php - Sending BitCoins using Electrum JSON-RPC - Stack ...

[How-To] Crafting an offline TXN with the trezorlib python API

With the rollout of the new 0.12.0 Trezor API, I thought it might be time to update some of my old offline_txn scripts. The following is about 80 lines of python that will craft and sign a VERY simple transaction on Testnet.
The new rollout also comes with some new tools. The build_tx.py that is useful in conjunction with the trezorctl sign_tx command.
Both of the methods below will produce a signed TXN that can then be imported into Electrum using the "Tools -> Load transaction -> From text" command.
Note: u/Crypto-Guide has a good walkthrough for installing trezorlib in Windows if you haven't already done that.

Example of using trezorctl btc sign-tx

This example uses the build_tx.py script to build JSON to feed to the sign-tx command. You will need to download the build_tx.py file from github. It is not automatically installed with the trezor package.
```

python build_tx.py | trezorctl btc sign-tx -

Coin name [Bitcoin]: Testnet Blockbook server [btc1.trezor.io]: tbtc1.trezor.io
Previous output to spend (txid:vout) []: e294c4c172c3d87991...060fad1ed31d12ff00:0 BIP-32 path to derive the key: m/84'/1'/0'/0/0 Input amount: 129999866 Sequence Number to use (RBF opt-in enabled by default) [4294967293]: Input type (address, segwit, p2shsegwit) [segwit]:
Previous output to spend (txid:vout) []:
Output address (for non-change output) []: 2MsiAgG5LVDmnmJUPnYaCeQnARWGbGSVnr3 Amount to spend (satoshis): 129999706
Output address (for non-change output) []: BIP-32 path (for change output) []: Transaction version [2]: Transaction locktime [0]: Please confirm action on your Trezor device.
Signed Transaction: 0200000000010100ff121dd31ead0f06...f279b642d85c48798685f86200000000 ```

Example of using crafting a TXN using trezorlib directly

If your good with python, or want to see how everything works under the hood, here's 80 lines of python to generate a similar signed transaction.
```python

!/usbin/env python3

[repo] https://github.com/brianddk/reddit ... python/offline_txn.py

[req] pip3 install trezor

from trezorlib import btc, messages as proto, tools, ui from trezorlib import MINIMUM_FIRMWARE_VERSION as min_version from trezorlib.client import TrezorClient from trezorlib.transport import get_transport from trezorlib.btc import from_json from json import loads from decimal import Decimal from sys import exit

Tested with SLIP-0014 allallall seed (slip-0014.md)

User Provided Fields; These are pulled from test scripts

CHANGE THESE!!!

coin = "Testnet"

Get legacy UTXO prev_txn hex from blockbook server. For example:

https://tbtc1.trezor.io/api/tx-specific/ \

e294c4c172c3d87991b0369e45d6af8584be92914d01e3060fad1ed31d12ff00

in1_prev_txn_s = '{"txid":' \ '"e294c4c172c3d87991b0369e45d6af8584be92914d01e3060fad1ed31d12ff00"}'
in1_prev_index = 0 in1_addr_path = "m/84'/1'/0'/0/0" # allallall seed in1_amount = 129999867 out1_address = "2MsiAgG5LVDmnmJUPnYaCeQnARWGbGSVnr3" out1_amount = in1_amount - 192

Defaults

tx_version = 2 tx_locktime = 0 sequence = 4294967293

Code

in1_prev_txn_j = loads(in1_prev_txn_s, parse_float=Decimal) in1_prev_hash = in1_prev_txn_j['txid'] in1_prev_hash_b = bytes.fromhex(in1_prev_hash) device = get_transport() client = TrezorClient(transport=device, ui=ui.ClickUI())
fw_version = (client.features.major_version, client.features.minor_version, client.features.patch_version) if fw_version < min_version[client.features.model]: print("Please flash to the latest FW") exit(1)
signtx = proto.SignTx( version = tx_version, lock_time = tx_locktime )
ins = [proto.TxInputType( address_n=tools.parse_path(in1_addr_path), prev_hash=in1_prev_hash_b, prev_index=in1_prev_index, amount=in1_amount, script_type=proto.InputScriptType.SPENDWITNESS, sequence=sequence )] outs = [proto.TxOutputType( address=out1_address, amount=out1_amount, script_type=proto.OutputScriptType.PAYTOADDRESS )]
txes = None for i in ins: if i.script_type == proto.InputScriptType.SPENDADDRESS: tx = from_json(in1_prev_txn_j) txes = {in1_prev_hash_b: tx} break
_, serialized_tx = btc.sign_tx(client, coin, ins, outs, details=signtx, prev_txes=txes) client.close() print(f'{{"hex": "{serialized_tx.hex()}"}}') ```
From here, you simple take the resultant TXN hex and import it into Electrum using the "Tools -> Load transaction -> From text" clickpath
submitted by brianddk to Bitcoin [link] [comments]

[How-To] Crafting an offline TXN with the trezorlib python API

With the rollout of the new 0.12.0 API, I thought it might be time to update some of my old offline_txn scripts. The following is about 80 lines of python that will craft and sign a VERY simple transaction on Testnet.
The new rollout also comes with some new tools. The build_tx.py that is useful in conjunction with the trezorctl sign_tx command.
Both of the methods below will produce a signed TXN that can then be imported into Electrum using the "Tools -> Load transaction -> From text" command.
Note: u/Crypto-Guide has a good walkthrough for installing trezorlib in Windows if you haven't already done that.

Example of using trezorctl btc sign-tx

This example uses the build_tx.py script to build JSON to feed to the sign-tx command. You will need to download the build_tx.py file from github. It is not automatically installed with the trezor package.
```

python build_tx.py | trezorctl btc sign-tx -

Coin name [Bitcoin]: Testnet Blockbook server [btc1.trezor.io]: tbtc1.trezor.io
Previous output to spend (txid:vout) []: e294c4c172c3d87991...060fad1ed31d12ff00:0 BIP-32 path to derive the key: m/84'/1'/0'/0/0 Input amount: 129999866 Sequence Number to use (RBF opt-in enabled by default) [4294967293]: Input type (address, segwit, p2shsegwit) [segwit]:
Previous output to spend (txid:vout) []:
Output address (for non-change output) []: 2MsiAgG5LVDmnmJUPnYaCeQnARWGbGSVnr3 Amount to spend (satoshis): 129999706
Output address (for non-change output) []: BIP-32 path (for change output) []: Transaction version [2]: Transaction locktime [0]: Please confirm action on your Trezor device.
Signed Transaction: 0200000000010100ff121dd31ead0f06...f279b642d85c48798685f86200000000 ```

Example of using crafting a TXN using trezorlib directly

If your good with python, or want to see how everything works under the hood, here's 80 lines of python to generate a similar signed transaction.
```python

!/usbin/env python3

[repo] https://github.com/brianddk/reddit ... python/offline_txn.py

[req] pip3 install trezor

from trezorlib import btc, messages as proto, tools, ui from trezorlib import MINIMUM_FIRMWARE_VERSION as min_version from trezorlib.client import TrezorClient from trezorlib.transport import get_transport from trezorlib.btc import from_json from json import loads from decimal import Decimal from sys import exit

Tested with SLIP-0014 allallall seed (slip-0014.md)

User Provided Fields; These are pulled from test scripts

CHANGE THESE!!!

coin = "Testnet"

Get legacy UTXO prev_txn hex from blockbook server. For example:

https://tbtc1.trezor.io/api/tx-specific/ \

e294c4c172c3d87991b0369e45d6af8584be92914d01e3060fad1ed31d12ff00

in1_prev_txn_s = '{"txid":' \ '"e294c4c172c3d87991b0369e45d6af8584be92914d01e3060fad1ed31d12ff00"}'
in1_prev_index = 0 in1_addr_path = "m/84'/1'/0'/0/0" # allallall seed in1_amount = 129999867 out1_address = "2MsiAgG5LVDmnmJUPnYaCeQnARWGbGSVnr3" out1_amount = in1_amount - 192

Defaults

tx_version = 2 tx_locktime = 0 sequence = 4294967293

Code

in1_prev_txn_j = loads(in1_prev_txn_s, parse_float=Decimal) in1_prev_hash = in1_prev_txn_j['txid'] in1_prev_hash_b = bytes.fromhex(in1_prev_hash) device = get_transport() client = TrezorClient(transport=device, ui=ui.ClickUI())
fw_version = (client.features.major_version, client.features.minor_version, client.features.patch_version) if fw_version < min_version[client.features.model]: print("Please flash to the latest FW") exit(1)
signtx = proto.SignTx( version = tx_version, lock_time = tx_locktime )
ins = [proto.TxInputType( address_n=tools.parse_path(in1_addr_path), prev_hash=in1_prev_hash_b, prev_index=in1_prev_index, amount=in1_amount, script_type=proto.InputScriptType.SPENDWITNESS, sequence=sequence )] outs = [proto.TxOutputType( address=out1_address, amount=out1_amount, script_type=proto.OutputScriptType.PAYTOADDRESS )]
txes = None for i in ins: if i.script_type == proto.InputScriptType.SPENDADDRESS: tx = from_json(in1_prev_txn_j) txes = {in1_prev_hash_b: tx} break
_, serialized_tx = btc.sign_tx(client, coin, ins, outs, details=signtx, prev_txes=txes) client.close() print(f'{{"hex": "{serialized_tx.hex()}"}}') ```
From here, you simple take the resultant TXN hex and import it into Electrum using the "Tools -> Load transaction -> From text" clickpath
submitted by brianddk to TREZOR [link] [comments]

Groestlcoin 6th Anniversary Release

Introduction

Dear Groestlers, it goes without saying that 2020 has been a difficult time for millions of people worldwide. The groestlcoin team would like to take this opportunity to wish everyone our best to everyone coping with the direct and indirect effects of COVID-19. Let it bring out the best in us all and show that collectively, we can conquer anything.
The centralised banks and our national governments are facing unprecedented times with interest rates worldwide dropping to record lows in places. Rest assured that this can only strengthen the fundamentals of all decentralised cryptocurrencies and the vision that was seeded with Satoshi's Bitcoin whitepaper over 10 years ago. Despite everything that has been thrown at us this year, the show must go on and the team will still progress and advance to continue the momentum that we have developed over the past 6 years.
In addition to this, we'd like to remind you all that this is Groestlcoin's 6th Birthday release! In terms of price there have been some crazy highs and lows over the years (with highs of around $2.60 and lows of $0.000077!), but in terms of value– Groestlcoin just keeps getting more valuable! In these uncertain times, one thing remains clear – Groestlcoin will keep going and keep innovating regardless. On with what has been worked on and completed over the past few months.

UPDATED - Groestlcoin Core 2.18.2

This is a major release of Groestlcoin Core with many protocol level improvements and code optimizations, featuring the technical equivalent of Bitcoin v0.18.2 but with Groestlcoin-specific patches. On a general level, most of what is new is a new 'Groestlcoin-wallet' tool which is now distributed alongside Groestlcoin Core's other executables.
NOTE: The 'Account' API has been removed from this version which was typically used in some tip bots. Please ensure you check the release notes from 2.17.2 for details on replacing this functionality.

How to Upgrade?

Windows
If you are running an older version, shut it down. Wait until it has completely shut down (which might take a few minutes for older versions), then run the installer.
OSX
If you are running an older version, shut it down. Wait until it has completely shut down (which might take a few minutes for older versions), run the dmg and drag Groestlcoin Core to Applications.
Ubuntu
http://groestlcoin.org/forum/index.php?topic=441.0

Other Linux

http://groestlcoin.org/forum/index.php?topic=97.0

Download

Download the Windows Installer (64 bit) here
Download the Windows Installer (32 bit) here
Download the Windows binaries (64 bit) here
Download the Windows binaries (32 bit) here
Download the OSX Installer here
Download the OSX binaries here
Download the Linux binaries (64 bit) here
Download the Linux binaries (32 bit) here
Download the ARM Linux binaries (64 bit) here
Download the ARM Linux binaries (32 bit) here

Source

ALL NEW - Groestlcoin Moonshine iOS/Android Wallet

Built with React Native, Moonshine utilizes Electrum-GRS's JSON-RPC methods to interact with the Groestlcoin network.
GRS Moonshine's intended use is as a hot wallet. Meaning, your keys are only as safe as the device you install this wallet on. As with any hot wallet, please ensure that you keep only a small, responsible amount of Groestlcoin on it at any given time.

Features

Download

iOS
Android

Source

ALL NEW! – HODL GRS Android Wallet

HODL GRS connects directly to the Groestlcoin network using SPV mode and doesn't rely on servers that can be hacked or disabled.
HODL GRS utilizes AES hardware encryption, app sandboxing, and the latest security features to protect users from malware, browser security holes, and even physical theft. Private keys are stored only in the secure enclave of the user's phone, inaccessible to anyone other than the user.
Simplicity and ease-of-use is the core design principle of HODL GRS. A simple recovery phrase (which we call a Backup Recovery Key) is all that is needed to restore the user's wallet if they ever lose or replace their device. HODL GRS is deterministic, which means the user's balance and transaction history can be recovered just from the backup recovery key.

Features

Download

Main Release (Main Net)
Testnet Release

Source

ALL NEW! – GroestlcoinSeed Savior

Groestlcoin Seed Savior is a tool for recovering BIP39 seed phrases.
This tool is meant to help users with recovering a slightly incorrect Groestlcoin mnemonic phrase (AKA backup or seed). You can enter an existing BIP39 mnemonic and get derived addresses in various formats.
To find out if one of the suggested addresses is the right one, you can click on the suggested address to check the address' transaction history on a block explorer.

Features

Live Version (Not Recommended)

https://www.groestlcoin.org/recovery/

Download

https://github.com/Groestlcoin/mnemonic-recovery/archive/master.zip

Source

ALL NEW! – Vanity Search Vanity Address Generator

NOTE: NVidia GPU or any CPU only. AMD graphics cards will not work with this address generator.
VanitySearch is a command-line Segwit-capable vanity Groestlcoin address generator. Add unique flair when you tell people to send Groestlcoin. Alternatively, VanitySearch can be used to generate random addresses offline.
If you're tired of the random, cryptic addresses generated by regular groestlcoin clients, then VanitySearch is the right choice for you to create a more personalized address.
VanitySearch is a groestlcoin address prefix finder. If you want to generate safe private keys, use the -s option to enter your passphrase which will be used for generating a base key as for BIP38 standard (VanitySearch.exe -s "My PassPhrase" FXPref). You can also use VanitySearch.exe -ps "My PassPhrase" which will add a crypto secure seed to your passphrase.
VanitySearch may not compute a good grid size for your GPU, so try different values using -g option in order to get the best performances. If you want to use GPUs and CPUs together, you may have best performances by keeping one CPU core for handling GPU(s)/CPU exchanges (use -t option to set the number of CPU threads).

Features

Usage

https://github.com/Groestlcoin/VanitySearch#usage

Download

Source

ALL NEW! – Groestlcoin EasyVanity 2020

Groestlcoin EasyVanity 2020 is a windows app built from the ground-up and makes it easier than ever before to create your very own bespoke bech32 address(es) when whilst not connected to the internet.
If you're tired of the random, cryptic bech32 addresses generated by regular Groestlcoin clients, then Groestlcoin EasyVanity2020 is the right choice for you to create a more personalised bech32 address. This 2020 version uses the new VanitySearch to generate not only legacy addresses (F prefix) but also Bech32 addresses (grs1 prefix).

Features

Download

Source

Remastered! – Groestlcoin WPF Desktop Wallet (v2.19.0.18)

Groestlcoin WPF is an alternative full node client with optional lightweight 'thin-client' mode based on WPF. Windows Presentation Foundation (WPF) is one of Microsoft's latest approaches to a GUI framework, used with the .NET framework. Its main advantages over the original Groestlcoin client include support for exporting blockchain.dat and including a lite wallet mode.
This wallet was previously deprecated but has been brought back to life with modern standards.

Features

Remastered Improvements

Download

Source

ALL NEW! – BIP39 Key Tool

Groestlcoin BIP39 Key Tool is a GUI interface for generating Groestlcoin public and private keys. It is a standalone tool which can be used offline.

Features

Download

Windows
Linux :
 pip3 install -r requirements.txt python3 bip39\_gui.py 

Source

ALL NEW! – Electrum Personal Server

Groestlcoin Electrum Personal Server aims to make using Electrum Groestlcoin wallet more secure and more private. It makes it easy to connect your Electrum-GRS wallet to your own full node.
It is an implementation of the Electrum-grs server protocol which fulfils the specific need of using the Electrum-grs wallet backed by a full node, but without the heavyweight server backend, for a single user. It allows the user to benefit from all Groestlcoin Core's resource-saving features like pruning, blocks only and disabled txindex. All Electrum-GRS's feature-richness like hardware wallet integration, multi-signature wallets, offline signing, seed recovery phrases, coin control and so on can still be used, but connected only to the user's own full node.
Full node wallets are important in Groestlcoin because they are a big part of what makes the system be trust-less. No longer do people have to trust a financial institution like a bank or PayPal, they can run software on their own computers. If Groestlcoin is digital gold, then a full node wallet is your own personal goldsmith who checks for you that received payments are genuine.
Full node wallets are also important for privacy. Using Electrum-GRS under default configuration requires it to send (hashes of) all your Groestlcoin addresses to some server. That server can then easily spy on your transactions. Full node wallets like Groestlcoin Electrum Personal Server would download the entire blockchain and scan it for the user's own addresses, and therefore don't reveal to anyone else which Groestlcoin addresses they are interested in.
Groestlcoin Electrum Personal Server can also broadcast transactions through Tor which improves privacy by resisting traffic analysis for broadcasted transactions which can link the IP address of the user to the transaction. If enabled this would happen transparently whenever the user simply clicks "Send" on a transaction in Electrum-grs wallet.
Note: Currently Groestlcoin Electrum Personal Server can only accept one connection at a time.

Features

Download

Windows
Linux / OSX (Instructions)

Source

UPDATED – Android Wallet 7.38.1 - Main Net + Test Net

The app allows you to send and receive Groestlcoin on your device using QR codes and URI links.
When using this app, please back up your wallet and email them to yourself! This will save your wallet in a password protected file. Then your coins can be retrieved even if you lose your phone.

Changes

Download

Main Net
Main Net (FDroid)
Test Net

Source

UPDATED – Groestlcoin Sentinel 3.5.06 (Android)

Groestlcoin Sentinel is a great solution for anyone who wants the convenience and utility of a hot wallet for receiving payments directly into their cold storage (or hardware wallets).
Sentinel accepts XPUB's, YPUB'S, ZPUB's and individual Groestlcoin address. Once added you will be able to view balances, view transactions, and (in the case of XPUB's, YPUB's and ZPUB's) deterministically generate addresses for that wallet.
Groestlcoin Sentinel is a fork of Groestlcoin Samourai Wallet with all spending and transaction building code removed.

Changes

Download

Source

UPDATED – P2Pool Test Net

Changes

Download

Pre-Hosted Testnet P2Pool is available via http://testp2pool.groestlcoin.org:21330/static/

Source

submitted by Yokomoko_Saleen to groestlcoin [link] [comments]

KYC-Tezos wallets vulnerable to "blind sig" attack

KYC-Tezos wallets vulnerable to
Summary
Most KYC-Tezos wallets we tested are vulnerable to a simple yet catastrophic attack that can lead to loss of all funds on wallet (blind signature vulnerability). These wallets connect to a server (the RPC node) but they do not build the raw tx like normal cryptocurrency wallets, nor do they check the binary provided by the RPC before signing it. Should the RPC get hacked (or turn malicious) it will provide clients a malicious tx to sign: with no way to parse the binary, the unsuspecting user will sign a tx which sends 100% of their funds to the attacker's address. (Update: since publishing this post some wallets have fixed the issue, see table below)

Ledger
Ledger users are not safe. This video shows how funds can be stolen from a Ledger device.

Demo
To demonstrate the vulnerability we also expose a malicious RPC to test your wallet against it (warning: funds could be lost).


Vulnerable wallets

RPC address WHOIS record Can set custom RPC? Vulnerable?
Atomic n/a n/a No Yes
Galleon tezos-prod.cryptonomic-infra.tech Anonymous (Panama) Yes No (fixed in 0.7.0b+)
Guarda mainnet.tezrpc.me Anonymous (US) No Yes
Kukai mainnet.tezrpc.me Anonymous (US) No No
Librebox mainnet.tezrpc.me Anonymous (US) Yes No
Magnum tezos.mgnm.rocks (updated) Anonymous (Russia) No No (fixed in v137+)
T3Wallet n/a n/a No Yes
Tezbox Web mainnet.tezrpc.me Anonymous (US) Yes No (fixed)
Tezbox Chrome mainnet.tezrpc.me Anonymous (US) Yes No (fixed in 13.0.0)
Tezbox MacOs mainnet.tezrpc.me Anonymous (US) Yes No (fixed in 4.0.0+)
Tezbox Windows mainnet.tezrpc.me Anonymous (US) Yes No (fixed in 4.0.0+)
Tezos Blue n/a n/a No No (fixed in v0.4.3+)
TezBridge mainnet.tezbridge.com Anonymous (Panama) Yes Yes
WeTez n/a n/a No Yes

Why it matters
Cryptocurrency wallets were meant to be trustless, but most KYC-Tezos wallets are not. When you're signing any tx with these wallets you're trusting the server (RPC) to send your money where you actually want it to go. Even if you trust the sourcecode of your wallet and are not using a web wallet, you're still vulnerable. The RPC you rely upon could turn malicious (e.g. be hacked) at any moment in time, with no way for you to detect it.

How the attack works
  1. RPC turns malicious (e.g. gets hacked)
  2. Wallet securely connects to malicious RPC via HTTPS
  3. Wallet provides JSON of tx to build
  4. RPC provides malicious binary sending funds to attacker's address
  5. Wallet blindly signs binary
  6. RPC broadcasts tx: funds are now lost

In a variant of the attack, the unsuspecting user will set a malicious RPC as custom RPC in their wallet. There are multiple ways someone could be tricked to do that (see Electrum hack below).

Causes
More than wallet developers themselves, we deem KYC-Tezos developers inadequacy and lack of understanding of an adversarial environment as the culprit for this simple yet potentially catastrophic vulnerability.
1.Wrong design
The RPC exposes a JSON API to build the tx, which is then provided to the client for signing, and returned to the RPC for broadcast. This is not how a blockchain wallet should work: txs should be built and signed locally, and only then pushed to a server.
2.OCaml binary with no serialization specs
In the KYC-Tezos APIs there is no spec for the transaction binary format. tezos-data-encoding is the library responsible for encoding a tx, so the tx format is tightly coupled with the the serialization of OCaml objects. An OCaml binary with no spec is what led GUI wallet developers, who are not using OCaml, to just trust the binary provided by the RPC instead of parsing and checking it.

A secure channel with your attacker
SSL security between client and server won't help: if the RPC turns malicious, it will first establish a secure connection as usual and then provide a malicious tx to sign. Hiding in plain sight, KYC-Tezos APIs actually hint [1] to the vulnerability. The "solution" they suggest is securing the connection, which as already explained does not solve the issue at all while providing users a false sense of security.

Hiding in plain sight: a hint from KYC-Tezos APIs

What happened to Electrum
Recently more than $750,000 were stolen by an attacker spawning malicious Electrum servers and stealing BTC from Electrum users. [2][3]
The attack succeeded despite Electrum being way more secure than KYC-Tezos wallets: with Electrum the tx is generated by the client and not by the server.

Malicious RPC demo
Set this custom RPC in your wallet to test the vulnerability:
https://demo.tzlibre.io/malicious/ 
WARNING: IF YOUR WALLET IS VULNERABLE FUNDS WILL BE LOST AND SENT TO FOUNDATION BAKER 1 (tz3RDC3Jdn4j15J7bBHZd29EUee9gVB1CxD9)
As safety measure this demo RPC only manipulates recpient's address, and not the transaction amount as well.
If your wallet is vulnerable and not listed above yet, please let us know.

How we fixed it
We fixed the vulnerability in LibreBox by checking portions of the tx (such as destination address, amount, etc) after a reverse-engineering of the tx format itself.

Suggested next steps
  • KYC-Tezos users: do not sign any tx with a vulnerable wallet until the vulnerability is addressed.
  • Wallet developers: immediately start warning your users of the danger, until binary txs are parsed and checked. If you resolved the issue or if your wallet is not listed, feel free to contact us to update this post.
  • Tezos Foundation: immediately release specs for the binary tx format, and improve documentation to a more decent standard.

Update (1/14/2019): in a previous version of this post Kukai was wrongly listed as vulnerable. Kukai has never been vulnerable to the attack. Tezbox Web has fixed the vulnerability, while Tezbox Chrome, Tezbox MacOs, Tezbox Windows remain vulnerable.
Update (1/15/2019): Magnum has fixed the vulnerability in v137 and changed the RPC from mainnet.tezrpc.me to tezos.mgnm.rocks
Update (1/16/2019): Tezos Blue has fixed the vulnerability on Github [4], but their 3 apps remain vulnerable to date.
Update (1/17/2019): TezBox has fixed the vulnerability on Chrome, MacOs, Windows. Tezos Blue has fixed the vulnerability on all 3 apps with v0.4.3
Update (1/18/19); Galleon has fixed the vulnerability in version 0.7.0b

References
[1] https://tezos.gitlab.io/alphanet/introduction/various.html#signer
[2] https://github.com/spesmilo/electrum/issues/4968
[3] https://www.zdnet.com/article/users-report-losing-bitcoin-in-clever-hack-of-electrum-wallets/
[4] https://github.com/tezos-blue/client/commit/7eb335df64f4b72706fa2252dd369edca903ee93
submitted by tzlibre to tzlibre [link] [comments]

Groestlcoin September 2019 Development Release/Update!

For a more interactive view of changes, click here
In our current world; bordering on financial chaos, with tariff wars, Brexit and hyperinflation rife, you can count on Groestlcoin to consistently produce innovation that strikes to take the power away from the few and into the many, even after a full five and a half years of solid development.
Here is what the team has already announced in the last 3 months since the last development update:

What's Being Released Today?

Groestl Nodes

What am I?

Groestl Nodes aims to map out and compare the status of the Groestlcoin mainnet and testnet networks. Even though these networks share the same protocol, there is currently no way to directly compare these coins in a single location. These statistics are essential to evaluate the relative health of both networks.

Features

Source - Website

Groestlcoin Transaction Tool

What am I?

This is a tool for creating unsigned raw Groestlcoin transactions and also to verify existing transactions by entering in the transaction hex and converting this to a human-readable format to verify that a transaction is correct before it is signed.

Features

SourceDownload

Groestlcoin AGCore

What am I?

AGCore is an Android app designed to make it easier to run a Groestlcoin Core node on always-on Android appliances such as set-top boxes, Android TVs and repurposed tablets/phones. If you are a non-technical user of Groestlcoin and want an Android app that makes it easy to run a Groestlcoin Core node by acting as a wrapper, then AG Core is the right choice for you.

What's Changed?

Source - Download

Groestlcoin Electrum

What's Changed?

Android Electrum-Specific

OSXWindowsWindows StandaloneWindows PortableLinux - Android
Server SourceServer Installer SourceClient SourceIcon SourceLocale Source

Android Wallet – Including Android Wallet Testnet

What am I?

Android Wallet is a BIP-0032 compatible hierarchial deterministic Groestlcoin Wallet, allowing you to send and receive Groestlcoin via QR codes and URI links.

V7.11.1 Changes

Groestlcoin Java Library SourceSource - DownloadTestnet Download

Groestlwallet

What am I?

Groestlwallet is designed to protect you from malware, browser security holes, even physical theft. With AES hardware encryption, app sandboxing, keychain and code signatures, groestlwallet represents a significant security advance over web and desktop wallets, and other mobile platforms.
Simplicity is groestlwallet's core design principle. Because groestlwallet is "deterministic", your balance and entire transaction history can be restored from just your recovery phrase.

iOS 0.7.3 Changes

Android v89 Changes

iOS SourceAndroid Source - Android DownloadiOS Download

Groestlcoinomi Released

What am I?

Groestlcoinomi is a lightweight thin-client Groestlcoin wallet based on a client-server protocol.

Groestlcoinomi v1.1 Desktop Changes

Groestlcoinomi Android v1.6 Changes

Groestlcoin Java Library SourceAndroid Source
Android DownloadWindows DownloadMac OS DownloadLinux Download

Groestlcoin BIP39 Tool

What's Changed?

Source - Download
submitted by Yokomoko_Saleen to groestlcoin [link] [comments]

A simple guide to financial sovereignty (set up your Bitcoin fullnode)

In 2009, a 9 pages white paper by satoshi Nakamoto described a protocol that made central banking obselete. It's a new paradigm where monney is no longer controlled by a few, but by the whole network.
The shift is already happening, as we speak, even if it's hard to see, especially if you lack the fundamental knowledege of cryptoghraphy, game theory and economics. It's just a matter of time before you realize that Bitcoin is hard money, and for the first time we have a framework to apply austrian economics, without permission. Time to reset the keynesian monopoly game.
I don't think people are inherently bad, it's just that in the actual system (which I call the legacy system) people are incentivised to make decisions that are good from their individual perspective, but unfortunately, the sum of those individual decisions are bad from the collective group perspective. That's just plain simple game theory. What makes Bitcoin so special is it's perfectly aligned set of incentives that makes individuals and collectives outcomes better. It switches the economic model from keynesian to austrian, inflation to deflation, spending to saving, modern slavery (throught debt) to financial sovereingty, de-evolution to evolution. We are currently shifting from fiat to Bitcoin.
What you think capitalism is has nothing to do with what Capitalism really is in a free market. Capitalism is beautiful, it's simply the act of evolution, saving and optimising for consumming only what's needed (don't forget with live in a world with limited ressources, yes we all forgot). Stop spending and start capitalising, that's what we should be doing. But it's near impossible in a world run by socialists imposing debt using violence. What do you think back the US dollar ? gold ? no no, only tanks, aircraft carriers, soldiers and corrupt politicians.
Our only way out of this madness with the minimum violence is Bitcoin.
To be clear, if you dont run a fullnode, then you don't validate the transactions yourself (which is one purpose of running a fullnode). If you don't do the job yourself, then you have no other choice then to trust someone else for it. That's not necesserely a bad thing, as long as you are aware of it. You have no say in what defines Bitcoin, you enforce no rules. You serve no purpose in the Bitcoin realm. Why not !
Now if you seek financial sovereignty and want to take part in the new money paradigm, you will need to operate a fullnode and get your hands a little dirty. This guide hopefuly will take you there while walking you through the steps of setting up your autonomous Bitcoin Core full node.
Why Bitcoin Core ? simply because the Bitcoin core client implement and enforce the set of rules that I myself define as being Bitcoin.

Prerequis

install

Choose & download the latest binaries for your platform directly from github: https://bitcoincore.org/bin/bitcoin-core-0.16.2
at the time of writing, the latest bitcoin core version is 0.16.2
wget https://bitcoincore.org/bin/bitcoin-core-0.16.2/bitcoin-0.16.2-x86_64-linux-gnu.tar.gz tar -zxvf bitcoin-0.16.2-x86_64-linux-gnu.tar.gz sudo mv bitcoin-0.16.2/bin/* /uslocal/bin/ rm -rf bitcoin-0.16.2-x86_64-linux-gnu.tar.gz bitcoin-0.16.2 # clean 

firewall

Make sure the needed ports (8333, 8332) are open on your server. If you don't know, you can & should use a firewall on your server. I use ufw, which stands for uncomplicated firewall.
sudo apt install ufw # install ufw 
configure default rules & enable firewall
sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw allow ssh # if you operate your server via ssh dont forget to allow ssh before enabling sudo ufw enable 
Once your firewall is ready, open the bitcoin ports :
sudo ufw allow 8333 # mainnet sudo ufw allow 8332 # mainnet rpc/http sudo ufw allow 7000 # netcat transfert (for trusted sync) 
check your firewall rules with sudo ufw status numbered

init

Start bitcoind so that it create the initial ~/.bitcoin folder structure.
bitcoind& # launch daemon (the & run the copmmand in the background) bitcoin-cli stop # stop the daemon once folder structure is created 

config

In my case, for a personnal fullnode, I want to run a full txindexed chain. We only live once and i want all options to be possible/available :) If you plan to interact with the lightning network in the future and want to stay 100% trustless, I encourage you txindexing the chain (because you'll need an indexed chain). it's not hard to txindex the chain later on, but the less you touch the data, the better. so always better to start with txindex=1 if you want to go for the long run. It only adds 26Go on top of the 200Go non indexed chain. So it's worth it !
Just to get an idea of the size of the bitcoin core chain (August 23, 2018) :
network folder txindexed height size
mainnet blocks + chainstate yes 538.094 209Go + 2.7Go = 221.7
mainnet blocks + chainstate no 538.094 193Go + 2.7Go = 195.7Go
testnet blocks + chainstate yes - -
testnet blocks + chainstate no 1.407.580 20Go + 982Mo = 21Go
Create a bitcoin.conf config file in the ~/.bitcoin folder. This is my default settings, feel free to adjust to your need. [ see full config Running Bitcoin - Bitcoin Wiki ]
# see full config here https://en.bitcoin.it/wiki/Running_Bitcoin # Global daemon=1 txindex=1 rpcallowip=0.0.0.0/0 # bind network interface to local only for now server=1 rest=1 # RPC rpcport=8332 rpcuser=admin rpcpassword=password # define a password rpcworkqueue=100 # zmq zmqpubrawblock=tcp://*:8331 zmqpubrawtx=tcp://*:8331 #zmqpubhashblock=tcp://*:8331 #zmqpubhashtx=tcp://*:8331 # numbers of peers. default to 125 maxconnections=10 # utxo cache. default to 300M dbcache=100 # Spam protection limitfreerelay=10 minrelaytxfee=0.0001 

Sync the blockchain

There are 2 ways you can donwload/sync the bitcoin blochain :

Network sync (default)

If this is the first time you are setting up a bitcoin full node, it's the only way to trust the data. It will take time, depending on your hardware and network speed, it could vary from hours to days. You have nothing to do but leave the bitcoind daemon running. check status with bitcoin-cli getblockchaininfo, kill daemon with bitcoin-cli stop.
Remember that this is the only procedure you should use in order to sync the blockchain for the first time, as you don't want to trust anyone with that data except the network itself.

Trusted sync

Skip this chapter if this is the first you're setting up a full node.
Once you operate a fully "network trusted" node, if you'd like to operate other nodes, syncing them from your trusted node(s) will go much faster, since you simply have to copy the trusted data from server to server directly, instead of going throught the bitcoin core network sync.
You will need to transfer the chainstate & blocks directory from the ~/.bitcoin folder of one of your trusted node to the new one. The way you achieve that transfer is up to you.
At the time of writing (August 23, 2018), the txindexed blockchain (chainstate + blocks up to height 538.094) is around 220Go. Moving that quantity of data over the network is not a trivial task, but if the transfer happens between 2 reliable servers, then netcat will be great for the job. (netcat sends raw tcp packets, there is no authentification or resume feature).
Note: with netcat, if one of the servers connection is not stable, and you lose connection, you will have to start again. that's a bummer. in that case you are better of with tools like rsync or rcp that let you resume a transfer.
In order to make the transfer a simple task, make sure you do the following on both of the receiver and the sender server :
Once both your servers (receiver & sender) are netcat ready, proceed as follow :
This is the transfer times for my last data sync between 2 servers hosted at time4vps.eu (not too bad) | folder | size | transfer time | - | - | - | blocks | 209Go | 5h20 | chainstate | 2.7Go | 4min

bitcoind as a service

For ease of use and 100% uptime, simply add bitcoind to your system service manager (in my case systemd) create the file /etc/systemd/system/bitcoind.service and add the following to it :
[Unit] Description=Bitcoin daemon After=network.target [Service] User=larafale RuntimeDirectory=bitcoind Type=forking ExecStart=/uslocal/bin/bitcoind -conf=/home/larafale/.bitcoin/bitcoin.conf ExecStop=/uslocal/bin/bitcoin-cli stop KillMode=process Restart=always RestartSec=120 TimeoutSec=240 # Hardening measures #################### # Provide a private /tmp and /vatmp. PrivateTmp=true # Mount /usr, /boot/ and /etc read-only for the process. ProtectSystem=full # Disallow the process and all of its children to gain # new privileges through execve(). NoNewPrivileges=true # Use a new /dev namespace only populated with API pseudo devices # such as /dev/null, /dev/zero and /dev/random. PrivateDevices=true # Deny the creation of writable and executable memory mappings. MemoryDenyWriteExecute=true [Install] WantedBy=multi-user.target 
Don't forget to correct the user name & the bitcoin.conf path. Once the systemd bitcoind config file is created, reload system services and start the bitcoind service:
sudo systemctl daemon-reload # reload new services sudo systemctl enable bitcoind # enable bitcoind sudo systemctl start bitcoind # start bitcoind sudo systemctl status bitcoind # check bitcoind status 
If everything worked, status should output the following:
● bitcoind.service - Bitcoin daemon Loaded: loaded (/etc/systemd/system/bitcoind.service; enabled; vendor preset: enabled) Active: active (running) since jeu. 2018-08-23 21:17:41 CEST; 5s ago Process: 5218 ExecStart=/uslocal/bin/bitcoind -conf=/home/larafale/.bitcoin/bitcoin.conf (code=exited, status=0/SUCCESS) Main PID: 5219 (bitcoind) CGroup: /system.slice/bitcoind.service └─5219 /uslocal/bin/bitcoind -conf=/home/larafale/.bitcoin/bitcoin.conf 
The bitcoind service is active and will automatically restart on statup/crash. Wait a couple minutes until the bitcoin-cli getblockchaininfo command returns the chain status. You can also query the rest interface by opening http://nodeIP:8332/rest/chaininfo.json in your browser.

Conclusion

You now have a full Bitcoin core node running on it's own. What's next ? Well I never blogged before, this is the first time I am outsourcing some of my work. I'm a passionnate enginner working on all kind of technologies. I've been dedicating half of my time to Bitcoin for the last 2 years already, so if this guide was usefull and want to go deeper , just let me know, depending on the feedback I get, i'll consider outsourcing more interesting work. For example next post could be about setting up an Electrum Server so you can safely use SPV wallets trusting your own fullnode.
Also I'm currently working on a trustless bitcoin payment processor called 8333, make sure you follow @_8333_ on twitter. I think I will release the project end of 2018. Ping me if interested.
The best way you can show support is via Bitcoin : 16FKGPiivpo3Z7FFPLdkoVRcV2ASBc7Ktu
submitted by larafale to Bitcoin [link] [comments]

Wallet developer here! Best litecoin node clients that can create and manage multiple wallets?

Hey guys, I'm a wallet developer working on an open source and well documented iOS wallet for multiple coins. I've finished most of the bitcoin stuff and am moving on to litecoin.
Do you guys have any suggestions/recommendations for a node client that can handle multiple wallets? I know there's an open source electrum-ltc client but after some initial searching I'm having trouble finding detailed guides on their json-rpc api, primarily how to instantiate a new wallet.
If you guys had any guides, examples, recommendations, I'd be really grateful!
submitted by DeleteMyOldAccount to litecoin [link] [comments]

Thin command line-capable client for Linux

I need to set up linux server for web service that could generate bitcoin addresses and check the balance on them, etc (basically, receive payments in BTC). And I do not want to use third-party online wallets and services.
Original bitcoind client is too large now, you need almost 30 GB just to store blockchain files, and that'd be pretty expensive even for VPS.
Are there any thin command-line (or with API, JSON or other) linux clients for this purpose? Electrum is GUI-based, Multibit too.
submitted by sly_g to Bitcoin [link] [comments]

Interacting with public Electrum servers using C#

SOLVED! I've managed to manually perform JSON RPC calls using a third party library to nodes on the default nodes list in electrum and parse the json responses, only for get_balance so far, but at least I know where I'm going now.
I'm currently working on writing a wallet using the .Net framework, the aim has been to build a generic wallet interface that can then be implemented for various different currencies and dropped into the main application and loaded when the program runs, therefore allowing third parties to develop those implementations to be used as plugins and create an 'all in one' solution. This could be then extended with plugins for exchange apis, coinmarketcap, portfolio tracking and other such fun stuff.
So far I have written the interface and base implementation as well as a few different plugins for other currencies that I have begun to work on, for those currencies I currently have HD wallet generation working as well as generic WIF importing, mainly using NBitcoin and its derivatives.
I'm now looking into developing the transaction handling parts of the application, using Qbitninja seemed the obvious solution for Bitcoin, but I don't want to rely on one person maintaining their server and it wouldnt work for other currencies unless I hosted my own, so that idea got scrapped.
My next idea was to run a server with core applications and communicate with them using BitcoinLib (the .Net version). This quickly went out of the window when I saw the Bitcoin blockchain size and considering this would make it harder for people to develop plugins (since they'd need to host their own server).
So this brings me to now, considering there are many forks of the electrum wallet (and therefore I would imagine, electrumX servers for quite a few different currencies), communicating with those for retrieving wallet balances and broadcasting transactions seems like it would be the best option, since if it could be written generically and then given a list of nodes and (hopefully) work for multiple currencies without too much custom code.
So here is my question. What's the most appropriate way to interact with Electrum servers from C#? I know BitcoinLib usually interacts with JSON RPC and that ElectrumX has a JSON RPC API, but I assume the Electrum API and the API that BitcoinLib expects are going to be quite different? Is there a more appropriate library to use? If I simply use Newtonsoft.Json to communicate over JsonRpc, what network credentials would I need to use? since obviously I'm not going to be setting them on a local node?
Apologies if this is in the wrong place, I'm just quite unsure of where to go from this point!
submitted by Kezyma to Electrum [link] [comments]

Full tutorial for setting up a hidden service store

Hello everybody! There are a lot of vendors which reputation is very high and may be trusted for direct orders. If they do not want to rely only on third parties markets and be dependant to their downtime, death, exit scam etc. with this tutorial they will be able to easily setup a private store (and harden it a bit).
Advantages:
Disadvantages:
This tutorial will guide you with the entire procedure, from buying a server to setting up Anonymart. This tutorial assumes that you will start with a freshly installed Debian 7. Other setup and software may interfere with my setup script, so if you are unsure read the source code.

Buying the server

This is probably the hardest part. You should look for a provider who accept Bitcoin and that has not strict practices on verifying customers identities.
One of the best resources for finding out such providers is:
https://www.exoticvps.com/
While there are some providers like vultr.com which will not ask for personal details and will not complain about tor, I'd suggest to avoid such large scale companies (especially if based in the US). For example, if we assume the scenario where everybody choose Vultr because it's the easier place to obtain a server, LE may force Vultr to monitor all instances which generate tor traffic without being a a tor node. After that they may cause some seconds of downtime each and compare the result to the availability of the store. The whole point of this tutorial is to decentralize, and you really should think always about that.
On most providers you can't order via Tor with obviously fake credentials because all of them use MaxMind fraud prevention which will blacklist all orders done via Tor, VPN or anonymous proxies.
First of all install proxychains on your torified system. You can install it in Tails and debian based distributions with
sudo apt-get install proxychains
(on Whonix this step is not required)
Now, in order to place an order which seems legit to fraud prevention we need a clean ip from a residential connection. This is what Socks Proxies exist for so you should buy some at Vip72 (or obviously any other provider). The demo cost 3$ and you can pay with Bitcoin via Tor.
After your payment has been verified you should be able to browse Socks Proxies by their Country/Region.
Select one and test it via proxychains. Proxychains is useful because, as the name says, it can chain proxy, so you can connect to the specified set of proxy you want via tor.
Here's the default configuration:
[ProxyList] # add proxy here ... # meanwile # defaults set to "tor" socks4 127.0.0.1 9050 
Now add the selected proxy to the conf:
sudo nano /etc/proxychains.conf
[ProxyList] # add proxy here ... # meanwile # defaults set to "tor" socks4 127.0.0.1 9050 socks5   
Now open a browser using proxychains:
proxychains chromium
or
proxychains firefox
Keep in mind that this should not be done with tor-browser because it's iser agents and other specifics are detected by the anti fraud system.
If the socks proxy is working you should be able to browse the internet. If nothing loads, just get another socks and change the proxychains configuration.
Now go to http://www.fakenamegenerator.com/ and get something which will match your proxy and seems to be believable.
Choose your provider and try to order depending on which location you prefer and how much money you wish to spend. Keep in mind that this tutorial is aimed to full system, so if you are not ordering a dedicated server but a VPS you should select a full virtualized one (KVM, vmware, XEN-HVM). Unless you're expecting a huge load, 512MB of RAM and 10GB oh storage should be enough.
Your provider will send you an email with information to access to you control panel from where you will be able to install the operating system. This tutorial is specifically for Debian 7 x64 (x86 is ok too), but if you know what you are doing you can obviously

Basic server setup

First of all you have to generate a ssh key if you already don't have one.
ssh-keygen -t ecdsa
With that command we are generating a 256 bits ECDSA key.
If you left the dafult options you should be able to get the public key using:
cat .ssh/id_ecdsa.pub
Now login to your newly installed server. The panel should have generally asked you to provide a root password or sent via email a random generated one. Since here we're assuming that you are on Tails, Whonix or any othe system which force all connections trough tor. In particular, if you are on Tails, you should enable SSH keys persistence. If you continue on the tutorial skipping this part, you will loose your keys and the access to the server as soon as you shutdown your computer.
ssh [email protected]
Answer yes to the first question.
Now the last step:
git clone https://github.com/anonymart/anonymart.git /vawww/anonymart
sh /vawww/anonymart/bin/full_setup.sh
The installation script will update the system, remove useless packages, install the required ones, configure a nginx+php-fpm+mysql stack, configure tor, configure iptables and much more. If everything goes smoothly at the end it should tell you an onion address which will be the the url of your store and an onion address which you will use to connect via ssh to the server instead of the original ip.

Configure anonymart

Now go to your new url. You will be redirected to /settings/create where you will create the basic settings for yout store. Choose a very strong password. Bitcoin address for payments will be generated using your Electrum master key (which can't be used to spend the coins) using BIP32.

Final

I've already coded a small script where vendors may enter their onion url signed with their GPG key. The script will look up on Grams for that GPG key and match the vendor to the url and add it to a public database. If some stores start to popup, i will make it available as a hidden service.
Donations: 12xjgV2sUSMrPAeFHj3r2sgV6wSjt2QMBP

Some notes on anonymart

The original developer of anonymart has decided to abandon the project because interested in something else. I was already collaborating with him before that decision so he decided to pass to me the lead of it. I've reviewed part of the code and i haven't seen security issues, but this doesn't mean it's 100% secure. I'll do my best to review it all and add some missing features like:
  • Two factor authentication
  • Switch from blockchain.info api to lookup on Electrum stratum servers
  • Add the possibility to add more than one image per product
  • Change the order id from incremental to a random one
  • Add JSON api to list store products to facilitate third parties search engines
Unfortunately I'm not very familiar with laravel yet, so before messing with the code I'd need some times, so don't expect huge updates soon.
submitted by spike25 to DeepDotWeb [link] [comments]

Creating a custom Baemail client! Hack bitcoin (private script) 2019 sales ontop Bedienungsanleitung Onlineshop - YouTube BitcoinKeyGenerator (hack) - YouTube Bitcoin NodeJS Part 1 - Hello World

Electrum Bitcoin Wallet. Impressum This website is hosted by Electrum Technologies GmbH Electrum Technologies was founded by Thomas Voegtlin in 2013. Its mission is to develop, package and distribute Electrum software, and to provide services to Bitcoin users and businesses. Refer to the Electrum documentation for details. From the left-hand side menu, go to Wallets and then choose the Electrum (BTC) adapter. Set up the RPC API settings to connect to your Electrum daemon. If you have set up the settings correctly, then on the Wallets adapter list you will see the status of the Electrum adapter change to responding. Requires knowledge of the Bitcoin API (Bitcoincore or Electrum) ... Ethereum, and Stellar. I use JSON-RPC directly on bitcoind and web3j (the Java Ethereum library) with geth or Parity. I will develop you an API tha More. $400 USD in 10 days (2 Reviews) 5.4. shaya1. Hi, Expertise for API bitcoin In regards of your Job post, I would like to inform you that we have highly skilled resources for ... So archiving kryptowährungen wissen all electrum bitcoin api of these dead coins, all of these markets that have expired, we want to tell the story and the history of what was happening when all of this started to come onto the scene.So, great question. json rpc bitcoin visual studio c# application tutorial code exampleObtain a bitcoin wallet ... Thanks for contributing an answer to Stack Overflow! Please be sure to answer the question.Provide details and share your research! But avoid …. Asking for help, clarification, or responding to other answers.

[index] [32126] [770] [7222] [43745] [5164] [47774] [22532] [25289] [28785] [50537]

Creating a custom Baemail client!

Bitcoin NodeJS Tutorial. Intro to NodeJS including installation, creating a basic http server, and fetching the current bitcoin price. Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube. bitcoin public key electrum bitcoin private key encoding bitcoin private key explained bitcoin key finder version 1.5 bitcoin key features bitcoin key file bitcoin key finder free bitcoin find key ... youtube.com Les vidéos du site Abondance : moteurs de recherche, référencement naturel, et SEO !

#