You are not logged in.

Pages: 1

#1 2019-04-11 16:56:23

archn00b8234
Member
Registered: 2017-12-06
Posts: 14

remmina hijack a bitcoin wallet?

hello,

I encountered such a problem that when copying a bitcoin wallet it is replaced in the clipboard.
The clipboard slows down (as if searching in the wallet clipboard) and then the wallet is replaced by another one!
This problem noticed recently.


I wrote a small program for monitoring the clipboard and this is what it issued

[2019-04-11 11:35:45] user      1361  0.5  2.2 1992700 725452 tty1   Sl    45:23 remmina
[2019-04-11 11:37:25] user      1361  0.5  2.2 1992700 725452 tty1   Sl    45:24 remmina
[2019-04-11 11:38:33] user      1361  0.5  2.2 1992700 725452 tty1   Sl    45:24 remmina

then I killed the remmina process and the hijack in the clipboard stopped

# pacman -Qe | grep remmina
remmina 1:1.3.4-1

# pacman -Qe | grep rdp
freerdp 1:2.0.0_rc4-3

this is a two bitcoin wallets i saved

1FzaYCfTmVHkv2x2hhraUv3bUuVDx1abLA
33NCRF2DKKWpjhaZFCFUg8wqoAD92NCTAB

This problem appears rarely, such a feeling that the program is sleeping for a certain time and waiting for the moment
the hijack itself lasts a limited time


#include <time.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <signal.h>

#include <X11/Xlib.h>

#define CLIPBOARD_NAME "CLIPBOARD"

int main()
{


 Display *dpy;
 Window owner;
 Window old_owner = 0;
 Atom sel;
 char command[1024] = { 0 };
 char buffer[2048]  = { 0 };
 FILE *pf;
 time_t t;
 struct tm *tm;

 dpy = XOpenDisplay(NULL);
 if (!dpy)
 {
     fprintf(stderr, "Could not open X display\n");
     return 1;
 }



 FILE *log = fopen("/home/user/test.log", "a+");

 if(!log)
 {
     fprintf(stderr, "Could not open clipboard log file.\n");
     return 1;
 }

 signal(SIGHUP,  SIG_IGN);
 signal(SIGCHLD, SIG_IGN);

 if(fork())
  exit(0);

 while(1)
 {


     sel = XInternAtom(dpy, CLIPBOARD_NAME, False);
     owner = XGetSelectionOwner(dpy, sel);

     if(owner != old_owner)
     {
   
       old_owner = owner;
       sprintf(command, "xprop -id 0x%lX | grep _NET_WM_PID|cut -f3 -d' '|xargs ps --no-headers -up", owner);

       pf = popen(command, "r");
       
       if(pf != NULL)
       {
         
         memset(buffer, 0, sizeof(buffer));

         if (fgets(buffer, sizeof(buffer), pf) != NULL)
         {
           t = time(NULL);
           tm = localtime(&t);
           fprintf(
            log, 
            "[%04u-%02u-%02u %02u:%02u:%02u] %s", 
            tm->tm_year + 1900,
            tm->tm_mon + 1,
            tm->tm_mday,
            tm->tm_hour + 1,
            tm->tm_min + 1,
            tm->tm_sec + 1,
            buffer);
           fflush(log);
           pclose(pf);
         
         }

         else perror("fgets");

       }

       else perror("popen");

     }
     
     
     usleep(1000000);
 }

 return 0;
}

Offline

#2 2019-04-11 19:42:22

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 74,265

Re: remmina hijack a bitcoin wallet?

Idk what you mean by "the clipboard slows down" but this is most likely the clipboard-sync feature and your getting the clipboard contents from the other machine when it updates…

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

#3 2019-04-11 20:16:01

archn00b8234
Member
Registered: 2017-12-06
Posts: 14

Re: remmina hijack a bitcoin wallet?

seth wrote:

Idk what you mean by "the clipboard slows down" but this is most likely the clipboard-sync feature and your getting the clipboard contents from the other machine when it updates…

Unfortunately, there is no connection to the remote machine!
remmina just run.
I checked your version with remote synchronization with the clipboard, unfortunately it disappears.

when copying a large text in which there is a bitcoin address, the hijacking clipboard.

Offline

#4 2019-04-11 20:34:34

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 74,265

Re: remmina hijack a bitcoin wallet?

I checked your version with remote synchronization with the clipboard, unfortunately it disappears.

Sorry, but I cannot read any meaning into this.

when copying a large text in which there is a bitcoin address, the hijacking clipboard.

You'll have to rephrase that.
Does it imply that a single token w/i the clipboard is replaced?

Like

<< My secret bitcoin wallet is 1FzaYCfTmVHkv2x2hhraUv3bUuVDx1abLA and you'll never know!
>> My secret bitcoin wallet is 33NCRF2DKKWpjhaZFCFUg8wqoAD92NCTAB and you'll never know!

?

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

#5 2019-04-11 20:42:25

archn00b8234
Member
Registered: 2017-12-06
Posts: 14

Re: remmina hijack a bitcoin wallet?

seth wrote:

I checked your version with remote synchronization with the clipboard, unfortunately it disappears.

Sorry, but I cannot read any meaning into this.

when copying a large text in which there is a bitcoin address, the hijacking clipboard.

You'll have to rephrase that.
Does it imply that a single token w/i the clipboard is replaced?

Like

<< My secret bitcoin wallet is 1FzaYCfTmVHkv2x2hhraUv3bUuVDx1abLA and you'll never know!
>> My secret bitcoin wallet is 33NCRF2DKKWpjhaZFCFUg8wqoAD92NCTAB and you'll never know!

?

im copy bitcoin wallet from browser/text editors/terminal/nano/etc.. (from text editors to text editors) and  original wallet replaced by  new wallet
like this

1FzaYCfTmVHkv2x2hhraUv3bUuVDx1abLA
33NCRF2DKKWpjhaZFCFUg8wqoAD92NCTAB

Last edited by archn00b8234 (2019-04-11 20:44:53)

Offline

#6 2019-04-11 20:46:16

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 74,265

Re: remmina hijack a bitcoin wallet?

Do you mean it is not the replacement of a string, but the hash of the wallet changes?

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

#7 2019-04-11 20:52:31

archn00b8234
Member
Registered: 2017-12-06
Posts: 14

Re: remmina hijack a bitcoin wallet?

seth wrote:

Do you mean it is not the replacement of a string, but the hash of the wallet changes?


i think, unknown code make a regexp search in clipboard and replace bitcoin wallet.
i think its a hash regexp search.

Offline

#8 2019-04-11 20:53:30

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 74,265

Re: remmina hijack a bitcoin wallet?

This is going nowhere. What's your native language?

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

#9 2019-04-11 20:54:35

archn00b8234
Member
Registered: 2017-12-06
Posts: 14

Re: remmina hijack a bitcoin wallet?

seth wrote:

This is going nowhere. What's your native language?

RU

Offline

#10 2019-04-11 21:22:56

Zod
Member
From: Hoosiertucky
Registered: 2019-03-10
Posts: 636

Re: remmina hijack a bitcoin wallet?

https://archlinux.org.ru/forum/

Maybe these guys could help?

Offline

#11 2019-04-11 21:26:01

archn00b8234
Member
Registered: 2017-12-06
Posts: 14

Re: remmina hijack a bitcoin wallet?

Zod wrote:

https://archlinux.org.ru/forum/

Maybe these guys could help?


reverse packages help me ;-)

Offline

Pages: 1

Board footer

Powered by FluxBB