2017-09-15 20:19:19 +00:00
|
|
|
---
|
|
|
|
title: The Bitcoin Piñata
|
2017-09-17 18:52:58 +00:00
|
|
|
abstract: ![Piñata](/static/img/pinata.png)
|
2017-09-15 20:19:19 +00:00
|
|
|
---
|
|
|
|
|
2017-09-17 18:52:58 +00:00
|
|
|
![Piñata](/static/img/pinata.png)
|
|
|
|
|
2017-09-17 13:13:28 +00:00
|
|
|
The [Bitcoin Piñata](http://ownme.ipredator.se) is a unikernel which serves as
|
|
|
|
bug bounty system to test TLS and the underlying implementations. Its
|
|
|
|
communication endpoints are a website describing the setup, and both a TLS
|
|
|
|
client and a TLS server listening on a port. The total size, including TLS,
|
|
|
|
X.509, TCP/IP, of the virtual machine image is 4MB, which is less than 4% of a
|
|
|
|
comparable system using a Linux kernel and OpenSSL.
|
|
|
|
|
2018-04-16 22:00:46 +00:00
|
|
|
When a TLS handshake with the Piñata is successful including mutual
|
|
|
|
authentication, the Piñata transmits the private key to a Bitcoin wallet which
|
|
|
|
initially contained 10BTC. The project started on February 10th 2015. Our
|
|
|
|
lender transferred on March 18th 2018 the 10BTC and repurposed them for other
|
|
|
|
projects.
|
2017-09-17 13:13:28 +00:00
|
|
|
|
|
|
|
On startup, the Piñata generates its certificate authority on the fly, including
|
|
|
|
certificates and private keys. This means that only the Piñata itself contains
|
2017-09-17 14:00:44 +00:00
|
|
|
private keys which can authenticate successfully, and an attacker has to find
|
2017-09-17 13:13:28 +00:00
|
|
|
an exploitable flaw in any software layer (OCaml runtime, virtual network
|
2017-09-17 14:00:44 +00:00
|
|
|
device, TCP/IP stack, TLS library, X.509 validation, or elsewhere) to complete the challenge.
|
2017-09-17 13:13:28 +00:00
|
|
|
|
2018-04-16 22:00:46 +00:00
|
|
|
The Piñata is online since February 10th 2015, and even though hundreds of
|
|
|
|
thousands of connections and initiated TLS handshakes, no Bitcoins were taken.
|
2017-09-17 13:13:28 +00:00
|
|
|
|
|
|
|
By using a Bitcoin wallet, the Piñata is a transparent bug bounty. Everybody
|
2018-04-16 22:00:46 +00:00
|
|
|
can observe (by looking into the blockchain) whether it has been compromised and
|
|
|
|
the money has been transferred to another wallet. It is also self-serving: when
|
|
|
|
an attacker discovers a flaw, they don't need to fill out any forms to retrieve
|
|
|
|
the bounty, instead they can take the wallet, without any questions asked.
|