C 604: Capture the Ether: Guess the Secret Number (15 pts.)

What You Need

A computer with Firefox or Chrome

Purpose

To learn Solidity hacking.

Preparation

You should already have the MetaMask browser extension, some Ropsten test Eth, and have completed the first Capture The Ether challenge.

Guess the Secret Number

In your browser, go to: https://capturetheether.com/challenges/lotteries/guess-the-secret-number/

You see the "Guess the secret number" page, as shown below.

Read the Solidity code. Notice these things:

The first function is the constructor.
Constructing this contract requires a payment of 1 Ether.
The guess() function also costs 1 Ether.
The guess() function takes a numerical input n, of type uint8
The answer is set at the top to a fixed hash value.
To win, the hash value keccak256(n) must match the answer.

Cracking the Hash

The keecak256 function used in Solidity is not the same as SHA3-256. The best way to crack it is to write a new Solidity contract.

In this case, the input is only 8 bits long, so there are only 256 possible values. from 0 to 255.

Using Remix

You should already have a Remix tab open. If you don't, open a new browser tab and go to

http://remix.ethereum.org/

Pasting in the Solidity Code

On the left side, in the FILE EXPLORERS pane, click the "File explorers" icon, outlined in green in the image below.

Right-click the contracts folder and click "New File".

Name the new file crack.sol

Paste in the code below.

pragma solidity ^0.4.21; contract crack{ bytes32 answerHash = 0xdb81b4d58595fbbbb592d3661a34cdca14d7ab379441400cbfa1b78bc447c365; function check() public view returns(uint8) { for (uint8 i=0; i<256; i++) { if (keccak256(i) == answerHash) { return i; } } } }

On the left side of the Remix page, click the Compile icon, outlined in red in the image above.

Click the "Compile crack.sol" button.

Then click the Deploy icon, outlined in light blue in the image above.

Using the Local JavaScript VM

There's no need to deploy the crack contract to the public blockchain. We'll only use it once.

In the "DEPLOY & RUN TRANSACTIONS" pane, at the top, change the ENVIRONMENT to "JavaScript VM (London)", outlined in green in the image below.

Click the orange Deploy button.

At the bottom of the "DEPLOY & RUN TRANSACTIONS" pane, expand the "CRACK AT ..." container.

Click the blue-gray check button.

The answer appears, covered by a red rectangle in the image below. Make a note of it.

Deploying the GuessTheSecretNumberChallenge Contract

On the "Guess the secret number" page, on the left side, click the "Begin Challenge" button.

A MetaMask box pops up.

Click Confirm.

After a few seconds, the left side of the page shows your contract's address, as shown below.

Using Remix

In Remix, on the left side, in the FILE EXPLORERS pane, click the "File explorers" icon, outlined in green in the image below.

Right-click the contracts folder and click "New File".

Name the new file secret.sol

Paste in the code from the "Guess the secret number" page, as shown below.

On the left side of the Remix page, click the Compile icon, outlined in red in the image above.

Click the "Compile secret.sol" button.

Then click the Deploy icon, outlined in light blue in the image above.

Connecting to the Deployed Contract

In the Remix page, on the left, in the "DEPLOY & RUN TRANSACTIONS" pane, make sure the ENVIRONMENT is set to "Injected Web3", outlined in green in the image below.

On the "Guess the secret number" page, copy the address of your deployed contract.

In the Remix page, in the lower portion of the "DEPLOY & RUN TRANSACTIONS" pane, paste that address into the box next to the "At Address" button, outlined in red in the image below.

Click the "At Address" button.

Calling the guess Function

In the Remix page, at the bottom of the "DEPLOY & RUN TRANSACTIONS" pane, expand the "GUESSTHESECRETNUMBERCHALLENGE AT ..." container.

In the field next to the red guess button, enter the answer you found from your crack contract, covered by a green rectangle in the image above.

Enter a VALUE of 1 Ether, outlined in light blue in the image above.

Click the red guess button.

If a box pops up saying "Gas estimation failed", click "Send Transaction".

A MetaMask box pops up. Notice that the amount sent is less than 1 ETH, outlined in blue in the image above.

Click Confirm.

At the lower right, a green check mark appears, showing that the transaction succeeded.

Flag C 604.1 Number (15 pts)
The flag is the number you sent, covered by a green rectangle in the image above.

Completing the Challenge

On the "Guess the secret number" page, on the left side, click the "Check Solution" button.

A MetaMask box pops up. Click Confirm. You win, and a little dancing figure appears on the lower left, as shown below.

Sources

Ethereum Smart Contract Development | Capture the Ether Problem 1 & 2
Capture the Ether (Part 1 of 3): Exploring Ethereum Lottery Vulnerabilities
Capture The Ether: token sale
Capture The Ether: token whale
Solidity array overflow

Posted 5-20-22 by Sam Bowne