At even vaguely infosec-related conferences, CTFs are a staple. For KernelCon 2021, [Tyler Rosonke] resolved to create a challenge breaking the traditions, entertaining and teaching people in a different way, while satisfying the constraints of that year’s remote participation plans. His imagination went wild in all the right places, and a beautifully executed multi-step hardware challenge was built – only in two copies!
Story behind the challenge? Your broken spaceship has to be repaired so that you can escape the planet you’re stuck on. The idea was to get a skilled, seasoned hacker solving challenges for our learning and amusement – and that turned out to be none other than [Joe “Kingpin” Grand]!
The modules themselves are what caught our attention. Designed to cover a wide array of hardware hacker skills, they cover soldering, signal sniffing, logic gates, EEPROM dumping and more – and you have to apply all of these successfully for liftoff. If you thought “there’s gotta be a 555 involved”, you weren’t wrong, either, there’s a module where you have to reconfigure a circuit with one!
KernelCon is a volunteer-driven infosec conference in Omaha, and its 2022 installment starts in a month – we can’t wait to see what it brings! Anyone doing hardware CTFs will have something to learn from their stories, it seems. The hacking session, from start to finish, was recorded for our viewing pleasure; linked below as an hour and a half video, it should be a great background for your own evening of reverse-engineering for leisure!
This isn’t the first time we’ve covered [Tyler]’s handiwork, either. In 2020, he programmed a batch of KernelCon badges while employing clothespins as ISP clips. Security conferences have most certainly learned just how much fun you can have with hardware, and if you ever need a case study for that, our review of 2019 CypherCon won’t leave you hanging.
15 thoughts on “Spaceship Repair CTF Covers Hardware Hacker Essentials”
Took me some digging through the ctf tag to figure out it stood for capture the flag.
This ++ Would sure be nice if acronyms were defined, especially as so many are being “repurposed” !
aye that’s fair, my bad! our style guide (which is public, btw!) recommends as much, I’ll take note! ^^
Thanks but even now that I know what CTF stands for I am little wiser. What’s an infosec-related conference?
Am I a) the wrong side of the Atlantic, b) stupider than everyone else, or c) getting too old finish me off now please?
Information security, congregations of hackers.
Neither stupid, not too old. Possibly on the wrong side of the Atlantic…
Soooo, what does capture the flag mean in this context? Is it a race? Is there strategy to what order you do tasks? If someone captures your flag, how do you reclaim it? Is it turn based?
Me too. First pop up was Children’s Tumor Foundationn . . .
I’ve long wanted to build partial-motion fantasy spaceship simulator (think an enclosed trailer with hydraulics or air suspension) where players may have to “reroute power” or “remodulate the phase coils” alongside a game like Artemis. My thought was to make interactive but sci-fantasy-trope systems and the success or failure would be based on a gamemaster’s judgement on your roleplay, but I love the idea of real-world hardware like this.
I’m reminded of that vaporware 0x10C Mojang hyped in the mid 2010s with the simulated programmable spaceship computer and the game was ostensibly about programming it so you could survive.
Of course you can just play Spaceteam. An cooperative shouting game.
An escape room for hackers…
Something similar was actually built by a team at the London Hackspace a few years back. I think they called it the LHS Bikeshed?
YOU again. Would it break your keyboard to spell out an acronym once in an article?
No way Google can be wrong, can it? Google’s top hits says CTF stands for Canadian Tire Bank. Dah.
Please be kind and respectful to help make the comments section excellent. (Comment Policy)