Topic: Blockchain scripting contest (Read 2377 times)

It's likely that I will eventually; I usually wait until I'm done and bored with something though XD  I'll be finishing it up within the next week I think though, and turning it on for general scripts at least.  It's actually just about done, I just need to lock down a couple of things so people don't try to misuse it too much and add an interface for actually using it without manually typing in the URL.

Thank you for raising the awareness of Blockchain scripting.
Learning more has been added to my todo list.

Would you be able to release the source code behind this tool? The example on your site looks really neat and I'd love to have a play with it.

I've been working on a Bitcoin Script debugger in my free time, which might be quite useful for these if they continue.

As a teaser, here's the output when I fed it the answer to Stage 2 above:
Script Debugger Preview

It can parse scripts as strings or as hexadecimal bytes.  As you can see if you look at the URL, I just pasted in the script string with very minor changes (my syntax for pushing hexadecimal numbers is different).

I've disabled any other input URLs for the moment (this one exact script in the only one it will debug), because this isn't really ready for primetime yet, but I thought you folks might be interested anyway.

Will there be another contest? I'm looking forward to another challenge.

I plan to make another one or two rounds next week. I'll set them up in the upcoming weekend!

Fun idea, I just threw a few mBTC into the pot for the next round. I hope you keep this up, I must admit I wasn't fully aware of how Blockchain scripting works until now. Looking forward to see the next stage.

Solution for the 2nd stage

Please read the solution for the 1st stage if you haven't already

As before, the first thing to do is to understand what the scriptPubKey requires in order to be reclaimed. Let's see it:


So, the first thing it does is OP_DEPTH, that returns the number of entries in the stack and put it in the stack itself. that plus OP_1 and OP_NUMEQUAL make a test that returns true if the scriptSig (which get executed before) yelds a single value, false otherwise. The If....Else...End if block after tell us that this scriptPubKey can work in 2 different ways: the second one is a standard pay-to-address transaction script, which gets executed when the scriptSig gives the two variables needed by a signature verification: sig and pubkey. As the address associated with this method is the same used to fund the contest, it's safe to assume that the private key isn't pubblicly available, so this method isn't the one we'll use. Let's focus on the other verification subscript:


So this script starts with some data that gets pushed in the stack over the one provided by the scriptSig, only to be dropped right after by that OP_DROP. After that, the scriptSig gets hashed two times by RIPEMD160 and compared with a given hash. So, this script is asking for some data that, when double hashed with RIPEMD160, gives 9c864b8bb110c05cb9c77381ad5d6868f0fd9f9f. Now, back to the 6e616d... discarded data: why would someone add and drop random data to a transaction? Couldn't be that the hint we need to solve this? Why yes! I guess that anybody who ever worked with string and hexadecimal representation immediately noticed that all those bytes are in the 0x60-0x7A range, which are the a-z charaters in the ASCII table. By decoding it you get "name of nakakamoto". No, that "kaka" is just a typo of mine, no hidden messages. As we all know, the obvious solution to this riddle is "satoshi". To test this, we just have to hash that string two times with RIPEMD160 and check the hash. Be careful! Do not simply hash the string, then copy/paste the resulting hash and rehash it the same way, because you'd be doing an hash of the string representation, and not the hash of the actual binary data. To do this you need a tool that makes a difference between string and hexadecimal input data, like this one. Hashing first time gives this, and the second time gives this. Notice that the second RIPEMD160 hash is the same as in the scriptPubKey.

Now, since we know how to create a transaction with a custom scriptSig from the previous stage, the rest is trivial. Just build a transaction that spends the output ab149362ea4e119d2bc5211b35083c23ec41842af6bbc2ff3c5f1e55941199cc n=0 , and as scriptSig you just have to put the hexadecimal ASCII representation of the string "satoshi" which is "7361746f736869".

This script shows that it's possibile to have a txout reedemed by one out of different methods, leaving the claiming user the freedom to choose which one to use. It's even possibile to set up the script so that it automatically knows which method to use for the verification, basing on the format of the scriptSig.

I don't see any spoiler tag so just don't decode this if you want to find the solution on your own.


EDIT:
This time the transaction worked: https://blockchain.info/tx/734b82d72c7bcd862aabc4cdc3d8f192a40291e29a9331012b82a19c71562b04

Looks like we have a winner! 

Nice catch I was reencoding the hex ripemd-160, I have sent a trx and seems that eligius accepted it

There's only one way to correctly perform a double hash. You must keep in mind that what you get from an hash of a string is just binary data, usually in the form of an hexadecimal number.

Hint: use this service http://www.fileformat.info/tool/hash.htm

Well I give up I can not find the correct thing to hash, any variation I can think of (even hexed and/or sha-256ed) matches the expected output and I need to continue working.

I will check the answer when you make it public.

Yep, I noticed the typo. I just re-checked the solution, and it's fine. the encoding? Why do you think I put there an hint?  

@norbertVC

2 errors in your analysis: one is that, as pointed out by frisco, OP_NUMEQUAL removes the checked items. The other one is that OP_DROP is for that 6e616d... number, not for the 1 which doesn't even exist.

OP_NUMEQUAL removes the checked elements from the stack so it leaves you with
where X is 1 if scriptSig length is equal to 1 and 0 otherwise.

I try to, maybe you can help me with that.
Lets go through the scriptPubKey:

OP_DEPTH returns the amount of items on the stack.
I called it 'x':
OP_1 pushes 1 on the stack, so the stack currently looks like this:

Now OP_NUMEQUAL checks if the first two items are equal and pushes 1 on the stack if the are equal and 0 if they are not.
So they stack can  be now:
or:

The OP_IF executes the statement if the first stack item ist not 0 else the OP_ELSE statement gets executed.
And the OP_IF removes the input so our stack is now:
or:
Lets go way 1:
In the scriptPubKey they next "word" is 6e616d65206f66206e616b616b616d6f746f but I don't know what to do with that. Seems to be a hash..
OP_DROP removes they first item from the stack, so our stack is now:
OP_RIPEMD160 OP_RIPEMD160 hashes the input twice - so our only stack item "1" gets hashes twice and gets checked for equal..

That is what I've got until now - please teach me and explain me what are the hashes in the scriptPubKey.

Umm not sure how did you encoded de solution but the hint has a typo, maybe intended
And nice to have a failsafe this time.

The first step is to understand what the script does, not trying to brute force the solution  

I don't get it :/
Looked for every command in the wiki and played interpreter but the network rejects my input.

2nd stage

Funding transaction/output: 948aeca2003bf0bdc4f0dc7d61615d05010da8bca744dd9cfa12fb57e2540a2d, n=0

Claimable amount: 5 mBTC (remember to reserve at least 0.1mBTC for transaction fees or your transaction won't be confirmed!)

scriptPubKey to solve:


Difficulty level: medium

State: Claimed by frisco after about 2 hours link

Solution: https://bitcointalksearch.org/topic/m.5938343