them writes an algorithm for hashcat, and the other searches for clients and sends letters.

If you are interested in delving into the old shit, these are your problems.
Now you are chatting with me and answering my questions.
If you are not competent, then do not be shy
you are not the smartest person on the planet and there is nothing wrong with that.

Since walletrecovery seemed quite sketchy to me, i did 5 minutes of research.

It turned out that he is an alt of percenter who has negative trust ratings and a valid flag open against him.

Check this post for more information.


I advise anyone to not deal with this user in any way.

As can word, excel, and others.
However, the flip side of that coin is that it's not the file that is doing the infecting. It's the application running the file.

Yeah, it's a small point but as an example if you send me an infected PDF adobe reader will probably be the target, as will the Microsoft reader. SlimPDF and FoxitPDF Reader will probably not allow the malware to do it's thing. This is not to say that you can't get infected running one of those PDF readers but if the system hooks that the malware authors are looking for are not there then it will not work.

Same with a doc file in Microsoft Word vs. OpenOffice.

You do need both the infected file and the targeted application. Opening up an infected wallet.dat in notepad is not going to cause an issue. If a compromise was found in core it might do something bad.

-Dave

Thanks to all.
Let's wait for the person who answers what the wallet program does with the file "wallet.dat" such that it can lead to the loss of coins.
Or if the program is safe and such a scenario is impossible, regardless of what is inside the "wallet.dat" file, then let the smart uncle write about it.
So far, no one has answered this question.

Oh, i forgot. Obviously the conversation is about bricks falling from the sky:





Because of your (retarded) statement:


This statement is simply wrong.
Instead of telling you, that you obviously don't have any clue at all, i tried to be sarcastic since almost everyone knows that JPG and PDF files can get your computer compromised.

I apologize for assuming you would be able to do the mental task, understanding that wallet.dat files can do the same - yourself.

So, i'll repeat it for you:
Non-executable files, can get your computer compromised if they are being parsed or otherwise worked with.

I wonder how you even dare to call yourself "walletrecovery" with little to no technical knowledge at all.
[/quote]

we have a very simple job
we listen to the client and instruct the machine to find the password using the program and video cards.
Now the conversation is not about this and not about philosophy or about accidents when driving a car or crossing a street at a pedestrian crossing or elsewhere.
Be specific in your statements and speak only on the subject matter.
You give an example files with the extension JPG and PDF
Why are you doing this?
We are talking specifically about the wallet program and the wallet.dat file
If you don’t know what the wallet program does with the file, then you don’t have to say everything that comes to your mind, just keep quiet and read what smart people write.

I read the answer to your question a year and a half ago:
Gmaxwell is a Bitcoin core developer so I assume he knows what he's talking about.

---

---

My advice: use a Virtual Machine for this, on an offline system, and "undo" all changes made to the VM after each wallet.

Just because you didn't have a car accident yet, it doesn't mean that it is impossible,
therefore you always drive carefully!

You are absurd.



You asked, we answered.



If "the way you need" is someone stating "this is impossible", then you will either never find this answer or someone who doesn't know what he is talking about will give you that "answer".
Look it up, how it works. You can find the source code on github.



No one writes that, because it is not true.
PDF files are no executable files, therefore they can't infect your system! (warning: sarcasm)
Image files are no executable files, therefore they can't infect your system! (warning: sarcasm)



What a given software does with a given filetype has nothing to do with the file system.

I wonder how you even dare to call yourself "walletrecovery" with little to no technical knowledge at all.

Yes, but this does not mean that you need to bring behavior to the point of absurdity.

If you apply your logic, then a brick has never fallen on your head, but this does not mean that this is impossible,
therefore you now always look at the sky every day!

This is absurd, why write about it.

There are principles of working the bitcoin client’s program, and if there’s not a single person who knows the principles "how it's works",
then no one will answer my question the way I need.

Does nobody really know what the wallet client program does with the "wallet.dat" file.

It’s elementary, Watson!

Wallet file is not an executable file type and in principle it cannot infect a computer and steal bitcoins, why doesn’t anyone write about it?

Are there no file system specialists here?

This is just funny guys!

But you've already been answered to that; there is no known case YET. A lack of precedent does not mean a lack of vulnerability, so if you fear for your safety, act as if it was possible every time you handle a wallet from unknown sources (aka clients)

you all gave very detailed answers, but they are not based on the knowledge of whether there was at least 1 case in 10 years
that someone infected his computer and lost bitcoins only because he opened the wallet.dat wallet file in the client program,
which was contagious. If the answer to this question is zero such cases, then it is still impossible to infect a computer and steal coins in this way.

I don't really understand what you are trying to say, but.. if you are not executing the file, you are fine.

What OS are you using?
If you are using linux, as long as you don't execute the file or load it into an application which parses the content, you are fine.
For windows, thats a little bit more tricky. But a general rule is that if you don't actively do stuff with it, you are fine.

Whether or not you are vulnerable using a python script depends on what the script is doing. And in this case the attacker would have to actually target you and the script instead of bitcoin core.


The easiest method is to use a virtual machine. Set it up once, load the file into it, do whatever you want with it, reset the virtual machine. As easy as that.

OMG!
Well, if we don’t download wallet.dat to the Bitcoin client, but just upload the data using pywallet.py, can it be that even if we passively read from the file, our computer could be infected?

It really doesn't matter where you are running the Bitcoin client. No matter where you load the wallet from, the virus can infect files in another disk even if they are being run from different drives. The best practice is really to santize your computer by reinstalling the OS everytime after you handle a file. It is possible for malware to operate even if its offline.

Just to reiterate my point; it is not foolproof to see if the wallet.dat contains private key to a given address just by loading it into the client. It is still possible to modify the wallet.dat for it to display different addresses without a corresponding private key.