店長ブログ

釣りエサ専門店SABANIZM店長のブログです。

2023年5月26日金曜日

Smart Contract Hacking Chapter 1 - Solidity For Penetration Testers Part 1 (Hello World)

 

Note: We will start off our Smart Contract Hacking journey with some basic solidity programming in the first two weeks. After that we will ramp things up and get a little crazy deploying blockchains and liquidating funds from accounts. But since the purpose of this series is to share the information I have learned over the last two years.  I do not want to alienate those new to Smart Contracts and programming so we will take these first few weeks a bit slow. 

Also note the text was taken from a book I was / am writing, I retrofitted it for this blog, and placed videos where screenshots may otherwise exist. If something seems off.. Just DM me on twitter and I will update it anything I might have missed during editing, but I tried to edit it as best as possible to meet this format rather then a book. 

Cheers  @Fiction 

http://cclabs.io

Thanks to @GarrGhar for helping me edit/sanity check info for each of the chapters. 


About Solidity

The solidity programming language is the language used to write smart contracts on the Ethereum blockchain. As of my initial writing of this chapter the current compiler version was 0.6.6. However, the versions change rapidly. For example, when I started coding in solidity 2 years ago, solidity was in version 4 and now its version 7 with major library and coding stylistic requirement updates in version 5. 

So, note that when compiling your code for labs its best to use the version sited in that particular example. This is easily achieved in the online compilers, by selecting the compiler version from the dropdown menu. If you would like to give yourself a small challenge, use the latest compiler version and try to modify the code to work with it. Usually this just requires a few minor modifications and can be a good learning experience under the hood of how Solidity works and what has changed.

Solidity is very similar to writing JavaScript and is fully object oriented. In the intro chapters we will attempt to provide a quick overview of solidity understanding needed for a penetration tester. This will not be full guide to programming, as programming is considered to be a pre-requisite to application hacking. Instead this chapter will be a gentle introduction of needed concepts you will use throughout this book. Solidity is also a needed pre-requisite for understanding the rest of the information and its associated exploitation course. 

However, as long as you understand general programming concepts then you should have no trouble understanding solidity. It is a relatively easy language to get up and running with quickly in comparison to more mature languages like C++ and Java which may take a more significant amount of time to learn.

The most important thing to understand with solidity is that unlike traditional languages, solidity handles transactions of monetary value by default. Meaning you don't need to attach to a payment API to add transactions to your applications. Payment functionality is baked into the language as its primary purpose and for usage with the Ethereum blockchain.  All that's needed for financial transactions in solidity is a standard library transfer function, and you can easily send value to anyone's public address. 

For example, the following simple function will transfer a specified amount of Ether to the user calling the function provided they have a large enough balance to allow the transfer. But lets not dive into that just yet. 

 

1.  function withdraw (uint amount) {
2.     require (amount <= balances[msg.sender]);
3.     msg.sender.transfer(amount);
4.  }

 

Structure of a Smart Contract

Rather than discuss payments at this point, let's not jump to far ahead of ourselves. We need to understand the structure of a smart contract. Let's take a look at a Hello World example. We will analyze all of the key aspects that make solidity different then other languages you may currently understand.

You can easily follow along with this on http://remix.ethereum.org which is a free online IDE and compiler for coding in solidity. A full video walk through of Remix is included later on in this chapter.  Remix contains in-browser compilers and virtual environments that emulate block creation and allow you to send and receive transactions.  This is a powerful development tool and absolutely free to use. 

Below is the simple code example we will analyze before moving on to a live walk through. 

1.  pragma solidity 0.6.6; 
2.   
3.  contract HelloWorld {
4.           
5.     constructor () public payable {
6.           //This is a comment
7.           //You can put your configuration information here
8.     }
9.   
10.   function hello () public pure returns (string memory) {
11.                  return "Hello World";
12.         }
13.}

 

There is a lot going on in this small program so I will try to break it down as simple as possible. In the first line, we have the pragma statement which is required at the top of each program to let the compiler know which version of solidity this code was written for.  As I said earlier, these versions change rapidly due to the evolving technology and many changes are implemented into each new version. So, the compiler needs to know which version you intended this to run on.

On line 3 is the word "contract" followed by whatever name you wish to call your contract. The contract's functionality is then enclosed in curly braces. This is similar to creating a class in any other language. It's a block of associated code that can be inherited, or interfaced with and contains its own variables and methods.

On line 5 contained within the contract curly braces we have a constructor denoted by the word "constructor".  The constructor is run one time at contract creation and used to setup any variables or details of the smart contract. This is often used for creating an administrator of the contract or other items that are needed prior to contract usage. 

Functions and variables within Solidity also have various types and visibility set with their creation.  In this case also on line 5 you will see the words "public" and "payable" used to describe the constructor. 

Public you may be familiar with as it's a common visibility keyword used in other languages denoting that anyone can call this function. There are other visibility types in Solidity listed below, we will cover each of these in more detail as we use them to our advantage when hacking smart contracts:

 

Public

This allows anyone to call and use this function

 

Private

This allows only the current contract and its functions to call it directly.

 

Internal

This is similar to private except it also allows derived contracts to use its functionality

 

External

External can only be called externally by other contracts unless the "this" keyword is used with the function call.

 

The second keyword in the constructor definition "payable" you may not be familiar with unless you have worked on blockchain projects. The word payable within solidity is needed on any item that can receive Ether. So, by setting the constructor as payable we can send a base amount of Ether to the contract when its deployed. This will add an initial monetary liquidity for whatever functionality the contract is providing. For example, if this were a gambling game, we would need some initial Ethereum to payout our winners before our revenues catch up with our payouts and we start collecting large sums of failed gambling revenue. 

Within the constructor is an example of how comments are handled in solidity, the simple double forward slash is used like in most languages. Comments function in the same way as any other language in that they are not processed and they are ignored by the compiler but are useful for understanding the code you wrote later after you have taking time apart from reading your code.

Finally, we have our simple hello function starting on line 10. Again, there is a lot going on here. First is the name of the function with parentheses that can contain arguments like in any other language. However, this function does not take arguments.

You will notice two more keywords in the function definition "pure" and "returns". Returns is simply the way the function denotes that it will return a value to the user, which it then states directly after it what type of variable it returns. In this case, it returns a string in memory.  We will talk about memory and storage later on and the security implications of them.

Next is the word "Pure" there are a couple types of functions in Solidity which will list below with a brief description.


View

This type of function does not modify or change the state of the contract but may return values and use global variables.

Pure

A pure function is a function which is completely self-contained in that it only uses local variables and it does not change the state of the smart contract.


Finally, in line 11 we return our string to the user who called the function. In the context of a user, this could be a physical user using an application or smart contract functionality or it could actually be another smart contract calling the function.

 

Hands on Lab – Remix HelloWorld

Now that we talked over in detail all the new concepts to solidity programs using a small example, lets compile and run this code on remix.ethereum.org.

Action Steps:

ü Browse to remix.etherum.org
ü Type out the the code from above (Do not copy Paste it)
ü Compile and deploy the code
ü Review the transaction in the log window

 

Intro to the Remix Development Environment Video


In Remix create a new file and type out the example helloworld code.  I would suggest that you actually type out all of the examples in this book. They will not be exhaustive or long and will provide you great value and make you comfortable when it comes to writing your own exploits and using the compilers and tools. These are all essential tools to your understanding.

Within your remix environment, you will want to select the compiler version 0.6.6 to ensure that this code runs correctly. If you typed out the code correctly you should not receive any errors and you will be able to deploy and interact with it. In the following video we will walk you through that process and explain some nuances of solidity. 


Explaining and Compiling HelloWorld Video: 






 

Lets now quickly review a few key points about the transaction that you saw within the video when compiling your code. This transaction is shown below. 

__________________________________________________________________________________

call to HelloWorld.hello

CALL

from      0xBF8B5A94eD4dFB45089b455B1A0e296D6669c625

 to           HelloWorld.hello() 0xADe285e11e0B9eE35167d1E25C3605Eba1778C86

 transaction cost               21863 gas (Cost only applies when called by a contract)

                                         execution cost 591 gas (Cost only applies when called by a contract)

 hash     0x14557f9552d454ca865deb422ebb50a853735b57efaebcfc9c9abe57ba1836ed

 input    0x19f...f1d21

 decoded input {}

 decoded output               {

                "0": "string: Hello World"

}

 logs       []

_________________________________________________________________________________

 

The output above is a hello transaction which contains the relevant data retrieved when you executed the hello function in the video. The first important thing to notice is the word "CALL". In solidity there are call and send transactions. The difference between the two is whether they change the state of the blockchain or not. In this case we did not change the state, we only retrieved information so a CALL was issued.  If we were changing variables and sending values then a SEND transaction would have been issued instead.

Next you will see the "From" address which should correspond with the address you used to call the transaction.  The "To" field should be the address the smart contract was given when you deployed the smart contract. You can view this on your deployment screen next to the deployed contract name by hitting the copy button and pasting it somewhere to see the full value.

You will then see the costs and gas associated with the transaction. Costs change based on the size of the contracts and the assembly code created by the compiler. Each instruction has a cost. We will cover that later when we do a bit of debugging and decompiling. 

Finally take note of the Decoded Output which contains the return string of "Hello World".

 

Summary

If you are new to solidity or new to programming in general this might have been a lot of information.  In the next chapter we cover a few more key solidity concepts before moving on to exploiting vulnerabilities where a much more in depth understanding of how solidity works and its security implications will be explored. For more solidity resources and full-length free tutorials check out the following references

  

Homework:

https://cryptozombies.io/en/course/

More info


  1. Pentest Tools For Windows
  2. Hack Tools 2019
  3. Hacker Hardware Tools
  4. Pentest Tools List
  5. Hack Tools Pc
  6. Hacker Tools 2020
  7. Growth Hacker Tools
  8. Hacker Tools Free
  9. World No 1 Hacker Software
  10. Hacker Tools Apk
  11. Hack App
  12. Hacker Tools 2020
  13. Blackhat Hacker Tools
  14. How To Make Hacking Tools
  15. What Is Hacking Tools
  16. Pentest Tools Windows
  17. Pentest Tools Github
  18. Hacker Tools Github
  19. How To Install Pentest Tools In Ubuntu
  20. Pentest Tools For Android
  21. Hack Tool Apk
  22. Hacker Hardware Tools
  23. Hack Tools
  24. Termux Hacking Tools 2019
  25. Hack Rom Tools
  26. Hacking Tools For Beginners
  27. How To Hack
  28. Hackers Toolbox
  29. Hak5 Tools
  30. Hacker Tools List
  31. Pentest Tools Kali Linux
  32. Hacker Tools
  33. Bluetooth Hacking Tools Kali
  34. Blackhat Hacker Tools
  35. Pentest Tools Github
  36. Hack App
  37. Hack Tools For Games
  38. Pentest Tools Framework
  39. Pentest Tools
  40. Tools For Hacker
  41. Hacker Tools For Windows
  42. Beginner Hacker Tools
  43. Growth Hacker Tools
  44. New Hacker Tools
  45. Pentest Recon Tools
  46. Hacker Tools Apk
  47. Hacker Tools Windows
  48. Ethical Hacker Tools
  49. Hack Tools Mac
  50. Pentest Tools Website
  51. Hacker Tools For Mac
  52. Best Hacking Tools 2020
  53. Hacking Tools Free Download
  54. Pentest Tools Alternative
  55. Blackhat Hacker Tools
  56. Hacking Tools Github
  57. Hacking Tools Free Download
  58. How To Make Hacking Tools
  59. Pentest Tools Website
  60. Tools Used For Hacking
  61. Hacker Tools For Windows
  62. Hacker Security Tools
  63. Pentest Tools Github
  64. Hacker Tools Apk
  65. Hacker Tools Apk
  66. Hack Tools For Ubuntu
  67. Blackhat Hacker Tools
  68. Hacker Tools List
  69. Pentest Tools Linux
  70. Hacking Tools Mac
  71. Hack Tools For Games
  72. Pentest Box Tools Download
  73. Free Pentest Tools For Windows
  74. Hacking Tools Github
  75. Hacking Tools Github
  76. Hacker Tools For Windows
  77. Best Pentesting Tools 2018
  78. Pentest Recon Tools
  79. Pentest Tools List
  80. Tools 4 Hack
  81. Termux Hacking Tools 2019
  82. Pentest Tools Online
  83. Hacking Tools Github
  84. Best Hacking Tools 2019
  85. Blackhat Hacker Tools
  86. Pentest Tools Linux
  87. World No 1 Hacker Software
  88. Hacking Tools Software
  89. Hacker Tools 2020
  90. Hacking Tools Github
  91. What Are Hacking Tools
  92. Hack Apps
  93. Hacking Tools Hardware
  94. Pentest Tools Port Scanner
  95. Free Pentest Tools For Windows
  96. Hacker Search Tools
  97. Hacker Techniques Tools And Incident Handling
  98. Hacker Tools Free Download
  99. Pentest Tools Website Vulnerability
  100. Hacking Tools 2019
  101. Pentest Tools For Windows
  102. Android Hack Tools Github
  103. Pentest Tools Bluekeep
  104. Hacker Techniques Tools And Incident Handling
  105. Pentest Tools For Ubuntu
  106. Ethical Hacker Tools
  107. Hack Tool Apk
  108. Hacker Hardware Tools
  109. Pentest Reporting Tools
  110. Hacking Tools Download
  111. Hacking Tools For Mac
  112. Beginner Hacker Tools
  113. Hacking Tools Hardware
  114. What Is Hacking Tools
  115. Hacking Tools For Games
  116. How To Install Pentest Tools In Ubuntu
  117. Hacker Tools Hardware
  118. Hacker Tools 2020
  119. Hack Apps
  120. Hack Tool Apk
  121. Hacking Tools Hardware
  122. Pentest Tools Url Fuzzer
  123. Hacker Tools 2019
  124. Hacker Search Tools
  125. Hacking App
  126. World No 1 Hacker Software
  127. Pentest Tools Linux
  128. Pentest Tools Port Scanner
  129. Hacking Tools Software
  130. Best Pentesting Tools 2018
  131. Tools For Hacker
  132. Best Hacking Tools 2019
  133. Install Pentest Tools Ubuntu
  134. Pentest Tools Review
  135. Hacker Search Tools
  136. Hacker Tools 2019
  137. Hacker Tools Github
  138. Pentest Tools Linux
  139. Hacker Tools Software
  140. Pentest Tools
  141. Best Hacking Tools 2020
  142. Ethical Hacker Tools
  143. Pentest Tools Linux
  144. Blackhat Hacker Tools
  145. Nsa Hacker Tools
  146. Black Hat Hacker Tools
  147. Pentest Tools Open Source
  148. Hack Tools 2019
  149. Hacker Tools For Ios
  150. Hacking Tools Github
  151. Pentest Tools Url Fuzzer
  152. Pentest Tools Port Scanner
  153. Nsa Hack Tools Download
  154. Pentest Tools Github
  155. Hack Tools Pc
  156. Hacking Tools Github
  157. Pentest Tools Download
  158. Pentest Tools Framework
  159. Best Hacking Tools 2020
  160. Ethical Hacker Tools
  161. Hacking Tools For Mac
  162. Tools Used For Hacking
  163. Hack Rom Tools
  164. Free Pentest Tools For Windows
  165. Pentest Tools Open Source
  166. Pentest Tools Find Subdomains
  167. Physical Pentest Tools
  168. Top Pentest Tools
  169. Hacking Tools
  170. Nsa Hack Tools Download
  171. Pentest Tools Bluekeep
  172. Hacker Tools Hardware
  173. Hacking Apps
  174. Hack Tools 2019
  175. Hacking Tools For Windows Free Download
  176. Hacking Tools For Games
  177. Black Hat Hacker Tools

0 件のコメント:

コメントを投稿