Hello forum users. Glad that there is such an interesting contest, I decided to share something
I think you will be interested to read, maybe someone will take on their armor and achieve more.
The article describes 2 methods
1. How to create a smart contract with an address similar to any other (useful for creating fake smart contracts)
2. generating keys, addresses
The idea to generate millions of new addresses or to create a smart contract with an address similar to any ICO project address, for example, came to me at the end of 2018.
Part 1
This method will be in the hands of those who are engaged in phishing in the field of crypto.
Have you ever wondered how an etherium address is created in the first place?
And how do you create a smart contract address?
I won’t go too deep into theory, give formulas and show graph of elliptic curve and etc
In brief, any smart contract in the Ethereum network has a unique address
At first glance the smart contract address looks random, but in fact the smart contract address is a hash of sender address of a transaction and nonce values (nonce is the number of outgoing transactions from that address)
Formula : deployed_address = sha3(rlp.encode([sender, nonce]))
In brief, for example the DAI Stablecoin address in the etherium network is 0x6b175474e89094c44da98b954eedeac495271d0f
Ok, let’s try to create a smart contract with similar address
First, the script generates a private key
function randstr(){
var chars=’0123456789abcdef’;
var strlen=64;
var randomstr=”;
for(var i=0;i<strlen;i++){
var rnum=Math.floor(Math.random()*chars.length);
randomstr+=chars.substring(rnum,rnum+1);
}
return randomstr;// this is a randomly generated private key
Next, from this key creates an address (this is not the address of the smart contract, but just a regular address, let’s call it for simplicity, the wallet address)
var priv=randstr();
var generatorpoint=ec.g;
var pubkeycord=generatorpoint.mul(priv);
var x=pubkeycord.getX().toString(‘hex’);
var y=pubkeycord.getY().toString(‘hex’);
var publickey=x+y;
var hashpublic=keccak256(new Buffer.from(publickey,’hex’));
var adr=new Buffer.from(hashpublic,’hex’);
adr=adr.slice(-20).toString(‘hex’);
adr=’0x’+adr;// this will be the address generated from our private key
Next, how do we get a smart contract with the right characters at the beginning and at the end of the address?
for(var i=0;i<10;i++){
/*
I specified maximum nonce value of 10 here. It’s not necessary to specify more, because while sending smart contract to the network we’ll need to manually increase the nonce of the sending address. I will write about it below
*/
var nonce=i;
nonce=nonce.toString();
if(nonce==’0′){nonce=’0a’;}
var hex=converter.decToHex(nonce);
var sender = adr;
sender=sender.toString();
var input_arr = [ sender, hex ];
var rlp_encoded = rlp.encode(input_arr);
var contract_address_long = keccak(‘keccak256’).update(rlp_encoded).digest(‘hex’);
var contract_address = contract_address_long.substring(24)
contract_address = ‘0x’+contract_address;
contract_address=contract_address.toString();
var cont_adr_cut_front=contract_address.substring(0,5); // substring(0,5 )if we want to have, for example, 5 symbols at the front; if we want 4, then specify substring(0,4), etc
cont_adr_cut_front=cont_adr_cut_front.toString();
var cont_adr_cut_back=contract_address.substring(40,42); // from the end we will get 2 necessary symbols
//and if for example we want to get 4 symbols, then specify substring(38,42)
cont_adr_cut_back=cont_adr_cut_back.toString();
console.log(‘+cont_adr_cut_front+’ ‘+cont_adr_cut_back+’);
if(cont_adr_cut_back==’0f’ && cont_adr_cut_front==’0x6b1′){ // specify here which characters we want first and back
console.log(‘Found’+cont_adr_cut_back);
var alldata=’generated key: ‘+priv+’ generated address: ‘+adr+’ nonce: ‘+nonce+’ nuzhniy contract: ‘+cont_address+’\r\n’;
ms.push(alldata);
fs = require(‘fs’);
fs.writeFile(‘Gener-adr2.txt’, ms, function(err){ // write everything to a text file (private key, generated address, and future generated smart contract address)
if (err) return console.log(err);
});
} //else {console.log(‘NO ‘+nonce+’);}
} //for
The result is as follows
Ключ 4625ce80606d3fc31566894ce39a5121356666b9ca3a41ff06bf68f18a4f859a
Адрес 0x5162cb8d3dd3a93b1358e35832fd5fe402858075
Nonce 7
We have a private key, import it into the metamask.
imppp.png.13d86e4cb3b61c2865b04f416e1baf96.png
Now we have the right etherium address.
impadres.png.c31887794af2a8de62e993f62467cbed.png
The nonce of the freshly generated address is 0, in this case we need it to be 7 in order to get the desired address.
Simply manually from the address 6 times send to our other address a little air (even 0.0000000000001). Yes it is expensive, but other way nonce impossible to artificially increase, for this reason and I pointed out in the script that the maximum value of nonce I put 10
After we have done 6 transactions, go to https://remix.ethereum.org/
This is the code of a simple smart contract, which takes ether, and also gives the opportunity to withdraw ether and tokens from your balance
pragma solidity 0.5.17;
interface erc20_token{
function transfer(address _to, uint256 _value) external returns (bool);
}
contract Exploit {
string public name
address owner;
mapping(address => uint256) balances;
constructor() public {
owner = msg.sender;
name=’FORUM exploit.in/topic/187486/’;
}
function() external payable {}
// vivod ETH
function withdraw_eth(address payable _kuda) public {
{(owner == msg.sender);
_kuda.transfer(address(this).balance); // vidod vsego ETH s balansa
}
// vivod ERC20 tokenov
function withdraw_erc20(uint256 _val,address token_adr,address _komu) public{
erc20_token(owner == msg.sender);
erc20_token(token_adr).transfer(_komu,_val); }
}
Pour the smart contract into the network, make sure that the injected address is the one we generated, otherwise we get a smart contract with a different address from another address.
Click Deploy
Enable optimisation I did not select the checkbox
deploy1.png.8273e67b73bdebca217f6421485f1c8e.png
Click on Verify and Publish to be able to interact with the contract
1695263817_verifcontr1.png.cd32a220ed2892c6b1b32b3f1760726e.png
Specify the data as on Remix (compilation type 1 file, compiler version is the same as the one selected on Remix, no license)
verifcontr2.png.369517bf09a40b238d218afa74721bbe.png
Here we copy and paste the code of the smart contract
33279752_verifcontr3.png.095f171861d68851da27ff4ce2a57ca0.png
If everything is done correctly, the contract will be successfully added, and if you click on the smart contract address you will see the fields for working with the functions
deployed-forum.png.cdd3a8dad3032661a8291480a96ec78d.png
deployed-polya.png.4b4f42da946cc256f9f8b239438b9bb4.png
Generated smart contract
https://kovan.etherscan.io/address/0x6b1efdd7340dd248b166c8e656117f345c2c5e0f
And this is the address of the real DAI https://etherscan.io/address/0x6b175474e89094c44da98b954eedeac495271d0f
As you can see the front 0x6b1 and at the end of 0f are similar. If you run the script on any VPS server and for a longer time, the same characters can be found more (as I write the article and make screenshots, I had to settle for a small number of characters. In this case it took less than an hour on my old Lenovo 2012)
Other generated addresses
Адрес Compound https://etherscan.io/address/0xc00e94cb662c3520282e6f5717214004a7f26888
Fake
https://kovan.etherscan.io/address/0xc0050568448f885bd9773d254d3ab200c4fa7888
Uniswap (uni) tokena address
https://info.uniswap.org/#/tokens/0x1f9840a85d5af5bf1d1762f925bdaddc4201f984
Fake
https://kovan.etherscan.io/address/0x1f9f5f873fb7f50ddc5ca8b096a25eaaf1e64984
Real USDC token address https://etherscan.io/address/0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48
фейк: 0xa091a4bb56e72431cd8559acaa0407f230e13b48
You can create several js files with a little bit of string correction, where you have to specify what characters you want to get at the end and at the beginning and you can run several windows in parallel
3cmd.png.733f4fc064c091feb661576978d9e4a3.png
Part 2
This script simply generates an address and checks if it has a balance
const http = require(‘http’);
const hostname = ‘localhost’;
const port = 3000;
// packages
const rlp = require(‘rlp’);
const keccak = require(‘keccak’);
var converter = require(‘hex2dec’);
const EC=require(‘elliptic’).ec;
const ec=new EC(‘secp256k1’);
const keccak256=require(‘js-sha3′).keccak256;
const Web3 = require(“web3”);
const web3 = new Web3(new Web3.providers.HttpProvider(“https://mainnet.infura.io/v3/fa58565ce17d44628a6b20e5134*****”)); specify your Infura API token here
var ms=new Array();
setInterval(function()
{
//random string for private key
function randstr(){
var chars=’0123456789abcdefABCDEF’;//characters to create a key
var strlen=64;
var randomstr=”;
for(var i=0;i<strlen;i++){
var rnum=Math.floor(Math.random()*chars.length);
randomstr+=chars.substring(rnum,rnum+1);
}
return randomstr;//this is returned private key
}
var priv=randstr();
var generatorpoint=ec.g;
var pubkeycord=generatorpoint.mul(priv);
var x=pubkeycord.getX().toString(‘hex’);
var y=pubkeycord.getY().toString(‘hex’);
var publickey=x+y;
var hashpublic=keccak256(new Buffer.from(publickey,’hex’));
var adr=new Buffer.from(hashpublic,’hex’);
adr=adr.slice(-20).toString(‘hex’);
adr=’0x’+adr;
ms.push(‘\r\n’);
ms.push(priv,adr);
web3.eth.getBalance(adr, function(err, result) {
if (err) {
console.log(err)
} else {
var balance=web3.utils.fromWei(result, “ether”);
ms.push(balance)
console.log(‘address: ‘+adr+ ‘ balance: ‘+balance+’ ETH’)
//Write it into the text file if we have found the balance
if(balance>0.001){
fs = require(‘fs’);
fs.writeFile(‘naydenbalans.txt’,ms,function(err){
if (err) return console.log(err);
})
}
}
})
},1000); // address generation every second
Thanks for reading, I think it will really help someone