Coffee Space


Listen:

Capture the Flag 2016

Introduction

This was a competition run by Deloitte [1], a security consultancy company inviting University students and graduates to test their grey matter in one of their head quarters in London. The competition was in general extremely interesting, not relying on people's abilities to run programs such as metasploit in kali to get told the solution to the problem.

The problems posed in the competition were much more in the practical sense, including the following categories:

The incentive to solving these problems were to get MD5 hashes that in turn translated to points, something that was viewable to all teams at the event to monitor each other's progress.

Further on we will discuss what these challenges entailed and how to complete them.

Rock Paper Scissors Lizard Spock

This challenge basically entails a windows program written to simulate this game played at random with a large number of rounds. This game is built on the theory for the same named game [2]. Entering the set letters for the game, followed by the enter key would allow you to progress. You needed to win all levels in order to gain the key. To play this game at random or with a set move would take a lot of time, hence the reason to solve it in a different way.

The difficulty of the problem was:

Win one round: 1/5 = 0.2
Number of rounds
0.2^15 = 3.2768 x 10^-11

Basically a 1 in 30,517,578,125 chance of getting the correct answer - which is a tonne of times to try the program. On average you would have to try half of the possibilities before getting lucky, saying the program took 50ms to run each time (conservative) - then it would take 762939453.125 seconds. That's 12715658 minutes, 211928 hours, 8830 days or 24 years to us normal folk.

The solution in the end was to patch the random number generation, bringing the number of solutions drastically down to just 5 x 15, or a maximum of 75 attempts to locate the answer. This takes significantly less time than 24 years!

In the air

This challenge used an Arduino and a 433MHz receiver to pick up a transmission in the room. Reading this transmission gave a code that looked a lot like a MD5 hash but was in the wrong format. The message was in 24 bits, with only 10 bits of that information actually changing.

The solution was to sum each of the numbers together in sequence and cast to a char (one or two bytes long). This wasn't based on any standards and was particularly difficult to reverse engineer without there being any clues. No teams managed to solve this problem on the day.

Others

More analysis coming at a later date.

References

  1. Deloitte

  2. Rock Paper Scissors Lizard Spock