Skip to content

Commit f75fa74

Browse files
authored
Merge pull request #105 from RedTeamSubnet/dfp-2
Device Fingerprinter V2
2 parents a15fc9b + 74d7471 commit f75fa74

13 files changed

Lines changed: 232 additions & 230 deletions

File tree

.env.example

Lines changed: 0 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -20,16 +20,3 @@ DEBUG=false
2020
# RT_EPOCH_LENGTH=1200
2121
RT_STORAGE_API_URL="https://storage-api.theredteam.io"
2222

23-
24-
## -- Challenge configs -- ##
25-
# CHALLENGE_API_KEY="changeme"
26-
# CHALLENGE_VERIFICATION_API_KEY="changeme"
27-
# RT_CHALLENGE_LOGS_DIR=volumes/storage/agent.miner/logs
28-
# CHALLENGE_VERIFICATION_ENDPOINT="http://localhost:8000/verify"
29-
# CHALLENGE_VERIFICATION_STARTUP_URL="http://localhost:8000/startup"
30-
31-
## -- AAD Challenge configs -- ##
32-
# AAD_CHALLENGE_NSTBROWSER_API_KEY="changeme"
33-
# AAD_CHALLENGE_NSTBROWSER_HOST=localhost
34-
# AAD_CHALLENGE_NSTBROWSER_PORT=9222
35-
# AAD_CHALLENGE_NSTBROWSER_PROTOCOL=http

.gitmodules

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
1-
[submodule "src/challenges/ab_sniffer"]
2-
path = src/challenges/ab_sniffer
3-
url = ../ab-sniffer-challenge.git
41
[submodule "src/challenges/ada_detection"]
52
path = src/challenges/ada_detection
63
url = ../ada-detection-challenge.git
4+
[submodule "src/challenges/dev_fingerprinter"]
5+
path = src/challenges/dev_fingerprinter
6+
url = https://github.com/RedTeamSubnet/dev-fingerprinter-challenge.git

docs/challenges/.nav.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
nav:
22
- README.md
33
- Active Challenges:
4-
- ab_sniffer : ./ab_sniffer
5-
- ada_detection : ./ada_detection
4+
- ada_detection: ./ada_detection
5+
- dev_fingerprinter: ./dev_fingerprinter
66
- Inactive Challenges:
7-
- dev_fingerprinter : ./dev_fingerprinter
8-
- humanize_behaviour : ./humanize_behaviour
7+
- humanize_behaviour: ./humanize_behaviour
8+
- ab_sniffer: ./ab_sniffer

docs/challenges/dev_fingerprinter/README.md

Lines changed: 7 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,9 @@
22

33
## Overview
44

5-
The **Device Fingerprinter** challenge tests miners' ability to develop a browser SDK that can accurately detect the driver type used by bots interacting with a webpage. Miners must create a JavaScript fingerprinter that distinguishes between different devices using browser properties, behavior patterns, and technical signatures.
5+
The Device Fingerprinter challenge tests miners' ability to develop a browser SDK that can accurately and consistently identify physical
6+
devices across multiple browser environments. Miners must create a JavaScript fingerprinter that generates a unique, persistent ID for a
7+
specific device, regardless of whether it is accessed via Chrome, Safari, or Brave.
68

79
## General Technical Requirements
810

@@ -13,7 +15,7 @@ The **Device Fingerprinter** challenge tests miners' ability to develop a browse
1315

1416
## General Guidelines
1517

16-
- **Fingerprint Collection**: Collect comprehensive browser and device properties while analyzing WebDriver signatures and automation artifacts.
18+
- **Fingerprint Collection**: Collect browser and device properties to identify the physical hardware across different browser engines.
1719
- **Data Processing**: Generate unique, consistent fingerprint hashes and follow the provided API endpoint structure for JSON payloads.
1820
- **Dependency Limitation**: Your dependencies must be older than January 1, 2025. Any package released on or after this date will not be accepted.
1921
- **Script Limitation**: Your script must not exceed 2,000 lines. Larger scripts will be considered invalid.
@@ -23,18 +25,9 @@ The **Device Fingerprinter** challenge tests miners' ability to develop a browse
2325
We maintain strict originality standards:
2426

2527
- All submissions are compared against other miners' scripts.
26-
- 100% similarity = zero score.
27-
- Similarity above 60% results in proportional score penalties based on the **detected similarity percentage**.
28-
29-
## Submission Path
30-
31-
**Dedicated Path:** `examples/dev_fingerprinter_v1/src/fingerprinter/`
32-
33-
Place your fingerprinting script in this directory before building your commit:
34-
35-
- `fingerprinter.js` - Your main fingerprinting implementation
36-
37-
Ensure your script keeps the `runFingerprinting()` function signature and export unchanged.
28+
- Under 40% Similarity: No penalty is applied.
29+
- 40% to 60% Similarity: Results in proportional score penalties based on the detected similarity percentage.
30+
- Above 60% Similarity: Results in an automatic score of zero (Disqualification).
3831

3932
## Submission
4033

Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,58 @@
1+
---
2+
title: Testing Manual
3+
---
4+
5+
# Device Fingerprinter (DFP) Testing Manual
6+
7+
The **Miner Testing Sandbox** is the primary tool for developing and validating your `fingerprinter.js` script. It allows you to test your logic in isolation without the overhead of a full challenge session.
8+
9+
## Why use the Sandbox?
10+
11+
1. **Isolated Testing**: Validate your `fingerprinter.js` immediately across different browser profiles.
12+
2. **Performance Evaluation**: The sandbox uses the official "Two-Strike" rule to measure:
13+
- **Fragmentation (Internal Consistency)**: Ensures the same device consistently produces the same hash across different browsers.
14+
- **Collision (External Uniqueness)**: Ensures different devices produce unique hashes.
15+
3. **Real-time Results**: View a breakdown of "Correct," "Collisions," and "Fragmentations" to see exactly where your script needs improvement.
16+
17+
---
18+
19+
## Quick Start Guide
20+
21+
### Step 1: Setup the Proxy Environment
22+
You only need the DFP Proxy repository for testing:
23+
```bash
24+
git clone git@github.com:RedTeamSubnet/rest.dfp-proxy.git dfp_proxy
25+
cd dfp_proxy
26+
27+
# Create the environment file (required for the app to start)
28+
cp .env.example .env
29+
```
30+
31+
### Step 2: Provide Your Script
32+
Paste your implementation logic into:
33+
`src/api/static/js/fingerprinter.js`
34+
35+
### Step 3: Start the Sandbox
36+
```bash
37+
./compose.sh start -l
38+
```
39+
40+
### Step 4: Run Your Tests
41+
1. **Open the Dashboard**: Visit **`http://localhost:8000/miner-test`** in your browser.
42+
2. **Label Your Device**: Enter a name (e.g., `my-laptop`) and click **Submit Fingerprint**.
43+
3. **Test Consistency (Fragmentation)**:
44+
- Open the same URL in a **different browser engine** (e.g., switch from Chrome to Brave or Safari).
45+
- Use the **exact same Device Label**.
46+
- Click Submit again. If your hash changed, you will see a **Fragmentation** error.
47+
4. **Test Uniqueness (Collision)**:
48+
- Ask a friend to visit the URL or use a different physical machine.
49+
- Use a **different Device Label** (e.g., `office-pc`).
50+
- Click Submit. If they produce the same hash as you, you will see a **Collision** error.
51+
52+
---
53+
54+
## Development Workflow
55+
56+
- **View Results**: Click the **View Results** button at any time to see your current score and a detailed list of all collected hashes.
57+
- **Clean Session**: Use the **Clean Session** button to wipe all test data and restart your testing cycle immediately.
58+
- **Final Goal**: Aim for a **1.0 Score** in the sandbox with multiple browsers and devices before submitting your final commit.
Lines changed: 129 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,129 @@
1+
---
2+
title: Device Fingerprinter v2
3+
---
4+
5+
# Device Fingerprinter (DFP) v2 (Active after 2026 February 25 10:00 UTC)
6+
7+
## Overview
8+
9+
**Device Fingerprinter (DFP) v2** is a high-precision challenge focused on device identity consistency and uniqueness. Participants must develop a browser SDK capable of generating a "fingerprint" string that remains identical for the same physical device across multiple browsers while remaining unique between different devices.
10+
11+
The challenge evaluates your SDK's ability to resist browser-level variations (like user agents or window sizes) and extract hardware-level or deeper software signals that uniquely identify the hardware.
12+
13+
For general information and technical setup, please refer to the [Main README](./README.md).
14+
15+
---
16+
17+
## Mandatory Requirements
18+
19+
1. Use the template provided in the [`templates/commit/src/fingerprinter/`](./templates/commit/src/fingerprinter/fingerprinter.js) directory.
20+
2. Implement your logic within the `fingerprinter.js` file.
21+
3. Your SDK must:
22+
- Generate a single string (the "fingerprint").
23+
- Report this string to the evaluator when executed within a browser environment.
24+
- Be self-contained and not rely on external API calls or non-standard browser features that require user permissions (e.g., Camera/Microphone).
25+
26+
### Browsers
27+
28+
Your SDK will be evaluated across multiple mobile and desktop browsers, including:
29+
30+
- **Chrome**
31+
- **Brave**
32+
- **Firefox Focus**
33+
- **DuckDuckGo**
34+
- **Safari**
35+
36+
All browsers are run in incognito mode. Each device will be tested in multiple "batches" across these browsers to ensure consistency.
37+
38+
---
39+
40+
## Key Guidelines
41+
42+
- **Fragmentation (Internal Consistency)**: Your SDK must produce the same ID for a device even if the browser changes. If the ID changes between Chrome and Brave, you will be penalized for "Fragmentation."
43+
- **Collision (External Uniqueness)**: Your SDK must produce different IDs for different physical devices. If two devices share the same ID, you will be penalized for "Collision" via the **Two-Strike Rule**.
44+
- **Hardware Focus**: Avoid using volatile signals (like window size, battery level, or IP address) as they vary between browsers and sessions, leading to fragmentation penalties.
45+
46+
---
47+
48+
## Technical Architecture (Challenger & Proxy)
49+
50+
DFP v2 utilizes a two-tier architecture to ensure a realistic evaluation environment:
51+
52+
1. **Challenger API**: The "Brain" of the operation. It receives your submission, manages the test session, notifies physical devices via SMTP, and calculates the final score based on the data received.
53+
2. **DFP Proxy**: The "Gateway." It hosts your `fingerprinter.js` script and acts as the collection point for device reports. This prevents direct communication between the test devices and the main Challenger, ensuring security and isolation.
54+
55+
### The Lifecycle of a Fingerprint
56+
57+
- **Submission**: You send your `fingerprinter.js` to the Challenger.
58+
- **Distribution**: The Challenger automatically pushes your script to the Proxy.
59+
- **Collection**: Physical devices visit the Proxy, execute your script, and send the results back to the Proxy.
60+
- **Scoring**: The Proxy forwards the collected results to the Challenger for the final calculation.
61+
62+
---
63+
64+
## Mandatory Functions
65+
66+
Participants must implement and export two specific async functions in their `fingerprinter.js` script. These are the entry points used by the evaluation environment.
67+
68+
### 1. `runFingerprinting()`
69+
70+
This function is responsible for gathering device signals and generating the fingerprint hash.
71+
72+
- **Miner Requirement**: Miners must capture the exact 32-character string returned by this function and submit it unmodified.
73+
- **Goal**: Collect hardware/software data and return a unique, consistent hash.
74+
75+
---
76+
77+
## Evaluation Criteria
78+
79+
- **High Consistency**: Maintain the same fingerprint for a single device across all 5+ target browsers.
80+
- **High Uniqueness**: Ensure no other physical device generates the same fingerprint.
81+
- **Minimum Participation**: At least 2 physical devices must successfully report fingerprints for a session to be valid.
82+
- **Stability**: The script must execute quickly and reliably within the evaluator's `fp_timeout` window.
83+
84+
---
85+
86+
## Scoring System
87+
88+
The final score is an average of the points earned by each physical device in the session, normalized between **0.0 and 1.0**.
89+
90+
### 1. Fragmentation Penalty
91+
92+
Each device starts with **1.0 point**.
93+
94+
- For every unique fingerprint string generated by the *same* device beyond the first, a penalty of **-0.3** is applied.
95+
- **Max Fragmentation**: If a device generates **3 or more** different IDs across browsers, its score for the session is automatically **0.0**.
96+
97+
### 2. Two-Strike Collision Rule
98+
99+
This rule ensures your ID is unique across the network.
100+
101+
- **Strike 1**: If a fingerprint generated by a device is shared by *any* other physical device in **one** browser batch, a penalty of **-0.25** is applied.
102+
- **Strike 2**: If the same collision happens in **2 or more** batches, that device's score becomes **0.0**.
103+
104+
### Scoring Example
105+
106+
Imagine a session with 2 devices across 5 browsers (10 batches total with `n_repeat=2`):
107+
108+
- **Device 1 (Perfect)**: Reports "ID-AAA" in all 10 batches.
109+
- Unique IDs: 1 (Penalty: 0)
110+
- Collisions: 0 (Penalty: 0)
111+
- **Points: 1.0**
112+
113+
- **Device 2 (Fragmented)**: Reports "ID-BBB" in 8 batches and "ID-CCC" in 2 batches.
114+
- Unique IDs: 2 (Penalty: -0.3)
115+
- Collisions: 0 (Penalty: 0)
116+
- **Points: 0.7**
117+
118+
- **Device 3 (Collided)**: Reports "ID-AAA" (Collides with Device 1) in 2 batches.
119+
- Unique IDs: 1 (Penalty: 0)
120+
- Collisions: 2 batches (Strike 2 triggered)
121+
- **Points: 0.0**
122+
123+
**Final Session Score**: `(1.0 + 0.7 + 0.0) / 3 = 0.567`
124+
125+
---
126+
127+
## Submission
128+
129+
After local validation using the [Testing Manual](./testing_manuals.md), package your script into a submission container. Ensure your `fingerprinter.js` is correctly placed in the miner template.

requirements.txt

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,10 @@
11
bittensor~=9.9.0
22
cryptography>=41.0.7,<50.0.0
33
docker>=7.0.0,<8.0.0
4-
pandas>=2.1.4,<3.0.0
5-
datasets>=2.16.1,<3.0.0
64
diskcache>=5.6.3,<6.0.0
75
substrate-interface>=1.7.11,<1.8
86
python-dotenv>=1.0.1,<2.0.0
97
pydantic[email,timezone]>=2.0.3,<3.0.0
108
pydantic-settings>=2.8.1,<3.0.0
11-
GitPython~=3.1.44
12-
ab_sniffer @ git+https://github.com/RedTeamSubnet/ab-sniffer-challenge.git@v5.0.2
13-
ada_detection @ git+https://github.com/RedTeamSubnet/ada-detection-challenge.git@v2.0.0
9+
dev_fingerprinter @ git+https://github.com/RedTeamSubnet/dev-fingerprinter-challenge.git@v2.0.0
10+
ada_detection @ git+https://github.com/RedTeamSubnet/ada-detection-challenge.git@v2.0.2

0 commit comments

Comments
 (0)