general/hacker-challenge
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add Welcome to the DeTEE Hacker Challenge!

Valentyn Faychuk 2024-12-14 22:36:31 +00:00
commit 3760403812
1 changed files with 59 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
Welcome-to-the-DeTEE-Hacker-Challenge%21.md Normal file

@ -0,0 +1,59 @@
### Prerequisites
For running the Hacker Challenge you need a VM with Intel processor that supports SGX1/2, check [supported processors](https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions-processors.html). You may also rent a VM, see [RedSwitches](redswitches.com) or [Hetzner](hetzner.com). Public IP is not mandatory to participate.
Make sure you enabled SGX in BIOS. Just do `cpuid | grep -i sgx` to see if SGX is enabled.
Make sure you also have kernel above v5.11 to get a built-in SGX DCAP driver.
### Quick Start
Hacker challenge works as a cluster that anybody can join.
To join a cluster you need to run the DeTEE Hacker Challenge node (for simplicity we call it dthc):
```bash
docker run --device /dev/sgx/enclave --device /dev/sgx/provision --env INIT_NODES="172.17.0.10 172.17.0.12" -v /tmp/dthc:/challenge/main -p 80:31372 -p 31373:31373 -d --name dthc detee/hacker-challenge:latest
```
Note.
- devices are mandatory to give node the access to the SGX driver
- `INIT_NODES` are current nodes (we update them) so that your node can download Solana keys from cluster
- in the /tmp/dthc you will find the file where the node writes Solana keys, it's called `TRY_TO_HACK_THIS`
- port 31373 is needed if you have a public IP and want other nodes to connect to you
- port 80 is the web interface of your node, it has `/nodes`, `/metrics` and `/mint <address>` endpoints
After your node has started, feel free to start exploring logs in `docker logs <hash>` and /tmp/dthc/logs
### How it all works?
This node is part of the DeTEE hacker-challenge, a decentralized wallet that mints the HCT Token.
The private key of the mint authority was generated within the network. The challenge is easy:
Hack the network to get the private key, and all the SOL is yours. We also offer other rewards, including:
- a unique NFT
- token rewards at after release of the DeTEE token
- a seat on the Advisory Board of DeTEE
- possible employment at DeTEE
The mint address of the token is: TOKEN_ADDRESS
The mint authority is: MINT_AUTHORITY
In order to mint, the mint authority will need some SOL. Before sending SOL, take into consideration that
DeTEE REPRESENTATIVES DON'T KNOW HOW TO GET THE SOL OUT OF THE NETWORK!
You can make following requests:
/nodes <- information about nodes and counters of network activity
/mint (address) <- mint HCT tokens to the address; the wallet needs sol for this operation
If you were able to get the SOL out of the wallet, please contact us at https://detee.ltd
The code of the challenge can be found at https://gitea.detee.cloud/SGX/hacker-challenge-sgx
### More about the network
Each node in the network runs inside an enclave. The enclave is a program that operates in a trusted execution environment (TEE). Memory of programs within the enclave can not be inspected from outside the enclave. Programs within the enclave have access to sources of entropy that cannot be predicted from outside. Programs can also access reproducible secrets that they can use to seal[^1] persistent data. Each enclave has a certain set of measurements, consisting of all the data required for the program to run (instructions, configuration, etc.). A running program can generate a quote that can be used to verify the measurements and legitimacy of the hardware it's running on.
Assuming there are no vulnerabilities in any of the mentioned hardware features, and our node implementation has none either, it should be practically impossible to steal the SOL from the network wallet because:
- wallet key is generated with the enclave's source of entropy
- nobody can inspect the memory that contains the key
- nodes verify the quote of each peer and refuse connections if quote measurements don't match their own
- node seals[^1] all persistent data saved to disk with the enclave's key
[^1]: uses symmetric encryption to encrypt some data before exposing it to untrusted environment to later recover the data by decrypting