Defcon CTF 2009


This year's CTF was filled with a little bit more than the usual surprises. First, the biggest right off the bat -- DDTEK was really a front for some of the members of the team formerly known as Sk3wl of R00t (will some of the members now split off to other areas now that DDTEK is taking over?). While the DDTEK guys slipped up their fake-faulty-english enough times that they'd been outed as clearly native speakers, nobody managed to publically suss out for sure who they were before the aware ceremony.

As for the game itself, there was a fair amount of trouble on the first day of the competition (Friday), with a very late start, many blown power circuits and other minor hiccups. The game itself ran a bit longer each day, from 10am-10pm. It was, as promised, very similar to the previous years challenges.

The virtual servers allocated to each team were running OpenBSD 4.4 kernels and FreeBSD 7.2 binaries (along with a few stray Perl apps). Not only were were a bit lighter in number compared to previous years challenges (nearly all--if not all--the binaries were actively exploited during the CTF itself), there were very few outside challenges.

Still, the timing was perfect--no team solved all binaries, and the scores were razor-close down to the wire. TeamAwesome/VedaGodz barely pulled out a win over the Routards with some stronger SLA making the difference.

The scoring was also a bit of a new item -- with a zero sum scoring system, the first team to score on a particular service received a large chunk of points, but as soon as other teams came along and exploited it as well, those points were quickly divided up amongst the teams in proportion to the amount of steals or overwrites they had.

While it made the scoreboard a bit more chaotic, it did keep the competition more tightly packed. Also narrowing the playing field was the fact that no breakthrough points -- it was less important to be the absolute first team to get a binary solved, and more important to be the first one to automate it most strongly. Lots of teams will be re-thinking their strategies this next year and considering how they might adjust their gameplay.

One welcome addition to the scoring metric was key-expiration. By requiring that stolen keys be submitted within a short period of time, you could be assured that no team would make a huge dump of their keys to surprise everyone else. Of course, the fact that Sk3wl of R00t did exactly that on the third day should have been a good indicator that something phishy was going on with their score...

Potential Improvements?

There's not a lot of major improvements to be made -- especially for the first run with DDTEK as organizers. Obviously ironing out the kinks of the first day would be helpful, as well as better/more detailed statistics (of course, they might be intentionally a bit vague to make life harder on teams). A better live scoreboard with updated SLA information would also help teams trying to keep their SLA up have a better handle on what was going on.

A bit more variety in services would always be welcomed -- us web-guys are always shunned by the hardcore binary ninjas.

All in all, an extremely fun challenge, and the binaries here should let anybody else see what kind of craziness the 10 9 teams playing enjoyed this year.


See the files section at the top of the page.

The ctf09home.tgz contains the minimum files necessary to start playing with the binaries without downloading the whole filesystem.

The backupcpio.tgz file is poorly named. It's not a tar file at all, but rather a pure gzipped cpio archive. Extract using:

gunzip < backupcpio.tgz | cpio -i
[ICO]NameLast modifiedSizeDescription
[PARENTDIR]Parent Directory  -  
[   ]backupcpio.tgz2009-08-05 02:52 195MComplete filesystem backup for team CTF host
[   ]ctf09home.tgz2009-08-05 02:38 1.6MMinimal set of binaries from the finals.
[   ]ctf_dc17_binaries.zip2009-11-14 06:32 1.7M 
[   ]ctf_dc17_packets.tbz2009-11-14 08:18 1.4G 
Indices 1.1