# DUCTF 2023 BLOCKCHAIN -- Eight Five Four Five

This is my very first time to learn and play with blockchain challenge. I spent quite a lot of time on this and finally ✅ solve my very first blockchain flag. Basically what I learnt from this challenge is to connect to the blockchain infrastructure and be familiar with tools used to solve blockchain (cryptocurrency) challenge.

*Since I am a new learner to **blockchain**, this writeup is not perfect or even not the straight-forward way to solve the task. Some of the explanation might be incorrect. I am open for feedback from everyone 😊*

## Pre-requisite:
1. Basic coding knowledge (especially on **Class and Object**).
2. Enable Chrome/Firefox extension: **MetaMask**.
3. Access **Remix IDE**.

## Write-up:
For blockchain challenge, you definitely can solve completely with JavaScript or Python (import relevant blockchain library). However, as a beginner in this type of challenge, I spent 2 hours to learn the basic way of solving blockchain contract using these two applications: **MetaMask** and **Remix IDE**. In this writeup, I will go through the way I set up the challenge-solving environment, as well as explaining how I write the attack (solving) contract in a *super beginner-friendly* way 👀

A very first step is to setup the challenge website which gives me an account to connect to the DUCTF blockchain network. On the DUCTF site, click on the challenge and start the environment, there will be a link prompting to the setup account and RPC URL to the network that I can use.


<img src="Screenshots/8545 1.png" alt="network" width="400"/>


Accessing the website will give me all the details including my account (*Balance and Private Key*), the blockchain infrastructure connection (*RPC URL*) and the actual contract address. Since this is a CTF challenge so it is fine for me to share the information about the account and the address.


<img src="Screenshots/8545 2.png" alt="detail" width="700"/>


The next step would be to connect to the DUCTF blockchain network (infrastructure). I use **MetaMask** to connect to the network and to manage my account. You can find **MetaMask** as an extension of Chrome or Firefox, then sign up an account for that. By default, it will connect to the **Ethereum Mainnet**. Then everytime coming back to the extension, I can unlock the account by password authentication.


<img src="Screenshots/8545 3.png" alt="pass" width="250"/>


To grab the challenge from DUCTF, I need to connect to the DUCTF blockchain network. So on the top-left corner, I click the *default network* which prompts to the following window allowing me to choose another network:


<img src="Screenshots/8545 4.png" alt="networks" width="200"/>


There is no DUCTF network available by default so I have to manually **add network**. I have to fill in all the required details taken from the DUCTF blockchain website for the network connection. The warning is just alerting about untrusted network... But this is a CTF so nevermind.


<img src="Screenshots/8545 5.png" alt="network" width="350"/>


After finishing the network connection, I also need to change the current account to the account given by DUCTF. On the top-centre option of the interface, click on the **Account** which prompts to a drop-down box. From there, click **Import account**. DUCTF already registered an account for player having balance to transact payment to the blockchain solving process. So, importing the account then I am ready to roll 😎


<img src="Screenshots/8545 6.png" alt="account" width="300"/>


Importing an account will require the corresponding private key (works as a password to connect to the server or network). The private key could also be taken from the DUCTF challenge website above. *Note that each time we start or reset a new session, the private key and contract address might change*. So, if I restart the challenge, I will need to import the new account again. Also, I have to make sure that the session is on during the challenge solving process as well as to maintain the connection to the DUCTF network.


<img src="Screenshots/8545 7.png" alt="key" width="300"/>


Account setup is done ✌️ I have to make sure all the account setup and connection working correctly right before writing any attack against the blockchain infrastructure, otherwise I will fail to pay the transaction and the network could not track that my account has solved the challenge and return the flag to me.


<img src="Screenshots/8545 8.png" alt="account" width="350"/>


Next step I will use **Remix IDE** to write and compile the attack contract. I have to upload the original contract given by DUCTF "**EightFiveFourFive.sol**", and create a new *.sol* file for my attack which I save it as "**test.sol**". 


<img src="Screenshots/8545 9.png" alt="files" width="600"/>


Then, I briefly analyse the given source code (contract). Basically, the task is to make sure the function "**isSolved()**" returns the boolean with the value "**true**". The variable that "**isSolved()**" returns is "**you_solved_it**" being originally set to "**false**", so directly calling the function "**isSolved()**" would not solve the challenge. This beginner task is somehow more difficult than the DUCTF 2022 beginner blockchain challenge. But, with the foundational knowledge of programming, I treat the *contract* as *class* in Java with "**constructor**" and "**function**". So, later on I just have to pass the same parameter to the "**constructor**" and the *function* "**solve_the_challenge**" which will return "**true**" to the variable "**you_solved_it**". Then, simply calling "**isSolved()**" will return "**true**". Challenge done ✅


<img src="Screenshots/8545 10.png" alt="contract" width="600"/>


However, a very clear warning shows that my compiler cannot be compatible with the *solidity version 0.8.19*. So on the left-hand side of the interface, clicking the third icon will lead me to the compiler of the IDE. I can see the current compiler (set to default) is **0.8.18**.


<img src="Screenshots/8545 11.png" alt="compiler" width="300"/>


Quick fix for this: drop down the menu and choose **0.8.19**.


<img src="Screenshots/8545 12.png" alt="compiler" width="300"/>


Next step is to create my attack file. I use the same file extension *.sol* as the original contract, and the same compiler version. Then, I import the original contract as an interface to my attack contract. If you wish, you can instead add an "**import**" statement as in *Python* or *JavaScript* then create an *object* of the original contract in the attack contract. The interface will have both external functions from the original contract. *Note that in the attack contract, I can only use function or variable that is public or external denoted in the original contract*. So, I cannot directly access the "**use_this**" string since it was set to be private. Therefore, I have to access this string via the "**readTheStringHere**" function. Also, I need the function "**solve_the_challenge**" to change the value of "**you_solved_it**". That is why I include these two functions in the defined interface. Come to the constructor of the attack contract, I create an address variable holding the **contract address** given by the DUCTF website which is used to construct the *EightFiveFourFive* contract. Then, inside the constructor, I call the function "**solve_the_challenge**" with the parameter as the "**use_this**" string returned by the function "**readTheStringHere**". Therefore, the "**you_solved_it**" will return "**true**". By this step, my attack contract has been completed.


<img src="Screenshots/8545 13.png" alt="attack" width="300"/>


The next step is to *compile* both contracts. Again, clicking the third icon on the left-hand side will direct to the compiler. Firstly, open the original contract file and click **🔄 Compile**.


<img src="Screenshots/8545 14.png" alt="compiler" width="600"/>


Do the same thing when opening the attack contract.


<img src="Screenshots/8545 15.png" alt="compiler" width="600"/>


Done compile? ready for the transaction to the DUCTF blockchain network 👀 click the fourth icon (below compile) to deploy and "*pay*" for the deployment. But, I have to change the **environment** to **MetaMask** which I use to connect to the DUCTF network.


<img src="Screenshots/8545 16.png" alt="deploy" width="300"/>


Then it will prompt me to choose my account. I choose the second account imported from the DUCTF website (using **private key**).


<img src="Screenshots/8545 17.png" alt="deploy" width="500"/>


I firstly deploy the original contract so that my attack contract could use the *parameterised* contract object later on. Just filling in a random string for the constructor, in this case I fill "**help**". Then click "**deploy**" and *pay* for the transaction fee to the network.


<img src="Screenshots/8545 18.png" alt="deploy" width="650"/>


<img src="Screenshots/8545 19.png" alt="deploy" width="200"/>


After the payment, I can navigate to the transaction session under the deployment tab. I fill in the same string as being passed to the constructor, then click the "**solve_the_challenge**" orange button next to the value to deploy and pay. After that, I click the rest of the functions and see the result that "**isSolved()**" returns. It shows as "**true**"!!!! Done my goal 😎


<img src="Screenshots/8545 22.png" alt="deploy" width="300"/>


But, not finish yet. I have to deploy the attack contract as well. So, I open the the "**test.sol**" file and do the same thing. But, in the drop-down menu, I have to switch to the function "**call**" of the attack contract where my actual function call is carried out. Then, click **deploy** and make a payment.


<img src="Screenshots/8545 24.png" alt="deploy" width="200"/>


Done? to check this I can switch back to my **MetaMask** interface to see the transaction activities. OR! I can quickly go back to the DUCTF blockchain challenge website and navigate to the directory "**challenge/solve**", and this is what it returns to me 👀


<img src="Screenshots/8545 27.png" alt="flag" width="700"/>

## Flag:
The flag is: ***DUCTF{I_can_connect_to_8545_pretty_epic:)}***