general/docs-legacy
Archived
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

hacker challenge cleanup

Browse Source
This commit is contained in:
Valentyn Faychuk 2025-01-13 17:14:35 +02:00
parent cbdbbd9aa6
commit d0d8757f43
Signed by: valy
GPG Key ID: F1AB995E20FEADC5
8 changed files with 59 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
book.toml
View File

@ -3,7 +3,7 @@ authors = ["Valentyn Faychuk"]
language = "en" language = "en"
multilingual = false multilingual = false
src = "src" src = "src"
title = "DeTEE Public Documentation" title = "DeTEE Documentation"
[output.html] [output.html]
smart-punctuation = true smart-punctuation = true

18
src/README.md
View File

@ -2,22 +2,28 @@
--- ---
Welcome to the DeTEE's documentation. DeTEE is a decentralized confidential cloud. It is designed to make deploying Confidential VMs and Containers quick and easy, with the ability to scale up to the complex setups. Welcome to the DeTEE's documentation. DeTEE is a decentralized confidential cloud.
It is designed to make deploying Confidential VMs and Containers quick and easy,
with the ability to scale up to the complex setups.
Get started with [Installation](./todo.md) and then get an overview with the [Quickstart](./todo.md).\ Get started with [Installation](./todo.md) and then get an overview with the
There is also a [Hacker Challenge](./hacker_challenge/README.md) if you want to try breaking DeTEE for a reward!\ [Quickstart](./todo.md).\
DeTEE depends on the [Occlum](https://occlum.readthedocs.io) library for working with Intel SGX, and the [Rust sev crate](https://crates.io/crates/sev) for working with AMD SEV. There is also a [Hacker Challenge](./hacker_challenge/README.md) if you want to
try breaking DeTEE for a reward!\
DeTEE depends on the [Occlum](https://occlum.readthedocs.io) library for working
with Intel SGX, and the [Rust sev crate](https://crates.io/crates/sev) for working
with AMD SEV.
</br> </br>
--- ---
The documentation is under active development.\ The documentation is under active development.\
If you see any issue, feel free to contact <valy@detee.ltd>. If you see any issue, feel free to contact <support@detee.ltd>.
- [x] Prepare the first version of docs - [x] Prepare the first version of docs
- [x] Add Hacker Challenge - [x] Add Hacker Challenge
- [x] Add docs Autodeploy - [x] Add docs Autodeploy
- [x] Add contributors
- [ ] Add installation steps - [ ] Add installation steps
- [ ] Add contributors
- [ ] Add license - [ ] Add license
- [ ] ... - [ ] ...

7
src/hacker_challenge/README.md
View File

@ -2,9 +2,10 @@
--- ---
Hack the wallet 2yKf...Yxpb to unlock the DeTEE prize! Wallet keys are Hack the wallet `2znBcwcGnJ7Yo9XtNKZtzpKcdoFwc6rLLaSjosDW6k9N` to unlock the
secured inside every node of the Hacker Challenge cluster, which anybody DeTEE prize! Wallet keys are secured inside every node of the Hacker Challenge
can join! No rules - hack the node, seize the keys, win the prize! cluster, which anybody can join! No rules - hack the node, seize the keys, win
the prize!
### The main rules of the hacker challenge: ### The main rules of the hacker challenge:
- Don't ever send to the hacker challenge wallet what you don't want to lose - Don't ever send to the hacker challenge wallet what you don't want to lose

24
src/hacker_challenge/hacking.md
View File

@ -1,22 +1,24 @@
# How it all works? # How it all works?
This node is part of the DeTEE hacker-challenge, a decentralized wallet that mints the HCT Token. The node that you can run is part of the DeTEE hacker-challenge, in other words a
The private key of the mint authority was generated within the network. The challenge is easy: decentralized wallet that mints the DTHC Token. The private key of the mint authority
Hack the network to get the private key, and all the SOL is yours. We also offer other rewards, including: was generated within the network. The challenge is easy: Hack the network to get the
private key, and all the SOL is yours. We also offer other rewards, including:
- a unique NFT - a unique NFT
- token rewards at after release of the DeTEE token - token rewards at after release of the DeTEE token
- a seat on the Advisory Board of DeTEE - a seat on the Advisory Board of DeTEE
- possible employment at DeTEE - possible employment at DeTEE
The mint address of the token is: TOKEN_ADDRESS The mint address of the token is: `GgzbpwLzFPaNUT2KVBy63XWaWy6uD9JELL9bpbAaJ9aa`\
The mint authority is: MINT_AUTHORITY The mint authority is: `2znBcwcGnJ7Yo9XtNKZtzpKcdoFwc6rLLaSjosDW6k9N`
In order to mint, the mint authority will need some SOL. Before sending SOL, take into consideration that In order to mint, the mint authority will need some SOL. Before sending SOL, take
DeTEE REPRESENTATIVES DON'T KNOW HOW TO GET THE SOL OUT OF THE NETWORK! into consideration that DeTEE REPRESENTATIVES DON'T KNOW HOW TO GET THE SOL OUT OF
THE NETWORK!
You can make following requests: You can make following requests:
- `/nodes ` <= information about nodes and counters of network activity - `/nodes` <= information about hacker challenge nodes and activity
- `/mint?address=<address>` <= mint HCT tokens to the address; the wallet needs SOL for this operation - `/mint?address=<address>` <= mints 1 DTHC to a given address
If you were able to get the SOL out of the wallet, please contact <valy@detee.ltd>, <gheo@detee.ltd> If you were able to get the SOL out of the wallet, please contact <support@detee.ltd>.\
The code of the challenge can be found at https://gitea.detee.cloud/general/hacker-challenge The code of the challenge can be found at <https://gitea.detee.cloud/general/hacker-challenge>

1
src/hacker_challenge/how_it_works.md
View File

@ -1 +0,0 @@
# How it works?

19
src/hacker_challenge/network.md
View File

@ -1,11 +1,22 @@
# More about the network # More about the network
Each node in the network runs inside an enclave. The enclave is a program that operates in a trusted execution environment (TEE). Memory of programs within the enclave can not be inspected from outside the enclave. Programs within the enclave have access to sources of entropy that cannot be predicted from outside. Programs can also access reproducible secrets that they can use to seal[^1] persistent data. Each enclave has a certain set of measurements, consisting of all the data required for the program to run (instructions, configuration, etc.). A running program can generate a quote that can be used to verify the measurements and legitimacy of the hardware it's running on. Each node in the network runs inside an enclave. The enclave is a program that operates
in a trusted execution environment (TEE). Memory of programs within the enclave can
not be inspected from outside the enclave. Programs within the enclave have access
to sources of entropy that cannot be predicted from outside. Programs can also access
reproducible secrets that they can use to seal[^1] persistent data. Each enclave has
a certain set of measurements, consisting of all the data required for the program to
run (instructions, configuration, etc.). A running program can generate a quote that
can be used to verify the measurements and legitimacy of the hardware it's running on.
Assuming there are no vulnerabilities in any of the mentioned hardware features, and our node implementation has none either, it should be practically impossible to steal the SOL from the network wallet because: Assuming there are no vulnerabilities in any of the mentioned hardware features, and
our node implementation has none either, it should be practically impossible to steal
the SOL from the network wallet because:
- wallet key is generated with the enclave's source of entropy - wallet key is generated with the enclave's source of entropy
- nobody can inspect the memory that contains the key - nobody can inspect the memory that contains the key
- nodes verify the quote of each peer and refuse connections if quote measurements don't match their own - nodes verify the quote of each peer and refuse connections if quote measurements
don't match their own
- node seals[^1] all persistent data saved to disk with the enclave's key - node seals[^1] all persistent data saved to disk with the enclave's key
[^1]: uses symmetric encryption to encrypt some data before exposing it to untrusted environment to later recover the data by decrypting [^1]: uses symmetric encryption to encrypt some data before exposing it to untrusted
environment to later recover the data by decrypting.

11
src/hacker_challenge/prerequisites.md
View File

@ -1,10 +1,13 @@
# Prerequisites # Prerequisites
For running the Hacker Challenge you need a VM with Intel processor that supports SGX1/2, check [supported processors](https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions-processors.html). You may also rent a VM, see [RedSwitches](redswitches.com) or [Hetzner](hetzner.com). Public IP is not mandatory to participate. For running the Hacker Challenge you need a VM with Intel processor that supports
SGX1/2, check [supported processors](https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions-processors.html).
You may also rent a VM, see [RedSwitches](redswitches.com) or [Hetzner](hetzner.com).
Public IP is not mandatory to participate.
Make sure you enabled SGX in BIOS. Just do `cpuid | grep -i sgx` to see if SGX is enabled. Make sure you enabled SGX in BIOS. Just do `cpuid | grep -i sgx` to see if SGX is enabled.\
Make sure you also have kernel above v5.13 to get a built-in SGX DCAP driver. Make sure you also have kernel above v5.13 to get a built-in SGX DCAP driver.\
Final step is to add the symlinks for the sgx devices. Final step is to add the symlinks for the sgx devices:
```bash ```bash
sudo mkdir -p /dev/sgx sudo mkdir -p /dev/sgx

12
src/hacker_challenge/quick_start.md
View File

@ -1,17 +1,19 @@
# Quick Start # Quick Start
Hacker challenge works as a cluster that anybody can join. Before proceeding, make sure you have met the [prerequisites](./prerequisites.md).\
To join a cluster you need to run the DeTEE Hacker Challenge node (for simplicity we call it dthc): Hacker challenge works as a cluster that anybody can join. To join a cluster you need
to run the DeTEE Hacker Challenge node (for simplicity we call it dthc):
```bash ```bash
docker run --device /dev/sgx/enclave --device /dev/sgx/provision --env INIT_NODES="212.95.45.139 46.165.199.12 184.107.183.210" -v /tmp/dthc:/challenge/main -p 80:31372 -p 31373:31373 -d --name dthc detee/hacker-challenge:latest docker run --device /dev/sgx/enclave --device /dev/sgx/provision --env INIT_NODES="212.95.45.139 46.165.199.12 184.107.183.210" -v /tmp/dthc:/challenge/main -p 80:31372 -p 31373:31373 -d --name dthc detee/hacker-challenge:latest
``` ```
Note. Note.
- devices are mandatory to give node the access to the SGX driver - the devices are mandatory to give node the access to the SGX driver
- `INIT_NODES` are current nodes (we update them) so that your node can download Solana keys from cluster - `INIT_NODES` are current nodes so that your node can interact with the cluster,
we keep them up to date
- in the /tmp/dthc you will find the file where the node writes Solana keys, it's called `TRY_TO_HACK_THIS` - in the /tmp/dthc you will find the file where the node writes Solana keys, it's called `TRY_TO_HACK_THIS`
- port 31373 is needed if you have a public IP and want other nodes to connect to you - port 31373 is needed if you have a public IP and want other nodes to connect to you
- port 80 is the web interface of your node, it has `/nodes`, `/metrics` and `/mint <address>` endpoints - port 80 is the web interface of your node, it has `/nodes`, `/metrics` and `/mint?address=...` endpoints
After your node has started, feel free to start exploring logs in `docker logs <hash>` and /tmp/dthc/logs After your node has started, feel free to start exploring logs in `docker logs <hash>` and /tmp/dthc/logs