def memory_search_user_alternative(user,public_key,timestamp,signature,Identifier,Identifier_public_key,Identifier_signature):
final = "None"
if request.remote_addr in Banlist:
abort(403)
testing_address = address.keyToAddr2(public_key,user)
if testing_address != user:
abort(403)
if testing_address in Banlist:
abort(403)
message = user + ":" + timestamp
prove_ownership = messages.verify_message(public_key,signature,message)
if prove_ownership == False:
abort(403)
if time.time() - float(timestamp) < 10:
try:
con = sql.connect("info.db", check_same_thread=False)
con.row_factory = sql.Row
cur = con.cursor()
cur.execute('SELECT * FROM fakeAccounts WHERE identifier=?', (user,))
result = cur.fetchall()
if len(result) == 1:
EncryptionKey = result[0]["EncryptionKey"]
Identifier = decrypt.decryptAES(EncryptionKey,str(Identifier))
if Identifier == False:
abort(403)
Identifier_signature = decrypt.decryptAES(EncryptionKey,str(Identifier_signature))
if Identifier_signature == False:
abort(403)
Identifier_public_key = decrypt.decryptAES(EncryptionKey,str(Identifier_public_key))
if Identifier_public_key == False:
abort(403)
testing_address = address.keyToAddr(Identifier_public_key,Identifier)
if testing_address != Identifier:
abort(403)
if testing_address in Banlist:
abort(403)
message = Identifier + ":" + timestamp
prove_ownership = messages.verify_message(Identifier_public_key,Identifier_signature,message)
if prove_ownership == False:
abort(403)
cur.execute('SELECT * FROM cache WHERE receiver=? AND operation!=? AND status!=? ORDER BY time LIMIT 1', (Identifier,"OSP","PASS"))
result = cur.fetchall()
if len(result) == 1:
tx_hash_output = result[0]["tx_hash"]
final = result[0]["data"]
final = encrypt.encryptAES(EncryptionKey,final)
cur.execute('DELETE FROM cache WHERE tx_hash=? AND receiver=? AND operation!=?', (tx_hash_output,Identifier,"OSP"))
con.commit()
return final
else:
abort(403)
except:
return "Something went wrong!"
finally:
try:
con.close()
except:
pass
return final
def encryption_post(user,public_key,timestamp,signature):
if request.remote_addr in Banlist:
abort(403)
if len(user) != 52:
abort(403)
testing_address = address.keyToAddr2(public_key,user)
if testing_address != user:
abort(403)
if testing_address in Banlist:
abort(403)
message = user + ":" + timestamp
prove_ownership = messages.verify_message(public_key, signature, message)
if prove_ownership == False:
abort(403)
try:
con = sql.connect("info.db", check_same_thread=False)
con.text_factory = str
con.row_factory = sql.Row
cur = con.cursor()
cur.execute('SELECT * FROM fake_account')
result = cur.fetchall()
fakeAccount = result[0]["fakeidentifier"]
if fakeAccount == user:
return "OK"
cur.execute('SELECT * FROM fakeAccounts WHERE identifier=?', (user,))
result = cur.fetchall()
found = False
if len(result) == 1:
found = True
time_generated = result[0]["time_generated"]
if time.time() - float(time_generated) < 1750:
abort(403)
elif len(result) > 1:
abort(403)
if time.time() - float(timestamp) < 10:
data = request.data
data = decrypt.decryptfromPubKey(data)
if data == False:
abort(403)
usersEncryptionKey = data
if found == True:
cur.execute('UPDATE fakeAccounts SET EncryptionKey=?, time_generated=? WHERE identifier=?', (usersEncryptionKey,str(int(time.time())),user))
con.commit()
else:
cur.execute('INSERT INTO fakeAccounts (identifier,EncryptionKey,time_generated) VALUES (?,?,?)', (user,usersEncryptionKey,str(int(time.time()))))
con.commit()
return "OK"
except:
return "Something went wrong."
finally:
try:
con.close()
except:
pass
def check_payload(payload):
details = payload.split(",")
if len(details) == 10:
operation = details[0]
sender = details[1]
if operation != "TREEPAY":
return sender + "," + False
receiver = details[2]
additional3 = details[6]
Address = address.keyToAddr(additional3, sender)
if Address != sender:
return sender + "," + False
if len(sender) < 36 or len(receiver) < 36 or len(sender) > 50 or len(
receiver) > 50:
return sender + "," + False
timestamp = str(int(float(details[3])))
time_now = time.time()
additional1 = details[4]
additional2 = details[5]
data = details[7]
transaction_hash = details[8]
final = operation + ":" + sender + ":" + receiver + ":" + str(
timestamp
) + ":" + additional1 + ":" + additional2 + ":" + additional3 + ":" + data
TX_hash = sha256(final.rstrip()).hexdigest()
if TX_hash == transaction_hash:
signature = details[-1]
final = TX_hash
prove_ownership = messages.verify_message(additional3, signature,
final)
if prove_ownership == True:
result = requests.get("http://127.0.0.1:10000/tx/" + TX_hash)
result = result.content
if result == "False":
requests.post("http://127.0.0.1:10000/tx/new",
data=transaction_hash)
return receiver + "," + "True"
else:
return sender + "," + "Received"
else:
return sender + "," + False
else:
return sender + "," + False
else:
return sender + "," + False
def importprivkey():
private_key_hex = raw_input("Enter private key in hex format: ")
public_key_hex, Address = address.details_from_private(private_key_hex)
signature = messages.sign_message(private_key_hex, "test")
prove_ownership = messages.verify_message(public_key_hex,
signature.encode("hex"), "test")
if prove_ownership == True:
try:
cur.execute(
'INSERT INTO accounts (identifier,private_key_hex,public_key_hex) VALUES (?,?,?)',
(Address, private_key_hex, public_key_hex))
con.commit()
print "[+] Account " + Address + " added"
except Exception as e:
print e
con.close()
else:
print "This private key does not prove ownership of " + Address
def check_payload(payload):
details = payload.split(",")
if len(details) == 10:
operation = details[0]
sender = details[1]
receiver = details[2]
additional3 = details[6]
Address = address.keyToAddr(additional3,sender)
if Address != sender:
return sender + "," + False
if len(sender) < 36 or len(receiver) < 36 or len(sender) > 50 or len(receiver) > 50:
return sender + "," + False
try:
timestamp = str(int(float(details[3])))
except:
return "False,False"
time_now = time.time()
if time_now - float(timestamp) > 420:
return "False,False"
additional1 = details[4]
additional2 = details[5]
data = details[7]
transaction_hash = details[8]
final = operation + ":" + sender + ":" + receiver + ":" + str(timestamp) + ":" + additional1 + ":" + additional2 + ":" + additional3 + ":" + data
TX_hash = sha256(final.rstrip()).hexdigest()
if TX_hash == transaction_hash:
signature = details[-1]
final = TX_hash
prove_ownership = messages.verify_message(additional3, signature, final)
if prove_ownership == True:
return "True,"+data
else:
return "False,False"
else:
return "False,False"
else:
return "False,False"
def importfake():
private_key_hex = raw_input("Enter private key in hex format: ")
public_key_hex, Address = address.details_from_private_fake(
private_key_hex)
signature = messages.sign_message(private_key_hex, "test")
prove_ownership = messages.verify_message(public_key_hex,
signature.encode("hex"), "test")
if prove_ownership == True:
cur.execute('SELECT * FROM fake_account')
result = cur.fetchall()
if len(result) == 0:
try:
cur.execute(
'INSERT INTO fake_account (fakeidentifier,fake_private_key_hex,fake_public_key_hex) VALUES (?,?,?)',
(Address, private_key_hex, public_key_hex))
con.commit()
print "[+] Account " + Address + " added"
except Exception as e:
print e
else:
print "Another fake account already exists. Exiting.."
con.close()
else:
print "This private key does not prove ownership of " + Address
def check_payload(payload):
details = payload.split(",")
if len(details) == 10:
operation = details[0]
sender = details[1]
sender = sender.split("|")
senders_count = len(sender)
receiver = details[2]
receiver = receiver.split("|")
receivers_count = len(receiver)
additional3 = details[6]
additional3 = additional3.split("|")
pkeys_count = len(additional3)
if senders_count == receivers_count:
if receivers_count == pkeys_count:
if pkeys_count > 10:
return "Just" + "," + "pass"
if pkeys_count > 1 and operation == "OSP":
return "Just" + "," + "pass"
for Sender in sender:
Address = ""
for Additional3 in additional3:
Address = address.keyToAddr(Additional3,Sender)
if Address == Sender:
break
if Address != Sender:
return "Just" + "," + "pass"
if len(Sender) < 36 or len(Sender) > 50:
return "Just" + "," + "pass"
if len(sender) == 1:
sender = sender[0]
else:
sender = '|'.join(sender)
if len(additional3) == 1:
additional3 = additional3[0]
else:
additional3 = '|'.join(additional3)
for Receiver in receiver:
if len(Receiver) < 36 or len(Receiver) > 50:
return "Just" + "," + "pass"
if len(receiver) == 1:
receiver = receiver[0]
else:
receiver = '|'.join(receiver)
else:
return "Just" + "," + "pass"
else:
return "Just" + "," + "pass"
timestamp = str(int(float(details[3])))
time_now = time.time()
additional1 = details[4]
additional2 = details[5]
data = details[7]
transaction_hash = details[8]
final = operation + ":" + sender + ":" + receiver + ":" + str(timestamp) + ":" + additional1 + ":" + additional2 + ":" + additional3 + ":" + data
TX_hash = sha256(final.rstrip()).hexdigest()
if TX_hash == transaction_hash:
signature = details[-1]
final = TX_hash
if pkeys_count == 1:
prove_ownership = messages.verify_message(additional3, signature, final)
else:
prove_ownership = True
if prove_ownership == True:
result = requests.get("http://127.0.0.1:12995/tx/"+TX_hash)
result = result.content
if result == "False":
requests.post("http://127.0.0.1:12995/tx/new", data=transaction_hash+","+timestamp)
return sender + "," + "True"
else:
return sender + "," + "Received"
else:
return sender + "," + False
else:
return sender + "," + False
else:
return sender + "," + False
def get(peer):
try:
con = sql.connect("info.db", check_same_thread=False)
con.row_factory = sql.Row
cur = con.cursor()
except:
pass
try:
ip_result = whatis(peer)
if ip_result == False:
cur.execute('DELETE FROM peers WHERE peer=?', (peer, ))
con.commit()
return
if ip_result == "4":
return_data = requests.get("http://" + peer + ":12995/info")
else:
return_data = requests.get("http://[" + peer + "]:12995/info")
return_data = return_data.content
return_data_details = return_data.split(",")
Identifier = return_data_details[0]
Public_key = return_data_details[1]
Signature = return_data_details[2]
Timestamp = return_data_details[3]
Message = Identifier + ":" + Timestamp
prove_ownership = messages.verify_message(Public_key, Signature,
Message)
if prove_ownership == False:
return
cur.execute('SELECT * FROM peers WHERE identifier=? OR peer=?',
(Identifier, peer))
result = cur.fetchall()
if len(result) == 0:
cur.execute('INSERT INTO peers (peer,identifier) VALUES (?,?)',
(peer, Identifier))
con.commit()
else:
cur.execute('SELECT * FROM peers WHERE peer=?', (peer, ))
result = cur.fetchall()
if len(result) == 1:
cur.execute('UPDATE peers SET identifier=? WHERE peer=?',
(Identifier, peer))
con.commit()
else:
cur.execute('UPDATE peers SET peer=? WHERE identifier=?',
(peer, Identifier))
con.commit()
try:
cur.execute('SELECT * FROM fake_account')
result = cur.fetchall()
fakeIdentifier = result[0]["fakeidentifier"]
fakePrivateKey = result[0]["fake_private_key_hex"]
fakePublicKey = result[0]["fake_public_key_hex"]
cur.execute('SELECT * FROM fakeAccounts WHERE identifier=?',
(Identifier, ))
result = cur.fetchall()
if len(result) == 0:
get_encryption(Identifier, peer, fakeIdentifier,
fakePrivateKey, fakePublicKey, ip_result)
elif len(result) == 1:
time_generated = result[0]["time_generated"]
if time.time() - float(time_generated) > 1750:
get_encryption(Identifier, peer, fakeIdentifier,
fakePrivateKey, fakePublicKey, ip_result)
else:
return
except:
pass
except:
cur.execute('DELETE FROM peers WHERE peer=?', (peer, ))
con.commit()
finally:
try:
con.close()
except:
pass
def data_new(Identifier,public_key,timestamp,signature,hash,nonce):
if request.remote_addr in Banlist:
abort(403)
if len(Identifier) != 52:
abort(403)
testing_address = address.keyToAddr2(public_key,Identifier)
if testing_address != Identifier:
abort(403)
if testing_address in Banlist:
abort(403)
message = Identifier + ":" + timestamp
prove_ownership = messages.verify_message(public_key, signature, message)
if prove_ownership == False:
abort(403)
if time.time() - float(timestamp) < 40:
try:
con = sql.connect("info.db", check_same_thread=False)
con.row_factory = sql.Row
cur = con.cursor()
cur.execute('SELECT * FROM fakeAccounts WHERE identifier=?', (Identifier,))
result = cur.fetchall()
if len(result) == 1:
payload = request.data
EncryptionKey = result[0]["EncryptionKey"]
Hash = result[0]["hash"]
if Hash != str(hash):
abort(403)
ProofOfWorkTime = result[0]["proof_of_work_time"]
ProofOfWork = result[0]["proof_of_work"]
if Hash == "None" and ProofOfWorkTime == "None" and ProofOfWork == "None":
cur.execute('UPDATE fakeAccounts SET proof_of_work=? WHERE identifier=?',("POSTED",Identifier))
con.commit()
payload = decrypt.decryptAES(EncryptionKey,payload)
if payload != False:
result = memory_new(Identifier,payload)
if result == "Ban":
check_ban = requests.get("http://127.0.0.1:12995/check/ban/"+Identifier+"/"+request.remote_addr)
return "You have been banned! Bye!"
else:
return "Added"
else:
abort(403)
else:
if ProofOfWork == "POSTED":
abort(403)
if time.time() - float(ProofOfWorkTime) < 25 and time.time() - float(ProofOfWorkTime) > 5:
result = proof_of_work.verify(hash,nonce)
if result == False:
abort(403)
cur.execute('UPDATE fakeAccounts SET proof_of_work=? WHERE identifier=?',(nonce,Identifier))
con.commit()
payload = decrypt.decryptAES(EncryptionKey,payload)
if payload != False:
result = memory_new(Identifier,payload)
if result == "Ban":
check_ban = requests.get("http://127.0.0.1:12995/check/ban/"+Identifier+"/"+request.remote_addr)
return "You have been banned! Bye!"
else:
return "Added"
else:
abort(403)
else:
abort(403)
else:
abort(403)
except Exception as e:
print e
return "Something went wrong!"
finally:
try:
con.close()
except:
pass
else:
abort(403)
def proofofwork_generate(user,public_key,timestamp,signature):
if request.remote_addr in Banlist:
abort(403)
if len(user) != 52:
abort(403)
testing_address = address.keyToAddr2(public_key,user)
if testing_address != user:
abort(403)
if testing_address in Banlist:
abort(403)
message = user + ":" + timestamp
prove_ownership = messages.verify_message(public_key, signature, message)
if prove_ownership == False:
abort(403)
if time.time() - float(timestamp) < 40:
try:
con = sql.connect("info.db", check_same_thread=False)
con.text_factory = str
con.row_factory = sql.Row
cur = con.cursor()
return_data = requests.get("http://127.0.0.1:12995/available/memory")
result = return_data.content
if result == "False":
cur.execute('SELECT * FROM fakeAccounts WHERE identifier=?', (user,))
result = cur.fetchall()
if len(result) == 1:
nonce = result[0]["proof_of_work"]
if nonce == "POSTED" or nonce == None:
word = generator.get()
proofofwork = generator.hashed(word)
time_generated = str(int(time.time()))
cur.execute('UPDATE fakeAccounts SET hash=?, proof_of_work=?, proof_of_work_time=? WHERE identifier=?', (proofofwork,"None",time_generated,user))
con.commit()
else:
time_generated = result[0]["proof_of_work_time"]
if time_generated == "None" and nonce == "None":
proofofwork = "None"
time_generated = "None"
else:
if time.time() - float(time_generated) < 25:
hashed = result[0]["hash"]
return hashed + "," + time_generated
else:
word = generator.get()
proofofwork = generator.hashed(word)
time_generated = str(int(time.time()))
cur.execute('UPDATE fakeAccounts SET hash=?, proof_of_work=?, proof_of_work_time=? WHERE identifier=?', (proofofwork,"None",time_generated,user))
con.commit()
return proofofwork + "," + time_generated
else:
abort(403)
else:
cur.execute('SELECT * FROM fakeAccounts WHERE identifier=?', (user,))
result = cur.fetchall()
if len(result) == 1:
nonce = result[0]["proof_of_work"]
if nonce == "POSTED" or nonce == "None":
proofofwork = "None"
time_generated = "None"
cur.execute('UPDATE fakeAccounts SET hash=?, proof_of_work=?, proof_of_work_time=? WHERE identifier=?', ("None","None","None",user))
con.commit()
elif nonce == "None":
proofofwork = "None"
time_generated = "None"
else:
time_generated = result[0]["proof_of_work_time"]
if time.time() - float(time_generated) < 25:
return nonce + "," + time_generated
else:
proofofwork = "None"
time_generated = "None"
cur.execute('UPDATE fakeAccounts SET hash=?, proof_of_work=?, proof_of_work_time=? WHERE identifier=?', ("None","None","None",user))
con.commit()
return proofofwork + "," + time_generated
else:
abort(403)
return "None,None"
except:
return "Something went wrong."
finally:
try:
con.close()
except:
pass
else:
abort(403)
accounts.append(Accountaddress)
else:
for Account in Accounts:
try:
account = Account["identifier"]
private_key_hex = Account["private_key_hex"]
public_key_hex = Account["public_key_hex"]
Accountaddress = address.keyToAddr(public_key_hex,account)
if Accountaddress != account:
cur.execute('UPDATE accounts SET identifier=? WHERE identifier=?', (Accountaddress,account))
con.commit()
signature = messages.sign_message(private_key_hex,"test")
if signature == False:
print " [-] There was a problem with signature. Exiting.."
sys.exit(1)
prove_ownership = messages.verify_message(public_key_hex, signature.encode("hex"), "test")
if prove_ownership == False:
print " [-] The private key " + private_key_hex + " does not prove ownership of " + account
cur.execute('DELETE FROM accounts WHERE identifier=?', (account,))
con.commit()
else:
print " [+] Account successfully loaded: " + account
accounts.append(account)
except:
print " [-] Error with private key. Maybe wrong format (WIF)? Exiting.."
sys.exit(1)
if len(FakeAccounts) == 0:
print " [!] Generating new fake account"
fake_private_key_hex,fake_public_key_hex,fakeAccountaddress = address.generate_fakeIdentifier()
try: