def memory_search_user_alternative(user,public_key,timestamp,signature,Identifier,Identifier_public_key,Identifier_signature):
final = "None"
if request.remote_addr in Banlist:
abort(403)
testing_address = address.keyToAddr2(public_key,user)
if testing_address != user:
abort(403)
if testing_address in Banlist:
abort(403)
message = user + ":" + timestamp
prove_ownership = messages.verify_message(public_key,signature,message)
if prove_ownership == False:
abort(403)
if time.time() - float(timestamp) < 10:
try:
con = sql.connect("info.db", check_same_thread=False)
con.row_factory = sql.Row
cur = con.cursor()
cur.execute('SELECT * FROM fakeAccounts WHERE identifier=?', (user,))
result = cur.fetchall()
if len(result) == 1:
EncryptionKey = result[0]["EncryptionKey"]
Identifier = decrypt.decryptAES(EncryptionKey,str(Identifier))
if Identifier == False:
abort(403)
Identifier_signature = decrypt.decryptAES(EncryptionKey,str(Identifier_signature))
if Identifier_signature == False:
abort(403)
Identifier_public_key = decrypt.decryptAES(EncryptionKey,str(Identifier_public_key))
if Identifier_public_key == False:
abort(403)
testing_address = address.keyToAddr(Identifier_public_key,Identifier)
if testing_address != Identifier:
abort(403)
if testing_address in Banlist:
abort(403)
message = Identifier + ":" + timestamp
prove_ownership = messages.verify_message(Identifier_public_key,Identifier_signature,message)
if prove_ownership == False:
abort(403)
cur.execute('SELECT * FROM cache WHERE receiver=? AND operation!=? AND status!=? ORDER BY time LIMIT 1', (Identifier,"OSP","PASS"))
result = cur.fetchall()
if len(result) == 1:
tx_hash_output = result[0]["tx_hash"]
final = result[0]["data"]
final = encrypt.encryptAES(EncryptionKey,final)
cur.execute('DELETE FROM cache WHERE tx_hash=? AND receiver=? AND operation!=?', (tx_hash_output,Identifier,"OSP"))
con.commit()
return final
else:
abort(403)
except:
return "Something went wrong!"
finally:
try:
con.close()
except:
pass
return final
def check_payload(payload):
details = payload.split(",")
if len(details) == 10:
operation = details[0]
sender = details[1]
if operation != "TREEPAY":
return sender + "," + False
receiver = details[2]
additional3 = details[6]
Address = address.keyToAddr(additional3, sender)
if Address != sender:
return sender + "," + False
if len(sender) < 36 or len(receiver) < 36 or len(sender) > 50 or len(
receiver) > 50:
return sender + "," + False
timestamp = str(int(float(details[3])))
time_now = time.time()
additional1 = details[4]
additional2 = details[5]
data = details[7]
transaction_hash = details[8]
final = operation + ":" + sender + ":" + receiver + ":" + str(
timestamp
) + ":" + additional1 + ":" + additional2 + ":" + additional3 + ":" + data
TX_hash = sha256(final.rstrip()).hexdigest()
if TX_hash == transaction_hash:
signature = details[-1]
final = TX_hash
prove_ownership = messages.verify_message(additional3, signature,
final)
if prove_ownership == True:
result = requests.get("http://127.0.0.1:10000/tx/" + TX_hash)
result = result.content
if result == "False":
requests.post("http://127.0.0.1:10000/tx/new",
data=transaction_hash)
return receiver + "," + "True"
else:
return sender + "," + "Received"
else:
return sender + "," + False
else:
return sender + "," + False
else:
return sender + "," + False
def whoami():
try:
cur.execute('SELECT * FROM accounts')
results = cur.fetchall()
for account in results:
Address = account["identifier"]
public_key_hex = account["public_key_hex"]
Accountaddress = address.keyToAddr(public_key_hex, Address)
print "[+] " + Accountaddress
cur.execute('SELECT * FROM fake_account')
results = cur.fetchall()
for account in results:
Address = account["fakeidentifier"]
public_key_hex = account["fake_public_key_hex"]
Accountaddress = address.keyToAddr2(public_key_hex, Address)
print "[+] " + Accountaddress
except Exception as e:
print e
con.close()
def check_payload(payload):
details = payload.split(",")
if len(details) == 10:
operation = details[0]
sender = details[1]
receiver = details[2]
additional3 = details[6]
Address = address.keyToAddr(additional3,sender)
if Address != sender:
return sender + "," + False
if len(sender) < 36 or len(receiver) < 36 or len(sender) > 50 or len(receiver) > 50:
return sender + "," + False
try:
timestamp = str(int(float(details[3])))
except:
return "False,False"
time_now = time.time()
if time_now - float(timestamp) > 420:
return "False,False"
additional1 = details[4]
additional2 = details[5]
data = details[7]
transaction_hash = details[8]
final = operation + ":" + sender + ":" + receiver + ":" + str(timestamp) + ":" + additional1 + ":" + additional2 + ":" + additional3 + ":" + data
TX_hash = sha256(final.rstrip()).hexdigest()
if TX_hash == transaction_hash:
signature = details[-1]
final = TX_hash
prove_ownership = messages.verify_message(additional3, signature, final)
if prove_ownership == True:
return "True,"+data
else:
return "False,False"
else:
return "False,False"
else:
return "False,False"
def check_payload(payload):
details = payload.split(",")
if len(details) == 10:
operation = details[0]
sender = details[1]
sender = sender.split("|")
senders_count = len(sender)
receiver = details[2]
receiver = receiver.split("|")
receivers_count = len(receiver)
additional3 = details[6]
additional3 = additional3.split("|")
pkeys_count = len(additional3)
if senders_count == receivers_count:
if receivers_count == pkeys_count:
if pkeys_count > 10:
return "Just" + "," + "pass"
if pkeys_count > 1 and operation == "OSP":
return "Just" + "," + "pass"
for Sender in sender:
Address = ""
for Additional3 in additional3:
Address = address.keyToAddr(Additional3,Sender)
if Address == Sender:
break
if Address != Sender:
return "Just" + "," + "pass"
if len(Sender) < 36 or len(Sender) > 50:
return "Just" + "," + "pass"
if len(sender) == 1:
sender = sender[0]
else:
sender = '|'.join(sender)
if len(additional3) == 1:
additional3 = additional3[0]
else:
additional3 = '|'.join(additional3)
for Receiver in receiver:
if len(Receiver) < 36 or len(Receiver) > 50:
return "Just" + "," + "pass"
if len(receiver) == 1:
receiver = receiver[0]
else:
receiver = '|'.join(receiver)
else:
return "Just" + "," + "pass"
else:
return "Just" + "," + "pass"
timestamp = str(int(float(details[3])))
time_now = time.time()
additional1 = details[4]
additional2 = details[5]
data = details[7]
transaction_hash = details[8]
final = operation + ":" + sender + ":" + receiver + ":" + str(timestamp) + ":" + additional1 + ":" + additional2 + ":" + additional3 + ":" + data
TX_hash = sha256(final.rstrip()).hexdigest()
if TX_hash == transaction_hash:
signature = details[-1]
final = TX_hash
if pkeys_count == 1:
prove_ownership = messages.verify_message(additional3, signature, final)
else:
prove_ownership = True
if prove_ownership == True:
result = requests.get("http://127.0.0.1:12995/tx/"+TX_hash)
result = result.content
if result == "False":
requests.post("http://127.0.0.1:12995/tx/new", data=transaction_hash+","+timestamp)
return sender + "," + "True"
else:
return sender + "," + "Received"
else:
return sender + "," + False
else:
return sender + "," + False
else:
return sender + "," + False
con.commit()
except:
print " [-] DB error. Exiting.."
sys.exit(1)
print " [+] New account " + Accountaddress + " created"
GetFromSettings.update({Accountaddress:"ALL"})
PostToSettings.update({Accountaddress:"ALL"})
accounts.append(Accountaddress)
else:
for Account in Accounts:
try:
account = Account["identifier"]
private_key_hex = Account["private_key_hex"]
public_key_hex = Account["public_key_hex"]
Accountaddress = address.keyToAddr(public_key_hex,account)
if Accountaddress != account:
cur.execute('UPDATE accounts SET identifier=? WHERE identifier=?', (Accountaddress,account))
con.commit()
signature = messages.sign_message(private_key_hex,"test")
if signature == False:
print " [-] There was a problem with signature. Exiting.."
sys.exit(1)
prove_ownership = messages.verify_message(public_key_hex, signature.encode("hex"), "test")
if prove_ownership == False:
print " [-] The private key " + private_key_hex + " does not prove ownership of " + account
cur.execute('DELETE FROM accounts WHERE identifier=?', (account,))
con.commit()
else:
print " [+] Account successfully loaded: " + account
accounts.append(account)