Splatoon:
CTF players must know how to paint. Go pick up your paintballs and shoot at the canvas!
Start playing [Splatoon](<http://splatoon-hkcert24.pwnable.hk:5000/>) and claim your championship.
The challenge score is given by the number of pixels you placed on the canvas. The canvas will be cleared at the beginning of each tick, and the paintballs will be handed out in each tick at different times.
[Attachment](<https://github.com/blackb6a/hkcert-ctf-2024-challenges-finals-attachments>)
splatoon.zip
Mini A/D:
[<http://mini-ad-hkcert24.pwnable.hk:5000/>](<http://mini-ad-hkcert24.pwnable.hk:5000/>)
mini-ad.zip
FreqQuest:
Capture the signal using the SDR...? Submit what you have captured [here](<http://sdr-hkcert24.pwnable.hk:5000/>)!
Note
- Phase 0: 145.5 MHz
- Phase 1: 145.5 MHz
- Phase 2: 144 - 146 MHz
- Phase 3: 144 - 146 MHz
- Phase 4: 471.25 MHz
Scoring
- A flag with 16 character, matches regex `^[0-9]{4}[a-z]{1}[a-z0-9]{11}` will be broadcast in every round (5 mins)
- Major change of boradcast method will be initiated every phase
- The score of each team per round will be `300 - seconds take to submit flag`.
- Teams with higher score each round will have a higher rank.
Byte War:
The game Byte War is finally here! 🎮
[Download](<https://github.com/blackb6a/hkcert-ctf-2024-challenges-finals-attachments/tree/main/Byte-War>) the game client and start your adventure NOW!
How to run the game
1. Clone the repository from the link above using git clone.
2. Navigate to the Byte-War folder.
3. Install the required Python modules by running:
`python3 -m pip install -r requirements.txt`
4. Start the game by executing:
`python3 client.py`
How to Win
1. Search for **Byte Tokens** in the public area and bring them back to your base.
2. Collect enough Byte Tokens to **craft a shellcode**.
3. Use shellcode to **upgrade your equipment at your base**. Objective: Upgrade your **star level** as high as possible to secure victory!
Byte Tokens
- Byte Tokens range from 0x00 to 0xFF, excluding 0x0F and 0x05 (a total of 254 tokens).
- Tokens spawn randomly in the public area.
- Each team always has tokens 0x0F and 0x05 available at their base.
- If a token with a specific byte value is missing from the public area (e.g., picked up by a player), a new token with the same byte value will respawn randomly after 20 seconds.
Base
- Each team has its own base, which serves as a safe zone with the following features:
- Bullet Protection: Enemy bullets cannot enter your base.
- Token Reservation: Any Byte Token placed inside your base is considered 'reserved', preventing other players from picking it up.
- Information Terminal: Check the prerequisites for upgrading your equipment.
- Interactive Terminal: Input and submit crafted shellcode to upgrade your equipment.
Shellcode Crafting Guidelines:
- Architecture: The shellcode must be written in amd64 architecture.
- Token Usage: The shellcode must consist only of the byte values of tokens currently placed at your base.
- Syscall Requirement: The shellcode must invoke a syscall at the end to complete the validation and upgrade process.
Equipment
- Star: Determines team rank; has no additional functionality.
- Gun: Shoots bullets with a mouse click.
- Effect: If your bullet hits a player without a barrier, you steal one star level from the victim.
- Boot: Increases movement speed.
- Barrier: Blocks incoming bullets.
Upgrades
You can upgrade equipment in the shop at your base.
- Star: Add 3 to your star level. Higher levels increase your rank but have no additional utility.
- Gun: Add 1 to your gun level. Higher levels reduce shooting cooldown.
- Boot: Increases movement speed (can only be upgraded once).
- Barrier: Add 1 to your barrier level. Higher levels reduce the barrier regeneration cooldown.
Get ready to explore, strategize, and dominate the Byte War battlefield! 🚀
P.S. If you encounter any bugs, lag, server instability, or players flying around… well, welcome to the online gaming industry! 😊
For who is playing Byte War, if you are using Windows, please try to comment line 17 and 18 in game.py
pygame.scrap.init()
pygame.scrap.set_mode(pygame.SCRAP_CLIPBOARD)
or use linux to run the client
Byte-War.zip
Auto RE:
Reverse engineering is too hard without automation :(
Try automate binary analysis as much as possible to stay in the edge!
nc autore-hkcert24.pwnable.hk 1337
Scoring
The score of the team for this challenge is the number of total flags found.
Write an analyzer to automate flag finding in different binaries!
Tuning Keyboard 5.5555: