DeTEE Hackers Challenge: Program info

Steps that you need to do to run the Hacker Challenge node.

Server requirements You need have a Server with Intel processor that supports SGX or rent a VM, for options see RedSwitches or Hetzner. You may also have the compliant processor in your laptop or desktop, check here. Public IP is not required to participate.

Simple installation

Server preparation is quite simple. Make sure you have installed and using the kernel above v5.13 to get a built-in SGX DCAP driver. Also make sure that you enabled SGX in BIOS. Final step is to add the symlinks for the sgx devices:

# Check if sgx is enabled
cpuid | grep -i sgx

# Add symlinks for the sgx devices
sudo mkdir -p /dev/sgx
sudo ln -sf ../sgx_enclave /dev/sgx/enclave
sudo ln -sf ../sgx_provision /dev/sgx/provision

Advanced installation

Advanced installation is needed if you want to work with trusted execution environments on your server directly - not through docker like in the case of simple installation. Follow this tutorial to install the SGX SDK manually. To simplify the process, we have created the following cheatsheet:

https://docs.detee.ltd/docs/hackers/prerequisites

Quickstart

Hacker challenge works as a cluster that anybody can join. To join a cluster, all you need is to run the DeTEE Hacker Challenge Node (sometimes we also call it DTHC). DTHC is a docker image that you can start using:

docker run --device /dev/sgx/enclave --device /dev/sgx/provision \
           -v /tmp/dthc:/challenge/main -p 80:31372 -p 31373:31373 -d \
           --env INIT_NODES="212.95.45.139 46.165.199.12 184.107.183.210" \
           --name dthc detee/hacker-challenge:latest

After your node has started, feel free to start exploring logs:

docker logs -f dthc

- docker devices give node the access to the SGX functionality
- INIT_NODES are real IP addresses of currently running nodes that host the key
- in the /tmp/dthc you will find the files with node metrics and Solana keys
- if your IP is public, expose port 31373 so that other nodes can connect to you
- use the node as http://localhost:80/mint?address=... to mint DTHC tokens

How to start attacking the Hacker Challenge.

More about Hacker Challenge

The node that you can run is part of the DeTEE hacker-challenge, in other words a decentralized wallet that mints the DTHC Token. The private key of the mint authority was generated within the network. The challenge is easy: Hack the network to get the private key, and all the SOL is yours. We also offer other rewards, including:

• the wallet that you hacked
• DeTEE Loyalty Points
• a seat on the Advisory Board of DeTEE

The mint address of the token is: A6HtJwfUbRiPoqVBQY611avQS4byHP4BZXHHBCMD4eFp The mint authority is: AVV4yXTCbTYdJjzM5BniSchFby3mMeJ9JLAGFNubXm8h

In order to mint, the mint authority will need some SOL. Before sending SOL, take into consideration that DeTEE REPRESENTATIVES DON'T KNOW HOW TO GET THE SOL OUT OF THE NETWORK!

You can make following requests:

/nodes <= information about hacker challenge nodes and activity /mint?address=<address> <= mints 1 DTHC to a given address

Technical architecture of the P2P engine behind the hacker challenge.

Hacker Challenge is a decentralized network of nodes. Each node in the network runs inside an enclave (1). Memory pages of programs within the enclave are encrypted outside the enclave. Programs within the enclave have access to sources of entropy that are also protected from outside interventions. Enclaves also have exclusive access to their unique secrets that they usually use to seal (2) data on disk. Each enclave in the cluster must have the same measurements (3), since it runs the same version of the code and configuration. A running program can generate a quote that can be used to verify the measurements and legitimacy of the hardware it's running on. Decentralized algorithms are simplified as you will see from the code, since every node in the cluster is inherently trusted.

Assuming there are no vulnerabilities in any of the mentioned hardware features, and our node implementation has none either, it should be practically impossible to steal the SOL from the network wallet because:

• wallet key is created inside the enclave using a trusted source of entropy
• memory pages of the node that keep the wallet are encrypted to the outside world
• node seals it's own current progress and the Solana wallet keys on the disk
• nodes verify if measurements of each other match through RATLS

Hence when the new node joins the network, it connects to 3 peers using the RATLS handshake. The peers exchange their measurements and verify them. If the measurements are not in the whitelist, the peer will reject the connection. When the node is successfully connected, it receives the Solana wallet keypair and is able to mint the DTHC token.

1. The enclave is a program that operates in a trusted execution environment (TEE) . 2. Sealing is a technique that the enclave uses to symmetrically encrypt and decrypt disk data to hide it from host. 3. Enclave measurements are strings that uniquely identify the enclave and its configuration, like hash of the enclave's binary, configuration, the signer public key, its version and product id.

Known Hacker Challenge issues

1. If you create a new node as a root and it will create the private key and save it to the disk, it will remain sealed and when the node will restart and try to join the rest of the network, it will still use the private key from the disk for minting and sharing.
2. If you run the hacker challenge on the Out Of Life processors you may have a privilege to run certain attacks, for instance check this article.
3. The challenge is compiled using the HW mode, not HYPER so it may not work on some cloud providers, like Azure Intel SGX VMs (needs more testing).
4. The performance and stability of the challenge is not at its theoretical peak as the challenge was done mostly as a poc and was not meant to be infinitely scalable or very performant.
5. The challenge is not mutable once deployed, which means that it will remain secure for as long as the community will not find a new vulnerability in SGX.