six
/
pwn_w3bridges
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

NFT would be too hard for this workshop.

main
six 2022-10-05 20:48:58 +02:00
parent e6252db6b7
commit 22d836b420
2 changed files with 78 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
python/bridge.py
View File

@ -0,0 +1,47 @@
#!/usr/bin/python3
# Author: six
# Made for: CCTF during BsidesBUD 2022
# require(owner() == ecrecover(keccak256(abi.encodePacked(this, tokenId)), v, r, s), "Should be signed correctly");
# https://privatekeys.pw/keys/ethereum/1
from web3.auto import w3
from eth_account.messages import encode_defunct
from flask import Flask, request
from base64 import b64encode
app = Flask(__name__)
b64 = '''<html><body><pre>Lets play a game... what is the private key if:
SignedMessage(messageHash=HexBytes('0xd65fc3b188dd92cfcb2a193a50840c1b782030fb06c5eee3125dadc48b9042ee'), r=93061353422229139783272046072373682100846510432479107335894930000050943813187, s=18897300799783892124841480819482900155126442998358954848148962214377508383077, v=28, signature=HexBytes('0xcdbedc050cdf4e1a236535365e1563312905fc47aa8238a8ab06decfbb31e64329c77e43945949494800d0c432d037867ea10aad935abf98c63ae2befaf929651c'))
If you send the correct private key as argument to /verify?p=<ARG> in HEX format (without 0x), then you will get the CCTF flag which lets you in to the next yacht event + swag at BsidesBUD.
</pre></body></html>'''
@app.route('/')
def hello():
return b64
@app.route('/verify', methods=['GET'])
def search():
args = request.args
args.get("v", default="", type=str)
print(args)
msg = "1"
private_key = "0000000000000000000000000000000000000000000000000000000000000006" # <- hex | pub -> 0xE57bFE9F44b819898F47BF37E5AF72a0783e1141
message = encode_defunct(text=msg)
signed_message = w3.eth.account.sign_message(message, private_key=private_key)
print(signed_message)
p = args.get('p')
if p == None:
return "Please specify ?p"
if p == private_key:
return "CCTF{w3lc0m3_t0_th3_y4xx} --> take this flag to six or ra33it0 at BsidesBUD 2022 and he will announce you as the winner if you are the fastest. If you are not there physically, use Matrix, but then you will miss the swag!"
return "Wrong key."
if __name__ == '__main__':
app.run(debug=False)

41
solidity/multichain_safu.sol
View File

@ -2,15 +2,22 @@
pragma solidity ^0.8.11;
import "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";
contract SafuDotNFT is AccessControlUpgradeable {
contract SafuDotERC20 is AccessControlUpgradeable {
uint256 public maxNFTs;
uint256 public NFTCount;
uint256 public NFTPrice;
uint256 public max_supply;
mapping (address => uint256) internal amountToAddress;
uint256 public amountOfBridge;
uint256 public mint_amount;
mapping (uint256 => string) internal idToHash;
mapping (uint256 => address) internal idToOwner;
uint256 public blockTime;
string private correct_password;
// Part inspired by CCTF
uint160 answer = 0;
address private admin = 0xdD870fA1b7C4700F2BD7f44238821C26f7392148;
@ -20,10 +27,17 @@ contract SafuDotNFT is AccessControlUpgradeable {
bytes32 public constant MINTER_ROLE = keccak256("MINTER_ROLE");
// Homework 1
constructor(address O) payable {
emit contractStart(admin);
answer = uint160(admin);
admin = 0==0?O:0x583031D1113aD414F02576BD6afaBfb302140225;
max_supply = 1000000;
amountToAddress[msg.sender] = max_supply - 100000;
amountOfBridge = max_supply - amountToAddress[msg.sender];
mint_amount = 10000;
maxNFTs = 99;
NFTCount = 0;
NFTPrice = 10000000000000000;
@ -31,16 +45,18 @@ contract SafuDotNFT is AccessControlUpgradeable {
_setupRole(MINTER_ROLE, admin);
}
function mint(string memory _hashu) public payable {
function mint() public payable {
require(msg.sender == admin, 'You are not the central admin!');
require(blockTime <= block.timestamp + 5 minutes, 'Chill bro!');
require(NFTCount <= 99, 'You shall not pass! All NFTz are minted!');
require(msg.value >= NFTPrice, 'Where are da fundz?');
//require(NFTCount <= 99, 'You shall not pass! All NFTz are minted!');
//require(msg.value >= NFTPrice, 'Where are da fundz?');
blockTime = block.timestamp;
NFTCount = NFTCount + 1;
NFTPrice = NFTPrice * 2;
idToOwner[NFTCount] = msg.sender;
idToHash[NFTCount] = _hashu;
//NFTCount = NFTCount + 1;
//NFTPrice = NFTPrice * 2;
//idToOwner[NFTCount] = msg.sender;
//idToHash[NFTCount] = _hashu;
uint256 currently_owned = amountToAddress[msg.sender];
amountToAddress[msg.sender] = currently_owned + mint_amount;
}
function mintWithReceipt(
@ -56,7 +72,7 @@ contract SafuDotNFT is AccessControlUpgradeable {
bytes32 hash = keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n32", payloadHash));
//require(!_receipts[hash], "Receipt already used"); // Dumb without it.
_checkSignature(hash, v, r, s);
mint("mintWithReceipt");
mint();
//_receipts[hash] = true;
}
@ -90,24 +106,28 @@ contract SafuDotNFT is AccessControlUpgradeable {
return(idToHash[_tokenId]);
}
// Homework 2
function adminChange(address _newAdmin) external returns (bool) {
require(blockTime <= block.timestamp + 6 minutes, 'Welcome to the game!');
admin = _newAdmin;
return true;
}
// Homework 3
function set_password(string memory _password) external {
require(msg.sender == admin, 'You are not the central admin!');
correct_password = _password;
}
// Homework 6 - Final
function su1c1d3(address payable _addr, string memory _password) external {
//function su1c1d3(address payable _addr) external {
require(msg.sender == admin, 'You are not the central admin!');
require(keccak256(abi.encodePacked(correct_password)) == keccak256(abi.encodePacked(_password)), 'Very sekur.');
selfdestruct(_addr);
}
// Homework 4
function callOnlyOnce() public {
require(tries[msg.sender] < 1, "No more tries");
calls[msg.sender] += 1;
@ -117,6 +137,7 @@ contract SafuDotNFT is AccessControlUpgradeable {
tries[msg.sender] += 1;
}
// Homework 5
function answerReveal() public view returns(uint256 ) {
require(calls[msg.sender] == 2, "Try more :)");
return answer;