docs: Add blockchain writeups

Author: sbencoding

blockchain/navigating_the_unknown/README.md

@@ -0,0 +1,49 @@
+# Navigating the unkown (very easy)
+In this challenge we need to call a function on the blockchain.
+
+The readme of this challenge tells us that the goal is for the `isSolved()` function to return true.
+The setup function tells us how that can be achieved.
+```solidity
+pragma solidity ^0.8.18;
+
+import {Unknown} from "./Unknown.sol";
+
+contract Setup {
+ Unknown public immutable TARGET;
+
+ constructor() {
+ TARGET = new Unknown();
+ }
+
+ function isSolved() public view returns (bool) {
+ return TARGET.updated();
+ }
+}
+```
+
+We just need to make sure that the `update` variable in the other contract is true.
+
+```solidity
+pragma solidity ^0.8.18;
+
+contract Unknown {
+ 
+ bool public updated;
+
+ function updateSensors(uint256 version) external {
+ if (version == 10) {
+ updated = true;
+ }
+ }
+
+}
+```
+
+Here we see that to make the `updated` variable true, we need to call the `updateSensors` function the blockchain.
+
+The `solve.py` script will do precisely this.
+
+Calling functions requires the ABI of the contract. For this I have used an online IDE called *remix* where I placed the contract source code.
+Then I compiled the code and clicked on the ABI button to copy it to my clipboard
+
+After that we can use the other endpoint the challenge gives us when spawning the docker intsance and send option 3 to get the flag.

blockchain/navigating_the_unknown/solve.py

@@ -0,0 +1,73 @@
+from web3 import Web3
+
+abi = '''[
+{
+"inputs": [
+{
+"internalType": "uint256",
+"name": "version",
+"type": "uint256"
+}
+],
+"name": "updateSensors",
+"outputs": [],
+"stateMutability": "nonpayable",
+"type": "function"
+},
+{
+"inputs": [],
+"name": "updated",
+"outputs": [
+{
+"internalType": "bool",
+"name": "",
+"type": "bool"
+}
+],
+"stateMutability": "view",
+"type": "function"
+}
+]'''
+
+abi2 = '''[
+{
+"inputs": [],
+"stateMutability": "nonpayable",
+"type": "constructor"
+},
+{
+"inputs": [],
+"name": "TARGET",
+"outputs": [
+{
+"internalType": "contract Unknown",
+"name": "",
+"type": "address"
+}
+],
+"stateMutability": "view",
+"type": "function"
+},
+{
+"inputs": [],
+"name": "isSolved",
+"outputs": [
+{
+"internalType": "bool",
+"name": "",
+"type": "bool"
+}
+],
+"stateMutability": "view",
+"type": "function"
+}
+]'''
+
+w3 = Web3(Web3.HTTPProvider('http://159.65.81.51:30417'))
+contract = w3.eth.contract(address='0xA08Ec9a121550BF1BE3860F673DfE42b913EBd32', abi=abi)
+setup = w3.eth.contract(address='0x74b7aA986c1F3A72c1D10E46e600b1F5B385C47B', abi=abi2)
+# OK!! I just needed to use transact() for this function
+# HTB{9P5_50FtW4R3_UPd4t3D}
+print(contract.functions.updateSensors(10).transact())
+print(setup.functions.isSolved().call())
+print(contract.functions.updated().call())

blockchain/shooting_101/README.md

@@ -0,0 +1,69 @@
+# Shooting 101 (very easy)
+In this challenge we need to call some special functions on the contract.
+
+Let's take a look at the target contract:
+
+```solidity
+pragma solidity ^0.8.18;
+
+contract ShootingArea {
+ bool public firstShot;
+ bool public secondShot;
+ bool public thirdShot;
+
+ modifier firstTarget() {
+ require(!firstShot && !secondShot && !thirdShot);
+ _;
+ }
+
+ modifier secondTarget() {
+ require(firstShot && !secondShot && !thirdShot);
+ _;
+ }
+
+ modifier thirdTarget() {
+ require(firstShot && secondShot && !thirdShot);
+ _;
+ }
+
+ receive() external payable secondTarget {
+ secondShot = true;
+ }
+
+ fallback() external payable firstTarget {
+ firstShot = true;
+ }
+
+ function third() public thirdTarget {
+ thirdShot = true;
+ }
+}
+```
+
+The `Setup.sol` just contains the `isSolved()` function like the first challenge, however now it checks all three bolleans of the target contract whether they are true.
+
+We can also see that there are some `modifiers` that are applied to the functions.
+This ensures the order in which they are called is first, second, then third.
+
+The first target is the `fallback` method.
+
+I saw that this is different from the other functions we had before, so I went to look for some information on `receive` and `fallback` and have found this [article](https://blog.soliditylang.org/2020/03/26/fallback-receive-split/).
+
+Here it says, that:
+> receive() external payable — for empty calldata (and any value)
+> fallback() external payable — when no other function matches (not even the receive function). Optionally payable.
+
+Both of these functions are triggered when sending just a transaction to the contract, and not directly calling any functions on it.
+
+The `receive` function is used when empty call data is received, and the `fallback` function is used when no other function on the contract matches.
+
+So to trigger `fallback` first, let's send a transaction, but with a non-empty data field.
+
+Next the second target is the `receive` function, let's send a transaction with empty data field.
+
+And finally the `third` is just a function like in the previous challange, we can just call it in the same way.
+
+`solve.py` performs these steps, although I couldn't make it work with a single invocation of the script.
+For each of the step the script is executed once and then I just commented the steps that were already done.
+
+Sending 3 to the other endpoint that is not the RPC we get the flag.

blockchain/shooting_101/solve.py

@@ -0,0 +1,108 @@
+from web3 import Web3
+
+abi = '''[
+{
+"stateMutability": "payable",
+"type": "fallback"
+},
+{
+"inputs": [],
+"name": "firstShot",
+"outputs": [
+{
+"internalType": "bool",
+"name": "",
+"type": "bool"
+}
+],
+"stateMutability": "view",
+"type": "function"
+},
+{
+"inputs": [],
+"name": "secondShot",
+"outputs": [
+{
+"internalType": "bool",
+"name": "",
+"type": "bool"
+}
+],
+"stateMutability": "view",
+"type": "function"
+},
+{
+"inputs": [],
+"name": "third",
+"outputs": [],
+"stateMutability": "nonpayable",
+"type": "function"
+},
+{
+"inputs": [],
+"name": "thirdShot",
+"outputs": [
+{
+"internalType": "bool",
+"name": "",
+"type": "bool"
+}
+],
+"stateMutability": "view",
+"type": "function"
+},
+{
+"stateMutability": "payable",
+"type": "receive"
+}
+]'''
+
+abi2 = '''[
+{
+"inputs": [],
+"stateMutability": "nonpayable",
+"type": "constructor"
+},
+{
+"inputs": [],
+"name": "TARGET",
+"outputs": [
+{
+"internalType": "contract ShootingArea",
+"name": "",
+"type": "address"
+}
+],
+"stateMutability": "view",
+"type": "function"
+},
+{
+"inputs": [],
+"name": "isSolved",
+"outputs": [
+{
+"internalType": "bool",
+"name": "",
+"type": "bool"
+}
+],
+"stateMutability": "view",
+"type": "function"
+}
+]'''
+
+w3 = Web3(Web3.HTTPProvider('http://159.65.62.241:31005'))
+contract = w3.eth.contract(address='0xDdA00938E6a998781681E182599e6f6dCFA89808', abi=abi)
+setup = w3.eth.contract(address='0x5341F586E1e3858203b8e65060eFFeCdc64E049F', abi=abi2)
+# Step 1:
+# w3.eth.send_transaction({'to': '0xDdA00938E6a998781681E182599e6f6dCFA89808', 'from': '0xC98533e5811dA2dcE3b233d4E00E150DdE9773d4', 'data': "0x61455567"})
+
+# Step 2:
+# w3.eth.send_transaction({'to': '0xDdA00938E6a998781681E182599e6f6dCFA89808', 'from': '0xC98533e5811dA2dcE3b233d4E00E150DdE9773d4'})
+
+# Step 3:
+contract.functions.third().transact()
+print('1', contract.functions.firstShot().call())
+print('2', contract.functions.secondShot().call())
+print('3', contract.functions.thirdShot().call())
+print(dir(contract.functions))