DEFCON CTF 2013 Quals [grandprixk Writeup

DEFCON CTF 2013 Quals [grandprixk Writeup

This time at DEFCON CTF quals there was a special task category, namely OMGACM or competitive programming. Here is a solution to OMGACM 3 task. We have a remote host that offers to play a race game:

Connected to
Escape character is '^]'.
Use 'l' and 'r' to move. Don't crash.
Press return to start

OK, we send ‘
’ to start and see a 5×8 track with different obstacles:

| c P|
| P T|
| |
| |
| T|
| c |
| |
| |
| u |

u — is our «car» which should avoid:

T - tree
Z - zebra
r - rock
P - person
c - car

What we need is to send ‘l
’ to turn left ‘r
’ to turn right or just ‘
’ to move straight. This is a pathfinding problem which can be solved using the A* (AStar) algorithm . I found a nice implementation in python here . The algorithm to solve this task is as follows:

  • parse track to get the position of the obstacles and of our car identified by x and y

  • construct a map, set corresponding nodes as blocked

  • try to launch pathfinding algo on every free node at the top the track until we find a path

  • finally subtract current position of the car from the first element of the computed path, if it is 1 we turn left, if -1 — right, otherwise we send ‘

After I got fully working solver, I faced a time limit problem, as only 2 minutes were given to get to the finish. However I overcame this problem when the code was launched from an Amazon EC2 instance. To get the key you needed to pass the track several times:

DEFCON CTF 2013 Quals OMGACM grandprix

Here is complete code of the solver:

Остальное ctf defcon writeup
Alt text

Один хакер может причинить столько же вреда, сколько 10 000 солдат! Подпишись на наш Телеграм канал, чтобы узнать первым, как выжить в цифровом кошмаре!

Арсений Реутов

блог о web-безопасности