Two weeks ago we proposed a Python CTF with a few tickets to HITB KUL to win. Here come the results!
It's time to close the HITB KUL CTF. Nothing is spoiled in this article, so you can still give it a try!
Three tickets to win, many candidates, who gets the prize?
Player Speed run Medals commial Fri, 5 Sep 2014 00:17:32 former Qb trainee kevmod Fri, 5 Sep 2014 02:40:08 Speedy Gonzales hackedd Fri, 5 Sep 2014 22:31:32 haypo Sat, 6 Sep 2014 01:53:03 0vercl0k Sat, 6 Sep 2014 03:06:20 Gollum Murachue Sat, 6 Sep 2014 07:48:19 huyna89 Sun, 7 Sep 2014 14:41:20 Jon Snow iodboi Sun, 7 Sep 2014 21:52:34 cregnec Mon, 8 Sep 2014 22:09:12 tlk Tue, 09 Sep 2014 23:14:39 hakril Thu, 11 Sep 2014 20:57:18
kevmod provided a very hackish and efficient solution, but he won't be able to attend to HITB, so congrats to hackedd who gets the prize!
Who wants the precioussssss ticket? Some brilliant reports have already been posted online by 0vercl0k [0vercl0k-report] and iodboi [iodboi-report]. haypo also provided a very clean solution. Apparently, it helps to be a core CPython dev! commial acted as a pure reverser and gave us a very complete solution too :-)
A Word on the First Part of the Challenge
Obviously, the first part of the challenge was not carefully crafted by hand, but coldly generated by a translator. The main idea is to turn every instruction into a lambda call that takes a dictionary representing the memory state as input, update it and return it. So all we have to is to write the equation for each kind of instruction :-) You can have a look to https://gist.github.com/serge-sans-paille/79b44dd89f374c96b20f to access the original implementation!
That was the first CTF I designed. I tried to provide several ways to solve the challenge so that both brute force, tricks and complete understanding of the challenge would possibly lead to the solution. I was really impressed by the speed and quality of the answers, it seems I am not the only who had fun in the process, so maybe I'll make another... one day ;-)