Comments on: iCTF09 – UCSB’s International Capture the Flag Competition

By: Bruce

Bruce — Wed, 19 May 2010 14:09:04 +0000

I wish the question for the side challenge ‘the difference’ could have been more clear.

By: Mike

Mike — Mon, 04 Jan 2010 23:49:58 +0000

@Bryce – Well, all of them eventually, but especially the other four forensics questions. There were a total of five, weren’t there?

By: Bryce Boe

Bryce Boe — Mon, 04 Jan 2010 23:43:55 +0000

@Mike – I don’t believe there have been any write-ups by my colleagues. Are there particular challenges you would like solutions to?

By: Mike

Mike — Mon, 04 Jan 2010 23:38:51 +0000

Have any of your colleagues at UCSB posted the solutions to the challenges they created? If so, please post links to their solutions here… I’m very anxious to find out what the answers were.

Thanks.

By: Bryce Boe

Bryce Boe — Sat, 19 Dec 2009 10:34:01 +0000

@rohit- The difference definitely could have been a clearer, but figuring it out was intended to be half the challenge.

@Saiph- I think both the teams that got it right submitted “sixty-four seventeen” prior to submitting the correct answer. I don’t believe anyone only got to “sixty-four seventeen”.

Regarding figuring out what type of file it is was pretty trivial. First they were given it as “the_difference.png” which, although it could be misleading, should allow one to quickly confirm it is indeed a png. Any good security person will start by using the handy file command which for this file tells:
the_difference.png: PNG image, 393 x 740, 8-bit grayscale, non-interlaced.

I’ll admit when I originally wrote the generator script I assumed it was a RGB png image which is why there are groupings of three pixels. I meant to distribute the single character evenly across a single pixel by adjusting the red, green, and blue in equal parts, which my code was meant to do. However as it’s a greyscale image the result was modifying three adjacent pixels; oh well.

I think if you take a look at the solution code along with the difference values it should be pretty clear how to get the ASCII values.

Regarding your last few questions, I’m not really sure, thus I don’t have an answer for you, sorry.

Thanks for the comment, even if it’s not short and simple

By: Saiph =)

Saiph =) — Fri, 18 Dec 2009 06:24:32 +0000

Diesen Veranstalter glaube ich ist sehr nett =)
ich liebe es sein Blog zu lesen!
….great post. Your challenges are really original. Just out of curiosity, how many teams came up with the string “sixty-four seventeen” and were just missing the subtraction?
I think I also have a bit of a difficulty understanding the difference task. I’m going to write what I understood the teams should do: OK, so teams were given two images, I assume they first read the header of the image to know if the image that was given to them was in RGB format, or YUV, or RGBA. (This isn’t actually that simple I think, because for example with jpg the format specification I think is compressed) Did the teams figure out the format or did everyone assume it was a vector of 3 per pixel? (knowing the format could be very important, because if it’s RGBA you would have a vector of 4 for each pixel instead of a vector of 3. ) So after they knew the format, and considering it was presented in a vector of 3 values: (x,y,z) they needed to subtract the x from image 1, from the x from image two, and do the same for the Y and Z value of the images. They obtained then a vector ( differenceX,differenceY,differenceZ), they then needed to add: differenceX+differenceY+difference Z=overallPixelDifference.
They then got the ascii value of that pixelDifference. And they did the same for all of the pixels of the image, and had as a result the string, with which they then needed to obtain the last difference of 64-17.
Is this correct??
Also, are there these kinds of competition for forensic analysis? Do you think it is more important for companies to give support to forensic analysis, ways in which attacks can be prevented or repaired, rather than investing money in ways to attack an infrastructure?
wow my comment is super long…¬¬ I need to l work on keeping it short and simple. That will be my new year’s resolution!

By: rohit

rohit — Tue, 15 Dec 2009 16:43:07 +0000

I wish the question for the side challenge ‘the difference’ could have been more clear.

By: http://62.141.37.41/blog » Blog Archive » UCSB iCTF 2009 - pwnd by CInsects

Tue, 08 Dec 2009 11:22:32 +0000

[...] Weiterführende Links: [12] Über die Gewinner des UCSB iCTF 2008 [13] Einer der Veranstalter schreibt über seinen Beitrag. [...]

By: Bryce Boe

Bryce Boe — Sun, 06 Dec 2009 19:09:00 +0000

guest- If I’m not mistaken, the flags had to be submitted through the vuln boxes as the teams did not have network access to the submission machine.

By: guest

guest — Sun, 06 Dec 2009 19:05:42 +0000

And big thanks for the challenge, it was very interesting!