Who Are The Living Ghosts?

A living ghost is a 'disgusting' but perhaps accurate term applied to a person who has come to the UK to claim asylum and been unsuccessful http://www.church-poverty.org.uk/campaigns/li..

Once this happens, and if his/her appeal fails then there is an expectation that the individual will return voluntarily to his/her country of origin, and if this does not happen he or she will lose all access to public support i.e. no rights to accommodation, no rights to seek employment, no rights to claim government benefits, no rights to social care and the most basic rights to medical care.

In this situation, a person becomes virtually invisible hence the term 'Living Ghost'. Nobody really sees the living ghost except when crime is committed or when the housing shortage hits an all time high. This is the time when the living ghost is most noticed.

I have always found this to be particularly odd as the living ghost has no entitlement to housing and if he/she has no access to employment or benefits how is he/she meant to survive?

I have to say however, that the people I know in this situation have never been involved with the criminal justice system, in fact they are terrified of the police. In their countries, if you get arrested, you are usually out cold by the time you reach the patrol car or dead.

Now you might wonder how the hell a person in this situation actually manages to survive? How do they eat? Where do they sleep? Do they sleep? What happens if they become ill? and please don't forget that many people seeking asylum in the UK have often fled their own countries in fear for their lives, they may have been detained & tortured, raped or lost family members as a result of war, the list is endless.

It shouldn't be so difficult to survive though should it? I mean, they take our jobs (err sorry! no permission to work!) our houses (oops! no permission to access housing) Oh yes!! lets not forget our women because we really have no independent thought processes do we?

Taking into account the atrocities that some of these people have endured in their lives, is it not suprising that people do not return 'voluntarily'?

Now in many cases, the Home Office http://www.ukba.homeoffice.gov.uk/ do not deport people back home, why? because their countries are known to be unsafe, it's just their accounts of what happened that weren't believed.
So when this happens they are left destitute and are living on our streets, in our democratic country in the 21st century how disgusting is that?

Welcome To The United Kingdom!



Where's my vote?

Where's my vote?
People just want the right to choose their own government

Man holds a picture of his murdered friend

Man holds a picture of his murdered friend
Killed for speaking out against the corrupt Ahmadinejad regime
STOP EXECUTIONS IN IRAN!

According to the United Nations Convention Against Torture 1984, Article I, the term "torture" means any act by which severe pain or suffering, whether physical or mental, is intentionally inflicted on a person for such purposes as obtaining from him or a third person information or a confession, punishing him for an act he or a third person has committed or is suspected of having committed, or intimidating or coercing him or a third person, or for any reason based on discrimination of any kind, when such pain or suffering is inflicted by or at the instigation of or with the consent or acquiescence of a public official or other person acting in an official capacity. It does not include pain or suffering arising only from, inherent in or incidental to lawful sanctions.Iran is not signatory of Convention Against Torture but it doesn't give Iranian government any right to torture Iranians.

Surely Things Aren't Really That Bad Are They? Come on, What's for Tea?

Now before you sit down and eat, I'd like you to try a little exercise, anyone can join in and it will only take about 10 minutes maximum. It doesn't matter who you are, whether you are a council worker, a politician, the Prime Minister, homeless, destitute it really does not matter.
Just close your eyes for a moment and imagine this.......

You live in a beautiful country, lets say Iran to keep it simple. Things are hard but your country is amazing, beautiful buildings, warmth, the smell of home cooking and incense wafting by as you relax after a day's hard work. You have always struggled, never really fitted in because your father is Iranian and your Mother Kurdish but nevertheless that's part of life and there are mixed race people everywhere.
Suddenly you are jolted from your relaxation by banging on your door so you rush to see what the problem is.
It must have only taken a few seconds to reach the door but when you get there you see your elderly father being taken by military police handcuffed with a gun to his head.
You stare in horror and then being the eldest son you need to make sure your mum & sister are ok.
In your mum's room you see her crying on the bed and just as you are walking over to her your sister screams so you rush to her room but one soldier is still there so you can't do a thing except witness her rape and torture that seems to last a lifetime. Your mum knows whats happened and she is praying that she will die. Imagine that!
Imagine this is the 5th, 6th 7th or 8th time this has happened?
Your father, well you never saw him again after the first time, your sister could face execution for having sex before marriage and now who will marry her anyway?
Your Mother well she still wants to die but can't quite get there & you! are meant to protect them but you know the interrogators will be back for you because your're half Kurdish and you support independence for Kurdish people and they really don't like that.
Imagine that!! so you flee to protect your own life and also you feel that it may be easier on your family if you aren't there.
You don't know where you will end up when you smuggle yourself onto lorries, boats e.t.c or even if you will get to the other end alive but you do it....you are amazing imagine that!

This exercise wasn't made up, it was based upon real life history. A close friend of mine who I will call S experienced this and more on a regular basis. S is a man who was detained, raped and tortured systematically by the Iranian regime. Other examples include.......

Thousands face mass eviction from homes and market stalls in Zimbabwe
Up to 200 people from an informal settlement in the Harare suburb of Gunhill in Zimbabwe face being forcibly evicted without being given adequate notice or any consultation or due process. Thousands of vendors across Harare also face forcible removal from their market stalls. The majority of those to be affected are poor women whose principal source of livelihood is selling fruits, vegetables and other wares at market stalls like Mbare Musika and Mupedzanhamo in Harare.The Deputy Mayor of the Harare City Council stated in July 2009 that the city authorities are considering evicting people from "illegal settlements and market places to restore order." He claimed that the targeted people pose a health hazard and violate the city's by-laws.
www.hrw.org/ (Human Rights Watch 2009)


Iranian girl prisoners systematically raped before execution
The Iranian practice of raping girl prisoners before execution has been reported previously, but perhaps never with such clear documentation. "Progressives" who support this regime should keep it in mind. It is unlikely that there will be any investigation by the UN or a human rights group.

Ami Isseroff

'I wed Iranian girls before execution'
Jul. 19, 2009SABINA AMIDI, Special to The Jerusalem Post , THE JERUSALEM POST
In a shocking and unprecedented interview, directly exposing the inhumanity of Supreme Leader Ali Khamenei's religious regime in Iran, a serving member of the paramilitary Basiji militia has told this reporter of his role in suppressing opposition street protests in recent weeks.
He has also detailed aspects of his earlier service in the force, including his enforced participation in the rape of young Iranian girls prior to their execution.
He said he had been a highly regarded member of the force, and had so "impressed my superiors" that, at 18, "I was given the 'honor' to temporarily marry young girls before they were sentenced to death."
In the Islamic Republic it is illegal to execute a young woman, regardless of her crime, if she is a virgin, he explained. Therefore a "wedding" ceremony is conducted the night before the execution: The young girl is forced to have sexual intercourse with a prison guard - essentially raped by her "husband."
"I regret that, even though the marriages were legal," he said.
Why the regret, if the marriages were "legal?"
"Because," he went on, "I could tell that the girls were more afraid of their 'wedding' night than of the execution that awaited them in the morning. And they would always fight back, so we would have to put sleeping pills in their food. By morning the girls would have an empty expression; it seemed like they were ready or wanted to die.
"I remember hearing them cry and scream after [the rape] was over," he said. "I will never forget how this one girl clawed at her own face and neck with her finger nails afterwards. She had deep scratches all over her."

Still hungry?

Oh Mr. Brown! (Gordon) you are an exception enjoy your tea!

(THIS IS THE UNITED KINGDOM)

The United Kingdom is a Country of Democracy, Equality and Values the Protection of Human Rights.

So you have arrived in the United Kingdom tired, hungry, traumatised and dehydrated but nevertheless grateful to be in a country where you know you will not be executed..(there's a good start).

Despite your frail state however you manage with the help of an interpreter to complete a lengthy document stating your claim for asylum and why you were forced to flee your beautiful country with the wonderful history and the smell of home cooking e.t.c. for a country you know absolutely nothing about....You are amazing!

Asylum is given under the 1951 United Nations Convention Relating to the Status of Refugees http://www.asylumrights.org.uk/convention.htm.

To be recognised as a refugee, you must have left your country and be unable to go back because you have a well-founded fear of persecution because of your:
.race;
.religion;
.nationality;
.political opinion; or
.membership of a particular social group.

In 2007, 19 out of every 100 people who applied for asylum were recognised as refugees and given asylum.

Eventually you are offered accommodation with the support of NASS National Asylum Support Service (NASS) just until a decision is made about whether you will be granted leave to remain in the United Kingdom. You are also provided with vouchers so that you can eat.
www.asylumsupport.info/nass.htm

Things seem to be a little easier now and you can relax and recover from your ordeal in the knowledge that you will be safe but you can't look for a job to support yourself or access a house independently not yet! not until you become a British Citizen so you'll just have to hope for the best for now and wait until you get your UK leave to remain.

This means that it will be almost impossible to learn English Language at the moment because you don't really have the chance to mix in with British people as most of them congregate in places like 'Workplaces' or 'Housing Communities' all the places you can't go.

I guess you could go to social places like clubs or pubs but you don't have any money to do that and they don't accept vouchers sorry! but I guess you have freedom of choice don't you?




Beyond What is Visible

You were once a stranger to me but now I know you,
Not all of you, that could never be
Always a part of you that no one will ever see, not even me.

Once a stranger with beautiful brown eyes, the most beautiful eyes I have ever seen,
Eyes that felt nothing, no emotion nothing in between, this life and beyond.

We were once strangers but then we touched,
Not in the way some might think, not too much.
The touch we shared was deep and true,
Not physical but you did touch me and I did touch you.

You were once a stranger to me but now I know you,
Not all of you, that could never be.
Sometimes there's a moment when your eyes melt me,
So warm and compassionate, oh such a change in time, or is it?
Maybe I was blind.

We dont have words but thats fine,
I don't speak your language and you don't speak mine
But when you touched me I understood what you needed to say, it just needed time.




The Decision.........Dont worry!! Help is at hand. This is the United Kingdom.

So today is the day! the letter has arrived and with anticipation you open it.
You don't understand.............
You told the truth, explained why you had to flee your country, about the rape the torture why have they refused your application?
Why?
Quickly you must try and lodge an appeal against this decision.
The Home Office have stated that certain things are untrue or overstated but you know you told the truth.

You admit and acknowledge that when you lodged your claim, you were traumatised, tired, hungry and dehydrated and had travelled for thousands of miles in appalling conditions but you told the truth.
So you lodge your appeal and this fails too so what now?

Another letter arrives... you breath a sigh of relief as this could be to say that they made a mistake, they were wrong but no, its from NASS to say that in 28 days you must leave your home and return voluntarily to your country as you are now not permitted to remain in the UK. In 28 days time your vouchers will cease also.

So far you have managed alone with your memories of what happened to you and your family, tormented and unable to sleep you have paced the floor, even turned to alcohol which in your country is prohibited but you coped now its different. Who can you turn to? where can you get help when you don't even speak English?
Maybe the nurse in the hospital will understand as you wake up with both your wrists bandaged.

Relax! This is the United Kingdom there is always a way forward.

In the UK there is something called Section 4 support

Section 4 support

Applying for support

This page explains how you may qualify for short-term support if your application for asylum was unsuccessful, you are unable to return to the country you came from and would otherwise be homeless or without the money to buy food (we call this 'destitute').
If your asylum application has been rejected, you must return to your country of origin as soon as possible. However, you may be able to receive short-term support while you are waiting to return to your country. This is known as section 4 support because it is given under the terms of section 4 of the Immigration and Asylum Act 1999.
There are strict requirements you must meet in order to qualify for section 4 support. You must be destitute and satisfy one of the following requirements:
you are taking all reasonable steps to leave the United Kingdom or placing yourself in a position where you can do so;
you are unable to leave the United Kingdom because of a physical barrier to travel or for some other medical reason;
you are unable to leave the United Kingdom because the UK Border Agency believes there is no safe route available;
you have either applied for a judicial review of your asylum application in Scotland or applied for a judicial review of your asylum application in England, Wales or Northern Ireland and been given permission to proceed with it; or
accommodation is necessary to prevent a breach of your rights, within the meaning of the Human Rights Act 1998.

http://www.ukba.homeoffice.gov.uk/asylum/support/apply/section4/

So What is Section 4 all about?

Now Section 4 of The Asylum and Immigration Act 1999 is a magical piece of legislation put in place by the Home Office to help you so please trust them and do not listen to anyone who tells you otherwise.

Yes thats right! The Home Office were the people who looked at your asylum claim and refused it.

Lets take a closer look at Section 4 and what you must do to get it....

1- You must be willing to leave the UK and you must be putting yourself in a position to do so.

Oh but wait! you came to the UK fleeing for your life so this wont work.

2-You cannot leave the UK because you are unable to travel due to physical barriers.

Hmmm at the moment you are not registered as having these kinds of problems and even if you had, who would be aware of it? You have no access to anything and in any case you can't speak English.

3- you are unable to leave the United Kingdom because the UK Border Agency believes there is no safe route available;

Well your asylum claim was refused so the Home Office obviously believe it is safe.

4-
you have either applied for a judicial review of your asylum application in Scotland or applied for a judicial review of your asylum application in England, Wales or Northern Ireland and been given permission to proceed

Your asylum claim and appeal was refused (Not doing too well here)

5-
accommodation is necessary to prevent a breach of your rights, within the meaning of the Human Rights Act 1998.

Damn!! They just took your accommodation.

On a positive note, your local authority (The city where you live) know about this so they should help shouldn't they?
Let's hear what they have to say,and what they are planning to do about it..............

Home
About MCC Manchester
MCC Manchester News
News, events and activities in the life of the Metropolitan Community Church, Manchester (UK).
May 30, 2009
Support for refused asylum seekersPosted by Steve Gray under Social action Tags: , , , , Leave a Comment

Refused asylum seekers left destitute in the UK
Background information

No doubt you will have heard or read reports about how the UK is meant to be a “soft touch” for asylum seekers. Yet, in reality, the level of support provided to asylum seekers is far lower than that of income support and is usually withdrawn altogether if a claim is refused.

Many refused asylum seekers are, in fact, unable to return to their home countries due to the risks they would face because of, for example, armed conflicts, generalised violence and repressive regimes. As a result, many refused asylum seekers from countries where such problems are rife (including Zimbabwe, Iran, Iraq, Sudan, Afghanistan, Somalia, the Democratic Republic of Congo and Eritrea) are being forced into destitution, as they are not permitted to work here.

To make matters worse, it appears as though this could be part of a deliberate strategy on the part of the UK Government. Certainly, this is the view of the Joint Committee on Human Rights, which recently reviewed the treatment of asylum seekers in the UK and reached the following conclusion:

“We have been persuaded by the evidence that the Government has indeed been practising a deliberate policy of destitution of this highly vulnerable group.

We believe that the deliberate use of inhumane treatment is unacceptable. We have seen instances in all cases where the Government’s treatment of asylum seekers and refused asylum seekers falls below the requirements of the common law of humanity and of international human rights law”.
In light of this, we are calling on you to support the Still Human Still Here Campaign, which is fully endorsed by Amnesty International and many other reputable organisations (http://stillhumanstillhere.wordpress.com/).

The Still Human Still Here Campaign is dedicated to highlighting the plight of tens of thousands of refused asylum seekers who are destitute in the UK.

Supporters of the campaign believe that the denial of any means of subsistence to refused asylum seekers as a matter of government policy is both inhumane and ineffective.
Its supporters are calling on the Government to:
End the threat and use of destitution as a tool of Government policy against refused asylum seekers

Continue financial support and accommodation to refused asylum seekers as provided during the asylum process and grant permission to work until such a time as they have left the UK or have been granted leave to remain

Continue to provide full access to health care and education throughout the same period

What can I do?

We are asking you to write to your local MP in order to highlight the issue and ask for his or her support. Please feel free to use the model letter below (preferably adapting it, where possible) for this purpose. If you don’t know who your

MP is, you can find out at http://www.theyworkforyou.com/.

Then, all you need to do is send your letter (addressed to your own MP) to:
House of CommonsLondonSW1 0AA
If you receive a reply from your MP, please send a copy to The Human Rights Action Centre, 17-25 New Inn Yard, London, EC2A 3EA

Well, they have been persuaded so theres a good thing, but it looks like they are going to do absolutely nothing!



Please Don't Be The Next Living Ghost

The inspiration for this blog has been given to me by some truly amazing people who I have been fortunate to meet along life's journey. Unfortunately, although it would be an honour to use their full titles I am only able to identify them by initials.
Some of the mentioned people have fled their countries in fear of their lives, and some sadly did not make it.

I would like to take this opportunity to thank these people from the bottom of my heart for allowing me to be a part of their journey and for being courageous enough to come forward with their stories.

I hope that after visiting my blog you will share some of your own experiences and be proactive in writing letters and doing whatever it takes to make changes to the current asylum laws.

This can be done, it just takes time and determination and most of all a willingness to stand in unity.

S.M -A courageous and amazing man of Kurdish-Iranian origin. Having experienced torture & detention for political reasons he fled to the UK in fear for his life. This man has diagnosed Post Traumatic Stress Disorder and needs close monitoring due to five previous and serious suicide attempts. Initial asylum claim failed and now in the process of appeal. If returned to Iran he faces definite execution.
This man lives in Manchester England.

S.G.T- A courageous and amazing man of Kurdish Iranian origin, having fled his country for political reasons he still awaiting the outcome of his asylum claim to remain in the UK. A member of the PKK (Kurdish Independence Party) he will definitely face execution by hanging if returned.
This man lives in Manchester England.

S.H - A courageous and amazing Iranian man who fled Iran following his relationship with a girl of Jewish origin. The Basij police cut her throat in front of him and beat him so badly that he sustained a 7" scar on his head from a machete type blade (His father was one of Basij). In the UK he became a 'living ghost' and eventually returned to Iran as he could take no more pain and hopelessness from his destitute situation. He was subsequently executed by hanging, accused of espionage.

A.A -An amazing and couragious man who fled his home country of Iran because of political reasons. He is currently destitute on the streets of Manchester UK having failed his asylum application and appeal. He is now a living ghost.

F.A -Also a courageous and amazing man from Iran who was picked up and detained following a protest in the UK against the Ahmadinejad regime in his home country in which his family are stuck. This man faces deportation back to Iran where he is likely to be executed as an opposer of the Ahmadinejad government.
This man lives in Manchester England

A.R.Z -A courageous and amazing man from Afghanistan currently in the UK.
This man has his leave to remain in the United Kingdom but is so mentally affected by the atrocities and torture he endured in his country, he is unable to ever feel safe. He is dependent upon opium and living in Manchester England

M.M- A courageous and amazing young man of Iranian origin. Having fled his country because of sexuality reasons he came to the UK.
Homosexuality in Iran is punishable by the death penalty and his partner was hung at the age of just 23yrs.
This man failed in his application for asylum and in his appeal against the decision. He is now a living ghost in Manchester England.

M. An amazing and courageous young man from Eritrea who fled to the UK in fear for his life after all his family, mother, father, 2 brothers and his baby sister were slaughtered in front of his eyes by militia.
He escaped by hiding in a cupboard. He is awaiting the outcome of his appeal for asylum in the UK. He currently resides in accommodation provided by NASS due to his young age.

A.S An amazing and courageous man from Iran who has been deeply affected by the aftermath of the Iran Iraq war in which he served as a soldier. This man has serious mental health problems and the need for counselling but cannot access it having no access to support after his asylum claim and appeal were refused in the UK. Recently he stitched his own mouth and went on hunger strike just so someone would listen. He lives in Manchester.

MB, An amazing and Courageous Angolan man who was detained in Yarl's Wood with his 13-year-old son, was found hanged in a stairwell on the morning of his 35th birthday.
M's last words to his son were 'be brave, work hard, do well at school'

EN, An amazing and Courageous 26-year-old Zimbabwean man who was found drowned after his asylum claim and appeal to remain in the UK had failed.

HN-An amazing and Courageous man from Iran who was found with a gunshot wound two weeks after his asylum claim was refused.
H, was homosexual and fled Iran in March 2000 after being imprisoned for three months for his sexuality and sought sanctuary in the UK. He feared being executed if he was returned to Iran - where homosexuality is a 'crime' punishable by death.


Please Check out the following links and make a difference: Additionally, please contact me at:
morgana.1@hotmail.co.uk


http://stllhumanstillhere.wordpress.com/
http://www.church-poverty.org.uk/campaigns/li..
http://www.irr.org.uk/2005/september/ha000021.html
http://www.redcross.org.uk/.
http://www.torturecare.org.uk./
http://www.refugee-action.org.uk/manchester.
http://www.sareli.org.uk./
http://www.samaritans.org./
http://www.woodstreetmission.org.uk./

http://www.qva.org.uk/

http://www.immigrationboards.com


Sunday, 4 June 2023

Blockchain Exploitation Labs - Part 1 Smart Contract Re-Entrancy


Why/What Blockchain Exploitation?

In this blog series we will analyze blockchain vulnerabilities and exploit them ourselves in various lab and development environments. If you would like to stay up to date on new posts follow and subscribe to the following:
Twitter: @ficti0n
Youtube: https://www.youtube.com/c/ConsoleCowboys
URL: http://cclabs.io
          http://consolecowboys.com

As of late I have been un-naturally obsessed with blockchains and crypto currency. With that obsession comes the normal curiosity of "How do I hack this and steal all the monies?"

However, as usual I could not find any actual walk thorough or solid examples of actually exploiting real code live. Just theory and half way explained examples.

That question with labs is exactly what we are going to cover in this series, starting with the topic title above of Re-Entrancy attacks which allow an attacker to siphon out all of the money held within a smart contract, far beyond that of their own contribution to the contract.
This will be a lab based series and I will show you how to use demo the code within various test environments and local environments in order to perform and re-create each attacks for yourself.  

Note: As usual this is live ongoing research and info will be released as it is coded and exploited.

If you are bored of reading already and just want to watch videos for this info or are only here for the demos and labs check out the first set of videos in the series at the link below and skip to the relevant parts for you, otherwise lets get into it:


Background Info:

This is a bit of a harder topic to write about considering most of my audience are hackers not Ethereum developers or blockchain architects. So you may not know what a smart contract is nor how it is situated within the blockchain development model. So I am going to cover a little bit of context to help with understanding.  I will cover the bare minimum needed as an attacker.

A Standard Application Model:
  • In client server we generally have the following:
  • Front End - what the user sees (HTML Etc)
  • Server Side - code that handles business logic
  • Back End - Your database for example MySQL

A Decentralized Application Model:

Now with a Decentralized applications (DAPP) on the blockchain you have similar front end server side technology however
  • Smart contracts are your access into the blockchain.
  • Your smart contract is kind of like an API
  • Essentially DAPPs are Ethereum enabled applications using smart contracts as an API to the blockchain data ledger
  • DAPPs can be banking applications, wallets, video games etc.

A blockchain is a trust-less peer to peer decentralized database or ledger

The back-end is distributed across thousands of nodes in its entirety on each node. Meaning every single node has a Full "database" of information called a ledger.  The second difference is that this ledger is immutable, meaning once data goes in, data cannot be changed. This will come into play later in this discussion about smart contracts.

Consensus:

The blockchain of these decentralized ledgers is synchronized by a consensus mechanism you may be familiar with called "mining" or more accurately, proof of work or optionally Proof of stake.

Proof of stake is simply staking large sums of coins which are at risk of loss if one were to perform a malicious action while helping to perform consensus of data.   

Much like proof of stake, proof of work(mining) validates hashing calculations to come to a consensus but instead of loss of coins there is a loss of energy, which costs money, without reward if malicious actions were to take place.

Each block contains transactions from the transaction pool combined with a nonce that meets the difficulty requirements.  Once a block is found and accepted it places them on the blockchain in which more then half of the network must reach a consensus on. 

The point is that no central authority controls the nodes or can shut them down. Instead there is consensus from all nodes using either proof of work or proof of stake. They are spread across the whole world leaving a single centralized jurisdiction as an impossibility.

Things to Note: 

First Note: Immutability

  • So, the thing to note is that our smart contracts are located on the blockchain
  • And the blockchain is immutable
  • This means an Agile development model is not going to work once a contract is deployed.
  • This means that updates to contracts is next to impossible
  • All you can really do is create a kill-switch or fail safe functions to disable and execute some actions if something goes wrong before going permanently dormant.
  • If you don't include a kill switch the contract is open and available and you can't remove it

Second Note:  Code Is Open Source
  • Smart Contracts are generally open source
  • Which means people like ourselves are manually bug hunting smart contracts and running static analysis tools against smart contract code looking for bugs.

When issues are found the only course of action is:
  • Kill the current contract which stays on the blockchain
  • Then deploy a whole new version.
  • If there is no killSwitch the contract will be available forever.
Now I know what you're thinking, these things are ripe for exploitation.
And you would be correct based on the 3rd note


Third Note: Security in the development process is lacking
  • Many contracts and projects do not even think about and SDLC.
  • They rarely add penetration testing and vulnerability testing in the development stages if at all
  • At best there is a bug bounty before the release of their main-nets
  • Which usually get hacked to hell and delayed because of it.
  • Things are getting better but they are still behind the curve, as the technology is new and blockchain mostly developers and marketers.  Not hackers or security testers.


Forth Note:  Potential Data Exposure via Future Broken Crypto
  • If sensitive data is placed on the blockchain it is there forever
  • Which means that if a cryptographic algorithm is broken anything which is encrypted with that algorithm is now accessible
  • We all know that algorithms are eventually broken!
  • So its always advisable to keep sensitive data hashed for integrity on the blockchain but not actually stored on the blockchain directly


 Exploitation of Re-Entrancy Vulnerabilities:

With a bit of the background out of the way let's get into the first attack in this series.

Re-Entrancy attacks allow an attacker to create a re-cursive loop within a contract by having the contract call the target function rather than a single request from a  user. Instead the request comes from the attackers contract which does not let the target contracts execution complete until the tasks intended by the attacker are complete. Usually this task will be draining the money out of the contract until all of the money for every user is in the attackers account.

Example Scenario:

Let's say that you are using a bank and you have deposited 100 dollars into your bank account.  Now when you withdraw your money from your bank account the bank account first sends you 100 dollars before updating your account balance.

Well what if when you received your 100 dollars, it was sent to malicious code that called the withdraw function again not letting  the initial target deduct your balance ?

With this scenario you could then request 100 dollars, then request 100 again and you now have 200 dollars sent to you from the bank. But 50% of that money is not yours. It's from the whole collection of money that the bank is tasked to maintain for its accounts.

Ok that's pretty cool, but what if that was in a re-cursive loop that did not BREAK until all accounts at the bank were empty?  

That is Re-Entrancy in a nutshell.   So let's look at some code.

Example Target Code:


           function withdraw(uint withdrawAmount) public returns (uint) {
       
1.         require(withdrawAmount <= balances[msg.sender]);
2.         require(msg.sender.call.value(withdrawAmount)());

3.          balances[msg.sender] -= withdrawAmount;
4.          return balances[msg.sender];
        }

Line 1: Checks that you are only withdrawing the amount you have in your account or sends back an error.
Line 2: Sends your requested amount to the address the requested that withdrawal.
Line 3: Deducts the amount you withdrew from your account from your total balance.
Line 4. Simply returns your current balance.

Ok this all seems logical.. however the issue is in Line 2 - Line 3.   The balance is being sent back to you before the balance is deducted. So if you were to call this from a piece of code which just accepts anything which is sent to it, but then re-calls the withdraw function you have a problem as it never gets to Line 3 which deducts the balance from your total. This means that Line 1 will always have enough money to keep withdrawing.

Let's take a look at how we would do that:

Example Attacking Code:


          function attack() public payable {
1.           bankAddress.withdraw(amount);
         }

2.    function () public payable {
         
3.            if (address(bankAddress).balance >= amount) {
4.               bankAddress.withdraw(amount);
                }
}

Line 1: This function is calling the banks withdraw function with an amount less than the total in your account
Line 2: This second function is something called a fallback function. This function is used to accept payments that come into the contract when no function is specified. You will notice this function does not have a name but is set to payable.
Line 3:  This line is checking that the target accounts balance is greater than the amount being withdrawn.
Line 4:  Then again calling the withdraw function to continue the loop which will in turn be sent back to the fallback function and repeat lines over and over until the target contracts balance is less than the amount being requested.



Review the diagram above which shows the code paths between the target and attacking code. During this whole process the first code example from the withdraw function is only ever getting to lines 1-2 until the bank is drained of money. It never actually deducts your requested amount until the end when the full contract balance is lower then your withdraw amount. At this point it's too late and there is no money left in the contract.


Setting up a Lab Environment and coding your Attack:

Hopefully that all made sense. If you watch the videos associated with this blog you will see it all in action.  We will now analyze code of a simple smart contract banking application. We will interface with this contract via our own smart contract we code manually and turn into an exploit to take advantage of the vulnerability.

Download the target code from the following link:

Then lets open up an online ethereum development platform at the following link where we will begin analyzing and exploiting smart contracts in real time in the video below:

Coding your Exploit and Interfacing with a Contract Programmatically:

The rest of this blog will continue in the video below where we will  manually code an interface to a full smart contract and write an exploit to take advantage of a Re-Entrency Vulnerability:

 


Conclusion: 

In this smart contract exploit writing intro we showed a vulnerability that allowed for re entry to a contract in a recursive loop. We then manually created an exploit to take advantage of the vulnerability. This is just the beginning, as this series progresses you will see other types of vulnerabilities and have the ability to code and exploit them yourself.  On this journey through the decentralized world you will learn how to code and craft exploits in solidity using various development environments and test nets.
Related word
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)