BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Jul 6 22:38 [raw]
I found three ImageMagick files in the /src directory of a running PyBitmessage. They are screen shots of the local interface. Is it possible that a programmer is exploiting holes in a module? What if the view image feature is being used to gain screen access? The headers of the files look like this: %!PS-Adobe-3.0 %%Creator: (ImageMagick) %%Title: (imghdr) %!PS-Adobe-3.0 %%Creator: (ImageMagick) %%Title: (json) %!PS-Adobe-3.0 %%Creator: (ImageMagick) %%Title: (ntpath) Someone once posted there is a form of onion routing built into PyBitmessage. How likely is it that this routing feature is being used to siphon off files and screenshots from computers running PyBitmessage?
BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Jul 8 04:01 [raw]
The qidenticon renderer and the qrencode functions may have something to do with this. QT has screen access and is able to manipulate images. A specially formatted object may instruct PyBitmessage to take screenshots.
BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Jul 8 04:01 [raw]
It may be a feature rather than a bug. The silence on the issue so suggests.
BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Jul 8 04:49 [raw]
Check the image file timestamps against the timestamps of received and sent messages, also cross-ref with your debug log. If the files are indeed related to Bitmessage activity, you should find a correlation.
BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Jul 8 04:53 [raw]
Maybe the culprits are focusing their attention on a cover story.
BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Jul 8 05:20 [raw]
Interesting ... 'imghdr', 'json', and 'ntpath' are modules in the python library.
BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Jul 8 05:38 [raw]
What is the modification date of the files and what version were you running at that time? Peter Surda Bitmessage core developer
BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Jul 8 20:25 [raw]
That is not necessarily true. A decent exploit would alter that data on egress to cover the attacker's tracks and misdirect any investigation.
BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Jul 8 20:36 [raw]
I can't provide the branch and commit number because this src/ directory was copied prior to last pull. grep softwareVersion version.py softwareVersion = '0.6.3.2' stat imghdr | grep -v Device | grep -v Size | grep -v Uid File: imghdr Access: 2018-07-09 10:20:10.773465228 -0500 Modify: 2018-06-30 01:04:53.126065000 -0500 Change: 2018-07-01 00:01:04.434670106 -0500 Birth: - stat json | grep -v Device | grep -v Size | grep -v Uid File: json Access: 2018-07-09 10:23:29.150542869 -0500 Modify: 2018-06-30 01:04:53.254061000 -0500 Change: 2018-07-01 00:01:04.482668615 -0500 Birth: - stat ntpath | grep -v Device | grep -v Size | grep -v Uid File: ntpath Access: 2018-07-09 10:24:58.954733706 -0500 Modify: 2018-06-30 01:05:18.225243000 -0500 Change: 2018-07-01 00:01:29.485891782 -0500 Birth: -
BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Jul 18 20:09 [raw]
Never heard about python screenshots. But it's possible that somebody just tried to run py-files by shell. Then string like import json can be interpreted as call to ImegeMagick's import utility: $ man import import(1) General Commands Manual import(1) NAME import - saves any visible window on an X server and outputs it as an image file. You can capture a single window, the entire screen, or any rectangular portion of the screen. The window to capture is selected by clicking the desired window or a program option. SYNOPSIS import [options] output-file OVERVIEW The import program is a member of the ImageMagick(1) suite of tools. Use it to capture some or all of an X server screen and save the image to a file. $ import json $ head -n3 json %!PS-Adobe-3.0 %%Creator: (ImageMagick) %%Title: (json)
BM-2cXzFmWXqFFsrn2qcY8wUaM4tcBYterW3x
Jul 18 20:10 [raw]
when python crashes it usually creates a screen shot regular py behaviour, u probably clicked some shit and it crashed
BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Jul 18 20:10 [raw]
just crash a py src and youll have a screenshot dude
BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Jul 18 20:10 [raw]
oh ure right ! cool. import ~/import_screenie will show the crossbar to choose a win to shoot. so, when u click a src.py where import is the first line, it may be run as a bash script if associated improperly and create those screenshots. I always though it was a py function . glad u cleared this up
BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Jul 22 14:00 [raw]
Access to imagemagick library is in the PyBitmessage source code.
BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Jul 22 14:10 [raw]
usually import AAA gets run as bash instruction, not as a python instruction which confuses people since import is one of those shitty programs which next to no UI