Topic: Old Windows 32bit Versions (Read 1945 times)
Hi guys, could I also get the Win 32Bit installer?
Everyone has made excellent points here and I was myself wary of handing out that old installer that I kept (I archive the installers for every new release for the crypto wallets I keep), but I just wanted to help the OP as I was in his situation myself awhile back. https://bitcointalksearch.org/topic/m.10674668
Glad everything worked out & thanks SoraMan for verifying the installer hash and keeping my reputation intact!
Glad everything worked out & thanks SoraMan for verifying the installer hash and keeping my reputation intact!
It's ok to distribute binaries as long as you attach the signed hashes file.
Everyone has made excellent points here and I was myself wary of handing out that old installer that I kept (I archive the installers for every new release for the crypto wallets I keep), but I just wanted to help the OP as I was in his situation myself awhile back. https://bitcointalksearch.org/topic/m.10674668
Glad everything worked out & thanks SoraMan for verifying the installer hash and keeping my reputation intact!
Glad everything worked out & thanks SoraMan for verifying the installer hash and keeping my reputation intact!
So thanks to ghdp and GnuPG or really gpg4win, I was able to check the signatures.
So now for versions 0.92.3 and 0.94.1, I've checked the checksums, the signatures and the publickey fingerprint on multiple downloaded copies from Mackay, from the old and new(goatpig) githubs, these forums (for the publickey fingerprint), and the Amory website and it's archived copies at multiple timed snapshots on the site internet archive (https://archive.org/web/).
They all checked out so I think I'm good short of reading the code myself.
Thanks again everyone for helping me on this newbie stuff. The community here is great!
So now for versions 0.92.3 and 0.94.1, I've checked the checksums, the signatures and the publickey fingerprint on multiple downloaded copies from Mackay, from the old and new(goatpig) githubs, these forums (for the publickey fingerprint), and the Amory website and it's archived copies at multiple timed snapshots on the site internet archive (https://archive.org/web/).
They all checked out so I think I'm good short of reading the code myself.
Thanks again everyone for helping me on this newbie stuff. The community here is great!
Learning how to use GnuPG is not very difficult and will not be a waste of your time.
So that's the name of the program link I saw briefly before I could really sit down and fully read it. I'll look into GnuPG. Thank you for all your help ghdp and thanks everyone for that matter.
What happened to ghdp's posts? 
I didn't get to read his last one before it disappeared. 
I had hoped it had tips on how to check the signatures.
I didn't get to read his last one before it disappeared. I had hoped it had tips on how to check the signatures.Looks like he chose to remove it.
What happened to ghdp's posts? I didn't get to read his last one before it disappeared. I had hoped it had tips on how to check the signatures.
I didn't get to read his last one before it disappeared. I had hoped it had tips on how to check the signatures. You can get the hashfile of the 0.92.3 release on web.archive.org here : https://web.archive.org/web/20151018194144/https://s3.amazonaws.com/bitcoinarmory-releases/armory_0.92.3_sha256sum.txt.asc
(Don't just follow this link, browse various revisions of the site)
Import the "right" key, download the .txt.asc, check the signature, check the checksum of the file you were sent, then you can be reasonably certain that it was once hosted on bitcoinarmory.com.
Wow this is a great site!
I need to remember it for things like this.So I browsed around the site and got multiple hashfiles of the 0.92.3 release from different timed snapshots of the Amory website. It even had the old 0.92.3 installer so I got a few of them as well. I hashed them all, including the one Mackay sent me, and compared them to all the hashfiles. Good news they all matched!
Now I still need to check the signature (don't know how to do that on windows yet) but this is a good sign. Quote
I feel you on that and that's why I wouldn't use it on an online pc but from my understanding let me ask something. If it only ever is on an offline pc, only in offline mode and used to only sign offline transactions, aren't the transactions made and verified by the online clean armory? Like if during the signing the outputs were changed to the attacker wouldn't the online armory see the change? Or am I missing something?
Doesn't matter what the GUI shows on both ends. If as an attacker I have access to what code runs on your signer, I could wipe your entire wallet after you've broadcasted a single tx signed with this malicious code, if I wasn't trying to be sneaky.
If I wanted to be stealthier, I'd still manage to reveal all private keys on your wallet after the one you signed with, with a single tx broadcasted to the network. An attacker with enough motivation would figure out which parts of the code base to alter to corrupt the signer in this way.
tldr: do not use binaries without signed hash, ideally build the code yourself, and best would be to review the code before using it (now that's going far I know)
I understood the possibility of a payload with the saved tx file, that's why I mentioned I wanted to use the copyable text in a QRcode or something, but I didn't think the copyable text based tx info could carry enough data for any malicious code
. Interesting. By the way when I said it's working great I meant installing it and just messing with it. I haven't used it at all yet so I'm still good. There wouldn't be a guide for that would there? Or is that not easier than just compiling it myself? By the the number of things to install and setup in your link it would seem to me like verifying would be easier.
hash the file (sha256sum), check it matches the hash in the signed hashes file for 0.92.3. Then check that signed hashes file is signed by Alan's offline signing key. If you're not willing to go down that route, you should build from scratch.
I hashed the file, even went back and checked the newer installs, and I have the public key but I can't find the signed file with the correct hash for version 0.92.3.
LOL I'm right back to where I started 
.There wouldn't be a guide for that would there? Or is that not easier than just compiling it myself? By the the number of things to install and setup in your link it would seem to me like verifying would be easier.
hash the file (sha256sum), check it matches the hash in the signed hashes file for 0.92.3. Then check that signed hashes file is signed by Alan's offline signing key. If you're not willing to go down that route, you should build from scratch.
Quote
I feel you on that and that's why I wouldn't use it on an online pc but from my understanding let me ask something. If it only ever is on an offline pc, only in offline mode and used to only sign offline transactions, aren't the transactions made and verified by the online clean armory? Like if during the signing the outputs were changed to the attacker wouldn't the online armory see the change? Or am I missing something?
Doesn't matter what the GUI shows on both ends. If as an attacker I have access to what code runs on your signer, I could wipe your entire wallet after you've broadcasted a single tx signed with this malicious code, if I wasn't trying to be sneaky.
If I wanted to be stealthier, I'd still manage to reveal all private keys on your wallet after the one you signed with, with a single tx broadcasted to the network. An attacker with enough motivation would figure out which parts of the code base to alter to corrupt the signer in this way.
tldr: do not use binaries without signed hash, ideally build the code yourself, and best would be to review the code before using it (now that's going far I know)
If it only ever is on an offline pc, only in offline mode and used to only sign offline transactions, aren't the transactions made and verified by the online clean armory? Like if during the signing the outputs were changed to the attacker wouldn't the online armory see the change? Or am I missing something?
We come back to the motivation factor again: it depends what an attacker could achieve while on the offline machine. If they could copy a payload to USB flash/CD-ROM to execute on the online machine, that's a problem.
That's true. But that's the same attack vector one would need to use on the online pc to reach the offline pc in the first place. Meaning that the cd or flash drive already needs to be watched and secured.
I was trying to think of an easy way to copy the text armory generates during transaction signing without a flash drive. Maybe OCR or something. Or Maybe a Qrcode might be nice here.
one you can verify on your phone and can verify it is accurate to the text onscreen. Then that attack vector is closed.Don't get me wrong I want my bitcoin to be safe that's why I'm doing the cold storage in the first place.
If it only ever is on an offline pc, only in offline mode and used to only sign offline transactions, aren't the transactions made and verified by the online clean armory? Like if during the signing the outputs were changed to the attacker wouldn't the online armory see the change? Or am I missing something?
We come back to the motivation factor again: it depends what an attacker could achieve while on the offline machine. If they could copy a payload to USB flash/CD-ROM to execute on the online machine, that's a problem.
ditto what goatpig said
Think about it this way: the part of this thread where goatpig instructed you on the libraries/build arch target are exactly what a motivated thief would need to get started on trying to develop an attack resembling what happened when Mackay offered you a copy of 0.92.3.
It's the easy part, I know, but then you're left with the motivation of the attacker. "How difficult is the hard part?" is the question a well motivated attacker would ask. And I'm afraid it would be far too easy to steal at least some BTC using minimal coding ability. Someone just a little too bright and/or too fresh could steal everything you have.
Think about it this way: the part of this thread where goatpig instructed you on the libraries/build arch target are exactly what a motivated thief would need to get started on trying to develop an attack resembling what happened when Mackay offered you a copy of 0.92.3.
It's the easy part, I know, but then you're left with the motivation of the attacker. "How difficult is the hard part?" is the question a well motivated attacker would ask. And I'm afraid it would be far too easy to steal at least some BTC using minimal coding ability. Someone just a little too bright and/or too fresh could steal everything you have.
I feel you on that and that's why I wouldn't use it on an online pc but from my understanding let me ask something. If it only ever is on an offline pc, only in offline mode and used to only sign offline transactions, aren't the transactions made and verified by the online clean armory? Like if during the signing the outputs were changed to the attacker wouldn't the online armory see the change? Or am I missing something?
it's already working great and it's only for offline transactions signing
Unless you verify the installer hash vs the signature files, you are taking massive risks.
There wouldn't be a guide for that would there? Or is that not easier than just compiling it myself? By the the number of things to install and setup in your link it would seem to me like verifying would be easier.
ditto what goatpig said
Think about it this way: the part of this thread where goatpig instructed you on the libraries/build arch target are exactly what a motivated thief would need to get started on trying to develop an attack resembling what happened when Mackay offered you a copy of 0.92.3.
It's the easy part, I know, but then you're left with the motivation of the attacker. "How difficult is the hard part?" is the question a well motivated attacker would ask. And I'm afraid it would be far too easy to steal at least some BTC using minimal coding ability. Someone just a little too bright and/or too fresh could steal everything you have.
Think about it this way: the part of this thread where goatpig instructed you on the libraries/build arch target are exactly what a motivated thief would need to get started on trying to develop an attack resembling what happened when Mackay offered you a copy of 0.92.3.
It's the easy part, I know, but then you're left with the motivation of the attacker. "How difficult is the hard part?" is the question a well motivated attacker would ask. And I'm afraid it would be far too easy to steal at least some BTC using minimal coding ability. Someone just a little too bright and/or too fresh could steal everything you have.
it's already working great and it's only for offline transactions signing
Unless you verify the installer hash vs the signature files, you are taking massive risks.
@Mackay,
Thank you so much. It’s working great! Yeah I would think this could be a rather common occurrence. When one uses an “Old Computer or Laptop” for cold storage there is a high probability that it’s a 32bit windows. I know that XP and 32bit are separate time consuming developments to keep supporting but I wish then this installer would be kept on the github as a workaround. Especially since 0.92.3 is more than sufficient for offline transaction signing.
Well anyways thanks again!
@Goatpig
Thank you for starting to help me compile it. I know the bitcoin/armory philosophy would be to trust no one and build it from scratch but it's already working great and it's only for offline transactions signing. So I'll probably just use his installer copy since it's so much easier. Thanks again though.
Anyone else that needs it I'd be happy to send it as I'm sure Mackay would be also.
Thank you so much. It’s working great! Yeah I would think this could be a rather common occurrence. When one uses an “Old Computer or Laptop” for cold storage there is a high probability that it’s a 32bit windows. I know that XP and 32bit are separate time consuming developments to keep supporting but I wish then this installer would be kept on the github as a workaround. Especially since 0.92.3 is more than sufficient for offline transaction signing.
Well anyways thanks again!
@Goatpig
Thank you for starting to help me compile it. I know the bitcoin/armory philosophy would be to trust no one and build it from scratch but it's already working great and it's only for offline transactions signing. So I'll probably just use his installer copy since it's so much easier. Thanks again though.
Anyone else that needs it I'd be happy to send it as I'm sure Mackay would be also.
Thank you for your help. I'm installing MSVS 2015 right now (it has to download 12gb so I'll take some time) so I'm looking through the 0.92.3 repo now. I'm sorry but by cpp project do you mean cppForSwig? And if so by that link you gave do I need to unzip swig 3.0.2 into swigwin first before compiling it? If not I'm not sure which files you mean. Those are the only .cpp files I see. (sorry like I said I've never done C++ before 
).
). https://github.com/goatpig/BitcoinArmory/blob/master/cppForSwig/BitcoinArmory.sln
Open this file in MSVS, make sure the swigwin root folder is in the same folder as this file.
I happen to have a copy of the old 0.92.3 windows installer. What's the best way to get it to you? Message me with your email address & I can email it.
Thank you for your help. I'm installing MSVS 2015 right now (it has to download 12gb so I'll take some time) so I'm looking through the 0.92.3 repo now. I'm sorry but by cpp project do you mean cppForSwig? And if so by that link you gave do I need to unzip swig 3.0.2 into swigwin first before compiling it? If not I'm not sure which files you mean. Those are the only .cpp files I see. (sorry like I said I've never done C++ before ).
).
Also use this as a general reference:
https://github.com/goatpig/BitcoinArmory/blob/master/windowsbuild/Windows_build_notes.md
https://github.com/goatpig/BitcoinArmory/blob/master/windowsbuild/Windows_build_notes.md
Jump to: