No one really likes to fix coding mistakes. It’s frustrating enough when you have to find and fix your own, but finding and fixing other’s mistakes is extra frustrating. What were they thinking, why would you code that this way, it would be better to start this from scratch…are all things you probably find yourself saying when you need to take this task on.

Last year I ran across an article about a higher profile cryptocurrency hack that wasn’t the type of smart contract exploit that is more commonly seen. In this case the private keys were compromised and the attackers didn’t steal them…they computed them.

It turns out that Wintermute used an open-source program called profanity to brute force a smart contract address that started with many zeros (0x0000000fe6a514a32abdcdfcc076c85243de899b). This program is known as a vanity address generator so you can customize what your Ethereum Address looks like. Why they chose to do this I’m not sure as there are usage cost reasons for having more zeros in the address (but not leading zeros). However, it turns out there is a major flaw in the way profanity randomly generates it’s private keys. Without going too deep into how profanity works the basic workflow is that a “random” private key is generated, the corresponding Ethereum address is calculated and compared against what the user is looking for. If that’s not found, it increases the private key by one and tries again. The program uses attached GPUs to speed up this process significantly, into the hundreds of millions of checks per second.

The issue that occurs is in the way in which the initial “random” private key is generated. Ethereum private keys are 32 bytes in length, which means there are 2^256 possible keys. Brute forcing that many keys is impossible with current technology so there should be no way to compute someone’s private key. The profanity code uses a pseudo random number generator called mt19937, but that generator only outputs 8 bytes at a time and takes in a 4-byte unsigned int seed (which is fed by a random_device call). So the code has to get 4 outputs and combine them into one random private key. The problem lies in the fact that the mt19937_64 program only gets seeded once so the “random” numbers it outputs don’t change if the input seed is reused (the output of mt19937 is a 19937 bit seed sequence that doesn’t change if the seed is the same). By generating the initial private this way you have reduce the complexity of computation from 2^256 down to 2^32 (the 4 byte seed).

Now this is only the starting keys that are used and the methods used to crack the keys is fairly complex and involve a good understanding of cryptography and private/public key correlation, but the flaw in the program is pretty easy to understand. You can actually generate and save all of the starting private keys that could be generated by this program in just a few hours and less than 2TB of hard drive space.

A quick modification and recompile where we set the seed to a specific number you would see that the private key doesn’t change when run multiple times. Running the program multiple times outputs the same starting private key when the single randomization seed is fixed.

OK, so this goes back to “what were they thinking” when reviewing other’s code. This random number generation is such a basic concept that needs to be done properly that it defies logic that it would be done this way.

OK so how do we fix this so it’s actually random and has the expected randomness of 2^256. There are a few ways, but a for loop seemed to be the easiest for a permanent fix, however to prove that the new program doesn’t have the same issue it’s easier to just create 4 different mt19937 variables and set the first to zero. However, upon closer inspection you are still using only 4 * 4-byte seeds, so you have only increased the randomness to 2^128. That’s certainly a lot better than 2^32, but we are wanting to get a cryptographically secure randomness of 2^256.

So how do we get and feed a random seed sequence that is at least 32-bits long so mt19937 is random? We don’t even need to reseed that function for the multiple calls we need to make if we can feed it a large enough seed (mt19937 will take up to 624 words). In this case I found a blog that talked about how to properly seed mt19937 so I went about modifying the program to use that information.

Pretty simple changes to fix a program flaw that cost a company $160M.

This is a good reminder to everyone that just because a program is open source doesn’t mean that it doesn’t contain flaws. In reality it might be less secure to use something that is open source because everyone has eyes on the code and and attacker can more easily find the flaw and exploit it. In this case making a program to exploit the flaw can actually be done with about 100 lines of code changes in the original profanity code.

References:

https://medium.com/amber-group/exploiting-the-profanity-flaw-e986576de7ab

https://github.com/johguse/profanity/

https://pyh.olemiss.edu/~kbeach/guide/2020/01/11/random/

At some point you have to ask if your hobby has become an addiction right? Well for me I think that I’m far beyond that point with my home lab and in this blog post I’m going to share my current setup and details for how I got here.

Most of the time it seems to start with a small Raspberry Pi or Synology NAS…then it grows until you have a commercial grade HP or Dell servers because they are “cheap” on eBay. I’ve currently got 4 HP servers like this in my home lab (on top of a half dozen RPis) with another being built currently. Like I said…addiction.

Hardware choices

Your choice of hardware can vary from a simple Raspberry Pi running Ubuntu (v4 supports running VMs and even VMWare ESXi) to a full fledged data center grade server running ESXi. A few year old server can be had on eBay with all the parts needed to be up and running for under a grand. A 7 or 8 year old server can be found on eBay or Craigslist for just a few hundred bucks.

If you need hardware that will need a lot of RAM or computing power then something like a dual CPU HP Gen9 server will be what you are looking for. In my personal setup I run all of my coding projects on a VM hosted on my main server. That way I can be on any low powered laptop and still have all the computing resources I need to accomplish the task at hand (not to mention I can leave something running 24/7 in my home lab if needed).

My main server has 2x E5-2650L CPUs (low power) and 192GB of memory. When you compare price points of CPUs and memory its relatively cheap compared to what it would cost in a new desktop (not to mention you are not limited to 4 sticks of RAM like most CPUs. In my case I got CPUs for $50/each and RAM for $40/32G stick.

Software choices

There are multiple ways to go about getting a server up and running and it all depends on what you will be using it for. Personally I have multiple Raspberry Pis running Raspberry Pi OS and Ubuntu Server and focus it depending on the need. Raspberry Pis (v3 and v4) are more than capable of handling a variety of software like PiHole (adblocking DNS), Apache (web server) and Home Assistant (smart home front end). Generally a Pi is only able to run a single major application so you may find yourself needing multiple to get what you are looking for in a home lab (for instance I have a set of four rack mounted).

So like the hardware choices the software you want to run will depend on your desired outcome (as well as the hardware choice you made). Many people love Proxmox which is an open source VM management software and very practical for a first time user. VMWare ESXi is the other major player in the market and with a huge push to enter the homelab market in late 2020 they gave away free licenses for their ESXi 7 software. You can also get free licenses through the OSU student software deals with VMWare (you have to email the COE asking for the link to sign up though).

OK, now that we have a selection for running VMs, what kinds of things are possible to run. Personally I love the awesome_selfhosted repo that has a great list of things you can self host. I mentioned in my previous blog post that I run Wekan on my home server and that repo is where I got the inspiration to do so. Here is my personal list of self hosted software/VMs:

• Windows 11
• Kubuntu 22.10
• MacOS 13 (beta)
• Plex Server
• Docker (running Wekan, FreshRSS, Firefly iii (personal finance), Changedetection (webpage changemonitoring tool))
• NextCloud
• ZoneMinder (NVR for network cameras)
• piHole
• A web file server
• GitLab

Conclusion

I hope this post helped inspire some of you to see the possibilities of running your own server at home and hopefully it doesn’t turn into an addiction like it has for me.

This is my first blog post ever, so please excuse the amateur vibe you get…I’m still getting use to writing a blog and figuring out the WordPress editor.

What software to use?

For years I have searched for a good task management software that helps me to focus and be productive. I’ve purchased numerous planners to help with making lists, which my wife and daughters will never complain about because they love my leftovers to make lists of their own. I’ve tried a few software packages like OneNote and even Microsoft’s list function in Outlook and always find that within weeks of the initial effort to get them setup I just can’t keep interest. Through all of this trial and error, what worked for me?

KANBAN! It took awhile to get used to the kanban system, but once I found a software package and was able to set it up in a way that I can have easy access from work, home and on the go it is like nothing I have ever used before. OK, well then what software worked for me…because there are many out there. Trello seems to be the most popular and since I am obsessed with self-hosting everything myself the final solution was a package called Wekan (referred to by most as an open-source Trello clone).

How to install it?

When first playing around with Wekan I was impressed by the many ways it can be installed and managed. The number of ways they support installation on a variety of systems was impressive, but also a little overwhelming. They also offer step by step instructions for each of the different options to allow for a relatively painless experience.

Personally I have a commercial grade HP server in my homelab which runs VMWare ESXi. I already have a virtual machine dedicated to running my docker containers, so adding the docker compose script (which they provide on their github page) took just a few minutes and it was up and running smoothly.

How do I use it?

Now that I have used it for the last few years I’m using it to keep track of coursework, work tasks, server maintenance reminders, shopping lists, date night movie ideas, routine house maintenance (think HVAC filter cleans, etc), and even Christmas present ideas for my kids…because where else am I going to write stuff down that pops into my head for Christmas presents in June. I was even able to get my wife to share some lists with me so we can collaborate on the items.

Wekan allows for a collection of different kanban boards so you can separate each project into it’s own section. You can change colors, order, task counters, owners and so much more.

OK, so why does Wekan work so well for me? I find that the ability to visually see tasks along with start and due dates and then easily drag and drop between columns to be extremely easy and efficient. As you can see below it allowed me to layout all of the CS467 for the entire term and now I can make sure that I’m staying on task and won’t miss any deadlines (although this class is one of the first where many assignments are open on day 1, but that’s ok).

Conclusion

Well thats it…my first blog post and my experience with finding and setting up a task management system that worked for me. If you are struggling to find a good task management system that works for you I hope this write up helped you. If not thats ok too.

Thanks for reading my first blog post!