Among all the things you could find at MCH2022, there were a few CTFs (Capture The Flag exercises) – in particular, every badge contained an application that you could try and break into – only two teams have cracked this one! [dojoe] was part of one of them, and he has composed an extensive reverse-engineering story for us – complete with Ghidra disassembly of Xtensa code, remote code execution attempts, ROP gadget creation, and no detail left aside.
There was a catch: badges handed out to the participants didn’t contain the actual flag. You had to develop an exploit using your personal badge that only contained a placeholder flag, then go to the badge tent and apply your exploit over the network to one of the few badges with the real flag on them. The app in question turned out to be an echo server – sending back everything it received; notably, certain messages made it crash. One man’s crashes are another man’s exploit possibilities, and after a few hacking sessions, [dojoe]’s team got their well-deserved place on the scoreboard.
If you always thought that firmware reverse-engineering sounds cool, and you also happen to own a MCH2022 badge, you should try and follow the intricately documented steps of [dojoe]’s writeup. Even for people with little low-level programming experience, repeating this hack is realistic thanks to his extensive explanations, and you will leave with way more reverse-engineering experience than you had before.
The MCH2022 badge is a featureful creation of intricate engineering, with the ESP32 portion only being part of the badge – we’re eager to hear about what you’ve accomplished or are about to accomplish given everything it has to offer!
With events of all sizes on hold and live sports mostly up in the air, it’s a great time to think of new ways to entertain ourselves within our local circles. Bonus points if the activity involves running around outside, and/or secretly doubles as a team-building exercise, like [KarelBousson]’s modernized version of Capture the Flag.
Much like the original, the point of this game is to capture the case and keep it for as long as possible before the other team steals it away. Here, the approach is much more scientific: the box knows exactly who has it and for how long, and the teams get points based on the time the case spends in any player’s possession.
Each player carries an RFID tag to distinguish them from each other. Inside the case is an Arduino Mega with a LoRa shield and a GPS unit. Whenever the game is afoot, the case communicates its position to an external Raspi running the game server.
If you haven’t met LoRa yet, check out this seven-part introductory tutorial.
The Air Force is again holding its annual “Space Security Challenge” where they invite you to hack into a satellite to test their cybersecurity measures. There are actually two events. In the first one, $150,000 is up for grabs in ten prizes and the final event offers a $100,000 purse divided among the three top participants (first place takes $50,000).
Before you get too excited, you or your team has to first qualify online. The qualification event will be over two days starting May 22. The qualifying event is set up a bit like the TV show Jeopardy. There is a board with categories. When a team solves a challenge in a category it receives a flag that is worth points as well as getting to unlock the next challenge. Once a challenge is unlocked however, any team could potentially work on it. There are more rules, but that’s the gist of it. At the end of the event, the judges will contact the top 10 teams who will then each have to submit a technical paper.
Continue reading “The United States Air Force Would Like You To Hack Into Their Satellite” →
Nothing says friendship like a reverse engineering challenge on unknown terrain as a birthday present. When [Rikaard] turned 25 earlier this year, his friend [Veydh] put together a Capture the Flag challenge on an ESP8266 for him. As a software guy with no electronics background, [Rikaard] had no idea what he was presented with, but was eager to find out and to document his journey.
Left without guidance or instructions, [Rikaard] went on to learn more about the ESP8266, with the goal to dump its flash content, hoping to find some clues in it. Discovering the board is running NodeMCU and contains some compiled Lua files, he stepped foot in yet another unknown territory that led him down the Lua bytecode rabbit hole. After a detour describing his adjustments for the ESP’s eLua implementation to the decompiler he uses, his quest to capture the flag began for real.
While this wasn’t [Rikaard]’s first reverse engineering challenge, it was his first in an completely unknown environment outside his comfort zone — the endurance he demonstrated is admirable. There is of course still a long way down the road before one opens up chips or counts transistors in a slightly more complex system.
If you want to learn how to defeat computer security, nothing beats hands-on experience. Of course, if you get your hands on someone’s system without their permission, you may end up having a very short training that ends with a jail term. And that’s where capture-the-flag (CTF) events come in.
A CTF is a system of increasingly-difficult challenges that can’t be too easy or too hard. A well-designed CTF teaches all of the participants stuff that they didn’t know, no matter how far they get and what skills they came in with. Designing a good CTF is difficult.
But since it’s also a competition, running one also involves a lot of horrible bookkeeping for the folks running it. Registering teams and providing login pages is the dirty work that you have to do in the background, that takes away time from building the systems which others are going to take apart.
Which is why it’s great that Facebook is opening up their CTF-hosting platform, along with a few starter challenges, for us all to play along. We love CTFs and related hacking challenges. If this spurs the creation of more, we’re all for it. You can find the whole setup on GitHub.
If you’re new to CTFs, here’s an awesome collection of CTF-related material on GitHub to get you started. And if your tastes run more toward hardware hacking, we’ve covered previous firmware CTFs, but frankly there’s a lot more material out there. We feel a feature post coming on…
Thanks [ag4ve] for the unintentional tip!
There’s a great game of capture-the-flag that takes place every year at HITCON. This isn’t your childhood neighborhood’s capture-the-flag in the woods with real flags, though. In this game the flags are on secured servers and it’s the other team’s mission to break into the servers in whatever way they can to capture the flag. This year, though, the creators of the game devised a new scoreboard for keeping track of the game: a lightsaber.
In this particular game, each team has a server that they have to defend. At the same time, each team attempts to gain access to the other’s server. This project uses a lightsaber stand that turns the lightsabers into scoreboards for the competition at the 2015 Hacks In Taiwan Conference. It uses a cheap OpenWRT Linux Wi-Fi/Ethernet development board, LinkIt Smart 7688 which communicates with a server. Whenever a point is scored, the lightsaber illuminates and a sound effect is played. The lightsabers themselves are sourced from a Taiwanese lightsabersmith and are impressive pieces of technology on their own. As a bonus the teams will get to take them home with them.
While we doubt that this is more forced product integration advertisement from Disney, it certainly fits in with the theme of the game. Capture-the-flag contests like this are great ways to learn about cyber security and how to defend your own equipment from real-world attacks. There are other games going on all around the world if you’re looking to get in on the action.
Continue reading “Capture The Flag With Lightsabers” →
Kenshoto, organizer of the official Defcon Capture the Flag contest for the last four years, has stepped down from the position, and thus Defcon is looking for a new organizer for the event. If you’re highly competent, and maybe a little crazy, this might be your chance to step in and run one of the most well-known and prestigious hacking contests in the world. Please understand that the staff is looking for someone who wants to take ownership of the contest and make something new, unique, and challenging, and that Kenshoto has left extremely huge shoes to fill. Merely offering to replicate the existing contest and keep things mostly unchanged isn’t going to cut it.
If you’re up to the challenge, check out Dark Tangent’s post on the Defcon forums (which, for some odd reason, sounds strikingly like his 2005 post calling for a CTF organizer), where he comprehensively lays out what the staff is looking for in a new event organizer. If it jives well with you, get in touch with the Defcon staff, and maybe we’ll be covering your contest later this year.