Written by Michael Ira Krufky
As described in Wikipedia, a replay attack (also known as a playback attack) is a "form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and re-transmits it, possibly as part of a masquerade attack by IP packet substitution. This is one of the lower tier versions of a 'man in the middle attack.'"
Another way of describing such an attack is: "an attack on a security protocol using replay of messages from a different context into the intended (or original and expected) context, thereby fooling the honest participant(s) into thinking they have successfully completed the protocol run."[1]
A perfect example of a replay attack is as follows: You had lots of Ethereum Classic saved up in a wallet before the Callisto "airdrop" in March.[2] Now, your wallet is valid on both the Ethereum Classic and Callisto networks, and has coins on each.
A single ETC is worth more than a single CLO. (At least, such is the case today 🚀) Let's say that you want to keep your ETC where it is, and you want to send some CLO to a merchant or some other entity. You can send a transaction on the CLO network, and the CLO will arrive in the other wallet. However, if your transaction was signed and broadcast without using EIP-155 replay attack protection, the transaction could be replayed on the ETC network. The amount of CLO that you sent to the other entity's wallet will now also be missing from your ETC wallet. The ETC has been transferred to the other entity's wallet!
EIP-155 provides protection from such replay attacks by including the network chain ID in the signed transaction, preventing any unwanted losses as I have described here.
Okay, great. So, let's just always use this EIP-155 replay attack protection, right? Wrong. Sure, we should seek to use it, and I'm sure we all want to. Unfortunately, there is a bug in the current firmware implementation of the hardware wallets that only allows a single byte for transmission of the network chain ID. This single byte is not enough room to store Callisto's chain ID of 820. The current firmware can only safely support networks with a chain IDs of 255 or less.
Meanwhile, people had lots of Callisto locked away in hardware wallets after that "airdrop" in March. ClassicEtherWallet added a hack to allow signing transactions on the Callisto network without EIP-155 enabled, to unlock access to that CLO. In order to recover that CLO safely, one had to remove all of the ETC from the corresponding wallet on the Ethereum Classic network before sending out any CLO from that wallet ID.
There are "safe" ways to sign transactions without using EIP-155, but people can make mistakes. It's much better to prevent such mistakes from being possible.
Deep within the Ledger's firmware, a fix was applied to allow use of a full 32bit integer as the network chain ID. I have built an app for Callisto, based on this new firmware, that allows users to sign and broadcast transactions on the Callisto network as safely as with any other coin, using a Ledger Nano S hardware wallet.
In order to build the Callisto application for the Ledger Nano S, you will have to set up the proper build environment, as described in Ledger's official documentation: https://github.com/LedgerHQ/ledger-dev-doc/blob/master/source/userspace/getting_started.rst
After you have followed the instructions in Ledger's "Getting Started" document, you will have pointed the environment variable BOLOS_ENV to a directory containing the proper versions of GCC and Clang that you will have also downloaded and extracted. You will have to create a symbolic link (using ln -s) called clang-arm-fropi within your BOLOS_ENV pointing to the directory that Clang extracts to.
You will have cloned the nanos-secure-sdk repository and pointed an environment variable to it called, BOLOS_SDK
At this point, you must set up Ledger's python loader. Clone the repository from https://github.com/LedgerHQ/blue-loader-python and follow it's README.md.
In summary, you'll want to run the following commands within the blue-loader-python directory:
virtualenv ledger
source ledger/bin/activate
pip install ledgerblue
You probably won't have virtualenv installed, so you'll have to install it first, using apt-get, brew, pip, pip3, yum or some other package manager.
After you have blue-loader-python correctly going, you'll notice a new "(ledger)" decoration on your command prompt:
(ledger) mk@vujade:~/git/blue-loader-python$
At this point, you can now clone my blue-app-eth repository from https://github.com/EthereumCommonwealth/blue-app-eth.git
This build process requires that we build and install a version of the Ethereum application newer than the build that is currently out in production. In order to install this build properly, you will have to remove all applications from your Ledger, then install the new Ethereum app, followed by the new Callisto app. After doing so, then you can install any other applications that you require. Don't worry - this will not reset your seed. You will be able to reinstall your apps later, and the same wallet IDs will still be available in your Ledger. If the other applications are also for Ethereum based coins, such as Expanse or Ubiq, then build and install those applications using the same procedure described in this document for the Callisto app.
Within the blue-app-eth directory, you need a specific command for the build:
GLYPH_SRC_DIR=`pwd`/glyphs/ CHAIN=ethereum make -f Makefile.genericwallet
If you want to clean up the build (aka make clean):
GLYPH_SRC_DIR=`pwd`/glyphs/ CHAIN=ethereum make -f Makefile.genericwallet clean
After it is built, you can load it on your ledger using the next command:
GLYPH_SRC_DIR=`pwd`/glyphs/ CHAIN=ethereum make -f Makefile.genericwallet load
Remove it from your ledger using the next command:
GLYPH_SRC_DIR=`pwd`/glyphs/ CHAIN=ethereum make -f Makefile.genericwallet delete
You must install the Ethereum application before the Callisto application. Assuming that you have no applications installed on your Ledger, the build procedure is as follows:
GLYPH_SRC_DIR=`pwd`/glyphs/ CHAIN=ethereum make -f Makefile.genericwallet load
The Ledger will prompt for your PIN and authorization to load the new app. It will warn you that the app is not digitally signed - that's because you built it yourself rather than waiting for Ledger to ship it officially :-) Authorize the manager, and the new Ethereum app will be installed.
Next, proceed to build and install the Callisto application:
GLYPH_SRC_DIR=`pwd`/glyphs/ CHAIN=callisto make -f Makefile.genericwallet load
Likewise, you will have to authorize the installation of this newly built application.
And there you have it. A newly installed application that will allow you to sign transactions on the Callisto network as safely as any other network using EIP-155 replay attack protection using the ClassicEtherWallet web wallet.
Michael Ira Krufky is a Senior Systems Engineer at Vimeo in New York. He has been an active open source developer for years, contributing to projects such as nodejs/nan, video4linux, linux-dvb, linux-kernel, libdvbpsi and his own digital video capture and streaming middleware solution, dvbtee.
-
Malladi, Sreekanth. "On Preventing Replay Attacks on Security Protocols". oai.dtic.mil.
-
DeMichele, Thomas. "Everything you Need to Know About the Callisto Airdrop". cryptocurrencyfacts.com.