Ret2Cringe

April 14, 2022

UmdCTF 2022 Blockchain 1 - Hashcash

For this challenge we were given a tcp endpoint which used hashcash to prevent spam

Basic Information

The server provides us with some information about the hashcash configuration ver = 1 leading zero bits = 20 date format YYMMDD

The construction of a hashcash header looks like this:

VER:LEADING_ZERO_BITS:DATE:RESOURCE::RAND:COUNTER

In our situation we probably want to send an email to the service admin, Gary so we can derive our header must look something like this

1:20:220307:[email protected]::RAND:COUNTER

Being Lazy

Now, implementing hashcash is very easy, but I am quite lazy, so I decided to take some existing code from github and to apply a few changes for our challenge

12a13
> import base64
71c72
<     date_str = datetime.utcnow().strftime("%Y%m%d%H%M%S")
---
>     date_str = datetime.utcnow().strftime("%y%m%d")
73c74
<     rand = ''.join(rand_chars[randint(0, rc_len-1)] for x in range(0, 10))
---
>     rand = base64.b64encode(bytes(''.join(rand_chars[randint(0, rc_len-1)] for x in range(0, 10)), 'ascii')).decode("utf-8")
78c79
<         stamp = ":".join(str(elem) for elem in [ver, bits, date_str, resource, ext, rand, counter])
---
>         stamp = ":".join(str(elem) for elem in [ver, bits, date_str, resource, ext, rand, base64.b64encode(bytes(str(counter), 'ascii')).decode("utf-8")])

This allows us to generate the header and retrieve the flag I assume that due to this challenge trying to be a buildup for the second Blockchain challenge it was designed to be this simple

Flag

UMDCTF{[email protected][email protected]_0f_pr00f_0f_w0rk}