Skip to content

A complete environment utilizing the Tide Protocol used for public audit and hacking bounty

License

Notifications You must be signed in to change notification settings

tide-foundation/Tide-h4x-for-Privacy

Repository files navigation

Tide h4x for Privacy

The H4X experiment is a showcase of the Tide Protocol's novel authentication and data privacy protection technology, inviting the community to learn, contribute and engage with Tide on the development of the protocol. It also challenges participants to find security flaws by placing a real bitcoin behind its protection. The concept is quite simple. The details of 1 Bitcoin were stored in the simplest website setup: on a database record behind a web server. Anyone logging in to that website using the correct username and password will see those details. All typical defences around that set up were removed. No firewalls, no added security. It should be easy work for any hacker to crack that. The twist: Tide's unique protection mechanism was used on the data and the website authentication. Supposedly, even if one cracks the whole thing, it would be impractical to crack the authentication or extract the data. Anyone who does, the bitcoin is theirs, and we're back to the drawing board. This project code is an open-source and provides ability to recreate the entire environment locally.

Terminology

Below are terms that are important to understand within the context of the Tide Protocol.

Seeker - Any organization or business seeking to engage with or collect consumer data.

Vendor - Any consumer-facing organization or business that collects, manages and stores consumer data. In this context, the H4X website.

Consumer - Any individual natural person that has a uniquely identified representation or data footprint (usually in the form of a user account or identity) in a Vendor’s database. In this context: the H4X target, owner of the bitcoin wallet.

Smart Contract - a computer protocol intended to digitally facilitate, verify, or enforce the negotiation or performance of a contract.

ORK - Orchestrated Recluder of Keys - The Tide Protocol decentralized nodes

Key Pair - consist of a Secret Key (SK) and Public Key (PK)

Architecture

alt text

Flow Diagram

alt text

Components

  1. Raziel.Contracts - smartcontracts for the challenge.
  2. Raziel.Creator - account creationg for the challenge.
  3. Raziel.Front - challenge frontend website.
  4. Raziel.Generator - key creation.
  5. Raziel.Library - Tide libraries which includes encryption.
  6. Raziel.ORK - decentralized ORK nodes.
  7. Raziel.Vendor - API layer that handles database access and token authentication.

Installation

While the live H4X environment is staged with lots of nodes, hosted across 3 different public clouds, utilizing EOS mainnet, this guide assists you to replicate the entire environment locally, on a small scale, using EOS jungle testnet (free), with just 3 ORK nodes - so it doesn't cost you.

While all the components of the this environment are cross-platform, this manual describes how to set it up in a Windows environment. Similar steps can be followed to achieve the same on Linux.

The architecture, therefore, is slightly different and looks like this: alt text

Prerequisite

The following components are required to be set up ahead of the deployment:

  1. .NET Core 2.2 Build apps - SDK
  2. Node.js - LTS
  3. Cleos
  4. Clone Repository git clone https://github.com/tide-foundation/Tide-h4x-for-Privacy

Installing Cleos in Windows 10

There are two options when running EOS in a Windows environment: Docker or Linux for Windows. Provided below are the steps in running Cleos using Linux/Ubuntu for Windows 10.

  1. Windows subsystems is required to run Ubunutu under windows, run this command in an administrator powershell:
    Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux
    
  2. Get Ubuntu from Windows Store Ubuntu Windows 10.
  3. Install Ubuntu and Login.
  4. Within the Ubuntu shell, download and install the following EOS binaries
    wget https://github.com/EOSIO/eos/releases/download/v1.7.0/eosio_1.7.0-1-ubuntu-18.04_amd64.deb
    sudo apt install ./eosio_1.7.0-1-ubuntu-18.04_amd64.deb
    wget https://github.com/EOSIO/eosio.cdt/releases/download/v1.6.1/eosio.cdt_1.6.1-1_amd64.deb
    sudo apt install ./eosio.cdt_1.6.1-1_amd64.deb
    

Deployment

EOS

This deployment utilizes EOS "jungle" testnet environment and needs to run within the Ubuntu shell.

  1. Create EOS Wallet by running cleos wallet create --to-console. This will create a default wallet. Take note of the WALLET_PASSWORD

  2. Generate a keypair for the master account cleos create key --to-console. Take note of the generated PK_MASTER SK_MASTER keypair.

  3. Import the private keys into the newly created cleos wallet by running cleos wallet import --private-key <SK_MASTER>.

  4. Navigate to the EOS Jungle website for the Account Creation.

  5. Create an EOS account by Create Account. Use the generated <PK_MASTER> for both the Owner Public Key and Active Public Key fields. The Account Name you've entered is the MASTER_ACCOUNT designation.

  6. The MASTER_ACCOUNT will need some RAM delegated for the smartcontract and transaction processing. Use the faucet on the EOS Jungle site to give the Account Name <MASTER_ACCOUNT> some EOS. The account should now be funded with 100 EOS.

  7. To stake EOS funds, run this command in cleos cleos -u http://jungle2.cryptolions.io:80 system buyram <MASTER_ACCOUNT> <MASTER_ACCOUNT> "75 EOS" (FYI: The -u parameter allows cleos to run this command in jungle testnet).

    Expand this if your wallet got locked Should the wallet lock, run the following command
    cleos wallet unlock --password <WALLET_PASSWORD>
    
  8. Generate a keypair for each of the 3 ORK nodes using cleos.

    cleos create key --to-console
    cleos create key --to-console
    cleos create key --to-console
    

    Take a note of the 3 created keypairs PK_ORK1 SK_ORK1, PK_ORK2 SK_ORK2, PK_ORK3 SK_ORK3.

  9. Using the Master Account, create a new EOS account for each of the 3 ORK nodes:

    cleos -u http://jungle2.cryptolions.io:80 system newaccount --stake-net "1.0000 EOS" --stake-cpu "1.0000 EOS" --buy-ram-kbytes 8 <MASTER_ACCOUNT> <ORK1xACCOUNT> <PK_ORK1> <PK_ORK1>
    cleos -u http://jungle2.cryptolions.io:80 system newaccount --stake-net "1.0000 EOS" --stake-cpu "1.0000 EOS" --buy-ram-kbytes 8 <MASTER_ACCOUNT> <ORK2xACCOUNT> <PK_ORK2> <PK_ORK2>
    cleos -u http://jungle2.cryptolions.io:80 system newaccount --stake-net "1.0000 EOS" --stake-cpu "1.0000 EOS" --buy-ram-kbytes 8 <MASTER_ACCOUNT> <ORK3xACCOUNT> <PK_ORK3> <PK_ORK3>
    

    Note: <ORKx_ACCOUNT> needs to be 12 characters of a-z and 1-9 eg ork1accountx)

  10. Navigate to the onboarding folder cd ../src/Raziel-Contracts/onboarding/

  11. Compile the onboarding contract: eosio-cpp -abigen -o onboarding.wasm onboarding.cpp

  12. Upload the contract to EOS: cleos -u http://jungle2.cryptolions.io:80 set contract <MASTER_ACCOUNT> ../onboarding -p <MASTER_ACCOUNT>@active.

Credential Generation

The following steps occur outside the Ubuntu shell, under the location of the downloaded git repository.

  1. Navigate to the Raziel.Generator folder and run dotnet run 3. This will generate 3 sets of credentials. One for each of the ORK nodes:
  2. ORK1_CRYPTO_PK, ORK1_CRYPTO_SK, ORK1_CRYPTO_PASSWORD, ORK1_CRYPTO_KEY
  3. ORK2_CRYPTO_PK, ORK2_CRYPTO_SK, ORK2_CRYPTO_PASSWORD, ORK2_CRYPTO_KEY
  4. ORK3_CRYPTO_PK, ORK3_CRYPTO_SK, ORK3_CRYPTO_PASSWORD, ORK3_CRYPTO_KEY

ORKs

  1. Navigate to Raziel/Raziel.Ork. Open appsettings.json and populate it with the EOS Jungle settings:

        {
         "Settings": {
     	"BlockchainChainId": "e70aaab8997e1dfce58fbfac80cbbb8fecec7b99cf982a9444273cbc64c41473",
     	"BlockchainEndpoint": "http://jungle2.cryptolions.io:80",
     	"Onboarding": "tidecontract",
     	"UsersTable": "tideusers",
     	"FragmentsTable": "tidefrags",
     	"LoggerSettings": {
     	    "Connection": "",
     	    "Identifier": "Ork"
     	}
    
         }
     }
  2. Edit appsettings.orkn.json and populate using the following settings. Replace the variables with the details generated earlier. Perform this for all 3 ORK setting files (change n with the ORK number: 1, 2, 3).

    {
      "Settings": {
        "Account": "<ORKnxACCOUNT>",
        "PublicKey": "<ORKn_CRYPTO_PK>",
        "PrivateKey": "<ORKn_CRYPTO_SK>",
        "EosPrivateKey": "<SK_ORKn>",
        "Password": "<ORKn_CRYPTO_PASSWORD>",
        "Key": "<ORKn_CRYPTO_KEY>"
      }
    }
  3. Run the ORK nodes with the following commands in seperate terminals:

    dotnet run "https://localhost:5401" --environment "Ork1"
    dotnet run "https://localhost:5402" --environment "Ork2"
    dotnet run "https://localhost:5403" --environment "Ork3"
    
  4. Test the nodes to ensure that it works by visiting https://localhost:5401/discover in a web browser. There should be a result similar to the following:

    {
       "success": true,
       "content": {
           "account": "<ORK1xACCOUNT>",
           "url": "https://localhost:5401",
           "publicKey": "<ORKn_CRYPTO_PK>"
       },
       "error": null
    }

Database & Vendor

  1. Navigate to Raziel/Raziel.Vendor. Edit appsettings.json and populate it with the following (feel free to use the pre-filled values):

     "VendorSettings": {
           "Password": "password",
           "Key": "dq8p8NiQ134WK94hUVlp%Ge%IiJXDsP9MPNFS%@qplGG#drX9!y7RWh&#e@xKC8ut%9ACw5^W^^6@SC",
           "Connection": "This is used for SQL Server when deploying to a production environment. Leave this blank otherwise.",
           "LoggerSettings": {
               "Connection": "",
               "Identifier": "Ork"
           }
       }
  2. Run dotnet ef migrations add Initial to create a migration. Run dotnet ef database update to create a sqlite database and push the required scaffolding.

  3. Run the vendor using dotnet run --environment "Dev". Take note of the endpoint shown on screen.

Account Creation

  1. Navigate to Raziel/Raziel.Creator and run npm install.
  2. Install webpack dependencies
    npm install --global webpack
    npm install --global webpack-cli
    
  3. You can change config.js settings to reflect changes you've made to default values (If you didn't change those, don't worry about it)
  4. Run the command webpack to compile the changes made to config.js.
  5. Open index.html in a web browser, fill in the details. The added placeholder values are for brevity.
  6. Click the Create Account button. When successful, 'Account created successfully' will appear on screen.

Frontend Setup

  1. Navigate to \src\Raziel.Front run npm install.
  2. Under Raziel.Front\src\assets\js\config.js you can set the ORK node endpoint array and the password if you changed those in vendor appsettings.json. If you didn't change, don't worry about it.
    {
      orkNodes: ["https://localhost:5401", "https://localhost:5402", "https://localhost:5403"],
      vendorEndpoint: "https://localhost:5001"
    }
    
  3. Run the command npm run build. This will compile the website to the /dist folder.
  4. Copy the contents of the \src\Raziel.Front\dist\ to your webserver folder (Xampp, Apache, IIS, etc). If you don't have one installed, simply place the contents of that folder in the main drive root folder *C:* (there should be 2 files and 2 folders).
  5. Open .\index.html for the main website.
  6. Login using the account credentials created in section Account Creation.

More info

The Tide Protocol Whitepaper

Get in touch!

Tide Telegram group

Medium post about this

Tide Subreddit channel

license

About

A complete environment utilizing the Tide Protocol used for public audit and hacking bounty

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published