DMOJ Capture The Flag '20

Welcome to DMOJ Capture The Flag '20!

This contest will be very different from the standard contests on the DMOJ, so you are recommended to read the entire page.

What is a Capture The Flag (CTF) competition?

The goal of a CTF is to do whatever it takes — exploit, reverse engineer, decrypt, analyze — to retrieve the "flag" from some files that you are given. The "flag" is a secret string hidden in the files. For more information, you can read this Wikipedia section (Note: this is a Jeopardy-style competition, not an attack/defense style competition).

Competition Parameters

This CTF will run from July 22, 2020 12PM to July 27, 2020 12PM. You will have the full contest duration.
The scoreboard will be visible for the entire duration of the CTF.
There will be some number of problems grouped into five categories: General, Forensics, Cryptography, Reversing, and Binary Exploitation. Unfortunately, due to the limitations of running a CTF on the DMOJ, there will not be any Web Exploitation problems.
Each problem will be grouped through the contest ranking label. General problems will be prefixed with G, Forensics with F, Cryptography with C, Reversing with R, and Binary Exploitation with B.
There will be no partials. The "weight" of each problem will be defined in a later section.
The CTF will be run on the Atcoder format with a time penalty of zero. In other words, you will be ranked based on your score, breaking ties with the earliest time taken to achieve that score.
This CTF will be unrated.
There will be no limit on submissions (Note: this is not an open invitation to perform a timing attack).

All problems are created by Ninjaclasher. Special thanks to Zeyu for testing.

Rules

Do not share flags/solutions with other contestants during the entire duration of the CTF.
You are free to use any materials you find on the internet.
Do not attack the judge infrastructure, other contestants, or the problem authors/testers.

Flag Format

All flags will follow the regex ctf{[A-Za-z0-9_]{30,64}}. An example flag is ctf{dmoj_c4ptur3_the_f14g_2020_cb5a6}.

Scoring

To follow the tradition of a CTF, all problems will be assigned a weight of $500$ ~500~ at the beginning of the contest and slowly decrease in weight as more contestants solve them. However, due to the overhead of recomputing problem weights live, we will only recompute problem weights once after the contest. Post contest, each problem will be assigned a weight using the following formulae:

Define $\displaystyle \text{clamp}(a, x, b) = \begin{cases} a & \text{if } x < a \\ x & \text{if } a \le x \le b \\ b & \text{if } b < x \end{cases}$

$\displaystyle \text{score}(x) = -250 \tanh(4x - 1.5) + 285$

Each problem will be assigned a weight of $\lceil \text{clamp}(50, \text{score}(p), 500) \rceil$ , where $p$ ~p~ is $\frac{\text{number of contestants who have solved this problem}}{\text{total number of contestants in the competition}}$ .

Category-Specific Information

We have listed some tips and setup information for the different categories below.

General

You should attempt these problems first. They will not require too much in-depth knowledge of any particular branch of a CTF, and should work on any OS.

Forensics

Google is your best friend :)

Reversing

Some of these problems may contain files that only work on certain architectures or operating systems. You are recommended to have a Virtual Machine ready.

Binary Exploitation

Binary Exploitation problems will utilize the DMOJ's interactive grading. You will be given the source code of the interactor, which will be identical to what the judge runs. Once you have a working exploit, you will need to submit a submission that will run the exploit against the judge's interactor (to print the flag).
Of course, these will all be sandboxed (so anything you are not able to do normally on the judge cannot be done here).

Questions?

If you have any questions or concerns about this competition, please contact Ninjaclasher on Slack at @Ninjaclasher.

Good luck and have fun!

Problems

Problem	Points	AC Rate	Users	Editorials
DMOJ Capture The Flag '20 G1 - Sanity Check	3	68.0%	338	Editorial
DMOJ Capture The Flag '20 G2 - Where's the flag?	3	27.5%	223	Editorial
DMOJ Capture The Flag '20 G3 - Git Gud	5	24.2%	45	Editorial
DMOJ Capture The Flag '20 G4 - All the folders in the world	7	14.0%	9	Editorial
DMOJ Capture The Flag '20 F1 - RGB	3	63.5%	142	Editorial
DMOJ Capture The Flag '20 F2 - Queries & Strings	5	66.3%	50	Editorial
DMOJ Capture The Flag '20 F3 - Four Taps	7	44.2%	22	Editorial
DMOJ Capture The Flag '20 F4 - Wire on Shark	10	38.1%	7	Editorial
DMOJ Capture The Flag '20 C1 - All the bases!	3	61.0%	104	Editorial
DMOJ Capture The Flag '20 C2 - Small RSA	5	39.3%	84	Editorial
DMOJ Capture The Flag '20 C3 - Small AES	7	71.0%	21	Editorial
DMOJ Capture The Flag '20 C4 - Larger Encryption	10	61.5%	8	Editorial
DMOJ Capture The Flag '20 R1 - Classic Java	5	69.2%	25	Editorial
DMOJ Capture The Flag '20 R2 - EZ Assembly	7	53.3%	21	Editorial
DMOJ Capture The Flag '20 R3 - Harder Assembly	7	29.4%	14
DMOJ Capture The Flag '20 R4 - Python Cycles	12	41.9%	13
DMOJ Capture The Flag '20 B1 - Super Secure Pseudorandom Number Generator	5	16.9%	49	Editorial
DMOJ Capture The Flag '20 B2 - Strings	7	16.5%	23
DMOJ Capture The Flag '20 B3 - Classic Buffer Overflow	7	10.7%	25

Comments

5

aropan commented on July 29, 2020, 7:33 p.m.

Thanks for the good contest.

2

Ynng11626 commented on July 28, 2020, 8:20 a.m.

wish I'd got more free points out of this

-17

prophet commented on July 28, 2020, 7:52 a.m. ← edited →

I don't understand how people are getting WA on text submissions. Any string that does not match the flag regex will necessarily fail. It's like submitting a solution that fails the sample test cases. Any competent participant should have a 100% AC rate with Text.

This comment is hidden due to too much negative feedback. Show it anyway.

15

Ynng11626 commented on July 28, 2020, 8:15 a.m. ← edit 2 →

At least for me, sometimes I'd see 32 random characters, and just figure to try it out with ctf{ and } added. I mean, why not? there's no penalty

8

namandude1008 commented on July 26, 2020, 6:00 p.m.

how can we get a demo or any tutorial on how to get started with CTFs?

6

skyflaren commented on July 26, 2020, 10:36 p.m. ← edit 2 →

There's a lot of material online you can look into, here's a few links you might find helpful:

Primer on CTFs: https://www.youtube.com/watch?v=8ev9ZX9J45A Resources: https://picoctf.org/resources.html Multitool: https://gchq.github.io/CyberChef/

In general, I recommend reading write-ups of previous challenges; afaik the author of this contest will be doing editorials after, I highly suggest you to look some over. There's also some websites like ctflearn.com that you can do more practice on, and ctftime.org for future CTFs. Having experience making things like web apps or programs will also definitely help; if you know how something works, you know how to take it apart.

(Also just googling things can definitely help lol)

3

namandude1008 commented on July 27, 2020, 7:16 a.m.

Thanks .

5

Encodeous commented on July 22, 2020, 5:30 p.m.

cout << Ninjaclasher;

15

quentin9909 commented on July 20, 2020, 10:56 p.m.

orz Ninjaclasher

-10

Plasmatic commented on July 21, 2020, 3:59 a.m.

OTL Ninjaclasher

This comment is hidden due to too much negative feedback. Show it anyway.

4

echofox commented on July 21, 2020, 11:29 p.m. ← edited →

STO Ninjaclasher