Bitcoin Forum
November 20, 2017, 04:26:08 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Blockchain scripting contest  (Read 2186 times)
rb1205
Hero Member
*****
Offline Offline

Activity: 797



View Profile
March 27, 2014, 01:32:48 PM
 #1

This blockchain scripting contest is a way to raise awareness about the possibilities and powers of the scripting mechanism integrated in the Bitcoin protocol.

Every trial will be about a non-standard transaction output (scriptPubKey) broadcast by me and funded with a given amount. Objective of the trial is to find an appropriate script (scriptSig) that will succesfully resolve the stacked scripts, as requested by the bitcoin protocol. The amount in the tx output is the award of the trial and can be claimed at will.

The difficulty of the trials will increase in each step.

Recommended Toolchain to build and broadcast a custom transaction:

Documentation: Transactions, Raw Transactions API, Scripts and OPcodes reference.

Have fun!

PS: Any amount sent to the address 1JHCn9wLLXHc4yfo968FrT259Um2hzeUpy will be used to fund the next trials.


First Stage: Claimed! Winner unknown https://bitcointalk.org/index.php?topic=534734.msg5913898#msg5913898, solution
Second Stage: Claimed! Winner is Frisco https://bitcointalk.org/index.php?topic=538423.msg5931091#msg5931091, solution


Thread recreated from here, as this sub seems more appropriate

1511195168
Hero Member
*
Offline Offline

Posts: 1511195168

View Profile Personal Message (Offline)

Ignore
1511195168
Reply with quote  #2

1511195168
Report to moderator
1511195168
Hero Member
*
Offline Offline

Posts: 1511195168

View Profile Personal Message (Offline)

Ignore
1511195168
Reply with quote  #2

1511195168
Report to moderator
1511195168
Hero Member
*
Offline Offline

Posts: 1511195168

View Profile Personal Message (Offline)

Ignore
1511195168
Reply with quote  #2

1511195168
Report to moderator
Join ICO Now A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511195168
Hero Member
*
Offline Offline

Posts: 1511195168

View Profile Personal Message (Offline)

Ignore
1511195168
Reply with quote  #2

1511195168
Report to moderator
rb1205
Hero Member
*****
Offline Offline

Activity: 797



View Profile
March 27, 2014, 01:33:17 PM
 #2

reserved

rb1205
Hero Member
*****
Offline Offline

Activity: 797



View Profile
March 27, 2014, 01:33:24 PM
 #3

1st stage

Funding transaction/output: ab149362ea4e119d2bc5211b35083c23ec41842af6bbc2ff3c5f1e55941199cc, n=0

Claimable amount: 5 mBTC (remember to reserve at least 0.1mBTC for transaction fees)

scriptPubKey to solve:

Code:
OP_2DUP OP_ADD OP_8 OP_EQUALVERIFY OP_SUB OP_2 OP_EQUAL

Difficulty level: easy

State: Anonymously claimed. link

Solution: https://bitcointalk.org/index.php?topic=534734.msg5919405#msg5919405

rb1205
Hero Member
*****
Offline Offline

Activity: 797



View Profile
March 27, 2014, 01:34:39 PM
 #4

2nd stage

Funding transaction/output: 948aeca2003bf0bdc4f0dc7d61615d05010da8bca744dd9cfa12fb57e2540a2d, n=0

Claimable amount: 5 mBTC (remember to reserve at least 0.1mBTC for transaction fees or your transaction won't be confirmed!)

scriptPubKey to solve:

Code:
OP_DEPTH OP_1 OP_NUMEQUAL OP_IF 6e616d65206f66206e616b616b616d6f746f OP_DROP
OP_RIPEMD160 OP_RIPEMD160 9c864b8bb110c05cb9c77381ad5d6868f0fd9f9f OP_EQUAL
OP_ELSE OP_DUP OP_HASH160 897b934876ff50bfebe218e30382d7eaa6559a12
OP_EQUALVERIFY OP_CHECKSIG OP_ENDIF

Difficulty level: medium

State: Claimed by frisco after about 2 hours link

Solution: https://bitcointalk.org/index.php?topic=538423.msg5938343#msg5938343

norbertVC
Newbie
*
Offline Offline

Activity: 26


View Profile
March 27, 2014, 02:08:49 PM
 #5

I don't get it :/
Looked for every command in the wiki and played interpreter but the network rejects my input.
rb1205
Hero Member
*****
Offline Offline

Activity: 797



View Profile
March 27, 2014, 02:18:02 PM
 #6

The first step is to understand what the script does, not trying to brute force the solution  Grin

frisco
Full Member
***
Offline Offline

Activity: 176


View Profile
March 27, 2014, 02:27:21 PM
 #7

The first step is understanding what the script does, not trying to brute force the solution  Grin


Umm not sure how did you encoded de solution but the hint has a typo, maybe intended
And nice to have a failsafe this time.

1obSpGygRiuss93u8X36Ex6GYmycgTacZ just in case you feel it
norbertVC
Newbie
*
Offline Offline

Activity: 26


View Profile
March 27, 2014, 02:32:20 PM
 #8

I try to, maybe you can help me with that.
Lets go through the scriptPubKey:
Code:
OP_DEPTH OP_1 OP_NUMEQUAL OP_IF 6e616d65206f66206e616b616b616d6f746f OP_DROP
OP_RIPEMD160 OP_RIPEMD160 9c864b8bb110c05cb9c77381ad5d6868f0fd9f9f OP_EQUAL
OP_ELSE OP_DUP OP_HASH160 897b934876ff50bfebe218e30382d7eaa6559a12
OP_EQUALVERIFY OP_CHECKSIG OP_ENDIF

OP_DEPTH returns the amount of items on the stack.
I called it 'x':
OP_1 pushes 1 on the stack, so the stack currently looks like this:
Code:
x, 1

Now OP_NUMEQUAL checks if the first two items are equal and pushes 1 on the stack if the are equal and 0 if they are not.
So they stack can  be now:
Code:
1, 1, 1
or:
Code:
x, 1, 0

The OP_IF executes the statement if the first stack item ist not 0 else the OP_ELSE statement gets executed.
And the OP_IF removes the input so our stack is now:
Code:
1, 1
or:
Code:
x, 1
Lets go way 1:
In the scriptPubKey they next "word" is 6e616d65206f66206e616b616b616d6f746f but I don't know what to do with that. Seems to be a hash..
OP_DROP removes they first item from the stack, so our stack is now:
Code:
1
OP_RIPEMD160 OP_RIPEMD160 hashes the input twice - so our only stack item "1" gets hashes twice and gets checked for equal..

That is what I've got until now - please teach me and explain me what are the hashes in the scriptPubKey.
frisco
Full Member
***
Offline Offline

Activity: 176


View Profile
March 27, 2014, 02:37:52 PM
 #9

OP_NUMEQUAL removes the checked elements from the stack so it leaves you with
Code:
<scriptsig> X
where X is 1 if scriptSig length is equal to 1 and 0 otherwise.

1obSpGygRiuss93u8X36Ex6GYmycgTacZ just in case you feel it
rb1205
Hero Member
*****
Offline Offline

Activity: 797



View Profile
March 27, 2014, 02:40:44 PM
 #10

Umm not sure how did you encoded de solution but the hint has a typo, maybe intended
And nice to have a failsafe this time.

Yep, I noticed the typo. I just re-checked the solution, and it's fine. the encoding? Why do you think I put there an hint?  Wink

@norbertVC

2 errors in your analysis: one is that, as pointed out by frisco, OP_NUMEQUAL removes the checked items. The other one is that OP_DROP is for that 6e616d... number, not for the 1 which doesn't even exist.

frisco
Full Member
***
Offline Offline

Activity: 176


View Profile
March 27, 2014, 02:51:50 PM
 #11

Well I give up I can not find the correct thing to hash, any variation I can think of (even hexed and/or sha-256ed) matches the expected output and I need to continue working.

I will check the answer when you make it public.


1obSpGygRiuss93u8X36Ex6GYmycgTacZ just in case you feel it
rb1205
Hero Member
*****
Offline Offline

Activity: 797



View Profile
March 27, 2014, 03:02:23 PM
 #12

There's only one way to correctly perform a double hash. You must keep in mind that what you get from an hash of a string is just binary data, usually in the form of an hexadecimal number.

Hint: use this service http://www.fileformat.info/tool/hash.htm

frisco
Full Member
***
Offline Offline

Activity: 176


View Profile
March 27, 2014, 03:19:28 PM
 #13

There's only one way to correctly perform a double hash. You must keep in mind that what you get from an hash of a string is just binary data, usually in the form of an hexadecimal number.

Hint: use this service http://www.fileformat.info/tool/hash.htm

Nice catch I was reencoding the hex ripemd-160, I have sent a trx and seems that eligius accepted it

1obSpGygRiuss93u8X36Ex6GYmycgTacZ just in case you feel it
rb1205
Hero Member
*****
Offline Offline

Activity: 797



View Profile
March 27, 2014, 03:28:28 PM
 #14

Looks like we have a winner!  Smiley

frisco
Full Member
***
Offline Offline

Activity: 176


View Profile
March 27, 2014, 03:43:17 PM
 #15

I don't see any spoiler tag so just don't decode this if you want to find the solution on your own.

Code:
01000000012d0a54e257fb12fa9cdd44a7bca80d01055d61617ddcf0c4bdf03b00a2ec8a940000000008077361746f736869ffffffff01107a0700000000001976a91408cfe336b6d6a0907fd729479dd48065b859b56a88ac00000000

EDIT:
This time the transaction worked: https://blockchain.info/tx/734b82d72c7bcd862aabc4cdc3d8f192a40291e29a9331012b82a19c71562b04

1obSpGygRiuss93u8X36Ex6GYmycgTacZ just in case you feel it
rb1205
Hero Member
*****
Offline Offline

Activity: 797



View Profile
March 27, 2014, 09:08:35 PM
 #16

Solution for the 2nd stage

Please read the solution for the 1st stage if you haven't already

As before, the first thing to do is to understand what the scriptPubKey requires in order to be reclaimed. Let's see it:

Code:
OP_DEPTH OP_1 OP_NUMEQUAL OP_IF 6e616d65206f66206e616b616b616d6f746f OP_DROP
OP_RIPEMD160 OP_RIPEMD160 9c864b8bb110c05cb9c77381ad5d6868f0fd9f9f OP_EQUAL
OP_ELSE OP_DUP OP_HASH160 897b934876ff50bfebe218e30382d7eaa6559a12
OP_EQUALVERIFY OP_CHECKSIG OP_ENDIF

So, the first thing it does is OP_DEPTH, that returns the number of entries in the stack and put it in the stack itself. that plus OP_1 and OP_NUMEQUAL make a test that returns true if the scriptSig (which get executed before) yelds a single value, false otherwise. The If....Else...End if block after tell us that this scriptPubKey can work in 2 different ways: the second one is a standard pay-to-address transaction script, which gets executed when the scriptSig gives the two variables needed by a signature verification: sig and pubkey. As the address associated with this method is the same used to fund the contest, it's safe to assume that the private key isn't pubblicly available, so this method isn't the one we'll use. Let's focus on the other verification subscript:

Code:
6e616d65206f66206e616b616b616d6f746f OP_DROP
OP_RIPEMD160 OP_RIPEMD160 9c864b8bb110c05cb9c77381ad5d6868f0fd9f9f OP_EQUAL

So this script starts with some data that gets pushed in the stack over the one provided by the scriptSig, only to be dropped right after by that OP_DROP. After that, the scriptSig gets hashed two times by RIPEMD160 and compared with a given hash. So, this script is asking for some data that, when double hashed with RIPEMD160, gives 9c864b8bb110c05cb9c77381ad5d6868f0fd9f9f. Now, back to the 6e616d... discarded data: why would someone add and drop random data to a transaction? Couldn't be that the hint we need to solve this? Why yes! I guess that anybody who ever worked with string and hexadecimal representation immediately noticed that all those bytes are in the 0x60-0x7A range, which are the a-z charaters in the ASCII table. By decoding it you get "name of nakakamoto". No, that "kaka" is just a typo of mine, no hidden messages. As we all know, the obvious solution to this riddle is "satoshi". To test this, we just have to hash that string two times with RIPEMD160 and check the hash. Be careful! Do not simply hash the string, then copy/paste the resulting hash and rehash it the same way, because you'd be doing an hash of the string representation, and not the hash of the actual binary data. To do this you need a tool that makes a difference between string and hexadecimal input data, like this one. Hashing first time gives this, and the second time gives this. Notice that the second RIPEMD160 hash is the same as in the scriptPubKey.

Now, since we know how to create a transaction with a custom scriptSig from the previous stage, the rest is trivial. Just build a transaction that spends the output ab149362ea4e119d2bc5211b35083c23ec41842af6bbc2ff3c5f1e55941199cc n=0 , and as scriptSig you just have to put the hexadecimal ASCII representation of the string "satoshi" which is "7361746f736869".

This script shows that it's possibile to have a txout reedemed by one out of different methods, leaving the claiming user the freedom to choose which one to use. It's even possibile to set up the script so that it automatically knows which method to use for the verification, basing on the format of the scriptSig.

HeRetiK
Hero Member
*****
Online Online

Activity: 560


the forkings will continue until morale improves


View Profile
March 28, 2014, 09:59:46 AM
 #17

Fun idea, I just threw a few mBTC into the pot for the next round. I hope you keep this up, I must admit I wasn't fully aware of how Blockchain scripting works until now. Looking forward to see the next stage.

rb1205
Hero Member
*****
Offline Offline

Activity: 797



View Profile
March 28, 2014, 11:01:54 AM
 #18

I plan to make another one or two rounds next week. I'll set them up in the upcoming weekend!

telepatheic
Jr. Member
*
Offline Offline

Activity: 56

Get off the web. Go do something in meatspace!


View Profile
April 05, 2014, 10:05:52 AM
 #19

Will there be another contest? I'm looking forward to another challenge.
kadoban
Newbie
*
Offline Offline

Activity: 16


View Profile WWW
April 10, 2014, 04:48:13 PM
 #20

I've been working on a Bitcoin Script debugger in my free time, which might be quite useful for these if they continue.

As a teaser, here's the output when I fed it the answer to Stage 2 above:
Script Debugger Preview

It can parse scripts as strings or as hexadecimal bytes.  As you can see if you look at the URL, I just pasted in the script string with very minor changes (my syntax for pushing hexadecimal numbers is different).

I've disabled any other input URLs for the moment (this one exact script in the only one it will debug), because this isn't really ready for primetime yet, but I thought you folks might be interested anyway.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!