docs: Add blockchain writeups

Author: sbencoding

blockchain/navigating_the_unknown/README.md

@@ -0,0 +1,49 @@
+# Navigating the unkown (very easy)
+In this challenge we need to call a function on the blockchain.
+
+The readme of this challenge tells us that the goal is for the `isSolved()` function to return true.
+The setup function tells us how that can be achieved.
+```solidity
+pragma solidity ^0.8.18;
+
+import {Unknown} from "./Unknown.sol";
+
+contract Setup {
+    Unknown public immutable TARGET;
+
+    constructor() {
+        TARGET = new Unknown();
+    }
+
+    function isSolved() public view returns (bool) {
+        return TARGET.updated();
+    }
+}
+```
+
+We just need to make sure that the `update` variable in the other contract is true.
+
+```solidity
+pragma solidity ^0.8.18;
+
+contract Unknown {
+    
+    bool public updated;
+
+    function updateSensors(uint256 version) external {
+        if (version == 10) {
+            updated = true;
+        }
+    }
+
+}
+```
+
+Here we see that to make the `updated` variable true, we need to call the `updateSensors` function the blockchain.
+
+The `solve.py` script will do precisely this.
+
+Calling functions requires the ABI of the contract. For this I have used an online IDE called *remix* where I placed the contract source code.
+Then I compiled the code and clicked on the ABI button to copy it to my clipboard
+
+After that we can use the other endpoint the challenge gives us when spawning the docker intsance and send option 3 to get the flag.

blockchain/navigating_the_unknown/solve.py

@@ -0,0 +1,73 @@
+from web3 import Web3
+
+abi = '''[
+	{
+		"inputs": [
+			{
+				"internalType": "uint256",
+				"name": "version",
+				"type": "uint256"
+			}
+		],
+		"name": "updateSensors",
+		"outputs": [],
+		"stateMutability": "nonpayable",
+		"type": "function"
+	},
+	{
+		"inputs": [],
+		"name": "updated",
+		"outputs": [
+			{
+				"internalType": "bool",
+				"name": "",
+				"type": "bool"
+			}
+		],
+		"stateMutability": "view",
+		"type": "function"
+	}
+]'''
+
+abi2 = '''[
+	{
+		"inputs": [],
+		"stateMutability": "nonpayable",
+		"type": "constructor"
+	},
+	{
+		"inputs": [],
+		"name": "TARGET",
+		"outputs": [
+			{
+				"internalType": "contract Unknown",
+				"name": "",
+				"type": "address"
+			}
+		],
+		"stateMutability": "view",
+		"type": "function"
+	},
+	{
+		"inputs": [],
+		"name": "isSolved",
+		"outputs": [
+			{
+				"internalType": "bool",
+				"name": "",
+				"type": "bool"
+			}
+		],
+		"stateMutability": "view",
+		"type": "function"
+	}
+]'''
+
+w3 = Web3(Web3.HTTPProvider('http://159.65.81.51:30417'))
+contract = w3.eth.contract(address='0xA08Ec9a121550BF1BE3860F673DfE42b913EBd32', abi=abi)
+setup = w3.eth.contract(address='0x74b7aA986c1F3A72c1D10E46e600b1F5B385C47B', abi=abi2)
+# OK!! I just needed to use transact() for this function
+# HTB{9P5_50FtW4R3_UPd4t3D}
+print(contract.functions.updateSensors(10).transact())
+print(setup.functions.isSolved().call())
+print(contract.functions.updated().call())

blockchain/shooting_101/README.md

@@ -0,0 +1,69 @@
+# Shooting 101 (very easy)
+In this challenge we need to call some special functions on the contract.
+
+Let's take a look at the target contract:
+
+```solidity
+pragma solidity ^0.8.18;
+
+contract ShootingArea {
+    bool public firstShot;
+    bool public secondShot;
+    bool public thirdShot;
+
+    modifier firstTarget() {
+        require(!firstShot && !secondShot && !thirdShot);
+        _;
+    }
+
+    modifier secondTarget() {
+        require(firstShot && !secondShot && !thirdShot);
+        _;
+    }
+
+    modifier thirdTarget() {
+        require(firstShot && secondShot && !thirdShot);
+        _;
+    }
+
+    receive() external payable secondTarget {
+        secondShot = true;
+    }
+
+    fallback() external payable firstTarget {
+        firstShot = true;
+    }
+
+    function third() public thirdTarget {
+        thirdShot = true;
+    }
+}
+```
+
+The `Setup.sol` just contains the `isSolved()` function like the first challenge, however now it checks all three bolleans of the target contract whether they are true.
+
+We can also see that there are some `modifiers` that are applied to the functions.
+This ensures the order in which they are called is first, second, then third.
+
+The first target is the `fallback` method.
+
+I saw that this is different from the other functions we had before, so I went to look for some information on `receive` and `fallback` and have found this [article](https://blog.soliditylang.org/2020/03/26/fallback-receive-split/).
+
+Here it says, that:
+> receive() external payable — for empty calldata (and any value)
+> fallback() external payable — when no other function matches (not even the receive function). Optionally payable.
+
+Both of these functions are triggered when sending just a transaction to the contract, and not directly calling any functions on it.
+
+The `receive` function is used when empty call data is received, and the `fallback` function is used when no other function on the contract matches.
+
+So to trigger `fallback` first, let's send a transaction, but with a non-empty data field.
+
+Next the second target is the `receive` function, let's send a transaction with empty data field.
+
+And finally the `third` is just a function like in the previous challange, we can just call it in the same way.
+
+`solve.py` performs these steps, although I couldn't make it work with a single invocation of the script.
+For each of the step the script is executed once and then I just commented the steps that were already done.
+
+Sending 3 to the other endpoint that is not the RPC we get the flag.

blockchain/shooting_101/solve.py

@@ -0,0 +1,108 @@
+from web3 import Web3
+
+abi = '''[
+	{
+		"stateMutability": "payable",
+		"type": "fallback"
+	},
+	{
+		"inputs": [],
+		"name": "firstShot",
+		"outputs": [
+			{
+				"internalType": "bool",
+				"name": "",
+				"type": "bool"
+			}
+		],
+		"stateMutability": "view",
+		"type": "function"
+	},
+	{
+		"inputs": [],
+		"name": "secondShot",
+		"outputs": [
+			{
+				"internalType": "bool",
+				"name": "",
+				"type": "bool"
+			}
+		],
+		"stateMutability": "view",
+		"type": "function"
+	},
+	{
+		"inputs": [],
+		"name": "third",
+		"outputs": [],
+		"stateMutability": "nonpayable",
+		"type": "function"
+	},
+	{
+		"inputs": [],
+		"name": "thirdShot",
+		"outputs": [
+			{
+				"internalType": "bool",
+				"name": "",
+				"type": "bool"
+			}
+		],
+		"stateMutability": "view",
+		"type": "function"
+	},
+	{
+		"stateMutability": "payable",
+		"type": "receive"
+	}
+]'''
+
+abi2 = '''[
+	{
+		"inputs": [],
+		"stateMutability": "nonpayable",
+		"type": "constructor"
+	},
+	{
+		"inputs": [],
+		"name": "TARGET",
+		"outputs": [
+			{
+				"internalType": "contract ShootingArea",
+				"name": "",
+				"type": "address"
+			}
+		],
+		"stateMutability": "view",
+		"type": "function"
+	},
+	{
+		"inputs": [],
+		"name": "isSolved",
+		"outputs": [
+			{
+				"internalType": "bool",
+				"name": "",
+				"type": "bool"
+			}
+		],
+		"stateMutability": "view",
+		"type": "function"
+	}
+]'''
+
+w3 = Web3(Web3.HTTPProvider('http://159.65.62.241:31005'))
+contract = w3.eth.contract(address='0xDdA00938E6a998781681E182599e6f6dCFA89808', abi=abi)
+setup = w3.eth.contract(address='0x5341F586E1e3858203b8e65060eFFeCdc64E049F', abi=abi2)
+# Step 1:
+# w3.eth.send_transaction({'to': '0xDdA00938E6a998781681E182599e6f6dCFA89808', 'from': '0xC98533e5811dA2dcE3b233d4E00E150DdE9773d4', 'data': "0x61455567"})
+
+# Step 2:
+# w3.eth.send_transaction({'to': '0xDdA00938E6a998781681E182599e6f6dCFA89808', 'from': '0xC98533e5811dA2dcE3b233d4E00E150DdE9773d4'})
+
+# Step 3:
+contract.functions.third().transact()
+print('1', contract.functions.firstShot().call())
+print('2', contract.functions.secondShot().call())
+print('3', contract.functions.thirdShot().call())
+print(dir(contract.functions))