Hacktheon, 2024

Hacktheon, 2024

Sejal Koshta Lv2

April of 2024 offered a fantastic opportunity to compete overseas, the online qualifiers for “Hacktheon, 2024” Capture the Flag Competition.

Well, to advance to the on-site finals, all we needed to do was put together a team of four and play our best.
So, my friends and I formed a team called “Att&ck” under the Beginner category, and in the qualifiers, we ended up in the top 20 to be invited to the finals, which were held in South Korea in June.

This was a much-anticipated opportunity for me and yes, couldn’t have been better if not for a CTF.

Annyeongh Gaseyo South Korea

We packed our bags and landed in Seoul, South Korea on the 17th of June.
The travel was long but worth it. We had to leave for Sejong, the CTF venue on the 18th and hence had one day at hand for roaming around. We visited the famous Namson Tower in Seoul. The view was truly mesmerizing from the top covering all of Seoul and its surrounding mountain peaks and the beautiful Han River.

image

The next day, we set off for Sejong and we were allowed our rooms in the nearby Hotel. I was paired up with Vera from Singapore, whom I already met at GCC, Thailand.

The CTF Day

The D-day was June 19th, and we were prepared for that eight-hour fight.

image

We were provided transport to the CTF venue by the organizers. The event was held at the Government Complex Sejong Convention Center (SCC).

image

Once we reached the venue, we were greeted by the organizers and most importantly, the Mayor of Sejong City. There were also some swags waiting for us at our CTF table, and soon after the welcome speech, the CTF began. There were teams from almost all over the world and we even saw some players pull up their monitors :skull: That was crazy but yes, that also gave us the level of competitiveness and seriousness people have for the game at hand.

8 hours went in quickly and the results were right in front of us.

We secured 7th position on the scoreboard by the end of the CTF and hence were awarded the “Honorable Mention”

image

That night was reserved for celebrations !! :clinking_glasses:

Award Ceremony

The next day was the Award ceremony and yes we got those well-deserved photographs of us standing on the stage receiving the prize.

image

image

Lucky Draw

Another twist to this ceremony was the lucky draw where the audience was handed over a lucky draw ticket and some exciting prizes were waiting for us on the other end.

I would call myself lucky because I managed to win one of those prizes.

image

Short writeups of Reversing Challenges

I mostly attempted and solved Reversing challenges from the CTF, below is a glimpse of some of those challenges

1. Rand

This was an easy Rev challenge, where we only had to crack one simple fact that if there is an instance of the rand() function without any initialization of the srand() function, then by default, srand() seed is considered as 1.

Reversing the entire flag generation function using this srand, gives us the key to retrieve the flag for the challenge.

2. Multi_Arch

For each architecture, we had to write instructions in that particular architecture to set some values in the registers that are already mentioned.

I used Python’s pwn module to extract these values and then wrote the assembly code to assign those values to the mentioned registers.
Later, using context to initialize the architecture, converted the asm to bytecode and supplied it to the binary.

However, this method worked only for the first 2 architectures.
For mips, I utilized keystone for converting the asm to bytecode.

3. Interpreter 1

A cool and slightly difficult challenge than others.
A stripped ELF binary was the handout of this challenge.
After some basic static analysis, we realized that we needed to generate a pattern that should match the pattern hard coded in the binary for the check.

image

Another thing we noticed is a parser for different types of input characters, and that well converts the input chars to the pattern.

image

After this, it didn’t take much while to realise which operations are mapped to which pattern character.

After playing around with the binary a bit, we had the opertions mapped to

8011 - subtract
8010 - addition
8012 - multiplication
8013 - division

This enclosed the meaning of the challenge name “Interpreter”, essentialy the binary takes an equation and gives out the pattern based on the operations and numbers used to calculate the equation using stack.

Once we figured out the right equation, flag was served via nc.

image

Sightseeing and jalgayo!

Once the CTF was done, we planned to utilize the rest of the time in South Korea to explore as much as possible.
We visited different parts of Seoul like Hong dae, Coex Mall, DDP, Myeong Dong Street, and Gangnum.

image

Ciao !!

  • Title: Hacktheon, 2024
  • Author: Sejal Koshta
  • Created at : 2024-08-12 11:48:16
  • Updated at : 2024-08-13 00:31:02
  • Link: https://k1n0r4.github.io/2024/08/12/Hacktheon-2024/
  • License: This work is licensed under CC BY-NC-SA 4.0.
Comments