某60区块链安全之JOP实战二学习记录

区块链安全

Jump Oriented Programming实战二

实验目的

学会使用python3的web3模块
学会分析以太坊智能合约中中Jump Oriented Programming（JOP）问题
深刻理解EVM字节码与delegatecall函数调用参数布局

掌握对EVM逆向能力

找到合约漏洞进行分析并形成利用

实验环境

Ubuntu18.04操作机

实验工具

python3

实验原理

实验内容

Jump Oriented Programming实战二 实验步骤

打开http://ip，输入上述分配的game account，点击Request获取eth

使用geth attach连接到题目，获取合约字节码，题目附件中提供了合约字节码反汇编和反编译代码

分析合约源代码漏洞

0x60806040526004361061008e576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff16806319ff1d211461009057806324b04905146101205780632f76c9c21461012a578063645b8b1b146101555780636bc344bc146101ac57806370a0823114610208578063f0d252681461025f5780632665f77d146102ac575b005b34801561009c57600080fd5b506100a56102c3565b6040518080602001828103825283818151815260200191508051906020019080838360005b838110156100e55780820151818401526020810190506100ca565b50505050905090810190601f1680156101125780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b610128610323565b005b34801561013657600080fd5b5061013f610406565b6040518082815260200191505060405180910390f35b34801561016157600080fd5b50610196600480360381019080803573ffffffffffffffffffffffffffffffffffffffff16906020019092919050505061040c565b6040518082815260200191505060405180910390f35b610206600480360381019080803590602001908201803590602001908080601f0160208091040260200160405190810160405280939291908181526020018383808284378201915050505050509192919290505050610424565b005b34801561021457600080fd5b50610249600480360381019080803573ffffffffffffffffffffffffffffffffffffffff1690602001909291905050506105ea565b6040518082815260200191505060405180910390f35b34801561026b57600080fd5b506102aa600480360381019080803573ffffffffffffffffffffffffffffffffffffffff16906020019092919080359060200190929190505050610602565b005b34801561