Solve Me — DownUnderCTF 2022

CTF EVENT: DownUnderCTF 2022

DIFFICULTY : Easy

CATEGORY: blockchain

POINTS: 50

INTRODUCTION:

Long time no see my friend!

A few weeks ago, I started learning blockchain and when I saw that they added some blockchain challenges this year. So, I decided to give it a try.

This is an “easy” challenge, but I will try to put as many details as I can in this writeup.

Enjoy!

CHALLENGE:

The challenge gives us all the information about the http provider, source code of the smart contract, our address, our private key, our balance, the port number, the chain id and the smart contract address. See print below:

main challenge page
/challenge info page
/challenge/solve page
Smart Contract source code

The first thing that we need to understand is the smart contract source code. Looking at the source code, we identify:

· The name of the contract: SolveMe

· A Boolean set as “false

· A function called “solveChallenge() which is set as “external” (important information !!!). When executed this function, it changes the Boolean to “true”. (by the way, this is the goal of the challenge)

The “external” set in the function means that an external person (in this case us) can execute this function.

The challenge says that we need to “call” this function. However, we need to differentiate what it means when dealing with a blockchain.

At a high-level, there are two ways to interact with a blockchain:

1. Using the call() function, where we will only “view” the information saved in the blockchain

2. Using the buildTransaction() function, where we will make changes in the blockchain.

If we use the call() function to call the function solveChallenge, it will only view the function and won’t change the state of the blockchain. However, we need to call this function to change the state of the blockchain (to set the Boolean to “true”). Therefore, we will need to use the function buildTransaction().

As the function’s name already says, “buildTransaction”, we will need to build a transaction from scratch.

To build the transaction, I created a python script using the web3 library.

The script looks like this:

Please find the full script and requirements.txt on my GitHub.

As soon as we ran this script, we changed the state of the blockchain. Now we go to the page /challenge/solve and find the flag.

Flag

CONCLUSION:

It was a great challenge. This challenge helps us to understand a basic smart contract, how to connect to the blockchain and how to interact with it.

I hope DownUnder will keep creating challenges like that one in the future. Great job guys!

I hope that my write-up helped you to understand better all the aspects of this challenge. If you want to read more writeups like this one or have any questions, you can find me on Twitter @dropn0w.

Stay curious and keep learning!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store