general/docs-legacy
Archived
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

hacker challenge update

Browse Source
This commit is contained in:
Valentyn Faychuk 2025-02-02 22:15:13 +02:00
parent 95fb313018
commit 475247a0a6
Signed by: valy
GPG Key ID: F1AB995E20FEADC5
11 changed files with 84 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/README.md
View File

@ -1,4 +1,4 @@
# <img class="left" src="img/logo.svg" alt="DeTEE logo">&nbsp;&nbsp;DeTEE
# <img class="left" src="img/logo.svg" alt="DeTEE Logo">&nbsp;&nbsp;DeTEE
---

2
src/SUMMARY.md
View File

@ -37,8 +37,8 @@
- [Prerequisites](./hacker_challenge/prerequisites.md)
- [Quick Start](./hacker_challenge/quick_start.md)
- [Hacking](./hacker_challenge/hacking.md)
- [Network](./hacker_challenge/network.md)
- [Architecture](./hacker_challenge/architecture.md)
- [For Beginners](./hacker_challenge/simple_participation.md)
- [Issues](./hacker_challenge/known_issues.md)
---

35
src/hacker_challenge/architecture.md
View File

@ -1,7 +1,32 @@
# Hacker Challenge Architecture
# Architecture
Hacker Challenge is a decentralized network of nodes, though the decentralized
algorithms are simplified as you will see from the code, since every node in
the cluster is inherently trusted.
Hacker Challenge is a decentralized network of nodes. Each node in the network runs inside an enclave[^1]. Memory pages
of programs within the enclave are encrypted outside the enclave. Programs within the enclave have access to sources of
entropy that are also protected from outside interventions. Enclaves also have exclusive access to their unique secrets
that they usually use to seal[^2] data on disk. Each enclave in the cluster must have the same measurements[^3], since
it runs the same version of the code and configuration. A running program can generate a quote that can be used to
verify the measurements and legitimacy of the hardware it's running on. Decentralized algorithms are simplified as you
will see from the code, since every node in the cluster is inherently trusted.
The nodes validate each other through [RATLS](../security/ratls.md)
Assuming there are no vulnerabilities in any of the mentioned hardware features, and
our node implementation has none either, it should be practically impossible to steal
the SOL from the network wallet because:
- wallet key is created inside the enclave[^1] using a trusted source of entropy
- memory pages of the node that keep the wallet are encrypted to the outside world
- node seals[^2] it's own current progress and the Solana wallet keys on the disk
- nodes verify if measurements[^3] of each other match through [RATLS](../security/ratls.md)
Hence when the new node joins the network, it connects to 3 peers using the RATLS handshake. The peers exchange their
measurements and verify them. If the measurements are not in the whitelist, the peer will reject the connection. When
the node is successfully connected, it receives the Solana wallet keypair and is able to mint the DTHC token.
<p align="center"> <img src="../img/dthc_cluster.jpg" alt="Hacker Challenge Cluster" width="45%"/> </p>
> [^1]: The enclave is a program that operates in a trusted execution environment (TEE)
>
> [^2]: Sealing is a technique that the enclave uses to symmetrically encrypt and decrypt disk data to hide it from host
>
> [^3]: Enclave measurements are strings that uniquely identify the enclave and its configuration, like hash of the
> enclave's binary, configuration, the signer public key, its version and product id
<script type="text/javascript" id="hcb" src="/js/comments.js"></script><div id="HCB_comment_box"></div><link rel="stylesheet" type="text/css" href="/css/comments.css"/>

8
src/hacker_challenge/hacking.md
View File

@ -4,10 +4,10 @@ The node that you can run is part of the DeTEE hacker-challenge, in other words
decentralized wallet that mints the DTHC Token. The private key of the mint authority
was generated within the network. The challenge is easy: Hack the network to get the
private key, and all the SOL is yours. We also offer other rewards, including:
- a unique NFT
- token rewards at after release of the DeTEE token
- the wallet itself
- [DeTEE Loyalty Points](../cloud/airdrops.md)
- a seat on the Advisory Board of DeTEE
- possible employment at DeTEE
The mint address of the token is: `A6HtJwfUbRiPoqVBQY611avQS4byHP4BZXHHBCMD4eFp`\
The mint authority is: `AVV4yXTCbTYdJjzM5BniSchFby3mMeJ9JLAGFNubXm8h`
@ -23,4 +23,4 @@ You can make following requests:
If you were able to get the SOL out of the wallet, please contact <support@detee.ltd>.\
The code of the challenge can be found at <https://gitea.detee.cloud/general/hacker-challenge>
<script type="text/javascript" id="hcb" src="/js/comments.js"></script><div id="HCB_comment_box"></div><link rel="stylesheet" type="text/css" href="/css/comments.css"/>
<script type="text/javascript" id="hcb" src="/js/comments.js"></script><div id="HCB_comment_box"></div><link rel="stylesheet" type="text/css" href="/css/comments.css"/>

24
src/hacker_challenge/network.md
View File

@ -1,24 +0,0 @@
# More about the network
Each node in the network runs inside an enclave. The enclave is a program that operates
in a trusted execution environment (TEE). Memory of programs within the enclave can
not be inspected from outside the enclave. Programs within the enclave have access
to sources of entropy that cannot be predicted from outside. Programs can also access
reproducible secrets that they can use to seal[^1] persistent data. Each enclave has
a certain set of measurements, consisting of all the data required for the program to
run (instructions, configuration, etc.). A running program can generate a quote that
can be used to verify the measurements and legitimacy of the hardware it's running on.
Assuming there are no vulnerabilities in any of the mentioned hardware features, and
our node implementation has none either, it should be practically impossible to steal
the SOL from the network wallet because:
- wallet key is generated with the enclave's source of entropy
- nobody can inspect the memory that contains the key
- nodes verify the quote of each peer and refuse connections if quote measurements
don't match their own
- node seals[^1] all persistent data saved to disk with the enclave's key
[^1]: uses symmetric encryption to encrypt some data before exposing it to untrusted
environment to later recover the data by decrypting.
<script type="text/javascript" id="hcb" src="/js/comments.js"></script><div id="HCB_comment_box"></div><link rel="stylesheet" type="text/css" href="/css/comments.css"/>

8
src/hacker_challenge/prerequisites.md
View File

@ -1,10 +1,14 @@
# Prerequisites
> You need have a Server with Intel [processor that supports
<div class="warning">
You need have a Server with Intel [processor that supports
SGX](https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions-processors.html) or rent a VM, for options see [RedSwitches](redswitches.com) or [Hetzner](hetzner.com).
You may also have the compliant processor in your laptop or desktop, [check here](https://www.intel.com/content/www/us/en/ark/featurefilter.html?productType=873&2_SoftwareGuardExtensions=Yes%20with%20Intel%C2%AE%20ME).
> Public IP is not required to participate.
Public IP is not required to participate.
</div>
Make sure you enabled SGX in BIOS. You can check if SGX is enabled from the terminal:

37
src/hacker_challenge/quick_start.md
View File

@ -1,21 +1,32 @@
# Quick Start
Before proceeding, make sure you have met the [prerequisites](./prerequisites.md).\
Hacker challenge works as a cluster that anybody can join. To join a cluster you need
to run the DeTEE Hacker Challenge node (for simplicity we call it dthc):
<div class="warning">
Before proceeding, make sure you followed [Prerequisites](./prerequisites.md).\
Also you need to carefully read the [End User Lincense Agreement](https://detee.ltd/hacker-challenge-eula).
</div>
Hacker challenge works as a cluster that anybody can join. To join a cluster, all you
need is to run the DeTEE Hacker Challenge Node (sometimes we also call it **DTHC**).\
DTHC is a docker image that you can start using:
```bash
docker run --device /dev/sgx/enclave --device /dev/sgx/provision --env INIT_NODES="212.95.45.139 46.165.199.12 184.107.183.210" -v /tmp/dthc:/challenge/main -p 80:31372 -p 31373:31373 -d --name dthc detee/hacker-challenge:latest
docker run --device /dev/sgx/enclave --device /dev/sgx/provision \
-v /tmp/dthc:/challenge/main -p 80:31372 -p 31373:31373 -d \
--env INIT_NODES="212.95.45.139 46.165.199.12 184.107.183.210" \
--name dthc detee/hacker-challenge:latest
```
Note.
- the devices are mandatory to give node the access to the SGX driver
- `INIT_NODES` are current nodes so that your node can interact with the cluster,
we keep them up to date
- in the /tmp/dthc you will find the file where the node writes Solana keys, it's called `TRY_TO_HACK_THIS`
- port 31373 is needed if you have a public IP and want other nodes to connect to you
- port 80 is the web interface of your node, it has `/nodes`, `/metrics` and `/mint?address=...` endpoints
After your node has started, feel free to start exploring logs:
```bash
docker logs -f dthc
```
After your node has started, feel free to start exploring logs in `docker logs <hash>`
> - docker devices give node the access to the SGX functionality
> - `INIT_NODES` are real IP addresses of currently running nodes that host the key
> - in the `/tmp/dthc` you will find the files with node metrics and Solana keys
> - if your IP is public, expose port 31373 so that other nodes can connect to you
> - use the node as `http://localhost:80/mint?address=...` to mint DTHC tokens
<script type="text/javascript" id="hcb" src="/js/comments.js"></script><div id="HCB_comment_box"></div><link rel="stylesheet" type="text/css" href="/css/comments.css"/>
<script type="text/javascript" id="hcb" src="/js/comments.js"></script><div id="HCB_comment_box"></div><link rel="stylesheet" type="text/css" href="/css/comments.css"/>

16
src/hacker_challenge/simple_participation.md Normal file
View File

@ -0,0 +1,16 @@
## Not sure where to start?
The easiest way to participate in the Hacker Challenge Competition is to review our
work. **You don't need to have a server or attack the wallet.**
If you love **Rust** programming language, just open
the [Hacker Challenge repo](https://gitea.detee.cloud/general/hacker-challenge) and give us your review. You will get
additional [DeTEE Loyalty Points](../cloud/airdrops.md) for that! Make sure to check
the [Airdrops](../cloud/airdrops.md) page to maximize your Loyalty Points. One such way is to share about the challenge
or your review on social media that can give you even more Loyalty Points.
> Loyalty Points are used to get a discount on DeTEE services and to use the testnet.
> You will be able to redeem them later for real rewards.

BIN
src/img/dthc_cluster.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 230 KiB

2
src/security/ratls.md
View File

@ -11,7 +11,7 @@ using the Intel SGX SDK and contain the MRENCLAVE, MRSIGNER, PRODID, SVN of the
Two modes exist for the RATLS.
![RATLS Modes](../img/mratls_hratls.jpg)
<p align="center"> <img src="../img/mratls_hratls.jpg" alt="RATLS Modes" width="75%"/> </p>
## mRATLS

2
src/security/sealing.md
View File

@ -43,6 +43,6 @@ process is simplified in the `detee-sgx` it works best for small files so we
recommend when sealing a lot of data to use the native tools, present for your
database or software and instead sealing only the encryption key.
![Database key sealing](../img/database_key_sealing.jpg)
<p align="center"> <img src="../img/database_key_sealing.jpg" alt="Database key sealing" width="65%"/> </p>
<script type="text/javascript" id="hcb" src="/js/comments.js"></script><div id="HCB_comment_box"></div><link rel="stylesheet" type="text/css" href="/css/comments.css"/>