From Hack.lu 2010
This year's CTF contest will be held by FluxFingers, the CTF Team of Ruhr-Universität Bochum (Germany).
FluxFingers have been participating in CTFs since 2007 and are excited to organize their first CTF at hack.lu. The CTF will be challenge-based, similair to e.g. DEFCON Quals, Codegate etc.
Topics include (among others): web security, cryptography, reverse engineering and forensic.
If you have any questions, don't hesitate contacting us at our booth. We might even give you some hints for free beer.
CTF is over, where do I find a mirror?
General Information for the CTF
Ahoy me Landlubbers! The fluxfingers are proud to announce the start of this years' HACK.LU CTF. Some tweet might have already indicated, that it's going to be all about pirates, yarr! We hope that you'll enjoy the CTF and wish you the best luck with looting all the hidden doubloons.
Step 0: Try to remember the SHA1 fingerprint by heart (See ) You should be sure that you are connecting to our site and *our site only*. Especially local teams wouldn't want anyone to steal their flags, right?
Step 1: Register You will have to sign up your team manually on the ctf web page. Local teams are highly encouraged to visit us at our booth near the entrance to ensure being flagged as a local team (see Step 3). Also, notice that there is an announcement page which will also be used to give out hints regarding yet unsolved challenges.
Step 2: Solve as many challenges as possible :)
Step 3: Profit! The award ceremony will be held locally, so completely remote teams will not be able to receive a price and will receive a nice hack.lu t-shirt per mail instead ;). Still you will be having a lot of fun - we promise! Also, have you heard about the prices? Among the prices are an Amazon Kindle, and iPad and so on.. :)
Be sure to visit us on IRC for the latest updates: #ctf / hack.lu
Reminder: The ctf goes from Wed, 27th Oct 11am (CEST) to Fri, 29th Oct 11am CEST (this is in about 20 minutes from now)
Cheers, team fluxfingers
P.S.: We will highly appreciate constructive criticism and are happy to fix all the fuck-ups you will report :)
CTF Dates and Time Information
- Start of the CTF: 27th October, around 11:00 (CEST) - End of the CTF: 29th October, around 11:00 (CEST)
hack.lu CTF Registration is Open
This years Capture-The-Flag (CTF) contest of the hack.lu conference will also be open for remote participants. However there will be only a limited amount of teams accepted for remote participation so don't hesitate to register as early as possible. To do so, please subscribe to the mailing list of the CTF: http://fluxfingers.net/mailman/listinfo/hacklu-ctf Please, use your team-name to register, and only one subscription per team. Once accepted, you will be provided with more information.
--Fluxfingers 22:00, 5 October 2010 (UTC)
The registration for the online CTF will start on 5th October at 22:00 UTC. There will be a limited number of slots available. Teams playing from the Conference don't need to register now.
Solution for the Second Challenge
Here you go: http://reversing.it/solutions.zip
The Second Challenge [Solved by Nibbles]
hack.lu Access Control System v1.0
Here is a hint for the *bonus* challenge:
We're looking for a "golden" key-file that is valid for every name. No BOFs or the like involved. Though its not just math.
1P (easy): "d|?-c:e;(RJ+o`ci"?! 2P (medium): Somebody lost their key. Find any valid name for flux.key and log-in! +0.5P for an unsuspicious "forename surname" solution. 3P (medium): Log-in with a key containing the string "hack.l00"! 5P (hard): Write a keygen for this application! 5P (*bonus*): Rumors have it: Some secret agency backdoored the hack.lu Access Control System!! 0_0 Find out the truth!
Can you trick the hACS?
Mail your solutions to firstname.lastname@example.org and win free access to hack.lu 2010!
The most points in fastest time submitted will be rewarded with one free entrance to the conference.
You have exactly one (1) week (12th September 00:00) to solve the challenge and send us your solution.
Love-letters, complains, bugs and cookies to email@example.com please.
Have fun an good luck
--Fluxfingers 22:00, 5 September 2010 (UTC)
Solution for the First Challenge
It was a substitution cipher where every char got replaced with another and the substitution was case-sensitive. Here is the resulting clear-text:
Alice was beginning to get very tired of sitting by her sister on the bank, and of having nothing to do: once or twice she had peeped into the book her sister was reading, but it had no pictures or conversations in it, 'and what is the use of a book,' thought Alice 'without pictures or conversation?' So she was considering in her own mind (as well as she could, for the hot day made her feel very sleepy and stupid), whether the pleasure of making a daisy-chain would be worth the trouble of getting up and picking the daisies, when suddenly a White Rabbit with pink eyes ran close by her. There was no thing so VERY remarkable in that; nor did Alice think it so VERY much out of the way to hear the Rabbit say to itself, 'Oh dear! Oh dear! I shall be late!' (when she thought it over afterwards, it occurred to her that she ought to have wondered at this, but at the time it all seemed quite natural); but when the Rabbit actually TOOK A WATCH OUT OF ITS WAISTCOAT-POCKET, and looked at it, and then hurried on, Alice started to her feet, for it flashed across her mind that she had never before seen a rabbit with either a waistcoat-pocket, or a watch to take out of it, and burning with curiosity, she ran across the field after it, and fortunately was just in time to see it pop down a large rabbit-hole under the hedge. In another moment down went Alice after it, never once considering how in the world she was to get out again. The rabbit-hole went straight on like a tunnel for some way, and then dipped suddenly down, so suddenly that Alice had not a moment to think about stopping herself before she found herself falling down a very deep well. Either the well was very deep, or she fell very slowly, for she had plenty of time as she went down to look about her and to wonder what was going to happen next. First, she tried to look down and make out what she was coming to, but it was too dark to see anything; then she looked at the sides of the well, and noticed that they were filled with cupboards and book-shelves; here and there she saw maps and pictures hung upon pegs. She took down a jar from one of the shelves as she passed; it was labelled 'ORANGE MARMALADE', but to her great disappointment it was empty: she did not like to drop the jar for fear of killing somebody, so managed to put it into one of the cupboards as she fell past it. 'Well!' thought Alice to herself, 'after such a fall as this, I shall think nothing of tumbling down stairs! How brave they'll all think me at home! Why, I wouldn't say anything about it, even if I fell off the top of the house!' (Which was very likely true.) Down, down, down. Would the fall NEVER come to an end! 'I wonder how many miles I've fallen by this time?' she said aloud. 'I must be getting somewhere near the centre of the earth. Let me see: that would be four thousand miles down, I think--' (for, you see, Alice had learnt several things of this sort in her lessons in the schoolroom, and though this was not a VERY good opportunity for showing off her knowledge, as there was no one to listen to her, still it was good practice to say it over) '--yes, that's about the right distance--but then I wonder what Latitude or Longitude I've got to?' (Alice had no idea what Latitude was, or Longitude either, but thought they were nice grand words to say.) Presently she began again. 'I wonder if I shall fall right THROUGH the earth! How funny it'll seem to come out among the people that walk with their heads downward! The Antipathies, I think--' (she was rather glad there WAS no one listening, this time, as it didn't sound at all the right word) '--but I shall have to ask them what the name of the country is, you know. Please, Ma'am, is this New Zealand or Australia?' (and she tried to curtsey as she spoke--fancy CURTSEYING as you're falling through the air! Do you think you could manage it?) 'And what an ignorant little girl she'll think me for asking! No, it'll never do to ask: perhaps I shall see it written up somewhere.'
The first challenge has already been solved. (See below)
The second (and last) challenge is now online.
More News regarding this will be announced here and on twitter
The CTF will be open to a limited number of teams. The registration procedure will be published in the beginning of September.
Feel free to join our IRC channel:
Server: hack.lu Channel: #ctf
First Challenge [Solved by ENOFLAG]
Break this cipher: