Merge remote branch 'fozzie/master'

This commit is contained in:
Neale Pickett 2011-02-08 14:55:27 -07:00
commit 309b8572f2
76 changed files with 1638 additions and 427 deletions

View File

@ -19,4 +19,4 @@ clean: packages-clean
scrub: clean scrub: clean
rm -rf $(CACHE) rm -rf $(CACHE)
include packages/packages.mk -include */*.mk

View File

@ -11,48 +11,61 @@ There are 5 tokens hidden in this message. Can you find them all?
--eJwryC8uSS0qtqpIzc1P1i3OT86vAABObgfA --eJwryC8uSS0qtqpIzc1P1i3OT86vAABObgfA
Content-type: text/plain; charset=UTF-8 Content-type: text/plain; charset=UTF-8
Are you ready for CTF? CTF starts TOMORROW! Do you have sufficient stores of Mountain Dew?
The teams are in and it looks like this year's CTF is going to be about This is CMU's first ever CTF, so please be ready for a couple of
double the size of last year. I've posted teams at hiccups. Likewise, we expect you to be totally lost for a while, as you
<http://dirtbags.net/ctf>. get your bearings. While we tried to cover everything in the
registration web page, here are some points worth repeating:
If you came last year, there are some changes in store for you. I've Your machine really ought to have netcat and nmap, and whatever
done away with the weird boxes at each table, so there's no need to programming language(s) you prefer. An Ubuntu live CD has, at past
bring a monitor or keyboard. What you really need to be a sysadmin this contests, not been sufficient. It's also a good idea to make sure your
year is netcat and nmap. We will *not* provide an Internet connection, computer works before you show up. Time is precious, don't spend yours
so figure out now how you're going to get onto the Internet (you will installing an operating system.
need it).
We will have a switch at each table with gobs of ports, but you should
bring your own network cable. We will *not* provide an Internet
connection, so figure out now how you're going to get onto the Internet
(you will need it).
If you have any questions, or would just like to hang out and shoot the If you have any questions, or would just like to hang out and shoot the
breeze, feel free to hop on IRC (server woozle.org, channel #ctf). breeze, feel free to hop on IRC (server woozle.org, channel #ctf).
I hope you all have as much fun playing this as I've had building it! We hope you have as much fun playing this as we're going to have
watching you work!
zephyr The Dirtbags
PS: are you aware of how much data can be hidden in a single email?
--eJwryC8uSS0qtqpIzc1P1i3OT86vAABObgfA --eJwryC8uSS0qtqpIzc1P1i3OT86vAABObgfA
Content-type: text/html; charset=UTF-8 Content-type: text/html; charset=UTF-8
<p>Are you ready for CTF?</p> <p>CTF starts TOMORROW! Do you have sufficient stores of Mountain Dew?</p>
<p>The teams are in and it looks like this year's CTF is going to be <p>This is CMU's first ever CTF, so please be ready for a couple of
about double the size of last year. I've posted teams at hiccups. Likewise, we expect you to be totally lost for a while, as you
<a href="http://dirtbags.net/ctf" class="posters">http://dirtbags.net/ctf</a>.</p> get your bearings. While we tried to cover everything in the
registration web page, here are some points worth repeating:</p>
<p>If you came last year, there are some changes in store for you. I've <p>Your machine really ought to have netcat and nmap, and whatever
done away with the weird boxes at each table, so there's no need to programming language(s) you prefer. An Ubuntu live CD has, at past
bring a monitor or keyboard. What you really need to be a sysadmin this contests, not been sufficient. It's also a good idea to make sure your
year is netcat and nmap. We will <i class="xalep">not</i> provide an computer works before you show up. Time is precious, don't spend yours
Internet connection, so figure out now how you're going to get onto the installing an operating system.</p>
Internet (you will need it).</p>
<p>If you have any questions, or would just like to hang out and shoot <p>We will have a switch at each table with gobs of ports, but you should
the breeze, feel free to bring your own network cable. We will *not* provide an Internet
<a href="irc://woozle.org/ctf" class="mikex">hop on IRC (server woozle.org, channel #ctf)</a>.</p> connection, so figure out now how you're going to get onto the Internet
(you will need it).</p>
<p>I hope you all have as much fun playing this as I've had building it!</p> <p>If you have any questions, or would just like to hang out and shoot the
breeze, feel free to hop on IRC (server woozle.org, channel #ctf).</p>
<p>zephyr</p> <p>We hope you have as much fun playing this as we're going to have
watching you work!</p>
<p><a href="http://dirtbags.net/#have_you_examined_the_email_closely?">The Dirtbags</a></p>
--eJwryC8uSS0qtqpIzc1P1i3OT86vAABObgfA-- --eJwryC8uSS0qtqpIzc1P1i3OT86vAABObgfA--
cbfgref:krzbp-fbpbk cbfgref:krzbp-fbpbk

View File

@ -0,0 +1,71 @@
From: The Dirtbags <zephyr@dirtbags.net>
To: RECIP
Subject: WIN BIG AT CAPTURE THE FLAG!!!
Message-ID: <cG9zdGVyczp4YW5hZC1wb2xveA==@dirtbags.net>
MIME-Version: 1.0
Content-type: multipart/alternative; boundary=eJwryC8uSS0qtqpIzc1P1i3OT86vAABObgfA
X-Face: '8$#2%$m/.;29z5"5"/
There are 5 tokens hidden in this message. Can you find them all?
--eJwryC8uSS0qtqpIzc1P1i3OT86vAABObgfA
Content-type: text/plain; charset=UTF-8
CTF starts TOMORROW! Do you have sufficient stores of Mountain Dew?
This is CMU's first ever CTF, so please be ready for a couple of
hiccups. Likewise, we expect you to be totally lost for a while, as you
get your bearings. While we tried to cover everything in the
registration web page, here are some points worth repeating:
Your machine really ought to have netcat and nmap, and whatever
programming language(s) you prefer. An Ubuntu live CD has, at past
contests, not been sufficient. It's also a good idea to make sure your
computer works before you show up. Time is precious, don't spend yours
installing an operating system.
We will have a switch at each table with gobs of ports, but you should
bring your own network cable. We will *not* provide an Internet
connection, so figure out now how you're going to get onto the Internet
(you will need it).
If you have any questions, or would just like to hang out and shoot the
breeze, feel free to hop on IRC (server woozle.org, channel #ctf).
We hope you have as much fun playing this as we're going to have
watching you work!
The Dirtbags
PS: are you aware of how much data can be hidden in a single email?
--eJwryC8uSS0qtqpIzc1P1i3OT86vAABObgfA
Content-type: text/html; charset=UTF-8
<p>CTF starts TOMORROW! Do you have sufficient stores of Mountain Dew?</p>
<p>This is CMU's first ever CTF, so please be ready for a couple of
hiccups. Likewise, we expect you to be totally lost for a while, as you
get your bearings. While we tried to cover everything in the
registration web page, here are some points worth repeating:</p>
<p>Your machine really ought to have netcat and nmap, and whatever
programming language(s) you prefer. An Ubuntu live CD has, at past
contests, not been sufficient. It's also a good idea to make sure your
computer works before you show up. Time is precious, don't spend yours
installing an operating system.</p>
<p>We will have a switch at each table with gobs of ports, but you should
bring your own network cable. We will *not* provide an Internet
connection, so figure out now how you're going to get onto the Internet
(you will need it).</p>
<p>If you have any questions, or would just like to hang out and shoot the
breeze, feel free to hop on IRC (server woozle.org, channel #ctf).</p>
<p>We hope you have as much fun playing this as we're going to have
watching you work!</p>
<p><a href="http://dirtbags.net/#have_you_examined_the_email_closely?">The Dirtbags</a></p>
--eJwryC8uSS0qtqpIzc1P1i3OT86vAABObgfA--
cbfgref:krzbp-fbpbk

BIN
doc/2011-01-CMU/thanks.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 81 KiB

BIN
doc/2011-01-CMU/thanks/blob Normal file

Binary file not shown.

Binary file not shown.

After

Width:  |  Height:  |  Size: 81 KiB

BIN
doc/2011-01-CMU/thanks/thanks Executable file

Binary file not shown.

View File

@ -0,0 +1,19 @@
char *t = (
"Thank you for helping make Capture The Flag a success! We couldn't"
"have done it without you."
"As our way of saying thank you, we humbly offer this image"
"proclaiming you to be a cool person. Please feel free to print"
"off a copy of this image and post it in your window, over your"
"pannier, on your forehead, or wherever else you feel is appropriate."
"Sincerely,"
" The Dirtbags"
);
#include <stdio.h>
int main(){char*p=t;while(1){int
c=getchar();if(EOF==c)break;
putchar(c^*p);if(!*++p)p=t;}return
0;}

Binary file not shown.

After

Width:  |  Height:  |  Size: 81 KiB

View File

@ -0,0 +1,371 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
width="765"
height="990"
id="svg6189"
sodipodi:version="0.32"
inkscape:version="0.46"
sodipodi:docname="thanks.svg"
inkscape:output_extension="org.inkscape.output.svg.inkscape"
version="1.0"
inkscape:export-filename="/home/neale/src/ctf/doc/2011-01-CMU/thanks.png"
inkscape:export-xdpi="150.14934"
inkscape:export-ydpi="150.14934">
<defs
id="defs6191">
<inkscape:perspective
sodipodi:type="inkscape:persp3d"
inkscape:vp_x="0 : 526.18109 : 1"
inkscape:vp_y="0 : 1000 : 0"
inkscape:vp_z="744.09448 : 526.18109 : 1"
inkscape:persp3d-origin="372.04724 : 350.78739 : 1"
id="perspective6197" />
</defs>
<sodipodi:namedview
id="base"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
gridtolerance="10000"
guidetolerance="10"
objecttolerance="10"
inkscape:pageopacity="1"
inkscape:pageshadow="2"
inkscape:zoom="0.98994949"
inkscape:cx="422.51351"
inkscape:cy="616.26542"
inkscape:document-units="px"
inkscape:current-layer="layer1"
showgrid="false"
inkscape:window-width="700"
inkscape:window-height="1006"
inkscape:window-x="0"
inkscape:window-y="14"
inkscape:window-maximized="0" />
<metadata
id="metadata6194">
<rdf:RDF>
<cc:Work
rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
</cc:Work>
</rdf:RDF>
</metadata>
<g
inkscape:label="Layer 1"
inkscape:groupmode="layer"
id="layer1">
<text
xml:space="preserve"
style="font-size:20px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Nimbus Mono L;-inkscape-font-specification:Nimbus Mono L"
x="180.31223"
y="241.71477"
id="text6815"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
id="tspan6817"
x="180.31223"
y="241.71477" /></text>
<text
xml:space="preserve"
style="font-size:40px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:100%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;font-family:URW Gothic L;-inkscape-font-specification:URW Gothic L"
x="166.99641"
y="77.913406"
id="text2833"
sodipodi:linespacing="100%"><tspan
sodipodi:role="line"
id="tspan2835"
x="166.99641"
y="77.913406">Capture the Flag 2011</tspan></text>
<text
xml:space="preserve"
style="font-size:20px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Nimbus Mono L;-inkscape-font-specification:Nimbus Mono L"
x="501.03568"
y="132.38049"
id="text2533"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
x="501.03568"
y="132.38049"
id="tspan2537" /></text>
<text
sodipodi:linespacing="125%"
id="text2545"
y="114.27893"
x="368.68829"
style="font-size:20px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;font-family:URW Gothic L;-inkscape-font-specification:URW Gothic L"
xml:space="preserve"><tspan
y="114.27893"
x="368.68829"
sodipodi:role="line"
id="tspan2553">at</tspan></text>
<g
id="g7134"
transform="matrix(-1,0,0,1,251.1405,-389.69456)">
<path
style="fill:#f1e06b;fill-opacity:1;stroke:none"
d="m 137.85847,492.90822 c 0,3.4517 0.37818,26.7723 1.09535,30.00926 1.76377,8.88016 7.47321,13.99286 16.04706,15.93879 3.98502,0.74326 8.51783,-15.55472 13.43722,-15.64555 4.91939,-0.0908 10.22535,16.0255 15.75668,16.0255 5.55727,0 10.88704,-16.12546 15.82585,-16.0506 4.9388,0.0749 9.48664,16.35005 13.48001,15.57939 9.04184,-1.50027 13.76948,-7.68418 15.99884,-16.13965 0.67582,-3.14707 1.03162,-26.36915 1.03162,-29.71714 0,-25.57306 -20.75867,-46.328 -46.33632,-46.328 -25.57764,0 -46.33631,20.75494 -46.33631,46.328 z"
id="path4877"
sodipodi:nodetypes="cccsssccssc"
inkscape:connector-curvature="0" />
<path
style="fill:#ececec;fill-opacity:1;stroke:none"
d="m 230.72045,434.68054 -7.07106,-9.19239 0,37.47666 7.07106,0 0,-28.28427 z"
id="path4879"
sodipodi:nodetypes="ccccc"
inkscape:connector-curvature="0" />
<path
style="fill:#00003f;fill-opacity:1;stroke:none"
d="m 232.29339,460.559 -9.25,0 0,57.75 9.25,-3.50001 0,-54.24999 z"
id="path4881"
sodipodi:nodetypes="ccccc"
inkscape:connector-curvature="0" />
<path
style="fill:#2b1100;fill-opacity:1;stroke:none"
d="m 184.18776,446.57997 c 25.57765,0 46.34376,20.7661 46.34375,46.34375 0,3.34859 -0.35543,26.57111 -1.03125,29.71875 -2.22935,8.457 -6.95816,14.62446 -16,16.125 -3.99338,0.77079 -8.56119,-15.48763 -13.5,-15.5625 -4.93881,-0.0749 -10.25524,16.03125 -15.8125,16.03125 -5.53133,0 -10.83062,-16.12209 -15.75,-16.03125 -4.91938,0.0909 -9.45248,16.39964 -13.4375,15.65625 -8.57385,-1.94628 -14.29873,-7.05576 -16.0625,-15.9375 -0.71716,-3.23754 -1.09374,-26.54769 -1.09375,-30 0,-25.57765 20.7661,-46.34374 46.34375,-46.34375 z m -26.5,24.0625 c -8.39444,-10e-6 -18.05691,4.89815 -18.17896,11.91762 -0.1329,7.51837 9.53454,14.26988 17.92896,14.26988 5.93958,10e-6 11.30965,-3.1877 13.8125,-8.15625 2.2337,5.62139 7.46096,9.34375 13.875,9.34375 8.39442,-10e-6 30.84979,-8.1589 30.5766,-14.53977 -0.18827,-4.3975 -21.93218,-11.61648 -30.3266,-11.61648 -5.94605,0 -12.06269,3.92892 -14.5625,8.90625 -2.23266,-5.62356 -6.7094,-10.125 -13.125,-10.125 z"
id="path4883"
sodipodi:nodetypes="csccsssccsccsscssscc"
inkscape:connector-curvature="0" />
<path
style="fill:#ff0000;fill-rule:evenodd;stroke:none"
d="m 240.04339,480.05901 c 0,0 -10.25,-16 -11.25,-9.5 -1,6.5 8,7.5 11.25,9.5 z"
id="path4885"
inkscape:connector-curvature="0" />
<path
id="path4887"
d="m 244.20661,472.0655 c 0,0 -18.96174,-1.23088 -13.75664,-5.25046 5.2051,-4.01957 10.43404,3.37354 13.75664,5.25046 z"
style="fill:#ff0000;fill-rule:evenodd;stroke:none"
inkscape:connector-curvature="0" />
<path
sodipodi:type="arc"
style="fill:#ffffff;fill-opacity:1;stroke:none"
id="path4889"
sodipodi:cx="239.5"
sodipodi:cy="417.86218"
sodipodi:rx="15.5"
sodipodi:ry="15.5"
d="m 255,417.86218 c 0,8.56042 -6.93959,15.5 -15.5,15.5 -8.56041,0 -15.5,-6.93958 -15.5,-15.5 0,-8.56041 6.93959,-15.5 15.5,-15.5 8.56041,0 15.5,6.93959 15.5,15.5 z"
transform="matrix(-0.7128664,0,0,0.7128664,326.76806,186.37608)" />
<path
sodipodi:type="arc"
style="fill:#000000;fill-opacity:1;stroke:none"
id="path4891"
sodipodi:cx="239.5"
sodipodi:cy="417.86218"
sodipodi:rx="15.5"
sodipodi:ry="15.5"
d="m 255,417.86218 c 0,8.56042 -6.93959,15.5 -15.5,15.5 -8.56041,0 -15.5,-6.93958 -15.5,-15.5 0,-8.56041 6.93959,-15.5 15.5,-15.5 8.56041,0 15.5,6.93959 15.5,15.5 z"
transform="matrix(-0.4369181,0,0,0.4369181,257.11412,302.3973)" />
<path
transform="matrix(-0.7128664,0,0,0.7128664,355.28271,186.37608)"
d="m 255,417.86218 c 0,8.56042 -6.93959,15.5 -15.5,15.5 -8.56041,0 -15.5,-6.93958 -15.5,-15.5 0,-8.56041 6.93959,-15.5 15.5,-15.5 8.56041,0 15.5,6.93959 15.5,15.5 z"
sodipodi:ry="15.5"
sodipodi:rx="15.5"
sodipodi:cy="417.86218"
sodipodi:cx="239.5"
id="path4893"
style="fill:#ffffff;fill-opacity:1;stroke:none"
sodipodi:type="arc" />
<path
transform="matrix(-0.4369181,0,0,0.4369181,285.62877,302.3973)"
d="m 255,417.86218 c 0,8.56042 -6.93959,15.5 -15.5,15.5 -8.56041,0 -15.5,-6.93958 -15.5,-15.5 0,-8.56041 6.93959,-15.5 15.5,-15.5 8.56041,0 15.5,6.93959 15.5,15.5 z"
sodipodi:ry="15.5"
sodipodi:rx="15.5"
sodipodi:cy="417.86218"
sodipodi:cx="239.5"
id="path4895"
style="fill:#000000;fill-opacity:1;stroke:none"
sodipodi:type="arc" />
<path
sodipodi:type="star"
style="fill:#999999;fill-opacity:1;stroke:none"
id="path4897"
sodipodi:sides="4"
sodipodi:cx="458"
sodipodi:cy="437.5"
sodipodi:r1="7.3527207"
sodipodi:r2="2.9098985"
sodipodi:arg1="0.95449939"
sodipodi:arg2="1.1053447"
inkscape:flatsided="false"
inkscape:rounded="0"
inkscape:randomized="0"
d="M 462.25,443.5 459.30604,440.10034 452,441.75 455.39966,438.80604 453.75,431.5 456.69396,434.89966 464,433.25 l -3.39966,2.94396 z"
transform="matrix(-1.3125,0,0,1.3125,744.79339,-67.03474)" />
<path
transform="matrix(-1.3125,0,0,1.3125,759.04339,-63.28474)"
d="M 462.25,443.5 459.30604,440.10034 452,441.75 455.39966,438.80604 453.75,431.5 456.69396,434.89966 464,433.25 l -3.39966,2.94396 z"
inkscape:randomized="0"
inkscape:rounded="0"
inkscape:flatsided="false"
sodipodi:arg2="1.1053447"
sodipodi:arg1="0.95449939"
sodipodi:r2="2.9098985"
sodipodi:r1="7.3527207"
sodipodi:cy="437.5"
sodipodi:cx="458"
sodipodi:sides="4"
id="path4899"
style="fill:#999999;fill-opacity:1;stroke:none"
sodipodi:type="star" />
<path
style="fill:#ff0000;fill-opacity:1;stroke:none"
d="m 223.29339,463.559 -78,0 c -3.17046,0.93258 -2.20659,2.69202 -2.25,4.25001 l 83.25,0 c 0.40565,-2.11949 -0.74064,-3.46302 -3,-4.25001 z"
id="path4901"
sodipodi:nodetypes="ccccc"
inkscape:connector-curvature="0" />
<path
sodipodi:type="arc"
style="fill:#ff0000;fill-opacity:1;stroke:none"
id="path4903"
sodipodi:cx="393.125"
sodipodi:cy="404.125"
sodipodi:rx="3.625"
sodipodi:ry="3.625"
d="m 396.75,404.125 c 0,2.00203 -1.62297,3.625 -3.625,3.625 -2.00203,0 -3.625,-1.62297 -3.625,-3.625 0,-2.00203 1.62297,-3.625 3.625,-3.625 2.00203,0 3.625,1.62297 3.625,3.625 z"
transform="matrix(-1,0,0,1,621.04339,64.05901)" />
</g>
<g
style="display:inline"
id="g4943"
transform="matrix(-1,0,0,1,843.8505,-582.82052)">
<path
style="fill:#c87137;fill-opacity:1;stroke:none"
d="m 201.92989,686.02586 c 0,3.45232 -0.37818,26.77711 -1.09535,30.01465 -1.76377,8.88175 -7.47321,13.99537 -16.04706,15.94165 -3.98502,0.7434 -8.51783,-15.55751 -13.43722,-15.64836 -4.91939,-0.0909 -10.22535,16.02838 -15.75668,16.02838 -5.55727,0 -10.88704,-16.12835 -15.82585,-16.05348 -4.9388,0.0749 -9.48664,16.35298 -13.48001,15.58219 -9.04184,-1.50054 -13.76948,-7.68556 -15.99884,-16.14255 -0.67582,-3.14764 -1.03162,-26.37389 -1.03162,-29.72248 0,-25.57764 20.75867,-46.33631 46.33632,-46.33631 25.57764,0 46.33631,20.75867 46.33631,46.33631 z"
id="path4984"
sodipodi:nodetypes="cccsssccssc"
inkscape:connector-curvature="0" />
<path
sodipodi:type="arc"
style="fill:#ffffff;fill-opacity:1;stroke:none"
id="path4990"
sodipodi:cx="239.5"
sodipodi:cy="417.86218"
sodipodi:rx="15.5"
sodipodi:ry="15.5"
d="m 255,417.86218 c 0,8.56042 -6.93959,15.5 -15.5,15.5 -8.56041,0 -15.5,-6.93958 -15.5,-15.5 0,-8.56041 6.93959,-15.5 15.5,-15.5 8.56041,0 15.5,6.93959 15.5,15.5 z"
transform="matrix(0.7128664,0,0,0.7128664,13.0203,379.94798)" />
<path
sodipodi:type="arc"
style="fill:#000000;fill-opacity:1;stroke:none"
id="path4994"
sodipodi:cx="239.5"
sodipodi:cy="417.86218"
sodipodi:rx="15.5"
sodipodi:ry="15.5"
d="m 255,417.86218 c 0,8.56042 -6.93959,15.5 -15.5,15.5 -8.56041,0 -15.5,-6.93958 -15.5,-15.5 0,-8.56041 6.93959,-15.5 15.5,-15.5 8.56041,0 15.5,6.93959 15.5,15.5 z"
transform="matrix(0.4369181,0,0,0.4369181,82.67424,495.9692)" />
<path
sodipodi:nodetypes="ccccc"
id="path5016"
d="m 108.94063,703.44381 c 36.73049,-13.59995 57.10773,-33.92799 77.78175,-53.03301 1.34475,0.59979 2.58937,1.29971 3.0052,2.82842 -17.38021,17.73274 -33.8719,35.40994 -80.61017,54.97756 -0.88087,-1.59099 -1.17527,-3.18198 -0.17678,-4.77297 z"
style="fill:#000000;fill-rule:evenodd;stroke:none"
inkscape:connector-curvature="0" />
<path
transform="matrix(0.7128664,0,0,0.7128664,-15.49436,379.94799)"
d="m 255,417.86218 c 0,8.56042 -6.93959,15.5 -15.5,15.5 -8.56041,0 -15.5,-6.93958 -15.5,-15.5 0,-8.56041 6.93959,-15.5 15.5,-15.5 8.56041,0 15.5,6.93959 15.5,15.5 z"
sodipodi:ry="15.5"
sodipodi:rx="15.5"
sodipodi:cy="417.86218"
sodipodi:cx="239.5"
id="path4998"
style="fill:#000000;fill-opacity:1;stroke:none"
sodipodi:type="arc" />
<path
sodipodi:nodetypes="ccc"
id="path5113"
d="m 106.72549,679.42961 c 22.22463,1.2651 46.14752,-16.22323 73.25,-35.25 -36.70369,-24.71655 -71.84396,3.72381 -73.25,35.25 z"
style="fill:#ff0000;fill-rule:evenodd;stroke:none"
inkscape:connector-curvature="0" />
<path
style="fill:#ffffff;fill-opacity:1;stroke:none"
d="m 156.816,637.60365 c -0.87698,0.52431 -0.38045,1.56698 0.70794,2.29091 0.22072,0.0113 0.42813,-0.0591 0.61955,-0.12649 -0.12119,0.51926 -0.0245,0.65733 -0.12589,1.34469 0.69038,-0.28011 1.03335,-0.38346 1.65877,-0.447 -0.0242,-0.44056 0.0747,-0.41629 0.0295,-0.77857 0.17059,0.0734 0.34244,0.1002 0.54309,0.11053 1.99911,-0.25925 1.80233,-1.94029 0.10992,-2.50733 -0.5253,-0.0271 -0.95276,0.17838 -1.22711,0.53081 -0.42218,-0.32817 -0.97252,-0.47515 -1.46596,-0.68525 -0.35763,0.0559 -0.64742,0.14672 -0.84979,0.2677 z m -6.14725,5.73487 c -0.37399,0.21336 -0.69744,0.65885 -0.89555,1.27806 0.0182,0.52568 0.2623,0.95061 0.63703,1.19365 -0.29405,0.45994 -0.41123,0.99537 -0.55968,1.5157 0.42758,1.94583 2.12459,1.62368 2.55185,-0.0758 -0.008,-0.2209 -0.0659,-0.42051 -0.14951,-0.60541 0.26979,0.0389 0.25994,0.0294 0.57502,0.0592 -0.0109,-0.58848 -0.0116,-1.01099 0.40065,-1.67165 -0.58739,0.0798 -0.58026,-0.0318 -1.03706,0.0657 0.0584,-0.1763 0.12638,-0.37945 0.11943,-0.58023 -0.28847,-1.24498 -1.01886,-1.53481 -1.64218,-1.17923 z m 5.76684,-1.03366 c -2.52622,1.5494 -3.88115,3.95319 -3.01454,5.36616 0.62902,1.02559 2.26554,1.2489 4.07428,0.70154 0.0731,0.13714 0.13365,0.26957 0.21706,0.40556 1.26052,2.05524 3.22705,3.15408 4.38313,2.44503 1.15607,-0.70903 1.06807,-2.96003 -0.19247,-5.01527 -0.10188,-0.1661 -0.20935,-0.31634 -0.31958,-0.46941 1.13505,-1.29811 1.59166,-2.72631 1.00178,-3.68808 -0.8666,-1.41298 -3.62344,-1.29493 -6.14966,0.25447 z m 2.52175,1.11507 c 0.36859,-0.22607 0.84489,-0.12071 1.06316,0.23517 0.21828,0.35588 0.0963,0.8282 -0.27232,1.05426 -0.36859,0.22607 -0.84489,0.12071 -1.06316,-0.23517 -0.21828,-0.35589 -0.0963,-0.82819 0.27232,-1.05426 z m -2.36335,1.82974 c 0.36858,-0.22606 0.84489,-0.12071 1.06316,0.23518 0.21827,0.35588 0.0963,0.82819 -0.27232,1.05426 -0.3686,0.22607 -0.84489,0.12071 -1.06317,-0.23517 -0.21828,-0.35589 -0.0963,-0.8282 0.27233,-1.05427 z m 8.25513,-2.40136 c -0.37398,0.21337 -0.72046,0.67299 -0.91858,1.29219 0.008,0.23888 0.0674,0.43261 0.16364,0.62845 -0.47373,-0.0824 -0.60782,-0.13149 -1.25259,-0.18237 -0.20698,0.39334 -0.36966,0.68123 -0.70766,1.06777 0.20762,0.23027 0.23261,0.48259 0.39173,0.74203 0.99043,-0.137 1.38437,-0.18922 1.9931,-0.36685 -0.18607,0.2624 -0.32734,0.61974 -0.31469,0.98519 0.44276,1.92192 2.13171,1.64662 2.55185,-0.0758 -0.0257,-0.74255 -0.52143,-1.34903 -1.15342,-1.41563 0.57363,-0.34962 0.65866,-0.85655 0.86577,-1.48161 -0.28848,-1.24496 -0.99582,-1.54892 -1.61915,-1.19335 z m -7.59356,6.11494 c -0.29825,0.95526 0.24993,1.96301 0.41475,3.10446 -0.24544,-0.20794 -0.58808,-0.34716 -0.95326,-0.36597 -1.977,0.27045 -1.753,1.96099 -0.0958,2.53036 0.74201,0.0382 1.35143,-0.43739 1.4721,-1.06132 0.31689,0.6031 0.80868,0.76707 1.42298,1.02849 1.99911,-0.25928 1.81122,-1.97744 0.11883,-2.54448 -0.2387,-0.0123 -0.46742,0.0155 -0.67082,0.0946 0.0921,-0.34839 -0.0156,-0.47975 0.0651,-0.92717 -0.54877,-0.4473 -0.72766,-0.72142 -1.16754,-1.43864 -0.0834,-0.13598 -0.53324,-0.28316 -0.60634,-0.42029 z m 1.72353,0.0203 2.48678,-1.5252 0.33893,0.55261 -2.48677,1.5252 -0.33894,-0.55261 z"
id="path2901"
inkscape:connector-curvature="0" />
<path
sodipodi:nodetypes="csc"
id="path5119"
d="m 83.78439,674.18891 c 0,0 23.48188,-6.45517 19.95191,5.47353 -2.14258,7.24037 -17.77342,-3.3647 -19.95191,-5.47353 z"
style="fill:#ff0000;fill-rule:evenodd;stroke:none"
inkscape:connector-curvature="0" />
<path
style="fill:#ff0000;fill-rule:evenodd;stroke:none"
d="m 86.84178,697.26453 c 0,0 15.95112,-23.66444 21.78836,-10.63431 3.54304,7.90892 -18.27368,10.77951 -21.78836,10.63431 z"
id="path5121"
sodipodi:nodetypes="csc"
inkscape:connector-curvature="0" />
<path
transform="matrix(1.4125247,0,0,1.4125247,-112.90968,268.08805)"
d="m 158.5,292 c 0,2.20914 -1.79086,4 -4,4 -2.20914,0 -4,-1.79086 -4,-4 0,-2.20914 1.79086,-4 4,-4 2.20914,0 4,1.79086 4,4 z"
sodipodi:ry="4"
sodipodi:rx="4"
sodipodi:cy="292"
sodipodi:cx="154.5"
id="path5123"
style="fill:#ff0000;fill-opacity:1;stroke:none"
sodipodi:type="arc" />
</g>
<text
xml:space="preserve"
style="font-size:40px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;font-family:URW Gothic L;-inkscape-font-specification:URW Gothic L"
x="116.03641"
y="157.71547"
id="text2549"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
id="tspan2551"
x="116.03641"
y="157.71547">Central Michigan University</tspan></text>
<text
sodipodi:linespacing="125%"
id="text2577"
y="213.27388"
x="379.68344"
style="font-size:20px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:center;line-height:125%;writing-mode:lr-tb;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:URW Gothic L;-inkscape-font-specification:URW Gothic L"
xml:space="preserve"><tspan
y="213.27388"
x="379.68344"
id="tspan2579"
sodipodi:role="line">happened with my help</tspan><tspan
y="238.27388"
x="379.68344"
sodipodi:role="line"
id="tspan2688">because I am a cool person!</tspan></text>
<g
id="g2682"
transform="matrix(0.65682,0,0,0.65682,56.884352,76.892052)">
<g
style="display:inline"
id="g2779"
transform="matrix(0.3735863,0,0,0.3735863,13.30028,7.3746232)">
<path
sodipodi:nodetypes="csssccccccsccssscsscczczczcccccccsscscccccccccscscccc"
id="path2781"
d="M 127.1141,465.5924 C 91.814047,465.5924 66.89506,504.2459 69.859396,529.82972 C 71.761234,546.24359 81.651632,548.75843 96.01098,575.0839 C 104.71039,591.03284 111.56039,612.77438 100.19257,619.35575 C 88.824765,625.93711 53.531251,643.88779 53.53125,643.88779 L 53.53125,731.25 L 228.8265,731.25 C 228.8265,731.25 230.62049,725.86487 229.42387,714.49706 C 243.87007,715.26906 254.19943,715.68227 269.51412,713.28904 C 290.82939,704.65951 302.41803,697.91484 316.18872,691.15976 C 319.30006,687.58786 324.5538,662.43638 323.35717,651.66689 C 322.17857,641.0595 321.01036,622.90838 315.83029,608.07206 C 315.83112,607.62561 315.81244,607.17371 315.77719,606.71802 C 317.90386,598.92728 318.64423,595.20653 320.96769,587.65525 C 323.36091,579.87727 313.19812,579.87221 315.59134,573.88916 C 317.98457,567.9061 319.77015,572.09667 321.56506,555.3441 C 323.35997,538.59153 316.6504,536.93715 312.59122,530.81206 C 313.93239,525.70068 314.54999,522.63654 307.07568,516.5878 C 303.81694,513.9506 301.55946,512.46778 297.4356,512.23126 C 293.31173,511.99474 287.68977,511.89966 279.91179,511.30135 C 279.95788,511.237 279.68945,518.04719 279.8219,518.15083 C 279.59187,518.15083 272.97826,508.24505 268.82685,511.94803 C 264.86347,515.4833 273.24628,527.8739 273.24627,527.59611 C 273.51087,527.66524 264.87102,526.81018 264.1245,530.81206 C 263.39332,534.73169 269.93358,536.10993 269.84182,536.20168 C 269.75006,535.92516 263.79217,535.24252 263.99859,539.96567 C 264.22106,545.05637 272.74333,545.38736 272.74334,545.5438 C 268.67573,555.71281 254.50626,589.03774 244.98208,611.57664 C 247.97361,618.15801 274.90373,620.56376 274.90373,620.56376 C 274.90373,620.56376 277.7599,637.70722 270.70886,644.48516 C 261.13596,645.96638 226.25358,641.8655 203.09971,630.13497 C 183.35561,625.94684 173.54242,629.40149 162.4121,627.13484 C 163.71562,615.17348 164.21749,608.58979 164.21749,608.58979 C 164.21749,608.58979 179.77569,606.19506 179.77569,584.05775 C 179.77569,561.92042 189.27078,560.03657 186.94414,548.16237 C 185.05685,538.53041 181.53399,532.45339 189.1876,524.09495 C 194.98993,515.09543 195.91779,501.48946 187.54152,491.91656 C 175.82743,478.52903 162.41416,465.5924 127.1141,465.5924 z M 283.08108,515.50608 C 282.97494,515.60488 286.88702,515.90504 291.28498,516.19638 C 291.7627,519.41501 296.839,523.95317 299.88712,526.41806 C 299.62647,527.00514 299.35852,527.56957 299.09062,528.13052 L 283.43987,527.85176 C 283.52084,527.66348 282.88447,515.7395 283.08108,515.50608 z M 276.34425,546.61907 C 277.89568,547.38545 280.81962,547.77463 283.05453,548.37477 C 280.15284,549.11714 277.60828,549.09234 277.30649,551.49475 C 276.88402,554.8578 283.91375,557.05322 290.12324,558.85588 C 288.4593,559.44397 285.41576,560.84837 285.28168,562.4898 C 284.86781,567.55673 295.35853,569.71644 304.68278,571.55997 C 305.89074,579.19986 307.54144,589.21622 308.90079,597.08044 C 285.0055,594.98587 270.36389,593.61307 255.48253,597.49196 C 261.78844,582.55106 269.46993,562.86918 276.34425,546.61907 z"
style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
</g>
<text
transform="matrix(0.570786,-0.8210989,0.8210989,0.570786,0,0)"
sodipodi:linespacing="125%"
id="text2678"
y="199.4783"
x="-109.05233"
style="font-size:20px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:URW Palladio L;-inkscape-font-specification:URW Palladio L"
xml:space="preserve"><tspan
y="199.4783"
x="-109.05233"
id="tspan2680"
sodipodi:role="line">right on!</tspan></text>
</g>
</g>
</svg>

After

Width:  |  Height:  |  Size: 24 KiB

View File

@ -0,0 +1,15 @@
TF3 Categories
==============
Last year we ran:
bletchley, compaq, crypto, forensics, hackme, hispaniola, net-re,
sequence, skynet, survey, webapp, tanks, badmath, kevin
This year we have:
basemath, bletchley, codebreaking, compaq, crypto, forensics,
hackme, logger, net-re, octopus, printf, pwnables, sequence, skynet,
steg, tanks, webapp

1
doc/interest.txt Normal file
View File

@ -0,0 +1 @@
andrew.hay@afit.edu

176
doc/token-categories.txt Normal file
View File

@ -0,0 +1,176 @@
LANL CTF Token-Based Categories
===============================
LANL's CTF contest allows for easy addition of new modules which can use
"tokens". A token is a character string worth one point in the contest.
A point may only be claimed once per team, but multiple teams can claim
the same token and each will get a point. Tokens look like this:
example:xylep-donut-nanox
Tokens are issued by the token server using the tokencli program at the
end of this document. They can also be issued before the beginning of a
contest. If your category allows it, it will be much easier for you to
simply request a number of tokens before the contest begins, and
hard-code them into your category.
You will want to arrange that participants get a token after having
completed some sort of task. In existing categories, tokens are
frequently what lie beneath some trail of hacking. For instance, one
program provides a token when the proper printf formatting string is
provided. Another embeds five tokens into log messages using different
encodings.
Any machine that you connect to our network will get a wired connection
and should claim a static IP address on the 10.0.2.0/24 network. While
it's unlikely you'll conflict with anyone else, be prepared to
reconfigure it with a new IP on the morning of the event.
If you plan to request tokens, please do so at least 2 weeks before the
start of the event. I will need to know what you'd like your category
to be called, and how many tokens you'd like. It's not a problem if you
don't use all the tokens you request.
Remember that this is a security contest, and contestants will be far
more engaged with your category if they have to do real work to get the
tokens. For example, a vendor might be tempted to leave tokens lying
around in configuration boxes to reward people who explore its rich
configurability, but this would probably result in people clicking
through the UI as quickly as possible looking only for tokens. Far
better would be to have the tokens lying under the products
functionality somewhere, forcing contestants to interact with the
product like they would in their day to day work after having purchased
it. A Snort category, for instance, would do well to have tokens within
packet captures which triggered alarms.
I can't stress that last point enough: constestants have been known to
spend over 2 hours on a single problem. Don't be afraid to really
challenge them.
/* tokencli.c - LANL CTF token client
Author: Neale Pickett <neale@lanl.gov>
This program requires an arc4 implementation, email me if you can't find
one you like.
This also requires a shared 128-bit key. I need the key before you can
start requesting tokens from the server :)
This software has been authored by an employee or employees of Los
Alamos National Security, LLC, operator of the Los Alamos National
Laboratory (LANL) under Contract No. DE-AC52-06NA25396 with the
U.S. Department of Energy. The U.S. Government has rights to use,
reproduce, and distribute this software. The public may copy,
distribute, prepare derivative works and publicly display this software
without charge, provided that this Notice and any statement of
authorship are reproduced on all copies. Neither the Government nor
LANS makes any warranty, express or implied, or assumes any liability or
responsibility for the use of this software. If software is modified to
produce derivative works, such modified software should be clearly
marked, so as not to confuse it with the version available from LANL.
*/
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <string.h>
#include <unistd.h>
#include <sysexits.h>
#include <stdio.h>
#include "arc4.h"
/* I don't feel compelled to put all the TCP client code in here
* when it's so simple to run this with netcat or ucspi. Plus, using
* stdin and stdout makes it simpler to test.
*/
int
read_key(char *filename, uint8_t *key, size_t *keylen)
{
int fd = open(filename, O_RDONLY);
int len;
if (-1 == fd) {
perror("open");
return EX_NOINPUT;
}
len = read(fd, key, *keylen);
if (-1 == len) {
perror("read");
return EX_NOINPUT;
}
*keylen = (size_t)len;
return 0;
}
int
main(int argc, char *argv[]) {
uint8_t skey[200];
size_t skeylen = sizeof(skey);
char token[200];
size_t tokenlen;
int ret;
if (argc != 3) {
fprintf(stderr, "Usage: %s SERVICE SERVICEKEY 3>TOKENFILE\n", argv[0]);
fprintf(stderr, "\n");
fprintf(stderr, "SERVICEKEY is a filename.\n");
fprintf(stderr, "Server chatter happens over stdin and stdout.\n");
fprintf(stderr, "Tokens are written to file descriptor 3.\n");
fprintf(stderr, "\n");
fprintf(stderr, "To run with netcat:\n");
fprintf(stderr, " nc 10.0.0.2 1 -e tokencli cat cat.key 3> tokenfile\n");
return EX_USAGE;
}
/* read in keys */
ret = read_key(argv[2], skey, &skeylen);
if (0 != ret) return ret;
/* write service name */
write(1, argv[1], strlen(argv[1]));
/* read nonce, send back encrypted version */
{
uint8_t nonce[80];
int noncelen;
noncelen = read(0, nonce, sizeof(nonce));
if (0 >= noncelen) {
perror("read");
return EX_IOERR;
}
arc4_crypt_buffer(skey, skeylen, nonce, (size_t)noncelen);
write(1, nonce, (size_t)noncelen);
}
/* read token */
{
int len;
len = read(0, token, sizeof(token));
if (0 >= len) {
perror("read");
return EX_IOERR;
}
tokenlen = (size_t)len;
}
/* decrypt it */
arc4_crypt_buffer(skey, skeylen, (uint8_t *)token, tokenlen);
/* write it to fd 3 */
write(3, token, tokenlen);
return 0;
}

163
doc/writing-puzzles.txt Normal file
View File

@ -0,0 +1,163 @@
How to create puzzle categories
===============================
The contest has multiple "puzzle" categories. Each category contains a
collection of thematically-related puzzles with increasing point
values. This document will guide you through the process of creating a
new category. It's up to you to make challenging puzzles, though :)
Since Unix commands are plain text, I'll be using the Unix commands to
illustrate steps. These are simple commands that should be easy to
translate to a GUI.
Step 1: Establish a progression
-------------------------------
Before you do anything else, you should sit down with a pen and paper,
and plan out how you'd like contestants to progress through your
category. This contest framework is set up to encourage a linear
progression through puzzles, while still allowing contestants to skip
over things they get stuck on.
The net-re category, for instance, features full tutorial pages with
simple "end of chapter" type questions for point values 1-8. Point
values 10-99 apply the skills learned in the tutorial against
increasingly challenging problems, point values 100-999 increasingly
approach real-world challenges which use the skills, and point values
1000+ are either culled or inspired by actual net-re tasks performed by
experts in the field.
The crypto category uses the previous answers key as part of the
solution process for each point value.
Ideally, your category will work standalone for novices, while allowing
experts to quickly answer the training questions and progress to real
challenges. Remember that some events don't have a class portion, and
even the ones that do have students who prefer to spend the contest time
reviewing the exact same problems they did in the class.
Remember, it's easy to make incredibly challenging puzzles, and you will
probably have a lot of ideas about how to do this. What's harder is to
make simple puzzles that teach. It can be helpful to imagine a student
with a basic skill set. Write your first puzzle for this student to
introduce them to the topic and get them thinking about things you
believe are important. Guide that student through your tutorial
puzzles, until they emerge ready to tackle some non-tutorial problems.
As they gain confidence, keep them on their toes with new challenges.
Remember to only introduce one new concept for each puzzle!
Past a certain point, feel free to throw in the killer tricky puzzles
you're just dying to create!
Step 2: Establish point values
------------------------------
Each of your steps needs a point value. Each point value must be
unique: you may not have two 5-point puzzles.
Point values should roughly reflect how difficult a problem is to solve.
It's not terribly important that a 200-point puzzle be ten times harder
than a 20-point puzzle, but it is crucial that a 25-point puzzle be
roughly as difficult as a 20-point puzzle. Poorly-weighted puzzles has
been the main reason students lose interest.
Step 3: Set up your puzzle structure
------------------------------------
The best way to get puzzles to me is in a zip file of an entire
directory. Let's say you are going to create a "sandwich" category.
Your first step will be to make a "sandwich" directory somewhere.
$ mkdir sandwich
$ cd sandwich
$
Within your category directory, create subdirectories for each point
value puzzle. In the "sandwich" category we have only 5, 10, and
100-point puzzles.
$ mkdir 5 10 100
$
Step 4: Write puzzles
---------------------
Now that your skeleton is set up, you can begin to fill it in. In each
point-value subdirectory, there can be three special files, and as many
downloadable files as you like, in addition to CGI and any downloadable
but non-listed files you would like.
Special files are:
* index.mdwn: a plain text file formatted with
[markdown](http://daringfireball.net/projects/markdown/), displayed
before the list of normal files in the puzzle directory.
* key: a plain text file with acceptable answers, one per line. Answers
are matched exactly (ie. they are case-sensitive).
* summary: a single line explaining to contest organizers what's going
on in this puzzle.
All remaining files, except those with filenames beginning with a comma
(","), are listed on the puzzle page for download.
Any file ending with ".cgi" will be run as CGI. You can search the web
for how to write a CGI. Available languages are Python, Lua, and Bourne
Shell.
Let's make our 5-point sandwich question!
$ cd 5
$ cat <<EOD >index.mdwn
> Welcome to the Sandwich category!
> In this category you will learn how to make a tasty sandwich.
> The key ingredients in a sandwich are: bread, spread, and filling.
> When making a sandwich, you need to first put down one slice of bread,
> then apply any spreads, and finally add filling. Popular fillings
> include cheese, sprouts, and cold cuts. When you are done, apply
> another slice of bread on top, and optionally tie it together with
> a fancy toothpick.
>
> Now that you know the basics of sandwich-making, it's time for a
> question! How many slices of bread are in a sandwich?
> EOD
$ cat <<EOD >key
> 2
> TWO
> two
> EOD
$ echo "How many slices of bread in a sandwich" > summary
$
If you wanted to provide a PDF of various sandwiches, this would be the
time to add that too:
$ cp /tmp/sandwich-types.pdf .
$
In a real category, you might provide an executable, hard drive image,
or some other kind of blob.
No additional work is needed to have `sandwich-types.pdf` show up as a
download on the puzzle page.
Step 5: Package it up
---------------------
After you've flushed out all your point-value directories, it's time to
wrap it up and send it in. Clean out any backup or temporary files you
or your editor might have written in the directories, and zip the sucker
up.
$ cd ../..
$ zip -r sandwich.zip sandwich/
$
Now mail the zip file in, and you're all done!

View File

@ -23,7 +23,7 @@ arc4_init(struct arc4_ctx *ctx, uint8_t const *key, size_t keylen)
} }
uint8_t uint8_t
arc4_pad(struct arc4_ctx *ctx) arc4_out(struct arc4_ctx *ctx)
{ {
ctx->i = (ctx->i + 1) % 256; ctx->i = (ctx->i + 1) % 256;
ctx->j = (ctx->j + ctx->S[ctx->i]) % 256; ctx->j = (ctx->j + ctx->S[ctx->i]) % 256;
@ -33,17 +33,17 @@ arc4_pad(struct arc4_ctx *ctx)
void void
arc4_crypt(struct arc4_ctx *ctx, arc4_crypt(struct arc4_ctx *ctx,
uint8_t *obuf, uint8_t const *ibuf, size_t buflen) uint8_t *obuf, const uint8_t *ibuf, size_t buflen)
{ {
size_t k; size_t k;
for (k = 0; k < buflen; k += 1) { for (k = 0; k < buflen; k += 1) {
obuf[k] = ibuf[k] ^ arc4_pad(ctx); obuf[k] = ibuf[k] ^ arc4_out(ctx);
} }
} }
void void
arc4_crypt_buffer(uint8_t const *key, size_t keylen, arc4_crypt_buffer(const uint8_t *key, size_t keylen,
uint8_t *buf, size_t buflen) uint8_t *buf, size_t buflen)
{ {
struct arc4_ctx ctx; struct arc4_ctx ctx;
@ -51,3 +51,64 @@ arc4_crypt_buffer(uint8_t const *key, size_t keylen,
arc4_init(&ctx, key, keylen); arc4_init(&ctx, key, keylen);
arc4_crypt(&ctx, buf, buf, buflen); arc4_crypt(&ctx, buf, buf, buflen);
} }
#ifdef ARC4_MAIN
#include <stdio.h>
#include <sysexits.h>
#include <string.h>
int
main(int argc, char *argv[])
{
struct arc4_ctx ctx;
/* Read key and initialize context */
{
uint8_t key[256];
size_t keylen = 0;
char *ekey = getenv("KEY");
FILE *f;
if (argc == 2) {
if (! (f = fopen(argv[1], "r"))) {
perror(argv[0]);
}
} else {
f = fdopen(3, "r");
}
if (f) {
keylen = fread(key, 1, sizeof(key), f);
fclose(f);
} else if (ekey) {
keylen = strlen(ekey);
if (keylen > sizeof(key)) {
keylen = sizeof(key);
}
memcpy(key, ekey, keylen);
}
if (0 == keylen) {
fprintf(stderr, "Usage: %s [KEYFILE] <PLAINTEXT\n", argv[0]);
fprintf(stderr, "\n");
fprintf(stderr, "You can also pass in the key on fd 3 or in\n");
fprintf(stderr, "$KEY; omit KEYFILE in this case.\n");
return EX_IOERR;
}
arc4_init(&ctx, key, (size_t)keylen);
}
/* Encrypt */
while (1) {
int c = getchar();
if (EOF == c) break;
putchar(c ^ arc4_out(&ctx));
}
return 0;
}
#endif /* ARC4_MAIN */

View File

@ -10,11 +10,10 @@ struct arc4_ctx {
uint8_t j; uint8_t j;
}; };
void arc4_init(struct arc4_ctx *ctx, uint8_t const *key, size_t keylen); void arc4_init(struct arc4_ctx *ctx, const uint8_t *key, size_t keylen);
uint8_t arc4_pad(struct arc4_ctx *ctx); uint8_t arc4_out(struct arc4_ctx *ctx);
void arc4_crypt(struct arc4_ctx *ctx, void arc4_crypt(struct arc4_ctx *ctx,
uint8_t *obuf, uint8_t const *ibuf, size_t buflen); uint8_t *obuf, const uint8_t *ibuf, size_t buflen);
void arc4_crypt_buffer(uint8_t const *key, size_t keylen, void arc4_crypt_buffer(const uint8_t *key, size_t keylen,
uint8_t *buf, size_t buflen); uint8_t *buf, size_t buflen);
#endif #endif

View File

@ -1,156 +0,0 @@
/*
------------------------------------------------------------------------------
rand.c: By Bob Jenkins. My random number generator, ISAAC. Public Domain.
MODIFIED:
960327: Creation (addition of randinit, really)
970719: use context, not global variables, for internal state
980324: added main (ifdef'ed out), also rearranged randinit()
010626: Note that this is public domain
------------------------------------------------------------------------------
*/
#include <stdint.h>
#include "rand.h"
#define ind(mm,x) (*(uint32_t *)((uint8_t *)(mm) + ((x) & ((RANDSIZ-1)<<2))))
#define rngstep(mix,a,b,mm,m,m2,r,x) \
{ \
x = *m; \
a = (a^(mix)) + *(m2++); \
*(m++) = y = ind(mm,x) + a + b; \
*(r++) = b = ind(mm,y>>RANDSIZL) + x; \
}
void isaac(struct randctx *ctx)
{
register uint32_t a, b, x, y, *m, *mm, *m2, *r, *mend;
mm = ctx->randmem;
r = ctx->randrsl;
a = ctx->randa;
b = ctx->randb + (++ctx->randc);
for (m = mm, mend = m2 = m + (RANDSIZ / 2); m < mend;) {
rngstep(a << 13, a, b, mm, m, m2, r, x);
rngstep(a >> 6, a, b, mm, m, m2, r, x);
rngstep(a << 2, a, b, mm, m, m2, r, x);
rngstep(a >> 16, a, b, mm, m, m2, r, x);
}
for (m2 = mm; m2 < mend;) {
rngstep(a << 13, a, b, mm, m, m2, r, x);
rngstep(a >> 6, a, b, mm, m, m2, r, x);
rngstep(a << 2, a, b, mm, m, m2, r, x);
rngstep(a >> 16, a, b, mm, m, m2, r, x);
}
ctx->randb = b;
ctx->randa = a;
}
#define mix(a,b,c,d,e,f,g,h) \
{ \
a^=b<<11; d+=a; b+=c; \
b^=c>>2; e+=b; c+=d; \
c^=d<<8; f+=c; d+=e; \
d^=e>>16; g+=d; e+=f; \
e^=f<<10; h+=e; f+=g; \
f^=g>>4; a+=f; g+=h; \
g^=h<<8; b+=g; h+=a; \
h^=a>>9; c+=h; a+=b; \
}
/* if (flag==TRUE), then use the contents of randrsl[] to initialize mm[]. */
void randinit(struct randctx *ctx, uint_fast8_t flag)
{
uint_fast32_t i;
uint32_t a, b, c, d, e, f, g, h;
uint32_t *m, *r;
ctx->randa = ctx->randb = ctx->randc = 0;
m = ctx->randmem;
r = ctx->randrsl;
a = b = c = d = e = f = g = h = 0x9e3779b9; /* the golden ratio */
for (i = 0; i < 4; ++i) { /* scramble it */
mix(a, b, c, d, e, f, g, h);
}
if (flag) {
/* initialize using the contents of r[] as the seed */
for (i = 0; i < RANDSIZ; i += 8) {
a += r[i];
b += r[i + 1];
c += r[i + 2];
d += r[i + 3];
e += r[i + 4];
f += r[i + 5];
g += r[i + 6];
h += r[i + 7];
mix(a, b, c, d, e, f, g, h);
m[i] = a;
m[i + 1] = b;
m[i + 2] = c;
m[i + 3] = d;
m[i + 4] = e;
m[i + 5] = f;
m[i + 6] = g;
m[i + 7] = h;
}
/* do a second pass to make all of the seed affect all of m */
for (i = 0; i < RANDSIZ; i += 8) {
a += m[i];
b += m[i + 1];
c += m[i + 2];
d += m[i + 3];
e += m[i + 4];
f += m[i + 5];
g += m[i + 6];
h += m[i + 7];
mix(a, b, c, d, e, f, g, h);
m[i] = a;
m[i + 1] = b;
m[i + 2] = c;
m[i + 3] = d;
m[i + 4] = e;
m[i + 5] = f;
m[i + 6] = g;
m[i + 7] = h;
}
} else {
/* fill in m[] with messy stuff */
for (i = 0; i < RANDSIZ; i += 8) {
mix(a, b, c, d, e, f, g, h);
m[i] = a;
m[i + 1] = b;
m[i + 2] = c;
m[i + 3] = d;
m[i + 4] = e;
m[i + 5] = f;
m[i + 6] = g;
m[i + 7] = h;
}
}
isaac(ctx); /* fill in the first set of results */
ctx->randcnt = RANDSIZ; /* prepare to use the first set of results */
}
#ifdef NEVER
#include <stdio.h>
int main()
{
uint32_t i, j;
struct randctx ctx;
ctx.randa = ctx.randb = ctx.randc = (uint32_t) 0;
for (i = 0; i < 256; ++i)
ctx.randrsl[i] = (uint32_t) 0;
randinit(&ctx, 1);
for (i = 0; i < 2; ++i) {
isaac(&ctx);
for (j = 0; j < 256; ++j) {
printf("%.8x", ctx.randrsl[j]);
if ((j & 7) == 7)
printf("\n");
}
}
}
#endif

View File

@ -1,55 +0,0 @@
/*
------------------------------------------------------------------------------
rand.h: definitions for a random number generator
By Bob Jenkins, 1996, Public Domain
MODIFIED:
960327: Creation (addition of randinit, really)
970719: use context, not global variables, for internal state
980324: renamed seed to flag
980605: recommend RANDSIZL=4 for noncryptography.
010626: note this is public domain
101005: update to C99 (neale@lanl.gov)
------------------------------------------------------------------------------
*/
#ifndef __ISAAC_H__
#define __ISAAC_H__
#include <stdint.h>
#define RANDSIZL (8)
#define RANDSIZ (1<<RANDSIZL)
/* context of random number generator */
struct randctx {
uint32_t randcnt;
uint32_t randrsl[RANDSIZ];
uint32_t randmem[RANDSIZ];
uint32_t randa;
uint32_t randb;
uint32_t randc;
};
/*
------------------------------------------------------------------------------
If (flag==TRUE), then use the contents of randrsl[0..RANDSIZ-1] as the seed.
------------------------------------------------------------------------------
*/
void randinit(struct randctx *ctx, uint_fast8_t flag);
void isaac(struct randctx *ctx);
/*
------------------------------------------------------------------------------
Call rand(/o_ randctx *r _o/) to retrieve a single 32-bit random value
------------------------------------------------------------------------------
*/
#define rand32(r) \
(!(r)->randcnt-- ? \
(isaac(r), (r)->randcnt=RANDSIZ-1, (r)->randrsl[(r)->randcnt]) : \
(r)->randrsl[(r)->randcnt])
#endif /* RAND */
#endif /* __ISAAC_H__ */

280
include/md5.c Normal file
View File

@ -0,0 +1,280 @@
/*
* This code implements the MD5 message-digest algorithm.
* The algorithm is due to Ron Rivest. This code was
* written by Colin Plumb in 1993, no copyright is claimed.
* This code is in the public domain; do with it what you wish.
*
* Equivalent code is available from RSA Data Security, Inc.
* This code has been tested against that, and is equivalent,
* except that you don't need to include two pages of legalese
* with every copy.
*
* To compute the message digest of a chunk of bytes, declare an
* MD5Context structure, pass it to MD5Init, call MD5Update as
* needed on buffers full of bytes, and then call MD5Final, which
* will fill a supplied 16-byte array with the digest.
*/
/* Brutally hacked by John Walker back from ANSI C to K&R (no
prototypes) to maintain the tradition that Netfone will compile
with Sun's original "cc". */
#include <memory.h> /* for memcpy() */
#include <stdint.h>
#include <stdio.h>
#include "md5.h"
void md5_transform(uint32_t buf[4], uint32_t in[16]);
#ifndef HIGHFIRST
#define byteReverse(buf, len) /* Nothing */
#else
/*
* Note: this code is harmless on little-endian machines.
*/
static void byteReverse(uint8_t *buf, size_t words)
{
uint32_t t;
do {
t = (uint32_t) ((unsigned) buf[3] << 8 | buf[2]) << 16 |
((unsigned) buf[1] << 8 | buf[0]);
*(uint32_t *) buf = t;
buf += 4;
} while (--words);
}
#endif
/*
* Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
* initialization constants.
*/
void md5_init(struct md5_context *ctx)
{
ctx->buf[0] = 0x67452301;
ctx->buf[1] = 0xefcdab89;
ctx->buf[2] = 0x98badcfe;
ctx->buf[3] = 0x10325476;
ctx->bits[0] = 0;
ctx->bits[1] = 0;
}
/*
* Update context to reflect the concatenation of another buffer full
* of bytes.
*/
void md5_update(struct md5_context *ctx,
const uint8_t *buf,
size_t len)
{
uint32_t t;
/* Update bitcount */
t = ctx->bits[0];
if ((ctx->bits[0] = t + ((uint32_t) len << 3)) < t)
ctx->bits[1]++; /* Carry from low to high */
ctx->bits[1] += len >> 29;
t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */
/* Handle any leading odd-sized chunks */
if (t) {
unsigned char *p = (unsigned char *) ctx->in + t;
t = 64 - t;
if (len < t) {
memcpy(p, buf, len);
return;
}
memcpy(p, buf, t);
byteReverse(ctx->in, 16);
md5_transform(ctx->buf, (uint32_t *) ctx->in);
buf += t;
len -= t;
}
/* Process data in 64-byte chunks */
while (len >= 64) {
memcpy(ctx->in, buf, 64);
byteReverse(ctx->in, 16);
md5_transform(ctx->buf, (uint32_t *) ctx->in);
buf += 64;
len -= 64;
}
/* Handle any remaining bytes of data. */
memcpy(ctx->in, buf, len);
}
/*
* Final wrapup - pad to 64-byte boundary with the bit pattern
* 1 0* (64-bit count of bits processed, MSB-first)
*/
void md5_final(struct md5_context *ctx, uint8_t *digest)
{
unsigned int count;
uint8_t *p;
/* Compute number of bytes mod 64 */
count = (ctx->bits[0] >> 3) & 0x3F;
/* Set the first char of padding to 0x80. This is safe since there is
always at least one byte free */
p = ctx->in + count;
*p++ = 0x80;
/* Bytes of padding needed to make 64 bytes */
count = 64 - 1 - count;
/* Pad out to 56 mod 64 */
if (count < 8) {
/* Two lots of padding: Pad the first block to 64 bytes */
memset(p, 0, count);
byteReverse(ctx->in, 16);
md5_transform(ctx->buf, (uint32_t *) ctx->in);
/* Now fill the next block with 56 bytes */
memset(ctx->in, 0, 56);
} else {
/* Pad block to 56 bytes */
memset(p, 0, count - 8);
}
byteReverse(ctx->in, 14);
/* Append length in bits and transform */
((uint32_t *) ctx->in)[14] = ctx->bits[0];
((uint32_t *) ctx->in)[15] = ctx->bits[1];
md5_transform(ctx->buf, (uint32_t *) ctx->in);
byteReverse((unsigned char *) ctx->buf, 4);
memcpy(digest, ctx->buf, 16);
memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */
}
/* The four core functions - F1 is optimized somewhat */
/* #define F1(x, y, z) (x & y | ~x & z) */
#define F1(x, y, z) (z ^ (x & (y ^ z)))
#define F2(x, y, z) F1(z, x, y)
#define F3(x, y, z) (x ^ y ^ z)
#define F4(x, y, z) (y ^ (x | ~z))
/* This is the central step in the MD5 algorithm. */
#define md5_step(f, w, x, y, z, data, s) \
( w += f(x, y, z) + data, w = w<<s | w>>(32-s), w += x )
/*
* The core of the MD5 algorithm, this alters an existing MD5 hash to
* reflect the addition of 16 longwords of new data. MD5Update blocks
* the data and converts bytes into longwords for this routine.
*/
void md5_transform(uint32_t buf[4], uint32_t in[16])
{
register uint32_t a, b, c, d;
a = buf[0];
b = buf[1];
c = buf[2];
d = buf[3];
md5_step(F1, a, b, c, d, in[0] + 0xd76aa478, 7);
md5_step(F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
md5_step(F1, c, d, a, b, in[2] + 0x242070db, 17);
md5_step(F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
md5_step(F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
md5_step(F1, d, a, b, c, in[5] + 0x4787c62a, 12);
md5_step(F1, c, d, a, b, in[6] + 0xa8304613, 17);
md5_step(F1, b, c, d, a, in[7] + 0xfd469501, 22);
md5_step(F1, a, b, c, d, in[8] + 0x698098d8, 7);
md5_step(F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
md5_step(F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
md5_step(F1, b, c, d, a, in[11] + 0x895cd7be, 22);
md5_step(F1, a, b, c, d, in[12] + 0x6b901122, 7);
md5_step(F1, d, a, b, c, in[13] + 0xfd987193, 12);
md5_step(F1, c, d, a, b, in[14] + 0xa679438e, 17);
md5_step(F1, b, c, d, a, in[15] + 0x49b40821, 22);
md5_step(F2, a, b, c, d, in[1] + 0xf61e2562, 5);
md5_step(F2, d, a, b, c, in[6] + 0xc040b340, 9);
md5_step(F2, c, d, a, b, in[11] + 0x265e5a51, 14);
md5_step(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
md5_step(F2, a, b, c, d, in[5] + 0xd62f105d, 5);
md5_step(F2, d, a, b, c, in[10] + 0x02441453, 9);
md5_step(F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
md5_step(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
md5_step(F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
md5_step(F2, d, a, b, c, in[14] + 0xc33707d6, 9);
md5_step(F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
md5_step(F2, b, c, d, a, in[8] + 0x455a14ed, 20);
md5_step(F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
md5_step(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
md5_step(F2, c, d, a, b, in[7] + 0x676f02d9, 14);
md5_step(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
md5_step(F3, a, b, c, d, in[5] + 0xfffa3942, 4);
md5_step(F3, d, a, b, c, in[8] + 0x8771f681, 11);
md5_step(F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
md5_step(F3, b, c, d, a, in[14] + 0xfde5380c, 23);
md5_step(F3, a, b, c, d, in[1] + 0xa4beea44, 4);
md5_step(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
md5_step(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
md5_step(F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
md5_step(F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
md5_step(F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
md5_step(F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
md5_step(F3, b, c, d, a, in[6] + 0x04881d05, 23);
md5_step(F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
md5_step(F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
md5_step(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
md5_step(F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
md5_step(F4, a, b, c, d, in[0] + 0xf4292244, 6);
md5_step(F4, d, a, b, c, in[7] + 0x432aff97, 10);
md5_step(F4, c, d, a, b, in[14] + 0xab9423a7, 15);
md5_step(F4, b, c, d, a, in[5] + 0xfc93a039, 21);
md5_step(F4, a, b, c, d, in[12] + 0x655b59c3, 6);
md5_step(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
md5_step(F4, c, d, a, b, in[10] + 0xffeff47d, 15);
md5_step(F4, b, c, d, a, in[1] + 0x85845dd1, 21);
md5_step(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
md5_step(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
md5_step(F4, c, d, a, b, in[6] + 0xa3014314, 15);
md5_step(F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
md5_step(F4, a, b, c, d, in[4] + 0xf7537e82, 6);
md5_step(F4, d, a, b, c, in[11] + 0xbd3af235, 10);
md5_step(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
md5_step(F4, b, c, d, a, in[9] + 0xeb86d391, 21);
buf[0] += a;
buf[1] += b;
buf[2] += c;
buf[3] += d;
}
void
md5_digest(const uint8_t *buf, size_t buflen, uint8_t *digest)
{
struct md5_context ctx;
md5_init(&ctx);
md5_update(&ctx, buf, buflen);
md5_final(&ctx, digest);
}
void
md5_hexdigest(const uint8_t *buf, size_t buflen, char *hexdigest)
{
uint8_t digest[MD5_DIGEST_LEN];
int i;
md5_digest(buf, buflen, digest);
for (i = 0; i < MD5_DIGEST_LEN; i += 1) {
sprintf(hexdigest + (i*2), "%02x", digest[i]);
}
}

42
include/md5.h Normal file
View File

@ -0,0 +1,42 @@
#ifndef MD5_H
#define MD5_H
#include <stdint.h>
/* The following tests optimise behaviour on little-endian
machines, where there is no need to reverse the byte order
of 32 bit words in the MD5 computation. By default,
HIGHFIRST is defined, which indicates we're running on a
big-endian (most significant byte first) machine, on which
the byteReverse function in md5.c must be invoked. However,
byteReverse is coded in such a way that it is an identity
function when run on a little-endian machine, so calling it
on such a platform causes no harm apart from wasting time.
If the platform is known to be little-endian, we speed
things up by undefining HIGHFIRST, which defines
byteReverse as a null macro. Doing things in this manner
insures we work on new platforms regardless of their byte
order. */
#define HIGHFIRST
#ifdef __i386__
#undef HIGHFIRST
#endif
#define MD5_DIGEST_LEN 16
#define MD5_HEXDIGEST_LEN (MD5_DIGEST_LEN * 2)
struct md5_context {
uint32_t buf[4];
uint32_t bits[2];
uint8_t in[64];
};
void md5_init(struct md5_context *ctx);
void md5_update(struct md5_context *ctx, const uint8_t *buf, size_t len);
void md5_final(struct md5_context *ctx, uint8_t *digest);
void md5_digest(const uint8_t *buf, size_t buflen, uint8_t *digest);
void md5_hexdigest(const uint8_t *buf, size_t buflen, char *hexdigest);
#endif /* !MD5_H */

65
include/rand.c Normal file
View File

@ -0,0 +1,65 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stddef.h>
#include <stdint.h>
#include <time.h>
#include "arc4.h"
/*
*
* Random numbers
*
*/
void
urandom(uint8_t *buf, size_t buflen)
{
static int initialized = 0;
static struct arc4_ctx ctx;
if (! initialized) {
int fd = open("/dev/urandom", O_RDONLY);
if (-1 == fd) {
struct {
time_t time;
pid_t pid;
} bits;
bits.time = time(NULL);
bits.pid = getpid();
arc4_init(&ctx, (uint8_t *)&bits, sizeof(bits));
} else {
uint8_t key[256];
read(fd, key, sizeof(key));
close(fd);
arc4_init(&ctx, key, sizeof(key));
}
initialized = 1;
}
while (buflen--) {
*(buf++) = arc4_out(&ctx);
}
}
int32_t
rand32()
{
int32_t ret;
urandom((uint8_t *)&ret, sizeof(ret));
return ret;
}
uint32_t
randu32()
{
uint32_t ret;
urandom((uint8_t *)&ret, sizeof(ret));
return ret;
}

11
include/rand.h Normal file
View File

@ -0,0 +1,11 @@
#ifndef __RAND_H__
#define __RAND_H__
#include <stdint.h>
#include <stddef.h>
void urandom(void *buf, size_t buflen);
int32_t rand32();
uint32_t randu32();
#endif /* __RAND_H__ */

46
include/test.c Normal file
View File

@ -0,0 +1,46 @@
#include <stdio.h>
#include <stdint.h>
#include "rand.h"
#include "md5.h"
#include "token.h"
int
main()
{
int i;
uint8_t zeroes[64] = {0};
uint8_t digest[MD5_DIGEST_LEN];
for (i = 0; i < 10; i += 1) {
printf("%d ", randu32() % 10);
}
printf("\n4ae71336e44bf9bf79d2752e234818a5\n");
md5_digest(zeroes, 16, digest);
for (i = 0; i < sizeof(digest); i += 1) {
printf("%02x", digest[i]);
}
printf("\n");
{
char hd[MD5_HEXDIGEST_LEN + 1] = {0};
md5_hexdigest(zeroes, 16, hd);
printf("%s\n", hd);
}
{
ssize_t len;
char token[TOKEN_MAX];
len = read_token("foo", 0, 4, token, sizeof(token));
if (-1 != len) {
printf("rut roh\n");
} else {
printf("Good.\n");
}
}
return 0;
}

View File

@ -12,13 +12,18 @@
#define CTF_BASE "/var/lib/ctf" #define CTF_BASE "/var/lib/ctf"
#endif #endif
/*
*
* ARC-4 stuff
*
*/
struct arc4_ctx { struct arc4_ctx {
uint8_t S[256]; uint8_t S[256];
uint8_t i; uint8_t i;
uint8_t j; uint8_t j;
}; };
#define swap(a, b) do {int _swap=a; a=b, b=_swap;} while (0) #define swap(a, b) do {int _swap=a; a=b, b=_swap;} while (0)
void void
@ -39,29 +44,28 @@ arc4_init(struct arc4_ctx *ctx, uint8_t const *key, size_t keylen)
ctx->j = 0; ctx->j = 0;
} }
void uint8_t
arc4_crypt(struct arc4_ctx *ctx, arc4_out(struct arc4_ctx *ctx)
uint8_t *obuf, uint8_t const *ibuf, size_t buflen)
{ {
int i = ctx->i; ctx->i = (ctx->i + 1) % 256;
int j = ctx->j; ctx->j = (ctx->j + ctx->S[ctx->i]) % 256;
size_t k; swap(ctx->S[ctx->i], ctx->S[ctx->j]);
return ctx->S[(ctx->S[ctx->i] + ctx->S[ctx->j]) % 256];
for (k = 0; k < buflen; k += 1) {
uint8_t mask;
i = (i + 1) % 256;
j = (j + ctx->S[i]) % 256;
swap(ctx->S[i], ctx->S[j]);
mask = ctx->S[(ctx->S[i] + ctx->S[j]) % 256];
obuf[k] = ibuf[k] ^ mask;
}
ctx->i = i;
ctx->j = j;
} }
void void
arc4_crypt_buffer(uint8_t const *key, size_t keylen, arc4_crypt(struct arc4_ctx *ctx,
uint8_t *obuf, const uint8_t *ibuf, size_t buflen)
{
size_t k;
for (k = 0; k < buflen; k += 1) {
obuf[k] = ibuf[k] ^ arc4_out(ctx);
}
}
void
arc4_crypt_buffer(const uint8_t *key, size_t keylen,
uint8_t *buf, size_t buflen) uint8_t *buf, size_t buflen)
{ {
struct arc4_ctx ctx; struct arc4_ctx ctx;
@ -70,6 +74,11 @@ arc4_crypt_buffer(uint8_t const *key, size_t keylen,
arc4_crypt(&ctx, buf, buf, buflen); arc4_crypt(&ctx, buf, buf, buflen);
} }
/*
*
*/
ssize_t ssize_t
read_token_fd(int fd, read_token_fd(int fd,

View File

@ -8,13 +8,6 @@
#define TOKEN_MAX 80 #define TOKEN_MAX 80
/* ARC4 functions, in case anybody wants 'em */ /* ARC4 functions, in case anybody wants 'em */
struct arc4_ctx;
void arc4_init(struct arc4_ctx *ctx,
uint8_t const *key, size_t keylen);
void arc4_crypt(struct arc4_ctx *ctx,
uint8_t *obuf, uint8_t const *ibuf, size_t buflen);
void arc4_crypt_buffer(uint8_t const *key, size_t keylen,
uint8_t *buf, size_t buflen);
ssize_t read_token_fd(int fd, ssize_t read_token_fd(int fd,
uint8_t const *key, size_t keylen, uint8_t const *key, size_t keylen,

View File

@ -0,0 +1,18 @@
CTFBASE_PKGDIR = $(TARGET)/ctfbase
ctfbase-install: ctfbase-build
mkdir -p $(CTFBASE_PKGDIR)/bin/
$(call COPYTREE, packages/ctfbase/service, $(CTFBASE_PKGDIR)/service)
cp packages/ctfbase/src/tokencli $(CTFBASE_PKGDIR)/bin/
cp packages/ctfbase/src/arc4 $(CTFBASE_PKGDIR)/bin/
ctfbase-clean:
rm -rf $(CTFBASE_PKGDIR)
$(MAKE) -C packages/ctfbase/src clean
ctfbase-build:
$(MAKE) -C packages/ctfbase/src build
PACKAGES += ctfbase

View File

@ -1,6 +1,7 @@
#! /bin/sh #! /bin/sh
while true; do while true; do
# Get new tokens
for dn in /opt/*/tokens/*; do for dn in /opt/*/tokens/*; do
[ -d $dn ] || continue [ -d $dn ] || continue
puzzle=$(basename $dn) puzzle=$(basename $dn)
@ -9,5 +10,16 @@ while true; do
-e /opt/tokens/bin/tokencli $category $dn/category.key 3>&1 | \ -e /opt/tokens/bin/tokencli $category $dn/category.key 3>&1 | \
/opt/tokens/bin/arc4 $dn/enc.key > /var/lib/ctf/tokens/$puzzle /opt/tokens/bin/arc4 $dn/enc.key > /var/lib/ctf/tokens/$puzzle
done done
# Fetch list of teams
wget -q -P /var/lib/ctf http://10.0.0.2/teams.txt &
# Archive state
state=/var/www/state.tar.gz.rc4
tar cf - /var/lib/ctf | \
gzip -c | \
KEY='crashmaster' arc4 > $state.tmp
mv $state.tmp $state
sleep 60 sleep 60
done done

View File

@ -0,0 +1,12 @@
#! /bin/sh -e
exec 2>&1
# Set up networking for all CTF ip
ip link set eth0 up
if ! ip route | grep -q default; then
ip route add default via 10.0.0.1 || exit 1
fi
install -o root -m 0755 -d /var/lib/ctf/tokens
exec ./ctfd

View File

@ -1,6 +1,7 @@
build: tokencli arc4 build: tokencli arc4
arc4: arc4.o arc4-main.o arc4: arc4.c
$(CC) $(CFLAGS) $(LDFLAGS) -DARC4_MAIN -o $@ $<
tokencli: tokencli.o arc4.o tokencli: tokencli.o arc4.o

View File

@ -0,0 +1,4 @@
#! /bin/sh
IP=$(cat ip.txt)
ip addr del $IP dev eth0

View File

@ -0,0 +1 @@
10.0.0.14/24

View File

@ -1,4 +1,6 @@
#! /bin/sh #! /bin/sh -e
exec 2>&1 exec 2>&1
exec tcpsvd 0 4104 /opt/logger/bin/logger IP=$(cat ip.txt)
ip addr add $IP label eth0:logger dev eth0
exec tcpsvd ${IP#/*} 1958 /opt/logger/bin/logger

View File

@ -1,10 +1,34 @@
#include <sys/select.h> /** logger.c - generate fake log messages (part of dirtbags CTF)
*
* Author: Neale Pickett <neale@lanl.gov>
*
* This software has been authored by an employee or employees of Los
* Alamos National Security, LLC, operator of the Los Alamos National
* Laboratory (LANL) under Contract No. DE-AC52-06NA25396 with the
* U.S. Department of Energy. The U.S. Government has rights to use,
* reproduce, and distribute this software. The public may copy,
* distribute, prepare derivative works and publicly display this
* software without charge, provided that this Notice and any statement
* of authorship are reproduced on all copies. Neither the Government
* nor LANS makes any warranty, express or implied, or assumes any
* liability or responsibility for the use of this software. If
* software is modified to produce derivative works, such modified
* software should be clearly marked, so as not to confuse it with the
* version available from LANL.
*/
#include <time.h> #include <time.h>
#include <stdlib.h> #include <stdlib.h>
#include <stdio.h> #include <stdio.h>
#include <stdint.h> #include <stdint.h>
#include <string.h> #include <string.h>
#include "token.h"
#ifdef STANDALONE
# define TOKEN_MAX 50
#else
# include "token.h"
#endif
#define PID_MAX 32768 #define PID_MAX 32768
#define QSIZE 200 #define QSIZE 200
@ -27,12 +51,16 @@ read_tokens()
char name[40]; char name[40];
for (i = 0; i < sizeof(token)/sizeof(*token); i += 1) { for (i = 0; i < sizeof(token)/sizeof(*token); i += 1) {
#ifdef STANDALONE
strcpy(token[i], "logger:xylep-donut-nanox");
#else
/* This can't grow beyond 40. Think about it. */ /* This can't grow beyond 40. Think about it. */
sprintf(name, "logger%d", i); sprintf(name, "logger%d", i);
len = read_token(name, key, sizeof(key), token[i], sizeof(token[i])); len = read_token(name, key, sizeof(key), token[i], sizeof(token[i]));
if ((-1 == len) || (len >= sizeof(token[i]))) abort(); if ((-1 == len) || (len >= sizeof(token[i]))) abort();
token[i][len] = '\0'; token[i][len] = '\0';
#endif
} }
} }

View File

@ -6,9 +6,7 @@ mcp-install: mcp-build
$(call COPYTREE, packages/mcp/bin, $(MCP_PKGDIR)/bin) $(call COPYTREE, packages/mcp/bin, $(MCP_PKGDIR)/bin)
cp packages/mcp/src/in.tokend $(MCP_PKGDIR)/bin/ cp packages/mcp/src/in.tokend $(MCP_PKGDIR)/bin/
cp packages/mcp/src/pointscli $(MCP_PKGDIR)/bin/ cp packages/mcp/src/pointscli $(MCP_PKGDIR)/bin/
cp packages/mcp/src/tokencli $(MCP_PKGDIR)/bin/
cp packages/mcp/src/puzzles.cgi $(MCP_PKGDIR)/bin/ cp packages/mcp/src/puzzles.cgi $(MCP_PKGDIR)/bin/
cp packages/mcp/src/arc4 $(MCP_PKGDIR)/bin/
$(call COPYTREE, packages/mcp/service, $(MCP_PKGDIR)/service) $(call COPYTREE, packages/mcp/service, $(MCP_PKGDIR)/service)

View File

@ -1,8 +0,0 @@
#! /bin/sh -e
hostname mcp
ifconfig eth0 10.0.0.2 netmask 255.255.0.0
route add default gw 10.0.0.1
exec inotifyd true $(pwd):x

View File

@ -41,6 +41,8 @@ Control {
} }
Server { Server {
Address 10.0.0.2
Virtual { Virtual {
AnyHost AnyHost
Control { Control {

View File

@ -2,6 +2,8 @@
exec 2>&1 exec 2>&1
ip addr add 10.0.0.2/24 label eth0:mcp dev eth0
DB=/var/lib/ctf/tokens.db DB=/var/lib/ctf/tokens.db
if [ ! -f $DB ]; then if [ ! -f $DB ]; then

View File

@ -1,13 +1,13 @@
CFLAGS = -Wall -Werror CFLAGS = -Wall -Werror
TARGETS = in.tokend tokencli claim.cgi TARGETS = in.tokend claim.cgi
TARGETS += puzzler.cgi puzzles.cgi TARGETS += puzzler.cgi puzzles.cgi
TARGETS += pointscli mktoken arc4 TARGETS += pointscli mktoken
all: build all: build
build: $(TARGETS) build: $(TARGETS)
in.tokend: in.tokend.o arc4.o common.o in.tokend: in.tokend.o arc4.o md5.o common.o
tokencli: tokencli.o arc4.o tokencli: tokencli.o arc4.o
pointscli: pointscli.o common.o pointscli: pointscli.o common.o
mktoken: mktoken.o common.o mktoken: mktoken.o common.o

View File

@ -1 +0,0 @@
../../tokens/src/arc4-main.c

1
packages/mcp/src/md5.c Symbolic link
View File

@ -0,0 +1 @@
../../../include/md5.c

1
packages/mcp/src/md5.h Symbolic link
View File

@ -0,0 +1 @@
../../../include/md5.h

View File

@ -1 +0,0 @@
../../tokens/src/tokencli.c

View File

@ -0,0 +1,3 @@
#! /bin/sh
echo 'Try UDP.'

View File

@ -0,0 +1,5 @@
#! /bin/sh -e
IP=$(cat ../octopus/ip.txt)
sv s octopus >/dev/null || exit 1
exec tcpsvd ${IP#/*} 8888 ./octopus-redirect

View File

@ -0,0 +1,4 @@
#! /bin/sh
IP=$(cat ip.txt)
ip addr del $IP dev eth0

View File

@ -0,0 +1 @@
10.0.0.8/24

View File

@ -1,4 +1,6 @@
#! /bin/sh #! /bin/sh -e
exec 2>&1 exec 2>&1
exec /opt/octopus/bin/octopus IP=$(cat ip.txt)
ip addr add $IP label eth0:octopus dev eth0
exec /opt/octopus/bin/octopus ${IP%/*}

View File

@ -194,17 +194,17 @@ struct bound_port {
} bound_ports[PORTS]; } bound_ports[PORTS];
int int
bind_port(int fd, uint16_t port) { bind_port(struct in_addr *addr, int fd, uint16_t port) {
struct sockaddr_in addr; struct sockaddr_in saddr;
addr.sin_family = AF_INET; saddr.sin_family = AF_INET;
addr.sin_port = htons(port); saddr.sin_port = htons(port);
addr.sin_addr.s_addr = INADDR_ANY; memcpy(&saddr.sin_addr.s_addr, addr, sizeof(struct in_addr));
return bind(fd, (struct sockaddr *)&addr, sizeof(addr)); return bind(fd, (struct sockaddr *)&saddr, sizeof(saddr));
} }
int int
rebind() rebind(struct in_addr *addr)
{ {
static int offset = 0; static int offset = 0;
char token[200]; char token[200];
@ -235,7 +235,7 @@ rebind()
bound_ports[i + offset].fd = socket(PF_INET, SOCK_DGRAM, 0); bound_ports[i + offset].fd = socket(PF_INET, SOCK_DGRAM, 0);
do { do {
port = (random() % 56635) + 10000; port = (random() % 56635) + 10000;
ret = bind_port(bound_ports[i + offset].fd, port); ret = bind_port(addr, bound_ports[i + offset].fd, port);
} while (-1 == ret); } while (-1 == ret);
/* Set the last guy's port number */ /* Set the last guy's port number */
@ -340,12 +340,22 @@ main(int argc, char *argv[])
int ret; int ret;
int i; int i;
time_t last = time(NULL); time_t last = time(NULL);
struct in_addr addr;
/* The random seed isn't super important here. */ /* The random seed isn't super important here. */
srand(8); srand(last);
if (argc > 1) {
if (-1 == inet_aton(argv[1], &addr)) {
fprintf(stderr, "invalid address: %s\n", argv[1]);
return EX_IOERR;
}
} else {
addr.s_addr = INADDR_ANY;
}
bound_ports[0].fd = socket(PF_INET, SOCK_DGRAM, 0); bound_ports[0].fd = socket(PF_INET, SOCK_DGRAM, 0);
ret = bind_port(bound_ports[0].fd, 8888); ret = bind_port(&addr, bound_ports[0].fd, 8888);
if (-1 == ret) { if (-1 == ret) {
perror("bind port 8888"); perror("bind port 8888");
return EX_IOERR; return EX_IOERR;
@ -354,7 +364,7 @@ main(int argc, char *argv[])
for (i = 1; i < PORTS; i += 1) { for (i = 1; i < PORTS; i += 1) {
bound_ports[i].fd = -1; bound_ports[i].fd = -1;
} }
if (-1 == rebind()) { if (-1 == rebind(&addr)) {
perror("initial binding"); perror("initial binding");
return EX_IOERR; return EX_IOERR;
} }
@ -364,7 +374,7 @@ main(int argc, char *argv[])
if (last + 4 < now) { if (last + 4 < now) {
last = now; last = now;
if (-1 == rebind()) break; if (-1 == rebind(&addr)) break;
} }
} }

View File

@ -0,0 +1,4 @@
#! /bin/sh
IP=$(cat ip.txt)
ip addr del $IP dev eth0

View File

@ -0,0 +1 @@
10.0.0.91

View File

@ -1,11 +1,14 @@
#! /bin/sh #! /bin/sh -e
exec 2>&1 exec 2>&1
IP=$(cat ip.txt)
ip addr add $IP label eth0:printf dev eth0
# So I say to him, "Alex, what's a good high port number for a CTF category?" # So I say to him, "Alex, what's a good high port number for a CTF category?"
# And he says, "6" # And he says, "6"
# And I say, "no, it has to be bigger than 1000" # And I say, "no, it has to be bigger than 1000"
# And he says, "how about 9001, because that's bigger than 9000" # And he says, "how about 9001, because that's bigger than 9000"
# So, okay. # Okay.
exec tcpsvd 0 9001 ./run-printf exec tcpsvd ${IP#/*} 9001 ./run-printf

View File

@ -1,11 +0,0 @@
#! /bin/sh
if [ -d /opt/mcp ]; then
sv d .
exit
fi
hostname pwnables
ifconfig eth0 10.0.0.10 netmask 255.255.0.0
route add default gw 10.0.0.1
exec inotifyd true $(pwd):x

View File

@ -0,0 +1,4 @@
#! /bin/sh
IP=$(cat ip.txt)
ip addr del $IP dev eth0

View File

@ -0,0 +1 @@
10.0.0.3/24

View File

@ -1,5 +1,9 @@
#! /bin/sh -e #! /bin/sh -e
# Configure IP address
IP=$(cat ip.txt)
ip addr add $IP label eth0:pwnables dev eth0
# Set up chroot environment # Set up chroot environment
# We never umount any of this since it's all just in RAM # We never umount any of this since it's all just in RAM
mkdir -p /mnt/pwnables-root mkdir -p /mnt/pwnables-root

View File

@ -1,3 +0,0 @@
#! /bin/sh
exec logger -t sshd

View File

@ -1,10 +0,0 @@
#! /bin/sh
exec 2>&1
if [ -d /opt/mcp ]; then
sv d .
exit
fi
exec dropbear -r ./rsa.key -E -F

27
packages/rlyeh/rlyeh.mk Normal file
View File

@ -0,0 +1,27 @@
RLYEH_PKGDIR = $(TARGET)/rlyeh
RLYEH_BUILDDIR = $(BUILD)/rlyeh
RLYEH_TAR = $(CACHE)/rlyeh.tar.gz
RLYEH_URL = "http://woozle.org/~neale/gitweb.cgi?p=rlyeh;a=snapshot;h=master;sf=tgz"
$(RLYEH_TAR):
@ mkdir -p $(@D)
wget -O $@ $(RLYEH_URL)
rlyeh-source: $(RLYEH_BUILDDIR)/rlyeh
$(RLYEH_BUILDDIR)/rlyeh: $(RLYEH_TAR)
mkdir -p $(RLYEH_BUILDDIR)
zcat $(RLYEH_TAR) | (cd $(RLYEH_BUILDDIR) && tar xf -)
rlyeh-build: rlyeh-source
$(MAKE) -C $(RLYEH_BUILDDIR)/rlyeh
rlyeh-install: rlyeh-build
mkdir -p $(RLYEH_PKGDIR)/bin
cp $(RLYEH_BUILDDIR)/rlyeh/rlyeh $(RLYEH_PKGDIR)/bin
$(call COPYTREE, packages/rlyeh/service, $(RLYEH_PKGDIR)/service)
rlyeh-clean:
rm -rf $(RLYEH_BUILDDIR)
PACKAGES += rlyeh

View File

@ -0,0 +1,4 @@
#! /bin/sh
read IP < ip.txt
ip addr del $IP dev eth0

View File

@ -0,0 +1 @@
10.0.0.28/24

View File

@ -0,0 +1,42 @@
#! /bin/sh
base=${CTF_BASE:-/var/lib/ctf}
read -p "Team password: " -r teamhash
if ! KEY='Too much cheese.' arc4 < $base/teams.txt | grep -q -F -e "$teamhash"; then
echo 'No such team.'
exit
fi
cd $base/rlyeh
if [ -f $teamhash ]; then
now=$(date +%s)
ts=$(stat -c %Y $teamhash)
d=$(expr $now - $ts)
if [ $d -lt 60 ]; then
echo 'You are trying to connect too fast.'
exit
fi
else
echo 0 > $teamhash
fi
read level < $teamhash
(
if ! flock -n 8; then
echo 'Your team is already logged in.'
exit
fi
echo "Your team is on level $level."
echo
if ./rlyeh $level; then
echo "10 points for Gryffindor!"
expr $level + 1 > $teamhash
else
touch $teamhash
fi
) 8<$teamhash

View File

@ -0,0 +1,10 @@
#! /bin/sh -e
exec 2>&1
read IP < ip.txt
ip addr add $IP label eth0:rlyeh dev eth0
dir=/var/lib/ctf/rlyeh
install -o nobody -d $dir
exec setuidgid nobody tcpsvd ${IP#/*} 1928 ./rlyeh-ctf

View File

@ -1,5 +0,0 @@
#! /bin/sh
exec 2>&1
install -o root -m 0755 -d /var/lib/ctf/tokens
exec ./tokens

View File

@ -1,4 +0,0 @@
#! /bin/sh
cp -r service/* /var/service
mkdir -p /var/lib/ctf/tokens

View File

@ -1,58 +0,0 @@
#include <stdint.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <sysexits.h>
#include "arc4.h"
int
main(int argc, char *argv[])
{
struct arc4_ctx ctx;
/* Read key and initialize context */
{
uint8_t key[256];
size_t keylen = 0;
char *ekey = getenv("KEY");
FILE *f;
if (argc == 2) {
if (! (f = fopen(argv[1], "r"))) {
perror(argv[0]);
}
} else {
f = fdopen(3, "r");
}
if (f) {
keylen = fread(key, 1, sizeof(key), f);
fclose(f);
} else if (ekey) {
keylen = strlen(ekey);
if (keylen > sizeof(key)) {
keylen = sizeof(key);
}
memcpy(key, ekey, keylen);
}
if (0 == keylen) {
fprintf(stderr, "Usage: %s [KEYFILE] <PLAINTEXT\n", argv[0]);
fprintf(stderr, "\n");
fprintf(stderr, "You can also pass in the key on fd 3 or in\n");
fprintf(stderr, "$KEY; omit KEYFILE in this case.\n");
return EX_IOERR;
}
arc4_init(&ctx, key, (size_t)keylen);
}
/* Encrypt */
while (1) {
int c = getchar();
if (EOF == c) break;
putchar(c ^ arc4_pad(&ctx));
}
return 0;
}

View File

@ -1,20 +0,0 @@
TOKENS_PKGDIR = $(TARGET)/tokens
tokens-install: tokens-build
mkdir -p $(TOKENS_PKGDIR)/bin/
$(call COPYTREE, packages/tokens/service, $(TOKENS_PKGDIR)/service)
cp packages/tokens/setup $(TOKENS_PKGDIR)/
cp packages/tokens/src/tokencli $(TOKENS_PKGDIR)/bin/
cp packages/tokens/src/arc4 $(TOKENS_PKGDIR)/bin/
tokens-clean:
rm -rf $(TOKENS_PKGDIR)
$(MAKE) -C packages/tokens/src clean
tokens-build:
$(MAKE) -C packages/tokens/src build
PACKAGES += tokens