Table of Contents
Prerequisites
For running the Hacker Challenge you need a VM with Intel processor that supports SGX1/2, check supported processors. You may also rent a VM, see RedSwitches or Hetzner. Public IP is not mandatory to participate.
Make sure you enabled SGX in BIOS. Just do cpuid | grep -i sgx to see if SGX is enabled.
Make sure you also have kernel above v5.13 to get a built-in SGX DCAP driver.
Final step is to add the symlinks for the sgx devices.
sudo mkdir -p /dev/sgx
sudo ln -sf ../sgx_enclave /dev/sgx/enclave
sudo ln -sf ../sgx_provision /dev/sgx/provision
Quick Start
Hacker challenge works as a cluster that anybody can join. To join a cluster you need to run the DeTEE Hacker Challenge node (for simplicity we call it dthc):
docker run --device /dev/sgx/enclave --device /dev/sgx/provision --env INIT_NODES="212.95.45.139 46.165.199.12 184.107.183.210" -v /tmp/dthc:/challenge/main -p 80:31372 -p 31373:31373 -d --name dthc detee/hacker-challenge:latest
Note.
- devices are mandatory to give node the access to the SGX driver
INIT_NODESare current nodes (we update them) so that your node can download Solana keys from cluster- in the /tmp/dthc you will find the file where the node writes Solana keys, it's called
TRY_TO_HACK_THIS - port 31373 is needed if you have a public IP and want other nodes to connect to you
- port 80 is the web interface of your node, it has
/nodes,/metricsand/mint <address>endpoints
After your node has started, feel free to start exploring logs in docker logs <hash> and /tmp/dthc/logs
How it all works?
This node is part of the DeTEE hacker-challenge, a decentralized wallet that mints the HCT Token. The private key of the mint authority was generated within the network. The challenge is easy: Hack the network to get the private key, and all the SOL is yours. We also offer other rewards, including:
- a unique NFT
- token rewards at after release of the DeTEE token
- a seat on the Advisory Board of DeTEE
- possible employment at DeTEE
The mint address of the token is: TOKEN_ADDRESS The mint authority is: MINT_AUTHORITY
In order to mint, the mint authority will need some SOL. Before sending SOL, take into consideration that DeTEE REPRESENTATIVES DON'T KNOW HOW TO GET THE SOL OUT OF THE NETWORK!
You can make following requests: /nodes <- information about nodes and counters of network activity /mint (address) <- mint HCT tokens to the address; the wallet needs sol for this operation
If you were able to get the SOL out of the wallet, please contact us at https://detee.ltd The code of the challenge can be found at https://gitea.detee.cloud/SGX/hacker-challenge-sgx
More about the network
Each node in the network runs inside an enclave. The enclave is a program that operates in a trusted execution environment (TEE). Memory of programs within the enclave can not be inspected from outside the enclave. Programs within the enclave have access to sources of entropy that cannot be predicted from outside. Programs can also access reproducible secrets that they can use to seal1 persistent data. Each enclave has a certain set of measurements, consisting of all the data required for the program to run (instructions, configuration, etc.). A running program can generate a quote that can be used to verify the measurements and legitimacy of the hardware it's running on.
Assuming there are no vulnerabilities in any of the mentioned hardware features, and our node implementation has none either, it should be practically impossible to steal the SOL from the network wallet because:
- wallet key is generated with the enclave's source of entropy
- nobody can inspect the memory that contains the key
- nodes verify the quote of each peer and refuse connections if quote measurements don't match their own
- node seals1 all persistent data saved to disk with the enclave's key
-
uses symmetric encryption to encrypt some data before exposing it to untrusted environment to later recover the data by decrypting ↩︎