Topic: Show Me The Bitcoin! - use plain images as Bitcoin keys, send BTC via email (Read 3289 times)

Good idea!

My plan was/is to create a Chrome extension for it - to allow you to right click on an image and check its balance (or maybe hover over it to do the same). This would work if you used webmail or your mail client used an embedded web browser to display the content of the email.

Once source gets up here someone needs to turn this into ability to run on windows

What a great idea.  Thanks for making this and sharing it.  I think once you open up the source here this will really catch on.  What would folks recommend as the use case for when the recipient opens an email with a loaded imaged attached on OSX/Windows?  By that I mean, what sort of easy to use program could be used to quickly grab the key from the image? (context-menu easy, ideally)

ya i was just trying to ship you the coins that i sent to the image while playing around. intuitively, it seems like you would want users to be able to do that.

looking forward to a password or a 4 digit pin that can seed the hash. you can send the image to a friend and provide the pin via txt or voice or whatever. it can also make it fun for having these types of image hunt games. if you add a pin/password, the images could be reused without much worry right?

BTC has been swiped. It was is drazvan's icon!

This is probably not a scam. Nice idea too.

Oh ok. Good thing I got blockchain b4 removal then :d

I think Apple doesn't allow Bitcoin wallets in their iTunes Store. I have an iPhone dev I can ask for help, let's see if he thinks this is doable. Without an on-phone wallet you would have to fund and sweep from your computer or another phone though, SMTB is not a full wallet.

What do you mean? I have only tried the Mycelium and standard Bitcoin wallets. Does the donation address not appear when use the blockchain.info applet? Or were you trying to donate directly from some coins hidden in an image? You'd have to sweep those first, then donate.

This one is soooo easy, but it has been over a day

Could you not develop an iphone app for this?

really cool man.

i was able to select blockchain.info wallet or mycelium wallet to send or receive funds. so thats great. super simple design, i really like that.

but i can't donate from an address in the app

Not much. More for fun than profit

How much BTC is at stake ?

Not swiped yet!

Well, I tried but couldn't find it . I should probably add a feature to tell you if funds ever _were_ attached to that image (but have been swiped by someone else before you found the correct image). I've tried all the CryptoCurrency-related pages I could think of but no image had any coins attached to it.

BTC still hidden in an image somewhere. This one is easy too

Nice idea but I would not keep any large amout of bitcoin like this

What do you mean? You can monitor the app's traffic, it only makes calls to blockchain.info to fetch the balance of a particular address and to push a sweep transaction once you redeem funds. It has no background processes (you can also check this or simply uninstall it when you're done if it makes you feel more comfortable - you can always reinstall it and reopen the image to get the funds). It has no persistent data (well, I'm actually lying, it remembers if you've donated so that it doesn't ask you again - if you uninstall it, it will forget, so it will nag you again for a donation when you reinstall).

Your image isn't posted anywhere if that's what you're worried about. As I said, feel free to use it, then uninstall it altogether until next time if that makes you feel more comfortable.

I'm just worried that this app can be exploited. How are you keeping it safe?

Well, feel free to use it then . You can post the clues on this thread if you want. If you have a blog or a website you'd like people to visit looking for clues, you can do that too.

IMO, this will make for a great net bounty hunt!

Interesting idea indeed, you can have fun with it like a scavenger hunt, cheers!

well done OP. we appreciate your work. good on you for actually making something cool. app is a nice idea. thanks & soldier on

Some BTC hidden in an image related to CryptoCurrency!

I do plan to make it at least for Dogecoin and possibly others - it shouldn't be very hard, just need to find the time for it.

Yup, I'll add that, although it won't be the default - I want to keep the default very simple, "the image is the key". For the more advanced users, there will also be a password that gets thrown into the mix when the private key is derived from the image content.

Thank you! I've just published a new version that is supposed to work down to Android 2.3 GingerBread. I no longer have a device with Gingerbread here, so I would appreciate it if you could give it a try. If it shows your phone as incompatible, try in a few hours, Google takes its time to update the Play Store listings.

Could you make it more computationally expensive to derive the key from the image, so that would-be-attackers can't just hash every image they can get their hands on. Similar to how brute-forcing BIP38 keys is impractical (currently)...>?

I think the correct terminology is to introduce more rounds of hashing, but must admit in this area I start to fall down a little...

Either way, nice app!

Is this only for bitcoins or supports other popular alt coins too, like dogecoin, litecoin ect..?

I like it. Basically it is the same as giving away a filled paper wallet as a gift. Sure it isn't the intended way to transfer bitcoin by handing over the private key of an address that was filled with the money that is meant to be transfered, but it still is nice enough. Sadly I am stuck with an old smartphone and CM 7.2 (which is android 2.3 if I am not mistaken) so I can't test it.

Hey OP, I like the idea, but maybe you could include a transaction which spends some coins instead of a private key, depending on your ultimate goal.

You are a bit confused. Let me explain. Take a JPG of Auntie Ethel. Hash it using SHA256. Insert the hash in brainwallet.org. Transfer btc to the resulting private key. Now send the JPG by open email to the intended recipient with message "Here is the photo of Auntie Ethel as discussed". Separately tell the recipient to hash the JPG and use the private key to transfer the btc to an address (s)he controls.

What the OP has done is nicely automate the first part of the process. Basically it is just a version of transferring BTC by giving somebody your brainwallet passcode. No scam involved. I think you should apologise. 

Go right ahead, I'm off to bed for now (it's 1 AM here) but I may post more tomorrow. Just download the image you want to add funds to, open it in the app, add the funds, then post some sort of hint here. Make it as easy or as hard as you want .

How about we do more!!! Im willing to pitch in to put a random amount of BTC in different photos !!!

Cool idea, just like a belated easter egg hunt ! 

Cool idea but isn't the safety from using this app negative correlated with the success of the app? I mean if this get's widespread usage won't every thief try to install the app?

I was looking on Bitcoin.org lol

Small amounts don't need to worry about security.
This project is fun and helps make BTC easier for the masses. 

And the third one is gone, it was on MtGox (their logo on top left - the only image left on their website ).

Could you be bothered to look at my post history to see what other projects I am involved in? Here, in case you can't find it: https://bitcointalksearch.org/user/drazvan-82497 . Also, that's me https://www.linkedin.com/profile/view?id=4926501 . That's also me http://www.theregister.co.uk/2004/06/03/pocket_rendezvous/ . And this http://www.othercoin.com/OtherCoin.pdf . Busy scammer, huh?

But hey, "scammer" is a nice hint word for the location of the last of the three bounties I've posted. Let's see if anyone claims it.

Ok this is just a whole lot of horse crap. I can only conclude that the OP is a scammer and he's got a lot of shill accounts supporting him in this. I am done with this thread.

Looks like someone claimed 2 of the 3 bounties I've posted (funds attached to images on the net). The first one was attached to the top-left image on Reddit (/r/Bitcoin), the second one was attached to our logo on www.veri.fi . Good work people! There's just one left!

No, you are not sending them your private key! You are creating a private key for the purpose of that transaction, deriving a Bitcoin address from it, then sending only the funds you want to transfer to that newly created address. This is similar to the current payment process, where the recipient of the funds creates a new address to receive the funds - but it's the trusted sender that creates it, not the recipient. The recipient can not clean you out, they only have access to the funds you have attached to the image, nothing else.

Better now?

Why are they a bad idea? A properly done brain wallet is simple to remember and impossible to crack.

Give the guy a break. He tried to make something practical, and IMO he did. It is free, not like he's charging a BTC for it.

Attacker?? You expect people to send their private keys off to someone expecting money. Instead the recipient of their email is just going to clean them out.


Brain wallets are another bad idea. You are comparing your app to a known bad idea?

Ah, I don't. That is a good idea

Do you have the Android Bitcoin Wallet installed? This one: https://play.google.com/store/apps/details?id=de.schildbach.wallet .

I should probably add some code to check if the Bitcoin Wallet is installed and if it's not, take the user to the download page.

Oh, one is 2.3.6, the other is 4.1.2. I got it working on 4.1.2, but when I go to deposit funds, it crashes.

Of course, this doesn't mean I can't add a password or a PIN into the mix - but I wanted to minimize the amount of extra information needed to claim the funds. If I have a channel to securely send you an extra PIN or password, I might as well send you the whole key.

And for storing personal funds, I wanted to be able to take a picture of my family for instance, then secretly add some funds to it, then tell my daughter when she's older to look for that family photo and find a little "surprise present" in it if she knows where to look .

The hash of the image is the key, so no, it's not encrypted. The recipient is not meant to leave the funds there indefinitely, I expect them to sweep them to their own wallets on receipt. And unless an attacker has access to your email and starts hashing all image attachments and checking the blockchain for a match, they would not even know you're sending (or receiving) money.

Also, if you're using this to store your own funds, it's similar to a brainwallet - that is not encrypted with anything either . But instead of remembering it, you just save/secure an image that hashes to the key. It's not as secure as a true 256-bit random key and it's not meant to be - it's just way easier to covertly store and transfer.

So the private key is not encrypted in any way? It's just the sha256 hash of the image. What could possibly go wrong!

Also number 1 is people emailing the private key to others?!

What version of Android are you running? It should install all the way down to 4.0.3. I have only tried it on 4.3 and 4.4 myself, but it's declared to support everything above 4.0.3.

I haven't thought about making this for altcoins, it shouldn't be too hard, as long as there's interest and the altcoin private keys are 256-bit values (or smaller, I can truncate the output of the SHA256 hash), they should be fine. And yes, it will eventually be open-sourced, just need to clean up the code a bit (it was essentially hacked together over the Easter holidays, it works fine but it reuses parts of my OtherCoin and VisualBTC projects).

Oh, 1 more thing.

I have two android phones, neither are letting me download saying it is incompatable

Ah yes, that makes sense. Do you have any plan on A. Making this for altcoins, or B. making this Open Source?

Yes, anyone that has access to the image has access to the funds. The trick is that the image is not modified in any way, it's just an image, so an attacker that finds your phone would not know where to start (or even know that you've used this at all), unless they start hashing any and all images found on stolen phones to look for funds .

Cool! But then you have to keep the image secret, right?

Hello everyone,

I've just published a small Android app called "Show Me The Bitcoin!" that allows you to use any image in your phone gallery as a Bitcoin private key and wallet. You can add funds to an image using your regular wallet, email it to someone else and claim/sweep funds received from a third party in the form of a simple image email attachment.


Possible uses are:
1. Covert transfer of funds (to an outside observer you are simply emailing that person a funny photo).

2. Hidden Bitcoin storage (add funds to a personal image in your gallery and remove the Bitcoin wallet app). If your device is searched, they will find no trace of Bitcoins, just a few personal photos in your Gallery. At a later time, you can reinstall the app and reclaim the funds.

3. Bitcoin shared wallet for family/friends (anyone with access to the image can claim the funds and also deposit funds on that image for use by other members).

4. Reward website users by hiding Bitcoins in images on your blog / website (scavenger-hunt style).


Here are a few screenshots:






A demo video is at http://www.youtube.com/watch?v=rTmnLlyUjHQ.

Give it a try at https://play.google.com/store/apps/details?id=com.cayennegraphics.showmethebitcoin , it's free! It will nag you after you've sent $50 (0.1 BTC) or more through it for a donation, you can donate as much (or as little) as you want or not donate at all, your call. Or you could send directly to 1Razvan4KEK2q5DNxemvsHwGncF1T3NqR .

For the technically inclined, the way it works is by doing a SHA-256 hash of the image and using that as a Bitcoin private key - it derives an address from it, then allows you to send funds to that address or sweep them to your wallet. Nothing fancy, just pure old fun .

Finally, if you've read this far, I have a tip for you: I've hidden 3 small amounts (0.05 BTC) into 3 logo images present on Bitcoin-related sites (or vendors related to Bitcoin). So you just need to navigate to the site, save the logo image and then load it into Show Me The Bitcoin! to sweep the funds (or add more if you're into that sort of fun ). I will post tips and possibly more bounties here over the next days, feel free to join in.

Cheers,
Razvan