Pages:
Author

Topic: Is it dangerous to load other people's wallet files in the Bitcoin client? (Read 453 times)

copper member
Activity: 427
Merit: 29
Why are you writing nonsense?
I'm sorry, but I'm really confused. You keep making contradicting statements... and then you call valid responses to your comments "nonsense". Huh

You said "we get wallet.dats"... people say, you should take precautions "just in case"... and you should only be using the "hash" extract... you say "yes, we don't get wallets and with hash we can't hurt customer, don't write nonsense"??!? Huh

Then you, in the same post, say "actually, we DO get wallet.dats... and we want to check them." Roll Eyes Roll Eyes Roll Eyes

I'm not sure if it is just a language barrier and/or bad translations somewhere, but it seems to me you are just talking around in circles and confusing good advice with people insulting you.


Summary:

- If you are receiving and inspecting wallet.dat's, common sense would dictate that you should do so in a "sandboxed" environment (ie. stand alone, non-network workstation or VM etc)
- If you are just trying to brute force passwords, you should only be receiving the "hash" from the client, and not their wallet.dat
- All those "HUGE REWARD!" wallet.dat's being sold are scams Wink



1) we do not deceive anyone and cannot do this by definition, we do not receive wallets from those customers who are the owners of their wallets.
2) there are other customers who are not the owners of the wallets, but they sell them and very often these are fake wallets or empty ones.
3) so we invited everyone to buy such wallets to contact us first, so that the seller sends us a wallet for research.
4) I did not initially clarify this point, that we have two types of customers, so the people who gave me the answer did not know about this and got confused, sorry.
5) we don’t understand why we have a negative rating, because we didn’t deceive anyone, why do we have -2 points of trust?
6) we have many video cards, but they are without work, so we have to look for ways to make money, although the main thing that we are interested in doing is working with a client who knows at least something about the password that he forgot. But we do not have such clients, there is one, but there it is a very difficult task and it is not yet possible to find a password.
7) if someone has the opportunity to make “0” in the trust, it would be wonderful, because we did nothing wrong with anyone.
HCP
legendary
Activity: 2086
Merit: 4363
Why are you writing nonsense?
I'm sorry, but I'm really confused. You keep making contradicting statements... and then you call valid responses to your comments "nonsense". Huh

You said "we get wallet.dats"... people say, you should take precautions "just in case"... and you should only be using the "hash" extract... you say "yes, we don't get wallets and with hash we can't hurt customer, don't write nonsense"??!? Huh

Then you, in the same post, say "actually, we DO get wallet.dats... and we want to check them." Roll Eyes Roll Eyes Roll Eyes

I'm not sure if it is just a language barrier and/or bad translations somewhere, but it seems to me you are just talking around in circles and confusing good advice with people insulting you.


Summary:

- If you are receiving and inspecting wallet.dat's, common sense would dictate that you should do so in a "sandboxed" environment (ie. stand alone, non-network workstation or VM etc)
- If you are just trying to brute force passwords, you should only be receiving the "hash" from the client, and not their wallet.dat
- All those "HUGE REWARD!" wallet.dat's being sold are scams Wink

copper member
Activity: 427
Merit: 29
1) "I should hope not... the clients should be sending you a "hash" extracted from their wallet.dat file which you can then try and bruteforce using hashcat etc."

- And what next? Suppose we were sent a wallet "hash" (for Hashcat software) or "mkey" (for Thegrideon software), we found a password, and then what?
How can we harm a client if we don’t have his wallet? Why are you writing nonsense? Ask Dave, there were his answers to this question longtime ago!


2) "But you are now claiming that you don't get wallets, but in the very first post in this thread, you said:
Quote from: walletrecovery on April 18, 2020, 12:58:33 PM
Wallets are sent to us to check the availability of private keys inside,
so we can confirm whether this wallet is real or not, but we are worried about our wallets."

- Yes, you are absolutely right this is our additional service for those who want to buy a wallet from a private person and be sure that they will not be deceived and they will not sell an empty wallet.
In Russia, there are very few clients who have forgotten the password, they are not there or they have ended. Therefore, we came up with an additional service, while it is completely free.
There are many scammers on the Russian forum who sell "wallet.dat" files, so we opened the topic https://bitcointalksearch.org/topic/walletdat-5240546 to guarantee a clean deal.
Only in this case we get wallets from people, usually wallets that no one can open for a long time and they are sold everywhere by everyone, for example, on this site allprivatekeys dot com
In principle, we can’t harm the client in any way, we can only harm scammers who, because of us, cannot sell air to gullible people,
therefore these scammers complain about us to the moderator and, as you can see, we have a -1 point in the trust.



it seems to me that you are asking this question for your "recovery service" in which case it makes no sense to "load the wallet in the bitcoin client" because while doing recovery or brute forcing password all you need to do is to work with the content of the wallet file and that happens in your own program that is separate and different from the client that wallet file belonged to.
in which case it is up to you to know how to handle the file and make sure there is nothing malicious in it. you should ask this question from the developer who create the program that you are supposedly using to "recover wallets".

otherwise i don't see any reason why you should even have other people's wallet files in first place.

THANK YOU



If there were options for different wallet programs, then there would not be this topic.

But you can open and create wallet.dat from different program such as Bitcoin Knots and fork of Bitcoin Core (usually for altcoin though)

THANK YOU



Check this post for more information.

"percenter"

We have nothing to do with this account, the person was fired last month.
legendary
Activity: 3472
Merit: 10611
it seems to me that you are asking this question for your "recovery service" in which case it makes no sense to "load the wallet in the bitcoin client" because while doing recovery or brute forcing password all you need to do is to work with the content of the wallet file and that happens in your own program that is separate and different from the client that wallet file belonged to.
in which case it is up to you to know how to handle the file and make sure there is nothing malicious in it. you should ask this question from the developer who create the program that you are supposedly using to "recover wallets".

otherwise i don't see any reason why you should even have other people's wallet files in first place.
HCP
legendary
Activity: 2086
Merit: 4363
The truth is that we do not receive "wallet.dat" files from our customers.
I should hope not... the clients should be sending you a "hash" extracted from their wallet.dat file which you can then try and bruteforce using hashcat etc.


But you are now claiming that you don't get wallets, but in the very first post in this thread, you said:
Wallets are sent to us to check the availability of private keys inside,
so we can confirm whether this wallet is real or not, but we are worried about our wallets.

So which is correct? Huh


In any case, the original answer you got from ranochingo is still valid:
Whilst there is currently no known vulnerabilities that allows for code execution within the wallet.dat file, I wouldn't trust it too much.

There is no known exploit that will do "Bad Things"™ to your computer if you load a foreign wallet.dat into Bitcoin Core. However, this does not mean that it doesn't exist. "Absence of evidence is not evidence of absence".

So, it would be prudent to take adequate precautions.

Personally, I would just create a simple VM that contains the OS and Bitcoin Core... then take a backup/snapshot of that "clean" install... every time you need to load a new wallet.dat, simply create a new instance copied from your "clean" backup and then try and load the wallet.dat and/or dump it with PyWallet.

If all you're doing is attempting to load/inspect a wallet.dat, you don't even need the block data! Wink
copper member
Activity: 427
Merit: 29
I advise anyone to not deal with this user in any way.
[/quote]

You write that we cannot be trusted, that we cannot be dealt with.
You are wrong and you must apologize because you do not know the truth.
The truth is that we do not receive "wallet.dat" files from our customers.
We can find the password, give this password to the client, and the client may not pay us anything!
Only we can become a victim of fraud and deception, and our client never.
Do not write nonsense here, you have a lot of stars and you should be smarter than any other member of the forum.
copper member
Activity: 427
Merit: 29
Of course I understand everything that you write, but you write about your assumptions.
We assume that the source of the wallet program is only one.
If there were options for different wallet programs, then there would not be this topic.
I am talking only about one source of origin for a client program.
How difficult it is to explain something through a Google translator, but without it I could not explain anything at all.



Since walletrecovery seemed quite sketchy to me, i did 5 minutes of research.
It turned out that he is an alt of percenter who has negative trust ratings and a valid flag open against him.
Check this post for more information.
I advise anyone to not deal with this user in any way.

Then you are also paranoid or God forbid the madman.
I’m very scared for you, I worry about your health, sir!

2 Accounts connected:
walletrecovery and percenter

percenter - This person no longer works for us,
I bought part of his video cards and he left.
We do not know his fate and we are not interested.
I have a couple more employees, one of them writes an algorithm for hashcat, and the other searches for clients and sends letters.

If you are interested in delving into the old shit, these are your problems.
Now you are chatting with me and answering my questions.
If you are not competent, then do not be shy
you are not the smartest person on the planet and there is nothing wrong with that.
legendary
Activity: 1624
Merit: 2481
Since walletrecovery seemed quite sketchy to me, i did 5 minutes of research.

It turned out that he is an alt of percenter who has negative trust ratings and a valid flag open against him.

Check this post for more information.


I advise anyone to not deal with this user in any way.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange

This statement is simply wrong.
Instead of telling you, that you obviously don't have any clue at all, i tried to be sarcastic since almost everyone knows that JPG and PDF files can get your computer compromised.

I apologize for assuming you would be able to do the mental task, understanding that wallet.dat files can do the same - yourself.

So, i'll repeat it for you:
Non-executable files, can get your computer compromised if they are being parsed or otherwise worked with.

As can word, excel, and others.
However, the flip side of that coin is that it's not the file that is doing the infecting. It's the application running the file.

Yeah, it's a small point but as an example if you send me an infected PDF adobe reader will probably be the target, as will the Microsoft reader. SlimPDF and FoxitPDF Reader will probably not allow the malware to do it's thing. This is not to say that you can't get infected running one of those PDF readers but if the system hooks that the malware authors are looking for are not there then it will not work.

Same with a doc file in Microsoft Word vs. OpenOffice.

You do need both the infected file and the targeted application. Opening up an infected wallet.dat in notepad is not going to cause an issue. If a compromise was found in core it might do something bad.

-Dave
copper member
Activity: 427
Merit: 29
Thanks to all.
Let's wait for the person who answers what the wallet program does with the file "wallet.dat" such that it can lead to the loss of coins.
Or if the program is safe and such a scenario is impossible, regardless of what is inside the "wallet.dat" file, then let the smart uncle write about it.
So far, no one has answered this question.
legendary
Activity: 1624
Merit: 2481
Now the conversation is not about this and not about philosophy or about accidents when driving a car or crossing a street at a pedestrian crossing or elsewhere.

Oh, i forgot. Obviously the conversation is about bricks falling from the sky:

If you apply your logic, then a brick has never fallen on your head, but this does not mean that this is impossible,
therefore you now always look at the sky every day!



You give an example files with the extension JPG and PDF
Why are you doing this?

Because of your (retarded) statement:

Wallet file is not an executable file type and in principle it cannot infect a computer and steal bitcoins

This statement is simply wrong.
Instead of telling you, that you obviously don't have any clue at all, i tried to be sarcastic since almost everyone knows that JPG and PDF files can get your computer compromised.

I apologize for assuming you would be able to do the mental task, understanding that wallet.dat files can do the same - yourself.

So, i'll repeat it for you:
Non-executable files, can get your computer compromised if they are being parsed or otherwise worked with.
copper member
Activity: 427
Merit: 29
I wonder how you even dare to call yourself "walletrecovery" with little to no technical knowledge at all.
[/quote]

we have a very simple job
we listen to the client and instruct the machine to find the password using the program and video cards.
Now the conversation is not about this and not about philosophy or about accidents when driving a car or crossing a street at a pedestrian crossing or elsewhere.
Be specific in your statements and speak only on the subject matter.
You give an example files with the extension JPG and PDF
Why are you doing this?
We are talking specifically about the wallet program and the wallet.dat file
If you don’t know what the wallet program does with the file, then you don’t have to say everything that comes to your mind, just keep quiet and read what smart people write.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I read the answer to your question a year and a half ago:
As an aside, it is not safe to use potentially malicious wallet.dat files.  Anyone who gets sent a wallet.dat from a third party should take great care in using it. I would not be shocked if it were possible to get arbitrary code execution from a wallet.dat file.  If a bad guy found a way to do that the best way to exploit that discovery would be to pose as someone who corrupted their wallet and encourages people to try to 'scam' them by getting a copy of their wallet or help them with a promise of an outsized reward.
Gmaxwell is a Bitcoin core developer so I assume he knows what he's talking about.



My advice: use a Virtual Machine for this, on an offline system, and "undo" all changes made to the VM after each wallet.
legendary
Activity: 1624
Merit: 2481
If you apply your logic, then a brick has never fallen on your head, but this does not mean that this is impossible,
therefore you now always look at the sky every day!


This is absurd, why write about it.

Just because you didn't have a car accident yet, it doesn't mean that it is impossible,
therefore you always drive carefully!

You are absurd.


This is absurd, why write about it.

You asked, we answered.


There are principles of working the bitcoin client’s program, and if there’s not a single person who knows the principles "how it's works",
then no one will answer my question the way I need.

If "the way you need" is someone stating "this is impossible", then you will either never find this answer or someone who doesn't know what he is talking about will give you that "answer".
Look it up, how it works. You can find the source code on github.


Wallet file is not an executable file type and in principle it cannot infect a computer and steal bitcoins, why doesn’t anyone write about it?

No one writes that, because it is not true.
PDF files are no executable files, therefore they can't infect your system! (warning: sarcasm)
Image files are no executable files, therefore they can't infect your system! (warning: sarcasm)


Are there no file system specialists here?

What a given software does with a given filetype has nothing to do with the file system.

I wonder how you even dare to call yourself "walletrecovery" with little to no technical knowledge at all.
copper member
Activity: 427
Merit: 29
Yes, but this does not mean that you need to bring behavior to the point of absurdity.

If you apply your logic, then a brick has never fallen on your head, but this does not mean that this is impossible,
therefore you now always look at the sky every day!

This is absurd, why write about it.

There are principles of working the bitcoin client’s program, and if there’s not a single person who knows the principles "how it's works",
then no one will answer my question the way I need.

Does nobody really know what the wallet client program does with the "wallet.dat" file.

It’s elementary, Watson!

Wallet file is not an executable file type and in principle it cannot infect a computer and steal bitcoins, why doesn’t anyone write about it?

Are there no file system specialists here?

This is just funny guys!
copper member
Activity: 1652
Merit: 1325
I'm sometimes known as "miniadmin"
---

But you've already been answered to that; there is no known case YET. A lack of precedent does not mean a lack of vulnerability, so if you fear for your safety, act as if it was possible every time you handle a wallet from unknown sources (aka clients)
copper member
Activity: 427
Merit: 29
you all gave very detailed answers, but they are not based on the knowledge of whether there was at least 1 case in 10 years
that someone infected his computer and lost bitcoins only because he opened the wallet.dat wallet file in the client program,
which was contagious. If the answer to this question is zero such cases, then it is still impossible to infect a computer and steal coins in this way.
legendary
Activity: 1624
Merit: 2481
Well, if we don’t download wallet.dat to the Bitcoin client, but just upload the data using pywallet.py, can it be that even if we passively read from the file, our computer could be infected?

I don't really understand what you are trying to say, but.. if you are not executing the file, you are fine.

What OS are you using?
If you are using linux, as long as you don't execute the file or load it into an application which parses the content, you are fine.
For windows, thats a little bit more tricky. But a general rule is that if you don't actively do stuff with it, you are fine.

Whether or not you are vulnerable using a python script depends on what the script is doing. And in this case the attacker would have to actually target you and the script instead of bitcoin core.


The easiest method is to use a virtual machine. Set it up once, load the file into it, do whatever you want with it, reset the virtual machine. As easy as that.
copper member
Activity: 427
Merit: 29
OMG!
Well, if we don’t download wallet.dat to the Bitcoin client, but just upload the data using pywallet.py, can it be that even if we passively read from the file, our computer could be infected?
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Yes, but a virus cannot infect a given blockchain database?
If the second computer does not have Internet connection,
and we will connect blockchain database from another HDD?
It really doesn't matter where you are running the Bitcoin client. No matter where you load the wallet from, the virus can infect files in another disk even if they are being run from different drives. The best practice is really to santize your computer by reinstalling the OS everytime after you handle a file. It is possible for malware to operate even if its offline.

Just to reiterate my point; it is not foolproof to see if the wallet.dat contains private key to a given address just by loading it into the client. It is still possible to modify the wallet.dat for it to display different addresses without a corresponding private key.
Pages:
Jump to: