image

Capture the flag




Date & Time


30th April 2020

10:00 am - 2:00 pm (PDT GMT-7)

1st May 2020

10:00 am - 12:00 pm (PDT GMT-7)

Winner's bounty


Achievment Prize
Winner bladeRF 2.0
1st runner up YARD Stick One
2nd runner up RTL-SDR kit

Overview


Capture the Signal takes part at Hardwear.io Virtual Con!

Capture the Signal (CTS) is a new challenge-based CTF that focuses exclusively on the reverse engineering of radio signals. This activity is also known as "blind signal analysis" as the signals' specification are unknown to the attacker. This contest is organized by renowned community radio-hackers for researchers, hackers, and practitioners in the field!

Contestants should use their RF-hacking kung-fu and tools like GNURadio, GQRX, URH, Python, C, anything, to examine a series of increasingly complex radio signals to extract key information leading them to the final, exit signal.The game runs virtually, over Internet. The radio signals will be distributed "over IP". The use of IP eliminates the complexity of deploying actual radios and transmitting RF over the air. We use GNURadio for that.

GNURadio natively supports the tunneling of signals via ZeroMQ, so that the players can focus on the real challenge: reverse engineer the protocols without bothering the distribution of the signals. For the same reason, we provide ready-to-use scripts to remotely access the radio streams, as setting up the GNURadio toolchain is time consuming and is not relevant to the core of the challenge.

We also provide a VM image with all needed software to reverse engineer the signals. Of course, participants are welcome in using their own setup.

Each radio signal corresponds to a challenge. The challenges are sorted by difficulty, and each solved challenge gives you access to the next one. In other words, the flag contained in each signal represents the clue to the next radio signal.

Remember to submit the flag to our portal for validation because the more challenges you solve, the more points you gain. Points for challenges are statically assigned and are proportional to the difficulty of the challenge. The first participants to solve a challenge will receive higher number of points. At the end of the competition, the team with highest total points will be named the winner. In the case of two different teams having the same points, whichever team was quickest to reach this high score will be declared the champion.

Check-in


To facilitate the start of the game, for example in configuring your machine e.g. downloading and installing the software we provide to simplify the connection to our infrastructure, we suggest you showing up on Wednesday 29th. Wednesday will be configuration & testing day, and you are welcome to ask questions to the organizers.



Format of the Game


  1. When the game starts, we will officially announce the entry endpoint (ip:port).
  2. The contests should connect to the communicated endpoint to receive the first radio stream, either by using their GNURadio toolchain or the scripts that we supplied.
  3. The first and second signal could be processed using basic signal analysis techniques and visualization software.
  4. The third signal will contain encoded data, likely with simple digital encodings, and the decoded digital data will contain the next hint.
  5. The challenge will continue in this fashion with an increasingly difficult set of digital signals to demodulate and decode.


Participation Prerequisite


  • You will need to register on the scoreboard to submit the flags. (Registration Link)
  • The scoreboard contains all info needed to play, e.g. tools to access the CTS infrastructure. Please read it carefully.
  • CTF team will use Slack for communication & coordination: (Slack Channel )

Disclaimer


We try hard to keep the competition as free and exciting as possible; however we do require teams to adhere to a few simple rules:

  • Show up on time or you’ll miss the briefing
  • No cooperation between teams with independent accounts. Sharing of solutions or providing revealing hints to other teams is cheating: don’t do it!
  • No attacking the competition infrastructure. If bugs or vulns are found, please alert the competition organizers immediately. Hint: you might get free hints for responsible disclosure.
  • Absolutely no sabotaging of other competing teams, or in any way hindering their independent competition progress.
  • No brute forcing of challenge flag/ keys against the scoring server.
  • DoSing the CTF platform or any of the jeopardy challenges services is forbidden.

[Brought to you by @embyte, @phretor, @rfidiot and J.A. with the support by Trend Micro Research, XForce RED and Hardwear.io]