RuCTF 2015: tank battles "white hackers"

Hi, Habr. I want to tell you about the largest and most authoritative inter-university information protection competition in Russia - RuCTF . I am sure many of you know what it is, some of you do not even hearsay. Moreover, after searching a little over the hubs, I found several attempts of varying degrees of success to tell about this movement, but they were all made quite a long time ago (3-6 years ago), and since then RuCTF has not stopped evolving. Competitions have become much more interesting, and also this year they reached the international level - teams from China and Belarus took part in the final final competition. So I will take the liberty to raise this topic again and tell more about this very final.



How it all began

For the first time, computer security competitions in the CTF (Capture the flag) game format took place more than twenty years ago at the DEF CON hacker conference in the USA. Since then, they have been conducted in various formats around the world. Every year they attract the strongest teams from different countries. In 2014, the 22nd in the history of DEF CON CTF was held in Las Vegas.



In Russia, RuCTF — the first open intercollegiate competitions in information protection according to the international rules “Capture the flag” —was first held in 2007 at the then Ural State University. A.M. Gorky. The very next year, RuCTF competitions acquired the status of All-Russian.

')





RuCTF 2015

Since the feet of RuCTF grow from Yekaterinburg, it is there, at the Ural Federal University, the annual finals are held. Normally, before the RuCTF final, qualifying competitions were held online, but this year the rules have changed. A chance to get into the face-to-face RuCTF 2015 final is now the successful performance of the team at RuCTFE 2014 - the international online information protection contest held since 2009 by the RuCTF developers - the Hackerdom team (Ekaterinburg). In November 2014, 322 teams from around the world took part in the RuCTFE competition. For the final, ten best Russian teams were selected from among them + two teams — winners of the friendly regional Russian CTF competitions DvCTF 2014 (Vladivostok) and VolgaCTF 2014 (Samara).

This year, RuCTF was held on April 24-27, in the first two days the organizers held a traditional conference, which is attended annually by well-known information security specialists, task developers, team members who have something to say. For example, this year a famous programmer Dmitry Sklyarov spent several days at RuCTF. RuCTFE 2014 developer Alexander Bersenev spoke at the conference and spoke about the network and infrastructure of international online competitions, as well as representatives of Russian and international IT companies. By the way, the competition has been supporting WebMoney, SKB Kontur, the Ministry of Communications and others for more than a year.

In addition to participating in the conference, the finalists of RuCTF 2015 competed in two competitions: the team quest “Hack the tank!” And the individual championship of the All-Russian Olympiad in Information Security.











"Hack the tank!"

In recent years, the participants of the competition managed to catch the fancy of the “Hack the tank!” Competition prepared by the team of the CSR of the Ministry of Defense of the Russian Federation together with the IPO ARSIB . To do this, we built a special labyrinth-polygon. The competition involved models of the legendary T-34 and KV-1C tanks, equipped with webcams, memory (Micro SD for 8 gigs), Wi-Fi adapters and RFID tag readers that were glued to the floor. Tanks moved thanks to virt2real, a platform for remote control and video broadcasting via Wi-Fi. The teams' task was to be at a distance from the landfill and not being able to observe the movement in it from the side, to gain access to the tanks in the maze and collect the most RFID tags. In fact, in the “Hack the tank!” Quest, RFID tags played the role of flags, as in conventional CTF competitions: to receive them, the participating teams could intercept the control of tanks and earn extra points in the final results table.



Technically, this was implemented as follows. The tanks were united in a network divided into two access points, each of which held 4 cars. Access points were distributed to remote channels so as not to interrupt each other. And each individual tank was given its own virtual network. The chip was all in routing between networks. For example, the team decided in the course of the competition task (CTF-task) and received for this "coin". "Coin" used in the service, called the "slot machine". The system registered it and changed the routing scheme so that the network packets from the team got into the virtual network of one of the tanks. There are fewer tanks than teams, therefore, having gained access to the tank, the team involved in the “bouncer” of one of the rivals who previously controlled the tank. Thus, the network connectivity between the team and the tank could appear and disappear in a dynamic mode.



There were no services with vulnerabilities in this competition (“Hack the tank!”), But there were tasks from various categories - reverse engineering, forsensics (“computer forensics”), steganography, IS legislation, mathematics, physics, and even a quiz on Great World War II. To solve problems, participants also needed to demonstrate knowledge of the LLVM device, network traffic analysis and intelligence on the Internet. In total, the teams had 4 hours for the competition and organizational moments.







Final match

This year, 17 teams participated in the standings in the final table, five of which, including school teams, were out of the standings. A list of commands can be found here .

The tasks for the final were developed by Ekaterinburg residents - CTF-team “Hackerdom” (UrFU), one of the top ten world teams and the top three Russian leaders. Throughout the day, teams competed among themselves in the field of cryptography, web vulnerabilities, and operating system administration for non-standard processor architectures.



This year, the participants were provided with Raspberry Pi 2 Model B microcomputers, which, despite their small size, differ in quite impressive characteristics. In addition, each team also had a board controlled by the Ukral Multiklet processor. Participants had the opportunity to investigate and operate six services, two in scripting programming languages, two for reverse engineering, one binary with source codes and a separate service for working with Multiklet. Of the features it can be noted that the Raspberry Pi has a processor on the ARM architecture, which is not as researched and trained as x86, but is available in any desktop computer. As always, a very wide range of programming languages ​​and technologies was used, including C ++, Python, Perl, Go, F #. Well, the main feature of this year was the aforementioned Multiklet. Of course, the teams could learn more about him as part of the report at the conference, but, nevertheless, he presented considerable difficulty even being quite simple from the point of view of logic.







As a result, in the course of the competition the final skorbord sometimes gave very unexpected results. For example, from time to time, schoolchildren and a team of students from China found themselves at the 1st place at the All-Russian student information protection competitions. According to the rules of competition, these teams competed out of scoring. By the middle of the game, the Noobs4Win team from UrFU began to occupy a confident position of the leaders - it remained at the very top line in the final table, winning a victory.



The second place in the final of All-Russian inter-university information protection competitions RuCTF 2015 was taken by the Honeypot team from Vladimir State University, the third place - by the Leet More team (NIU ITMO, St. Petersburg). Thus, the challenge cup of the competition until next year remains in Yekaterinburg, the city where the RuCTF competitions were born.



If you are interested and would like to try the strength of your student team in such an event, then I just need to remind once again that to get to the RuCTF final you need to “just” successfully compete in the online battle of the “White hackers” RuCTFE and get into its final table in the top 10 Russian teams. Successes!