Cybersecurity Notes
MathematicsCryptography
  • Cybersecurity Notes
  • Binary Exploitation
    • Stack
      • Introduction
      • ret2win
      • De Bruijn Sequences
      • Shellcode
      • NOPs
      • 32- vs 64-bit
      • No eXecute
      • Return-Oriented Programming
        • Calling Conventions
        • Gadgets
        • Exploiting Calling Conventions
        • ret2libc
        • Stack Alignment
      • Format String Bug
      • Stack Canaries
      • PIE
        • Pwntools, PIE and ROP
        • PIE Bypass with Given Leak
        • PIE Bypass
      • ASLR
        • ASLR Bypass with Given Leak
        • PLT and GOT
        • ret2plt ASLR bypass
      • GOT Overwrite
        • Exploiting a GOT overwrite
      • RELRO
      • Reliable Shellcode
        • ROP and Shellcode
        • Using RSP
        • ret2reg
          • Using ret2reg
      • One Gadgets and Malloc Hook
      • Syscalls
        • Exploitation with Syscalls
        • Sigreturn-Oriented Programming (SROP)
          • Using SROP
      • ret2dlresolve
        • Exploitation
      • ret2csu
        • Exploitation
        • CSU Hardening
      • Exploiting over Sockets
        • Exploit
        • Socat
      • Forking Processes
      • Stack Pivoting
        • Exploitation
          • pop rsp
          • leave
    • Heap
      • Introduction to the Heap
      • Chunks
      • Freeing Chunks and the Bins
        • Operations of the Fastbin
        • Operations of the Other Bins
      • Malloc State
      • malloc_consolidate()
      • Heap Overflow
        • heap0
        • heap1
      • Use-After-Free
      • Double-Free
        • Double-Free Protections
        • Double-Free Exploit
      • Unlink Exploit
      • The Tcache
        • Tcache: calloc()
        • Tcache Poisoning
      • Tcache Keys
      • Safe Linking
    • Kernel
      • Introduction
      • Writing a Char Module
        • An Interactive Char Driver
        • Interactivity with IOCTL
      • A Basic Kernel Interaction Challenge
      • Compiling, Customising and booting the Kernel
      • Double-Fetch
        • Double-Fetch without Sleep
      • The Ultimate Aim of Kernel Exploitation - Process Credentials
      • Kernel ROP - ret2usr
      • Debugging a Kernel Module
      • SMEP
        • Kernel ROP - Disabling SMEP
        • Kernel ROP - Privilege Escalation in Kernel Space
      • SMAP
      • modprobe_path
      • KASLR
      • KPTI
    • Browser Exploitation
      • *CTF 2019 - oob-v8
        • The Challenge
      • picoCTF 2021 - Kit Engine
      • picoCTF 2021 - Download Horsepower
  • Reverse Engineering
    • Strings in C++
    • C++ Decompilation Tricks
    • Reverse Engineering ARM
  • Blockchain
    • An Introduction to Blockchain
  • Smart Contracts and Solidity
  • Hosting a Testnet and Deploying a Contract
  • Interacting with Python
  • Writeups
    • Hack The Box
      • Linux Machines
        • Easy
          • Traceback
        • Medium
          • Magic
          • UpDown
        • Hard
          • Intense
      • Challenges
        • Web
          • Looking Glass
          • Sanitize
          • Baby Auth
          • Baby Website Rick
        • Pwn
          • Dream Diary: Chapter 1
            • Unlink Exploit
            • Chunk Overlap
          • Ropme
    • picoGym
      • Cryptography
        • Mod 26
        • Mind Your Ps and Qs
        • Easy Peasy
        • The Numbers
        • New Caesar
        • Mini RSA
        • Dachshund Attacks
        • No Padding, No Problem
        • Easy1
        • 13
        • Caesar
        • Pixelated
        • Basic-Mod1
        • Basic-Mod2
        • Credstuff
        • morse-code
        • rail-fence
        • Substitution0
        • Substitution1
        • Substitution2
        • Transposition-Trial
        • Vigenere
        • HideToSee
    • CTFs
      • Fword CTF 2020
        • Binary Exploitation
          • Molotov
        • Reversing
          • XO
      • X-MAS CTF 2020
        • Pwn
          • Do I Know You?
          • Naughty
        • Web
          • PHP Master
      • HTB CyberSanta 2021
        • Crypto
          • Common Mistake
          • Missing Reindeer
          • Xmas Spirit
          • Meet Me Halfway
  • Miscellaneous
    • pwntools
      • Introduction
      • Processes and Communication
      • Logging and Context
      • Packing
      • ELF
      • ROP
    • scanf Bypasses
    • Challenges in Containers
    • Using Z3
    • Cross-Compiling for arm32
Powered by GitBook
On this page
  • What is a Cryptocurrency
  • What is it worth?
  • Who uses cryptocurrencies?
  • What sucks about it?

Was this helpful?

Export as PDF
  1. Blockchain

An Introduction to Blockchain

Last updated 1 month ago

Was this helpful?

One category that's been popping up a lot more in recents CTFs is blockchain. This typically takes the form of something called ethereum Smart Contracts and their exploitation, generally on an ethereum testnet.

This section is going to provide you with an overview of cryptocurrencies, blockchain and their various uses. We will also introduce the concept of a Smart Contract, which is the main component of blockchain CTF challenges.

To warn you right now: I know very little about this field, and anything that you read here has a surprisingly decent chance of being incorrect. I am also learning! If you come across something that you know or think is incorrect, I recommend you get in touch with me, either via Twitter or Discord!

What is a Cryptocurrency

A cryptocurrency (often called "crypto" by people that don't understand it, though ) is a decentralised digital currency - it is not reliant on a central authority, such as a government or bank, in order to function. It relies on a technology called blockchain, which is a list of records (called blocks) that are "chained" together using cryptographic hashes to validate their integrity.

Among other things, they provide a higher level of anonymity due to their decentralised nature. While all transactions are in the open (making them not as anonymous as one would like to think), the only identifier in a transaction is a public key that identifies the location that the cryptocurrency was sent to and from.

There is a lot of sentiment around about cryptocurrencies, fuelled in no small part by the in recent years. You might know a fair bit about cryptocurrency, and not be a fan (I certainly am not). Luckily, this doesn't affect your ability to test its security!

I will say that the maths behind it and the technology itself is very cool. If you look into it more, you might find the same - a basic understanding of cryptocurrencies can really help, and is an outstanding starting point. It describes Bitcoin, but most cryptocurrencies work on similar principles.

What is it worth?

One overarching narrative among the cryptocurrency haters is that "they have no real worth" or "their worth is purely speculative" - that is, their worth can fluctuate wildly as their worth is not tied to real-world assets.

Of all arguments against cryptocurrency (and there are a lot of those), this one is not particularly strong. For comparison, what is the dollar pegged to? What about the pound? Both used to be tied to the , but this was abandoned by the former in 1971 and the latter as early as 1931 (there were various issues with these, such as the ). So what is their worth now? The worth of USD or GBP is nothing more than your belief that it is worth something, and the similar belief of all other people in society: its inherent value is non-existent. These currencies are called , and their worth is essentially backed by the reliability and stability of the governments that supply them, which is why the US dollar is the de facto international standard - the US is considered trustworthy.

The difference between cryptocurrencies and fiat currencies, therefore, is that the latter has simply been around for long enough to have a value, while the former has not. If adoption is high enough, specific cryptocurrencies may become equivalent to fiat currencies. In fact, Bitcoin has a of 21 million bitcoin in existence, providing it with an inherent scarcity that might make it even more suitable for a currency. Other cryptocurrencies, like Ethereum, have no hard cap.

Who uses cryptocurrencies?

The classic example of cryptocurrency users is scammers and criminals, due to the increased anonymity. However, a lot of money-related institutions also invest a lot in them (think hedge funds, traders, etc) - anything that doesn't really care for its purpose, but cares to make as much money as possible and has access to sufficient funds to make it happen.

What sucks about it?

Cryptocurrencies are also popular in developing countries with weak economies and high inflation, such as . The rationale behind this is that if the currency will depreciate so rapidly, exchaning it to a cryptocurrency will enable you to exchange it back and the value will - in theory - have roughly kept up with inflation (because cryptocurrencies are also traded with more stable currencies such as the dollar).

A lot! From massive to its , there's no shortage of reasons to dislike it. Unsurprisingly, anything with the potential to make or break your entire bank account is met with a decent level of scepticism.

I will never
proliferation of scams
this 3blue1brown video
worth of gold
undesirable consequence of rising gold production
fiat currencies
hard limit
Argentina
energy usage
cult-like followers