Re: [ANN][DRK] Darkcoin | First Anonymous Coin | Inventor of X11, DGW and Darksend

Quote from: XwzmEE1cJ6HG84CgJvAt7ADmJ on October 07, 2014, 08:49:09 PM

Quote from: eahmadov on October 07, 2014, 07:27:56 PM

Just now:

I found out what's going on, I'll have an update out in a few minutes

Edit:

props to whoever figured this out, pretty cool hack
I could use some help programming whoever you are

Not interested. I'm not so good at C++, really.
Btw, you should hire some real penetration tester, not me or what was the name of that guy?

Quote from: illodin on October 07, 2014, 08:17:02 PM

Ok, could the person who found the bug post here, I promise no one's gonna hate on you. Would be interesting to hear how long it took to find it, and how did you approach it? And also, would you help testing DRK in the future?

About 6 hours to look through the code to get the main idea of darksend, 2 more hours (got lucky) to find this vulnerability and about 8 hours to code and deploy the exploit.
I will definitely run some more tests with darksend. Will I help or just going to abuse it? Dunno lol. It seems to be more vulnerabilities in darkcoin. Code looks terrible (nothing personal

)

Proof of identity:

Code:

./darkcoind verifymessage XwzmEE1cJ6HG84CgJvAt7ADmJ8W9Wh65Tq \
"ILLG8hT+bkKUDznBD8R+EGowIal/QFVhEJM2HvrAREeE+LXl++HqeI+Go9+976p7iZ7CTgybpTGIucb3ycMwwek=" \
"XwzmEE1cJ6HG84CgJvAt7ADmJ @ bitcointalk.org, darkcoin thread. Signed with XwzmEE1cJ6HG84CgJvAt7ADmJ8W9Wh65Tq"

Hi,

if you are the person who found the vulnerability, I think the whole world already owes you thanks for helping to make the code stronger. Have you asked yourself why you felt tempted to test the code and look for vulnerabilities and why you have the knowledge and skills you have that allowed you to do so? Maybe its so you can help. Think about it and then feel what is right, please and thank you.