Site icon API Security Blog

Ethernet place the JSON-RPC Interface to a variety of stolen currency technique big secret-vulnerability warning-the black bar safety net

In 2010, Laszlo the use of 10,000 bitcoin to buy a $ 25 pizza is considered bitcoin in the real world in the first transaction.
In 2017, the block chain technology as the digital currency’s price soared and standing on the air above. Who could have imagined that in 2010 that two pieces of pizza, can be at 2017 year-end value of 1.9 billion dollars.
Ethernet Square, as the block chain 2.0 times the representative, through smart contract platform, the solution to bitcoins scalability problem of insufficient, in the financial industry with huge applications.
Through smart contracts to trade, do not control the transaction time, do not control whether the transaction is legal, as long as able to meet the smart contract rules, you can make unlimited transactions. In the huge economic interests, there will always be someone to go on another road.
The Ancients of thieves, the virtual currency field also has its unique definition. Only for block chain technology enough to know, to be in this feast acquired more than enough money. They may wish that the dark lone wolf, regardless of whether succeeded will be found in the front get out and go.
2018/03/21, in the secret of the etheric Frank lurking in the years of”sneaking”vulnerability, global hacking is a crazy steal coins of[19] and the Ethernet place ecological defects caused together with the billion level token theft Grand case[20] the two below Secret Ethernet Fong smuggling vulnerability, also known as the etheric Frank Black-Valentine’s Day events related to the attack details, knew Chong Yu the 404 team based on the existing information to further Refine the relevant honeypot.
2018/05/16, know Chong Yu the 404 block chain security research group on the Smuggling of vulnerability events for early warning and pointed out that the port already exists intensive scanning behavior.
2018/06/29, slow fog in the community warning of the etheric Frank Black-Valentine’s Day events that smuggling vulnerabilities new attack techniques the attack techniques in this article also known as: offline attack. In conjunction with the honeypot data to reproduce the attack techniques of the process, know Chong Yu the 404 block chain security research team found that: in a real scenario, there is also a further two new attacks: the replay attacks and blast attacks, since such attacks occur in people smuggling vulnerability after exposure, we refer to these attack techniques collectively referred to as after the smuggling era of the stolen currency.
This article will introduce the related knowledge point for the Smuggling of vulnerability and after the smuggling era of the stolen currency in a manner, the analog reproduction of the stolen currency of the actual process, the attack is successful the key point for analysis.
0×01 key knowledge point
The so-called brothers do not misuse chop wood work, only clearly grasp the key knowledge points, in order to understand the vulnerability principle with ease. In this section, The author will introduce the Ethernet workshop to initiate a transaction signature process and related knowledge points.
1.1 RLP encoding
RLP (recursive length prefix) provides a method suitable for arbitrary binary data array encoding, RLP has become the Ethernet of the workshop on object serialization the main coding scheme.
The RLP encoding of the string and list sequences of operation, the specific encoding process as follows:
! [](/Article/UploadPic/2018-8/20188717520371. png? www. myhack58. com)
In this case, also to 3.4.1 section eth_signTransaction interface returns the signature data, for example, to explain the signature data is how after tx obtained after encoding.
the result field in the raw and tx as follows:
“raw”: “f86b01832dc6c083030d4094d4f0ad3896f78e133f7841c3a6de11be0427ed89881bc16d674ec80000801ba0e2e7162ae34fa7b2ca7c3434e120e8c07a7e94a38986776f06dcd865112a2663a004591ab78117f4e8b911d65ba6eb0ce34d117358a91119d8ddb058d003334ba4

“tx”: {
“nonce”: “0x1”,
“gasPrice”: “0x2dc6c0”,
“gas”: “0x30d40”,
“to”: “0xd4f0ad3896f78e133f7841c3a6de11be0427ed89”,
“value”: “0x1bc16d674ec80000”,
“input”: “0x”,
“v”: “0x1b”,
“r”: “0xe2e7162ae34fa7b2ca7c3434e120e8c07a7e94a38986776f06dcd865112a2663”,
“s”: “0x4591ab78117f4e8b911d65ba6eb0ce34d117358a91119d8ddb058d003334ba4”,
“hash”: “0x4c661b558a6a2325aa36c5ce42ece7e3cce0904807a5af8e233083c556fbdebc”
}
According to the RLP encoding of the rules, we the tx field as a list in order to encode (hash except). Since the length must be greater than 55 bytes, so the use of the last a coding scheme.
For the time being put aside the first two bits, all items are RLP encoded, the result is as follows:
! [](/Article/UploadPic/2018-8/20188717520748. png? www. myhack58. com)
Combined is:
01832dc6c083030d4094d4f0ad3896f78e133f7841c3a6de11be0427ed89881bc16d674ec80000801ba0e2e7162ae34fa7b2ca7c3434e120e8c07a7e94a38986776f06dcd865112a2663a004591ab78117f4e8b911d65ba6eb0ce34d117358a91119d8ddb058d003334ba4
A total of 214 bits, the length is 107 bits, which means that the second is 0x6b, the first bit is 0xf7 + len(0x6b) = 0xf8, which is also the final raw content:
0xf86b01832dc6c083030d4094d4f0ad3896f78e133f7841c3a6de11be0427ed89881bc16d674ec80000801ba0e2e7162ae34fa7b2ca7c3434e120e8c07a7e94a38986776f06dcd865112a2663a004591ab78117f4e8b911d65ba6eb0ce34d117358a91119d8ddb058d003334ba4
1.2 the keystore file and decrypt
the keystore file is used to store the Ethernet workshop the private key. In order to avoid the private key is stored in plain text cause leakage happens, the keystore file came into being. Let us combine the following keystore files to the contents take a look at the private key is how the encryption:
the keystore file source: https://github.com/ethereum/tests/blob/2bb0c3da3bbb15c528bcef2a7e5ac4bd73f81f87/KeyStoreTests/basic_tests.json that slight changes
{
“address”: “0x008aeeda4d805471df9b2a5b0f38a0c3bcba786b”,

**[1] [[2]]() [[3]]() [[4]]() [[5]]() [[6]]() [[7]]() [[8]]() [[9]]() [next]()**Read More

Exit mobile version