This previous weekend, we gathered to compete in PlaidCTF, a competition hosted by Plaid Parliment of Pwning of Carnegie Mellon. The theme they used this time was an evolution of last year’s competition, going from a simple single player RPG to a full multiplayer game where all of the competitors who were logged in could see each other. This was accomplished entirely through HTML5.
The challenges themselves were extremely binary-heavy. Even though the usual spread of categories existed (Reversing, Pwnables, Web, Crypto, Misc, etc…), almost everything relied on reverse engineering to some degree.
In the end, we scored 370 points, putting is in 114th place out of 908 teams. The challenges we managed to solve were….
Unnnnlucky: A misc challenge based on the movie Hackers. This involved finding the account number of the bad guy, which is shown on screen near the end of the movie.
charsheet: A web challenge based around finding the character name of the admin of a Dungeons and Dragons role playing site. Using SQL injection, it was possible to get the site to show a dump of all the characters stored in the database.
hypercomputer 1: A binary challenge similar to another challenge in last year’s PlaidCTF called ‘supercomputer’. The idea is that the program will compute a key, but has several contrived inefficiencies built in to it. To solve the problem, we analyzed the program, then generated patches to speed it up. Common issues were calls to sleep functions (which we could simply remove), and replacing loops which were very slowly multiplying numbers with single instructions.
three eyed fish: Another binary which, at first glance, appeared to do nothing for awhile, then exit. Analysis revealed that the program was actually flashing a code out through the keyboard LEDs (hence the name of the problem), which is not immediately obvious since most people are probably running the program in a virtual machine. By analyzing the order of function calls which were setting the state of the LEDs, and calls to pause the program, we were able to recreate the flashing pattern. Once we had that, we realized that the pattern was actually morse code, which gave us the key.
Overall, there were several very interesting challenges this year. The upcomming writeups should provide us with several insights for future competitions.