You are right, it was working better when I tested. Let me improve it…
Merci for the feedback!
Last build of the week, sorry for the spam.
Insufficient balance and other improvements: ginkgo-0.0.18.apk
More info: 0.0.18 · vjrj / ginkgo · GitLab
2 Likes
With Ğinkgo I had the wallet DqMzACN4rHxJXduBZXHTWrMaudLDxvFz761QDdji8LnZ
I sent 10 G1 to it.
But payments are disable online…
Then export ginkgo-wallet-DqMzACN4.json (546 Octets)
But when I tried to Import in 0.0.17
I have a “wrong patern error”.
Any idea?
Great question !!
TLDR: It’s far too much work for not enough money
Summary
So, if I wanted to hack the web app, I would first get ready with my web app patch. The patch would skip the hash check and return it as valid. I would then have to recreate a complete wallet module on another web site and link my web app patch to it. The wallet module should redirect every payment to a new wallet that is created on the fly (of course, I have all the private keys)
After being ready, I would have to take at the same time ownerships of the website where the app is located and of the other website where the wallet module is located. Which is insanely hard : you need many many powerfull computers to achieve that !!
Once done, I would have to wait for people to pay using the app, redirecting every payment directly in my wallets. Because draining wallet when they connect would be too obvious.
The time it takes for a payment recipient to acknowledge that he hadn’t receive the payment, to declare it to the forum and for the dev team to retrieve ownership of the website (or at least shuting down) would be enough to grab some money.
I would then try to send all my wallet’s money into a mixer and then to other different wallets to hide my tracks, hoping that my wallets are not flagged as frozen by the dev team.
However, because the June is not convertible, I would not be able to convert it back to Euro, or any other fiat / crypto currencies. I would have to spend it on the network. And if flagged, that would be impossible.
Anyway, like said before, this is too much hard work and risky, I would definitely use phishing / scam to make more money faster.
Also, note that if I can powned the website, I can also pown the .apk / extension and insert malicious code to do the same trick. Even faster, as only one app patch is needed.
Note that average users have “auto update apps” option set by default, and when connected to the Play Store, updates the .apk as soon as it is connected to internet. The same happens with extensions.
Like said before, if that trick was easy to do, Solflare would have been already hacked. And Solana or other SPL tokens are convertible to fiat / crypto currencies, so it’s easier to take the money and fly away.
Awesome remark !!
TLDR: Always have a “hot wallet” for everyday life and a “cold wallet” for storage
Summary
What would be achievable by powning the web site (see “How-To” above) would be to intercept transactions happening on the web site to stay hidden the longer possible.
But you are absolutely right, “don’t put all your eggs in the same basket” and if you fear for your account being on the web browser, you should definitely have a simple and practical “hot wallet” like the web app, where there is enough June to pay for things in everyday life, and a “cold wallet” used only to store your money, like a numeric vault (or a ledger).
Like when you go out to a flee market with cash, you don’t take all of your money (especially if you have a lot)
Maybe it’s also a great advice in everyday life with traditional banking as well 
Let’s keep in mind that everything is hackable. But it’s not because it’s hackable that it will be hacked.
I totally agree with @vjrj analogy: if you keep your house behind alarms, armored doors and window and you have to close it using 12 different keys everytime you leave / enter your fortress, it will just be a great waste of time and energy. Especially if inside of your house, you just live like a stoic !
A global advice on security (for example on the forum) would be nice. But letting people decide what is best for them is key.
1 Like
In my project, I personnaly use steganography which is storing the encrypted key in a simple sentence (two words sentence). Hence, this “sentence” could easily be send / share over the network using chat / mail / note without the risk of losing it.
Congrats for the hard work !! You are a coding beast 
I don’t understand why the webapp’s server admin can’t just change the webapp code to include the wallet code. Or just replace it with a false GUI which sends the private keys to a server. Or compromise both servers.
I’m not sure to understand how it works. If the webapp is able to check the wallet’s hash, then the wallet has to be executed by the webapp. So the webapp has access to the wallet’s local storage. If the wallet is executed as its own domain, then it can lie to the webapp about its hash.
1 Like
I really love your questions / ways of thinking !
Those questions are really important, so many thanks for asking them 
That would be changing too much code at once, so it’s too noticeable.
The web app does not handle the private keys. The web app is like the current version of gecko mobile : it can only read the blockchain, not write / send tx, nor read private keys
The wallet module is equivalent to the web extension.
- Already compromising a server is very hard. Physically, you have to find breaches, do a ddos attacks or a js injection. I don’t know about flutter, but the security on Next.js is harsh.
The best way would be to become a trusted dev member, or to pay the website admins and be able to publish without being approved by other devs. - The second server (with the wallet) should have different dev access and more protections as it is the one handling private keys / transactions / signatures. As the wallet code barely never changes after it is created, any change should trigger an alarm. So it’s more complicated to access.
- Finally, the hash is kept on the blockchain, with a multisig account. I would not even think of attacking this one.
==> It means that to attack, you have to compromise at least 2 of the 3 modules which are physically isolated. That should give enough time to prevent any damages.
The web app and the wallet send messages to each other. It’s like sending a http request to another server and the server replying with a response. It’s not really executing the server, it’s asking for a service.
Web app: “Sign this transaction, please ?”, Wallet: “Here is the signed transaction !” for example.
So the web app never has access to private keys.
The wallet module does the same as the extension, without the hassle (a mobile can’t use an extension).
Yes, it does. But it’s own local storage, as local storage is dependant on the domain.
So it never has access to the Wallet’s local storage where the private key is stored.
Nope, because the hash is calculated each time the wallet’s code is modified and stored on the blockchain. That would be a real pain if the code changed often (like the web app’s code does), but as the wallet’s code barely never change, it’s ok.
The wallet never knows nor manipulates it’s own hash.
1 Like
If the wallet is served by another server, how can the webapp be sure that the checked hash is the same as the one corresponding to the version executed by the user?
Example: I initiate a transaction. The webapp downloads the wallet code and checks the hash against the blockchain. Then it redirects the user to the wallet. But this time the wallet server serves a different code without telling the blockchain. Even if the difference is huge, the user won’t look at the code (especially if it’s compiled/minified) so nobody will notice.
3 Likes
Hi Frederic I added more tests to detect issues generating on each test 50 wallets and encrypting/decryptying them without detecting issues.
But a pattern failed to me today. But what happened is that instead of type, lets say “1234”, I noticed that I typed “11234” because the pattern widget is a bit more sensible than normal.
Please don’t share your export key in public, for you safety.
I totally agree.
Again, I totally agree.
Thanks, flutter helps a lot to do these things (and to like a lot this initiative & philosophy too).
PS: I’ve just published another version with fixes, enhancements and new translations:
https://git.duniter.org/vjrj/ginkgo/uploads/fdb0517cdc4e19158cb4a8f9bbcb44a1/ginkgo-0.0.19.apk
PS2: Where is the best place to talk about a GVA issue I detected? I have a small payment stuck in a GVA node so its always in txsHistoryMp.sending in one address and in the txsHistoryMp.receiving in the other address for days. If some want to check: HQvpc5EVTGxjWBF7zsUQR9qgAba3Mn2vNivCLphLQVpS is the sender.
2 Likes
You are absolutely right about this one !!
It theory, that would do a great hack. In practice, I have no idea on how to achieve this.
If that was so easy to hack a web wallet, I think nobody in the industry would ever consider building one and take the risk ! Maybe, I didn’t convince you with Solflare.
But there is also Nexo, Jaxx, Rare Pepe Wallet … Just to name the one I use and have assets on.
And those, unlike June, are handling massive amount of money, crypto that can be “mixed” (transaction can be hidden) and instantly converted to fiat.
Have you heard of any web wallet hacked ?
2 Likes
People just trust the domain owners too much.
The greatest danger is not a hack from the outside, but from the inside: when the service’s owner is dishonest. This happened a lot of times in the cryptomarket, because speculators are naive and don’t understand how it works.
Banks do the same, and even worse: you always give your password directly to the seller. (with a physical card: the password is written on the card and you type another additional password on the seller’s terminal. on the Internet: you are redirected to an obscure domain asking for your bank passwords and you can’t be sure the domain is owned by your bank)
I think we should make people understand that typing a private key on a website is a bad practice, and that any website asking for a private key should be considered scam, in first approximation.
5 Likes
Hi all,
I’ve just published 0.0.20 if you want to test the apk:
https://git.duniter.org/vjrj/ginkgo/uploads/52320f35c24dc6a42a04c7df36a524d5/ginkgo-0.0.20.apk
the web is also updated.
I think I’m quite close to release a stable version if we don’t detect something serious.
More info: 0.0.20 · vjrj / ginkgo · GitLab
PS: @poka there is a small merge request in durt:
Merge requests · pokapow / durt · GitLab
4 Likes
Il y a un petit problème de visibilité de certains boutons en mode sombre.
There is a small problem with the visibility of some buttons in dark mode.
J’attends avec impatience l’affichage en DUğ1. Le DUğ1 est l’unité par laquelle on peut mesurer et voir l’égalité temporelle. Le DUğ1 est l’unité utilisée pour montrer la convergence des comptes.
Le DUğ1 avec sa propriété d’invariance temporelle est la meilleure unité de mesure de la monnaie libre.
I’m looking forward to the DUğ1 display. DUğ1 is the unit by which we can measure and see temporal equality. The DUğ1 is the unit used to show the convergence of accounts.
The DUğ1 with its property of temporal invariance is the best unit of measurement of free money.
4 Likes
Hey @tuxmain ,
Firstly, I want you to know that I’m really happy to have this kind of constructive arguments with you. Thanks for taking the time. 
I agree with you on the trusting problem.
But whether it is a web wallet, an extension or an mobile app, the problem remains the same !
Why should I trust the owner of the Césium website where I download the mobile app, even worse the APK. Who tells me she didn’t screw up the APK with a key logger and any kind of trojan and not only my June are at risk but my other crypto wallet as well as my bank accounts. I would rather trust a web app which has limited access to what it can do on my phone as it can only operate in the web browser sand box.
The same goes for the extension. Before installing both, I’m asked : “do I trust the developer of the extension ?”. I really don’t know ! I guess so…
Let’s say @vjrj is a thief and should not be trusted. What a waste of his time to spend so much time trying to rob us from some June. Especially because if he tries, he’ll gonna be blacklisted from the June by the community and as we know him from the WoT, good luck to him to escape the ban.
One solution could be to trust him and create a community fund to refund people in case of a hack. Another one would be that someone else from @vjrj is hosting the website. Last one would be to open a website where people could alert others about a scam/phishing/hack. Thanks to the blockchain, we could easily retrace where the funds are going.
All of them are off course cumulative : we could built them all.
At last, G1ncko is not asking for your private key, it just create a temporary one to facilitate transactions. My bank is Césium where I keep all my June. And from there, I withdraw some in my wallet : G1ncko. Same as almost everybody does with traditional money : a lot of money in the bank, take a small portion from the ATM, and transact with people.
I met Junistes this weekend and they had great concerns about simplicity, not security. Most people are not dev and even tech averses (they hate technology) in part because it’s too complex.
When I told them about G1ncko, they were very happy to hear about it and test it. Paradoxically, they felt safe using G1ncko !!
In my opinion, that’s a great step forward. Let’s promote it and make sure that we, devs, build safeguards around it !
Hey @vjrj ,
I tested G1ncko with Junistes this weekend. 100% of them liked it. I found some bugs and will open issues accordingly.
The best way I found to recommend it was using infojune.fr
Still, it’s well hidden in there… Any recommendation on easier access ?
The biggest ask I have is : is it possible to have a demo version using Gdev ?
I don’t know if it’s a lot of work to adapt the existing version, but that would be amazing 
2 Likes
I’m not a member and I’m quite newbie in this ecosystem so I’m don’t know yet how the DU works well (more than is something variable). But let me arrive.
Great!. I hope some of the bugs are already fixed, but anyway, lets fix them.
I’m not sure if I understand you here.
I’m not sure if I understand you here neither 
Gdev is v2 or g1-test? In case of g1-test
currency, I deployed this:
But I don’t have g1-test so I didn’t tested. If someone wants to send me some g1-test I can try to test it: BrgsSYK3xUzDyztGBHmxq69gfNxBfe2UKpxG21oZUBr5
2 Likes
Yes, my question could have formulated better.
When I was presenting your work to people, I could not remember how to access Gincko (= I forgot the web app address), so I went to infojune.fr, and after some long research through the menus, I finally found it under : InfoJune - Logiciels clients
So maybe, I thought you knew if there are other faster ways to access the webapp … but I’ll remember the address from now on !!
Great, I was talking about a dev / demo version to use. Indeed, I was primarely thinking about Gdev as I use it for the v2 but if there is already a g1-test, I’ll be very happy to use it !!
If someone has some g1-test, feel free to send some to me as well :
ARq44ptzzAktv3xEVoXiTRkgWwHVAcuMqugDnpbfAidA
BUGS 
- On IPhone, the webapp couldn’t connect and was displaying “You are offline” even if he was online and with a good signal (not sure why, and could not reproduce on my android phone).
- When scanning for a QR code, the camera display caret on the right and bottom get out of the screen.
- When typing a number to pay and using the button . (bottom right), I get an error “Enter a valid number”, ex: try to type 0 . 5 (if you type another number after that, it works correctly)
- In the Receiving Page, adding decimals does not do anything (ex: 15 is the same as 15.38).
- In the Receiving Page, adding an infinity of number get the amount out of the page (ex: type 5555555555555555555555)
- In the Receiving Page, starting a number with , should automatically add a 0
- In the Receiving Page, french translation under the QR code when an amount is set does not display fully (ends with …)
- In the Receiving Page, the displayed text under the QR code is editable (is it intended ? if yes, it should be explained somewhere ?)
FEATURES 
- Would be nice to have access to QR scanner in the Pay page in order to scan another Gincko POS (Point-of-Sale).
- Would be clearer to display the wallet address with Brgs SYK3 **** **** instead of **** **** Brgs SYK3
- When scanning for a QR code, it would be nice to have a close button on the top right corner.
- When trying to pay with an empty wallet, it would be nice to have a label displayed saying so on the payment button
- It would be nice to have a copy button icon next to the address in case the user does not know that you can copy the address by clicking on it
- Exporting the private key could be better if proposing to the user where to export the file (best could be to open a standard sharing dialog which offers to copy on clipboard, share via note, email, chat, etc)
- When exporting the private key in dark mode, the pattern circles are hard to see because they are black on dark grey (white would be better)
I would love to help on that. I need to figure out how to duplicate myself, sleep less or slow down time
Hopefully, you’ll get that done faster than it took me to write it 
3 Likes
If pattern detection is inacurate, what about entering PIN number instead ?
I know, but as I cannot restore from backup, I think this wallet is locked
What king of encryption is applied to ginkgo-wallet-DqMzACN4.json ?