Categories: Fin-Tech Tool Box

Fuzzing Bitcoin with the Defensics SDK, part 1: Create your network

Click here to view original web page at www.synopsys.com

This is the first of two articles that describe how to use the Defensics SDK to fuzz Bitcoin software. Specifically, you will learn how to model one of the Bitcoin protocol messages and use the Defensics SDK to perform fuzzing on the bitcoind process.

This is an advanced technical tutorial, and you will need some background knowledge:

  • You should understand fuzz testing. For a high-level introduction, read What is Fuzzing? The Poet, the Courier, and the Oracle.
  • You should understand the Defensics SDK and its basic use. At the very least, you should have read the Defensics SDK Developer Guide.
  • You should be comfortable with virtual machines and Docker containers.
  • You should have some knowledge of using Wireshark to examine network protocols.
  • Knowledge of Bitcoin would be helpful, but is not essential. I’ll provide a brief introduction here.

This article shows how to set up a test bed with the bitcoind binaries and Wireshark. The next article describes how to model Bitcoin protocol messages using the Defensics SDK, and ultimately how to perform fuzzing on bitcoind using the Defensics SDK.

What is the Defensics SDK?

Defensics is a generational fuzz testing platform with over 250 test suites for a wide variety of network protocols and file formats.

The Defensics SDK gives you the ability to create your own test suites, which unleashes the full power of Defensics on any protocol or file format you wish. All you need to do is provide a data model. You can then create a full-fledged Defensics test suite and leverage the powerful generational test case engine as well as all the other features provided by the Defensics platform.

What is Bitcoin?

Bitcoin is a cryptocurrency, which means it is a currency supported by the mathematics of cryptography. Instead of being centrally managed, as government currencies are, a cryptocurrency is managed by the community, using a peer-to-peer network. Bitcoin and other cryptocurrencies are based on a blockchain, which is a list of all transactions. All peers in the network have a copy of the blockchain, which is cryptographically protected from tampering. The peers in the network use algorithms to agree on adding new transactions to the blockchain, allowing the entire network to come to a consensus about transactions without having to trust each other.

Cryptocurrencies are relatively new. Bitcoin was the first and was introduced in 2007. Despite the relatively experimental nature of these currencies, significant value is invested in them. As of mid-September 2018, the market capitalization of Bitcoin is about $112 billion.

For this article, you don’t need to know too many details about Bitcoin or any other protocol. All you really need to know is that Bitcoin peers run a process called bitcoind. The peers in the network exchange information using the Bitcoin network protocol.

Test bed architecture

The first step in fuzzing bitcoind is to create a test bed, a safe place where you can perform fuzzing without hurting anything. Fuzzing should never be performed on production systems, as it is likely to cause failures or trigger security alarms.

Bitcoin supports the production network (mainnet), a test network (testnet), and a regression test network (regtest). For fuzzing, I used the regtest network, as it allowed me to set up a private, isolated Bitcoin network, perfect for fuzzing.

I began by creating a virtual machine that holds my regtest peers, alice and bob. I used Ubuntu 14.04, but any Linux will do. This step was not strictly necessary—you could just create the Docker instances directly on your host OS—but I wanted the extra layer of isolation.

Through the magic of Docker, ports on the virtual machine are mapped to ports on the alice and bob containers. When it’s all up and running, it’ll look like this:

In the next article, I’ll use the Defensics SDK on a different virtual machine to fuzz one of the bitcoind instances.

Starting with the newly installed Linux machine, I first installed git and docker:

jonathan@bitcoinzz:~$ sudo apt-get install -y git docker.io

To get the most up-to-date Bitcoin protocol dissector, I installed Wireshark like this:

jonathan@bitcoinzz:~$ sudo add-apt-repository ppa:wireshark-dev/stable
...
jonathan@bitcoinzz:~$ sudo apt-get update
...
jonathan@bitcoinzz:~$ sudo apt-get install wireshark
...

Then I followed instructions compiled by Gerald Kaszuba for creating two bitcoind peers using docker: https://geraldkaszuba.com/creating-your-own-experimental-bitcoin-network/.

As described, you’ll need to clone Gerald’s repository, run make build to create the container, then run make alice_shell and make bob_shell to spin up two container instances. Just follow the instructions in the article. Finally, in the alice and bob shells, run bitcoind -regtest -daemon to start the bitcoind processes.

You’ll have two running bitcoind instances. If you want to prove that they work together, run Wireshark and listen on the docker0 interface. Then point one of the bitcoind instances at the other using its IP address.

I found the IP address of alice using hostname:

root@alice:~# hostname -I
172.17.0.12

Then I told bob’s bitcoind about alice like this (rt is an alias for bitcoin-cli -regtest):

root@bob:/# rt addnode 172.17.0.12 onetry

This rewarded me with a flurry of Bitcoin messages exchanged between alice’s and bob’s bitcoind processes.

Congratulations! You have your own private Bitcoin network!

Come back next time, when we’ll build a model for the Bitcoin network protocol, then use that model in the Defensics SDK to perform fuzzing on bitcoind.

Have questions about the Defensics SDK?

cinerama

Illuminati, Mason, Anonymous I'll never tell. I can tell you this, global power is shifting and those who have the new intelligence are working to acquire this new force. You matter naught except to yourself, therefore prepare for the least expected and make your place in the new world order.

Disqus Comments Loading...
Share
Published by
cinerama

Recent Posts

  • Bitcoin Business

Cardano {ADA} falters, Foundation member scheduled to speak at an event by the Bitcoin {BTC} Association

Cardano is ranked at #12, right after Stellar Lumens and above Monero on coinmarketcap. According to the latest available data,… Read More

51 mins ago
  • Bitcoin Business

How Big Hydro Power Partners With Bitcoin Miners to Prevent Energy Waste

We are often told that the verification of bitcoin transactions eats a lot of energy. The largely inaccurate comparison to… Read More

51 mins ago
  • Bitcoin Business

Bitcoin Mining Hotspot Iran Drafts Electricity Tariffs for Crypto Miners

Bitcoin mining is about to become mainstream and legal in Iran | Source: Lars Hagberg / AFP The government of… Read More

52 mins ago
  • Bitcoin Business

Ideanomics: Simply Adding Blockchain And Fintech Won’t Make It Successful

SummaryI believe that IDEX is a company without a clear identity and vision.IDEX's transition towards blockchain and fintech is bewildering.Currently,… Read More

52 mins ago
  • Bitcoin Business

Bitcoin’s Catch-22 Will Keep It From Spurring a Monetary Revolution

Over the past couple of years, there have been a number of fast-growing industries that have caught the attention of… Read More

52 mins ago
  • Bitcoin Business

Post-Halving Bitcoin to Hit $100,000 in 2020? It’s Unlikely, Data Shows

In around 300 days, Bitcoin (BTC) will experience what is known as a “halving” or “halvening”. This event, which occurs… Read More

52 mins ago

This website uses cookies. We use these cookies to collect data about your interaction with our website for the purpose of continuously improving your experience with our site. For more information we encourage you to read our privacy policy.

Read More