On the security of Booba’s music video and NFTs
If you bought one or several of these NFTs and wonder if they are safe and secure, don’t worry, they are. You can directly skip the technical details to read the conclusion.
The 3rd of November 2021, Booba (the french rapper who created the label La Piraterie Music) put a set of 5 NFTs up for sale, for a total of 5000 of each of these animated cards. The totality of these NFTs were sold in a few days for 150 ETH (0.006 ETH each), that is more than $700.000 at this date. As a bonus, lucky owners of one of these NFTs were allowed to see the exclusive music video TN since the 8 November 2021.
Les rappeurs m’envient, sont tous en galère.
– Boulbi, Ouest Side
We were a bit curious and wondered how the music video was protected and if we could enjoy it even if we didn’t buy any NFTs.
How does the music video protection work?
In order to see the video, owners of the NFTs have to visit the page /mon-nft and use their crypto wallet (such as Metamask or WalletConnect) to sign the Ethereum message "Pour accéder à TN, merci de bien vouloir signer ce message"
with the same wallet than the one used to buy the NFTs. Once signed, a POST request with a JSON body following this format is sent by the web browser to a web service hosted on AWS:
A few tests show that messages different from the default one aren’t rejected as long as they are JSON-encoded. For instance: [1337]
and "blah"
are considered as valid, however messages that aren’t in JSON trigger an internal error
instantly.
If the signature associated to the Ethereum address (wallet
) and message
are valid, the server verifies that the wallet indeed bought one of the NFTs, otherwise the error Tu ne possèdes aucun des NFTs
is returned. This last step takes a little more time, which let us formulate the following hypothesis. If we find on the Internet a public key that meet these 2 conditions:
- The public key signed a JSON message and the associated signature is public;
- The wallet bought at least one of the NFTs.
it might be possible to replay the message and the signature on the AWS server to retrieve the music video.
The BOOBA TN
NFT is also an ERC-20 token (B2O_TN
) minted by the smart contract 0x3b73…94dd. We first started by listing all the NFT owners thanks to etherscan.io. At the time of writing, there were 3484 owners of at least 1 of these NFTs. 1516 wallets own more than one of the same NFT, probably to resell one of these later.
Un jour de mon salaire c’est leur assurance vie.
– Boulbi, Ouest Side
1st attempt – etherscan.io
Ethereum messages are encoded using the personal_sign
format ("\x19Ethereum Signed Message:\n" + length(message) + message
) before being signed using ECDSA. Since Ethereum transactions are encoded into a different format (RLP), transaction signatures can’t be recognized as valid message signatures. Put it differently, message signatures can’t be found on the Ethereum blockchain.
The first place where we found off-chain Ethereum messages is etherscan.io, which provides a web interface to verify an Ethereum message signature and eventually save it to make accessible via a public URL. We first retrieved all Ethereum messages saved through this service: etherscan.io/verifiedSignatures.
For instance verifySig/2642 shows that the NFT owner of Boring Ape #6743 proved that he also is the owner of the Twitter account ape6743:
He’s also an owner of the NFTs Booba TN as shown in this transaction. However, even if the signature is valid, the message isn’t JSON formatted and can’t be recognized by the AWS server.
Tu n’peux que gagner quand t’as rien à perdre.
– Magnifique, Trône2nd attempt – snapshot.org
The website snapshot.org allows individuals to vote for proposals by using their Ethereum wallet: Snapshot is an off-chain gasless multi-governance client with easy to verify and hard to contest results. Votes are coincidentally in JSON format.
A GraphQL interface can be used to query the votes database. For instance, the following minimal GraphQL request returns vote IDs where the voter address is
0x668248dF4595e09Aa253B31478312748078F7a20
:The query result shows that this address has been used for 2 votes:
The votes signed by each wallet owning Booba TN NFTs can be retrieved in its entirety with a single GraphQL request. There are 689 results for 140 unique voters.
The address 0x668248dF4595e09Aa253B31478312748078F7a20 bought 5 Booba TN NFTs. As shown previously, this address also voted for the following proposals:
The associated votes are stored on the InterPlanetary File System (IPFS): QmZL5toFBQrPgNDPTpQCukWtcjWeT5x6nou75wMMTm52zM and QmQLSv36j3GLdRjubqpXjpAgwYG77Mop5T9uLCi73r1SUT. The content of the first vote is:
Please note that the URL expires after a period of time and isn’t valid anymore.
Conclusion
This blogpost shows that even if the cryptography powering this NFT event is sound, a basic replay attack was sufficient to break the music video protection. The fix is simple: the message sent to the AWS server should be rejected if it doesn’t match the message sent to the crypto wallet.
La piraterie n’est jamais finie !
– Walabok, Nero NemesisOnce contacted (finding the right contact was actually the most difficult part), the developers from RenaissanceNFT were super cooperative and responsive. The issue was fixed within less than an hour and the protection access can’t be bypassed anymore.