SlideShare ist ein Scribd-Unternehmen logo

A Blockchain Quest - Hacker House

C
Crypto Dashie

A blockchain quest describes our heroes adventures through the many lands of blockchain. We explore technology paradigms, introduce hardware concepts, digital design processes and lastly explore cyber security issues affecting blockchain adoption. The presenter is Hacker Fantastic, known widely for his work in information security. We explore malware, wifi-breathing dragons, XMR injection, IPFS scanning, protocol labs and building on the blockchain for hackers. This 45 minute presentation hopes to encourage more companies and individuals to explore p2p, world computing, decentralised and tokenised technology stacks.

Technologie
1 von 39
A BLOCKCHAIN QUEST
INTRODUCTIONS • Hacker Fantastic, Co-Founder Hacker House • Security training and professional services • Why listen? • Talk contains a live demo, participation optional.
ⒶANARCHY VS WOLF $STREET
THIS ISN’T JUST ABOUT MONEY… • Blockchains are a new computer paradigm • De-centralized Trust • Peer-2-Peer • Privacy orientated • Secured with Cryptography • Censorship Resistant • Open World Order vs New World Order • Machine-Aided Consensus • Increased Connectivity • Decreased Overheads • Problem Solving Potential REVOLUTION
CRYPTO CYBER CRIME WAVE
RAMPANT FRAUD, US-SEC & MONEY LAUNDERING • ICO’s are dangerously misleading, often solving no real problem • Regulation tries to curb & control, questions legitimacy • Media hysteria, lack of understanding, misinformed old television & young facebook generations. #FAKEnews, Cambridge Analytica, feeds of ”Get Rich, Bitcoin” scams. Social capital. • Fools & their money are easily parted
YOU ENTER THE TAVERN… • Quest through lifecycles of “Mining” • Proof-of-Work Puzzle Consensus Acceleration • Digital Design, Modelling & Simulations • Outputs
EQUIP YOUR PARTY WISELY! • Electrical engineering primer is recommended, health & safety 101, electricity is serious business +1 • Know Ohms law, Watts, Amps, kWh, IC’s, Maker etc. • 1-10-100 mA rule, please avoid death! • Avoid fires by using proper rated wiring, for ALL PARTS OF INSTALLATION! Keep to 10A max per socket, don’t overload the ring!
GPU … ... FPGA
DEVELOPMENT BOARD • Terasic DE0-Nano Cyclone FPGA • < $100 22K LE FPGA board • Quartus II Version 13.0.1 Web Edition (Linux) • JTAG SignalTap II • Verilog design & JSON scripts for getWork (no stratum) • Hashrate 3-28MH/s (25 – 450MHz) https://github.com/cryptodashie/Open-Source-FPGA- Bitcoin-Miner
FPGA – DIGITAL DESIGN & MODELLING
FPGA PIPELINING & PERFORMANCE ENHANCING IO • Phase-locked Loop (PLL) • High speed I/O (GPIO++) • Fast data transfer • OVERCLOCK DANGEROUS
FPGA OVERCLOCKING & WATER COOLING • 50MHz XTAL • 0-50 MHz (no cooling) • 50-200 MHz (fan/heatsink) • 200-450 MHz (water) • OVERCLOCK AT OWN RISK
BITCOIN PROOF-OF-WORK BLOCK DIAGRAM
CHIP PLANNER BLOCK UTILIZATION
FPGA PROGRAM DE0-NANO VIA FLASH LOADER
SCALABLE R&D FOR PROOF-OF-WORK ALGORITHMS • Litecoin Core example available • Pokemon your own! • Keecak SHA-3? 1/2/3 from X11?
ASIC MINERS
MADE IN CHINA, HACKED IN UK!
HEALTH HAZARDS, BE SAFE.
BEAGLECLONE – PARTIAL POPULATED BLACK PCB • L3+ / A3 / D3 model controllers • Angstorm Linux • Firmware easily dumped / downloaded • No code signing, trivial to mod • auth.minerlink.com remote manager “antbleed” • SSH / HTTP defaults ”root/root” “root/admin”
HACKING BITCOIN MINERS • Shodan / Google Dork to identify miners • Easy strings “antMiner Configuration” realm • Exposed footprint has Pre-Auth information leaks • IP geolocate large remote mining farms
BITMAIN FIRMWARE HACKING • https://github.com/cryptodashie/bitmain_hacking (reverse engineering data) • 1.5% DEV FEE (pool switching) • Blissz port cgminer-4.9 to cgminer-4.10 • Control individual boards in software, no need for hardware modifications (A++)
WAREZ JUAREZ REVOLUTION SIACOIN/SIAFUND …
INTERPLANETARY FILE SYSTEM (IPFS) http://ipfs.io/ (scan data) https://github.com/cryptodashie/ipfs
HOSTS NEONAZIS, MALWARE, PORN, BLOGS...
HARDWARE WALLETS • Hardware + Firmware • Supply chain attacks • All three platforms had recent patches, props Saleem Rashid! • Chrome WebUSB (?)
WEB3.JS – ENUMERATION & PROMISE EXAMPLE Enumerate account details, interact with wallets or prompt unlocking….
RISE OF THE CRYPTONIGHT JAVASCRIPT MINER • Cryptonight proof-of-work can mine Monero (XMR) • Replace captchas, adverts or monetize links • Very low profit returns, $0.1 (users adapt)
INTERNET-OF-THINGS, PUBLIC SPACE, SHORT LINKS
MONERO-IN-THE-MIDDLE (XMR INJECTION) • Use of WiFi enabled embedded device • KARMA attack (hostapd-wpe) • PAYG Internet Connectivity via (4G) LTE • Supports multiple MITM modes of operation
DEMO
RECOMMENDED READING • Verilog by example - Blaine C. Readler • Mastering Bitcoin – Andreas Antonopoulos • Introducing Ethereum and Solidity - Chris Dannen
Q&A? THANK YOU #COINFESTUK FOR LISTENING https://hacker.house

Empfohlen

Indjic fintech module 6
Indjic fintech module 6Indjic fintech module 6
Indjic fintech module 6
Drago Indjic
 
Bit coin
Bit coinBit coin
Bit coin
Paramesh Devarasetty
 
Cyber crime &_info_security
Cyber crime &_info_securityCyber crime &_info_security
Cyber crime &_info_security
Er Mahendra Yadav
 
Blockchain
BlockchainBlockchain
Blockchain
Abhinand Valasseri
 
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency EcosystemsA Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
Beau Bullock
 
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency EcosystemsA Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
Beau Bullock
 
Blockchain and Banking
Blockchain and BankingBlockchain and Banking
Blockchain and Banking
HyperTrends Global Inc.
 
CryptoJacking and Security: Evolution of a Hack
CryptoJacking and Security: Evolution of a HackCryptoJacking and Security: Evolution of a Hack
CryptoJacking and Security: Evolution of a Hack
Bryan Becker
 

Empfohlen

Indjic fintech module 6
Indjic fintech module 6Indjic fintech module 6
Indjic fintech module 6
Drago Indjic
 
Bit coin
Bit coinBit coin
Bit coin
Paramesh Devarasetty
 
Cyber crime &_info_security
Cyber crime &_info_securityCyber crime &_info_security
Cyber crime &_info_security
Er Mahendra Yadav
 
Blockchain
BlockchainBlockchain
Blockchain
Abhinand Valasseri
 
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency EcosystemsA Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
Beau Bullock
 
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency EcosystemsA Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
Beau Bullock
 
Blockchain and Banking
Blockchain and BankingBlockchain and Banking
Blockchain and Banking
HyperTrends Global Inc.
 
CryptoJacking and Security: Evolution of a Hack
CryptoJacking and Security: Evolution of a HackCryptoJacking and Security: Evolution of a Hack
CryptoJacking and Security: Evolution of a Hack
Bryan Becker
 
Dubai Blockchain_channel_22072018
Dubai Blockchain_channel_22072018Dubai Blockchain_channel_22072018
Dubai Blockchain_channel_22072018
Pekka Kelkka
 
Hacking blockchain
Hacking blockchainHacking blockchain
Hacking blockchain
Jose L. Quiñones-Borrero
 
Cryptocurrencies
CryptocurrenciesCryptocurrencies
Cryptocurrencies
Prometheus102
 
Defcon 22-metacortex-grifter-darkside-of-the-internet
Defcon 22-metacortex-grifter-darkside-of-the-internetDefcon 22-metacortex-grifter-darkside-of-the-internet
Defcon 22-metacortex-grifter-darkside-of-the-internet
Priyanka Aash
 
nabdullin_brcrdu_dark
nabdullin_brcrdu_darknabdullin_brcrdu_dark
nabdullin_brcrdu_dark
Nikita Abdullin
 
Blockchain technology & it's application
Blockchain technology & it's applicationBlockchain technology & it's application
Blockchain technology & it's application
Bhushan Vidhate
 
Bitcoin and the Rise of the Block Chains
Bitcoin and the Rise of the Block ChainsBitcoin and the Rise of the Block Chains
Bitcoin and the Rise of the Block Chains
Dallas Kennedy
 
CRYPTO CURRENCY.pptx
CRYPTO CURRENCY.pptxCRYPTO CURRENCY.pptx
CRYPTO CURRENCY.pptx
B.VIGNESH
 
Bitcoin
BitcoinBitcoin
Bitcoin
mahdi ataeyan
 
Bitcoin, Cryptocurrency, & Blockchain Presentation
Bitcoin, Cryptocurrency, & Blockchain PresentationBitcoin, Cryptocurrency, & Blockchain Presentation
Bitcoin, Cryptocurrency, & Blockchain Presentation
MaxWheelock
 
Crypto currency1
Crypto currency1Crypto currency1
Crypto currency1
Karthik Muthuchandra
 
Bitcoin
BitcoinBitcoin
Bitcoin
Fayoke banjo
 
Fear, Uncertainty and Doubt
Fear, Uncertainty and DoubtFear, Uncertainty and Doubt
Fear, Uncertainty and Doubt
Manuel Schmalstieg
 
Introduction to Bitcoin and Crypto-currency
Introduction to Bitcoin and Crypto-currency Introduction to Bitcoin and Crypto-currency
Introduction to Bitcoin and Crypto-currency
Justin Denton
 
Blockchain 101 - public, tokenized blockchains
Blockchain 101 - public, tokenized blockchainsBlockchain 101 - public, tokenized blockchains
Blockchain 101 - public, tokenized blockchains
Brett Colbert
 
Crypto Presentation
Crypto PresentationCrypto Presentation
Crypto Presentation
MaxWheelock
 
Blockchain - Presentacion Betabeers Galicia 10/12/2014
Blockchain - Presentacion Betabeers Galicia 10/12/2014Blockchain - Presentacion Betabeers Galicia 10/12/2014
Blockchain - Presentacion Betabeers Galicia 10/12/2014
WeKCo Coworking
 
Introduction to Blockchain, Crypto and Public Relations
Introduction to Blockchain, Crypto and Public RelationsIntroduction to Blockchain, Crypto and Public Relations
Introduction to Blockchain, Crypto and Public Relations
Lars Voedisch
 
Resource slides for blockchain related question
Resource slides for blockchain related questionResource slides for blockchain related question
Resource slides for blockchain related question
Lin Lin (Wendy)
 
Bitcoin Transaction Malleability
Bitcoin Transaction MalleabilityBitcoin Transaction Malleability
Bitcoin Transaction Malleability
srkedmi
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
MadyBayot
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2
 

Weitere ähnliche Inhalte

Ähnlich wie A Blockchain Quest - Hacker House

CRYPTO CURRENCY.pptx
CRYPTO CURRENCY.pptxCRYPTO CURRENCY.pptx
CRYPTO CURRENCY.pptx
B.VIGNESH
 

Ähnlich wie A Blockchain Quest - Hacker House (20)

Dubai Blockchain_channel_22072018
Dubai Blockchain_channel_22072018Dubai Blockchain_channel_22072018
Dubai Blockchain_channel_22072018
 
Hacking blockchain
Hacking blockchainHacking blockchain
Hacking blockchain
 
Cryptocurrencies
CryptocurrenciesCryptocurrencies
Cryptocurrencies
 
Defcon 22-metacortex-grifter-darkside-of-the-internet
Defcon 22-metacortex-grifter-darkside-of-the-internetDefcon 22-metacortex-grifter-darkside-of-the-internet
Defcon 22-metacortex-grifter-darkside-of-the-internet
 
nabdullin_brcrdu_dark
nabdullin_brcrdu_darknabdullin_brcrdu_dark
nabdullin_brcrdu_dark
 
Blockchain technology & it's application
Blockchain technology & it's applicationBlockchain technology & it's application
Blockchain technology & it's application
 
Bitcoin and the Rise of the Block Chains
Bitcoin and the Rise of the Block ChainsBitcoin and the Rise of the Block Chains
Bitcoin and the Rise of the Block Chains
 
CRYPTO CURRENCY.pptx
CRYPTO CURRENCY.pptxCRYPTO CURRENCY.pptx
CRYPTO CURRENCY.pptx
 
Bitcoin
BitcoinBitcoin
Bitcoin
 
Bitcoin, Cryptocurrency, & Blockchain Presentation
Bitcoin, Cryptocurrency, & Blockchain PresentationBitcoin, Cryptocurrency, & Blockchain Presentation
Bitcoin, Cryptocurrency, & Blockchain Presentation
 
Crypto currency1
Crypto currency1Crypto currency1
Crypto currency1
 
Bitcoin
BitcoinBitcoin
Bitcoin
 
Fear, Uncertainty and Doubt
Fear, Uncertainty and DoubtFear, Uncertainty and Doubt
Fear, Uncertainty and Doubt
 
Introduction to Bitcoin and Crypto-currency
Introduction to Bitcoin and Crypto-currency Introduction to Bitcoin and Crypto-currency
Introduction to Bitcoin and Crypto-currency
 
Blockchain 101 - public, tokenized blockchains
Blockchain 101 - public, tokenized blockchainsBlockchain 101 - public, tokenized blockchains
Blockchain 101 - public, tokenized blockchains
 
Crypto Presentation
Crypto PresentationCrypto Presentation
Crypto Presentation
 
Blockchain - Presentacion Betabeers Galicia 10/12/2014
Blockchain - Presentacion Betabeers Galicia 10/12/2014Blockchain - Presentacion Betabeers Galicia 10/12/2014
Blockchain - Presentacion Betabeers Galicia 10/12/2014
 
Introduction to Blockchain, Crypto and Public Relations
Introduction to Blockchain, Crypto and Public RelationsIntroduction to Blockchain, Crypto and Public Relations
Introduction to Blockchain, Crypto and Public Relations
 
Resource slides for blockchain related question
Resource slides for blockchain related questionResource slides for blockchain related question
Resource slides for blockchain related question
 
Bitcoin Transaction Malleability
Bitcoin Transaction MalleabilityBitcoin Transaction Malleability
Bitcoin Transaction Malleability
 

Kürzlich hochgeladen

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Kürzlich hochgeladen (20)

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 

A Blockchain Quest - Hacker House

  • 2. INTRODUCTIONS • Hacker Fantastic, Co-Founder Hacker House • Security training and professional services • Why listen? • Talk contains a live demo, participation optional.
  • 4. THIS ISN’T JUST ABOUT MONEY… • Blockchains are a new computer paradigm • De-centralized Trust • Peer-2-Peer • Privacy orientated • Secured with Cryptography • Censorship Resistant • Open World Order vs New World Order • Machine-Aided Consensus • Increased Connectivity • Decreased Overheads • Problem Solving Potential REVOLUTION
  • 6. RAMPANT FRAUD, US-SEC & MONEY LAUNDERING • ICO’s are dangerously misleading, often solving no real problem • Regulation tries to curb & control, questions legitimacy • Media hysteria, lack of understanding, misinformed old television & young facebook generations. #FAKEnews, Cambridge Analytica, feeds of ”Get Rich, Bitcoin” scams. Social capital. • Fools & their money are easily parted
  • 7. YOU ENTER THE TAVERN… • Quest through lifecycles of “Mining” • Proof-of-Work Puzzle Consensus Acceleration • Digital Design, Modelling & Simulations • Outputs
  • 8. EQUIP YOUR PARTY WISELY! • Electrical engineering primer is recommended, health & safety 101, electricity is serious business +1 • Know Ohms law, Watts, Amps, kWh, IC’s, Maker etc. • 1-10-100 mA rule, please avoid death! • Avoid fires by using proper rated wiring, for ALL PARTS OF INSTALLATION! Keep to 10A max per socket, don’t overload the ring!
  • 9.
  • 11. DEVELOPMENT BOARD • Terasic DE0-Nano Cyclone FPGA • < $100 22K LE FPGA board • Quartus II Version 13.0.1 Web Edition (Linux) • JTAG SignalTap II • Verilog design & JSON scripts for getWork (no stratum) • Hashrate 3-28MH/s (25 – 450MHz) https://github.com/cryptodashie/Open-Source-FPGA- Bitcoin-Miner
  • 12. FPGA – DIGITAL DESIGN & MODELLING
  • 13. FPGA PIPELINING & PERFORMANCE ENHANCING IO • Phase-locked Loop (PLL) • High speed I/O (GPIO++) • Fast data transfer • OVERCLOCK DANGEROUS
  • 14. FPGA OVERCLOCKING & WATER COOLING • 50MHz XTAL • 0-50 MHz (no cooling) • 50-200 MHz (fan/heatsink) • 200-450 MHz (water) • OVERCLOCK AT OWN RISK
  • 16. CHIP PLANNER BLOCK UTILIZATION
  • 17. FPGA PROGRAM DE0-NANO VIA FLASH LOADER
  • 18. SCALABLE R&D FOR PROOF-OF-WORK ALGORITHMS • Litecoin Core example available • Pokemon your own! • Keecak SHA-3? 1/2/3 from X11?
  • 20.
  • 21. MADE IN CHINA, HACKED IN UK!
  • 23.
  • 24. BEAGLECLONE – PARTIAL POPULATED BLACK PCB • L3+ / A3 / D3 model controllers • Angstorm Linux • Firmware easily dumped / downloaded • No code signing, trivial to mod • auth.minerlink.com remote manager “antbleed” • SSH / HTTP defaults ”root/root” “root/admin”
  • 25. HACKING BITCOIN MINERS • Shodan / Google Dork to identify miners • Easy strings “antMiner Configuration” realm • Exposed footprint has Pre-Auth information leaks • IP geolocate large remote mining farms
  • 26. BITMAIN FIRMWARE HACKING • https://github.com/cryptodashie/bitmain_hacking (reverse engineering data) • 1.5% DEV FEE (pool switching) • Blissz port cgminer-4.9 to cgminer-4.10 • Control individual boards in software, no need for hardware modifications (A++)
  • 28. INTERPLANETARY FILE SYSTEM (IPFS) http://ipfs.io/ (scan data) https://github.com/cryptodashie/ipfs
  • 29. HOSTS NEONAZIS, MALWARE, PORN, BLOGS...
  • 30. HARDWARE WALLETS • Hardware + Firmware • Supply chain attacks • All three platforms had recent patches, props Saleem Rashid! • Chrome WebUSB (?)
  • 31. WEB3.JS – ENUMERATION & PROMISE EXAMPLE Enumerate account details, interact with wallets or prompt unlocking….
  • 32. RISE OF THE CRYPTONIGHT JAVASCRIPT MINER • Cryptonight proof-of-work can mine Monero (XMR) • Replace captchas, adverts or monetize links • Very low profit returns, $0.1 (users adapt)
  • 33.
  • 35. MONERO-IN-THE-MIDDLE (XMR INJECTION) • Use of WiFi enabled embedded device • KARMA attack (hostapd-wpe) • PAYG Internet Connectivity via (4G) LTE • Supports multiple MITM modes of operation
  • 36. DEMO
  • 37. RECOMMENDED READING • Verilog by example - Blaine C. Readler • Mastering Bitcoin – Andreas Antonopoulos • Introducing Ethereum and Solidity - Chris Dannen
  • 38.
  • 39. Q&A? THANK YOU #COINFESTUK FOR LISTENING https://hacker.house