Send msg to an used/known address can damage the message channel?

[linkcd]

Hi i come across an issue that, if I manually send a message to an used/existing address, it looks like the channel is damaged, as the fetch method returns error.

The demo code can be found at https://gist.github.com/linkcd/72b08593b57ef39a576bf80f8390ea87

If this is true, then attacker can resend a new message to a known address, and damage the channel.

Based on test, this issue exists both in public channel and restricted channel. the only needed information is the address.

[abmushi]

Hi, Thank you for feedbacks.

As explained in the article, MAM has a signature scheme to protect message chain from any spam message sent to the address already revealed.

So, sending spam message to the address is allowed, but cannot be validated as valid message of the right channel owner(= seed owner), since only seed owner can generate correct Merkle Tree and its signature.

In your code, you use same “seed” to publish message. That means attacker knows your seed to attack you channel. For IOTA, seed is to be ever protected in any circumstances and never to be revealed.

So, your attack is caused not by defect in the architecture of MAM, but exposure of your channel seed to potential attackers.

Try using different mam state with different seed when publishing:

let mamState_normal = Mam.init(iota, seed_normal); for normal publishing. let mamState_attack = Mam.init(iota,seed_attacker); for attacker publishing.

Thank you.

[linkcd]

@abmushi thanks for the reply. However, even if the attacker is using a different seed, the channels looks have problem also.

please see updated code at https://gist.github.com/linkcd/d87234a7a06c7cbb666c625e36fa1207

any suggestion/input is appreciated.

[abmushi]

Thank you. Thing is that I cannot find your MAM transaction in tangle explorer. How did you test it?

[linkcd]

You were reading my mind :) I was (and am) trying to understand the relationship between a normal tx and a MAM to.

According to a conversation I had with IOTA team (Lewis), MAM transaction or address are not normal IOTA transaction or address, therefor I assume they cannot be found by using tangle explorer.

Besides MAM is only working with testnet, I am still waiting for it become available in mainnet.

Before that, as you can see in the demo code, I am reading directly from tangle

[linkcd]

In addition, I heard that MAM tx does not require confirmation, which is an very interesting point. Again I need to wait for mainnet MAM become available to test this better

[abmushi]

You can test MAM in mainnet actually, because I did it. And MAM is stored as bundle of several transactions like normal transfer. I don't know maybe situation has changed...?

You don't need your MAM bundle to be confirmed because structure of MAM bundle is different from that of Transfer bundle. ~~(Precisely, it would be rather correct to say "MAM bundle cannot be confirmed.")~~

And for your attack case scenario, I guess the problem is in API, not in a protocol, since current code seems to have some buggy behaviours...

[linkcd]

Thanks for the reply.

It is interesting that you said MAM works on mainnet. I retested again but i cannot get the code with with my full node (ver 1.4.2.2) in mainnet. The error is Error: Request Error: starting tip failed consistency check: YJ9UAXPHPXDBBCPTWVOVDXGKHAESJPYPUHEDK...............................UYTFZKYUEIRKJKRA9999

When did you test MAM with mainnet? do u mind to share the code so i can try to run it? Which version the node in mainnet that you are talking to?

[abmushi]

I tested on mainnet on January. At that time IRI was 1.4.1.x, I guess. And I simply copied and paste the code in example folder in l3wi's repo with host=localhost:YOURPORT.

[linkcd]

@abmushi is it possible for you to test one more time in mainnet? I am sorry if i asked for too much :)

i followed your steps as i run the example code from I3wi's repo, and run it locally on the full node with localhost:YOURPORT, but got error such as failed to attach message: Error: Request Error: starting tip failed consistency check: WYXGFOTDNSMMCT9ELJYKIGMRYGCJPTEOU..........................DRDOHOK9MEUIOAQIYBYTYA9999 at Object.requestError (/home/lufeng/mam.client.js/node_modules/iota.lib.js/lib/errors/requestErrors.js:11:12) at makeRequest.prepareResult (/home/lufeng/mam.client.js/node_modules/iota.lib.js/lib/utils/makeRequest.js:293:24) at exports.XMLHttpRequest.request.onreadystatechange (/home/lufeng/mam.client.js/node_modules/iota.lib.js/lib/utils/makeRequest.js:71:25) at exports.XMLHttpRequest.dispatchEvent (/home/lufeng/mam.client.js/node_modules/xmlhttprequest/lib/XMLHttpRequest.js:591:25) at setState (/home/lufeng/mam.client.js/node_modules/xmlhttprequest/lib/XMLHttpRequest.js:610:14) at IncomingMessage. (/home/lufeng/mam.client.js/node_modules/xmlhttprequest/lib/XMLHttpRequest.js:447:13) at emitNone (events.js:111:20) at IncomingMessage.emit (events.js:208:7) at endReadableNT (_stream_readable.js:1064:12) at _combinedTickCallback (internal/process/next_tick.js:138:11)

@l3wi if you can also comment on this, it would be perfect

thank you!

[linkcd]

my node info {"appName":"IRI","appVersion":"1.4.2.2","jreAvailableProcessors":2,"jreFreeMemory":335306336,"jreVersion":"1.8.0_162","jreMaxMemory":2605711360,"jreTotalMemory":1256194048,"latestMilestone":"G9MCASVCRBXMAFYAICUGUJCZBQDSPJLMSXTQML9ABVNRJRMTNZDXGXDVAMIXYWLJUQXHMOYXFGOL99999","latestMilestoneIndex":375154,"latestSolidSubtangleMilestone":"WYXGFOTDNSMMCT9ELJYKIGMRYGCJPTEOUXYXOI9NTTDDDNBNINWZZKQDRDOHOK9MEUIOAQIYBYTYA9999","latestSolidSubtangleMilestoneIndex":375126,"neighbors":5,"packetsQueueSize":0,"time":1521119417157,"tips":35,"transactionsToRequest":0,"duration":49}

[abmushi]

I tried using public node to attach to mainnet, since my fullnode is currently unsynced. var iota = new IOTA({ provider: 'https://iotanode.us:443' }) this node is from https://www.tangle-nodes.com/index.php?sorts[load]=1 publishing to mainnet is still available as far as I tried.

You could find my MAM message in iotasear.ch https://iotasear.ch/address/BPAJ9FDHXFNQCQIHNQUWBTCXAXLNWTYZFKNDUIXYGQYVPLY9EGVRZOMKPMHGRRIRRUENYWLIBMGIQUPJK

var Mam = require('../lib/mam.node.js')
var IOTA = require('iota.lib.js')

// public node
var iota = new IOTA({ provider: 'https://iotanode.us:443' })

// Initialise MAM State - PUBLIC
var mamState = Mam.init(iota)

// Publish to tangle
const publish = async packet => {
    // Create MAM Payload - STRING OF TRYTES
    var message = Mam.create(mamState, packet)
    // Save new mamState
    mamState = message.state
    // Attach the payload.
    console.log('Root: ', message.root)
    console.log('Address: ', message.address)
    await Mam.attach(message.payload, message.address)

    // Fetch Stream Async to Test
    var resp = await Mam.fetch(message.root, 'public', null, console.log)
    console.log(resp)
}

publish('POTATO')

[zmarwa]

Hello @abmushi , I just viewed your mam message iotasear.ch https://iotasear.ch/address/BPAJ9FDHXFNQCQIHNQUWBTCXAXLNWTYZFKNDUIXYGQYVPLY9EGVRZOMKPMHGRRIRRUENYWLIBMGIQUPJK

and it shows three transactions , have you any idea why?

[linkcd]

@abmushi thanks, that works. I guess i was working on a different version of mam lib :( i can confirm that

1. the code works with this public node in mainnet

2. the MAM tx are actually confirmed (see the address from your code) https://iotasear.ch/address/BPAJ9FDHXFNQCQIHNQUWBTCXAXLNWTYZFKNDUIXYGQYVPLY9EGVRZOMKPMHGRRIRRUENYWLIBMGIQUPJK

3. the attacker code also works, but i guess it is a lib issue, not a mam issue the victim address is https://iotasear.ch/address/HTOTRQLXHEDHWQFRARAAEWBBJILTDHLPPWJUMFTHHXVGQHFLJCKVFIROMLWROMFEKIHLNXG9GIUOHTVUH the first 3 tx from button are the original tx, and the 4th to 6th are the tx from attacker

[abmushi]

Interesting!! And I noticed that your valid MAM transactions are confirmed but attacker's are not confirmed, although I'm not sure if it is because of that.

And to @zmarwa , I replied in here >> https://github.com/l3wi/mam.client.js/issues/11

[linkcd]

this tool is fun to work with https://iota-mam-explorer.now.sh/

it throws exception on the victim address

i will dig more in next week, just fyi

[abmushi]

This tool is awesome! Thank you for your info.

[linkcd]

created and attacked the following adresses, to verify if the attacked tx cannot be verified

1. BCBZLODASJXMEJOQQAGGOFNWSVZP9CAJVEANSGENZQQMHASVQHGIDZG9DDKSETBMWX9WAEHUALFPVTPQA

2. ZZIZCSEIQKYRSLBPSANETHMSUTYG9AHIHRBHNWMMFL9CBHMWDT9IEWMEMZL9RLJFS9LHRFOWVIVKLFT9L

3.GUGQPTSTYMLMMGUBM9EGRYIHDQPKCCUKPAKZCQAXLQJNPFVVSKKFNAUDULTVWHHD9IRPGTTVQTYHVSGGC

4. JETIUUGUECZJUPXIJJN9AQ9OIWPSGAPHHRCRQZGYALLYBMOT9ZMDDMCQBJFEYKRC9BLHEYHYTXSZJZDHM

[abmushi]

It seems both valid tx and attacking tx are confirmed. So, validity of the MAM tx is not relevant to confirmation. Also, even though being attacked, MAM message can be read but without nextRoot. I think this is a bug.

[Sh4d0wBlade]

Guys, I tried to use the same seed for multiple publisher to publish different data using MAM, and when I use the root to retrive the messages, something strange happened:the data obtained from the root is not deterministic! Sometimes it obtained the data of last time published from the root,sometimes it obtained the data of this time published from the SAME ROOT？Any idea with this??? And the MAM root is LWBGWHIYKXFMZRHPMLEFIVTFZSTKMPRVKODJUUFYGNRJPWEYQCOKIQHDRKLUXZCJ9VPW99RWHCSAHHCRM and this is in restricted mode, the key is VERYSECRETKEY , please fetch the messages from the root above in MAM explorer multiple times! you will get different messages maybe every time