analitiko-v0.2.2

analitiko-v0.2.2

Highlights include but are not limited to:

• make postgresql port configurable
• more transparent package management in Dockerfile
• bug fixes and security updates

Known bugs:

• Timeout error on docker container. Double check the ips for now and restart the analitiko image.
• The analitiko image has monero but it is not tested on scripts/deploy.sh, recommend using sync-analitiko.sh for now with existing monerod instance

What's Changed

• [Snyk] Upgrade axios from 0.26.0 to 0.27.2 by @reemuru in #50
• [Snyk] Upgrade express from 4.17.3 to 4.18.0 by @snyk-bot in #49
• [Snyk] Upgrade axios from 0.26.1 to 0.27.2 by @reemuru in #51
• [Snyk] Upgrade express from 4.17.3 to 4.18.1 by @snyk-bot in #52
• [Snyk] Upgrade express from 4.18.0 to 4.18.1 by @reemuru in #53
• [Snyk] Upgrade helmet from 5.0.2 to 5.1.0 by @snyk-bot in #54
• [Snyk] Upgrade helmet from 5.0.2 to 5.1.0 by @snyk-bot in #55
• [Snyk] Upgrade helmet from 5.1.0 to 5.1.1 by @reemuru in #56
• [Snyk] Upgrade helmet from 5.1.0 to 5.1.1 by @snyk-bot in #57

Full Changelog: analitiko-v0.2.0...analitiko-v0.2.2

**Report issues to https://github.com/hyahatiph-labs/infosec/issues

analitiko-v0.2.0

analitiko-v0.2.0

Highlights include but are not limited to:

• kmeans clustering model located at scripts/xmr-fee-kmeans
• automated model deployment recipe, see docker.md
• dockerhub support
• fault tolerance via process manager 2 (see the npm package for more capabilities)
• managed transactions via sequelize

Known bugs:

• Timeout error on docker container. Double check the ips for now and restart the analitiko image.
• The analitiko image has monero but it is not tested on scripts/deploy.sh, recommend using sync-analitiko.sh for now with existing monerod instance

What's Changed

• [Snyk] Upgrade typescript from 4.5.5 to 4.6.2 by @snyk-bot in #23
• [Snyk] Upgrade @types/react-dom from 17.0.11 to 17.0.13 by @snyk-bot in #24
• [Snyk] Upgrade @capacitor/android from 3.4.1 to 3.4.2 by @snyk-bot in #25
• [Snyk] Upgrade @capacitor/core from 3.4.1 to 3.4.2 by @snyk-bot in #26
• [Snyk] Upgrade @capacitor/android from 3.4.2 to 3.4.3 by @snyk-bot in #29
• [Snyk] Upgrade mocha from 9.2.1 to 9.2.2 by @snyk-bot in #35
• build(deps): bump moment from 2.29.1 to 2.29.2 in /analitiko by @dependabot in #36
• build(deps): bump minimist from 1.2.5 to 1.2.6 in /prokurilo by @dependabot in #37
• build(deps): bump minimist from 1.2.5 to 1.2.6 in /himitsu by @dependabot in #38
• [Snyk] Upgrade @types/react from 17.0.39 to 17.0.41 by @snyk-bot in #39

**Report issues to https://github.com/hyahatiph-labs/infosec/issues

Full Changelog: analitiko-v0.1.0...analitiko-v0.2.0

analitiko-v0.1.0

analitiko-v0.1.0

This is the initial release for Hyahatiph Labs Monero blockchain analytics tool suite.
Just getting started off here with our NRPS stack (Node.js typescript, R statistical
programming, Postgresql database and Sequelize object relational mapping.
The Postgresql "analytics chain" is a trimmed down version of the real blockchain. The
block hex, transaction rctsig_prunable and transaction fullHex are removed. The intent
is to bootstrap an analytics playground for new developers, researchers and anyone interested
in exploring the Monero blockchain data. This repo will grow to provide stepping stones for learning
how to derive useful insights from complex data.

This release also has a R script to generate a Hierarchical Network Graph of ring output indices.
The data is tweaked such that D1 -> from (block height) | to (tx hash)
and D2 -> from (tx hash) | to (key offset). This field plays a crucial role during
spending because ring members need to be checked if "rings contain keys originating
from the same tx or temporally very close block heights" (simplewallet.cpp/process_ring_members).
More information about Monero transaction structure can be found in the stack exchange link below:

Key offsets are the set of outputs your ring is using as "fake"outputs, as well as yours.
Outputs of a given denomination are ordered in blockchain order, and thus can be
represented by their index in that list. This is smaller than using the public key.
Moreover, they're stored as offsets from the previous one (the first one from 0),
as this will result in smaller values, which can often result in a yet smaller amount
of data, since those numbers are written out in a variable length output (kinda like UTF-8 in rough outline).

https://monero.stackexchange.com/questions/2136/understanding-the-structure-of-a-monero-transaction/2150#2150

Check the readme for more details on typescript middle-ware setup.

R script for this release is located in infosec/analitiko/scripts/xmr-ring-output-network-graph.R.
The associated Shiny App is in infosec/analitiko/scripts/xmr-ring-output-network-graph/app.R.
Postgresql authentication information needs to be put in a infosec/.Renivron file with the contents:

PG_USER=<postgresql username>
PG_CRED=<postgresql password>
PG_DB_NAME=<postgresql database name>
SHINY_PORT=<port to run shiny server>

Postgresql database setup is beyond the scope for now. It will be automated via Docker at some point
in the future. Although the effort is manual, it is not too time consuming. It is a popular database and many
guides are available online. Just install Postgresql, create a database and make an owner for it.
Postgresql is expected to be running at the default, localhost:5432.

RStudio IDE is helpful for interacting with R scripts but not required. Happy Hacking!

Known bug:

Shiny app slide input does not update the network graph. For now the graph is static.
A temp fix is progress for refreshing the server.
#28

What's Changed

• [Snyk] Upgrade chai from 4.3.4 to 4.3.6 by @snyk-bot in #9
• [Snyk] Upgrade axios from 0.21.4 to 0.26.0 by @snyk-bot in #14
• [Snyk] Upgrade express from 4.17.2 to 4.17.3 by @snyk-bot in #15
• [Snyk] Upgrade mocha from 9.2.0 to 9.2.1 by @snyk-bot in #17
• [Snyk] Upgrade sass from 1.49.8 to 1.49.9 by @snyk-bot in #19
• [Snyk] Upgrade axios from 0.25.0 to 0.26.0 by @snyk-bot in #18
• [Snyk] Security upgrade ubuntu from latest to 20.04 by @snyk-bot in #20
• [Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0 by @snyk-bot in #21
• build(deps): bump node-forge from 0.10.0 to 1.3.0 in /himitsu by @dependabot in #22

**Report issues to https://github.com/hyahatiph-labs/infosec/issues

Full Changelog: himitsu-v0.1.1-experimental...analitiko-v0.1.0

himitsu-v0.1.1-experimental

Himitsu v0.1.1-experimental

Himitsu is still mostly a dev playground, at least until the installation
process gets smoothed out. This release is mostly bug fixes, and the prokurilo / i2p integration.
The production build will now only work over an i2p connection due to the proxy being built in to
the authentication framework. Mainnet restrictions are removed but the application still requires
thorough testing on stagenet. Notable changes include but are not limited to:

• manifest v3 migration d573364 ***
• prokurilo authentication - allows for the wallet session to
  remain open as long as wallet rpc and prokurilo are running eliminating the need for syncing.
  Must be run on a hardened server.
• i2p integration - browser extension must be run behind the browser's proxy on localhost:4444
• remove old password management which was broken
• small styling fixes
• WIP android dev builds (requires manually updating App.css)

*** firefox store is not accepting manifest v3 yet
the only change that is needed is version: 3 and browser_action -> action

Firefox

Test the production build from the firefox store if you feel up to it.

Future integrations planned

• blockchain stats built into wallet side panel
• view only wallet
• fetch price and fee estimates over i2p
• custom webpack and remove react-scripts dependency
• webxmr for seamless web integration
• atomic swaps
• see milestones

Known bugs

• i2p address may fail to add during first initialization, need to close and retry
• prokurilo disconnection requires recovery from seed due to the nature of the integration
• it is possible there are some edge cases where the wallet will fail to authenticate in the middle of a session
  requiring a wallet re-installation
• sync status and i2p indicators are missing and will be included in release v.0.2.0-experimental
• balance not showing after prokurilo re-authentication on wallet unlock, (use 'refresh' button for now)

report bugs to issues page

What's Changed

• build(deps): bump url-parse from 1.5.7 to 1.5.10 in /himitsu by @dependabot in #7
• [Snyk] Upgrade axios from 0.24.0 to 0.25.0 by @snyk-bot in #10
• [Snyk] Upgrade axios from 0.25.0 to 0.26.0 by @snyk-bot in #13
• [Snyk] Upgrade helmet from 5.0.1 to 5.0.2 by @snyk-bot in #11
• [Snyk] Upgrade sass from 1.49.7 to 1.49.8 by @snyk-bot in #16

New Contributors

• @snyk-bot made their first contribution in #10

Full Changelog: himitsu-v0.1.0-experimental...himitsu-v0.1.1-experimental

himitsu-v0.1.0-experimental

Himitsu v0.1.0-experimental

Experimental Firefox App

manifest hash: sha256-F9WtS9m5E6WeX3J+MdTu0oJM5RJEUp9SLGONS4lUvBM=

This release is the first of many for the Himitsu client / Monero browser extension. This is currently a dev wallet primarily used for quickly interfacing and testing integration between React.js and the monero-wallet-rpc. It requires a custom binary which is included and built on the latest Fedora 35 kernel as of the date of this tag or compile this monero pull request from source to generate the monero-wallet-rpc binary. There is no windows support at the moment. Security is minimal, and there are locations in the code where mainnet addresses will be rejected. This release is not intended for mainnet use.
Notable features that separate this wallet from others:

• Transfer funds embedded on contact page (no need to copy and paste addresses)
• Reserve Proof generation and validation
• Transaction Proof generation and validation is embedded into transaction list
• pin-to-send for security

Future integrations planned

• connect to public rpc over i2p
• fetch price and fee estimates over i2p
• custom webpack and remove react-scripts dependency
• webxmr for seamless web integration
• atomic swaps
• any requests possible!

report bugs to https://github.com/hyahatiph-labs/infosec/issues

What's Changed

• build(deps): bump follow-redirects from 1.14.7 to 1.14.8 in /xmr-price-proxy by @dependabot in #2
• build(deps): bump follow-redirects from 1.14.7 to 1.14.8 in /prokurilo by @dependabot in #3
• build(deps): bump url-parse from 1.5.4 to 1.5.7 in /himitsu/client by @dependabot in #5

New Contributors

• @dependabot made their first contribution in #2

Known bugs

• long time to refresh wallet when recovering from seed
• snackbar get jumbled sometimes if you don't keep subaddress refreshed

Full Changelog: https://github.com/hyahatiph-labs/infosec/commits/himitsu-v0.1.0-experimental