Blockchain Engineering Class of 2020: Delft-DAO - Freedom of Computing

[synctext]

Delft-DAO

What is a DAO? Within the coming decade the future of jobs, employment and the nature of the firm will change profoundly. Automation, AI, and robots will replace many of today's jobs. A new type of company is a company without any employees, without any machines or physical infrastructure. A Decentralized Autonomous Organizations, DAO, only exists in software. It goes beyond smart contracts, it is a complete company inside software. DAO development is still in the experimental stage.

Within this course you can create your very own autonomous organisation, the Delft-DAO. Learn to engineer a decentralised autonomous organisation, use the existing tools, and understand the security risks. The aim is to alter the nature of the firm in the Internet age, see the Nobel prize winning theory. Production cost become essentially cost-free. An organisation which exists purely in cyberspace. The Delft-DAO is designed to be the first sustainable DAO. How can we empower leaderless organizations? How can it earn money from manipulating bits?

Several teams from the class will create running code (requirements for a passing grade..) for one of the following functionalities. Four teams together create the building blocks of the complete Delft-DAO (time consuming integration step is outside our scope).

Freedom of Computing Freely executing code forms the core of the DAO. Improvement of smart contract execution model. This team will build the enabling infrastructure of the DAO. You will create Python-based code execution using the "Dapp" approach, decentralized applications. All executed code on the Delft-DAO is compressed down to a single hash. This code can be upgraded and can never revoked in a "rage-quit" incident; it probably is even "lawyer-proof". The mandatory starting point for your code with documentation in this master thesis.

• create DAO computing layer
• expand core with Python sandboxing
• live Delft-DAO source code patching
• demonstrate ability do live code updates at all online nodes

[synctext]

@thystler @tpapak01 @C3lio Welcome to the course! Sprint proposal divided on team of 4 students :

• DAO stuff: https://hackingdistributed.com/2016/06/18/analysis-of-the-dao-exploit/

• get familiar with Trustchain concept read docs

  • some code: https://spectrum.ieee.org/tech-talk/computing/networks/ethereums-150-million-dollar-dao-opens-for-business-just-as-researchers-call-for-a-moratorium
  • fantasy idea? https://medium.com/moatcoin/an-experiment-fund-managing-protocol-powered-by-ethereum-blockchain-with-dao-implemented-9aae19b243fd
  • Study: ipv8-module-loader
  • Study context: https://github.com/Tribler/tribler/issues/2943
  • understand the signing of code
  • Create Hello World2 Dapp

• Coding sprint 1:

  • use FBase
  • Create the essential skeleton for a DAO Dapp
  • Create infrastructure to collectively control 1 Bitcoin
  • assume for now a single trustworthy person managing the private key
  • distribute the key (threshold?)
  • A majority is required to spend this coin

[synctext]

sprint advice:

• no running code yet
• discussed "FBase-mobile" native in Kotlin
• next sprint goal: download source code from The Internet and run them on Android
• Key accomplishment will be live code injection in the most simple "Hello World" way
  • Try Kotlin or Java.
  • you work against the Android security mechanism, be good Malware!
  • evaluate if this is solving everything: https://github.com/lukeFalsina/Grab-n-Run
  • Try to integrate offline compiler such as CXXDroid, CppDroid (ignore the dependency library import hell)
  • offline Kotlin Programming Compiler
  • backup plan: use the Python interpreter or C service with native .
  • "Dynamic Delivery" is not usable because code is fixed at Google store upload time, not at runtime.

[synctext]

Addition: please focus this sprint primarily on Grab 'N Run. I think it offers exactly what we need. Separately, also test and evaluate dynamic-load-apk. Use something as simple as possible. From the Grab 'N Run research paper

This additional piece of code is loaded at runtime (thus the
term “dynamic”), and it might not necessarily be present
in the application package at installation time: In fact, the
additional code could be retrieved, once again at runtime,
from a remote network endpoint.

Try to get this to work or create an issue on their repo what is broken. Future sprint options:

• [ ] demonstrate ability do live code updates at all online nodes
• use Libtorrent to download executable code
• Realise the source code distribution model of FBase. Create an offline Kotlin compiler in a stand-alone .APK that can create installable apps on the device. See prior fancy self-compile running code from TUDelft.

[Thystler]

@rootmonkey

[rootmonkey]

Sprint update:

• After some research, we found that Grab N Run internally uses DexClassLoader to securely and dynamically load classes, thus, instead of using their implementation we just tried and got DexClassLoader to load a class from a jar file. Currently our code just runs on an Android 10.0 (API 29) emulator as we tried to run the code on a Samsung device and we failed. So our guess is maybe we need a device with stock android on it.

• Below we have a simple depiction of our running code: Before:

  

After button press:

Where the modified string is dynamically loaded from the method get_str of this class at runtime:

• While researching stuff about DexClassLoader we found this paper: https://sites.cs.ucsb.edu/~chris/research/doc/ndss14_execute.pdf which describes various ways dynamically load code into a running application. One of them was using java Runtime class which has a function Runtime.exec() which works similarly to C function system() for running shell commands. By using Runtime.exec() we can also execute another file but for that we need root privileges.

[tpapak01]

Update: We managed to get DexClassLoader to load a class from a jar file on an actual phone. The problem was that the application required runtime permissions through the actual device (at least, that's what solved a common problem we were experiencing). The "Injected" class has been built into a jar file and placed on the phone. Below we simply present its code. Since DexClassLoader eventually worked, and since Grab n' Run is based primarily on that class, we have high hopes that SecDexClassLoader will work as well. After all, the difficulty was the whole permission granting process on the actual device, and we achieved that without resorting to older versions and tools.

[synctext]

Sprint feedback:

• it works :smile: (Android versions supported?)
• 40% of the course is now integration with the other teams, see here Next sprint focus:
• Clean import without any extra Android storage access permission using magnet links
• integrate Libtorrent and re-base on Superapp
• strip the Grab 'N run or try to do this better (e.g. Delft way:-)
• Key problem is the GUI of executable code: re-use the sophisticated Webview solution of FBase
• solve the scientific problem of dynamic stateless code
• both DEXclassloader and secure Dexclassloader are NOT permanent and are erased upon restart of applications
• create a permanent extension of your app by modifying the state and use any magnet link as input.
• demonstrate the clashes of name-spaces by creating a get_name() overwrite existing code by imported code. Or show "name space conflict" error message. Test and show screenshot of attempting to overwrite Android operating system function.

Wrap-up above sprint content, then demo to other groups at end of week 6 of this course?

[tpapak01]

We managed to get libtorrent working on android, whether a magnet link is used, or a .torrent file. Although the state of each download holds between runs (which means a download at 15% will continue from 15% the next time), we still haven't managed to find the actual file on the phone once the download is complete. Next steps:

• Locate downloaded file Update: found it. The file was just not visible through the phone explorer during runtime
• Somehow test the whole process of downloading a .jar executable code file, so that we can take it "in-code" after the download and execute it using Dexclassloader The following zip is a video of "working code".

Libtorrent using both torrent and magnet link.zip

[synctext]

sprint progress:

• [ ] stateless issue and make code imports persistent (try to do it with no extra Android permissions)
• [ ] no communication yet with other teams :cry:
• [ ] unit testing :sob:
• [X] Libtorrent is downloading :+1:
• [X] superapp integration planned
• [ ] sophisticated Webview solution of FBase still on ToDo list

[tpapak01]

Integration with superapp (as a separate module) is complete. GUI screenshots will follow soon.

I guess one main question about the integration with the other teams is: "what are we supposed to transfer from peer to peer in the form of torrents? Is it votes? Is it executable code, and if so, for what purpose? The other teams made shared wallets, methods of money transferring and a system to vote/agree on money transferring. Where does our contribution fit in this?"

[synctext]

Sprint feedback. To answer above question Libtorrent is used to download Kotlin code and conduct live code injection. Offer complete end-to-end Kotlin Distributed App system.

• [ ] Superapp module: https://github.com/tpapak01/FreedomOfComputing
• [ ] smart contract demonstrator, based on FBase principles
• [ ] what is the Delft-DAO Distributed App demo
• [ ] Start with "Hello World" as demo of Delft-DAO Distributed App
  • [ ] Vote started on a magnet link
  • [ ] Delft-DAO vote is successful
  • [ ] Libtorrent is used to download new Distributed app
  • [ ] Live code injection and permanent install of new Distributed app
  • [ ] Every member obtains a new icon within Superapp
  • [ ] "Hello World" is started and a app-specific IPv8 community is joined
  • [ ] Each distributed app includes its own "website" for the GUI
  • [ ] This "website" can be viewed using integrated Webview in the Superapp
  • [ ] Create a "hello world" Distributed App demo
  • [ ] show live updates of how many people are in this community within the GUI
• [ ] BONUS: use the code of another group as a demo with Webview GUI (like this team https://github.com/Tribler/tribler/issues/5143#issuecomment-600580562)
• [ ] BONUS: move beyond .apk binary distribution for security reasons
  • [ ] Distribute source code which can be inspected for backdoors
  • [ ] integrate offline compiler such as CXXDroid, CppDroid (ignore the dependency library import hell) or offline Kotlin Programming Compiler
  • [ ] official offline cmdline Kotlin: https://github.com/JetBrains/kotlin/releases/tag/v1.3.71

From prior list:

• [ ] stateless issue and make code imports persistent (try to do it with no extra Android permissions)
• [ ] sophisticated Webview solution of FBase still on ToDo list

[synctext]

Sprint progress:

• [ ] ship static version for demo purposes by Friday (priority zero)
  • fixed MAIN()
  • static and overwrites classes and packages
  • can only be used for 1 fixed import example
• [ ] Focus on basic integration and "Hello World" demo for other teams (first priority)
  • [X] First code public static void loadDynamicCode(Activity thisActivity){}
  • hardcoded name to import, however that needs to be runtime flexible
  • it can not be the same class name, otherwise you will have name classes for multiple imports
  • suggested solution: use a unique package name. Classes will not clash then. Use as package name something unique like base64(SHA1 hash) to remove numbers and ensure unique naming of fixed Main in the imported apk
• [ ] Key features are inside what we now call The Loader which ensures live code injection is done of various classes and run them.
• [ ] module inside superapp (Create a pull request of your branch into the dao branch of Tribler/trustchain-superapp repository)
• [ ] define the structure of the APK: ipv8 community loading, put state in local sql, trustchain DB, or another design approach
• [ ] State preservation is not yet finished (2nd priority)
• [ ] integrated Webview in the Superapp not yet finished (2nd priority)

[tpapak01]

• Torrents can now be created, seeded and downloaded from peer to peer within the app
• Made good progress on the state-persistence matter

[synctext]

Sprint progress:

• final sprint goal

  • pro-active communication to the other Delft-DAO groups within this course
  • seed in Libtorrent the APK/class of your HelloWorld example when starting app
  • Download any class with any Magnet
  • document for obtaining 7.9k stars on Github :star2:
  • sufficient depth for a 15 ECTS continuation

• Freedom of computing "Core" progress

  • DexClassLoader only loads a specific class or method
  • DexClassLoader does not load GUI, resources, .XML files, layout specification, and various assets in general
  • Load .APK the China-way: https://github.com/didi/VirtualAPK
  • investigate their "trick"
  • document in a few lines and replicate?
  • Grab N Run internally uses DexClassLoader

• First Pull Request, nice.

• Magnet link downloading through Libtorrent works!

• Code: Download .APK

• Exchange magnet links exchange within "Greet other peers" in GUI

[Thystler]

magnet:?xt=urn:btih:6d651f45a01afc35572c734c73cbf8a8f82c396f&dn=20+Awesome+Nature+Ultra+HD+4K+Wallpapers+3840x2160+Px+%5BSet+64%5D&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Fopen.demonii.com%3A1337&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fexodus.desync.com%3A6969

[synctext]

Sprint progress:

• We need a GUI which can be loaded through a DEXclassLoader()
• Otherwise you need to load other assets, XMLs, and isolated files
• selected solution: Tutorial: dynamic user interfaces in Android with fragments and the official docs
• Trigger API of the MultiSIG team: Bitcoin bounty for a magnet link?
  • great demo
  • great progress for humanity
• merge everything in the Superapp please
• screenshot based
• contribute to HN Show of the whole Delft-DAO
• readme of Superapp needs to contain your contribution
• single doc directory addition which contains screenshots and zero-server code injection details; full sovereignty, no gatekeeping by Android or iPhone people
• code coverage?

[rootmonkey]

This was one of the basic test where the button is made in a different apk and loaded dynamically into Test4

[synctext]

@InvictusRMC from the MultiSIG wallet team has volunteered to help integration your efforts. Thus real Bitcoin bounty payout for a magnet link with useful code.

• developers seeds code in Libtorrent, announces private wallet, and sets bounty
• DAO members hold vote for approval
• when the quorum is reached, payout is triggered
• everybody happy :partying_face:

[tpapak01]

Our app/module is complete. Below you can find a guide describing the main use case, from start to finish, and each step required along the process: https://github.com/tpapak01/trustchain-superapp/wiki/FOC---app Here is the apk: app-debug.zip We can test the functionality tomorrow, if you want to. A new pull request was made for the superapp. Finally, we spoke with the Democracy group, and agreed on the integration. In short, if a user wants to distribute code among the network (through our Upload button) he must first propose that code/apk and have it approved/voted for, otherwise the button blocks him from uploading his apk.

[synctext]

Final sprint feedback:

• only minor polish needed, good stuff!
• only 1 freeze and 1 crash :clap: It actually worked.
• documentation:
  • missing 20-line ish introduction
  • Android team restrict what you can distributed in the app store
  • this project is a proof-of-principle implementation which provides you freedom of computing on any smartphone you bought.
  • Now you can download binary code from any stranger on the Internet and run it instantly. Whatever, can go wrong, might go wrong. This work is part of a larger project to create trust. We aim to offer self-organising trust framework within a leaderless DAO organisation. etc etc
• "execute safe demo", only available option of you have not downloaded a magnet yet.
• GUI is a bit primitive. 3-steps in GUI? Small makeover possible?

[synctext]

Top README.md documentation uploaded to Superapp dApp example code in repo and operational code injection. Testing latest release...