diff --git a/doc/2011-01-22-CMU/chase.pdf b/doc/2011-01-CMU/chase.pdf
similarity index 100%
rename from doc/2011-01-22-CMU/chase.pdf
rename to doc/2011-01-CMU/chase.pdf
diff --git a/doc/2011-01-22-CMU/chase.svg b/doc/2011-01-CMU/chase.svg
similarity index 100%
rename from doc/2011-01-22-CMU/chase.svg
rename to doc/2011-01-CMU/chase.svg
diff --git a/doc/2011-01-22-CMU/pacman2.pdf b/doc/2011-01-CMU/pacman2.pdf
similarity index 100%
rename from doc/2011-01-22-CMU/pacman2.pdf
rename to doc/2011-01-CMU/pacman2.pdf
diff --git a/doc/2011-01-22-CMU/pacman2.svg b/doc/2011-01-CMU/pacman2.svg
similarity index 100%
rename from doc/2011-01-22-CMU/pacman2.svg
rename to doc/2011-01-CMU/pacman2.svg
diff --git a/doc/2011-01-22-CMU/ship.pdf b/doc/2011-01-CMU/ship.pdf
similarity index 100%
rename from doc/2011-01-22-CMU/ship.pdf
rename to doc/2011-01-CMU/ship.pdf
diff --git a/doc/2011-01-22-CMU/ship.svg b/doc/2011-01-CMU/ship.svg
similarity index 100%
rename from doc/2011-01-22-CMU/ship.svg
rename to doc/2011-01-CMU/ship.svg
diff --git a/doc/2011-02-UNM/chase.pdf b/doc/2011-02-UNM/chase.pdf
new file mode 100644
index 0000000..51b959c
Binary files /dev/null and b/doc/2011-02-UNM/chase.pdf differ
diff --git a/doc/2011-02-UNM/chase.svg b/doc/2011-02-UNM/chase.svg
new file mode 100644
index 0000000..393c904
--- /dev/null
+++ b/doc/2011-02-UNM/chase.svg
@@ -0,0 +1,350 @@
+
+
+
diff --git a/doc/2011-02-UNM/pacman2.pdf b/doc/2011-02-UNM/pacman2.pdf
new file mode 100644
index 0000000..2043a9b
Binary files /dev/null and b/doc/2011-02-UNM/pacman2.pdf differ
diff --git a/doc/2011-02-UNM/pacman2.svg b/doc/2011-02-UNM/pacman2.svg
new file mode 100644
index 0000000..de2fa75
--- /dev/null
+++ b/doc/2011-02-UNM/pacman2.svg
@@ -0,0 +1,739 @@
+
+
+
diff --git a/doc/2011-02-UNM/ship.pdf b/doc/2011-02-UNM/ship.pdf
new file mode 100644
index 0000000..7ec4aeb
Binary files /dev/null and b/doc/2011-02-UNM/ship.pdf differ
diff --git a/doc/2011-02-UNM/ship.svg b/doc/2011-02-UNM/ship.svg
new file mode 100644
index 0000000..3141465
--- /dev/null
+++ b/doc/2011-02-UNM/ship.svg
@@ -0,0 +1,188 @@
+
+
+
diff --git a/doc/problems.txt b/doc/problems.txt
index 3f7fd2f..c6a3ffc 100644
--- a/doc/problems.txt
+++ b/doc/problems.txt
@@ -2,23 +2,9 @@ Bugs
====
* claim.cgi not exiting (maybe fixed?)
-* tanks/designer.cgi: s/token/team hash/
-* teams.txt: Come up with a better solution to creating this at boot
-
-
-NMT
----
-* Lots of files missing at startup: I really need a new-contest script
-* Tanks aren't awarding points (hadn't added tokens to packages)
- * put tokencli in tanks package
- * all packages ought to work standalone
-* scoreboard: 8 points (1,1,3,3) looks incorrectly proportioned, maybe
- table height competing with cell height?
-* forf manual: describe comments
* We need some programs so that we never have to edit .db files
directly. I truncated tokens.db with > instead of >>.
* Get erin to edit net-re
-* reject port 22 from outside of 10.0.0.0/16
Physical
@@ -32,3 +18,10 @@ Physical
Possibly fixed
--------------
* sequence 300; puzzler isn't taking the unicode character right
+
+
+Won't fix
+---------
+* tanks/designer.cgi: s/token/team hash/
+ "Token" is a good generic term given what forftanks (standalone) does.
+ If necessary, we can pipe the output of the cgi through sed.
diff --git a/doc/todo.txt b/doc/todo.txt
index 6380f26..5f43553 100644
--- a/doc/todo.txt
+++ b/doc/todo.txt
@@ -3,3 +3,6 @@ Things That Need Fixin'
* Do something about all the symbolic links in the build tree
* Make arc4 global somehow
+* put tokencli in tanks package
+* all packages ought to work standalone
+* teams.txt: Come up with a better solution to creating this at boot
diff --git a/doc/tutorial.txt b/doc/tutorial.txt
new file mode 100644
index 0000000..e7af3bc
--- /dev/null
+++ b/doc/tutorial.txt
@@ -0,0 +1,209 @@
+This is a conversation I had with Aaron about how to run the event.
+It occurred on 2010-12-01.
+
+13:00 hello
+13:00 so, are you in as root
+13:00 yes
+13:00 good man
+13:00 runsv /var/service seemed to bring all services up
+13:00 have you poked around the hard drive image at all?
+13:00 but i do not know if it is the best way
+13:00 a little bit
+13:00 it's got two partitions
+13:00 most of the contest is in var
+13:01 /var/lib/ctf
+13:01 yeah okay so
+13:01 the FAT is mount under /mnt I think
+13:01 read-only
+13:01 anything in the root of that FS matching *pkg is mounted loopback under /opt
+13:02 this is how you cherry-pick packages
+13:02 the second FS is ext3 used for ephemeral data
+13:02 er, changing anyway
+13:02 like scores, what puzzles are open, etc.
+13:02 it's all text files
+13:02 that's what's mounted under /var/lib/ctf
+13:03 /dev/sda2 on /var/lib/ctf type ext2 (rw,relatime,errors=continue)
+13:03 ext2 huh
+13:03 I must not have given it the -j
+13:03 well, whatevs
+13:04 so how do the teams work? i see the teams dir in /var/lib/ctf
+13:04 yes
+13:04 names and colors
+13:04 okay so the mcp package is the master server
+13:04 /opt/mcp/bin should be in your path
+13:04 *** 421 opt/mcp/bin Unknown command
+13:04 /opt/mcp/bin should be in your path
+13:04 it is
+13:04 that contains the "addteam" script
+13:04 ahh
+13:05 which creates a hash for that team, puts their team name in "teams/names/$hash" and assigns them a color
+13:05 I think I gave you a copy of the contest after I was done running it at NMT, so there should be stuff in there.
+13:05 the team hash is really a password
+13:05 but the passwords are unique
+13:06 so teams only ever use the hash anywhere, and nothing needs to be able to handle unicode or escape weird characters
+13:06 except the scoreboard.
+13:07 okay so what else is in there
+13:07 in /opt/mcp/bin, might be helpful to look at all utilities in my $PATH
+13:08 /opt/mcp/bin # ls
+13:08 addteam in.tokend puzzles.cgi scoreboard tokencli
+13:08 arc4 pointscli run-ctf teams.sh
+13:08 /opt/mcp/bin # ls
+13:08 addteam in.tokend puzzles.cgi scoreboard tokencli
+13:08 arc4 pointscli run-ctf teams.sh
+13:08 sry
+13:08 right I'll explain all that
+13:08 in.tokend is the thing that hands out tokens
+13:09 tokens look like category:xylep-nanob-fudex
+13:09 i saw the one for the posters
+13:09 just like at defcon
+13:09 aha clever boy
+13:09 did you figure that out or did you steal it from the image?
+13:09 (the hard drive image)
+13:10 figured it out. trying to think of what i would do with 3 keys while taking a shower
+13:10 anyway in.tokend runs on tcp port 1 and most of the communication is encrypted with a shared rc4 secret
+13:10 good man.
+13:10 I was hoping you'd get that one.
+13:11 puzzles.cgi lists the current open puzzles
+13:11 I don't think it runs as a CGI, it generates a static page whenever a puzzle is solved.
+13:11 i think.
+13:11 yeah
+13:11 yes, that's correct.
+13:12 scoreboard generates the scoreboard
+13:12 it's in awk and it's ugly because it has to correlate a bunch of stuff
+13:12 tokencli is a command-line interface to tokend
+13:12 you can use it to generate tokens if you want
+13:13 although the easier way would be to kill the tokend then edit /var/lib/ctf/tokens.db
+13:13 does service==category ?
+13:13 not kill, sv down
+13:13 yes
+13:13 arc4 is just what you'd think it is
+13:13 arc4 is a stream cipher and uses the same algorithm to encrypt as it does to decrypt
+13:14 pointscli allows you to award points without needing to edit any files. You should use it.
+13:14 I accidentally truncated tokens.db at NMT but nobody noticed
+13:14 I was able to rebuild the later part of it.
+13:15 run-ctf updates the points.db and makes the scoreboard
+13:15 teams.sh is not in use.
+13:15 I decided we had to keep team hashes secret.
+13:16 okay, moving on
+13:16 /var/lib/ctf/teams/names # run-ctf
+13:16 cat: can't open '/var/lib/ctf/teams/colors/d5e3d52e': No such file or directory
+13:16 okay first of all run-ctf is already running
+13:16 although running it twice shouldn't hurt anything
+13:16 alright
+13:16 and, yeah, one team decided to merge with another team so I removed their color and renamed them "Phantoms"
+13:17 er, maybe I removed their name too
+13:17 ok
+13:17 anyway that error message is because of a workaround of a busybox bug that I submitted and has now been fixed
+13:18 okay what else.
+13:18 web pages are /var/www
+13:18 puzzles get symlinked into there
+13:18 like steg and sequence
+13:19 the puzzles themselves live under /opt/steg/
+13:19 or whatnot
+13:19 and there you will find anwsers.txt and summary.txt
+13:19 which should assist you with assisting folks
+13:20 so under http://10.0.0.2/puzzles.html, it lists 4 puzzles... but there are far more on scoreboard
+13:20 i know tanks is not under open puzzles
+13:20 are there supposed to be more categories that will open up over time?
+13:20 right okay
+13:20 what I call "puzzles" are the static HTML web page things.
+13:21 you look at the web page, maybe download some stuff, and later come back with the "answer"
+13:21 which is sent to puzzler.cgi
+13:21 which checks it against answers.txt
+13:21 and then awards points if you got it right
+13:21 also appends to /var/lib/ctf/puzzles.db so you can't get the same points twice
+13:22 alright
+13:22 everything else up there was a token claim
+13:22 so like, tanks connects to tokend, gets a token, and then claims it for you.
+13:22 the pwnables just give you the token and you have to claim it yourself
+13:23 /var/lib/ctf/claim.db lists what teams have claimed what tokens
+13:23 each token is good for one point per team
+13:24 so if team A redeemed a token, team B can still redeem that same token.
+13:24 oh I should mention, sequence 300 may be unsolveable because of how browsers submit unicode.
+13:24 I should have it fixed by the time you run but it may still break.
+13:25 ok
+13:25 so sometimes people say they're usre they have the right answer, and sometimes they're just wrong, but other times there's a bug.
+13:25 I *think* I've fixed all the bugs.
+13:26 As long as you acknowledge that there was a bug in a timely fashion, people don't seem to get too bent out of shape about it.
+13:26 um what else do we need to go over
+13:26 isnt crypto a puzzle that belongs on the open puzzles page?
+13:26 well, it's not mounted
+13:27 I think I mounted that one by hand on day 2.
+13:30 ok, so which things should be added on day two? just the rest in /mnt/ctf/disabled?
+13:30 you can do that if you want.
+13:30 You'll have to play it by ear and watch how far everybody's getting.
+13:30 There are a lot of live puzzles in disabled.
+13:31 is octopus the same as blooper?
+13:31 The pwnables package will come up as 10.0.0.10 if it's not running on the mcp box
+13:31 yes it is.
+13:31 I put pwnables and octopus on a second box
+13:31 ok
+13:31 and logger.
+13:32 those three ran on their own machine.
+13:32 I told people to portscan 10.0.0.0/24
+13:32 you have to tell them that octopus is on UDP 10.0.0.10:8888 because UDP portscans take weeks.
+13:33 oh and printf
+13:33 I ran printf on the pwnables box
+13:33 all the live stuff, other than tanks, I ran there.
+13:33 pwnables gives a passwordless telnet login
+13:33 and you can guess what happens to that machin.
+13:34 it's in a chroot jail so no big damage, but it gets slow.
+13:34 to bring up the 2nd box, did you just copy the .pkg files around in and restart the packages service?
+13:34 ok
+13:34 yeah, just clone the thumb drive and select different .pkg files for the top-level
+13:34 and boot that way
+13:34 unfortunately packages aren't hot-swappable, really
+13:34 you'll have to reboot to get new packages
+13:34 or read some shell scripts
+13:34 ok
+13:35 it's all in /var/service/packages
+13:35 but I don't think I wrote that to be robust enough to deal with things already being mounted.
+13:35 I'll work on it though.
+13:35 it would be a nice thing to have.
+13:36 I think that's about it!
+13:37 I ought to go through the categories
+13:37 basemath: for high school kids, learn about different bases
+13:37 bletchley: just total weirdness in binary form. A lot like steg.
+13:38 codebreaking: for high school kids, mostly monoalphabetic substition ciphers. Would be good for novice teams.
+13:38 compaq: malware RE
+13:38 crypto: cryptanalysis
+13:38 forensics: some of Kevin's stuff. I don't think it even works :<
+13:39 hackme: a dumb thing where you have to brute-force URLs to the puzzle system. Seems to really stump people.
+13:39 logger: logfile parsing, you netcat to it and get a fire hose of made-up log entries
+13:39 mcp: master control program (main server)
+13:39 net-re: network RE, set up initially as a tutorial. My pride and joy.
+13:39 octopus: blooper
+13:40 printf: netcat to it and send it a printf formatting string to examine and manipulate the stack
+13:40 pwnables: has three things:
+13:40 gimmie: run it and it gives you a token. This seems to take people several hours to script, though.
+13:40 killme: prints out a signal number, you have 2 seconds to send it that signal.
+13:41 straceme: use strace (which you must first upload and get working) to figure out what the crap it wants
+13:41 ltraceme: use ltrace (same deal), craft a new library, and LD_PRELOAD it
+13:41 sequence: guess the next number(s) in the sequence
+13:42 skynet: more malware RE
+13:42 steg: steganography. I think this is the most fun one, then bletchley, then net-re
+13:42 tanks: you know what tanks is
+13:43 tokens: a helper package required by pwnables, tanks, octopus, logger, printf, and others. Just always have it.
+13:43 webapp: chash's vulnerable web app. Not sure it works with this framework.
+13:44 that's it
+13:44 I can't think of anything else to type.
+13:45 i can not think of anything else to type
+13:45 i should probably to a test run at home
+13:45 set it up on multiple computers
+13:45 that would be wise.
+13:46 see if i can get pwnables and octopus on it's own box
+13:46 You'll want to make sure whatever machines you're running this on are able to bring up a network interface
+13:46 hardware does not have to be anything powerful, so i have a couple laptops at home
+13:46 yeah, pretty much anything should work
+13:46 I compiled in every NIC driver Linux had available.
+13:47 haha
+13:47 and I presume I don't need to tell you how to set up the network.
+13:48 I do 10.x.0.0/16 for each team with a DHCP server handing out addresses.
+13:48 If you'd like I can provide you with the OpenWRT configuration files to set up a router.
+13:48 then you just hook up a managed switch and you're all set.
+13:50 for testing you could just turn on every package.
+13:52 oh, and it's a good idea to test rebooting it to make sure scores persist
+13:52 that requires a partiton with a certain label
+13:52 CTF-STATE
+13:52 I'll see if I can whip up a shell script to prepare a thumb drive.
+>
diff --git a/packages/ircd/ircd.mk b/packages/ircd/ircd.mk
index 1f3bef0..75d1024 100644
--- a/packages/ircd/ircd.mk
+++ b/packages/ircd/ircd.mk
@@ -1,12 +1,13 @@
IRCD_PKGDIR = $(TARGET)/ircd
IRCD_BUILDDIR = $(BUILD)/ircd
-IRCD_VERSION = 16
+IRCD_VERSION = 17.1
IRCD_TAR = $(CACHE)/ngircd-$(IRCD_VERSION).tar.gz
IRCD_URL = ftp://ftp.berlios.de/pub/ngircd/ngircd-$(IRCD_VERSION).tar.gz
IRCD_SRCDIR = $(IRCD_BUILDDIR)/ngircd-$(IRCD_VERSION)
# Prevents automake from mangling cross-compiled binary names
-IRCD_CONF_OPT := --program-transform-name=
+IRCD_CC_HOST := $(shell $(CC) -v 2>&1 | awk '/Target:/{print $$2}')
+IRCD_CONF_OPT := --host=i686-unknown-linux-uclibc --program-transform-name=
ircd-install: ircd-build
@@ -30,7 +31,7 @@ ircd-install: ircd-build
mkdir -p $(IRCD_PKGDIR)/bin
cp $(IRCD_SRCDIR)/src/ngircd/ngircd $(IRCD_PKGDIR)/bin
- $(call COPYTREE, packages/ngircd/service, $(IRCD_PKGDIR)/service)
+ $(call COPYTREE, packages/ircd/service, $(IRCD_PKGDIR)/service)
ircd-clean:
rm -rf $(IRCD_BUILDDIR)
diff --git a/packages/mcp/bin/new-contest b/packages/mcp/bin/new-contest
new file mode 100755
index 0000000..1f56500
--- /dev/null
+++ b/packages/mcp/bin/new-contest
@@ -0,0 +1,29 @@
+#! /bin/sh
+
+if [ "$1" -ne "-f" ]; then
+ echo "Usage: $0 -f"
+ echo
+ echo "Wipes out the current contest. This operation is not"
+ echo "reversable, which is why you have to specify -f to signify"
+ echo "that you know what you're getting into."
+ exit
+fi
+
+sv d tokend
+sv d pointsd
+sv d puzzled
+sv d tanksd
+
+rm -f /var/lib/ctf/tokens.db
+rm -f /var/lib/ctf/points.log
+rm -f /var/www/scoreboard.html
+rm -f /var/lib/ctf/puzzles.db
+rm -rf /var/lib/ctf/points.new
+rm -rf /var/lib/ctf/points.tmp
+rm -rf /var/lib/ctf/tanks
+rm -rf /var/lib/ctf/teams
+
+sv u tokend
+sv u pointsd
+sv u puzzled
+sv u tanksd
diff --git a/packages/mcp/service/sshd/finish b/packages/mcp/service/sshd/finish
new file mode 100755
index 0000000..6b7b77b
--- /dev/null
+++ b/packages/mcp/service/sshd/finish
@@ -0,0 +1,4 @@
+#! /bin/sh
+
+iptables -D INPUT -s 10.0.0.0/16 --proto tcp --dport 55 -j ACCEPT
+iptables -D INPUT --proto tcp --dport 55 -j REJECT
diff --git a/packages/mcp/service/sshd/run b/packages/mcp/service/sshd/run
index e60e68b..8c10f2e 100755
--- a/packages/mcp/service/sshd/run
+++ b/packages/mcp/service/sshd/run
@@ -1,4 +1,6 @@
#! /bin/sh
exec 2>&1
+iptables -A INPUT -s 10.0.0.0/16 --proto tcp --dport 55 -j ACCEPT
+iptables -A INPUT --proto tcp --dport 55 -j REJECT
exec dropbear -r ./rsa.key -E -F
diff --git a/packages/mcp/www/index.html b/packages/mcp/www/index.html
index fdb8d02..2763674 100644
--- a/packages/mcp/www/index.html
+++ b/packages/mcp/www/index.html
@@ -21,6 +21,8 @@
Contest chat
+ carries important announcements, and sometimes clues and
+ puzzles.
@@ -43,7 +45,8 @@
Do not attack machines outside the contest network
- (10.x.x.x).
+ (10.x.x.x). Low ports (under 1024) do not
+ run contest categories.
Consider the contest network hostile. It is up to you to
diff --git a/packages/packages.mk b/packages/packages.mk
index 261e2b5..2981412 100644
--- a/packages/packages.mk
+++ b/packages/packages.mk
@@ -7,8 +7,8 @@ endef
define STANDARD_PUZZLE
t=$(strip $1)
-$t-install: $t-stdinstall
-$t-stdinstall:
+$t-install: $(TARGET)/$t
+$(TARGET)/$t: packages/$t
mkdir -p $(TARGET)/$t
./mkpuzzles packages/$t $(TARGET)/$t