Build your own low-cost password cracker on the blockchain for fun and profit! Renaud Lifchitz

Build your own low-cost password cracker on the blockchain for fun and profit! - Renaud Lifchitz 2 Developing a home-made password cracker

Build your own low-cost password cracker on the blockchain for fun and profit! - Renaud Lifchitz 3 What is a FPGA? ● 2 base elements – LUTs: look-up tables – Flip-flop: elements to delay propagation ● Optionally: – RAM blocks – Hardware multipliers – DSPs

Build your own low-cost password cracker on the blockchain for fun and profit! - Renaud Lifchitz 4 FPGA usage ● Signal processing: SDR ● Logic analyzer ● Fault injection ● Side-channel attacks: timing attacks, DPA, CPA, … (ex.: ChipWhisperer)

Build your own low-cost password cracker on the blockchain for fun and profit! - Renaud Lifchitz 5 Our target board ● Digilent PYNQ-Z1 FPGA development board ● Hand-sized ● Very good value for the money ● No fan, completly silent ● Very low consumption: a few Watts (typical light bulb: 60W) ● http://www.pynq.io/ ● Price: 200€ (academic price: 100€)

Build your own low-cost password cracker on the blockchain for fun and profit! - Renaud Lifchitz 6 Our target board Features ● Xilinx SoC FPGA with dual ARM CPU – 33280 logic cells in 5200 slices (four 6-input LUTs and 8 flip-flops / slice) – 1800 Kbits of fast block RAM – Internal clock speeds exceeding 450 MHz ● 256MB DDR3L with a 16-bit bus @ 667MHz ● 16MB Quad-SPI Flash ● Connectivity: – 10/100 Mbps Ethernet – USB-UART bridge – USB-JTAG programming circuitry – Arduino shield connector – SD card reader ● 4 switches, 4 buttons, 1 reset button, 4 LEDs, 4 RGB LEDs

Build your own low-cost password cracker on the blockchain for fun and profit! - Renaud Lifchitz 7 FPGA programming ● Very different from procedural programming ● Behavioral programming ● Hard learning curve ● Every statement in the same block is executed at the same time ● For successive statements, you must use a state machine ● 2 main languages: – VHDL (strongly typed, mostly used in Europe) – Verilog (mostly used in the US and worldwide) ● You can practice online: https://www.edaplayground.com/

Build your own low-cost password cracker on the blockchain for fun and profit! - Renaud Lifchitz 8 FPGA programming VHDL sample code reg1: process (rst, clk) begin if rst = '1' then q_reg <= (others => '0'); q_i <= (others => '0'); elsif rising_edge(clk) then if s_l = '1' then q_i(0) <= q_i(7); loop1: for i in 6 downto 0 loop q_i(i + 1) <= q_i(i); end loop loop1; q_reg <= y; else q_i <= q_reg; q_reg <= y; end if; end if; end process reg1;

Build your own low-cost password cracker on the blockchain for fun and profit! - Renaud Lifchitz 9 FPGA programming Verilog sample code always @(posedge CLK or posedge RST) begin if (RST) begin q_reg = 0; Q = 0; end else if (S_L) begin Q[7:0] = {Q[6:0],Q[7]}; q_reg = Y; end else begin Q = q_reg; q_reg = Y; end end

Build your own low-cost password cracker on the blockchain for fun and profit! - Renaud Lifchitz 10 High Level Synthesis (HLS) ● Programming everything in HDL is hard, especially when you have to deal with complex hardware interfaces (Ethernet, USB, …) ● It’s easier to use existing stacks in C either: – On a CPU core of the FPGA SoC – Or on a CPU softcore in the FPGA! using a normal C compiler ● Event coding the normal logic can be a pain if the state machine is big ● Xilinx provides a nice commercial SDK including a C-to-HDL compiler (Vivado HLS)

Build your own low-cost password cracker on the blockchain for fun and profit! - Renaud Lifchitz 11 Using the password cracker ● Interface: UART over USB to submit a hash and view the result ● Code is too crapy to be published ● Limited to incremental bruteforce attack for the moment (I’m not an FPGA expert!) ● But performance is roughly the same than a GPU, with a lower price, consumption, occupied space and noise! 

Build your own low-cost password cracker on the blockchain for fun and profit! - Renaud Lifchitz 12 Building a decentralized password hashes marketplace

Build your own low-cost password cracker on the blockchain for fun and profit! - Renaud Lifchitz 13 A password marketplace? ● A common task for security auditors: assess the strength of password hashes ● A test on a single CPU/GPU for a few hours is usually not enough compared to motivated attackers ● So the idea is to build a collaborative marketplace with incentives to help: – people submit their password hashes with given rewards – the one who solves a hash is given the corresponding reward

Build your own low-cost password cracker on the blockchain for fun and profit! - Renaud Lifchitz 14 A fully decentralized application? (1/2) ● We need a fully decentralized application to avoid cheating, censorship, DDoS, downtime… ● Several parts should be decentralized: – web back-end (core logic/app) – web front-end (storage of HTML/JS/CSS) – domain name (storage and resolver)

Build your own low-cost password cracker on the blockchain for fun and profit! - Renaud Lifchitz 15 A fully decentralized application? (2/2) ● I have chosen Ethereum technology with some beta components: – web back-end: Ethereum smart contract – web front-end: Ethereum Swarm – domain name: Ethereum Name Service (ENS)

Build your own low-cost password cracker on the blockchain for fun and profit! - Renaud Lifchitz 16 Anti-cheat tricks ● For the submitter: – You pay the reward in advance and it is locked (no insolvency) ● For the solver: – You have to pay a small fee to submit an answer (no bruteforce) – Answer is verified by thousands of nodes (no corrupted server) ● For all users: – Decentralized application (no DoS/DDoS, downtime)

Build your own low-cost password cracker on the blockchain for fun and profit! - Renaud Lifchitz 17 The Ethereum blockchain ● https://www.ethereum.org/ ● More than 38,000 online nodes!: https://www.ethernodes.org most secured/trustable blockchain nowadays  ● Average block/transaction time: 15 seconds ● Allows safe execution of logic through smart contracts ● Allow payments with its digital currency, ether (ETH): https://coinmarketcap.com/currencies/ethereum/ ● “Ethereum: the World Computer”: https://www.youtube.com/watch?v=j23HnORQXvs

Build your own low-cost password cracker on the blockchain for fun and profit! - Renaud Lifchitz 18 Decentralized name service: Ethereum Name Service (ENS) ● An ENS entry can map a .eth name to: – an individual Ethereum account – a content hash for decentralized storage (Swarm or IPFS) ● ENS official web site: https://ens.domains/ ● Booking an entry: https://registrar.ens.domains/ ● ENS stats: https://ens.codetract.io/

Build your own low-cost password cracker on the blockchain for fun and profit! - Renaud Lifchitz 19 Decentralized storage: Ethereum Swarm ● Peer-to-peer storage and serving solution ● DDOS-resistant, zero-downtime, fault-tolerant, censorship-resistant and self-sustaining with incentives (soon) ● Swarm protocol: bzz:// ● Swarm official web site is stored using… Swarm and is also a Swarm gateway: – http://swarm-gateways.net/ redirects to http://swarm-gateways.net/bzz:/theswarm.eth/ – theswarm.eth resolves to 0x9b34db0158bad197cb28b374c79cd4090d5d75e197d0f118a8fc23835f3a22e0 – http://swarm-gateways.net/bzz:/9b34db0158bad197cb28b374c79cd4090d5d75e197d0f118a8fc23835f3a22e0/ ● Other examples: – Photo album: http://swarm-gateways.net/bzz:/photoalbum.eth/ – Rickroll GIF: http://swarm-gateways.net/bzz:/2c2b937364f283c3ee82bc70542849f850c88abf1d10c0264a96fa8fe7da81da

Build your own low-cost password cracker on the blockchain for fun and profit! - Renaud Lifchitz 20 Decentralized apps: smart contracts ● A smart contract is an application core ● Once deployed: – No one can modify the code or stop its execution – The code runs simultaneously on all the nodes ● Smart contract + web front-end = “dApp” (https://dapps.ethercasts.com/) ● Ethereum smart contracts main programming language: Solidity

Build your own low-cost password cracker on the blockchain for fun and profit! - Renaud Lifchitz 21 Solidity basics ● High-level language, syntax similar to JavaScript ● Compiled to bytecode then deployed on the blockchain ● Designed to target the Ethereum Virtual Machine (EVM) ● Statically typed, supports inheritance, libraries, complex user- defined types... ● Ability to create contracts for voting, crowdfunding, blind auctions, multi-signature wallets and more! ● Official documentation: https://solidity.readthedocs.io/en/develop/

Build your own low-cost password cracker on the blockchain for fun and profit! - Renaud Lifchitz 22 Solidity code example Sequestration of funds until 30th July 2020 (https://hodlethereum.com/deposit)

Build your own low-cost password cracker on the blockchain for fun and profit! - Renaud Lifchitz 23 Developing & deploying the smart contract ● Contract can be written using Browser Solidity: https://ethereum.github.io/browser-solidity/ ● Contract can be tested using Truffle framework: http://truffleframework.com/ or Ethereum testnet (currently “Ropsten”) ● Contract can be deployed & used using: – Parity: https://parity.io/ – Mist: https://github.com/ethereum/mist/releases

Build your own low-cost password cracker on the blockchain for fun and profit! - Renaud Lifchitz 24 Using the marketplace bzz:/passwords.eth

Build your own low-cost password cracker on the blockchain for fun and profit! - Renaud Lifchitz 25 A few words... ● Nice and usable proof-of-concept but: – Limited to SHA256 hashes for the moment: lack of other interesting hash functions in the EVM, and high transaction fees to develop new ones  a solution would be to use a trusted oracle – Code is quite ugly, need some fixes before being published ● Use it, share it, and audit your passwords!

Build your own low-cost password cracker on the blockchain for fun and profit! - Renaud Lifchitz 26 Thank you! Any questions? Ethereum: 0x0009Fd382E99dDD801736Ea4075a2eE5e4916B72 ENS: nono2357.eth Tips are welcome!  @nono2357