Check a 3D model file against the ModelDirectory provenance registry without trusting ModelDirectory.
When a creator stamps a model, its SHA-256 goes into a registry contract on
Polygon: 0x687F2e6F96288Ac58fe22E2Eb000D1a628aEEB65.
That contract is public. This script hashes your local file and reads the
contract through a public RPC node of your choice, so the answer comes from
the chain, not from us. If you don't trust our default RPC list, pass your
own node with --rpc. If you don't trust this script, it's short enough to
read in a couple of minutes, and the one contract call it makes is documented
in the source.
No install, no dependencies, Python 3.8 or newer:
python3 verify.py model.stl
Output looks like this:
file: model.stl
sha256: 1fdb7a9029014badd25226298a2aebd605a6d254e5b7897fb27f8a2aa2279f2f
contract: 0x687F2e6F96288Ac58fe22E2Eb000D1a628aEEB65 (via https://polygon-bor-rpc.publicnode.com)
polygon: REGISTERED at 2026-02-27T19:10:29+00:00 by 0xe44b46fbff780439ececd7bb26de1a5209a43f8f
Exit code 0 means the hash is in the registry, 2 means it is not.
If you know the model's ModelDirectory id (it's in the page URL), you can also check the signed certificate and the Bitcoin timestamp:
python3 verify.py model.stl --id 7154ac9f-4092-4d4d-b325-2fbf5d1ff9bf
The certificate check needs one extra package (pip install cryptography)
because Ed25519 is not in the Python standard library. Without it the
signature check is skipped and everything else still works.
- polygon: this exact byte sequence was registered at that time. The timestamp comes from the Polygon blockchain, not from our database.
- cert: the certificate the API serves for this model is signed by the ModelDirectory key and covers the same hash as your file.
- bitcoin: the hash is also anchored through
OpenTimestamps. The script reports our
verification result and gives you the raw
.otsproof URL so you can runots verifyyourself with the independent client.
A registry entry proves the file existed at a point in time and who submitted it. It does not by itself prove authorship, and it says nothing about files that were never stamped. ModelDirectory also runs geometric shape matching (re-export and re-mesh detection) on the catalog; that happens server side and is not part of this tool. Details: how verification works.
MIT