Bitcoin Forum
October 21, 2017, 04:30:54 PM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: pchMessageBytes  (Read 920 times)
barrysty1e
Hero Member
*****
Offline Offline

Activity: 550



View Profile WWW
September 03, 2016, 11:57:59 PM
 #1

Hi all,

I was reading a while back regarding the way the Bitcoin/Satoshi clients talk to each other; it seems that they first send a version-type packet, and if the other client sends a version that is too low, or with different parameters that do not match (for example pchMessageBytes); the client will not respond whatsoever.

Is there any known way to get a remote node to effectively reveal its unique pchMessageBytes?
Besides bruteforcing/pattern scanning (as there are 256^4 or 4,294,967,296 different combinations).

Please don't reply if its simply 'why do you want to do that'.

james

mooncoin developer 2DaMooNeT5PDPxwupTFiKoS7KZsFrsWJwd
mine MOON at http://moonrush.org
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508603454
Hero Member
*
Offline Offline

Posts: 1508603454

View Profile Personal Message (Offline)

Ignore
1508603454
Reply with quote  #2

1508603454
Report to moderator
achow101
Moderator
Legendary
*
Offline Offline

Activity: 1190


17kKQppUsngUiByDsce4JXoZEjjpvX9bpR


View Profile WWW
September 04, 2016, 12:18:26 AM
 #2

What do you mean by "pchMessageBytes"? I can't find that anywhere (grepped the entire source).

There is nothing in the protocol that makes a node deliberately disconnect from and refuse to connect to a node that uses an old version number. Nodes will instead just not send the new message types.

Also, there are no unique bytes that must be kept secret in any of the messages.

          ▄█████▄
        ▄█████████▄
      ▄████▀   ▀████▄
    ▄████▀   ▄ ▄█▀████▄
  ▄████▀   ▄███▀   ▀████▄
▄████▀   ▄███▀   ▄   ▀████▄
█████   ███▀   ▄███   █████
▀████▄   ▀██▄▄███▀   ▄████▀
  ▀████▄   ▀███▀   ▄████▀
    ▀████▄       ▄████▀
      ▀████▄   ▄████▀
        ▀███  ████▀
          ▀█▄███▀
.
|
.
|
          ▄█████▄
        ▄█████████▄
      ▄████▀   ▀████▄
    ▄████▀   ▄ ▄█▀████▄
  ▄████▀   ▄███▀   ▀████▄
▄████▀   ▄███▀   ▄   ▀████▄
█████   ███▀   ▄███   █████
▀████▄   ▀██▄▄███▀   ▄████▀
  ▀████▄   ▀███▀   ▄████▀
    ▀████▄       ▄████▀
      ▀████▄   ▄████▀
        ▀███  ████▀
          ▀█▄███▀
unthy
cr1776
Legendary
*
Online Online

Activity: 1680


View Profile
September 04, 2016, 12:21:33 AM
 #3

I think he's talking about code in net.cpp

What do you mean by "pchMessageBytes"? I can't find that anywhere (grepped the entire source).

There is nothing in the protocol that makes a node deliberately disconnect from and refuse to connect to a node that uses an old version number. Nodes will instead just not send the new message types.

Also, there are no unique bytes that must be kept secret in any of the messages.
barrysty1e
Hero Member
*****
Offline Offline

Activity: 550



View Profile WWW
September 04, 2016, 12:23:39 AM
 #4

Its quite a standard component of every Bitcoin-clone out there (https://github.com/search?q=pchMessageStart&type=Code).

Its 4 bytes that are broadcast in each P2P frame; basically makes sure that only the same type client/peers talk.

mooncoin developer 2DaMooNeT5PDPxwupTFiKoS7KZsFrsWJwd
mine MOON at http://moonrush.org
achow101
Moderator
Legendary
*
Offline Offline

Activity: 1190


17kKQppUsngUiByDsce4JXoZEjjpvX9bpR


View Profile WWW
September 04, 2016, 12:27:53 AM
 #5

Its quite a standard component of every Bitcoin-clone out there (https://github.com/search?q=pchMessageStart&type=Code).

Its 4 bytes that are broadcast in each P2P frame; basically makes sure that only the same type client/peers talk.
Ahh, you mean the magic bytes which identify the network it uses.

The easiest way to see what the magic bytes are is to just connect to the node. The first 4 bytes that they send are the magic bytes. The messages of every altcoin based on Bitcoin are basically the same format, so it should be fairly trivial to get the magic bytes as they are the first four bytes of every message.


          ▄█████▄
        ▄█████████▄
      ▄████▀   ▀████▄
    ▄████▀   ▄ ▄█▀████▄
  ▄████▀   ▄███▀   ▀████▄
▄████▀   ▄███▀   ▄   ▀████▄
█████   ███▀   ▄███   █████
▀████▄   ▀██▄▄███▀   ▄████▀
  ▀████▄   ▀███▀   ▄████▀
    ▀████▄       ▄████▀
      ▀████▄   ▄████▀
        ▀███  ████▀
          ▀█▄███▀
.
|
.
|
          ▄█████▄
        ▄█████████▄
      ▄████▀   ▀████▄
    ▄████▀   ▄ ▄█▀████▄
  ▄████▀   ▄███▀   ▀████▄
▄████▀   ▄███▀   ▄   ▀████▄
█████   ███▀   ▄███   █████
▀████▄   ▀██▄▄███▀   ▄████▀
  ▀████▄   ▀███▀   ▄████▀
    ▀████▄       ▄████▀
      ▀████▄   ▄████▀
        ▀███  ████▀
          ▀█▄███▀
unthy
cr1776
Legendary
*
Online Online

Activity: 1680


View Profile
September 04, 2016, 12:31:11 AM
 #6

Its quite a standard component of every Bitcoin-clone out there (https://github.com/search?q=pchMessageStart&type=Code).

Its 4 bytes that are broadcast in each P2P frame; basically makes sure that only the same type client/peers talk.

Knight was looking for "pchMessageBytes" as you'd asked about, not "pchMessageStart" and pch messages are all over net.cpp

It is a magic number used to identify the network. E.g. So alt-coins and other software that forks Bitcoin (e.g., think name coin or twister as examples) don't confuse block chains.

So you are querying another server to see what alt/fork they are and want to see the magic bytes they are using to determine that.

Edit: look here
https://en.bitcoin.it/wiki/Protocol_documentation#Message_structure
barrysty1e
Hero Member
*****
Offline Offline

Activity: 550



View Profile WWW
September 04, 2016, 12:35:45 AM
 #7

Its quite a standard component of every Bitcoin-clone out there (https://github.com/search?q=pchMessageStart&type=Code).

Its 4 bytes that are broadcast in each P2P frame; basically makes sure that only the same type client/peers talk.
Ahh, you mean the magic bytes which identify the network it uses.

The easiest way to see what the magic bytes are is to just connect to the node. The first 4 bytes that they send are the magic bytes. The messages of every altcoin based on Bitcoin are basically the same format, so it should be fairly trivial to get the magic bytes as they are the first four bytes of every message.

Please read, and understand my first post.
A node does not broadcast these bytes; unless another node (running identical netcode) sends these same bytes (and version info) first.
If i connect to an altcoin node on its P2P port, it will sit there and say nothing until a timeout occurs.



just found a random bitcoin node, hit it using telnet/raw (on 8333)... connects, and sits there, til timeout.
does anyone know how to get a given node to voluntarily spit out its pchMessageBytes?

Quote
Knight was looking for "pchMessageBytes" as you'd asked about, not "pchMessageStart" and pch messages are all over net.cpp

pchMessageStart[0] = 0xf8;
pchMessageStart[1] = 0xb5;
pchMessageStart[2] = 0x03;
pchMessageStart[3] = 0xdf;

yes; a seasoned programmer would instantly know what i'm referring to. bytes, four of them.

mooncoin developer 2DaMooNeT5PDPxwupTFiKoS7KZsFrsWJwd
mine MOON at http://moonrush.org
achow101
Moderator
Legendary
*
Offline Offline

Activity: 1190


17kKQppUsngUiByDsce4JXoZEjjpvX9bpR


View Profile WWW
September 04, 2016, 01:05:15 AM
 #8

Please read, and understand my first post.
A node does not broadcast these bytes; unless another node (running identical netcode) sends these same bytes (and version info) first.
If i connect to an altcoin node on its P2P port, it will sit there and say nothing until a timeout occurs.

<img snip>

just found a random bitcoin node, hit it using telnet/raw (on 8333)... connects, and sits there, til timeout.
does anyone know how to get a given node to voluntarily spit out its pchMessageBytes?
Looking at the code, it seems that no there is no way to force a response from the node. If it receives the wrong magic bytes, it will not respond.

Quote
Knight was looking for "pchMessageBytes" as you'd asked about, not "pchMessageStart" and pch messages are all over net.cpp

pchMessageStart[0] = 0xf8;
pchMessageStart[1] = 0xb5;
pchMessageStart[2] = 0x03;
pchMessageStart[3] = 0xdf;

yes; a seasoned programmer would instantly know what i'm referring to. bytes, four of them.
How does a seasoned programmer (or anyone) know that pchMessageStart means pchMessageBytes? They mean two different things. pchMessageStart means the start of the message. pchMessageBytes means the bytes of the message, including the start.

          ▄█████▄
        ▄█████████▄
      ▄████▀   ▀████▄
    ▄████▀   ▄ ▄█▀████▄
  ▄████▀   ▄███▀   ▀████▄
▄████▀   ▄███▀   ▄   ▀████▄
█████   ███▀   ▄███   █████
▀████▄   ▀██▄▄███▀   ▄████▀
  ▀████▄   ▀███▀   ▄████▀
    ▀████▄       ▄████▀
      ▀████▄   ▄████▀
        ▀███  ████▀
          ▀█▄███▀
.
|
.
|
          ▄█████▄
        ▄█████████▄
      ▄████▀   ▀████▄
    ▄████▀   ▄ ▄█▀████▄
  ▄████▀   ▄███▀   ▀████▄
▄████▀   ▄███▀   ▄   ▀████▄
█████   ███▀   ▄███   █████
▀████▄   ▀██▄▄███▀   ▄████▀
  ▀████▄   ▀███▀   ▄████▀
    ▀████▄       ▄████▀
      ▀████▄   ▄████▀
        ▀███  ████▀
          ▀█▄███▀
unthy
barrysty1e
Hero Member
*****
Offline Offline

Activity: 550



View Profile WWW
September 04, 2016, 01:15:06 AM
 #9

Quote
How does a seasoned programmer (or anyone) know that pchMessageStart means pchMessageBytes? They mean two different things. pchMessageStart means the start of the message. pchMessageBytes means the bytes of the message, including the start.

pchMessageStart[] is the name of the array the bytes are held in.
pchMessage's Bytes or as you prefer 'Magic numbers' are a relatively standard concept of making sure crosstalk doesnt happen between any type of standalone node (Paging Channel Host); this occurs across all other types of networks.

When a host is advertising itself to another host; does it advertise its pchMessageBytes or pchMessageStart(s)? C'mon guys.

Anyway, enough of being an arsehole.
If you want to have a mess around with how the peers talk, checkout https://github.com/sebicas/bitcoin-sniffer.

I've found that some implementations do 'talk' with incorrect pchMessageBytes.. however, some get flatout ignored if the PROTOCOL_VERSION is too low.

Still after a definitive answer, anyone?

mooncoin developer 2DaMooNeT5PDPxwupTFiKoS7KZsFrsWJwd
mine MOON at http://moonrush.org
achow101
Moderator
Legendary
*
Offline Offline

Activity: 1190


17kKQppUsngUiByDsce4JXoZEjjpvX9bpR


View Profile WWW
September 04, 2016, 01:26:13 AM
 #10

Quote
How does a seasoned programmer (or anyone) know that pchMessageStart means pchMessageBytes? They mean two different things. pchMessageStart means the start of the message. pchMessageBytes means the bytes of the message, including the start.

pchMessageStart[] is the name of the array the bytes are held in.
pchMessage's Bytes or as you prefer 'Magic numbers' are a relatively standard concept of making sure crosstalk doesnt happen between any type of standalone node (Paging Channel Host); this occurs across all other types of networks.

When a host is advertising itself to another host; does it advertise its pchMessageBytes or pchMessageStart(s)? C'mon guys.

Anyway, enough of being an arsehole.
If you want to have a mess around with how the peers talk, checkout https://github.com/sebicas/bitcoin-sniffer.

I've found that some implementations do 'talk' with incorrect pchMessageBytes.. however, some get flatout ignored if the PROTOCOL_VERSION is too low.

Still after a definitive answer, anyone?
Well since you are capable of understanding code and are a "seasoned programmer" why don't you take a look at the code yourself and see what you can find? I gave you a link to the method which processes the message above.

I think you have a few options here. You can guess what the bytes are by virtue of the port number. Most coins use unique port numbers and you can then search through various altcoin source codes to find the ones that use the same port and then test their respective magic bytes. Or you can somehow get a node to connect to you.

          ▄█████▄
        ▄█████████▄
      ▄████▀   ▀████▄
    ▄████▀   ▄ ▄█▀████▄
  ▄████▀   ▄███▀   ▀████▄
▄████▀   ▄███▀   ▄   ▀████▄
█████   ███▀   ▄███   █████
▀████▄   ▀██▄▄███▀   ▄████▀
  ▀████▄   ▀███▀   ▄████▀
    ▀████▄       ▄████▀
      ▀████▄   ▄████▀
        ▀███  ████▀
          ▀█▄███▀
.
|
.
|
          ▄█████▄
        ▄█████████▄
      ▄████▀   ▀████▄
    ▄████▀   ▄ ▄█▀████▄
  ▄████▀   ▄███▀   ▀████▄
▄████▀   ▄███▀   ▄   ▀████▄
█████   ███▀   ▄███   █████
▀████▄   ▀██▄▄███▀   ▄████▀
  ▀████▄   ▀███▀   ▄████▀
    ▀████▄       ▄████▀
      ▀████▄   ▄████▀
        ▀███  ████▀
          ▀█▄███▀
unthy
barrysty1e
Hero Member
*****
Offline Offline

Activity: 550



View Profile WWW
September 04, 2016, 06:37:34 AM
 #11

Quote
How does a seasoned programmer (or anyone) know that pchMessageStart means pchMessageBytes? They mean two different things. pchMessageStart means the start of the message. pchMessageBytes means the bytes of the message, including the start.

pchMessageStart[] is the name of the array the bytes are held in.
pchMessage's Bytes or as you prefer 'Magic numbers' are a relatively standard concept of making sure crosstalk doesnt happen between any type of standalone node (Paging Channel Host); this occurs across all other types of networks.

When a host is advertising itself to another host; does it advertise its pchMessageBytes or pchMessageStart(s)? C'mon guys.

Anyway, enough of being an arsehole.
If you want to have a mess around with how the peers talk, checkout https://github.com/sebicas/bitcoin-sniffer.

I've found that some implementations do 'talk' with incorrect pchMessageBytes.. however, some get flatout ignored if the PROTOCOL_VERSION is too low.

Still after a definitive answer, anyone?
Well since you are capable of understanding code and are a "seasoned programmer" why don't you take a look at the code yourself and see what you can find? I gave you a link to the method which processes the message above.

I think you have a few options here. You can guess what the bytes are by virtue of the port number. Most coins use unique port numbers and you can then search through various altcoin source codes to find the ones that use the same port and then test their respective magic bytes. Or you can somehow get a node to connect to you.

seem to have missed the point of the post fella.
i'll repost and try again.

mooncoin developer 2DaMooNeT5PDPxwupTFiKoS7KZsFrsWJwd
mine MOON at http://moonrush.org
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!