VBA POST & Hashing problem (BTC-e)

[Rijnsent]

Dear all,

I'm generally solving issues, but am now bumping into a problem myself. I've created code that should enable me to communicate with the BTC-e API ( https://btc-e.com/api/documentation ) through a POST command. I want to create a "simple" getInfo statement, hopefully later I could enter or cancel a trade... But for now my default response is {"success":0,"error":"invalid sign"}. The most bizarre thing: yesterday I tried running it and all of a sudden I got a positive answer back twice: {"success":1,"return":{"funds":{"usd":0,etc...), in between those answers were some 20 failed runs of exactly that same macro... I double checked my hasher with an example (one I could find online) and my hash-function seems to work.

Anybody a clue what could be wrong?

Thanks in advance for an answer,

Koen

Sub TestPOSTBTCe()

Dim APIkey As String
Dim SecretKey As String
Dim NonceUnique As Long
Dim postData As String

Dim SecretKeyByte() As Byte
Dim messagebyte() As Byte
Dim Sign As String

NonceUnique = DateDiff("s", "1/1/1970", Now)

'BTC-e
TradeApiSite = "https://btc-e.com/tapi/"
APIkey = "MY API KEY GOES HERE"
SecretKey = "MY SECRET KEY GOES HERE"
postData = "method=getInfo&nonce=" & NonceUnique
Sign = HexHash(postData, SecretKey, "SHA512")

' Instantiate a WinHttpRequest object and open it
Set objHTTP = CreateObject("WinHttp.WinHttpRequest.5.1")
objHTTP.Open "POST", TradeApiSite, False
objHTTP.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"
objHTTP.SetRequestHeader "Key", APIkey
objHTTP.SetRequestHeader "Sign", Sign
objHTTP.Send (postData)
objHTTP.WaitForResponse

Debug.Print postData, "-", objHTTP.ResponseText

Set objHTTP = Nothing

'{"success":0,"error":"invalid sign"}
'{"success":1,"return":{"funds":{"usd":0,"btc": ETC...

End Sub


Function HexHash(ByVal clearText As String, ByVal key As String, Meth As String) As String
    
    Dim hashedBytes() As Byte
    Dim i As Integer
    
    hashedBytes = computeHash(clearText, key, Meth)
    HexHash = ""
    For i = 0 To UBound(hashedBytes)
        HexHash = HexHash & LCase(HEX(hashedBytes(i)))
    Next
    
End Function
Function computeHash(ByVal clearText As String, ByVal key As String, Meth As String) As Byte()

    Dim BKey() As Byte
    Dim BTxt() As Byte
    
    BTxt = StrConv(clearText, vbFromUnicode)
    BKey = StrConv(key, vbFromUnicode)
    
    If Meth = "SHA512" Then
        Set SHAhasher = CreateObject("System.Security.Cryptography.HMACSHA512")
    ElseIf Meth = "SHA256" Then
        Set SHAhasher = CreateObject("System.Security.Cryptography.HMACSHA256")
    Else
        Set SHAhasher = CreateObject("System.Security.Cryptography.HMACSHA1")
    End If
    
    If key <> "" Then
        SHAhasher.key = BKey
    Else
    End If
    computeHash = SHAhasher.computeHash_2(BTxt)
    Set SHAhaser = Nothing
End Function

 

[dehhh]

I just got in the same situation as you rijnsent: most of the time the code doesn't work and give back the message "invalid sign". But out-of-the-blue, it works for 1 to 2 times and then it gets back to returning errors.


I really have no idea on how to solve this...


Your last post was in Jan...have you solved it since then?
Anybody got ideas?


Thanks!

 

[Rijnsent]

Hi dehhh,
for me, the project has been shelved for a while, so I did build a tool to grab all the public API data (depths) of 7 exchanges, that works like a charm, but the private API remains a showstopper. If you fancy trying to build something together, just PM me.
Cheers,
Koen

 

[Kyle123]

Having had a quick scan, I don't think you're implementing the nonce value properly. The api docs state that it should be an incrementing int, you are just sending a randomly generated int that will be higher than the last. All the api wrappers in the examples increment for each request starting at 1.

 

[Rijnsent]

Hi Kyle,
thanks, will give that a try, the code i created is mimiced from php and javascript examples i found online, but it's indeed not always +1.
Cheers,
Koen

 

[dehhh]

I tested the nonce...the generator is fine, it matches the values I get in a python code I have (which works with the exchange API). The nonce must always be higher than the previous nonce sent via POST. The line of code used NonceUnique = DateDiff("s", "1/1/1970", Now) guarantees that because it calculates the Unix Epoch time, which is always increasing.


The most bizarre thing is that the code always returned "Invalid Sign". Then, suddenly, it worked twice and returned my account balances. But after that, never more, only the "Invalid Sign"...

 

[Kyle123]

Have you compared the request in fiddler that VBA sends to the request generated by the Python wrapper?

 

[dehhh]

good idea, I'm gonna try that out, will get back as soon as I have both of them

thanks

 

[dehhh]

so i used fiddler to analyze both requests. i created a dummy request with some random parameters so that we can compare each other.

both responses seem the same to me (sign is the same). the only difference is that VBA request has some other parameters included. here is the Raw Data that fiddler got:

Python

POST https://btc-e.com/tapi HTTP/1.1Host: btc-e.com
Accept-Encoding: identity
Content-Length: 27
Content-type: application/x-www-form-urlencoded
Key: your-api-key-here
Sign: 7c8ba766e0d3358571becfac67eb3d6882c91d9f73e3a9523235417207cfa0b0a4c4e5c5de7a147f7ddb0732bba246a6afbab1f33e6ba6af18b86943c94a701c


nonce=123456&method=getInfo

VBA

POST https://btc-e.com/tapi/ HTTP/1.1Accept: */*
Accept-Language: pt-br
Content-Type: application/x-www-form-urlencoded
sign: 7c8ba766e0d3358571becfac67eb3d6882c91d9f73e3a952323541727cfa0b0a4c4e5c5de7a147f7ddb732bba246a6afbab1f33e6ba6af18b86943c94a701c
key: your-api-key-here
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; X2X19; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MAAU; .NET4.0C; .NET4.0E)
Host: btc-e.com
Content-Length: 27
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: __cfduid=d268430af05855b01ed85b1e37ce6df681395465189467


nonce=123456&method=getInfo

Any ideas?

Thanks

 

[dehhh]

I finally figured out what was the problem: the HexHash function was screwing up the signature!

Looking at my post above, at first one would say that both signatures are the same. But taking a close look (first one is VBA):
7c8ba766e0d3358571becfac67eb3d6882c91d9f73e3a952323541727cfa0b0a4c4e5c5de7a147f7ddb732bba246a6afbab1f33e6ba6af18b86943c94a701c
7c8ba766e0d3358571becfac67eb3d6882c91d9f73e3a9523235417207cfa0b0a4c4e5c5de7a147f7ddb0732bba246a6afbab1f33e6ba6af18b86943c94a701c

Some chars are missing in the VBA one! A small change in the function did the trick:

Function HexHash(ByVal clearText As String, ByVal key As String, Meth As String) As String
    
    Dim hashedBytes
    Dim i As Integer
    
    hashedBytes = computeHash(clearText, key, Meth)
    HexHash = ""
    
    For i = 1 To LenB(hashedBytes)
        HexHash = HexHash & LCase(Right("0" & Hex(AscB(MidB(hashedBytes, i, 1))), 2))
    Next
    
End Function

Cheers,
Andre