25C3: CTF dominated by iphone-dev team, HackMii

25c3ctf

While we had been excited about 25C3’s CTF competition, we couldn’t even venture a guess as to who would win. It seems the iphone-dev team weren’t satisfied to just give an amazing talk. They teamed up with the Wii hackers from HackMii to win the competition. You can see their progress during the eight hour competition above in red. It’s impressive to see hardware hackers jumping over to network security AND completely killing at it.

Comments

  1. TJHooker says:

    They probably learned routing algorithms and buffer overflows way before they started reverse engineering firmware; they’d have to actually.

  2. Zamadatix says:

    amazing bootmii demo video:

  3. blizzarddemon says:

    Impressive, seeing the focus of there groups, I’d bet these guys might also be younger then the rest of the other folks attending. I’ve seen both groups work and I’ve yet to be disappointed.

  4. Pragmatk says:

    There were no buffer overflows.
    Challenges / services:
    – insecure setups / “trojaned” configs
    – An Ada service with a rather obvious backdoor (and some less obvious) + a search flaw which led to revelation (and therefore retrieval) of flags.
    – A real funny perl implementation of BASIC as a CGI-handler. It had some unsanitized open()-calls which enabled arbitrary file reads, command execution through pipes, etc.
    – Some Ruby web service which I must admit I didn’t understand much of.

    [I might have missed one or two there, but you get the concept. There wasn't any "real" overflow-stuff]

    Your age comment is ridiculous, blizzarddemon. Those guys won because they were quick to grasp the system setup and develop methods for systematically collecting the “flags” (hashes) from the other contestants and because of their ability to navigate through the treacherous config files (those were causing our team, the Janet Reno Redemption Fund, real problems – I think three hours passed before we *found* the last two services), not because of their age. I’m 15, and I think the oldest person in our team was 40-something, so we had the whole range covered – so why didn’t we win?! ;o)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 92,278 other followers