Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- (2:24:53 PM) Wolf`: syntaks: hey
- (2:25:22 PM) syntaks: hey
- (2:25:24 PM) syntaks: what's up?
- (2:25:38 PM) Wolf`: first, where's the github? The one on the official site ain't been touched since Feb
- (2:25:43 PM) Wolf`: and that was the initial commit
- (2:25:50 PM) syntaks: what git are you looking at?
- (2:26:27 PM) syntaks: https://github.com/bellacoin/neoscoin ?
- (2:26:49 PM) Stoner19: Wolf` the security stuff you're probably looking for is closed source currently
- (2:26:51 PM) syntaks: wow i actually have to update the multi-algo in there what the hell
- (2:27:01 PM) syntaks: how did that slip by
- (2:27:57 PM) Wolf`: Stoner19: well, hell of a security system :P
- (2:28:07 PM) syntaks: Wolf`: ?
- (2:28:22 PM) Wolf`: syntaks: a closed source one, was making fun; I assume you're gonna open source it
- (2:28:28 PM) syntaks: bad assumption :)
- (2:28:38 PM) Wolf`: syntaks: Ohhhhh.
- (2:28:42 PM) Wolf`: So many things make sense now.
- (2:29:01 PM) syntaks: the final system isn't even in the code as of now
- (2:29:12 PM) syntaks: ironically, i'm waiting on the funds for an obfuscator
- (2:29:23 PM) Wolf`: hehe.
- (2:29:33 PM) Wolf`: If the computer can read it, so can a human
- (2:29:36 PM) Wolf`: it's a pain in the ass.
- (2:29:39 PM) Wolf`: but it's doable.
- (2:29:41 PM) syntaks: yup i'm too familiar
- (2:29:51 PM) syntaks: but at least it won't be simple for everyone :)
- (2:30:14 PM) syntaks: this one is $750
- (2:30:14 PM) Wolf`: syntaks: doesn't need to be; someone just needs to do it and make a tool/document it
- (2:30:26 PM) syntaks: it's pretty decent from what i've seen and read from others
- (2:30:41 PM) Stoner19: Wolf` that's no different than any other software then, right?
- (2:30:56 PM) Wolf`: Stoner19: not exactly
- (2:31:12 PM) Wolf`: Stoner19: the security of bitcoin doesn't rely on people not being able to reverse engineer it
- (2:31:27 PM) Wolf`: the security of a LOT of code doesn;t
- (2:31:28 PM) syntaks: Wolf`: this isn't blockchain security we're talking about
- (2:31:29 PM) Wolf`: *doesn't
- (2:31:32 PM) Wolf`: syntaks: I know
- (2:31:37 PM) syntaks: i agree with your point
- (2:31:39 PM) syntaks: 100%
- (2:31:43 PM) Wolf`: syntaks: and I believe your idea is unworkable without closed source
- (2:31:52 PM) syntaks: i wholeheartedly agree there too
- (2:32:05 PM) syntaks: there are 2 unknowns here though
- (2:32:14 PM) syntaks: 1. the method in its entirety
- (2:32:25 PM) syntaks: 2. a few ideas i've been toying with to change that
- (2:32:30 PM) syntaks: and actually move it onto the blockchain itself
- (2:32:59 PM) Wolf`: mmm... I shouldn't have to RE your code, not too much
- (2:33:10 PM) Wolf`: just the wallet format
- (2:33:34 PM) Wolf`: plus, if anyone has a corrupted wallet issue...
- (2:33:46 PM) Wolf`: this should be interesting.
- (2:34:01 PM) Wolf`: Finally, a coin that's not boring as fuck
- (2:34:01 PM) syntaks: the wallet and interface are separate
- (2:34:13 PM) Wolf`: I figured
- (2:34:19 PM) syntaks: however when the wallet loads up
- (2:34:38 PM) syntaks: it checks to see if the keys in there are belonging to the person running them
- (2:34:52 PM) Wolf`: of course it does - wouldn't make sense otherwise
- (2:34:54 PM) syntaks: i mean there are a few basic laws in place
- (2:34:59 PM) syntaks: 1. keep a passphrase
- (2:35:07 PM) Wolf`: now, what happens if my shit dies, and I need to load my shit up on my laptop?
- (2:35:20 PM) syntaks: then we re-register your shit
- (2:35:21 PM) syntaks: :)
- (2:35:29 PM) syntaks: IF you've set a pin
- (2:35:44 PM) syntaks: if you haven't i won't help with that most likely unless there's undenyable proof it's yours
- (2:36:15 PM) syntaks: but as far as the basic laws go
- (2:36:22 PM) syntaks: the interface protection is just there to serve to protect a few things
- (2:36:32 PM) syntaks: 1. someone from walking up and stealing your funds
- (2:36:44 PM) syntaks: 2. someone from reading your config options (api keys for example)
- (2:36:49 PM) syntaks: 3. an extra layer
- (2:37:02 PM) syntaks: if you combine that with a strong passphrase you're in good shape so far
- (2:37:12 PM) syntaks: everything is also restricted to localhost
- (2:37:20 PM) Wolf`: Hm. So I need to capture the wallet password, any other info, and use API to drain the wallet... OR
- (2:37:28 PM) Wolf`: wait until they unlock it and do it
- (2:37:50 PM) syntaks: which is where the virtual keyboard comes in handy
- (2:38:00 PM) syntaks: and there's no api
- (2:38:14 PM) syntaks: the api keys i mentioned were pertaining to the exchanges and mining pool
- (2:38:27 PM) syntaks: so they'd have to capture traffic on the loopback if anything
- (2:38:38 PM) syntaks: if someone can set up a listener like that
- (2:38:42 PM) syntaks: you have bigger issues
- (2:38:46 PM) syntaks: however with that said
- (2:38:56 PM) syntaks: if someone's at your machine and able to do that
- (2:39:08 PM) syntaks: other areas need to be fixed :)
- (2:39:13 PM) Wolf`: syntaks: virtual keyboard can be bypassed
- (2:39:17 PM) Wolf`: syntaks: fake clicks
- (2:39:31 PM) Wolf`: variation of the techniques used to scam ad companies
- (2:39:36 PM) syntaks: fake clicks?
- (2:39:47 PM) Wolf`: syntaks: yeah - I can make clicks happen from WinAPI
- (2:39:51 PM) syntaks: sure
- (2:39:55 PM) syntaks: but it's not based on clicks
- (2:40:01 PM) syntaks: it's based on the characters entered in the keyboard
- (2:40:18 PM) Wolf`: well, if it's a virtual keyboard, then... ah. Well, I can insert those even easier
- (2:40:30 PM) syntaks: you mean keeping track of mouse movement?
- (2:40:47 PM) syntaks: recording the mouse clicks etc?
- (2:40:48 PM) Wolf`: syntaks: no, I'd be watching active window, probably
- (2:40:55 PM) syntaks: oh well if you were watching it then sure
- (2:40:56 PM) Wolf`: syntaks: I was thinking that
- (2:40:58 PM) syntaks: but again
- (2:41:00 PM) syntaks: this all falls back to
- (2:41:05 PM) syntaks: if someone is on your machine
- (2:41:07 PM) syntaks: able to exploit it like that
- (2:41:14 PM) syntaks: the *least* of your concerns is your neos wallet
- (2:41:38 PM) Wolf`: syntaks: it's not hard
- (2:41:54 PM) Wolf`: syntaks: unpriv to SYSTEM rights in 7 ain't too hard to do
- (2:42:01 PM) syntaks: i know
- (2:42:12 PM) syntaks: it's just a matter of someone getting on there to begin with
- (2:42:20 PM) Wolf`: and at that point, usually I've managed to get a kernel bug, so I can dump code into kernel mode and run that
- (2:42:21 PM) syntaks: it also depends on their attack
- (2:42:24 PM) syntaks: what they're aiming to do
- (2:42:27 PM) Wolf`: syntaks: remote code exec
- (2:42:38 PM) Wolf`: which can happen... any number of ways
- (2:42:41 PM) syntaks: yup
- (2:42:57 PM) syntaks: like i've said
- (2:43:01 PM) Wolf`: but it seems you know your shit
- (2:43:02 PM) syntaks: it's in no way a be-all end-all system
- (2:43:23 PM) syntaks: i mean i can't fabricate anti-screen-recording in there
- (2:43:41 PM) syntaks: the other option i was actually going to put in there
- (2:43:47 PM) Stoner19: appears to be a bit more NEOS accumulation. I've lost my spot on the richlist in the top 20
- (2:43:47 PM) syntaks: but i haven't heard back from my friend's lawyer
- (2:43:56 PM) syntaks: is taking a webcam snap
- (2:43:59 PM) syntaks: on bad local access
- (2:44:13 PM) syntaks: which the machine would already have been given permission to access the webcam by the valid owner
- (2:44:18 PM) syntaks: so permissions isn't an issue
- (2:44:31 PM) Wolf`: syntaks: you're running on the OS - anything the OS sees, you see, and I control what the OS sees if I can get into kernel mode
- (2:44:32 PM) syntaks: but it was just a one-off idea
- (2:44:38 PM) syntaks: Wolf`: absolutely
- (2:44:46 PM) Wolf`: I've had some fun times modifying undocumented structures in Win 7
- (2:44:58 PM) Wolf`: I managed to make a process disappear. No API hooking, either
- (2:45:06 PM) Wolf`: Windows itself did not know of its existence
- (2:45:09 PM) syntaks: nice
- (2:45:10 PM) Wolf`: but it continued to run :3
- (2:45:52 PM) syntaks: i mean the bottom line is if someone wants to get into whatever
- (2:45:55 PM) syntaks: they're going to find a way
- (2:46:09 PM) syntaks: it's just matter of putting in the effort to make that as difficult as you can
- (2:46:13 PM) syntaks: which is all i've done
- (2:46:46 PM) syntaks: the new technique i want to put in the code is better in a few ways
- (2:46:57 PM) syntaks: and the idea i've been kicking around for using the blockchain i'm dying to test out
- (2:47:02 PM) syntaks: it just needs some fine tuning
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement