2

I'm trying to use Python to access the trading API at coinnest.co.kr, a cryptocurrency exchange. To do this I must follow the documentation found here: https://www.coinnest.co.kr/doc/private.html

We get a key pair of public key: asdf-asdf-asdf-asdf and private key: qwer-qewr-qwer-qwer.

The request parameters are:

"key":"asdf-asdf-asdf-asdf",
"nonce":1505209177,
"coin":"btc",
"id":3

Then the string to be signed will be:

key=asdf-asdf-asdf-asdf&nonce=1505209278&coin=btc&id=3

Now we use the md5 hash of qwer-qewr-qwer-qwer as the key and encrypt the above string by sha256 and we get 66b2935f3ba82a4a17074d439adab1043a63df4a177af68fe76a3f4f350ef55d, which will be used as the signature.

My current issue is that I am unable to get the same result as the example. I am unsure if their example is accurate. Is the private key "qwer-qewr-qwer-qwer" or "qwer-qwer-qwer-qwer". Is the nonce "1505209177" or "1505209278"?

#!/usr/bin/python2.7
import hashlib
import hmac

secret = 'qwer-qewr-qwer-qwer'
message = 'key=asdf-asdf-asdf-asdf&nonce=1505209278&coin=btc&id=3'
key = hashlib.md5(secret).hexdigest()
print hmac.new(key, message, hashlib.sha256).hexdigest()

Using the code above, I obtain a signature of "afdfb1c331670d95c93868948ff769719b28d879ac94589fa44c4d5b8eacab04" versus the expected result of "66b2935f3ba82a4a17074d439adab1043a63df4a177af68fe76a3f4f350ef55d"

Community
  • 1
  • 1
tada23
  • 73
  • 1
  • 7
  • 1
    I've gotten 8 different results trying various forms of typo correction and trying the different values they give, and ***none*** of them is "66b...". – Ignacio Vazquez-Abrams Dec 18 '17 at 04:10
  • That would be a great question to ask them. You could also ask what the weired unsalted MD5 hashing of the secret is for since it does not add any security. – Klaus D. Dec 18 '17 at 04:10
  • Looks like their documentation could use clarification. I'd send them an email – Peter Gibson Dec 18 '17 at 04:15
  • *"**encrypt** the above string by sha256"* : Note that SHA256 is not encryption, it is a cryptographic hash. – zaph Dec 18 '17 at 04:42
  • Yes, thank you for everyone's help. I also tried the 8 different results and was unable to get the result. I also am not sure why they hash the secret key. – tada23 Dec 18 '17 at 05:43

1 Answers1

1

Maybe you're supposed to brute force the API docs?

>>> secret1 = 'qwer-qewr-qwer-qwer'
>>> secret2 = 'qwer-qwer-qwer-qwer'
>>> message_template = 'key=asdf-asdf-asdf-asdf&nonce={}&coin=btc&id=3'
>>> target = '66b2935f3ba82a4a17074d439adab1043a63df4a177af68fe76a3f4f350ef55d'
>>> keys = [hashlib.md5(secret1).hexdigest(), hashlib.md5(secret1).digest(), hashlib.md5(secret2).hexdigest(), hashlib.md5(secret2).digest()]
>>> 
>>> for i in range(1505000000, 1506000000):
...     msg = message_template.format(i)
...     for key in keys:
...             if hmac.new(key, msg, hashlib.sha256).hexdigest() == target:
...                     print 'FOUND hmac', key, msg
...             if hashlib.sha256(key + msg).hexdigest() == target:
...                     print 'FOUND sha256', key, msg
... 
FOUND hmac fecfe400baa3ae47fe8c42f9c087ec90 key=asdf-asdf-asdf-asdf&nonce=1505209413&coin=btc&id=3

Which corresponds to:

>>> keys.index('fecfe400baa3ae47fe8c42f9c087ec90')
0

So the following should work:

>>> hmac.new(hashlib.md5('qwer-qewr-qwer-qwer').hexdigest(), 'key=asdf-asdf-asdf-asdf&nonce=1505209413&coin=btc&id=3', hashlib.sha256).hexdigest()
'66b2935f3ba82a4a17074d439adab1043a63df4a177af68fe76a3f4f350ef55d'

Looks like you were doing the right thing, but their nonce changed, and the qwer-qewr-qwer-qwer private key is correct.

Peter Gibson
  • 19,086
  • 7
  • 60
  • 64