Saturday, August 22, 2020

Gridcoin - The Bad

In this post we will show why Gridcoin is insecure and probably will never achieve better security. Therefore, we are going to explain two critical implementation vulnerabilities and our experience with the core developer in the process of the responsible disclosure. 
    In our last blog post we described the Gridcoin architecture and the design vulnerability we found and fixed (the good). Now we come to the process of responsibly disclosing our findings and try to fix the two implementation vulnerabilities (the bad).

    Update (15.08.2017):
    After the talk at WOOT'17 serveral other developers of Gridcoin quickly reached out to us and told us that there was a change in responsibility internally in the Gridcoin-Dev team. Thus, we are going to wait for their response and then change this blog post accordingly. So stay tuned :)

    Update (16.08.2017):
    We are currently in touch with the whole dev team of Gridcoin and it seems that they are going to fix the vulnerabilities with the next release.


    TL;DR
    The whole Gridcoin currency is seriously insecure against attacks and should not be trusted anymore; unless some developers are in place, which have a profound background in protocol and application security.

    What is Gridcoin?

    Gridcoin is an altcoin, which is in active development since 2013. It claims to provide a high sustainability, as it has very low energy requirements in comparison to Bitcoin. It rewards users for contributing computation power to scientific projects, published on the BOINC project platform. Although Gridcoin is not as widespread as Bitcoin, its draft is very appealing as it attempts to  eliminate Bitcoin's core problems. It possesses a market capitalization of $13,530,738 as of August the 4th 2017 and its users contributed approximately 5% of the total scientific BOINC work done before October 2016.

    A detailed description of the Gridcoin architecture and technical terms used in this blog post are explained in our last blog post.

    The Issues

    Currently there are 2 implementation vulnerabilities in the source code, and we can mount the following attacks against Gridcoin:
    1. We can steal the block creation reward from many Gridcoin minters
    2. We can efficiently prevent many Gridcoin minters from claiming their block creation reward (DoS attack)
    So why do we not just open up an issue online explaining the problems?

    Because we already fixed a critical design issue in Gridcoin last year and tried to help them to fix the new issues. Unfortunately, they do not seem to have an interest in securing Gridcoin and thus leave us no other choice than fully disclosing the findings.

    In order to explain the vulnerabilities we will take a look at the current Gridcoin source code (version 3.5.9.8).

    WARNING: Due to the high number of source code lines in the source files, it can take a while until your browser shows the right line.

    Stealing the BOINC block reward

    The developer implemented our countermeasures in order to prevent our attack from the last blog post. Unfortunately, they did not look at their implementation from an attacker's perspective. Otherwise, they would have found out that they conduct not check, if the signature over the last block hash really is done over the last block hash. But we come to that in a minute. First lets take a look at the code flow:

    In the figure the called-by-graph can be seen for the function VerifyCPIDSignature.
    1. CheckBlock → DeserializeBoincBlock [Source]
      • Here we deserialize the BOINC data structure from the first transaction
    2. CheckBlock → IsCPIDValidv2 [Source]
      • Then we call a function to verify the CPID used in the block. Due to the massive changes over the last years, there are 3 possible verify functions. We are interested in the last one (VerifyCPIDSignature), for the reason that it is the current verification function.
    3. IsCPIDValidv2 → VerifyCPIDSignature [Source]
    4. VerifyCPIDSignature → CheckMessageSignature [Source, Source]
    In the last function the real signature verification is conducted [Source]. When we closely take a look at the function parameter, we see the message (std::string sMsg)  and the signature (std::string sSig) variables, which are checked. But where does this values come from?


    If we go backwards in the function call graph we see that in VerifyCPIDSignature the sMsg is the string sConcatMessage, which is a concatenation of the sCPID and the sBlockHash.
    We are interested where the sBlockHash value comes from, due to the fact that this one is the only changing value in the signature generation.
    When we go backwards, we see that the value originate from the deserialization of the BOINC structure (MiningCPID& mc) and is the variable mc.lastblockhash [Source, Source]. But wait a second, is this value ever checked whether it contains the real last block hash?

    No, it is not....

    So they just look if the stored values there end up in a valid signature.

    Thus, we just need to wait for one valid block from a researcher and copy the signature, the last block hash value, the CPID and adjust every other dynamic value, like the RAC. Consequently, we are able to claim the reward of other BOINC users. This simple bug allows us again to steal the reward of every Gridcoin researcher, like there was never a countermeasure.

    Lock out Gridcoin researcher
    The following vulnerability allows an attacker under specific circumstances to register a key pair for a CPID, even if the CPID was previously tied to another key pair. Thus, the attacker locks out a legit researcher and prevent him from claiming BOINC reward in his minted blocks.

    Reminder: A beacon is valid for 5 months, afterwards a new beacon must be sent with the same public key and CPID.

    Therefore, we need to take a look at the functions, which process the beacon information. Every time there is a block, which contains beacon information, it is processed the following way (click image for higher resolution):


    In the figure the called-by-graph can be seen for the function GetBeaconPublicKey.
    We now show the source code path:
    • ProcessBlock → CheckBlock [Source]
    • CheckBlock → LoadAdminMessages [Source]
    • LoadAdminMessages → MemorizeMessages [Source]
    • MemorizeMessages → GetBeaconPublicKey [Source]
    In the last function GetBeaconPublicKey there are different paths to process a beacon depending on the public key, the CPID, and the time since both were associated to each other.
    For the following explanation we assume that we have an existing association (bound) between a CPID A and a public key pubK_A for 4 months.
    1. First public key for a CPID received [Source]
      • The initial situation, when pubK_A was sent and bind to CPID  A (4 months ago)
    2. Existing public key for a CPID was sent [Source]
      • The case that pubK_A was resent for a CPID A, before the 5 months are passed by
    3. Other public key for a CPID was sent [Source]
      • The case, if a different public key pubK_B for the CPID A was sent via beacon.
    4. The existing public key for the CPID is expired
      • After 5 months a refresh for the association between A and pubK_A is required.
    When an incoming beacon is processed, a look up is made, if there already exists a public key for the CPID used in the beacon. If yes, it is compared to the public key used in the beacon (case 2 and 3).
    If no public key exists (case 1) the new public key is bound to the CPID.

    If a public key exists, but it was not refreshed directly 12.960.000 seconds (5 months [Source]) after the last beacon advertisement of the public key and CPID, it is handled as no public key would exist [Source].

    Thus, case 1 and 4 are treated identical, if the public key is expired, allowing an attacker to register his public key for an arbitrary CPID with expired public key. In practice this allows an attacker to lock out a Gridcoin user from the minting process of new blocks and further allows the attacker to claim reward for BOINC work he never did.

    There is a countermeasure, which allows a user to delete his last beacon (identified by the CPID) . Therefore, the user sends 1 GRC to a special address (SAuJGrxn724SVmpYNxb8gsi3tDgnFhTES9) from an GRC address associated to this CPID [Source]. We did not look into this mechanism in more detail, because it only can be used to remove our attack beacon, but does not prevent the attack.

    The responsible disclosure process

    As part of our work as researchers we all have had the pleasure to responsible disclose the findings to developer or companies.

    For the reasons that we wanted to give the developer some time to fix the design vulnerabilities, described in the last blog post, we did not issue a ticket at the Gridcoin Github project. Instead we contacted the developer at September the 14th 2016 via email and got a response one day later (2016/09/15). They proposed a variation of our countermeasure and dropped the signature in the advertising beacon, which would result in further security issues. We sent another email (2016/09/15) explained to them, why it is not wise to change our countermeasures and drop the signature in the advertising beacon.
    Unfortunately, we did not receive a response. We tried it again on October the 31th 2016. They again did not respond, but we saw in the source code that they made some promising changes. Due to some other projects we did not look into the code until May 2017. At this point we found the two implementation vulnerabilities. We contacted the developer twice via email (5th and 16th of May 2017) again, but never received a response. Thus, we decided to wait for the WOOT notification to pass by and then fully disclose the findings. We thus have no other choice then to say that:

    The whole Gridcoin cryptocurrency is seriously insecure against attacks and should not be trusted anymore; unless some developers are in place, which have a profound background in protocol and application security.

    Further Reading
    A more detailed description of the Gridcoin architecture, the old design issue and the fix will be presented at WOOT'17. Some days after the conference the paper will be available online.
    Related links

    1. Install Pentest Tools Ubuntu
    2. Pentest Tools Tcp Port Scanner
    3. Pentest Tools Review
    4. Pentest Tools Website Vulnerability
    5. Pentest Recon Tools
    6. Beginner Hacker Tools
    7. Pentest Tools
    8. Hacking Tools Usb
    9. Hacker Tool Kit
    10. Hacking Apps
    11. Pentest Tools Subdomain
    12. Hacker Hardware Tools
    13. Ethical Hacker Tools
    14. Hak5 Tools
    15. Hacker Tools Free Download
    16. Hacker Tool Kit
    17. Hacking Tools 2019
    18. Hacker Tools List
    19. Hack Tools Mac
    20. Android Hack Tools Github
    21. Pentest Tools Github
    22. Hack Tools Mac
    23. Pentest Tools Windows
    24. Hacking Tools For Pc
    25. Hacker Tools 2019
    26. Game Hacking
    27. Pentest Tools For Android
    28. Hacks And Tools
    29. How To Make Hacking Tools
    30. Game Hacking
    31. Hack Tools
    32. Hacking Tools Windows 10
    33. Underground Hacker Sites
    34. Hack Tools For Mac
    35. Pentest Tools Nmap
    36. Hack Apps
    37. Hacking Tools For Mac
    38. How To Make Hacking Tools
    39. Hacking Tools For Mac
    40. Hack Tools 2019
    41. Hack Tool Apk
    42. Pentest Tools
    43. Pentest Reporting Tools
    44. Pentest Tools Port Scanner
    45. Hacks And Tools
    46. How To Hack
    47. Ethical Hacker Tools
    48. Hacking Tools Pc
    49. Pentest Tools Free
    50. Kik Hack Tools
    51. Hacking Tools Kit
    52. Install Pentest Tools Ubuntu
    53. Pentest Tools Kali Linux
    54. Underground Hacker Sites
    55. Install Pentest Tools Ubuntu
    56. Pentest Tools Open Source
    57. Hacker
    58. Pentest Tools Online
    59. Hak5 Tools
    60. Hacking Tools And Software
    61. Hacking Tools Free Download
    62. Hack Tools For Pc
    63. Usb Pentest Tools
    64. Nsa Hack Tools
    65. Pentest Tools List
    66. Game Hacking
    67. Hacker Hardware Tools
    68. Pentest Recon Tools
    69. What Is Hacking Tools
    70. Hacker Tools For Pc
    71. Hacking Tools Usb
    72. Hacker Tools Software
    73. Tools For Hacker
    74. Pentest Tools Url Fuzzer
    75. Pentest Tools Url Fuzzer
    76. Kik Hack Tools
    77. Pentest Tools Download
    78. Android Hack Tools Github
    79. Hacker Tools Online
    80. Hacking Tools Name
    81. Growth Hacker Tools
    82. Hacking Tools For Games
    83. Hack Rom Tools
    84. New Hack Tools
    85. Hacker Tools Github
    86. Hacker Tools Free
    87. Pentest Tools Review
    88. Hacker Tools Windows
    89. Hack Apps
    90. How To Hack
    91. Hack App
    92. Hacker
    93. Pentest Tools For Android
    94. Hacker
    95. Hack Tools Download
    96. Hacker Tools Apk Download
    97. Hacker Tools Apk
    98. Hack App
    99. Hacker Techniques Tools And Incident Handling
    100. Physical Pentest Tools
    101. Hacking Tools Software
    102. Pentest Tools List
    103. Hacking Tools
    104. Pentest Tools Website Vulnerability
    105. Hack Tools
    106. Pentest Tools Online
    107. Hacker Tool Kit
    108. Hacker
    109. Hacker Tools
    110. Hack Tools For Windows
    111. Tools 4 Hack
    112. Hack Tools Mac
    113. Hack Apps
    114. Game Hacking
    115. Hack Tool Apk No Root
    116. Pentest Tools For Windows
    117. Pentest Tools Url Fuzzer
    118. Pentest Tools Website Vulnerability
    119. Hacker Search Tools
    120. New Hacker Tools
    121. Android Hack Tools Github
    122. Hacking Tools Usb
    123. Hacker Tools Free
    124. Install Pentest Tools Ubuntu
    125. Hacker Security Tools
    126. Game Hacking
    127. Hacking Tools
    128. Pentest Box Tools Download
    129. Hacking Tools And Software
    130. Physical Pentest Tools
    131. Hack Tools Online
    132. Hack Tool Apk No Root
    133. Pentest Tools
    134. Pentest Tools Framework
    135. New Hacker Tools
    136. Hacker Tools List
    137. What Is Hacking Tools
    138. Hacker Tools Software
    139. Hacker Tools Free Download
    140. Hacker Tools For Ios
    141. How To Install Pentest Tools In Ubuntu
    142. Hack Tools Pc
    143. Best Hacking Tools 2020
    144. Hacker Tools Free Download
    145. Hacker Tools For Ios
    146. Hacker Tools Apk
    147. Hacker Tools Software
    148. Physical Pentest Tools
    149. Hacking Tools For Windows
    150. Hacking Tools Download
    151. Hacking Tools Mac
    152. Hacker Tools Online
    153. Hacking Tools For Kali Linux
    154. Pentest Tools For Ubuntu
    155. Hacker Search Tools
    156. How To Install Pentest Tools In Ubuntu
    157. Hackers Toolbox

    No comments:

    Why Should you take care of Day by Day Pregnancy?


    Taking care of your baby and your body on Day by Day Pregnancy

    If you're pregnant now, you should know how important is to take care of yourself and your future baby. Well, pregnant is something that every married girl dream of. Sooner or later, after you married and settle down, your husband and yourself will love to have a new comer in your house, especially if only both of you living together without living with your other family members like your parents, grandparents or any other sibling

    It is extremely important to take care of your baby and yourself on day by day pregnancy. You must eat the right food and make sure that the food you ate will not harm your baby and yourself.

    Yes, pregnant is great, eating right and good nutrition food for your baby is a must! but how about the excessive pounds you will get when you're pregnant and after you delivered? is it something that you must consider of? as a woman, it is extremely important to take care of our weight, fat means ugly, and what happen when we're fat? of course, we will lost our self confident at first. And what happen when we lost our self confident?

    If you're not even dare to look at yourself in the mirror, do you think that your belove husband will like to hug you, kiss you and look at you like before? even if your husband looks at you like before, you might probably think, "what's wrong with him, he look at my fat meat all the time!"

    well, dont' let this happens to you. It is Extremely important to get rid of the excessive fat during and after pregnancy.

    Here at Pregnancy Without Pounds, I found an absolutely great course and guide for your day by day pregnancy course, free of charge. They'll send you article and some guide several times a week for you to learn how to take care of yourself and your baby.

    This is what they claim: