1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
package main
import (
"html"
"log"
"text/template"
)
var tmpl *template.Template
func init() {
var err error
tmpl, err = template.New("powxy").Parse(`
<!DOCTYPE html>
<html>
<head>
<title>Proof of Work Challenge</title>
</head>
<body>
<h1>Proof of Work Challenge</h1>
<p>This site is protected by <a href="https://forge.lindenii.runxiyu.org/powxy/:/repos/powxy/">Powxy</a>.</p>
<p>You must complete this proof of work challenge before you could access this site.</p>
{{- if .Message }}
<p><strong>{{ .Message }}</strong></p>
{{- end }}
<p>Select an nonce shorter than or equal to 32 bytes, such that when it is appended to the decoded form of the following base64 string, and a SHA-256 hash is taken as a whole, the first {{ .NeedBits }} bits of the SHA-256 hash are zeros. Within one octet, higher bits are considered to be in front of lower bits.</p>
<p>{{ .UnsignedTokenBase64 }}</p>
<form method="POST">
<p>
Encode your selected nonce in base64 and submit it below.
</p>
<p>
Please note that if your submission is successful, you will be given a cookie that will allow you to access this site for a period of time without having to complete the challenge again. By pressing the submit button, you agree to be given cookies for this purpose.
</p>
<input name="powxy" type="text" />
<input type="submit" value="Submit" />
</form>
<p id="solver_status"></p>
<details>
<summary>Offline solver program</summary>
<pre>` + html.EscapeString(solverProgram) + `</pre>
</details>
</body>
<script>
document.addEventListener("DOMContentLoaded", function() {
let challenge_b64 = "{{.UnsignedTokenBase64}}";
let difficulty = {{.NeedBits}};
let form = document.querySelector("form");
let field = form.querySelector("input[name='powxy']");
let status_el = document.getElementById("solver_status");
if (!window.crypto || !window.crypto.subtle) {
status_el.textContent = "SubtleCrypto not available. You must solve the challenge externally.";
return;
}
status_el.textContent = "SubtleCrypto detected. Attempting to solve in JS...";
let solver_active = true;
form.addEventListener("submit", function() {
solver_active = false;
});
async function solve_pow() {
let token_bytes = Uint8Array.from(
atob(challenge_b64),
ch => ch.charCodeAt(0)
);
let nonce = 0n;
let buf = new ArrayBuffer(8);
let view = new DataView(buf);
while (solver_active) {
view.setBigUint64(0, nonce, true);
let candidate = new Uint8Array(token_bytes.length + 8);
candidate.set(token_bytes, 0);
candidate.set(new Uint8Array(buf), token_bytes.length);
let digest_buffer = await crypto.subtle.digest("SHA-256", candidate);
let digest = new Uint8Array(digest_buffer);
if (has_leading_zero_bits(digest, difficulty)) {
let nonce_str = String.fromCharCode(...new Uint8Array(buf));
field.value = btoa(nonce_str);
status_el.textContent = "Solution found.";
return;
}
nonce++;
// Update status every 256 tries
if ((nonce & 0x00FFn) === 0n) {
status_el.textContent = "Tried " + nonce + " candidates so far...";
await new Promise(r => setTimeout(r, 0));
}
}
}
function has_leading_zero_bits(digest, bits) {
let full_bytes = bits >>> 3;
for (let i = 0; i < full_bytes; i++) {
if (digest[i] !== 0) {
return false;
}
}
let remainder = bits & 7;
if (remainder !== 0) {
let mask = 0xFF << (8 - remainder);
if ((digest[full_bytes] & mask) !== 0) {
return false;
}
}
return true;
}
solve_pow();
});
</script>
</html>
`)
if err != nil {
log.Fatal(err)
}
}
|
