Comments (7)
realaravinth
commented on August 25, 2024
1
Yikes, didn't notice that. Give me a sec.
from pow_sha256.
realaravinth
commented on August 25, 2024
1
You are right, I found the issue. Version tagged 0.2.1 uses a different serialisation method than what's there in master. The inconsistency in serialisation library b/w the WASM library, the server and this lib's 0.2.1 was causing PoW to break.
Will release 0.3.1 soon and update docs accordingly.
from pow_sha256.
realaravinth
commented on August 25, 2024
mCaptcha/mCaptcha uses master, but I tested it with the commit tagged 0.2.1 and it works.
Can you please elaborate on how you tried to generate and validate the PoW?
from pow_sha256.
evilsocket
commented on August 25, 2024
not working Cargo.toml:
[package]
name = "mcaptcha_bypass"
version = "0.1.0"
authors = ["Simone Margaritelli <[email protected]>"]
edition = "2018"
[dependencies]
reqwest = { version = "0.11", features = ["blocking", "json"] }
serde = { version = "1.0.129", features = ["derive"] }
serde_json = "1.0.66"
pow_sha256 = { git = "https://github.com/mCaptcha/pow_sha256", tag = "0.2.1" }working Cargo.toml:
Cargo.toml:
[package]
name = "mcaptcha_bypass"
version = "0.1.0"
authors = ["Simone Margaritelli <[email protected]>"]
edition = "2018"
[dependencies]
reqwest = { version = "0.11", features = ["blocking", "json"] }
serde = { version = "1.0.129", features = ["derive"] }
serde_json = "1.0.66"
pow_sha256 = { git = "https://github.com/mCaptcha/pow_sha256", branch = "master" }main.rs (note that all the assertions are passed even when the server responds with Invalid PoW)
use std::collections::HashMap;
use std::thread;
use std::time::Instant;
use pow_sha256::ConfigBuilder;
use reqwest;
use serde::{Deserialize, Serialize};
static BANNER: &str = "
██ ███ ███ █████ ██████ ██████ ████████
██ ████ ████ ██ ██ ██ ██ ██ ██ ██
██ ██ ████ ██ ███████ ██████ ██ ██ ██
██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██
██ ██ ██ ██ ██ ██████ ██████ ██";
static WEBSITE: &str = "https://demo.mcaptcha.org";
static SITEKEY: &str = "pHy0AktWyOKuxZDzFfoaewncWecCHo23";
#[derive(Deserialize, Debug)]
struct Config {
difficulty_factor: u32,
salt: String,
string: String,
}
#[derive(Serialize)]
struct Verification {
key: String,
nonce: u64,
result: String,
string: String,
}
#[derive(Deserialize, Debug)]
struct Response {
token: Option<String>,
error: Option<String>,
}
fn main() {
println!("{}\n", BANNER);
let config_url = format!("{}/api/v1/pow/config", WEBSITE);
let verify_url = format!("{}/api/v1/pow/verify", WEBSITE);
println!("fetching PoW configuration from {} ...", config_url);
let mut map = HashMap::new();
map.insert("key", SITEKEY);
let client = reqwest::blocking::Client::new();
let first_start = Instant::now();
let config = client
.post(config_url)
.json(&map)
.send()
.unwrap()
.json::<Config>()
.unwrap();
let duration = first_start.elapsed();
println!("fetched in {:?}:\n\n{:#?}", duration, config);
let pow_config = ConfigBuilder::default().salt(config.salt).build().unwrap();
let start = Instant::now();
let work = pow_config
.prove_work(&config.string, config.difficulty_factor)
.unwrap();
let duration = start.elapsed();
assert!(
pow_config.calculate(&work, &config.string).unwrap() >= config.difficulty_factor.into()
);
assert!(pow_config.is_valid_proof(&work, &config.string));
assert!(pow_config.is_sufficient_difficulty(&work, config.difficulty_factor));
println!(
"\nsolved in {:?}:\n\n{:#?}\n\nverifying with {} ...",
duration, work, verify_url
);
let ver = Verification {
key: SITEKEY.into(),
nonce: work.nonce,
result: work.result,
string: config.string,
};
let start = Instant::now();
let resp = client
.post(verify_url)
.json(&ver)
.send()
.unwrap()
.json::<Response>()
.unwrap();
let duration = start.elapsed();
if resp.error.is_some() {
println!("verification error: {}", resp.error.unwrap());
} else {
println!("verified in {:?} token:'{}'", duration, resp.token.unwrap());
}
println!("total time: {:?}", first_start.elapsed());
}from pow_sha256.
realaravinth
commented on August 25, 2024
18:13 atm@lab tmp.OVJa6MbgDn ±|master ✗|→ cr
warning: unused import: `std::thread`
--> src/main.rs:2:5
|
2 | use std::thread;
| ^^^^^^^^^^^
|
= note: `#[warn(unused_imports)]` on by default
warning: `mcaptcha_bypass` (bin "mcaptcha_bypass") generated 1 warning
Finished dev [unoptimized + debuginfo] target(s) in 0.04s
Running `target/debug/mcaptcha_bypass`
██ ███ ███ █████ ██████ ██████ ████████
██ ████ ████ ██ ██ ██ ██ ██ ██ ██
██ ██ ████ ██ ███████ ██████ ██ ██ ██
██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██
██ ██ ██ ██ ██ ██████ ██████ ██
fetching PoW configuration from https://demo.mcaptcha.org/api/v1/pow/config ...
fetched in 2.162739839s:
Config {
difficulty_factor: 5000,
salt: "deca4034b07407bab640ea0f8253dad833fd0dabf7943e20ffa051eea071a0c4b18be437140271845630ec66ef052a13472b0e6906a15d52dea48dcef8370",
string: "F9SWl5ajEP4VjwHkh5fsB35czcE2GOS1",
}
solved in 28.486657ms:
PoW {
nonce: 3947,
result: "340233269783498421534900906083404863777",
_spook: PhantomData,
}
verifying with https://demo.mcaptcha.org/api/v1/pow/verify ...
verification error: Invalid PoW
total time: 2.480104151s
18:13 atm@lab tmp.OVJa6MbgDn ±|master ✗|→ cat Cargo.toml
[package]
name = "mcaptcha_bypass"
version = "0.1.0"
authors = ["Simone Margaritelli <[email protected]>"]
edition = "2018"
[dependencies]
reqwest = { version = "0.11", features = ["blocking", "json"] }
serde = { version = "1.0.129", features = ["derive"] }
serde_json = "1.0.66"
pow_sha256 = { git = "https://github.com/mCaptcha/pow_sha256", tag = "0.2.1" }
18:13 atm@lab tmp.OVJa6MbgDn ±|master ✗|→I am unable to reproduce your results. Kindly share your captcha configuration from the dashboard.
from pow_sha256.
evilsocket
commented on August 25, 2024
it looks like you did reproduce the error:
verifying with https://demo.mcaptcha.org/api/v1/pow/verify ...
verification error: Invalid PoW <---------------
now try with master and it will work
from pow_sha256.
realaravinth
commented on August 25, 2024
Published v0.3.1, closing.
from pow_sha256.
Related Issues (1)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pow_sha256.