Skip to content

Detection Tool

Latest
Compare
Choose a tag to compare
@pm47 pm47 released this 27 Sep 13:44

This tool will detect if your node has been victim of the invalid funding tx attack.

Note the default location of eclair.sqlite is:

  • on Windows: C:\Users\<username>\.eclair\mainnet\eclair.sqlite
  • on Linux: /home/<username>/.eclair/mainnet/eclair.sqlite

Ask for help on gitter if needed.

Usage

java -jar checkfunding.jar --db eclair.sqlite

Help

$ java -jar checkfunding.jar --help
checkfunding 1.0
Usage: checkfunding [options]

  --db <eclair.sqlite>  path to eclair.sqlite
  --conf <eclair.conf>  path to eclair.conf
  --help                prints this usage text

This utility will detect if your node has been victim of CVE-2019-13000.
Please see the thread on https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-August/002130.html for more details on the vulnerability.

NB: This tool will only work if you have been using released versions of Eclair. If you are on e.g. latest master, please contact support.

Example: checkfunding --db /path/to/eclair.sqlite --conf /path/to/eclair.conf

Verifying signatures

You will need gpg and our release signing key E434ED292E85643A. Note that you can get it:

To import our signing key:

$ gpg --import padioupm.asc

To verify the release file checksums and signatures:

$ gpg -d SHA256SUMS.asc > SHA256SUMS.stripped
$ sha256sum -c SHA256SUMS.stripped