25C3: CTF Dominated By Iphone-dev Team, HackMii


While we had been excited about 25C3’s CTF competition, we couldn’t even venture a guess as to who would win. It seems the iphone-dev team weren’t satisfied to just give an amazing talk. They teamed up with the Wii hackers from HackMii to win the competition. You can see their progress during the eight hour competition above in red. It’s impressive to see hardware hackers jumping over to network security AND completely killing at it.

4 thoughts on “25C3: CTF Dominated By Iphone-dev Team, HackMii

  1. Impressive, seeing the focus of there groups, I’d bet these guys might also be younger then the rest of the other folks attending. I’ve seen both groups work and I’ve yet to be disappointed.

  2. There were no buffer overflows.
    Challenges / services:
    – insecure setups / “trojaned” configs
    – An Ada service with a rather obvious backdoor (and some less obvious) + a search flaw which led to revelation (and therefore retrieval) of flags.
    – A real funny perl implementation of BASIC as a CGI-handler. It had some unsanitized open()-calls which enabled arbitrary file reads, command execution through pipes, etc.
    – Some Ruby web service which I must admit I didn’t understand much of.

    [I might have missed one or two there, but you get the concept. There wasn’t any “real” overflow-stuff]

    Your age comment is ridiculous, blizzarddemon. Those guys won because they were quick to grasp the system setup and develop methods for systematically collecting the “flags” (hashes) from the other contestants and because of their ability to navigate through the treacherous config files (those were causing our team, the Janet Reno Redemption Fund, real problems – I think three hours passed before we *found* the last two services), not because of their age. I’m 15, and I think the oldest person in our team was 40-something, so we had the whole range covered – so why didn’t we win?! ;o)

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.