Cryptick is a stock ticker for cryptocurrency tokens, and a physical NFT.

Overview

Cryptick USB Client - Python

This repo provides scripts for communicating with a Cryptick physical NFT device using Python. Each Cryptick device is a WiFi connected stock ticker for crypto tokens, and is also connected to an NFT on the Ethereum blockchain.

If you're here to authenticate your Cryptick device, skip down to the Digital Signature Authentication (DSA) section.

Requirements

  1. Python >=3
  2. pycrypto lib (for DSA and SHA256 functions)

Available Commands

gettime

Get the internal clock time from cryptick device

python cryptick.py --gettime

settime

Set the cryptick internal clock from the current system time, also setting the UTC offset from the system.

python cryptick.py --settime

24 hour display mode is default. Optionally, specify 12 hour display mode:

python cryptick.py --settime --h12

setmode

Set the cryptick mode. Possible modes are coin, clock, and usbdata. coin displays the cryptocurrency market ticker. clock displays the current time. usbdata mode will listen for any setassetsdata command, allowing for display of arbitrary market data.

python cryptick.py --setmode clock

setbrightness

Set the cryptick display brightness. Value range [1,5]

python cryptick.py --setbrightness 4

getpubkey

Get the public key from cryptick device and write to a pem file. This can be used as a sanity check; to verify that the public key matches the one stored in the NFT on the Ethereum blockchain. Specify the pem output filename as an argument.

python cryptick.py --getpubkey cryptick.pem

resetwifi

Reset the wifi settings of the cryptick device. This removes any stored wifi access point credentials from the device.

python cryptick.py --resetwifi

setwifi

Set the wifi settings of the cryptick device. The device will store the wifi credentials and attempt to connect on next boot.

python cryptick.py --setwifi ssid password

getcurrencylist

Get the device's valid vs currency list.

python cryptick.py --getcurrencylist

getcoinlist

Get the device's valid coin list (list of all valid coins cached from last connection to web service).

python cryptick.py --getcoinlist

setcurrency

Set the device's vs currency.

python cryptick.py --setcurrency usd

setcoins

Set the device's subscribed coins from the list of arguments (up to 10 coins).

python cryptick.py --setcoins btc eth ada dot xlm xrp

setassetsdata

If device mode is set to usbdata, then you can send an asset data json string to display in the ticker. This allows you to send any arbitrary market data to be displayed. The json string is loaded from the specified file in the arguments. Please see the usbdata mode doc for example json file usb_setassetsdata.json

python cryptick.py --setassetsdata usb_setassetsdata.json

getconfig

gets the device's config as a json string and prints it to stdout.

python cryptick.py --getconfig

authenticate

Execute digital signature authentication challenge (DSA) to verify the authenticity of the physical Cryptick device. This process is described in the Digital Signature Authentication (DSA) section.

Cryptick Digital Signature Authentication

Each Cryptick device has an embedded crypto chip which stores a unique private key for ECC DSA. This private key is securely stored and cannot be read out from the device.

Each Cryptick device is associated with a Cryptick NFT on the Ethereum blockchain. The public key is stored in the Cryptick NFT metadata. At any time in the future, anyone can view the Cryptick NFT on the blockchain and see that it is associated with the owner of the Cryptick NFT.

To authenticate the physical Cryptick device, use the following process:

  1. Clone this repository and install the prerequisite library pycrypto:
git clone https://github.com/cryptick-io/cryptick.git
pip install pycrypto
  1. Plug in the Cryptick device to your computer using a USB-C cable.

  2. Locate the serial number of your Cryptick on the back lid, engraved in the wood. In this example, let's assume it is Cryptick Founders Edition (FE) #49.

  3. Next, we can run the script's authenticate command. In this example we will authenticate cryptick founders edition #49:

python cryptick.py --authenticate --serial cryptick-fe/49

  1. The script will grab the cryptick device's public key from cryptick.io based on the provided serial string (full link generated here). It then performs a DSA challenge and verifies the results using the NIST FIPS 186-4 ECDSA algorithm. If the device is authenticated successfully, it will print to the terminal:

Challenge verification success.

  1. To be even safer, you can remove all 3rd parties from the authentication chain, and specify the public key on the command line. To do this, you'll need to view the NFT's data on the Ethereum blockchain. The easiest way to do this is to view the NFT metadata in your Metamask wallet, Etherscan, or on OpenSea.io. In the Cryptick NFT's metadata, the public key is included at the end of the description. Copy the contents of this string into a pubkey.pem file in the same folder as the cryptick.py script and run

python cryptick.py --authenticate --pubkeypem ./pubkey.pem

If the device is authenticated successfully, it will print to the terminal:

Challenge verification success.

Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)

Pachine Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation). Installtion $ pip3 install impacket Usage Impacket v0.9.23 -

Oliver Lyak 250 Dec 31, 2022
DoSer.py - Simple DoSer in Python

DoSer.py - Simple DoSer in Python What is DoSer? DoSer is basically an HTTP Denial of Service attack that affects threaded servers. It works like this

1 Oct 12, 2021
Security audit Python project dependencies against security advisory databases.

Security audit Python project dependencies against security advisory databases.

52 Dec 17, 2022
A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs. Fuzzing for more

Duc Linh Nguyen 4 Aug 08, 2022
Code to do NF in HDR,HEVC,HPL,MPL

Netflix-DL 6.0 |HDR-HEVC-MPL-HPL NOT Working| ! Buy working netflix cdm from [em

4 Dec 28, 2021
A simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities

master_librarian A simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities. To install requirements: $ sudo pyth

CoolerVoid 167 Dec 19, 2022
It is a very simple XSS simulator based on flask, python.

It is a very simple XSS simulator based on flask, python. The purpose of making this is for teaching the concept of XSS.

Satin Wuker 3 May 10, 2022
Microsoft Exchange Server SSRF漏洞(CVE-2021-26855)

Microsoft_Exchange_Server_SSRF_CVE-2021-26855 zoomeye dork:app:"Microsoft Exchange Server" 使用Seebug工具箱及pocsuite3编写的脚本Microsoft_Exchange_Server_SSRF_CV

conjojo 37 Nov 12, 2022
Security tool to test different bypass of forbidden

notForbidden Security tool to test different bypass of forbidden Usage python3 notForbidden.py URL Features Bypass with different methods (POST, OPT

6 Sep 08, 2022
Generate obfuscated meterpreter shells

Generator Evade AV with obfuscated payloads Installation must install dotnet prior to running the script with net45 Running ./generator.py -ip Your-I

Fawaz Al-Mutairi 219 Nov 28, 2022
Static Token And Credential Scanner

Static Token And Credential Scanner What is it? STACS is a YARA powered static credential scanner which suports binary file formats, analysis of neste

STACS 81 Dec 27, 2022
NoSecerets is a python script that is designed to crack hashes extremely fast. Faster even than Hashcat

NoSecerets NoSecerets is a python script that is designed to crack hashes extremely fast. Faster even than Hashcat How does it work? Instead of taking

DosentTrust GithubDatabase 9 Jul 04, 2022
EyeJo是一款自动化资产风险评估平台,可以协助甲方安全人员或乙方安全人员对授权的资产中进行排查,快速发现存在的薄弱点和攻击面。

EyeJo EyeJo是一款自动化资产风险评估平台,可以协助甲方安全人员或乙方安全人员对授权的资产中进行排查,快速发现存在的薄弱点和攻击面。 免责声明 本平台集成了大量的互联网公开工具,主要是方便安全人员整理、排查资产、安全测试等,切勿用于非法用途。使用者存在危害网络安全等任何非法行为,后果自负,作

429 Dec 31, 2022
Phoenix Framework is an environment for writing, testing and using exploit code.

Phoenix Framework is an environment for writing, testing and using exploit code. 🖼 Screenshots 🎪 Community PwnWiki Forums 🔑 Licen

42 Aug 09, 2022
Uncover the full name of a target on Linkedin.

Revealin Uncover the full name of a target on Linkedin. It's just a little PoC exploiting a design flaw. Useful for OSINT. Screenshot Usage $ git clon

mxrch 129 Dec 21, 2022
Encrypted Python Password Manager

PyPassKeep Encrypted Python Password Manager About PyPassKeep (PPK for short) is an encrypted python password manager used to secure your passwords fr

KrisIsHere 1 Nov 17, 2021
SPV SecurePasswordVerification

SPV SecurePasswordVerification Its is python module for doing a secure password verification without sharing the password directly. Features The passw

Merwin 1 Feb 12, 2022
You can crack any zip file and get the password.

Zip-Cracker Video Lesson : This is a Very powerfull Zip File Crack tool for termux users. Check 500 000 Passwords in 30 seconds Unique Performance Che

Razor Kenway 13 Oct 24, 2022
A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability. Recently there was a new vulnerability in log4j, a java loggin

koz 1.5k Jan 04, 2023
script that pulls cve collections from NVD.NIST.GOV.

# cvepull.py #script that pulls cve collections from NVD.NIST.GOV. #edit line 17 (timedelta) number to change the amount of days to search backwards

Aaron W 1 Dec 18, 2021