Cryptick is a stock ticker for cryptocurrency tokens, and a physical NFT.

Related tags

Security related resourcescryptick
Overview

Cryptick USB Client - Python

This repo provides scripts for communicating with a Cryptick physical NFT device using Python. Each Cryptick device is a WiFi connected stock ticker for crypto tokens, and is also connected to an NFT on the Ethereum blockchain.

If you're here to authenticate your Cryptick device, skip down to the Digital Signature Authentication (DSA) section.

Requirements

  1. Python >=3
  2. pycrypto lib (for DSA and SHA256 functions)

Available Commands

gettime

Get the internal clock time from cryptick device

python cryptick.py --gettime

settime

Set the cryptick internal clock from the current system time, also setting the UTC offset from the system.

python cryptick.py --settime

24 hour display mode is default. Optionally, specify 12 hour display mode:

python cryptick.py --settime --h12

setmode

Set the cryptick mode. Possible modes are coin, clock, and usbdata. coin displays the cryptocurrency market ticker. clock displays the current time. usbdata mode will listen for any setassetsdata command, allowing for display of arbitrary market data.

python cryptick.py --setmode clock

setbrightness

Set the cryptick display brightness. Value range [1,5]

python cryptick.py --setbrightness 4

getpubkey

Get the public key from cryptick device and write to a pem file. This can be used as a sanity check; to verify that the public key matches the one stored in the NFT on the Ethereum blockchain. Specify the pem output filename as an argument.

python cryptick.py --getpubkey cryptick.pem

resetwifi

Reset the wifi settings of the cryptick device. This removes any stored wifi access point credentials from the device.

python cryptick.py --resetwifi

setwifi

Set the wifi settings of the cryptick device. The device will store the wifi credentials and attempt to connect on next boot.

python cryptick.py --setwifi ssid password

getcurrencylist

Get the device's valid vs currency list.

python cryptick.py --getcurrencylist

getcoinlist

Get the device's valid coin list (list of all valid coins cached from last connection to web service).

python cryptick.py --getcoinlist

setcurrency

Set the device's vs currency.

python cryptick.py --setcurrency usd

setcoins

Set the device's subscribed coins from the list of arguments (up to 10 coins).

python cryptick.py --setcoins btc eth ada dot xlm xrp

setassetsdata

If device mode is set to usbdata, then you can send an asset data json string to display in the ticker. This allows you to send any arbitrary market data to be displayed. The json string is loaded from the specified file in the arguments. Please see the usbdata mode doc for example json file usb_setassetsdata.json

python cryptick.py --setassetsdata usb_setassetsdata.json

getconfig

gets the device's config as a json string and prints it to stdout.

python cryptick.py --getconfig

authenticate

Execute digital signature authentication challenge (DSA) to verify the authenticity of the physical Cryptick device. This process is described in the Digital Signature Authentication (DSA) section.

Cryptick Digital Signature Authentication

Each Cryptick device has an embedded crypto chip which stores a unique private key for ECC DSA. This private key is securely stored and cannot be read out from the device.

Each Cryptick device is associated with a Cryptick NFT on the Ethereum blockchain. The public key is stored in the Cryptick NFT metadata. At any time in the future, anyone can view the Cryptick NFT on the blockchain and see that it is associated with the owner of the Cryptick NFT.

To authenticate the physical Cryptick device, use the following process:

  1. Clone this repository and install the prerequisite library pycrypto:
git clone https://github.com/cryptick-io/cryptick.git
pip install pycrypto

  1. Plug in the Cryptick device to your computer using a USB-C cable.

  2. Locate the serial number of your Cryptick on the back lid, engraved in the wood. In this example, let's assume it is Cryptick Founders Edition (FE) #49.

  3. Next, we can run the script's authenticate command. In this example we will authenticate cryptick founders edition #49:

python cryptick.py --authenticate --serial cryptick-fe/49

  1. The script will grab the cryptick device's public key from cryptick.io based on the provided serial string (full link generated here). It then performs a DSA challenge and verifies the results using the NIST FIPS 186-4 ECDSA algorithm. If the device is authenticated successfully, it will print to the terminal:

Challenge verification success.

  1. To be even safer, you can remove all 3rd parties from the authentication chain, and specify the public key on the command line. To do this, you'll need to view the NFT's data on the Ethereum blockchain. The easiest way to do this is to view the NFT metadata in your Metamask wallet, Etherscan, or on OpenSea.io. In the Cryptick NFT's metadata, the public key is included at the end of the description. Copy the contents of this string into a pubkey.pem file in the same folder as the cryptick.py script and run

python cryptick.py --authenticate --pubkeypem ./pubkey.pem

If the device is authenticated successfully, it will print to the terminal:

Challenge verification success.

Owner
GitHub Repository
SonicWALL SSL-VPN Web Server Vulnerable Exploit

SonicWALL SSL-VPN Web Server Vulnerable Exploit

44 Nov 15, 2022
The probability of having the password you want in the PassMaker is +90%!!

PasswordMaker Strong listing password Introduction The probability of having the password you want in the tool is +90%!! How to Install Open the termi

MasterBurnt 4 Sep 05, 2021
A Python Scanner for log4j

log4j-Scanner scanner for log4j cat web-urls.txt | python3 log4j.py ID.burpcollaborator.net web-urls.txt http://127.0.0.1:8080 https://www.google.c

Ihebski 5 Jun 26, 2022
A simple automatic tool for finding vulnerable log4j hosts

Log4Scan A simple automatic tool for finding vulnerable log4j hosts Installation pip3 install -r requirements.txt Usage usage: log4scan.py [-h] (-f FI

Federico Rapetti 20018955 6 Mar 10, 2022
ShoLister - a tool that collects all available subdomains for specific hostname or organization from Shodan

ShoLister is a tool that collects all available subdomains for specific hostname or organization from Shodan. The tool is designed to be used from Penetration Tester and Bug Bounty Hunters.

Eslam Akl 45 Dec 28, 2022
Just your basic port scanner - with multiprocessing capabilities & further nmap enumeration.

Just-Your-Basic-Port-Scanner Just your basic port scanner - with multiprocessing capabilities & further nmap enumeration. Use at your own discretion,

Edward Zhou 0 Nov 06, 2021
Coerce authentication from Windows hosts via MS-FSRVP (Requires FS-VSS-AGENT service running on host)

VSSTrigger Coerce authentication from Windows hosts via MS-FSRVP (Requires FS-VS

Filip Dragovic 6 Jul 24, 2022
Fast and customizable vulnerability scanner For JIRA written in Python

Fast and customizable vulnerability scanner For JIRA. 🤔 What is this? Jira-Lens 🔍 is a Python Based vulnerability Scanner for JIRA. Jira is a propri

Mayank Pandey 185 Dec 25, 2022
A simple python script for hosting a Snowflake Proxy in your python program or with it's standalone cli

snowflake-cli Snowflake is a system to defeat internet censorship, made by Tor Project. The system works by volunteers who run the snowflake extension

Guilherme Paixão 6 Jul 14, 2022
This respository contains the source code of the printjack and phonejack attacks.

Printjack-Phonejack This repository contains the source code of the printjack and phonejack attacks. The Printjack directory contains the script to ca

pietrobiondi 2 Feb 12, 2022
Tools to make working the Arch Linux Security Tracker easier

This is a collection of Python scripts to make working with the Arch Linux Security Tracker easier.

Jonas Witschel 6 Jul 13, 2022
This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

webapp-wordlists This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version co

Podalirius 396 Jan 08, 2023
Python implementation for PrintNightmare using standard Impacket.

PrintNightmare Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527) using standard Impacket. Installtion $ pip3 install impacket

ollypwn 141 Dec 31, 2022
This is tools hacking for scan vuln in port web, happy using

Xnuvers007 PortInjection this is tools hacking for scan vuln in port web, happy using view/show python 3.9 solo coder (tangerang) 19 y/o installation

XnuxersXploitXen 6 Dec 24, 2022
Python decompiler for Python 1.5-2.4 (for historical archive)

This preserves the early code of a Python decompiler for Python versions 1.5 to 2.4. I have been able to install this using pyenv using Python 2.3.7 u

R. Bernstein 2 Jan 04, 2022
ProxyLogon Pre-Auth SSRF To Arbitrary File Write

ProxyLogon Pre-Auth SSRF To Arbitrary File Write For Education and Research Usage: C:\python proxylogon.py mail.evil.corp lulz 117 Nov 28, 2022

Signatures and IoCs from public Volexity blog posts.

threat-intel This repository contains IoCs related to Volexity public threat intelligence blog posts. They are organised by year, and within each year

Volexity 130 Dec 29, 2022
LaxrFar Python Obfuscator

LaxrFar Python Obfuscator Usage First do the things from "Upload to Webserver" o

LaxrFar 5 Jul 19, 2022
Scan your logs for CVE-2021-44228 related activity and report the attackers

jndiRep - CVE-2021-44228 Basically a bad grep on even worse drugs. search for malicious strings decode payloads print results to stdout or file report

js-on 2 Nov 24, 2022
Crypto Meta Extractor

Crypto Meta Extractor This repository contains the code which extracts some metadata of all the cryptocurrencies listed (9K) on CoinMarketCap. Coding

Samyak Jain 3 Jul 03, 2022