Tineola: Taking a Bite Out of Enterprise Blockchain

Video thumbnail (Frame 0) Video thumbnail (Frame 1729) Video thumbnail (Frame 2733) Video thumbnail (Frame 9524) Video thumbnail (Frame 10294) Video thumbnail (Frame 12863) Video thumbnail (Frame 15699) Video thumbnail (Frame 17331) Video thumbnail (Frame 25785) Video thumbnail (Frame 28248) Video thumbnail (Frame 29300) Video thumbnail (Frame 30237) Video thumbnail (Frame 32089) Video thumbnail (Frame 34160) Video thumbnail (Frame 35490) Video thumbnail (Frame 36868) Video thumbnail (Frame 37672) Video thumbnail (Frame 40694) Video thumbnail (Frame 42538) Video thumbnail (Frame 44893) Video thumbnail (Frame 47861) Video thumbnail (Frame 49060) Video thumbnail (Frame 50455) Video thumbnail (Frame 51328) Video thumbnail (Frame 53025) Video thumbnail (Frame 55263) Video thumbnail (Frame 56048) Video thumbnail (Frame 57578) Video thumbnail (Frame 59232)
Video in TIB AV-Portal: Tineola: Taking a Bite Out of Enterprise Blockchain

Formal Metadata

Tineola: Taking a Bite Out of Enterprise Blockchain
Attacking HyperLedger Fabric
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
Blockchain adaptation has reached a fever pitch, andthe community is late to the game of securing these platforms against attack. With the open source community enamored with the success of Ethereum, the enterprise community has been quietly building the next generation of distributed trustless applications on permissioned blockchain technologies. As of early 2018, an estimated half of these blockchain projects relied on the Hyperledger Fabric platform. In this talk we will discuss tools and techniques attackers can use to target Fabric. To this end we are demoing and releasing a new attack suite, Tineola, capable of performing network reconnaissance of a Hyperledger deployment, adding evil network peers to this deployment, using existing trusted peers for lateral network movement with reverse shells, and fuzzing application code deployed on Fabric. As George Orwell said: "Who controls the past controls the future. Who controls the present controls the past." This talk will demonstrate how a sufficiently armed red team can modify the blockchain past to control our digital future.
Injektivität Enterprise architecture Goodness of fit Enterprise architecture Inheritance (object-oriented programming) Multiplication sign Dew point Mass Drop (liquid) Computer worm
Group action INTEGRAL Direction (geometry) Multiplication sign Design by contract Insertion loss Mereology Information privacy Computer programming Formal language Software bug Mathematics Different (Kate Ryan album) Flag Software framework Data conversion Office suite Information security Physical system Vulnerability (computing) Graphics tablet Enterprise architecture Boss Corporation Block (periodic table) Hand fan Chain Right angle Game controller Enterprise architecture Rule of inference Lattice (order) Theory Field (computer science) Product (business) Degree (graph theory) Root Profil (magazine) Hacker (term) Green's function Gastropod shell Authorization Computing platform Computing platform Authentication Principal ideal Plastikkarte Cryptography Cartesian coordinate system Commitment scheme Software Blog Computing platform
Complex (psychology) Enterprise architecture Service (economics) Code Multiplication sign Virtual machine Design by contract Mereology Lattice (order) Twitter Product (business) Internetworking Computing platform Computing platform Physical system Exception handling Mobile Web Computer icon Default (computer science) Key (cryptography) Plastikkarte Cartesian coordinate system Demoscene Hypercube Mathematics Voting Integrated development environment Software Password Chain Order (biology) Dew point File archiver Computing platform Right angle Remote procedure call Block (periodic table) Resultant
Bytecode Mobile app Building Enterprise architecture State of matter Java applet Multiplication sign Design by contract Plastikkarte Lattice (order) Computer programming Mach's principle Different (Kate Ryan album) Chain code Computer network Encryption Computing platform Cuboid Software testing Mobile app Enterprise architecture Key (cryptography) Building Interface (computing) Data storage device Plastikkarte Cartesian coordinate system System call Hypercube Web application Process (computing) Commitment scheme Personal digital assistant Blog
Group action State of matter Code Multiplication sign Source code Set (mathematics) Design by contract Open set Client (computing) Function (mathematics) Fault-tolerant system Perspective (visual) Duality (mathematics) Mathematics Different (Kate Ryan album) Computer configuration Hypermedia Single-precision floating-point format Diagram Information security Physical system Scripting language Constraint (mathematics) Block (periodic table) Sound effect Database transaction Bit Public-key cryptography Demoscene Virtual machine Degree (graph theory) Hierarchy Type theory Category of being Process (computing) Order (biology) Chain Interface (computing) Self-organization output Right angle Figurate number Information security Point (geometry) Slide rule Asynchronous Transfer Mode Functional (mathematics) Open source Link (knot theory) Real number Dynamic random-access memory Rule of inference Field (computer science) Theory Power (physics) Revision control Broadcasting (networking) Chain code Business model Energy level Software testing Personal area network Default (computer science) Multiplication Validity (statistics) Key (cryptography) Demo (music) Sine Chemical equation State of matter High availability Database Hypercube Peer-to-peer Word Software Integrated development environment Logic Infinite conjugacy class property Computer network Video game Business model
Slide rule Mobile app Demo (music) Design by contract Planning Hand fan Front and back ends Web 2.0 Medical imaging Hacker (term) Internetworking Blog Videoconferencing
Server (computing) Code System administrator Boom (sailing) Client (computing) Content (media) Public key certificate Metadata Attribute grammar Linear subspace Ring (mathematics) Authorization File viewer Motion blur Cuboid Local ring Physical system Authentication Context awareness Default (computer science) Public key certificate Information Block (periodic table) Server (computing) Client (computing) Cartesian coordinate system Product (business) Hash function Password Right angle Identity management Electric current Session Initiation Protocol
User interface Service (economics) Computer file Block (periodic table) Relational database Multiplication sign Data storage device Information privacy Inclusion map Hash function Intrusion detection system Logic Chain code Password Architecture output Computer worm Right angle Pattern language Business model Information security Exception handling Chi-squared distribution
Rule of inference Default (computer science) Multiplication sign Code Login Web application Chain Connected space Mathematics Peer-to-peer Linear subspace Error message Software Chain code Order (biology) Chain
Spectrum (functional analysis) Functional (mathematics) Computer file Code Graphic design Parameter (computer programming) Linear subspace Chain code Intrusion detection system Query language Source code Computer worm Error message Window Computer icon Execution unit Dependent and independent variables Block (periodic table) Internet service provider Parameter (computer programming) Term (mathematics) System call Inclusion map Process (computing) Intrusion detection system Query language Contrast (vision) Function (mathematics) Order (biology) MiniDisc Hill differential equation Right angle Form (programming) Daylight saving time Spacetime
Web page Link (knot theory) Dependent and independent variables State of matter Multiplication sign Demo (music) Password Menu (computing) Limit (category theory) CAN bus Function (mathematics) Order (biology) Chain Source code Right angle Error message Chi-squared distribution
Vacuum Intel Functional (mathematics) Building Game controller Code Connectivity (graph theory) Open set Front and back ends Chain Mathematics Peer-to-peer Linear subspace Chain code Term (mathematics) Authorization Source code Computer worm Computing platform User interface Enterprise architecture Block (periodic table) Software developer Sampling (statistics) Shared memory Code Bit Representational state transfer Cartesian coordinate system System call Peer-to-peer Inclusion map Process (computing) Software Chain Self-organization Right angle Quicksort
Injektivität Slide rule Functional (mathematics) Dependent and independent variables Server (computing) Focus (optics) Injektivität Sampling (statistics) Port scanner Regular graph Cartesian coordinate system Statistics System call Number Formal language Chain code Repository (publishing) Chain Right angle Fiber bundle Proxy server Error message Writing Vulnerability (computing)
Key (cryptography) Moment (mathematics) Virtual machine Coroutine Port scanner Function (mathematics) Open set Doubling the cube Internetworking Query language Chain code String (computer science) Videoconferencing Fuzzy logic Right angle Error message Resultant
Point (geometry) Mobile app Injektivität Service (economics) Open source Code Pivot element Chain code Computer configuration Authorization Gastropod shell Vulnerability (computing) Key (cryptography) Shared memory Database Software maintenance Cartesian coordinate system Cross-site scripting Peer-to-peer Web application Type theory Software Infinite conjugacy class property Chain Self-organization Point cloud Right angle
Intel Greatest element Installation art Service (economics) Closed set Dependent and independent variables MIDI Boom (sailing) Database Electronic mailing list Open set Connected space Linear subspace Root Internetworking Single-precision floating-point format Source code Ranking Maize Computer-assisted translation Local ring Chinese remainder theorem Point cloud Execution unit Service (economics) Satellite Building Witt algebra Computer file Lemma (mathematics) Client (computing) Mereology Statistics Peer-to-peer Software Computer network Order (biology) Convex hull Right angle Gastropod shell
Authentication Default (computer science) Service (economics) Code Multiplication sign Sheaf (mathematics) Pivot element Word Software Password Computer network Business model Computing platform Configuration space Right angle
User interface Virtual machine Drop (liquid) Directory service Mereology Web application Chain code Personal digital assistant Password Gastropod shell Physical law Right angle Utility software Proxy server Reverse engineering
Point (geometry) Web page Default (computer science) Multiplication Design by contract Instance (computer science) Template (C++) Machine vision Revision control Peer-to-peer Data management Type theory Software Password Chain Design by contract Motion blur Cuboid Flag Convex hull Right angle Default (computer science)
Web page Spectrum (functional analysis) Linear subspace Intrusion detection system Chain code Multiplication sign Videoconferencing Source code
Personal identification number Key (cryptography) Twin prime Block (periodic table) Data storage device Set (mathematics) Design by contract Database Value-added network Area Peer-to-peer Inclusion map Type theory Order (biology) Linear subspace Hash function Bloch wave Chain Design by contract Flag Right angle Reading (process) Daylight saving time Data type
Trail Mobile app Context awareness Block (periodic table) Decimal Software developer Multiplication sign Bit Trigonometric functions Perspective (visual) Sound effect Chain code Chain Computing platform Information security Computing platform
so distorts by parsley and Stark and they can be talking about enterprise blockchain so let's give them a big welcome all right as this is this good can anyone hear me okay thank you if I start speaking too quickly please let me know that throw something at me because I do that and have an accent so it's hard to understand me so here we are at Def Con we are super excited it's my first time at Def Con first time speaking at any conference I mean it's super big everyone's hacking each other there are so many secret injection payloads going around even heal on mass drop by to break up the unions I'm so funny [Applause] so we have a great talk planned out for you and you say okay what does this enterprise blockchain thing has anything to do with the theme of Def Con which is surveillance so everyone is collecting data about you and this data will end up on the enterprise doctrine sooner or later so might as well you know look at these things and see what these are so
we have a great talk planned out for you the first part I'm gonna talk theory I know theory is boring but you will learn buzzwords after you go back home you go to an Indian profile add those buzzwords to it talk to a boss and ask for a raise I mean it works I mean my boss is there the second part my co-presenter will show you our tool we have created a tool to attack enterprise blockchain platforms and you will see things like defeating deep blockchain to commit insurance fraud and also root shells to smart contracts and take that etherium
so we all work at synopsys software integrity group there's four of us I'm par SIA I do application security I am a very rabid Goliath fan I love smart contracts and my superpower is they told me not to do this but my superpower is getting selected at the airport every single time you can see why so any-any time spent with me is not harassing you so you're welcome and my co-presenter is this schmuck who doesn't even like go hey guys my name is Stark I work with this schmuck okay anyway I came to blackhat last year for like the sixth time but I finally got to hear about block chains and smart contracts and I got interested because it sounded really easy to break and it turns out that it is our customers been talking to us about enterprise blockchain which is apparently different and I wanted to kind of move the conversation in that direction so here we are thank you thank you sorry so uh Travis and Kuhn are there they're our team members and they're all amazing I mean they speak like ten different languages between themselves it's amazing okay so we have our team together the first thing we did we started looking at the whole platform so we have public blog chains and then we have private productions or Enterprise one public blog chains are you know crypto currencies there are a lot of Aiko's all of them are scams so there we go get banned from the crypto crypto I'm sorry cryptocurrency village you should you should be careful not to say crypto as in cryptography because math green will come and like pummel you to death in the enterprise part is has been working very quietly if you have all been pointing and laughing at the latest John my coffee scam ribbit five wallet whatever it is in the enterprise port or three major camps it's been vulcanized and I've always wanted to say vulcanized there's hyper ledger there is enterprise system alliance and there is r3 now a lot of companies are invested into this I mean tech company is already there but they also change their JavaScript frameworks every three weeks so that's not surprising but there are other companies there are health care companies and your financial companies and financial companies are really hard to convince to do something new that means the senior leadership of these companies has seen something in these platforms so they're investing a lot of time and money into this and as I said before you would get sacked at the airport if the immigration officer didn't liked you what's gonna happen in two years is some pad to your smart contract is going to flag you before you even land and you get a pretty physical amazing right and this your health care is so the blockchain world is like this election candidate it says promises made and then promises kept right it says I am immutable which means I'm non hackable everything that gets on the ledgers or the blockchain stays there and they cannot change it so hackers cannot do anything it says I'm auditable which means you think you know what has act what has what has been put on the blockchain by whom and when you have tunable trust I will give you authorization controls and authentication controls you can give access to different groups of people and finally I will give you a program ability to smart contracts so we can codify the rules of the world into smart contracts which get there on the blockchain and cannot be modified so it will be an even playing field what happens in the promises kept part is of course very familiar none of them are kept the ledger is immutable ok we already knew that but that means that if fraud happens then your SFI L sorry for your loss your Bitcoin wallet gets hacked sorry for your loss but your bank cannot say that the same say the same to you right your your account is emptied you go to the bank the teller cannot laugh at you and say lol you're going to sue them another problem is they are not always mutable there are bugs and these bugs would make things different you write something to the chain and you're like ok that's it what happens in practice is there is some vulnerability out there and then something also written in the chain and then urs fil privacy is important before you put
anything on the ledger you should think really really hard because when when it goes there it's there forever it's like the internet right you can't go back and delete your old tweets because someone archive did and then gdpr comes along and you have to change things so if you commit usernames and passwords or credit cards or encryption keys to the chain then don't do that your ass FIF these platforms unfortunately as it is don't have enough throughput for real-world applications so what you're gonna do is
what they do is they sacrifice correctness for a speed instead of running your smart contract on all notes and comparing the results to run it on like one note and call it a day if that nose goes rogue then s fil the execution environment results are important I'm sorry I laugh a lot at my own jokes and the funniest person I know the execution environment ism is also important smart contracts are by default remote code execution as a service you're running someone else's code on your machine and you don't know what it is most of the time you don't know what it ends up doing so you need to be understanding you need to secure these things and then finally these platforms are super complex so every production system is a distributed network no jointly you need to you know make up for all of this so promises kept one great so in order to progress more into these scene we chose one platform so we chose hyper laser fabric it's part of the hyper laser ecosystem which is owned by the Linux Foundation with the exception that Linus is not yelling at you it's great it's written in goal and which is great everyone should write and go and it counts for roughly 50% of the deployments out there it's our observation if you've heard about this new mobile voting thing application it's based on hyper laser fabric so whether you like it or not your votes just gonna votes are going to end up them I know it's not important because we don't care about voting but we should so after that we choose is
guinea pig and guinea pigs are important because we learn by breaking things unless it's osep which case you you know pay someone this the application we have created this case is called the build blockchain insurance app and that's the name if you google for it you can find it it's your typical inch application it looks pretty slick and works most of the time there's a web application in front as a customer you go in buy something and then if something happens to it which is always will you will say I want to claim and submit a claim the insurance people go in and look at your claim and then if possible they will pass it to the cops because they want to get out of it anyway that's what insurance does and then finally everything goes to the repair shop the repair shop repairs it or doesn't and then gets paid and that's what happens so everything after this purple boxes is fabric so looking at this application we had simply had some questions so the first question is like how do we hack this thing the franchise web application and in this day and age it's not a solved problem but we know how to tackle these web application testing I mean everyone does it right you just pass it to burkas sorry and then but everything after that is opaque blog which is hyper laser fabrics so we created this tool that gives us insight into what's inside we can we can do things we will give you we will show you things you can do chels it's amazing I mean this thing is completely broken and then the second question was like okay we have this insurance application how do we hack it and they say follow the money so the only person who gets paid is a repair shop so we want to commit insurance fraud and that's what we're going to talk to you later and so we have this are you have our
platform we have our guinea pig first and then we need to learn about the platform and I'm sorry I'm boring you out but but the buzzwords are important so smart contracts and fabric are amazing I love them because your name chain code and you can also write them in goal and go is great you can also write them in nodejs or Java if you're an enterprise customer and it interacts with the ledger in a very simple manner there is a there's an interface called Shem and ledger is a key value store you just call get state pass the key get the value just called put state has a key you updated it works that the main difference between these smart contracts and the etherium smart contracts is that these are actual programs so instead of just interacting with the ledger through EVM byte code you can do other things like call HTTP api's spawn processes do encryption and decryption and all that things so it gives you great power but
with great power also we need to inhibit this power like these checks and balances thing that is supposedly there so you have what is called channels and these channels has its own ledger and on the channel each channel we can have multiple chain code one or more each chain code is only local to that Channel you can have a copies of the same Chango than different channels but they don't talk to each other and each chain code has its own internal database which reflects the values of the ledger and then what you do is you run something you update your your values and everything goes into some couchdb and then everything gets updated gets minted under GNU as a new block on the chain and everything comes back and updates your you cannot mess with other people's state DBS which is great now with that said I'm out of buzz words so what I'm going to do is I'm gonna pans pass the mantle to my friends who doesn't let go ok so a little bit more theory and then and then we'll hack something so to really understand the security model of hyper ledger fabric we need to discuss how things change on the network right so we have immutability guarantees but we can program it to change over time so the first step of one of these changes is we have a peer that's going to submit a proposal right so proposal just says invoke this chain code function take some inputs do something with it it's going to send it to one or more endorsing peers these are just members of the network who have the chain code itself so step two they're gonna actually execute the chain code right so they're gonna do something with the goaline code it's can generate some output that output is called an endorsement so an endorsement is a group of all the key values that they read from written too it's called the readwrite set it's going to sign it with its private key and then it's going to submit it back to the peer the peer collects all the endorsements from all the notes that it sent it out to and forwards that along to a special peer called the orderer so everything up until this point is really arbitrary right so we could have sent garbage data in and the endorsing peers could have sent garbage data back to us the orders job is to enforce some rules about this data so at a high level it performs three types of validation so the first type of validation is ensuring that all of the endorsements match all the reads and write sets match each other so that the peers don't disagree on what's actually happening the second step is to ensure that we meet some endorsement policy so policy can be set up to have maybe three out of five peers on the network agree to a transition right and then the third type of validation is to ensure that we don't have conflicts with previous transactions so the order does all this logic by itself and at the end of the day if it validates it it creates a new block it mints that block puts its private key on it says this is now a valid set of transactions and broadcasts it to all the other peers on the network at this point we consider the global state of the network to have changed every peer will now know the new values of every key in the data set and we've completely updated everybody so that's cool we want to get there we want to bypass some of that logic that might be enforcing constraints so there are a few suspects in just this diagram right a few things that we can latch on to and talk about from a security perspective first on the far right we have the endorsers so we consider the endorsement policy to be a style of optional Byzantine fault tolerance so for those of you who didn't get a master's degree I think is the only place I learned about this in school was we have to do networks with lots of different people they're gonna disagree with each other they're gonna lie they're gonna cheat we need to figure out a way to equalize the playing field figure out who's lying who's cheating and just ignore but if we have this style of endorsement policy where we can choose what level of validation we do then we've dropped our guarantee down to an optional level so we lose that guarantee from open chains like aetherium or Bitcoin where all piers must be endorsing every transaction and in fact by default in hyper ledger fabric the endorsement policy's just one pier so if you don't set one up anyone can say anything and the order will trust it it's not great so on the Left we have the order that's an orange the order er is ending up as a single point of failure for the whole system so every transaction is going to go through this order now there might be multiple orders right you might have high availability but it's still a single set of organizational organization within the network so it's a single set of peers who are now party to every transaction on every channel so that is completely non fault tolerant by this definition and in the middle we have the client so the clients got an interesting property where it can transmit requests to be or to be endorsed by endorsing peers without sending them for ordering so it can cache and hold on to these things and maybe submit them later or choose not to submit them at all and if our tank code has side effects which you can since it's just our Batory goal and code it can do anything then this may have some very interesting properties in a real life system so it's for writing code or auditing a system we have to keep the side effects in mind for the effects of a peer that's not really performing what we expect on the network so at this
point we're completely done with theory and I get to introduce our tool so when we first got started with fabric we did a lot of getting started with it we set up dev environments we built threat models we built some quick scripts to hack it and kind of figure out what it's doing behind the scenes and we decided to package all of this up and release it as open source code so it's called ty NOLA and it's built by red teamers for red teamers so if you're doing a penetration test or if you're doing a source code review in a live environment this tool is going to let you see what's going on and try to interface with it more efficiently it is on github I have a link at the end of the slides so you guys have to stick but we have our white paper up on there as well it talks about everything we're doing here if you want to share with your friends okay so we're done with theory completely let's let's talk about our demos or our attacks so from now on my name is Tom I work for the repair shop work and we just signed up for this block chain thing and I don't think it's as secure as all of the media headlines say and I want to do insurance fraud and I have access to my own peer because I'm a member of this network as working for the repair shop so I want to see what my peer can do and maybe I can get some ideas on how to how to perform some fraud my initial idea was okay what if somebody bought an item got some insurance contract and then they submitted it for repair but it's not actually broken right and then I get the contract to repair it and then I repair it right and then they pay me to repair it was perfect I just get cash it's great idea so let's let's see how like we could do this so you may be asking
about the slides so we we sent this deck to our marketing department and ask them to spice it up and they came back with those stock images that you see in the blog posts for the hacker and the black loves is like picking locks and stuff and I we weren't a fan so we sent it back and they gave us this deck because they're like people on the internet like animals and these decks have animals so you're welcome okay let's let's do a video demo because I didn't I didn't pray to the demo go sufficiently okay so to get started we're just gonna watch Carol Carol is gonna be our scapegoat because she's gonna buy an item and
we're gonna do some fraud on that item so she's buying a bike here this is the insurance app that we're hacking right it's got a web front-end she's currently on the shop pier where you can buy items new you see she's feeling out her information and at the end of this she's gonna get a contract and like I said my plan is to just fraudulently submit a repair claim on the contract should be
pretty simple right but let's find out how we're supposed to do that so we click through we buy this very expensive
bike and then boom we get a password in plain text so we can tell this is following all the best practices this is example
code guys people copy and paste this stuff anyway so this is ty NOLA it's a JavaScript application that runs on the command line and so it has some commands so first I'm going to connect up to my certificate authority server and authenticate I'm gonna use the default administrative credential which is admin admin PW again it's in all of the examples it's great so I log in I'm in but I want to know what's going on in here so the first thing I do is I asked the certificate authority what are all the users on this box and it goes well you got the admin client but that's it right so I'm the only person here I mean it's got some attributes that tell me what I can do on the system it's pretty nifty and the next step I might ask okay so let's connect to my peer right so I'm connecting out to the repair shop endpoint I'm connected I might say give me some metadata about this peer so what channels are connected to we've only got one channel it's the default channel so I connect up to that and then I might say okay give me some metadata about the channel so I asked for a channel info and it gives me some hash values but what's important here is the height right so that tells me how many blocks exist on this channel so that's great so I know there's 11 blocks I'm just gonna ask for the last five right so I do
channel history 5 I see the last five blocks that hit this check this channel so right there in block 10 that's that's Carol right and there's her password right there in plain text so that's that's pretty nifty so I've got the password I'll discuss this in a moment but we're just gonna take that password back to the web interface throw it in
yeah this is okay this is me Here I am I'm gonna go over to the claim self-service throwing the password and file that claim so why was that data there well it turns
out that the blockchain needs a bunch of data to do its thing right business logic is complicated needs inputs and so although storing maybe plaintext passwords on the blockchain is not great you know it chain code often needs private data to operate it's just we need to do business here right but if we think about it that particular value this password it's gonna go on repeat ISM that particular value wasn't needed by anybody except for Carol and the insurance company so that's a perfect case for like what a relational database right we store hash passwords in MySQL all the time maybe we should be doing that so we see storage of private data on blockchain as a major security risk and not using in conjunction with relational databases is just an architectural anti pattern okay so we've
got through what we can see on the network now that we can see it let's let's play with it right what can we do with it well it turns out that it turns out that
that I've made a mistake and that if I go to my repair shop here I don't have any repair order so what happened and it occurs to me that the insurance companies to approve this repair order
and I don't work for the insurance company I don't have logins there so let's see if we can just bypass the web app completely and just invoke stuff on the chain itself so I'm gonna connect back to that default channel just like I did before I'm gonna connect to an order er this time so now I have the capability of making changes to the network and I'm gonna just do a channel history command again because I don't know how to interact with this chain code yet I'm gonna think about it for a
while there we go so here we are and these are all the last blocks so up in block seven is a claim process command so it turns out this is the command that this chain code uses to approve a repair request and it takes some uu IDs and down in block 11 was the most recent claim file command which is my fraudulent claim so I could just like transplant the uu IDs into that previous function call right that should work so I'm gonna use ty Nola's channel query CC
command I'll tell it to do a claim process function call masae I'm gonna
use one argument and I'm just gonna paste in this JSON blob I've already replaced the uu IDs here I'm gonna hit enter so this first one is a dry rot I just want to make sure this actually works so I'm not gonna order it I'm just gonna tell the endorsing peer go go make sure this works so I get a blank response turns out this chain code doesn't actually do anything with the return code it just returns blank but I didn't get an error which means I'm running out of disk space no no so
anyway I'm gonna I'm gonna do it again with the - - invoke since it did an error the first time and this this tells hen Ella go go order it so I began no error I I think I might have changed the
state of the blockchain so I'm gonna refresh the page and we have modified the blockchain folks ok cool so what
does it actually look like right like we can go asked Enola to show us what the
chain history looks like so again I'm just gonna use the channel history command so we can see what this what
happened so in there in block 13 we see or excuse me block 12 was our fraudulent claim process that was me submitting this is a function call that's only ever done by the insurance peer but we can see in column 3 the Creator column it's the repair shop organization who invoked that function call so the lesson learned
right enterprise watch chain these fabric and quorum and these other platforms they refer to themselves as permissioned block chains to differentiate themselves from open block chains like Bitcoin or aetherium where anybody can join I don't like using that term because I feel like it's a it's a big misnomer and it gives the wrong impression to chain code developers the thing is that chain code itself isn't permissioned you have to make it permissions just access to the network is being blocked so what does that mean it means that since we're building a network ideally of mutually competing parties that's the value of blockchain bringing together people who don't trust each other to share things and data and encode since we don't trust everybody else I can make this go away can't okay so we don't trust these other people we have to put authorization controls into our chenko we have to do it explicitly okay this code doesn't do it explicitly right so all the samples none of them do authorization that's great we're gonna there we go so we're gonna take a bit of a detour then we're gonna talk what we can do with just this invocation step right so the blockchain doesn't operate by itself it's not in a vacuum block changes almost always have some sort of front-end component may that be a REST API or soap API or a web interface like in this example it doesn't matter there's some front-end that's processing the data from the chain so we asked ourselves can we attack that front-end from the chain can we use the chain to attack that other front-end application it turns out yeah
definitely so we have an idea so we built a nola with an HTTP proxy in it
and so whenever you post tooten Ola 10 Ola will turn that into a chain code command and invoking on the chain so on the right I'm using burp it's just a regular application scanner and I'm just gonna demonstrate that I can invoke this function call directly now before I show that I'm gonna hop back over to my
slides so we can see what's about to happen so here this is from the fabric samples repository very it's an official repository that shows how to write chain code and we have a trivial JSON injection vulnerability due to string concatenation this is really disappointing because the big thing with go is that you can make JSON in the language it supports it so whatever you know it's fine but let's see like somebody's gonna read this data right like there's a reason we're formatting in this JSON because there's gonna be a server that takes this error message and puts it someplace right and we could see even the JSON response data for a regular response is the same way that it just happens to be secure because they're doing some because the data they're pulling out is always a number but don't worry about that we'll focus on this one first so let's see what this
looks like so first I need to tell burp to use localhost that's where my port is open don't worry doesn't open a port on your machine to the Internet it's local hosts we'll tell it to chain code example Oh - that's the that's the name of the chain code that we're tacking we're using the query command then we're gonna fill in an account value that I happens to know exists so on the right we get a CB 200 okay it does exist we get the chain code output as a result so we can use HTTP to interact with the chain codes it's pretty helpful let's try and let's try an account that doesn't exist to count one two three four does not exists we get this error message and we see it's you know concatenate in the name right in there so we can try playing with it by hand first just to you know demonstrate for the video that it does concatenate so I'm just gonna you know break out of this string with an escaped double quote I'm just gonna add a second key just to just to show that it works put in a spiffy emoji there we had to go okay so we see it that works right so we get a should be 500 because it's throwing an error but the error message itself has a JSON rejection but we can use any of the features of birth through ten Ola right so we could use intruder or we can use scanner so I'm just gonna demonstrate scanner on the left in a moment you're just going to see it scroll by as the scanner tries all these insane permian tations of fuzzing so the nice thing is like I didn't want to write my own fuzzer because fuzzing is hard so whatever fuzzing routines you guys
are already using emojis whatever fuzzing routines are already using will work with tai novo you just as long as
it speaks HTTP you can you can use single again this is not targeting chain code right we're not targeting this code itself we're targeting whatever's ingesting the data from the chain because there will be upstream applications that take this data and do something with it so we might find cross-site scripting vulnerabilities in a web app that displays data that's getting pulled from the chain why does this matter well unlike databases which you hold the keys to and there's a password on and only you can access it the whole point of the chain code is to share the data right so you're sharing it with partners or with competitors and they have access to modify the chain so you can't trust the data coming in from the chain itself so we've got to escape or validate or sanitize or whatever you're gonna do with the data you're bringing out of of fabric okay so back to the insurance app so I've uh I'm pretty comfortable with invoking stuff on the chain code we figure out authorization doesn't exist I can attack this chain code all day now this is lovely but I've got bigger aspirations so it turns out that my organization is using cloud hosting blockchain as a service type deployment and it's really hard for me to interact with the other peers because I just have a single endpoint that I can hit that hits my peer but I can't see the other peers I can't see their internal network there might be network services hiding in there so I want to I want to pivot through my peer right so how does this work right so chain codes running as a container okay docker container and it's arbitrary code so I should be able to write some arbitrary code that runs to the maintainer that gives me a shell or something right so ten Ola ships with 1000 cc our proprietary chain code that's open source anyway so title SEC has pivoting options for it so let's see what that looks like here we are so on
the right I'm gonna start just a net cat listener on three one three three seven and on the left I'm gonna use the tannot Lachelle command give it my IP and port and do Who am I and boom root there we go easy but we're in a container right what can we do in the container this is a bunch of container so I can use apt to install things this is nice if it doesn't have internet access you can drop things using the ten Ola HTTP dropper that works but either way we're gonna get end up on here and I want to use that to scan the network because I think there might be network services in here I'm gonna scan the private network that I know that the peers are on and I'm gonna give it the standard ports that fabric uses so there's two gr PC
ports that the peer uses an HTTP port that's for the order ER and couchdb so this bottom one here is the order it's got one port open it's just a single gr PC port and then we have four other peers who are listening on gr PC HTTP and ouch dB okay so about this right so
there's not a whole lot you can do to stop this it turns out fabric was built to run arbitrary code it's just what it does so if your Sprunt model includes piers being compromised which it always should because people get compromised all the time you have to account for this right you have to be aware that the network is not partitioned completely and that a pier will always be able to communicate on whatever private networks it's located on so even if you have a blockchain as a service platform this is still something to think about so for
those of you who are familiar with CouchDB this attack may be obvious but CouchDB doesn't use authentication by default and yesterday I was trolling through the most up-to-date fabric documentation and they're using CouchDB section doesn't even use the word password in it this is very disappointing they do have it in their configuration section like couch TV configuration how to like customize it and everything but you know who's customizing their deployments they're just like copy and pasting code off github come on so what does this look like like what can we do with modifying
couchdb let's take a look so I'm gonna
pick a value in the web app that cannot be changed so this is theft insured column and I've picked this not included thing and it turns out there's simply no chain code that ever modifies this value once this value has been set it's set forever okay it's part of a JSON document but there's there's no way - there are no way to change it using chain code but I'm gonna use the 1000s SH proxy command on the left this does a reverse ssh proxy back to my machine and opens up a port that points to in this case the insurance apps couchdb port and CouchDB comes with a beautiful web interface and if there's no password on it it just like drops you to a readwrite shell so that's pretty sweet so on the right I can see it's it's loading some JSON and then I go to the slash underscore utils directory and we have this beautiful web interface this is all the channels the chenko that's installed the machine we can see everything I'm gonna maximize it because it's kind of harder to read this make it big come on here we go and there's the
contract type so this is the value that we want to modify they're stuffed in shirt it's false I'm just gonna change it to true in hit save right so at this
point the insurance appear I I'm not a member of the insurance company I can't
normally talk to this peer has modified itself to save left insured is present right so we've modified this peers vision of the network we've not transacted anything there's no evidence of this on the chain just this one peer thinks that this value is true to demonstrate this we can hop over to the shop appear so the shop here runs its own stack and its own CouchDB instance and it's version of the network will be slightly different because we haven't attacked this one yet so I'll just show you here here it is it's the same contract the theft ensured box is not checked yet so we haven't you know we have conflict between multiple peers so I've got an idea right so I could attack the shop here as well in the same way but maybe they were clever maybe they've got passwords that right but what if what if we could propagate it right so we're using the default endorsement policy just one peer needs to be compromised to affect the rest of the network so I'm just gonna disable and re-enable this contract so that's all I'm doing here I disabled it now I'm gonna hit an able again Doon okay I'm gonna refresh this page and it turns out it read the JSON modified the enabled flag and then wrote it back with the tainted value so it's still still there
but this time I'm gonna go over to the shop here I'm gonna refresh the page and then go up and look it's checked so we've propagated a value the chain code says can never be changed by messing with CouchDB due to a poor it in
a poor endorsement policy so we'll go over to ty NOLA to see what what
happened and this is
not even the right what's going on this video here we go
so we'll go over to ten Ola and say hey 1000 what happened like show me the channel history of what what just happened and these are the only two blocks that were written okay it's a contract type set active and instead of active false in the neck picture that's it no trace of this theft insureds like changing but we can really dig into it right so I mentioned read wide sets so a while back let's take a look at what those look like so here's the read right
set so in green we see this contract type that we modified was read from the database and then we see it was written back and you see the whole JSON documents there so that's how JSON documents work in a key value store you can't just modify a sub value in CouchDB you got to write back the whole thing and we can see I'm gonna highlight it a second that the theft ensured flag is tainted right there it is stuffs insured true so we've got a endorsed right set with our tainted data written back to the chain now all the peers trust it and that's how we break it
sweet okay so we've talked about a bunch of things right so to wrap up we've got fabric it's a brand new platform no one knows how it works from a security perspective but I think at least about a hundred million dollars from what I understand has been pumped into this thing either the development of the platform itself or development of apps on top of it it's huge it's coming your data will be on the blockchain very soon we need to know about these problems because the developers of the platform they're aware of these things but it's hard to fix a lot of them they're architectural or they're they're just a lot of it is chain code needs to be better right and so until we get the platforms to be better we need to write our chain code better we need to make awareness of these problems bigger there's so many cryptocurrency talks now I can't keep track of them all but I haven't heard anyone bring this up so we need to be talking about this more and I'm just got to start screaming about block chains now so I'm almost out okay well okay so
everything you've seen is open source please go get it we've got it on github it's fresh I committed it like 20 minutes before I came out here we've got a white paper on there it explains everything we wanted to say here but we didn't have time so I think we have a little bit of time I lost track with my good so if there are any questions I'm more than happy to take them now if we have time or I'll be around I've got five minutes so I can take like two questions there's a mic in the middle thank you guys this was awesome [Applause]