コード例 #1
0
def memory_search_user_alternative(user,public_key,timestamp,signature,Identifier,Identifier_public_key,Identifier_signature):
	final = "None"
	if request.remote_addr in Banlist:
		abort(403)
	testing_address = address.keyToAddr2(public_key,user)
	if testing_address != user:
		abort(403)
	if testing_address in Banlist:
		abort(403)
	message = user + ":" + timestamp
	prove_ownership = messages.verify_message(public_key,signature,message)
	if prove_ownership == False:
		abort(403)
	if time.time() - float(timestamp) < 10:
		try:
			con = sql.connect("info.db", check_same_thread=False)
			con.row_factory = sql.Row
			cur = con.cursor()
			cur.execute('SELECT * FROM fakeAccounts WHERE identifier=?', (user,))
			result = cur.fetchall()
			if len(result) == 1:
				EncryptionKey = result[0]["EncryptionKey"]
				Identifier = decrypt.decryptAES(EncryptionKey,str(Identifier))
				if Identifier == False:
					abort(403)
				Identifier_signature = decrypt.decryptAES(EncryptionKey,str(Identifier_signature))
				if Identifier_signature == False:
					abort(403)
				Identifier_public_key = decrypt.decryptAES(EncryptionKey,str(Identifier_public_key))
				if Identifier_public_key == False:
					abort(403)
				testing_address = address.keyToAddr(Identifier_public_key,Identifier)
				if testing_address != Identifier:
					abort(403)
				if testing_address in Banlist:
					abort(403)
				message = Identifier + ":" + timestamp
				prove_ownership = messages.verify_message(Identifier_public_key,Identifier_signature,message)
				if prove_ownership == False:
					abort(403)
				cur.execute('SELECT * FROM cache WHERE receiver=? AND operation!=? AND status!=? ORDER BY time LIMIT 1', (Identifier,"OSP","PASS"))
				result = cur.fetchall()
				if len(result) == 1:
					tx_hash_output = result[0]["tx_hash"]
					final = result[0]["data"]
					final = encrypt.encryptAES(EncryptionKey,final)
					cur.execute('DELETE FROM cache WHERE tx_hash=? AND receiver=? AND operation!=?', (tx_hash_output,Identifier,"OSP"))
					con.commit()
				return final
			else:
				abort(403)
		except:
			return "Something went wrong!"
		finally:
			try:
				con.close()
			except:
				pass
	
	return final
コード例 #2
0
def encryption_post(user,public_key,timestamp,signature):
	if request.remote_addr in Banlist:
		abort(403)
	if len(user) != 52:
		abort(403)
	testing_address = address.keyToAddr2(public_key,user)
	if testing_address != user:
		abort(403)
	if testing_address in Banlist:
		abort(403)
	message = user + ":" + timestamp
	prove_ownership = messages.verify_message(public_key, signature, message)
	if prove_ownership == False:
		abort(403)
	try:
		con = sql.connect("info.db", check_same_thread=False)
		con.text_factory = str
		con.row_factory = sql.Row
		cur = con.cursor()
		cur.execute('SELECT * FROM fake_account')
		result = cur.fetchall()
		fakeAccount = result[0]["fakeidentifier"]
		if fakeAccount == user:
			return "OK"
		cur.execute('SELECT * FROM fakeAccounts WHERE identifier=?', (user,))
		result = cur.fetchall()
		found = False
		if len(result) == 1:
			found = True
			time_generated = result[0]["time_generated"]
			if time.time() - float(time_generated) < 1750:
				abort(403)
		elif len(result) > 1:
			abort(403)
		if time.time() - float(timestamp) < 10:
			data = request.data
			data = decrypt.decryptfromPubKey(data)
			if data == False:
				abort(403)
			usersEncryptionKey = data
			if found == True:
				cur.execute('UPDATE fakeAccounts SET EncryptionKey=?, time_generated=? WHERE identifier=?', (usersEncryptionKey,str(int(time.time())),user))
				con.commit()
			else:
				cur.execute('INSERT INTO fakeAccounts (identifier,EncryptionKey,time_generated) VALUES (?,?,?)', (user,usersEncryptionKey,str(int(time.time()))))
				con.commit()
			return "OK"
	except:
		return "Something went wrong."
	finally:
		try:
			con.close()
		except:
			pass
コード例 #3
0
def check_payload(payload):
    details = payload.split(",")
    if len(details) == 10:
        operation = details[0]
        sender = details[1]
        if operation != "TREEPAY":
            return sender + "," + False
        receiver = details[2]
        additional3 = details[6]
        Address = address.keyToAddr(additional3, sender)
        if Address != sender:
            return sender + "," + False
        if len(sender) < 36 or len(receiver) < 36 or len(sender) > 50 or len(
                receiver) > 50:
            return sender + "," + False
        timestamp = str(int(float(details[3])))
        time_now = time.time()
        additional1 = details[4]
        additional2 = details[5]
        data = details[7]
        transaction_hash = details[8]
        final = operation + ":" + sender + ":" + receiver + ":" + str(
            timestamp
        ) + ":" + additional1 + ":" + additional2 + ":" + additional3 + ":" + data
        TX_hash = sha256(final.rstrip()).hexdigest()
        if TX_hash == transaction_hash:
            signature = details[-1]
            final = TX_hash
            prove_ownership = messages.verify_message(additional3, signature,
                                                      final)
            if prove_ownership == True:
                result = requests.get("http://127.0.0.1:10000/tx/" + TX_hash)
                result = result.content
                if result == "False":
                    requests.post("http://127.0.0.1:10000/tx/new",
                                  data=transaction_hash)
                    return receiver + "," + "True"
                else:
                    return sender + "," + "Received"
            else:
                return sender + "," + False
        else:
            return sender + "," + False
    else:
        return sender + "," + False
コード例 #4
0
def importprivkey():
    private_key_hex = raw_input("Enter private key in hex format: ")
    public_key_hex, Address = address.details_from_private(private_key_hex)
    signature = messages.sign_message(private_key_hex, "test")
    prove_ownership = messages.verify_message(public_key_hex,
                                              signature.encode("hex"), "test")
    if prove_ownership == True:
        try:
            cur.execute(
                'INSERT INTO accounts (identifier,private_key_hex,public_key_hex) VALUES (?,?,?)',
                (Address, private_key_hex, public_key_hex))
            con.commit()
            print "[+] Account " + Address + " added"
        except Exception as e:
            print e
        con.close()
    else:
        print "This private key does not prove ownership of " + Address
コード例 #5
0
def check_payload(payload):
	details = payload.split(",")
	if len(details) == 10:
		operation = details[0]
		sender = details[1]
		receiver = details[2]
                additional3 = details[6]
                Address = address.keyToAddr(additional3,sender)
                if Address != sender:
			return sender + "," + False
		if len(sender) < 36 or len(receiver) < 36 or len(sender) > 50 or len(receiver) > 50:
			return sender + "," + False
		try:
			timestamp = str(int(float(details[3])))
		except:
			return "False,False"
		time_now = time.time()
		if time_now - float(timestamp) > 420:
			return "False,False"
		additional1 = details[4]
		additional2 = details[5]
		data = details[7]
		transaction_hash = details[8]
		final = operation + ":" + sender + ":" + receiver + ":" + str(timestamp) + ":" + additional1 + ":" + additional2 + ":" + additional3 + ":" + data
		TX_hash = sha256(final.rstrip()).hexdigest()
		if TX_hash == transaction_hash:
			signature = details[-1]
			final = TX_hash
			prove_ownership = messages.verify_message(additional3, signature, final)
			if prove_ownership == True:
				return "True,"+data
			else:
				return "False,False"
		else:
			return "False,False"
	else:
		return "False,False"
コード例 #6
0
def importfake():
    private_key_hex = raw_input("Enter private key in hex format: ")
    public_key_hex, Address = address.details_from_private_fake(
        private_key_hex)
    signature = messages.sign_message(private_key_hex, "test")
    prove_ownership = messages.verify_message(public_key_hex,
                                              signature.encode("hex"), "test")
    if prove_ownership == True:
        cur.execute('SELECT * FROM fake_account')
        result = cur.fetchall()
        if len(result) == 0:
            try:
                cur.execute(
                    'INSERT INTO fake_account (fakeidentifier,fake_private_key_hex,fake_public_key_hex) VALUES (?,?,?)',
                    (Address, private_key_hex, public_key_hex))
                con.commit()
                print "[+] Account " + Address + " added"
            except Exception as e:
                print e
        else:
            print "Another fake account already exists. Exiting.."
        con.close()
    else:
        print "This private key does not prove ownership of " + Address
コード例 #7
0
def check_payload(payload):
	details = payload.split(",")
	if len(details) == 10:
		operation = details[0]
		sender = details[1]
		sender = sender.split("|")
		senders_count = len(sender)
		receiver = details[2]
		receiver = receiver.split("|")
		receivers_count = len(receiver)
                additional3 = details[6]
		additional3 = additional3.split("|")
		pkeys_count = len(additional3)
		if senders_count == receivers_count:
			if receivers_count == pkeys_count:
				if pkeys_count > 10:
					return "Just" + "," + "pass"
				if pkeys_count > 1 and operation == "OSP":
					return "Just" + "," + "pass"
				for Sender in sender:
					Address = ""
					for Additional3 in additional3:
						Address = address.keyToAddr(Additional3,Sender)
						if Address == Sender:
							break
					if Address != Sender:
						return "Just" + "," + "pass"
					if len(Sender) < 36 or len(Sender) > 50:
						return "Just" + "," + "pass"
				if len(sender) == 1:
					sender = sender[0]
				else:
					sender = '|'.join(sender)
				if len(additional3) == 1:
					additional3 = additional3[0]
				else:
					additional3 = '|'.join(additional3)
				for Receiver in receiver:
					if len(Receiver) < 36 or len(Receiver) > 50:
						return "Just" + "," + "pass"
				if len(receiver) == 1:
					receiver = receiver[0]
				else:
					receiver = '|'.join(receiver)
			else:
				return "Just" + "," + "pass"
		else:
			return "Just" + "," + "pass"
		timestamp = str(int(float(details[3])))
		time_now = time.time()
		additional1 = details[4]
		additional2 = details[5]
		data = details[7]
		transaction_hash = details[8]
		final = operation + ":" + sender + ":" + receiver + ":" + str(timestamp) + ":" + additional1 + ":" + additional2 + ":" + additional3 + ":" + data
		TX_hash = sha256(final.rstrip()).hexdigest()
		if TX_hash == transaction_hash:
			signature = details[-1]
			final = TX_hash
			if pkeys_count == 1:
				prove_ownership = messages.verify_message(additional3, signature, final)
			else:
				prove_ownership = True
			if prove_ownership == True:
				result = requests.get("http://127.0.0.1:12995/tx/"+TX_hash)
				result = result.content
				if result == "False":
					requests.post("http://127.0.0.1:12995/tx/new", data=transaction_hash+","+timestamp)
					return sender + "," + "True"
				else:
					return sender + "," + "Received"
			else:
				return sender + "," + False
		else:
			return sender + "," + False
	else:
		return sender + "," + False
コード例 #8
0
def get(peer):
    try:
        con = sql.connect("info.db", check_same_thread=False)
        con.row_factory = sql.Row
        cur = con.cursor()
    except:
        pass
    try:
        ip_result = whatis(peer)
        if ip_result == False:
            cur.execute('DELETE FROM peers WHERE peer=?', (peer, ))
            con.commit()
            return
        if ip_result == "4":
            return_data = requests.get("http://" + peer + ":12995/info")
        else:
            return_data = requests.get("http://[" + peer + "]:12995/info")
        return_data = return_data.content
        return_data_details = return_data.split(",")
        Identifier = return_data_details[0]
        Public_key = return_data_details[1]
        Signature = return_data_details[2]
        Timestamp = return_data_details[3]
        Message = Identifier + ":" + Timestamp
        prove_ownership = messages.verify_message(Public_key, Signature,
                                                  Message)
        if prove_ownership == False:
            return
        cur.execute('SELECT * FROM peers WHERE identifier=? OR peer=?',
                    (Identifier, peer))
        result = cur.fetchall()
        if len(result) == 0:
            cur.execute('INSERT INTO peers (peer,identifier) VALUES (?,?)',
                        (peer, Identifier))
            con.commit()
        else:
            cur.execute('SELECT * FROM peers WHERE peer=?', (peer, ))
            result = cur.fetchall()
            if len(result) == 1:
                cur.execute('UPDATE peers SET identifier=? WHERE peer=?',
                            (Identifier, peer))
                con.commit()
            else:
                cur.execute('UPDATE peers SET peer=? WHERE identifier=?',
                            (peer, Identifier))
                con.commit()
        try:
            cur.execute('SELECT * FROM fake_account')
            result = cur.fetchall()
            fakeIdentifier = result[0]["fakeidentifier"]
            fakePrivateKey = result[0]["fake_private_key_hex"]
            fakePublicKey = result[0]["fake_public_key_hex"]
            cur.execute('SELECT * FROM fakeAccounts WHERE identifier=?',
                        (Identifier, ))
            result = cur.fetchall()
            if len(result) == 0:
                get_encryption(Identifier, peer, fakeIdentifier,
                               fakePrivateKey, fakePublicKey, ip_result)
            elif len(result) == 1:
                time_generated = result[0]["time_generated"]
                if time.time() - float(time_generated) > 1750:
                    get_encryption(Identifier, peer, fakeIdentifier,
                                   fakePrivateKey, fakePublicKey, ip_result)
            else:
                return
        except:
            pass
    except:
        cur.execute('DELETE FROM peers WHERE peer=?', (peer, ))
        con.commit()
    finally:
        try:
            con.close()
        except:
            pass
コード例 #9
0
def data_new(Identifier,public_key,timestamp,signature,hash,nonce):
	if request.remote_addr in Banlist:
		abort(403)
	if len(Identifier) != 52:
		abort(403)
	testing_address = address.keyToAddr2(public_key,Identifier)
	if testing_address != Identifier:
		abort(403)
	if testing_address in Banlist:
		abort(403)
	message = Identifier + ":" + timestamp
	prove_ownership = messages.verify_message(public_key, signature, message)
	if prove_ownership == False:
		abort(403)
	if time.time() - float(timestamp) < 40:
		try:
			con = sql.connect("info.db", check_same_thread=False)
			con.row_factory = sql.Row
			cur = con.cursor()
			cur.execute('SELECT * FROM fakeAccounts WHERE identifier=?', (Identifier,))
			result = cur.fetchall()
			if len(result) == 1:
				payload = request.data
				EncryptionKey = result[0]["EncryptionKey"]
				Hash = result[0]["hash"]
				if Hash != str(hash):
					abort(403)
				ProofOfWorkTime = result[0]["proof_of_work_time"]
				ProofOfWork = result[0]["proof_of_work"]
				if Hash == "None" and ProofOfWorkTime == "None" and ProofOfWork == "None":
					cur.execute('UPDATE fakeAccounts SET proof_of_work=? WHERE identifier=?',("POSTED",Identifier))
					con.commit()
					payload = decrypt.decryptAES(EncryptionKey,payload)
					if payload != False:
						result = memory_new(Identifier,payload)
						if result == "Ban":
							check_ban = requests.get("http://127.0.0.1:12995/check/ban/"+Identifier+"/"+request.remote_addr)
							return "You have been banned! Bye!"
						else:
							return "Added"
					else:
						abort(403)
				else:
					if ProofOfWork == "POSTED":
						abort(403)
					if time.time() - float(ProofOfWorkTime) < 25 and time.time() - float(ProofOfWorkTime) > 5:
						result = proof_of_work.verify(hash,nonce)
						if result == False:
							abort(403)
						cur.execute('UPDATE fakeAccounts SET proof_of_work=? WHERE identifier=?',(nonce,Identifier))
						con.commit()
						payload = decrypt.decryptAES(EncryptionKey,payload)
						if payload != False:
							result = memory_new(Identifier,payload)
							if result == "Ban":
								check_ban = requests.get("http://127.0.0.1:12995/check/ban/"+Identifier+"/"+request.remote_addr)
								return "You have been banned! Bye!"
							else:
								return "Added"
						else:
							abort(403)
					else:
						abort(403)
			else:
				abort(403)
		except Exception as e:
			print e
			return "Something went wrong!"
		finally:
			try:
				con.close()
			except:
				pass
	else:
		abort(403)
コード例 #10
0
def proofofwork_generate(user,public_key,timestamp,signature):
	if request.remote_addr in Banlist:
		abort(403)
	if len(user) != 52:
		abort(403)
	testing_address = address.keyToAddr2(public_key,user)
	if testing_address != user:
		abort(403)
	if testing_address in Banlist:
		abort(403)
	message = user + ":" + timestamp
	prove_ownership = messages.verify_message(public_key, signature, message)
	if prove_ownership == False:
		abort(403)
	if time.time() - float(timestamp) < 40:
		try:
			con = sql.connect("info.db", check_same_thread=False)
			con.text_factory = str
			con.row_factory = sql.Row
			cur = con.cursor()
			return_data = requests.get("http://127.0.0.1:12995/available/memory")
			result = return_data.content
			if result == "False":
				cur.execute('SELECT * FROM fakeAccounts WHERE identifier=?', (user,))
				result = cur.fetchall()
				if len(result) == 1:
					nonce = result[0]["proof_of_work"]
					if nonce == "POSTED" or nonce == None:
						word = generator.get()
						proofofwork = generator.hashed(word)
						time_generated = str(int(time.time()))
						cur.execute('UPDATE fakeAccounts SET hash=?, proof_of_work=?, proof_of_work_time=? WHERE identifier=?', (proofofwork,"None",time_generated,user))
						con.commit()
					else:
						time_generated = result[0]["proof_of_work_time"]
						if time_generated == "None" and nonce == "None":
							proofofwork = "None"
							time_generated = "None"
						else:
							if time.time() - float(time_generated) < 25:
								hashed = result[0]["hash"]
								return hashed + "," + time_generated
							else:
								word = generator.get()
								proofofwork = generator.hashed(word)
								time_generated = str(int(time.time()))
								cur.execute('UPDATE fakeAccounts SET hash=?, proof_of_work=?, proof_of_work_time=? WHERE identifier=?', (proofofwork,"None",time_generated,user))
								con.commit()
					return proofofwork + "," + time_generated
				else:
					abort(403)
			else:
				cur.execute('SELECT * FROM fakeAccounts WHERE identifier=?', (user,))
				result = cur.fetchall()
				if len(result) == 1:
					nonce = result[0]["proof_of_work"]
					if nonce == "POSTED" or nonce == "None":
						proofofwork = "None"
						time_generated = "None"
						cur.execute('UPDATE fakeAccounts SET hash=?, proof_of_work=?, proof_of_work_time=? WHERE identifier=?', ("None","None","None",user))
						con.commit()
					elif nonce == "None":
						proofofwork = "None"
						time_generated = "None"
					else:
						time_generated = result[0]["proof_of_work_time"]
						if time.time() - float(time_generated) < 25:
							return nonce + "," + time_generated
						else:
							proofofwork = "None"
							time_generated = "None"
							cur.execute('UPDATE fakeAccounts SET hash=?, proof_of_work=?, proof_of_work_time=? WHERE identifier=?', ("None","None","None",user))
							con.commit()
					return proofofwork + "," + time_generated
				else:
					abort(403)
				return "None,None"
		except:
			return "Something went wrong."
		finally:
			try:
				con.close()
			except:
				pass
	else:
		abort(403)
コード例 #11
0
	accounts.append(Accountaddress)
else:
	for Account in Accounts:
		try:
			account = Account["identifier"]
			private_key_hex = Account["private_key_hex"]
			public_key_hex = Account["public_key_hex"]
			Accountaddress = address.keyToAddr(public_key_hex,account)
			if Accountaddress != account:
				cur.execute('UPDATE accounts SET identifier=? WHERE identifier=?', (Accountaddress,account))
				con.commit()
			signature = messages.sign_message(private_key_hex,"test")
			if signature == False:
				print "	[-] There was a problem with signature. Exiting.."
				sys.exit(1)
			prove_ownership = messages.verify_message(public_key_hex, signature.encode("hex"), "test")
			if prove_ownership == False:
				print "	[-] The private key " + private_key_hex + " does not prove ownership of " + account
				cur.execute('DELETE FROM accounts WHERE identifier=?', (account,))
				con.commit()
			else:
				print "	[+] Account successfully loaded: " + account
				accounts.append(account)
		except:
			print "	[-] Error with private key. Maybe wrong format (WIF)? Exiting.."
			sys.exit(1)

if len(FakeAccounts) == 0:
	print "	[!] Generating new fake account"
	fake_private_key_hex,fake_public_key_hex,fakeAccountaddress = address.generate_fakeIdentifier()
	try: