Build your own low-cost password cracker on the blockchain for fun and profit!

Transcript

1. Build your own low-cost password cracker on the blockchain for

   fun and profit! Renaud Lifchitz

2. Build your own low-cost password cracker on the blockchain for

   fun and profit! - Renaud Lifchitz 2 Developing a home-made password cracker

3. Build your own low-cost password cracker on the blockchain for

   fun and profit! - Renaud Lifchitz 3 What is a FPGA? • 2 base elements – LUTs: look-up tables – Flip-flop: elements to delay propagation • Optionally: – RAM blocks – Hardware multipliers – DSPs

4. Build your own low-cost password cracker on the blockchain for

   fun and profit! - Renaud Lifchitz 4 FPGA usage • Signal processing: SDR • Logic analyzer • Fault injection • Side-channel attacks: timing attacks, DPA, CPA, … (ex.: ChipWhisperer)

5. Build your own low-cost password cracker on the blockchain for

   fun and profit! - Renaud Lifchitz 5 Our target board • Digilent PYNQ-Z1 FPGA development board • Hand-sized • Very good value for the money • No fan, completly silent • Very low consumption: a few Watts (typical light bulb: 60W) • http://www.pynq.io/ • Price: 200€ (academic price: 100€)

6. Build your own low-cost password cracker on the blockchain for

   fun and profit! - Renaud Lifchitz 6 Our target board Features • Xilinx SoC FPGA with dual ARM CPU – 33280 logic cells in 5200 slices (four 6-input LUTs and 8 flip-flops / slice) – 1800 Kbits of fast block RAM – Internal clock speeds exceeding 450 MHz • 256MB DDR3L with a 16-bit bus @ 667MHz • 16MB Quad-SPI Flash • Connectivity: – 10/100 Mbps Ethernet – USB-UART bridge – USB-JTAG programming circuitry – Arduino shield connector – SD card reader • 4 switches, 4 buttons, 1 reset button, 4 LEDs, 4 RGB LEDs

7. Build your own low-cost password cracker on the blockchain for

   fun and profit! - Renaud Lifchitz 7 FPGA programming • Very different from procedural programming • Behavioral programming • Hard learning curve • Every statement in the same block is executed at the same time • For successive statements, you must use a state machine • 2 main languages: – VHDL (strongly typed, mostly used in Europe) – Verilog (mostly used in the US and worldwide) • You can practice online: https://www.edaplayground.com/

8. Build your own low-cost password cracker on the blockchain for

   fun and profit! - Renaud Lifchitz 8 FPGA programming VHDL sample code reg1: process (rst, clk) begin if rst = '1' then q_reg <= (others => '0'); q_i <= (others => '0'); elsif rising_edge(clk) then if s_l = '1' then q_i(0) <= q_i(7); loop1: for i in 6 downto 0 loop q_i(i + 1) <= q_i(i); end loop loop1; q_reg <= y; else q_i <= q_reg; q_reg <= y; end if; end if; end process reg1;

9. Build your own low-cost password cracker on the blockchain for

   fun and profit! - Renaud Lifchitz 9 FPGA programming Verilog sample code always @(posedge CLK or posedge RST) begin if (RST) begin q_reg = 0; Q = 0; end else if (S_L) begin Q[7:0] = {Q[6:0],Q[7]}; q_reg = Y; end else begin Q = q_reg; q_reg = Y; end end

10. Build your own low-cost password cracker on the blockchain for

    fun and profit! - Renaud Lifchitz 10 High Level Synthesis (HLS) • Programming everything in HDL is hard, especially when you have to deal with complex hardware interfaces (Ethernet, USB, …) • It’s easier to use existing stacks in C either: – On a CPU core of the FPGA SoC – Or on a CPU softcore in the FPGA! using a normal C compiler • Event coding the normal logic can be a pain if the state machine is big • Xilinx provides a nice commercial SDK including a C-to-HDL compiler (Vivado HLS)

11. Build your own low-cost password cracker on the blockchain for

    fun and profit! - Renaud Lifchitz 11 Using the password cracker • Interface: UART over USB to submit a hash and view the result • Code is too crapy to be published • Limited to incremental bruteforce attack for the moment (I’m not an FPGA expert!) • But performance is roughly the same than a GPU, with a lower price, consumption, occupied space and noise! 

12. Build your own low-cost password cracker on the blockchain for

    fun and profit! - Renaud Lifchitz 12 Building a decentralized password hashes marketplace

13. Build your own low-cost password cracker on the blockchain for

    fun and profit! - Renaud Lifchitz 13 A password marketplace? • A common task for security auditors: assess the strength of password hashes • A test on a single CPU/GPU for a few hours is usually not enough compared to motivated attackers • So the idea is to build a collaborative marketplace with incentives to help: – people submit their password hashes with given rewards – the one who solves a hash is given the corresponding reward

14. Build your own low-cost password cracker on the blockchain for

    fun and profit! - Renaud Lifchitz 14 A fully decentralized application? (1/2) • We need a fully decentralized application to avoid cheating, censorship, DDoS, downtime… • Several parts should be decentralized: – web back-end (core logic/app) – web front-end (storage of HTML/JS/CSS) – domain name (storage and resolver)

15. Build your own low-cost password cracker on the blockchain for

    fun and profit! - Renaud Lifchitz 15 A fully decentralized application? (2/2) • I have chosen Ethereum technology with some beta components: – web back-end: Ethereum smart contract – web front-end: Ethereum Swarm – domain name: Ethereum Name Service (ENS)

16. Build your own low-cost password cracker on the blockchain for

    fun and profit! - Renaud Lifchitz 16 Anti-cheat tricks • For the submitter: – You pay the reward in advance and it is locked (no insolvency) • For the solver: – You have to pay a small fee to submit an answer (no bruteforce) – Answer is verified by thousands of nodes (no corrupted server) • For all users: – Decentralized application (no DoS/DDoS, downtime)

17. Build your own low-cost password cracker on the blockchain for

    fun and profit! - Renaud Lifchitz 17 The Ethereum blockchain • https://www.ethereum.org/ • More than 38,000 online nodes!: https://www.ethernodes.org most secured/trustable blockchain nowadays  • Average block/transaction time: 15 seconds • Allows safe execution of logic through smart contracts • Allow payments with its digital currency, ether (ETH): https://coinmarketcap.com/currencies/ethereum/ • “Ethereum: the World Computer”: https://www.youtube.com/watch?v=j23HnORQXvs

18. Build your own low-cost password cracker on the blockchain for

    fun and profit! - Renaud Lifchitz 18 Decentralized name service: Ethereum Name Service (ENS) • An ENS entry can map a .eth name to: – an individual Ethereum account – a content hash for decentralized storage (Swarm or IPFS) • ENS official web site: https://ens.domains/ • Booking an entry: https://registrar.ens.domains/ • ENS stats: https://ens.codetract.io/

19. Build your own low-cost password cracker on the blockchain for

    fun and profit! - Renaud Lifchitz 19 Decentralized storage: Ethereum Swarm • Peer-to-peer storage and serving solution • DDOS-resistant, zero-downtime, fault-tolerant, censorship-resistant and self-sustaining with incentives (soon) • Swarm protocol: bzz:// • Swarm official web site is stored using… Swarm and is also a Swarm gateway: – http://swarm-gateways.net/ redirects to http://swarm-gateways.net/bzz:/theswarm.eth/ – theswarm.eth resolves to 0x9b34db0158bad197cb28b374c79cd4090d5d75e197d0f118a8fc23835f3a22e0 – http://swarm-gateways.net/bzz:/9b34db0158bad197cb28b374c79cd4090d5d75e197d0f118a8fc23835f3a22e0/ • Other examples: – Photo album: http://swarm-gateways.net/bzz:/photoalbum.eth/ – Rickroll GIF: http://swarm-gateways.net/bzz:/2c2b937364f283c3ee82bc70542849f850c88abf1d10c0264a96fa8fe7da81da

20. Build your own low-cost password cracker on the blockchain for

    fun and profit! - Renaud Lifchitz 20 Decentralized apps: smart contracts • A smart contract is an application core • Once deployed: – No one can modify the code or stop its execution – The code runs simultaneously on all the nodes • Smart contract + web front-end = “dApp” (https://dapps.ethercasts.com/) • Ethereum smart contracts main programming language: Solidity

21. Build your own low-cost password cracker on the blockchain for

    fun and profit! - Renaud Lifchitz 21 Solidity basics • High-level language, syntax similar to JavaScript • Compiled to bytecode then deployed on the blockchain • Designed to target the Ethereum Virtual Machine (EVM) • Statically typed, supports inheritance, libraries, complex user- defined types... • Ability to create contracts for voting, crowdfunding, blind auctions, multi-signature wallets and more! • Official documentation: https://solidity.readthedocs.io/en/develop/

22. Build your own low-cost password cracker on the blockchain for

    fun and profit! - Renaud Lifchitz 22 Solidity code example Sequestration of funds until 30th July 2020 (https://hodlethereum.com/deposit)

23. Build your own low-cost password cracker on the blockchain for

    fun and profit! - Renaud Lifchitz 23 Developing & deploying the smart contract • Contract can be written using Browser Solidity: https://ethereum.github.io/browser-solidity/ • Contract can be tested using Truffle framework: http://truffleframework.com/ or Ethereum testnet (currently “Ropsten”) • Contract can be deployed & used using: – Parity: https://parity.io/ – Mist: https://github.com/ethereum/mist/releases

24. Build your own low-cost password cracker on the blockchain for

    fun and profit! - Renaud Lifchitz 24 Using the marketplace bzz:/passwords.eth

25. Build your own low-cost password cracker on the blockchain for

    fun and profit! - Renaud Lifchitz 25 A few words... • Nice and usable proof-of-concept but: – Limited to SHA256 hashes for the moment: lack of other interesting hash functions in the EVM, and high transaction fees to develop new ones  a solution would be to use a trusted oracle – Code is quite ugly, need some fixes before being published • Use it, share it, and audit your passwords!

26. Build your own low-cost password cracker on the blockchain for

    fun and profit! - Renaud Lifchitz 26 Thank you! Any questions? Ethereum: 0x0009Fd382E99dDD801736Ea4075a2eE5e4916B72 ENS: nono2357.eth Tips are welcome!  @nono2357