jahway603
2 years ago
6 changed files with 295 additions and 14 deletions
@ -0,0 +1,101 @@ |
|||
# Creating SilentDragonLite MSI installer for Windows with msitools and wixl |
|||
This documentation is for creating a SilentDragonLite MSI installer for Windows using msitools and wixl. Documentation for msitools is here: https://wiki.gnome.org/msitools Documentation for wixl can refer to WiX toolset as it tries to share the same syntax: https://wixtoolset.org/documentation/manual/v3/ |
|||
This was tested on Ubuntu 20.04.4 LTS |
|||
## Install msitools and wixl |
|||
``` |
|||
sudo apt-get -y install msitools wixl |
|||
``` |
|||
## Download latest SilentDragonLite Windows release and unzip |
|||
Latest releases located here: https://git.hush.is/hush/SilentDragonLite/releases Example below is for SilentDragonLite 1.5.2 |
|||
``` |
|||
wget https://git.hush.is/attachments/37c68ff3-725c-4ceb-b28a-8c131739585c |
|||
unzip 37c68ff3-725c-4ceb-b28a-8c131739585c |
|||
``` |
|||
This will unzip into a directory named SilentDragonLite-v1.5.2-win |
|||
``` |
|||
cd SilentDragonLite-v1.5.2-win |
|||
``` |
|||
## Copy silentdragon.ico to SilentDragonLite directory |
|||
The icon file `silentdragon.ico` is currently not included in release zip, but is required to create an MSI installer with a smaller size. Setting icon SourceFile in the .wxs file to SilentDragonLite.exe will duplicate the .exe and make the installer over 100MB instead of ~80MB. How you get this .ico file is up to you. I extracted from .exe on Windows. Maybe it will be included in .zip release in the future to make this easier for anyone trying to create a MSI file for the first time. |
|||
|
|||
## Create WiX source file (.wxs) |
|||
This is an XML file. You should name it what you want the .msi file to be named IE: `SilentDragonLite-1.5.2.wxs` |
|||
Below is a copy of the contents of the `SilentDragonLite-1.5.2.wxs` file. Note that GUID's all need to be unique. This will create shortcuts to SilentDragonLite on desktop and in the start menu as well as have uninstall support from Add/Remove Programs. A tutorial that explains the basics of creating these files can be found here: https://www.firegiant.com/wix/tutorial/ |
|||
``` |
|||
<?xml version='1.0' encoding='windows-1252'?> |
|||
<Wix xmlns='http://schemas.microsoft.com/wix/2006/wi'> |
|||
<Product Name='SilentDragonLite' Id='2dc57a1d-b094-4ada-9141-c1cd4bd3ac42' UpgradeCode='d67c14a1-8cf8-438b-b32b-5e8aaae06a40' |
|||
Language='1033' Codepage='1252' Version='1.5.2' Manufacturer='HUSH'> |
|||
|
|||
<Package Id='*' Keywords='Installer' Description="HUSH SilentDragonLite Installer" |
|||
Comments='' Manufacturer='HUSH' |
|||
InstallerVersion='100' Languages='1033' Compressed='yes' SummaryCodepage='1252' /> |
|||
|
|||
<Media Id='1' Cabinet='SilentDragonLite.cab' EmbedCab='yes' DiskPrompt="CD-ROM #1" /> |
|||
<Property Id='DiskPrompt' Value="HUSH SilentDragonLite 1.5.2 Installation [1]" /> |
|||
|
|||
<Directory Id='TARGETDIR' Name='SourceDir'> |
|||
<Directory Id='ProgramFilesFolder' Name='PFiles'> |
|||
<Directory Id='HUSH' Name='HUSH'> |
|||
<Directory Id='INSTALLDIR' Name='SilentDragonLite'> |
|||
<Component Id='MainExecutable' Guid='24fb99eb-d6b6-4d96-a1b1-631acdff8222'> |
|||
<File Id='SilentDragonLiteEXE' Name='SilentDragonLite.exe' DiskId='1' Source='SilentDragonLite.exe' KeyPath='yes'> |
|||
<Shortcut Id="startmenuSilentDragonLite" Directory="ProgramMenuDir" Name="SilentDragonLite" WorkingDirectory='INSTALLDIR' Icon="SilentDragonLite.exe" IconIndex="0" Advertise="yes" /> |
|||
<Shortcut Id="desktopSilentDragonLite" Directory="DesktopFolder" Name="SilentDragonLite" WorkingDirectory='INSTALLDIR' Icon="SilentDragonLite.exe" IconIndex="0" Advertise="yes" /> |
|||
</File> |
|||
</Component> |
|||
<Component Id="READMEFILE" Guid="126d74da-bd82-496d-a936-78d6f0bf2f3c"> |
|||
<File Id="README" DiskId='1' Source="README" KeyPath="yes"/> |
|||
</Component> |
|||
</Directory> |
|||
</Directory> |
|||
</Directory> |
|||
|
|||
<Directory Id="ProgramMenuFolder" Name="Programs"> |
|||
<Directory Id="ProgramMenuDir" Name="SilentDragonLite"> |
|||
<Component Id="ProgramMenuDir" Guid="a47c750e-1dcc-49cd-bec1-d283f4b24401"> |
|||
<RemoveFolder Id='ProgramMenuDir' On='uninstall' /> |
|||
<RegistryValue Root='HKCU' Key='Software\[Manufacturer]\[ProductName]' Type='string' Value='' KeyPath='yes' /> |
|||
</Component> |
|||
</Directory> |
|||
</Directory> |
|||
|
|||
<Directory Id="DesktopFolder" Name="Desktop" /> |
|||
</Directory> |
|||
|
|||
<Feature Id='Complete' Level='1'> |
|||
<ComponentRef Id='MainExecutable' /> |
|||
<ComponentRef Id='ProgramMenuDir' /> |
|||
<ComponentRef Id='READMEFILE' /> |
|||
</Feature> |
|||
|
|||
<Icon Id="SilentDragonLite.exe" SourceFile="silentdragon.ico" /> |
|||
|
|||
</Product> |
|||
</Wix> |
|||
``` |
|||
## Build MSI file from WiX source file |
|||
``` |
|||
wixl -v SilentDragonLite-1.5.2.wxs |
|||
``` |
|||
|
|||
This will create a `SilentDragonLite-1.5.2.msi` file in the same directory which can then be distributed. If it created without error and is larger than 0kb, congratulations! |
|||
|
|||
|
|||
## Potential known issue and work-around if wixl generates MSI with corrupt cabinet file |
|||
There is a known issue where wixl may generate a corrupt cabinet file, causing the Windows installer to fail with a corrupt cabinet file error. This appears related to the file size of `SilentDragonLite.exe` and reported issue with gcab: https://gitlab.gnome.org/GNOME/gcab/-/issues/16 |
|||
|
|||
File size where this becomes an issue is not exactly known, but it has occurred when `SilentDragonLite.exe` was ~100 MB. There is no cabinet file corruption when compressing `SilentDragonLite.exe` to ~80 MB. UPX is used to compress the executable and then MSI is created again: https://upx.github.io/ |
|||
|
|||
### Install UPX ### |
|||
``` |
|||
sudo apt-get install upx |
|||
``` |
|||
### Compress SilentDragonLite.exe ### |
|||
``` |
|||
upx SilentDragonLite.exe --force |
|||
``` |
|||
### Re-create MSI using compressed exe ### |
|||
``` |
|||
wixl -v SilentDragonLite-1.5.2.wxs |
|||
``` |
@ -0,0 +1,119 @@ |
|||
# Copyright Infringement of HUSH code |
|||
|
|||
This file exists to document the copyright infringement of HUSH code as clearly as possible |
|||
with as much supporting info as possible, so people can decide for themselves. Any project |
|||
that infringes on "The Hush Developers" copyright will be listed here. Currently there |
|||
is one project that severely infringes the copyright of Hush code, which is Pirate. |
|||
|
|||
|
|||
## What is Copyright Infringement? |
|||
|
|||
Copyright infringement is when one project takes code from another project, and maliciously |
|||
or accidentally changes copyright information and/or mixes code of incompatible copyrights |
|||
together. In the case of HUSH, our code is GNU Public License Version 3 (GPLv3), which means |
|||
projects that use non-GPL code cannot (legally) take our code and add it to their project, |
|||
unless they: |
|||
|
|||
* Change their copyright to GPLv3 (or a higher version) |
|||
* Add copyright disclaimers from "The Hush Developers" |
|||
|
|||
## z\_getbalances RPC |
|||
|
|||
Hush wrote a new RPC which does not exist in any other cryptocoin called `z_getbalances` first created on April 13th 2021 in commit |
|||
https://github.com/hushmirror/hush3/commit/52e14828c8366d28a47d16acff42f64e988669fe then less than a month later the same exact RPC name, with same functionality was added |
|||
in Pirate commit https://github.com/PirateNetwork/pirate/commit/be114569ec692c41b0af5d6ad84e6acf7da6305f . It adds a new optional argument and is a derived work: |
|||
|
|||
https://github.com/hushmirror/hush3/blob/dev/src/wallet/rpcwallet.cpp#L3646 |
|||
|
|||
https://github.com/PirateNetwork/pirate/blob/master/src/wallet/rpcwallet.cpp#L4157 |
|||
|
|||
## hush-cli was renamed pirate-cli |
|||
|
|||
Very interestingly, in https://github.com/PirateNetwork/pirate/commit/412f5a296165ed7601749383cb4b94a4d8a0a9c5 it can be seen |
|||
that the `hush-cli` script was renamed `pirate-cli`, and the Hush copyright line was removed and replaced with a Pirate copyright |
|||
that says "no rights reserved" : |
|||
|
|||
``` |
|||
#!/bin/bash |
|||
-# Copyright (c) 2019 Hush developers |
|||
+# Copyright (c) 2019 PirateChain - no rights reserved |
|||
|
|||
# set working directory to the location of this script |
|||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" |
|||
cd $DIR |
|||
|
|||
-NAME=HUSH3 |
|||
+NAME=PIRATE |
|||
CLI=${KOMODOCLI:-./komodo-cli} |
|||
$CLI -ac_name=$NAME "$@" |
|||
``` |
|||
|
|||
This file no longer exists in their master branch, but is a good example of Pirate blatantly infringing on Hush code copyright. |
|||
|
|||
## TLS Code |
|||
|
|||
Pirate seems to have copied huge sections of the TLS code from Hush, including entire files |
|||
and detailed code comments in certain functions, while also not adding our Copyright disclaimer |
|||
to their files. Since Pirate is MIT and Hush is GPLv3, mixing this code is incompatible. |
|||
|
|||
For instance: https://github.com/hushmirror/hush3/blob/dev/src/hush/tlsenums.h was created in |
|||
commit https://github.com/PirateNetwork/pirate/commit/a21bf4051094a8ca9c481efd32d706361e8003b5 |
|||
on Oct 31st 2021 but https://github.com/hushmirror/hush3/blob/dev/src/hush/tlsenums.h was |
|||
created on Sep 29th 2020 in commit https://github.com/hushmirror/hush3/commit/62f67821ecd801cc26b9f3aa14de8735d6563a0a |
|||
|
|||
The files are almost exactly the same, except Hush Copyright lines have been removed, the namespace |
|||
"hush" was changed to "tls" and whitespace has been added. The exact ordering of elements and exact |
|||
names of variables is exactly the same. |
|||
|
|||
Another fact is that all the filenames in https://github.com/PirateNetwork/pirate/tree/master/src/tls |
|||
are exactly the same as the filenames in https://github.com/hushmirror/hush3/tree/dev/src/hush yet |
|||
the Hush files were created over a year prior. |
|||
|
|||
Additionally the function threadSocketHandler at https://github.com/PirateNetwork/pirate/blob/master/src/tls/tlsmanager.cpp#L347 |
|||
is almost exactly the same. The differences are because Hush uses WolfSSL where Pirate uses OpenSSL and |
|||
logging to a different log category ("net" vs "tls") . |
|||
|
|||
The `-tls` CLI option and `-tls=only` argument was added in commit https://github.com/hushmirror/hush3/commit/62f67821ecd801cc26b9f3aa14de8735d6563a0a on Sep 29th 2020 |
|||
and then appears over a year later in Pirate source code in commit https://github.com/PirateNetwork/pirate/commit/a21bf4051094a8ca9c481efd32d706361e8003b5 |
|||
|
|||
Additionally, Hush added the field `tls_connections` to two RPCs: `getinfo` and `getnetworkinfo` and Pirate took this code, |
|||
and turned the oneliner to a for loop to make it look different, yet it is still a derived work: |
|||
|
|||
``` |
|||
pirate/src/rpc/net.cpp |
|||
515: " \"tls_connections\": xxxxx, (numeric) the number of TLS connections\n" |
|||
557: obj.push_back(Pair("tls_connections", sslNode)); |
|||
|
|||
pirate/src/rpc/misc.cpp |
|||
212: " \"tls_connections\": xxxxx, (numeric) the number of TLS connections\n" |
|||
302: obj.push_back(Pair("tls_connections", sslNode)); |
|||
|
|||
hush3/src/rpc/net.cpp |
|||
506: " \"tls_connections\": xxxxx, (numeric) the number of TLS connections\n" |
|||
541: obj.push_back(Pair("tls_connections", (int)std::count_if(vNodes.begin(), vNodes.end(), [](CNode* n) {return n->ssl != NULL;}))); |
|||
|
|||
hush3/src/rpc/misc.cpp |
|||
219: " \"tls_connections\": xxxxx, (numeric) the number of encrypted TLS (SSL) connections\n" |
|||
293: obj.push_back(Pair("tls_connections", (int)std::count_if(vNodes.begin(), vNodes.end(), [](CNode* n) {return n->ssl != NULL;}))); |
|||
``` |
|||
|
|||
You can also notice they exactly copied the documentation of each RPC, with no changes. |
|||
|
|||
In the file `src/net.h` you can see that Pirate copied the exact variable names of the TLS context objects: |
|||
|
|||
``` |
|||
pirate/src/net.h |
|||
extern SSL_CTX *tls_ctx_server; |
|||
extern SSL_CTX *tls_ctx_client; |
|||
|
|||
/hush3/src/net.h |
|||
extern SSL_CTX *tls_ctx_server; |
|||
extern SSL_CTX *tls_ctx_client; |
|||
``` |
|||
|
|||
Additionally, these two objects were added at exactly the same place in the file, between the `strSubVersion` and `LocalServiceInfo` struct. |
|||
|
|||
https://github.com/PirateNetwork/pirate/blob/master/src/net.h#L226 |
|||
|
|||
https://github.com/hushmirror/hush3/blob/dev/src/net.h#L196 |
|||
|
@ -0,0 +1,53 @@ |
|||
# Summary |
|||
|
|||
TLDR: ECC profits directly from their own users lack of privacy. |
|||
|
|||
The company behind Zcash, Electric Coin Company, works directly with Law Enforcement and blockchain analysis companies, whose largest customers are Law Enforcement Organizations (LEOs). |
|||
|
|||
This is the Military-Industrial-Surveillance complex, where ECC directly profits from their users lack of privacy |
|||
|
|||
The Hush community finds this to be an egregious conflict-of-interest |
|||
What follows are important summaries and quotes from this video: |
|||
|
|||
https://www.bitchute.com/video/PWXU7D4VV0lB/ |
|||
|
|||
The video was removed from YouTube and then uncensored by the Monero community |
|||
|
|||
The companies actually make fun of Zcash optional privacy, but say if people use the tech, they can't track it. |
|||
|
|||
It shows that ECC profits directly from their own users lack of privacy. |
|||
|
|||
0:43:45 |
|||
|
|||
Ciphertrace and other companies are starting to work with Zcash team at Electric Coin Company on integration |
|||
of tools for that blockchain. |
|||
|
|||
-- Dave Jevans, CEO of Ciphertrace |
|||
|
|||
1:00:00 - Summary of Bitcoin ATM usage: stolen CC's, darknet markets, overseas remittance to family members |
|||
1:03:24 - Mixers can be wiretapped, Denial-of-Service'd and have code errors, not as good as privacy coins. |
|||
1:03:55 - Custody and exit fraud risk of "mixers" are inferior to protocol level privacy. Privacy coins have less risk of theft, almost none |
|||
1:04 - |
|||
|
|||
``` |
|||
We also have projects that are funded by Law Enforcement Organizations, |
|||
to work on Monero and Zcash tools and support, so there is good interest |
|||
in the research funding side, as well as the investigation side. |
|||
|
|||
- Dave Jevans, CEO of Ciphertrace |
|||
``` |
|||
|
|||
``` |
|||
The other thing, we are in touch with some communities and I would say, for example, we are getting a lot of helpful attitude from the Zcash Community, they were able to explain to us how exactly coin anonymization feature worked. Of course, if you have a suspect that knows what he is doing, he is not making stupid mistakes, their community is, of course, not in a position to help. |
|||
|
|||
-- ChainAnalysis |
|||
``` |
|||
|
|||
* 1:04:20 - What should Law Enforcement Organizations do? |
|||
* 1:05:00 - What Should Law Enforcement Do When They See A Privacy Coin? |
|||
* Very few options, forensics tools don't help. Monero + Tor is a dead end. |
|||
* Seizing phones is the easiest way to de-anonymize privacy coins! |
|||
* 1:06:00 - Telling Law Enforcement to search for privacy coin wallets, not just Bitcoin wallets, on seized phones. Wallets can be imported into surveillance software. |
|||
|
|||
|
|||
Originally from https://gist.github.com/leto/c351124c937e1516e9ac37e86738b0b2 |
Loading…
Reference in new issue