It is an initiative from OpenZeppelin, which is a well known library for secure smart contract development. It proposes Ethereum based, open source challenges, written by several contributors

There are already several solutions available. My goal in this article is to provide a step by step walkthrough, that should help the most beginners among us. Please note that I have done the challenge using Google Chrome

Before starting, it is usefull to have an overview about the Web3 process, in comparison to the usual Web2, as it will help understand why we use Javascript, Metamask, Solidity and other such features

Level 0 : Hello Ethernaut

In this chapter, which is an introduction, we will set up MetaMask, get test Ether, and start our first interactions with the smart contract

Set up MetaMask

First of all, we need to install the Metamask browser extension : https://metamask.io/, and then create a password and a wallet key. We need to select the Sepolia test network, which we will use for our hacking scenarios

Open the browser’s console

The modern browsers provide hands-on tools for the web developers, such as the console, in which one can input “live” Javascript instructions, check the data in memory, explore available functions and variables

In the Ethernaut browser session, let’s go in Tools -> Developer tools (or just press F12). In the console view, we find the following informations

You may get some errors, so please make sure to solve them before continuing. If needed, you may check the following actions :

• use Chrome
• install Metamask after you reached the challenge page
• select the Sepolia test network
• refresh the page as per the need

We get an Ethernaut address : 0xa3e7317E591D5A0F1c605be1b3aC4D2ae56104d6

My player number is : 0xe62f9927b2198669b5988993E52d3093854898b0. In fact, this is my Metamask public address

You can check mine here in Etherscan, the well known ethereum blockchain explorer : https://bit.ly/3aP37JO. It corresponds, in my specific case, to the Ethereum Name Service “forensicxs.eth”

Level 0 : Hello Ethernaut

We click on the level “00” box

Use the console helpers

We are invited to type the help() command in the console. Here is the output :

We can check the balance of our account, with the function getBalance(address). We need to input our actual address

We see that the “Promise” has been fulfilled, and that our balance is at zero, as expected. You can find informations about Promises here : https://javascript.info/promise-basics

The ethernaut contract

Let’s look into the smart contrat. The ethernaut command provides a lot of informations about the contract itself

We can see the public methods available, such as owner

We can see that the smart contract has an abi connector at the following address : 0xa3e7317E591D5A0F1c605be1b3aC4D2ae56104d6

The abi, or Application Binary Interface, gives a contract the ability to communicate and interact with external applications and other smart contracts. Here is the overall mechanism

Here we are more interested in reading contracts FROM the Ethereum blockchain, but you can check the following link to get an overview how to deploy a contrat TO the blockchain : https://bit.ly/3OlkD5V

If we try to check the ethernaut owner, the query to the blockchain will need some gas to be able to run. In my case, the Metamask wallet balance is not sufficient, so I get an error message

Get test ether

You can request test Ether with a Google account : https://tinyurl.com/5xe8r23z

This method is limited to 0.05 ETH per day, so it’s not quite enough to get started with the Ethernaut challenge

You can get more token on Alchemy (requires a login and a small amount of real ETH on your metamask wallet)

Getting a level instance

As indicated by the guide, let’s request our level instance, by pressing the “Get new instance” button. We are prompted by Metamask to authorize the transaction. In my case, the gas fee to pay is 0.0228 Sepolia ETH (= test ETH)

The transaction is duly handled, and my instance is created, with a smart contract at the address 0x3A99561FA3026041B8647bdae4E7339c2Ebc45E9

Inspecting the contract

Let’s inspect briefly this contract instanciation, using the contract command

We have access to several public functions, including several ones that look interesting : info, info1, info2, info42, password. Let’s try to find additional informations about these functions

Interact with the contract to complete the level

In this paragraph, we take advantage of Solidity being an OOP language (object oriented programming), so that we can get informations about the functions by calling them, with their respective methods and arguments

Let’s run the contract.info() command. We find a valuable text information “You will find what you need in info()”

We continue with the contract.info1() command. We find another text information “Try info2(), but with \”hello\” as a parameter.”

Therefore, we continue with the contract.info2(“hello”) command.

You get the idea. We have to follow a chain of information…let’s continue with the infoNum() method. We see in the PromiseResult, the word 42

Let’s look for contract.info42()

We have to look for “theMethodeName” as a method

Let’s look into contract.method7123949

We are invited to find the password. We have noticed the function “password” in the contract. Let’s check it in contract.password()

We get the password “ethernaut0“. Now, we can authenticate. We are prompted to accept the transaction by Metamask, a gas fee of 0.023 Sepolia ETH is applied

The transaction is successfull, we can check it on Etherscan

To complete the level, you need to press “submit instance“. Metamask prompts you to accept again the transaction as the blockchain consumes gas for any request

Our transaction is approved, we get a very graphic confirmation

We get a notification on the Ethernaut website

Just below, OpenZeppelin provides the contract code we just interacted with, where we can confirm the steps and logic we just followed above

This level is finished, let’s move to the next one

From now on, we will come closer to a realistic hacking environment

Level 1 : Fallback

We are requested to inpect a smart contract code (here below), take ownership of it, and withdraw the available balance

In Solidity, a fallback function does not take arguments and does not return any value. But a fallback function can receive ether and therefore be “payable”

Let’s get the instance of the contract by clicking “Get new instance”. We need to pay some gas

Our instance address is 0xB386A21D3aAe67a9dAe0144aF2226b86c8EB6960

We can analyse the contract code. The first flaw is in this code, as anyone can :

• call this function
• send Ether
• if the contribution gets higher than the one of the contract owner, take ownership of the contract

Then, the “owner” can withdraw the funds

Therefore, the fallback contract allows users to contribute small amounts of Ether, and the maximum contributor becomes the owner of the contract

But to take ownership of the contract, you would need to get more than 1000 ETH, as per the constructor, because the owner has an initial contribution of 1000 ETH

Fortunately for us, there is a second flaw to take ownership of the contract, whereby any sender can become the owner if :

• he sends a positive value of Ether (msg.value > 0)
• he has already contributed (contributions[msg.sender] > 0)

We can deposit Ether on the contract by using the necessary arguments of the function contract.contribute()

We have to deposit less than 0.001 ETH, so we can choose 0.0009 ETH, just a decimal below. The help() function provides us some guidance about the method to use, to send our transaction to the contract

We also need to send our transaction in Wei (see here a converter, for information -> https://eth-converter.com/), as generally required by smart contracts

So in summary, the arguments to provide to the contract.contribute() function are :

• from : our address is given automatically by our player address
• value : the value of our deposit in Wei

Here is the full transaction. It gets fullfilled, after we paid some smart contract gas fee

We can check our ether balance with the function getBalance

Then, as we have already contributed to the contract, we can take ownership by sending a positive deposit

We can check the contract owner. This is my player address, so I have claimed ownership

Then we can drain the funds with the function contract.withdraw()

We need to press the “submit instance” button to validate this level. We get to this screen, we can press the “Go to the next level” button

Level 2 : Fallout

The full smart contract code is below

To start with a quick analysis, I notice that the contract owner has a null value, which is the default address

At the same time, this address has a huge amount of ETH

I notice also a discrepancy between the contract name Fallout and the constructor Fal1out, which means that the owner is not initiated properly (leading to the owner being the null address)

So anyone can claim ownership of the contract. I just call the contract with contract.Fal1out() and here we go !

We can check that I’m now the contract owner. The Promise result confirms this is my player address

I submit the instance. Level is completed

Level 3 : Coin Flip

As per the description, this is a coin flipping game where we need to guess the outcome of a coin flip. To complete the level we need to guess the correct outcome 10 times in a row

The full code is provided here below

This code leverages the randomness of the blockchain’s state (specifically, the last block’s hash of Ethereum) to simulate a coin flip

By dividing a large pseudo-random value (the block hash) by a large constant and interpreting the outcome, the contract creates an unpredictable result for the two possible outcomes of a coin flip (true or false)

It is usefull to read this article about Ethereum, and get to understand block number, block hash : https://bit.ly/3U878Mu

In the code, blockhash is a global variable that takes block.number and returns the hash of the given block

block.number -1 returns the block number of the previous block, as the current block is not yet mined

On Ethereum, the block hash changes every 12 seconds or so, as shown on this chart

It means that within these 12 seconds, the blockhash will not change and the coinFlip will not be random at all. So we can somehow repeat the flip without any change to the result. However, there’s a protection against re-using the same blockhash several times, so we need to find another way

We need the consecutiveWins to reach 10. At the moment, it is stuck to zero

We can perform a Coin flip by first getting the contract address

Then we can flip the Coin, but it does not get fulfilled as the revert() function cancels it

We can use another contract to hack the CoinFlip code, that we are going to call HackCoinFlip

We can guess the calculation of the hash of the CoinFlip contract, to generate the random number that we know this function is using. We can “intercept” this result and pass it on to our HackCoinFlip contract. The code of this other contract is below

The contract calls the flip function of the CoinFlip contract with the calculated guess

The constructor initializes the coinFlipContract instance with the address of the deployed CoinFlip contract, to intercept the result

The CoinFlip contract’s outcome is determined by the block hash of the last block when it is mined. So, by accessing the same block hash used by the CoinFlip, the HackCoinFlip contract can precisely calculate what the coin flip result will be

Because the hash of the last block is used to generate the random outcome and is publicly available as part of the Ethereum blockchain, this contract can effectively “guess” the flip outcome before it happens

We need to deploy our code in our environnement. For that, we are going to use the Remix IDE : https://remix.ethereum.org/

In Remix, we need to copy the code of our two contracts : contract HackCoinFlip, contract CoinFlip

Then we can compile the code, correct any issues (with the help of the built-in AI)

Afterwards, we deploy the code by selecting the Metamask environnement and our instance adress 0x2B483868AD9862d8ab1EdE67BC2f3f4A4962C7f9

First, we deploy the HackCoinFlip contract

By pressing the Deploy button, we need to pay some gas in Metamask

Then we deploy the CoinFlip contract (we need to pay gas again)

Then we can use our contracts to “flip and guess”. At the beginning, ConsecutiveWins is set to zero

We need to execute makeGuess for 10 times, and check the consecutiveWins counter going to 10

Then we can press the Submit instance button, and we pass the level

Lessons learned : this example highlights the importance of proper random number generation within smart contracts, as relying on block hashes for randomness can be easily exploited. In production, developers should use reliable sources of randomness, such as Oracles or other decentralized solutions (like Chainlink VRF : https://chain.link/vrf)

The bitcoin v0.1 code is available here : https://tinyurl.com/k24m7p9c. It is written mainly in C++

It is released under the MIT X11 licence, that means anyone can copy and modify it

The bitcoin Core software .exe can be launched here : https://tinyurl.com/3ttejt9w

There are two .dll files included :

• libeay32.dll -> this is the OpenSSL encryption library, used by the .exe to create the encryption keys
• mingwm10.dll -> it is a free and open source Windows port of the GCC compiler. It is necessary to launch Qt, which powers the GUI “Graphical User Interface” engine used by the .exe

The bitcoin Core is mainly usefull to send bitcoin from one address to another address, without any intermediary

Code summary

Now let’s go through the code. I have created a summary table, to provide an overview, before going into the details of each file

Overall, bitcoin core v0.1 has 31 794 lines of code. The biggest files being the GUI management (Graphical User Interface) – by far the biggest – and the blockchain operation (blocks, proof of work, cryptography). All the other files are much smaller but also an essential part of the software

base58.h

This file implements base58 encoding and decoding functionalities specifically used for bitcoin addresses. Here is base58.h : https://tinyurl.com/4j2rdrvj

The first line defines the character set for Base58 encoding. The characters 0, O, I, and l are excluded to avoid visual ambiguity

• EncodeBase58 encodes data into base58 string format

• EncodeBase58check extends EncodeBase58 by appending a 4-byte hash (checksum) to the end of the data before encoding. This helps in verifying the integrity of the address

• Hash160ToAddress takes a hashed public key and prefixes it with a version byte before producing a Base58Check encoded string (bitcoin address)

• IsValidBitcoinAddress checks whether a given address is valid by attempting to decode it

• PubKeyToAddress converts a public key into its corresponding bitcoin address using Hash160 and Hash160ToAddress

bignum.h

This code is implemented to manage large integers in the cryptography component of bitcoin. Here is bignum.h : https://tinyurl.com/43y92jb2

• The code utilizes OpenSSL big numbers functionality

• CBigNum is a custom class that inherits from OpenSSL bignum. It includes some important methods (constructors, arithmetic operations, conversion methods,…), and also operators overload and bitwise operations

• The serialize methods allow for serialization and deserialization of CBigNum objects

db.cpp, db.h

This code focuses on database operations for managing transactions, addresses, and wallets. It includes functionality for initializing the database, reading and writing to it, and managing the wallet’s state. The database is based upon Berkeley DB (https://tinyurl.com/mr2zb4hw)

The db.cpp file is here : https://tinyurl.com/3zfe8x4t

• The DbEnv is an object representing the Berkeley DB environmnt

• The class CDBInit initializes the database environment in its constructor

• The CDB constructor tries to open a database file with the specified mode (r, w, c, etc.) and initializes various settings associated with the BDB environment

• The CTxDB class handles transaction data in the database (reading, updating, deleting transaction entries based on their hashes)

• The CAddrDB class is responsible to manage addresses in the database (write new addresses, load existing ones)

• The CWalletDB class manages wallet data, including reading and writing wallet entries, such as addresses and transactions

The db.h file is here : https://tinyurl.com/ea39pj4s

• The code starts by including the Berkeley DB header and classes used throughout the database operations. It uses several external variables for managing the address book, client status, and database environment configuration

• The CDB class is defined, with a constructor taking the file name and opening the BD database, and handling transactions in argument, and with a destructor closing the database.

• The CTxDB class manages transaction metadata

headers.h

This code imports many important libraries and links the .h files together. Here is headers.h : https://tinyurl.com/yerp5r9s

• Preprocessor directives

Theses directives check if the code is compiled with Microsoft Visual C++ and disable specific compiler warnings

It is also targeting Windows 95 (0x0400) instead of a later version

• These libraries provide a wide range of functionalities, from UI components and cryptography to standard I/O operations and memory management

• Additional libraries are included, to perform operations on data structures and algorithms. The boost library is also used (https://www.boost.org/)

• The local headers are also included, that contain application-specific code that deals with serialization, cryptography, transaction handling, user interface, and networking features

irc.cpp, irc.h

Support for the IRC communication chanel was removed from bitcoin core in March 2014 (see this Wiki about IRC : https://en.wikipedia.org/wiki/IRC)

Here is irc.cpp : https://tinyurl.com/yvw3xnz2

It enables the software to connect with other nodes using IRC, allowing for the exchange of information. Key functionalities include encoding and decoding addresses, sending and receiving messages, handling connections, and managing the state of sockets

• ThreadIRCSeed handles the connection to an IRC server for broadcasting and receiving bitcoin node messages. It processes various IRC commands, enabling interaction with other nodes in the network via IRC

Here is irc.h : https://tinyurl.com/mrypzyt2

• It is used for the setup of the network socket connection, and the corresponding IRC thread

key.h

This file is an implementation of key management and cryptographic operations using Elliptic Curve Cryptography (ECC), specifically bitcoin publick-key cryptography secp256k1 (https://en.bitcoin.it/wiki/Secp256k1), which is now commonly used in cryptocurrencies

Here is key.h : https://tinyurl.com/3c3tc377

• The code contains commented constants representing the sizes of private keys, public keys, and signatures for elliptic curves

A secure_allocator is designed to manage sensitive data like private keys. The vector part represents a dynamic array that can hold bytes. This byte array is used to store binary data, such as private keys, serialized objects, or any byte sequence

• The Ckey class contains many important methods : constructor and desctructor, key management, public key management, signature operations, static signature methods

main.cpp

This code implements the blockchain management of transactions, wallets, and blocks. Here is the main.cpp : https://tinyurl.com/ujf6u85z

As the code is very long, I provide a summary table of each function or method. I then provide a few more detailed analysis

• GetBlockValue function is part of the CBlock class. This function calculates the total value of a newly created block, considering its subsidy and transaction fees

int64 nFees represents the total transaction fees included in the block.
Local Variable nSubsidy is initially set as 50 * COIN, which means that the standard subsidy for a new coinbase block is 50 bitcoin (50 coins)

The subsidy is designed to be halved approximately every four years. The condition nBestHeight / 210000 calculates how many 210,000 block intervals have been mined (since 210,000 blocks roughly correspond to four years at 10-minute block intervals). The expression nSubsidy >>= (nBestHeight / 210000) uses a right bitwise shift operator (>>=), effectively halving the subsidy for each completed interval of 210,000 blocks. This implements bitcoin’s block reward halving mechanism

The total value of the block is the sum of the current subsidy (after accounting for halvings) and any transaction fees associated with the transactions included in the block

The table below helps visualize the evolution of block subsidy rewards after each halving. From this table, the 21 000 000 bitcoin maximum quantity can be derived. That means that the hard cap of 21 million bitcoin is an implicit limit, not an explicit limit

The halving curve can be visualized with this graph :

• GetNextWorkRequired function is responsible for adjusting the mining difficulty based on the time it took to mine the last set of blocks

nTargetTimespan sets the ideal duration for mining 2016 blocks, which is two weeks

nTargetSpacing defines the desired time between blocks, set to 10 minutes

nInterval calculates the number of blocks that should be adjusted for difficulty (2016 blocks in this case)

The lines below check if the current block height (nHeight) plus one is not a multiple of nInterval. If it isn’t, the function returns the current difficulty (nBits) without making any changes. This ensures that the difficulty is adjusted only once every 2016 blocks

The function below calculates the actual time taken to mine the last nInterval blocks by subtracting the time of pindexFirst from pindexLast. This actual time span (nActualTimespan) is then forced to a minimum of 25% of the target timespan and a maximum of 400% to prevent extreme adjustments in difficulty

The lines below create a new difficulty target (bnNew) based on the previous difficulty and the actual time span compared to the target timespan. If the new difficulty exceeds the defined proof-of-work limit, it caps it to the maximum allowable difficulty

Here below the evolution of the real network difficulty

• CheckBlock function validates a block before it is processed further. It conducts several checks on the block’s properties to ensure that it adheres to the rules defined by the blockchain protocol

It verifies that the block size is valid

It verifies that the timestamp of the block is valid (not too far in the future as compared with the current time)

It verifies that the first transaction in the block is a coinbase transaction (the special transaction that rewards miners for adding a block), and that there is only one coinbase transaction

It iterates through all transactions in the block (vtx) and calls the CheckTransaction() method on each. If any transaction fails its validity check, it returns an error

It validates the block’s proof of work (POW)

nBits value (which indicates the difficulty of the proof of work) shall not exceed the predefined limit (bnProofOfWorkLimit)

Block’s hash (calculated by the GetHash() method) is less than or equal to the target dictated by nBits

If these checks fail, it returns an error

It validates that the hashMerkleRoot stored in the block matches the hash generated from the Merkle tree of the transactions in the block. If they don’t match, it returns an error

In the bitcoin protocol, a transaction will be stored in the mempool (memory pool) until it is duly validated. You can visualize the live mempool size : https://tinyurl.com/2z8zujvk

main.h

This file defines constants, classes, methods used in main.cpp. I’m not going to detail the content, and just provide informations about important constants used in the program

Here is the main.h : https://tinyurl.com/z8y66m7y

• Constant definitions

The maximum block size in bytes is 0x02000000, or equivalent to about 32 MB (32 * 1024 * 1024 bytes). In the bitcoin context, this can restrict the maximum block size to maintain efficiency and performance

In practice, the real block size is much lower, as can be seen on the graph below. The real block size usage has increased following an increase in the blockchain transactions

Coin represents the base unit for a cryptocurrency, here defined as 1 Bitcoin being equal to 100,000,000 satoshis. It allows for smaller denominations of Bitcoin to be used in transactions

Cent represents a smaller unit equivalent to one hundredth of a Bitcoin, or 1 Cent = 1,000,000 satoshis, further allowing the representation of transactions in finer detail. It helps in calculations involving cents

Coinbase maturity indicates that newly mined coins (the output of a coinbase transaction) cannot be spent until a certain number of blocks (in this case, 100 blocks) have been confirmed after the block containing the coinbase transaction. This rule is implemented to prevent double-spending in the case of newly created coins

bnProofOfWorkLimit sets the limit for the proof of work difficulty. uint256(0) creates a value that represents the maximum possible value for a 256-bit unsigned integer (i.e., all bits are set). Shifting this value right by 32 bits effectively reduces the maximum target value by a factor of (2^{32}).

makefile, makefile.vc

Makefile is used by the make build automation tool to manage the compilation of the bitcoin.exe target. The paths where the compiler will look for header files and where it will look for libraries are defined

makefile is here : https://tinyurl.com/yah6ap9c

market.cpp, market.h

This is a partially completed distributed market place. It was not implemented in later versions of bitcoin core, so I’m not going to detail anything

market.cpp is here : https://tinyurl.com/3u5x88cc

net.cpp, net.h

We all know that bitcoin is decentralized, and based upon the synchronization of nodes (mainly operated by miners). net.cpp is an important file for the execution of this network layer

Here is net.cpp : https://tinyurl.com/yju4rp55

It manages network connections and threading in a Bitcoin node. This code handles aspects like network socket creation, listening for incoming connections, sending and receiving messages, handling of issues like connection failures and data integrity, and proper cleanup during shutdown

• Global variables

Here you find address definitions, flags, primitives. For example, vNodes keeps track of connected nodes, and mapAddresses stores known network addresses

• ConnectSocket function

This function establishes a socket connection to the specified address (addrConnect).
The function creates a socket, and attempts to connect. If successful, it returns true and sets hSocketRet to the connected socket

• GetMyExternalIP function

This function attempts to determine the external IP address of the machine by connecting to a known address. After establishing a socket connection, it sends an HTTP GET request to retrieve the external IP and then processes the response. If successful, it sets ipRet to the detected external IP address

• ThreadSocketHandler and ThreadOpenConnections represent functions handling socket connections and messages, running indefinitely in their respective threads

• ThreadMessageHandler

This function is responsible for processing incoming and outgoing messages to connected nodes

• StartNode and StopNode functions

StartNode : this function initializes the networking components, binds to a local address, listens for incoming connections, and starts necessary threads

StopNode : this function shuts down the node, marking a shutdown flag and ensuring all threads are complete before cleanup

script.cpp, script.h

Bitcoin is programmable money, and like any program, you can add commands to it to execute certain actions

For this purpose, bitcoin Core uses scripts that are run into a stack, and opcodes are the underlying operations that help build the bitcoin scripts

Technically, the scripting language is based upon Forth : https://tinyurl.com/43tpat57

The use of such a scripting language is like having an embedded, assembly-like language, to use for specific tasks inside the application. As such, the opcodes are similar to the mnemonics used in assembly programming

You can find a complete list of opcodes here : https://tinyurl.com/5e8kaypr

The script.h file can be found here : https://tinyurl.com/b9u8s2bd. You will find inside :

• Opcode enumeration

The enum contains different opcodes representing operations in bitcoin script. They include commands for pushing data, control flow, stack manipulation, bitwise operations, cryptography, and more

• Function to get opcode names

This function returns a string representation of an opcode based on its enum value. If the opcode doesn’t match any known type, it returns “UNKNOWN_OPCODE”

• CScript Class

The class CScript is used for script management and manipulation. It has various constructors and operator overloads

These operators can handle different data types and build scripts, and pushing values onto the stack

• Script parsing

This method retrieves the next opcode from the script and updates the program counter

The script.cpp file can be found here : https://tinyurl.com/mt29va73

This file includes functions that are important and used for transaction verification and execution. They are used extensively within the Bitcoin network, for verifying transactions and ensuring that they are executed correctly according to the provided scripts

• EvalScript is essential for executing and validating Bitcoin scripts. It processes opcodes sequentially, modifying the execution stack as required and handles both control flow and cryptographic operations to ensure each script fulfills its intended purpose correctly. Each opcode has specific logic that defines how it interacts with the stack and how it affects the program’s flow

• SignatureHash is a crucial part of Bitcoin’s transaction model, responsible for generating a hash of a transaction input that includes the signature data. This hash is what is actually signed by the private key, ensuring that the signature is uniquely associated with a specific transaction input state

• IsMine checks whether the provided public key script (scriptPubKey) belongs to the wallet (i.e., whether the wallet holds the corresponding private key)

• ExtractPubKey extracts the public key from the public key script (scriptPubKey). It optionally checks if the public key belongs to the wallet

• ExtractHash160 is designed to extract the hash of a public key (specifically, the result of a RIPEMD-160 hashing operation on a SHA-256 hash of the public key) from a given script. This hash is used in Bitcoin transactions as a means of identifying addresses uniquely

• SignSignature generates a digital signature for a transaction input. It combines the transaction data with the relevant script and signs it using the private key associated with the corresponding public key

• VerifySignature checks if the input is valid. It confirms that the transaction hash matches the expected hash. Finally, it verifies the signature using the script evaluation process

This function is important for maintaining the security and integrity of the Bitcoin network, ensuring that funds can only be spent by their rightful owners. If any of the checks fail, it ensures that the transaction cannot proceed

serialize.h

This code implements serialization : https://en.wikipedia.org/wiki/Serialization

The code converts objects of a particular class into a stream of bytes. It is used to store it in memory or transmit it over the network

Here is the serialize.h : https://tinyurl.com/msmd2r3k

For example, the WriteCompactSize function is designed to serialize a size value (of type uint64) into a compact format for efficient storage and transmission. It uses a specific encoding scheme that optimizes for smaller sizes when possible, making it important for handling variable-length data

sha.cpp, sha.h

Here is sha.cpp : https://tinyurl.com/mvhzu39d

The provided code implements the SHA1, SHA224, SHA256, SHA384, SHA512 hashing algorithm

It also includes an accelerated version of SHA52, written in assembly language, for compatible hardware

ui.cpp, ui.h, ui.rc, uibase.cpp, uibase.h, uiproject.fbp

All these files are here to implement the user interface of the bitcoin application

It is based upon the Qt framework : https://www.qt.io/product/framework

It uses wxFormbuilder widgets, to hep create the user interface (example below)

The volume of code is important : about 18 000 lines of code. We can imagine the time spent on this if bitcoin was developped by a single person !

uint256.h

This file defines two custom data types, uint160 and uint256, for handling 160-bit and 256-bit unsigned integers, respectively. These types are commonly used in blockchain and cryptocurrency applications, to represent data like hashes (SHA-256 outputs) and addresses

Here is uint256.h : https://tinyurl.com/5bfnp858

util.cpp, util.h

This code implements several utilities : random cryptographic seed generation, exceptions, parser, time management. They are quite standard but essential components, for the cryptography processes and the block timestamp

In this article, I will scratch the surface of the Belarus web infrastructure, using some basic footprinting techniques

Belarus is a country in Eastern Europe. It is bordered by Russia to the east and northeast, Ukraine to the south, Poland to the west, and Lithuania and Latvia to the northwest. It has a population of 9.5 million. Minsk is the capital and largest city

Belarus had a complex history in the last century, changing hands at various times, to the Grand Duchy of Lithuania, the Polish–Lithuanian Commonwealth, and the Russian Empire. In the aftermath of the Russian Revolution in 1917, the Byelorussian SSR (Soviet Socialist Republic) became a founding constituent republic of the Soviet Union in 1922

After the Polish-Soviet War, Belarus lost almost half of its territory to Poland. Much of the borders of Belarus took their modern shape in 1939, when some lands of the Second Polish Republic were reintegrated into it after the Soviet invasion of Poland

During World War II, military operations devastated Belarus, which lost about a quarter of its population and half of its economic resources

The parliament of the republic proclaimed the sovereignty of Belarus in July 1990, and during the dissolution of the Soviet Union, Belarus declared independence in August 1991. However, Belarus kept strong ties with Russia

Following the adoption of a new constitution in 1994, Alexander Lukashenko was elected Belarus’s first president in the country’s first and only free election post-independence, serving as president ever since. Lukashenko heads an authoritarian government with a poor human rights record due to widespread abuses

Internet infrastructure

Let’s start a quick review about Internet cables providing the Internet to Belarus

The first one is the Transit Europe Asia (TEA) network, which is an international transit fiber-optic cable line passing trough Russia, and linking European countries with Asia. TEA has transmission routes on Rostelecom (Russian National Telecommunication Company : https://bit.ly/3Vwy4Vy) core networks, with extensions to Belarus

A second one is TransTeleCom (TTK), which is one of the leading Telecom operators in Russia. TTK has a partnership with the Russian Railways (https://bit.ly/3EHJv6I)

TTK is operating a large fiber-optic backbone digital communication network, which is laid along the railways of Russia and has many access points in all densely populated regions of the country, connecting the eastern and western borders of the Russian Federation

TTK Eurasia Highway has connections with communication networks of all neighboring countries with Russia, including Belarus, and is an optimal route between Europe and Asia

Belarus has its own local companies able to install underground cables and expand the Internet network. One of these is Minskkabel which is specialized in the manufacture of optical cables for an interconnected communication network between Belarus, Russia, and other neighbouring countries

Now, let’s look at the Belarus country code ccTLD – Top Level Domain and corresponding DNS – Domain Name Server root zone

IANA is responsible to assign the operators of top-level domains, such as .com, and maintain their technical and administrative details

We can find the Belarus ccTLD on the IANA website with the .by country code

IANA is responsible for determining an appropriate trustee for each ccTLD. Administration and control are then delegated to that trustee, which is responsible for the policies and operation of the domain

In the case of Belarus, it is Belarusian Cloud Technologies LLC (beCloud). According to their website, they describe themselves as the first infrastructure operator in Belarus. Here are some key services operated by beCloud :

In the last years, Belarus has been building a sovereign Cloud ecosystem, mostly with the help of major European, US and Asian companies, such as the ones below. The international sanctions on Belarus and Russia are mainly targeted to specific individuals, and do not block necessarily these partnerships and exchange of technology

Taking into account the capital cost of construction of a network and the limited population of Belarus, it was decided to create one single infrastructure operator. beCloud operates several datacenters and has a wide network inside Belarus, and sells the bandwidth to other operators

The chief inspector of the Belarus TLD is the OAC – Operational and Analytical Center

There is much controversy about this agency. A son of Lukashenko had been appointed director some years ago

Here are the main tasks of the OAC

Several agencies are subordinated to the OAC, such as the important National Traffic Exchange Center (NTEC)

The Ministry of Telecommunications controls all telecommunications originating within the country through its carrier unitary enterprise, Beltelecom

The statistics on Shodan show us the importance of Beltelecom as the main operator of routers and switches accross Belarus

Beltelecom owns all the backbone channels that link to external networks such as the one from Rostelecom in Russia

While Beltelecom is in charge of the infrastructure, NTEC is responsible for allowing the access to the international Internet, and grants this service for a fee that is paid by Telecom operators

The Belarus authorities can block the internet as they did in August 2020 during the elections turmoil, as you can see on the chart below

In fact, the American IT company, Sandvine (Procera), had supplied filtering equipment for normal network operations (such as traffic optimization, congestion management, cost efficiency, anti malware…) using a Deep Packet Inspection (DPI) process, with the help of resident engineers

The Sandvine equipement had been used by Belarus authorities to block legitimate traffic and switch off the Internet

Further to this, Sandvine decided to terminate the contract with Belarus : https://bit.ly/3VxIfcg

In Belarus, the state body BelGIE is responsible to manage the list of restricted IPs and traffic : https://belgie.by/en/home

Let’s check the Name Servers provided for the .by Belarus ccTLD (remind that a lot of domains in the world have multiple nameservers to increase reliability)

The main Name Servers n°1 and n°2 are hosted by beCloud in Belarus

Ukrainian Telecommunications Group (UTG) is a major Ukrainian operator, enabling some part of the traffic towards Belarus. RETN is a major international network operator headquartered in UK and managing Eurasian cables going through Ukraine and Russia

The National Traffic Exchange Center (NTEC) has been seen above already, and we can confirm that the NTEC is at the center of the Internet communication from abroad Belarus

Dataline is an IT company located in Russia with cloud capabilities. It’s interesting to see that some backup Belarus Name Servers are hosted in Russia (Dataline) and USA (AWS)

Here below are the main ISP (Internet Service Providers) of Belarus :

Internet usage in Belarus is about 82%, as we can find here : https://bit.ly/3CjOKqz. It is similar as the one of France

The mobile networks 2G/3G/4G are quite widespread, with a stronger concentration of these networks around major cities

The mobile network 5G is not yet deployed, but activities are on-going to implement this latest standard

The overall efficiency of the Belarus network is not that great, probably due to a lower coverage in rural areas

Operational and Analytical Center

Let’s go deeper on the OAC – chief inspector of the Belarus TLD – that we have seen above : https://bit.ly/3gVNzGH

First of all, you shall know that the OAC is entitled by Law to restrict internet, in case of threats to National Security : https://bit.ly/3TrZaei

We can use several footprinting and recon tools for that. Let’s go through the findings using some of these tools

urlscan.io : https://bit.ly/3sG0S0m

The main IP is 195.50.4.123, located in Minsk, and belongs to BCTBY-AS, which is Belarusian Cloud Technologies, as seen above. The site takes advantage of the Google web tracking technologies, helping the webmaster to perform analytics

Google Tag Manager (GTM) has been interesting for hackers, as JavaScript can be embedded inside GTM containers and is executed when a browser loads the link to a container : https://bit.ly/3Nihfd4

Doubleclick (https://bit.ly/3sGfQn9) now belongs to Google and is part of the Google Marketing tools

With all these Google technology embedded inside their website, the admin have a good way to track user navigation on their website

We can read the Javascript global variables, here below

Apart from usual Javascript events, we can confirm the Google analytics and tag manager, already mentioned above. In addition, we find the NS_CSM, which are Citrix variables standing for Client Side Measurement

The CSM is the console included in the Citrix WAF (Web Application Firewall), allowing the Admin to monitor any security events. Here a sample screenshot of the interface

Basically, the Citrix WAF works as follows

The Citrix WAF is based upon a cookie derived from the web client session : citrix_ns_id

In fact, to maintain the state of the session, the Citrix Web App Firewall generates its own session cookie, and passes it only between the web browser and the Citrix Web Application Firewall, and not to the web server

This will ensure that if any hacker tries to modify the session cookie, the WAF will drop the current session, and the WAF will keep the information of the URLs and forms visited by the client

Here further details about how this Citrix WAF is working : https://bit.ly/3UeJ4p7

Here below all cookies generated by the website :

Beyond the citrix_ns_id, we find the citrix_bot_id cookie. This allows the Admin to implement Bot management policies, to block malicious bots : https://bit.ly/3U62hd3

We also see the XSRF token (see here a definition : https://bit.ly/3DIOz9Y), which will help protect against web sites forgeries

Beyond these cookies, we can see some basic web hacking protections

nosniff will help protect against MIME sniffing

SAMEORIGIN will block iframe inclusions that are not from the same web site origin

1; mode=block will prevent XSS attacks

Created for browsers equipped with XSS filters, this non-standard header was intended as a way to control the filtering functionality. Since modern browsers no longer use XSS filtering, this header is now deprecated

We can see that the server is an nginx dealing http requests on the port 443 (as expected)

The website is protected by TLS1.3 and AES256

The website has an encryption certificate delivered by Let’s Encrypt

Some people have criticized the fact that Let’s Encrypt provides CERT services to Belarus. But in fact, they validate only that the server has the proven control over the domain name you are visiting. And beyond that, blocking US CERT would probably push Belarus to implement Russian government Certificate of Authority, with all potential risks for the end users : https://bit.ly/3U8wA2i

For the following analysis, check this reminder about DNS here : https://bit.ly/3E0FmtV, and also here : https://bit.ly/3FOpETN

BuiltWith Technology Profiler : https://bit.ly/3hB2JBy

We can find more details about the front-end, mainly the use of Javascript Framework

We can also find more details about the back-end server

It seems that the server is probably built using PHP version 7 or above (but this has not been detected since 2021 so it may have been replaced by another)

The server has a Sender Policy Framework (SPF), which enables receiving mail servers to authenticate whether an email message was sent from an authorized mail server (spam and spoofing protection)

The server is based upon Nginx. Previously, it was based upon Apache (year 2019), and the OS was Debian (year 2017)

We will see below that it’s now probably running FreeBSD (https://bit.ly/3AbZqaf)

whois

Let’s run a whois against the IP address 195.50.4.123

We confirm that the IP is owned by Belarusian Cloud Technologies LLC, as seen above. There are two contact people, that we can cross check on social networks. We find the Linkedin profile of Andrey Chepikov, which states an experience at “protection of networks against external influences“

dnsrecon : https://bit.ly/3sN1txp

This tool does a DNS enumeration. We find the basic informations about the domain oac.gov.by (MX : Mail Server, A : IP address, TXT : Text record). The Sender Policy Framework (SPF) is configured (v=spf1 -all) , so that only this server can send emails on behalf of the domain

To use Google Analytics, you need to prove that you own the domain. That’s why the Admin added a TXT record to prove this, with google-site-verification. Here is how you can confirm your domain ownership : https://bit.ly/3NE66DR

dig : https://bit.ly/3FTE3hT

We can check if the domain has DNSSEC implemented. In this case, it is not enabled

dnshistory : https://bit.ly/3SPbxkc

We can see that the domain has historical records dating from December 2012

Linkedin

We can find some interesting informations on this social network, such as technologies that the OAC may be actively using :

We can therefore correlate some technical evidences we had found in the previous sections, which increases the probability that the OAC actually uses these technologies

We can therefore assume the following architecture :

• Javascript Vue.js Frameworks for the Front-End
• PHP Laravel, Node.js, React.js Frameworks for the Back-End
• PostgreSQL, MongoDB for the database management

The softwares and services are probably based upon a Cloud Native architecture :

• VMware (Virtual Machines)
• Kubernetes k8s (to manage containerized applications across multiple hosts)
• Gitlab CI (Continuous Integration)
• CEPH as a distributed storage system (https://bit.ly/3Emillf)

p0f : https://bit.ly/3AbaEMb

p0f – passive operating system fingerprinting – can be used to detect the server Operating System (OS). It will detect how the OS implements the TCP/IP stack

In our case, I find that the server machine is based upon Windows XP

Is it weird to find such an outdated version of Windows ? Not quite. Some organizations are still using XP nowadays. For example, the Belarus railway system is using Windows XP, as it was shown to the world during the invasion of Russia into Ukraine (https://bit.ly/3GbVrhG)

In addition, Microsoft has decided to block new Windows licence to Belarus and Russia (https://bit.ly/3Trb5Ja), this will not help Belarus to move to more recent versions

Zenmap

We are going to find additional informations with Zenmap (in fact, it is a GUI version of nmap : https://bit.ly/2Hlfc7P)

The first one is the TCP Sequence Prediction (difficulty = 251 in our case), which is a measure of the risk that a TCP connection can be hijacked by an attacker, predicting the sequence number and preparing a faked packet (you can learn more about sequence number here https://bit.ly/3G9JPMb and also here https://bit.ly/3EsStUZ)

We find the open Ports and more technical informations about hardware used

The open Ports 80 (HTTP) and 443 (HTTPS) are typical for a Web Server

We find a Citrix NetScaler, which is an Application Delivery Controller (ADC) created to optimize, manage, and secure network traffic : https://bit.ly/3X1Coww. This includes the Citrix WAF we have seen earlier

It is also probable that this ADC is acting as a Citrix VPX Load Balancer. A typical network topology would be as follows (VIP = virtual server IP), with internal machines hidden behind the Citrix ADC :

Zenmap provides probable infrastructure informations (with % of probability) :

• Citrix NetScaler VPX load balancer (89%) : as seen above
• Linksys BEFSR41 EtherFast router (86%) : it’s a basic network router
• AVtech Room Alert 26W environmental monitor (86%) : server room real time monitoring of temperature, humidity,…
• FreeBSD 6.2-Release (85%) : it’s probable that the server is based upon FreeBSD 6.2. If true, this is quite an outdated version. We can check the version 6.3 release notes to get an overview of the bugs in 6.2 : https://bit.ly/3UQUhMH

Let’s compare with a direct OS discover using nmap

nmap provides us with a probable guess, that FreeBSD 6.2 is based upon the Virtual Machine Oracle Virtualbox

Web security

We can dig a bit deeper if the web site is well protected, using a vulnerability scanner, such as Wapiti : https://bit.ly/3VxDZss

We get the following report :

Let’s go through the results :

The Content Security Policy header (CSP) lets you precisely control permitted content sources and many other content parameters, and is a recommended way to protect your websites and applications against XSS attacks. A basic CSP header to allow only assets from the local origin is :

Content-Security-Policy: default-src 'self'

When enabled on the server, the HTTP Strict Transport Security header (HSTS) enforces the use of encrypted HTTPS connections instead of plain-text HTTP communication. A typical HSTS header might look like this:

Strict-Transport-Security: max-age=63072000; includeSubDomains; preload

This informs any visiting web browser that the site and all its subdomains uses only SSL/TLS communication, and that the browser should default to accessing it over HTTPS for the next two years (the max-age value in seconds)

The preload directive indicates that the site is present on a global list of HTTPS-only sites. The purpose of preloading is to speed up page loads and eliminate the risk of man-in-the-middle (MITM) attacks when a site is visited for the first time

An HttpOnly Cookie is a tag added to a browser cookie, that prevents client-side scripts from accessing data. Using the HttpOnly tag when generating a cookie helps mitigate the risk of client-side scripts accessing the protected cookie, thus making these cookies more secure.

The example below shows the syntax used within the HTTP response header :

Set-Cookie: =“[; “=“] [; expires=“][; domain=“] [; path=“][; secure][; HttpOnly]

If the HttpOnly flag is included in the HTTP response header, the cookie cannot be accessed through the client-side script. As a result, even if a cross-site scripting (XSS) flaw exists, and a user accidentally accesses a link that exploits the flaw, the browser will not reveal the cookie to the third-party

The Secure flag is used to declare that the cookie may only be transmitted using a secure connection (SSL/HTTPS). If this cookie is set, the browser will never send the cookie if the connection is HTTP. This flag prevents cookie theft via man-in-the-middle attacks

It would be good practice to enable the above security flags, thus complying with the OWASP recommendations. However, I assume that the OAC is not so concerned, as the website does not include many rich content, and a powerfull WAF is already implemented

Belarus web infrastructure in summary

Let’s summarize the infrastructure that we have seen above

Conclusion

In this short preview of the Belarus web infrastructure, we have seen the following items, using footprinting methods :

• Belarus has built a sovereign cloud to manage its web infrastructure, with the help of international corporations (US, Europe, Asia,..)
• The Belarus Name Server is backed-up by AWS (USA) and Dataline (Russia)
• The Belarus authorities have a strong degree of control over access points and can block any IP traffic if necessary (such as during the August 2020 elections turmoil)
• The Operational and Analytical Center (OAC) is the chief inspector of the Belarus Top Level Domain (TLD)
• The OAC website performs analytics using Google web tracking technology
• The OAC website is protected with the use of Citrix technology (WAF, Load Balancer), and its root certificate is issued by Let’s Encrypt
• The OAC web server may be based upon an obsolete version of Windows (XP) and does not comply with all the basic OWASP recommendations
• The restrictions applied to Belarus by some US corporations such as Microsoft will limit their ability to implement security patches and updates
• Linkedin profiles are always a good way to learn more about the technologies used by a target