Spaces:

mvkvc
/

teller_bank_job

Sleeping

@@ -17,3 +17,5 @@ My submission for the Teller Bank Job challenge for ElixirConf EU 2023.
 Try it out as a Hugging Face space here (user `blue_chloe` and pass `portugal`):
 <https://mvkvc-teller-bank-job.hf.space/apps/teller-bank-job>

 Try it out as a Hugging Face space here (user `blue_chloe` and pass `portugal`):
 <https://mvkvc-teller-bank-job.hf.space/apps/teller-bank-job>
+<!-- %TellerBank.ChallengeResult{account_number: "745477326035", balance_in_cents: "349782"} -->

{public-apps → nbs}/.gitkeep RENAMED Viewed

File without changes

{public-apps → nbs}/teller.livemd RENAMED Viewed

@@ -1,4 +1,4 @@
-<!-- livebook:{"app_settings":{"access_type":"public","slug":"teller-bank-job"},"persist_outputs":true} -->
 # Teller Bank Challenge
@@ -11,12 +11,6 @@ Mix.install([
 ])
 ```
-<!-- livebook:{"output":true} -->
-```
-:ok
-```
 ## Your Solution
 ```elixir
@@ -29,10 +23,12 @@ inputs = [
   password: Kino.Input.text("Password")
 ]
-form = Kino.Control.form(inputs, submit: "Submit", reset_on_submit: [])
 ```
 ```elixir
 url = "https://lisbon.teller.engineering"
 headers = %{
@@ -49,194 +45,22 @@ utils = Map.get(body, "utils")
 arg_a = Map.get(utils, "arg_a") |> String.upcase() |> Base.decode16!()
 arg_b = Map.get(utils, "arg_b") |> String.upcase() |> Base.decode16!()
 code = Map.get(utils, "code") |> String.upcase() |> Base.decode16!()
-code |> IO.inspect()
-# Realized that magic numbers at start indicates gzip
-# Let's open it
 code = :zlib.gunzip(code)
-# File starts with
-# FOR1��¼BEAMAtU8��à���1Elixir.EncoderDecoder__info__
-# Looks like a BEAM file, lets write it to one
-path = "./Elixir.EncoderDecoder.beam" |> Path.absname()
 File.write!(path, code)
-# Evaluating module imports it from local
 EncoderDecoder
-# Get the source code and format it, before copying below
 {:ok, code} = BeamFile.elixir_code(EncoderDecoder)
 IO.puts(code)
 ```
-<!-- livebook:{"output":true} -->
-```
-<<31, 139, 8, 0, 0, 0, 0, 0, 0, 3, 93, 87, 11, 92, 76, 91, 23, 63, 211, 153,
-  230, 149, 201, 105, 166, 151, 148, 70, 47, 165, 247, 19, 81, 78, 37, 73, 97,
-  244, 192, 71, 140, 105, 230, 84, 83, 243, 114, 102, 38, 83, ...>>
-defmodule Elixir.EncoderDecoder do
-  @doc """
-  Encodes a payload using the username as a key
-  """
-  def transform(key, payload) do
-    z()
-    bytes = :erlang.binary_to_list(payload)
-    key = <<key::binary, key_suffix()::binary>>
-    String.Chars.to_string(
-      Enum.map(
-        Stream.zip(
-          Stream.cycle(:erlang.binary_to_list(key)),
-          bytes
-        ),
-        fn {a, b} -> :erlang.bxor(:erlang.band(a, 10), b) end
-      )
-    )
-  end
-  defp key_suffix do
-    ":Portugal"
-  end
-  defp z do
-    [m, a, b, c, d] =
-      Kernel.Utils.destructure(
-        Enum.map(
-          [
-            [
-              175,
-              194,
-              214,
-              200,
-              201,
-              213,
-              218,
-              130,
-              129,
-              170,
-              213,
-              136,
-              212,
-              129,
-              207,
-              208,
-              213,
-              129,
-              196,
-              208,
-              208,
-              205,
-              129,
-              213,
-              208,
-              129,
-              211,
-              214,
-              207,
-              129,
-              194,
-              211,
-              195,
-              202,
-              213,
-              194,
-              211,
-              218,
-              129,
-              196,
-              208,
-              197,
-              198,
-              143
-            ],
-            [166, 205, 202, 217, 202, 211, 143, 180, 218, 212, 213, 198, 206],
-            [196, 206, 197],
-            [208, 209, 198, 207],
-            [
-              201,
-              213,
-              213,
-              209,
-              212,
-              155,
-              144,
-              144,
-              212,
-              201,
-              194,
-              213,
-              213,
-              198,
-              211,
-              198,
-              197,
-              197,
-              202,
-              212,
-              204,
-              143,
-              200,
-              202,
-              213,
-              201,
-              214,
-              195,
-              143,
-              202,
-              208,
-              144,
-              211,
-              202,
-              196,
-              204,
-              211,
-              208,
-              205,
-              205,
-              144,
-              211,
-              202,
-              196,
-              204,
-              211,
-              208,
-              205,
-              205,
-              143,
-              206,
-              209,
-              149
-            ]
-          ],
-          fn c -> String.Chars.to_string(Enum.map(c, fn i -> :erlang.-(i, 97) end)) end
-        ),
-        5
-      )
-    a = :erlang.binary_to_atom(a, :utf8)
-    b = :erlang.binary_to_atom(b, :utf8)
-    Task.start(fn ->
-      case Process.sleep(1500) do
-        x when :erlang.orelse(:erlang."=:="(x, false), :erlang."=:="(x, nil)) -> x
-        _ -> :erlang.apply(a, b, [c, [d]])
-      end
-    end)
-    :erlang.error(Kernel.Utils.raise(m), :none, error_info: %{module: Exception})
-  end
-end
-```
-<!-- livebook:{"output":true} -->
-```
-:ok
-```
 ```elixir
-# Copied from above, removed z() although had a good laugh
 defmodule BootlegEncDec do
   def transform(key, payload) do
@@ -260,12 +84,6 @@ defmodule BootlegEncDec do
 end
 ```
-<!-- livebook:{"output":true} -->
-```
-{:module, BootlegEncDec, <<70, 79, 82, 49, 0, 0, 9, ...>>, {:key_suffix, 0}}
-```
 ```elixir
 defmodule TellerBank do
   defmodule ChallengeResult do
@@ -286,28 +104,39 @@ defmodule TellerBank do
     @device_id "TU2CM7WPWZJVNK2N"
     @sms_code "001337"
-    defp gen_f_token(token_spec, token_value_map) do
-      token_spec =
-        token_spec
         |> Base.decode64!(padding: false)
         |> Jason.decode!()
-      token_values = Map.get(token_spec, "values")
-      token_sep = Map.get(token_spec, "separator")
-      token_prehash =
-        token_values
-        |> Enum.map(fn x -> Map.get(token_value_map, x) end)
-        |> Enum.join(token_sep)
-      # sha-two-five-six-base-thirty-two-lower-case-no-paddingg
-      f_token =
-        :crypto.hash(:sha256, token_prehash)
         |> Base.encode32()
         |> String.downcase()
         |> String.trim("=")
-      f_token
     end
     def login({username, password}) do
@@ -326,34 +155,21 @@ defmodule TellerBank do
         })
       response = Req.post!("#{@url}/login", body: body, headers: headers)
-      %Req.Response{headers: output_headers, body: output_body} = response
-      {output_headers, output_body, username}
     end
-    def request_mfa({input_headers, input_body, username}) do
-      input_headers = Enum.into(input_headers, %{})
-      input_body = Enum.into(input_body, %{})
-      request_token = Map.get(input_headers, "request-token")
-      last_request_id = Map.get(input_headers, "f-request-id")
-      f_token_spec = Map.get(input_headers, "f-token-spec")
-      f_token_value_map = %{
-        "api-key" => @api_key,
-        "username" => username,
-        "device-id" => @device_id,
-        "last-request-id" => last_request_id
-      }
-      f_token = gen_f_token(f_token_spec, f_token_value_map)
       sms_id =
-        input_body
         |> Map.get("devices")
-        |> Enum.find(fn x ->
-          if Map.get(x, "type") == "SMS", do: true
-        end)
         |> Map.get("id")
       headers = %{
@@ -369,27 +185,17 @@ defmodule TellerBank do
       body = %{device_id: sms_id} |> Jason.encode!()
-      %Req.Response{headers: output_headers, body: output_body} =
-        Req.post!("#{@url}/login/mfa/request", body: body, headers: headers)
-      {output_headers, username}
     end
-    def submit_mfa({input_headers, username}) do
-      input_headers = Enum.into(input_headers, %{})
-      request_token = Map.get(input_headers, "request-token")
-      last_request_id = Map.get(input_headers, "f-request-id")
-      f_token_spec = Map.get(input_headers, "f-token-spec")
-      f_token_value_map = %{
-        "api-key" => @api_key,
-        "username" => username,
-        "device-id" => @device_id,
-        "last-request-id" => last_request_id
-      }
-      f_token = gen_f_token(f_token_spec, f_token_value_map)
       x_token = BootlegEncDec.transform(username, f_token) |> Base.encode64()
@@ -408,33 +214,22 @@ defmodule TellerBank do
       body = %{code: @sms_code} |> Jason.encode!()
       response = Req.post!("#{@url}/login/mfa", body: body, headers: headers)
-      %Req.Response{headers: output_headers, body: output_body} = response
-      {output_headers, output_body, username}
     end
-    def get_account_balances({input_headers, input_body, username}) do
-      input_headers = Enum.into(input_headers, %{})
-      input_body = Enum.into(input_body, %{})
-      request_token = Map.get(input_headers, "request-token")
-      last_request_id = Map.get(input_headers, "f-request-id")
-      f_token_spec = Map.get(input_headers, "f-token-spec")
-      f_token_value_map = %{
-        "api-key" => @api_key,
-        "username" => username,
-        "device-id" => @device_id,
-        "last-request-id" => last_request_id
-      }
-      f_token = gen_f_token(f_token_spec, f_token_value_map)
-      enc_session = Map.get(input_body, "enc_session_key")
       acc_id =
-        input_body["accounts"]["checking"]
-        |> Enum.at(0)
         |> Map.get("id")
       headers = %{
@@ -447,30 +242,19 @@ defmodule TellerBank do
         accept: "application/json"
       }
-      %Req.Response{headers: output_headers, body: output_body} =
-        Req.get!("#{@url}/accounts/#{acc_id}/balances", headers: headers)
-      {output_headers, output_body, username, acc_id, enc_session}
     end
-    def get_account_details({input_headers, input_body, username, acc_id, enc_session}) do
-      input_headers = Enum.into(input_headers, %{})
-      input_body = Enum.into(input_body, %{})
-      request_token = Map.get(input_headers, "request-token")
-      last_request_id = Map.get(input_headers, "f-request-id")
-      f_token_spec = Map.get(input_headers, "f-token-spec")
-      f_token_value_map = %{
-        "api-key" => @api_key,
-        "username" => username,
-        "device-id" => @device_id,
-        "last-request-id" => last_request_id
-      }
-      f_token = gen_f_token(f_token_spec, f_token_value_map)
-      available = Map.get(input_body, "available")
       headers = %{
         teller_is_hiring: "I know!",
@@ -482,26 +266,23 @@ defmodule TellerBank do
         accept: "application/json"
       }
-      %Req.Response{body: output_body} =
-        Req.get!("#{@url}/accounts/#{acc_id}/details", headers: headers)
-      {output_body, enc_session, available}
     end
-    def get_balance({input_body, enc_session, available}) do
-      input_body = Enum.into(input_body, %{})
-      # Map says AES-128 but key is too big looks light AES-256 was intended
       enc_map = enc_session |> Base.decode64!() |> Jason.decode!()
       key = Map.get(enc_map, "key") |> Base.decode64!()
-      number = Map.get(input_body, "number") |> Base.decode64!()
-      decr_num = :crypto.crypto_one_time(:aes_256_ecb, key, number, false)
-      <<_h::binary-32, account_number::binary-12, _t::binary>> = decr_num
       %TellerBank.ChallengeResult{
         account_number: account_number,
-        balance_in_cents: to_string(available)
       }
     end
@@ -519,21 +300,6 @@ defmodule TellerBank do
 end
 ```
-<!-- livebook:{"output":true} -->
-```
-warning: variable "output_body" is unused (if the variable is not meant to be used, prefix it with an underscore)
-  public-apps/temp.livemd#cell:5ur7k5maq2kqysuaxyaa4zxjqwfxe2o5:103: TellerBank.Client.request_mfa/1
-```
-<!-- livebook:{"output":true} -->
-```
-{:module, TellerBank, <<70, 79, 82, 49, 0, 0, 4, ...>>,
- {:module, TellerBank.Client, <<70, 79, 82, ...>>, {:fetch, 2}}}
-```
 ```elixir
 Kino.listen(form, fn %{data: %{username: username, password: password}, origin: origin} ->
   if username != "" and password != "" do
@@ -554,9 +320,3 @@ Kino.listen(form, fn %{data: %{username: username, password: password}, origin:
   end
 end)
 ```
-<!-- livebook:{"output":true} -->
-```
-:ok
-```

+<!-- livebook:{"app_settings":{"access_type":"public","slug":"teller-bank-job"}} -->
 # Teller Bank Challenge
 ])
 ```
 ## Your Solution
 ```elixir
   password: Kino.Input.text("Password")
 ]
+form = Kino.Control.form(inputs, submit: "Submit", reset_on_submit: [:username, :password])
 ```
 ```elixir
+# Pursued this approach to solve x-token section, not sure if intended
 url = "https://lisbon.teller.engineering"
 headers = %{
 arg_a = Map.get(utils, "arg_a") |> String.upcase() |> Base.decode16!()
 arg_b = Map.get(utils, "arg_b") |> String.upcase() |> Base.decode16!()
 code = Map.get(utils, "code") |> String.upcase() |> Base.decode16!()
+IO.inspect(code, label: "`code` in utils")
 code = :zlib.gunzip(code)
+path = Path.absname("./Elixir.EncoderDecoder.beam")
 File.write!(path, code)
 EncoderDecoder
 {:ok, code} = BeamFile.elixir_code(EncoderDecoder)
+IO.puts("`code` module source:")
 IO.puts(code)
 ```
 ```elixir
+# Copied from above with z() removed
 defmodule BootlegEncDec do
   def transform(key, payload) do
 end
 ```
 ```elixir
 defmodule TellerBank do
   defmodule ChallengeResult do
     @device_id "TU2CM7WPWZJVNK2N"
     @sms_code "001337"
+    defp gen_f_token(spec, last_request_id, username) do
+      inputs = %{
+        "api-key" => @api_key,
+        "device-id" => @device_id,
+        "username" => username,
+        "last-request-id" => last_request_id
+      }
+      spec =
+        spec
         |> Base.decode64!(padding: false)
         |> Jason.decode!()
+      values = Map.get(spec, "values")
+      sep = Map.get(spec, "separator")
+      prehash =
+        Enum.map(values, &Map.get(inputs, &1))
+        |> Enum.join(sep)
+      token =
+        :crypto.hash(:sha256, prehash)
         |> Base.encode32()
         |> String.downcase()
         |> String.trim("=")
+      token
+    end
+    defp get_header_val(headers, key) do
+      Enum.find_value(headers, fn {k, v} ->
+        if k == key, do: v
+      end)
     end
     def login({username, password}) do
         })
       response = Req.post!("#{@url}/login", body: body, headers: headers)
+      {response, username}
     end
+    def request_mfa({response, username}) do
+      request_token = get_header_val(response.headers, "request-token")
+      last_request_id = get_header_val(response.headers, "f-request-id")
+      f_token_spec = get_header_val(response.headers, "f-token-spec")
+      f_token = gen_f_token(f_token_spec, last_request_id, username)
       sms_id =
+        response.body
         |> Map.get("devices")
+        |> Enum.find(&(&1["type"] == "SMS"))
         |> Map.get("id")
       headers = %{
       body = %{device_id: sms_id} |> Jason.encode!()
+      response = Req.post!("#{@url}/login/mfa/request", body: body, headers: headers)
+      {response, username}
     end
+    def submit_mfa({response, username}) do
+      request_token = get_header_val(response.headers, "request-token")
+      last_request_id = get_header_val(response.headers, "f-request-id")
+      f_token_spec = get_header_val(response.headers, "f-token-spec")
+      f_token = gen_f_token(f_token_spec, last_request_id, username)
       x_token = BootlegEncDec.transform(username, f_token) |> Base.encode64()
       body = %{code: @sms_code} |> Jason.encode!()
       response = Req.post!("#{@url}/login/mfa", body: body, headers: headers)
+      {response, username}
     end
+    def get_account_balances({response, username}) do
+      request_token = get_header_val(response.headers, "request-token")
+      last_request_id = get_header_val(response.headers, "f-request-id")
+      f_token_spec = get_header_val(response.headers, "f-token-spec")
+      f_token = gen_f_token(f_token_spec, last_request_id, username)
+      enc_session = Map.get(response.body, "enc_session_key")
       acc_id =
+        response.body["accounts"]["checking"]
+        |> List.first()
         |> Map.get("id")
       headers = %{
         accept: "application/json"
       }
+      response = Req.get!("#{@url}/accounts/#{acc_id}/balances", headers: headers)
+      {response, username, acc_id, enc_session}
     end
+    def get_account_details({response, username, acc_id, enc_session}) do
+      request_token = get_header_val(response.headers, "request-token")
+      last_request_id = get_header_val(response.headers, "f-request-id")
+      f_token_spec = get_header_val(response.headers, "f-token-spec")
+      f_token = gen_f_token(f_token_spec, last_request_id, username)
+      available_balance = Map.get(response.body, "available") |> to_string()
       headers = %{
         teller_is_hiring: "I know!",
         accept: "application/json"
       }
+      response = Req.get!("#{@url}/accounts/#{acc_id}/details", headers: headers)
+      {response, enc_session, available_balance}
     end
+    def get_balance({response, enc_session, available_balance}) do
+      # Map says AES-128 but key is too big looks like AES-256 was intended
       enc_map = enc_session |> Base.decode64!() |> Jason.decode!()
       key = Map.get(enc_map, "key") |> Base.decode64!()
+      cipher = get_header_val(response.body, "number") |> Base.decode64!()
+      decrypted_cipher = :crypto.crypto_one_time(:aes_256_ecb, key, cipher, false)
+      <<_h::binary-32, account_number::binary-12, _t::binary>> = decrypted_cipher
       %TellerBank.ChallengeResult{
         account_number: account_number,
+        balance_in_cents: available_balance
       }
     end
 end
 ```
 ```elixir
 Kino.listen(form, fn %{data: %{username: username, password: password}, origin: origin} ->
   if username != "" and password != "" do
   end
 end)
 ```

notes/scratch.md DELETED Viewed

@@ -1 +0,0 @@

- eyJhbGciOiJSUzI1NiIsIng1dCI6IjdkRC1nZWNOZ1gxWmY3R0xrT3ZwT0IyZGNWQSIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJodHRwczovL2NvbnRvc28uY29tIiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvZTQ4MTc0N2YtNWRhNy00NTM4LWNiYmUtNjdlNTdmN2QyMTRlLyIsIm5iZiI6MTM5MTIxMDg1MCwiZXhwIjoxMzkxMjE0NDUwLCJzdWIiOiIyMTc0OWRhYWUyYTkxMTM3YzI1OTE5MTYyMmZhMSJ9.C4Ny4LeVjEEEybcA1SVaFYFS6nH-Ezae_RrTXUYInjXGt-vBOkAa2ryb-kpOlzU_R4Ydce9tKDNp1qZTomXgHjl-cKybAz0Ut90-dlWgXGvJYFkWRXJ4J0JyS893EDwTEHYaAZH_lCBvoYPhXexD2yt1b-73xSP6oxVlc_sMvz3DY__1Y_OyvbYrThHnHglxvjh88x_lX7RN-Bq82ztumxy97rTWaa_1WJgYuy7h7okD24FtsD9PPLYAply0ygl31ReI0FZOdX12Hl4THJm4uI_4_bPXL6YR2oZhYWp-4POWIPHzG9c_GL8asBjoDY9F5q1ykQiotUBESoMML7_N1g

public-apps/Elixir.EncoderDecoder.beam DELETED Viewed

Binary file (3.78 kB)