Pages:
Author

Topic: We knew the Large Bitcoin Collider was useless, now we know it's also rootkit (Read 1415 times)

legendary
Activity: 2562
Merit: 1441
Yes, so they say... and the "hits" might be the computers that were Rootkit'ed and where people's private keys was exploited.  Grin ... I never run

any strange software on the same computer that I use for Bitcoin. I also generate my private keys on a old computer & printer that will never

see the internet again. I will melt it down myself.  Grin

Large Bitcoin Collider being a rootkit makes more sense than it cracking private keys.

LBC is like distributed CPU mining. Even if they had a million people running it, I doubt it would do much with the (relatively) low amount of computational power at its disposal.

legendary
Activity: 1918
Merit: 1012
★Nitrogensports.eu★
If the possibility of a collision was so small that it is practically impossible, what could be the motivation for people to run it? Greed and nothing else. Seems like people have been trying to exploit this.
legendary
Activity: 1904
Merit: 1074
Large bitcoin collider claims they generated 100 trillion keys and found 5 keys that worked.

I'm not sure I believe that.

A normal password with more than 8 digits can have trillions of possible combinations.

100 trillion keys doesn't seem like it would do anything.

Yes, so they say... and the "hits" might be the computers that were Rootkit'ed and where people's private keys was exploited.  Grin ... I never run

any strange software on the same computer that I use for Bitcoin. I also generate my private keys on a old computer & printer that will never

see the internet again. I will melt it down myself.  Grin
newbie
Activity: 21
Merit: 0
You crazy ass computer people.  I had to google what rootkit meant, lol.  Feel like an old fart and thus my feeling is catching up with reality--but there's no way in fuck to hack bitcoin.  The story keeps changing but the result is always the same.

The first time I came across rootkit was when I tried using an app that was supposedly only useable with rootkit, I googled... followed instructions and promptly set about destroying my Android phone. That was years ago and I still don't really know what it is, except that because I am an old fart like you, I must avoid using rootkit if I have to follow a guide.

No *realistic* way to hack Bitcoin, you do mean, right? Wink

Source: Wikipedia
Quote
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or areas of its software that would not otherwise be allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software.

So yeah, no realistic way to hack bitcoin, even tho this can definitely be used to steal wallet files from people who run the LBC software.
legendary
Activity: 2968
Merit: 3684
Join the world-leading crypto sportsbook NOW!
You crazy ass computer people.  I had to google what rootkit meant, lol.  Feel like an old fart and thus my feeling is catching up with reality--but there's no way in fuck to hack bitcoin.  The story keeps changing but the result is always the same.

The first time I came across rootkit was when I tried using an app that was supposedly only useable with rootkit, I googled... followed instructions and promptly set about destroying my Android phone. That was years ago and I still don't really know what it is, except that because I am an old fart like you, I must avoid using rootkit if I have to follow a guide.

No *realistic* way to hack Bitcoin, you do mean, right? Wink
newbie
Activity: 21
Merit: 0
Quick update 2:
Apparently the developer made a new thread at https://bitcointalksearch.org/topic/large-bitcoin-collider-thread-20-1877935, self-moderated this time.

I was trying to push some sense into the conversation aaaaaaaaaaand.....
https://i.imgur.com/pCvPQBG.png
....... it's gone

Censorship pretty much?
newbie
Activity: 21
Merit: 0
Quick update:

A couple of days ago there was a conversation between the poster of the reddit post explaining this vulnerability and the developer of the Large Bitcoin Collider. The developer explains like this:
The client checks it's own source code and will behave with various intensity of response to code tampering
Up to the point where the client deletes itself from your disk if you're driving your tampering ambitions too far.

So, apparently he explains the remote code execution string as a way for the server to prevent tampering.

And here is the problematic string:
Code:
if
(
defined
$answer
->
{eval}
)
{
eval
$answer
->
{eval}
;
}

Yeah, you probably guessed it, this not only allows the program to delete itself, but also to execute any other arbitrary code on your system.

For the full conversation, see this message and the responses that follow it.
legendary
Activity: 3528
Merit: 7005
Top Crypto Casino
You crazy ass computer people.  I had to google what rootkit meant, lol.  Feel like an old fart and thus my feeling is catching up with reality--but there's no way in fuck to hack bitcoin.  The story keeps changing but the result is always the same.
legendary
Activity: 2128
Merit: 1293
There is trouble abrewing
Good point, shows how you can’t trust everything you see even if a lot of people condone it. What strikes me is that in my opinion someone seeing this would look into it and try to check if this is in fact true. I mean especially if you have to pay for the software. Just goes to show you should check everything twice even three times and extra care for anything anyone says is anything online. Stay safe everybody and be careful.

i think this is partly because of a wrong way of thinking about being "open source". many think that automatically means safe. and since projects like this only attract greedy and uneducated people who don't understand the code, nobody goes through the code and things like this go un-noticed until somebody finally does and everything crumbles.
legendary
Activity: 938
Merit: 1002
Good point, shows how you can’t trust everything you see even if a lot of people condone it. What strikes me is that in my opinion someone seeing this would look into it and try to check if this is in fact true. I mean especially if you have to pay for the software. Just goes to show you should check everything twice even three times and extra care for anything anyone says is anything online. Stay safe everybody and be careful.
legendary
Activity: 2562
Merit: 1441
damn, why isn't this already in the first page. consider this as a bump.

It seems as if there are farmed accounts that only bump low quality threads.

I have to go to page 2 or 3 to find posts that are informative and interesting.

Not sure why that is, but a lot of forums are structured this way.  Undecided
legendary
Activity: 2590
Merit: 3015
Welt Am Draht
So program that offers the possibility of free money turns out to be a program that might get free money for the programmer. Shocker.
legendary
Activity: 1372
Merit: 1032
All I know is that I know nothing.
damn, why isn't this already in the first page. consider this as a bump.
is this the same project: https://bitcointalksearch.org/topic/large-bitcoin-collider-collision-finders-pool-1573035
i have seen this a long time ago and thought of it as shady. never went through it though.
and if so why isn't anything being done about it as in removing the topic or banning the user spreading this

also it seems that OP of that topic has been tagged a while ago by gmaxwell
https://bitcointalk.org/index.php?action=trust;u=159476
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
Another shit that claims can find private keys of bitcoin addresses to ruin the bitcoin network completely. Challenging sha256 encryption can't be more than a joke.

ECDSA encryption.

SHA-256 is just the hash function used within that.
hero member
Activity: 854
Merit: 500
Another shit that claims can find private keys of bitcoin addresses to ruin the bitcoin network completely. Challenging sha256 encryption can't be more than a joke.
legendary
Activity: 1904
Merit: 1074
Another site with bullshit claims that they are listing valid addresses that was hacked, but contains no bitcoins. The electricity bill for the

bruteforcing of millions of private keys will be much more than the possibility to get a address with actual bitcoins that might be worth their

effort. They are looking for a needle in a haystack and doing it blindfolded.  Grin
legendary
Activity: 2128
Merit: 1293
There is trouble abrewing
(i admit i have never wasted time to read it completely to see what it does but this is my understanding).

it is not a brute force, it is not breaking private keys, i think the word collider is not even right.

what it does (to my understanding) is generating private keys from 0 up towards that crazy number that is max (private key is a number after all). on the way up there has been some numbers that contained some amounts and it was a puzzle not real wallets and they found the reward for that puzzle.

i remember reading something like this
between 1 and 2^1 was one private key from this puzzle
between 2^1 and 2^2 another
2^2 and 2^3 another
....
2^101 and 2^101
....

and they found a couple of these on the way up.
hero member
Activity: 1764
Merit: 584
First time I heard of this. So basically the plan is to brute-force their way to finding all the private keys and use that to get people's coins? I wonder what the people who downloaded and installed this were thinking. It's probably more likely that it's they that will get hacked later.

If ever, guess they deserved it. I mean, why bother with this malicious idea of getting people's money. There's a legal way to get people's money and you don't even have to force them to give it to you. It's called business - providing services or products.  Angry
sr. member
Activity: 1190
Merit: 306
And the chances of them ever finding out what my private keys are, well, that's close enough to zero that I can sleep very well at night holding bitcoin.  It's BS anyway,  as OP has pointed out.   They're not going to colllide anybody's money.
newbie
Activity: 21
Merit: 0
Large bitcoin collider claims they generated 100 trillion keys and found 5 keys that worked.

I'm not sure I believe that.

A normal password with more than 8 digits can have trillions of possible combinations.

100 trillion keys doesn't seem like it would do anything.

It may be possible though if some wallet out there gave users keys with bad randomness.
Pages:
Jump to: