Two weeks ago we proposed a Python CTF with a few tickets to HITB KUL to win. Here come the results!

It's time to close the HITB KUL CTF. Nothing is spoiled in this article, so you can still give it a try!

The winners

Three tickets to win, many candidates, who gets the prize?

Player Speed run Medals
commial Fri, 5 Sep 2014 00:17:32 former Qb trainee
kevmod Fri, 5 Sep 2014 02:40:08 Speedy Gonzales
hackedd Fri, 5 Sep 2014 22:31:32  
haypo Sat, 6 Sep 2014 01:53:03  
0vercl0k Sat, 6 Sep 2014 03:06:20 Gollum
Murachue Sat, 6 Sep 2014 07:48:19  
huyna89 Sun, 7 Sep 2014 14:41:20 Jon Snow
iodboi Sun, 7 Sep 2014 21:52:34  
cregnec Mon, 8 Sep 2014 22:09:12  
tlk Tue, 09 Sep 2014 23:14:39  
hakril Thu, 11 Sep 2014 20:57:18  

Speedy Gonzales

kevmod provided a very hackish and efficient solution, but he won't be able to attend to HITB, so congrats to hackedd who gets the prize!

Gollum

Who wants the precioussssss ticket? Some brilliant reports have already been posted online by 0vercl0k [0vercl0k-report] and iodboi [iodboi-report]. haypo also provided a very clean solution. Apparently, it helps to be a core CPython dev! commial acted as a pure reverser and gave us a very complete solution too :-)

Finally the prize goes to 0vercl0k, but he cannot afford to go to Malaysia! haypo comes next then iodboi, then Murachue.

Jon Snow

huyna89, cregnec, tlk and hakril are qualified, in that order. We're contacting them to determine who's willing to go!

A Word on the First Part of the Challenge

Obviously, the first part of the challenge was not carefully crafted by hand, but coldly generated by a translator. The main idea is to turn every instruction into a lambda call that takes a dictionary representing the memory state as input, update it and return it. So all we have to is to write the equation for each kind of instruction :-) You can have a look to https://gist.github.com/serge-sans-paille/79b44dd89f374c96b20f to access the original implementation!

Last Words

That was the first CTF I designed. I tried to provide several ways to solve the challenge so that both brute force, tricks and complete understanding of the challenge would possibly lead to the solution. I was really impressed by the speed and quality of the answers, it seems I am not the only who had fun in the process, so maybe I'll make another... one day ;-)


If you would like to learn more about our security audits and explore how we can help you, get in touch with us!