Fri, 11 Dec. 2020, 15:00 UTC — Sun, 13 Dec. 2020, 15:00 UTC 

On-line

An ASIS CTF Finals event.

Format: Jeopardy Jeopardy

Official URL: https://asisctf.com/

This event's future weight is subject of public voting!

Future weight: 65.47 

Rating weight: 85.81 

Event organizers 

Prizes

TBA

Scoreboard

349 teams total

PlaceTeamCTF pointsRating points
1 perfect blue 4268.000171.620
2 More Smoked Leet Chicken 3641.000116.109
3 The Flat Network Society 3493.00098.832
4 DiceGang 2559.00072.902
5 ID-10-T 2289.00063.183
6 justCatTheFish 2094.00056.402
7 Black Bauhinia 2050.00053.475
8 Super Guesser 1955.00050.032
9 flagbot 1887.00047.473
10 TokyoWesterns 1746.00043.685
11 Dragon Sector 1574.00039.447
12 Epic Leet Team 1468.00036.666
13 p4 1410.00034.949
14 ALLES! 1404.00034.357
15 mode13h 1311.00032.079
16 Hackiit 1273.00030.957
17 MV9rwGOf08 1246.00030.099
18 ./Vespiary 1222.00029.336
19 pwnthem0le 1189.00028.422
20 noar 1170.00027.814
21 bi0s 1165.00027.509
22 KerKerYuan 1097.00025.956
23 FAUST 1092.00025.686
24 kalmarunionen 1076.00025.209
25 TSG 1058.00024.704
26 dcua 1039.00024.190
27 Shellphish 996.00023.203
28 RemiX 816.00019.471
29 WE_0WN_Y0U 751.00018.058
30 STT 728.00017.497
31 guestzeroone 725.00017.345
32 PwnaSonic 715.00017.057
33 0x90r00t 653.00015.729
34 (l00p3r1n0;cat) > fs0c13ty 653.00015.653
35 mugi 653.00015.581
36 the cr0wn 653.00015.512
37 TeamCC 582.00014.021
38 5upernova 579.00013.899
39 CYberMouflons 536.00012.977
40 KUDoS 534.00012.882
41 F03v3ryY0ung 489.00011.924
42 イレイナ 443.00010.950
43 noraneco 442.00010.882
44 ripp3rs 437.00010.736
45 Mail.ru 415.00010.251
46 n0l3ptr 410.00010.109
47 Billy 375.0009.365
48 Srdnlen 370.0009.227
49 ctfers 370.0009.190
50 Yellow Lotus Attackers 370.0009.155
51 hxp 352.0008.760
52 Rakun 344.0008.566
53 irNoobs 310.0007.852
54 NullzSec 304.0007.701
55 pappo 299.0007.572
56 Andervish 299.0007.544
57 CTF Community 296.0007.457
58 EvilBunnyWrote 291.0007.330
59 DarkArmy 291.0007.305
60 BTC 273.0006.919
61 badfirmware 255.0006.534
62 Plaid Parliament of Pwning 255.0006.511
63 hack^3 233.0006.047
64 Red Knights 231.0005.985
65 Zh3r0_0ffici4l 230.0005.944
66 iranari 225.0005.824
67 keksd0se 225.0005.804
68 tu2nd0wnf02wh4t 225.0005.786
69 GRAIL TEAM 220.0005.667
70 marzhan 220.0005.649
71 dodododo 217.0005.571
72 FFF 212.0005.454
73 msk 184.0004.875
74 InfosecIITG 170.0004.578
75 w0pr 165.0004.462
76 BullSoc 165.0004.446
77 beerpwn 165.0004.432
78 hhshui 164.0004.397
79 exitzero.de 160.0004.303
80 mohy 160.0004.289
81 CraicThePlanet 159.0004.256
82 Ferris Wheel 159.0004.243
83 Covid Overflow 159.0004.231
84 HackWara 154.0004.118
85 lost+found 154.0004.106
86 b3y0nd_1nf1n1ty 146.0003.933
87 flash 146.0003.922
88 0xBlueSky 146.0003.911
89 kite 146.0003.900
90 yario 146.0003.889
91 pattern 146.0003.878
92 reloelf 146.0003.868
93 ru7ynk4 146.0003.858
94 kasiatutej 139.0003.708
95 C_men 99.0002.894
96 FireShell 99.0002.884
97 alicio 99.0002.875
98 k0kos 94.0002.766
99 Flaggermeister 94.0002.757
100 interface-0 94.0002.748
101 munch1es 94.0002.740
102 CyberDevelopers 91.0002.671
103 noxFort 91.0002.663
104 zuzzur3ll0n1 91.0002.655
105 saarsec 91.0002.647
106 Porg Pwn Platoon 91.0002.639
107 lelelel 91.0002.632
108 UIT 91.0002.624
109 ttt 91.0002.617
110 AkaiShui 91.0002.610
111 aaaaa 86.0002.502
112 ****** 86.0002.495
113 bruh 86.0002.488
114 u310831124E0B5DF3311A 86.0002.482
115 sdfghj 86.0002.475
116 farmingsimulator2015 86.0002.469
117 bmu 86.0002.462
118 memikasa 86.0002.456
119 acdwas 80.0002.330
120 randomteamname 80.0002.324
121 blackjackets 80.0002.318
122 ReFiOc 80.0002.312
123 Terminal Cats 80.0002.306
124 T4k0y4k1Suk1y4k1Sush1 80.0002.300
125 pooq 80.0002.295
126 D4nt3 80.0002.289
127 kocheng_RGB 80.0002.284
128 GLRE 80.0002.279
129 C0DEX 80.0002.274
130 Batch File 80.0002.269
131 IQ-toppene 79.0002.243
132 uroz 71.0002.078
133 NGA 71.0002.073
134 sh1nt4 71.0002.068
135 Peach 66.0001.963
136 ogathrow 20.0001.033
137 Neya 20.0001.028
138 dddddddd 20.0001.024
139 safe-mode 20.0001.019
140 F1@9-Sn1p3rs 20.0001.015
141 Judea Warriors 20.0001.011
142 Cortafuegos Rompehielos 20.0001.006
143 The Sheriff 20.0001.002
144 Essole 20.0000.998
145 onotch 20.0000.994
146 szaprw23ha 20.0000.990
147 NIS 20.0000.986
148 The Few Chosen 20.0000.982
149 zentoo 20.0000.978
150 w0rmT34M 20.0000.974
151 PBSK.Coolhackn 20.0000.970
152 noob-atbash 20.0000.967
153 mpt 20.0000.963
154 charlie.w 20.0000.959
155 cyberKai 20.0000.956
156 AUWO 20.0000.952
157 FERctf 20.0000.949
158 Panic 20.0000.945
159 Th3Noobs 20.0000.942
160 WMG 20.0000.938
161 edi 20.0000.935
162 LinuxRiders 20.0000.932
163 Timmy 20.0000.929
164 Zepto team 20.0000.925
165 cosmicgoat 20.0000.922
166 s4hm4d 20.0000.919
167 takke 20.0000.916
168 CH1NW1Y4 20.0000.913
169 tteam 20.0000.910
170 SyncSploit 20.0000.907
171 BlazerKun 20.0000.904
172 Ahimsa 20.0000.901
173 N0f3@r 20.0000.898
174 Champions 20.0000.895
175 Tsuku4 20.0000.892
176 test 20.0000.890
177 Noobzs 20.0000.887
178 S0m3_0ne 20.0000.884
179 KXTI_KATA 20.0000.881
180 duck420 20.0000.879
181 whitehathacker 20.0000.876
182 buffer0verflow 20.0000.874
183 N30Z30N 20.0000.871
184 0101 20.0000.868
185 namlleh 20.0000.866
186 noplalic 20.0000.863
187 golden_record 20.0000.861
188 The_Slayers 20.0000.859
189 - 20.0000.856
190 BackMoon 20.0000.854
191 Zyrfex 20.0000.851
192 ADSIZLAR 20.0000.849
193 St0rm 20.0000.847
194 Clussec 20.0000.844
195 erikkabir 20.0000.842
196 6r3g 20.0000.840
197 RPCA Cyber Club 20.0000.838
198 JONPIZZA IS COOL 20.0000.835
199 DiyarbakırSiber 20.0000.833
200 HACKK 20.0000.831
201 etherknot 20.0000.829
202 secsyst 20.0000.827
203 签到了就跑 20.0000.825
204 LeonT 20.0000.823
205 Shell_hunters 20.0000.821
206 pcfx 20.0000.819
207 ;echo"hacked" 20.0000.817
208 NuLl&v0iD 20.0000.815
209 Crib_Warrior 20.0000.813
210 tekchbila 20.0000.811
211 zyGOTs 20.0000.809
212 aqaqa 20.0000.807
213 3xpl0itTh3W0rld 20.0000.805
214 xssharma 20.0000.803
215 p4snet0 20.0000.801
216 Bytersec_Squad 20.0000.799
217 3vu_2ruws9z8qfgc 20.0000.798
218 wiwam845 20.0000.796
219 Al3x2 20.0000.794
220 x00xteam 20.0000.792
221 kietu 20.0000.790
222 4k3l4rr3 20.0000.789
223 grandblue 20.0000.787
224 stankc 20.0000.785
225 r00tn3p@! 20.0000.783
226 Luk 20.0000.782
227 MMMmmm 20.0000.780
228 badsctr 20.0000.778
229 Zzzzz 20.0000.777
230 gruf 20.0000.775
231 Cookies 20.0000.774
232 RETCHAK 20.0000.772
233 ZARA 20.0000.770
234 Ternary Bits 20.0000.769
235 areareare 20.0000.767
236 silviahackteam 20.0000.766
237 E0x 20.0000.764
238 CSI 20.0000.763
239 qdtjvszxc 20.0000.761
240 Shadow Spider 20.0000.760
241 uetctf 20.0000.758
243 KXTI_PineCone 20.0000.755
244 KXTI_SSGS 20.0000.754
245 kxti_WOLF 20.0000.752
246 P@Ge2mE 20.0000.751
247 21312313123 20.0000.750
248 HUn75M4n 20.0000.748
249 flamezzz 20.0000.747
250 nhy 20.0000.745
251 newbie 20.0000.744
252 The Pighty Mangolins 20.0000.743
253 exntrc 20.0000.741
254 n00b_t34m 20.0000.740
255 mikejam 20.0000.739
256 basidi 20.0000.737
257 2cr4sh 20.0000.736
258 Z3R0 20.0000.735
259 WAT3RM3LON 20.0000.733
261 Team Newbs 20.0000.731
262 H4ckSn0w 20.0000.730
263 Atreus 20.0000.728
264 naoki23 20.0000.727
265 rooted 20.0000.726
266 xxyyzz 20.0000.725
267 bootplug 20.0000.723
268 到此一游 20.0000.722
269 T4mil_debuggers 20.0000.721
270 pipipampers 20.0000.720
271 pkucc 20.0000.719
272 c8763 20.0000.718
273 hjhj 20.0000.716
274 mnx 20.0000.715
275 Very Nice Sir 20.0000.714
276 swagboiz 20.0000.713
277 ev3r 20.0000.712
278 Sembarang_W3s!!! 20.0000.711
279 test123 20.0000.710
280 NUOL_CS_CLUP 20.0000.709
281 0x000f 20.0000.707
282 NoTeam 20.0000.706
283 hackstreetboys 20.0000.705
284 xrzhev 20.0000.704
285 RKTEAM 20.0000.703
286 subrsp0x27 20.0000.702
287 111 20.0000.701
288 moon 20.0000.700
289 Aqua 20.0000.699
290 Lopatz 20.0000.698
291 Elundis Core 20.0000.697
292 BharatSec 20.0000.696
293 cmonBruh 20.0000.695
294 strange_uncle 20.0000.694
295 zako 20.0000.693
296 Lions 20.0000.692
297 UdagawaWhiteBears 20.0000.691
298 y12uN 20.0000.690
299 mrwhite 20.0000.689
300 ZombieBot 20.0000.688
301 Ronn1n 20.0000.687
302 aaaaaa 20.0000.686
303 null2root 20.0000.685
304 t3c 20.0000.684
305 Assssssssssss 20.0000.683
306 Huntik 20.0000.683
307 KUCS 20.0000.682
308 dessert 20.0000.681
309 hakka man 20.0000.680
310 skyepodium 20.0000.679
311 0a24 20.0000.678
312 min 20.0000.677
313 tryit 20.0000.676
314 Llama Palooza 20.0000.675
315 Dokko 20.0000.675
316 don's team 20.0000.674
317 347 20.0000.673
318 Wazzledi 20.0000.672
319 T35H 20.0000.671
320 123 20.0000.670
321 C521 20.0000.669
322 EConGa 20.0000.669
323 mumu 20.0000.668
324 NULL Life 20.0000.667
325 Whois_Junior 20.0000.666
326 Hextraditables 20.0000.665
327 sidteam 20.0000.665
328 Zarko 20.0000.664
329 12 20.0000.663
330 ProxiesAreCool 20.0000.662
331 MeAndMe 20.0000.661
332 jetosd 20.0000.661
333 kerker123 20.0000.660
334 HSUHSU 20.0000.659
335 5t0n3_t 20.0000.658
336 cSee 20.0000.657
337 Nir4u 20.0000.657
338 dalaodaidaiwo 20.0000.656
339 superteammate 20.0000.655
340 4fun 20.0000.654
341 ANLE 20.0000.654
342 the 17 20.0000.653
343 你过来啊 20.0000.652
344 Blueberry 20.0000.652
345 entroy 20.0000.651
346 L3o 20.0000.650
347 johnson 20.0000.649
348 bloopsandshloops 20.0000.649
349 BuGErr0rJubJub 20.0000.324
350 Nyx 20.0000.324
351 Ryuzaki 20.0000.323
k4at3034Dec. 11, 2020, 2:25 p.m.

guys where to join for discussion and updates?


RedfordDec. 13, 2020, 10:51 p.m.

I'd rate it 30, but I'm giving -10 bonus for not listening at all to the last year's feedback (e.g. the annoying PoW). Some challenges were nice, but most of them were incredibly guessy, annoying or broken.

Some examples:
* Coffeehouse: It's clear that no one tested this challenge before release. They first shipped the flag instead of the challenge data, then fixed it, but it turned out that the challenge encrypted and printed only half of the flag (sic!) and only the third version was solvable.
* Crusoe: Pure guessing in "RE" category, the first version wasn't even solvable.
* baby reverse: Weird binary with a lot of fake cues, without even clear point what we are supposed to do with it + a server with a different binary hosted, with some guessing game. To make things more PITA, the server was behind an annoying PoW, for which I'll just copy my last year's feedback comment: "What's the goal in randomizing between 6 different hashing functions? Making players angry? Also, despite its PITA-ness it didn't worked as intended - it was possible to cache results (hash input wasn't required to have a given prefix) and solve it almost instantly."
*גל התקפה : Totally guessy image stego.
* Hardest challenges were released in the second half of the CTF, the easiest at the beginning, so, the first half was boring and the latter was too packed with challs.

And some nice exceptions:
* Abbott: reversing a simple custom compression, easy but nice challenge (doing it blackbox way was fun :) )
* Some pwns were nice


terjanqDec. 14, 2020, 1:24 p.m.

I have to heavily disagree with Redford's rating. There were exactly 25 challenges on the CTF. I haven't had the opportunity to look at 'Coffeehouse', 'Crusoe' and 'התקפה', but had a look at the 'baby reverse', which seemed bad indeed. We scored the first two, but I don't know the opinion about these two.

Nevertheless, I don't remember a CTF that would not have a few bad/guessy/boring challenges, and yet they still get a good score. This CTF I looked at:

* Less secure secrets - a nice medium challenge, with an unexpected solution
* More secure secrets - a very nice continuation of the previous challenge that combined a few really neat techniques
* The Real Server - this was a little bit guessy and could be presented better, but once you got past that, it was a nice challenge too
* Mask Store - an awesome challenge with three unintended solutions, which were not bad too, but two of them could be annoying, because of leaking byte-by-byte
* Amazing notes - a truly awesome challenge that introduced a very new concept (at least to CTFs) of bypassing the CSP with service workers. Surprisingly no unintended solutions that I am aware of, which for that kind of challenge is incredibly hard to achieve.
* abbott - a reverse challenge which we solved as a misc, and probably would fit better to misc than reverse, but still, you had a choice how you wanted to approach it, so it was nice

So, not only "some pwns were nice" but every single web challenge was very good, at the level of the top CTF.

> * Hardest challenges were released in the second half of the CTF, the easiest at the beginning, so, the first half was boring and the latter was too packed with challs.

I might be hallucinating, but this started to be a new trend that CTFs seem to follow the pattern of starting with easier challenges, and Dragon Sector recent CTF was no different in that matter, at least that's what our logs say about the time it took us to solve certain challenges. And I understand why one would want to do this, so teams don't get scared off early off, perhaps. But I find this comment unfair because it's how most of the recent CTFs worked like.

But for the ASIS advantage, they at least released exactly one challenge per category which entertained everyone on the team that waited for the start of the CTF, in comparison to other CTFs such as HITCON or Dragon CTF, that haven't followed the path, and I was personally bored at the start, and I know some other people too.

The CTF of course wasn't perfect and there are things that they could have improved on, e.g.:
* Admins seemed unresponsive on IRC, or always AFK when I joined
* PoWs were indeed annoying
* Some challenges were indeed bad from what I heard, but I personally haven't experienced that

I believe that rating 20 is unfair and is based on questionable arguments. 4 bad challenges out of 25, shouldn't denote such a low rating.


RedfordDec. 14, 2020, 5:24 p.m.

> Some examples:

> 4 bad challenges out of 25, shouldn't denote such a low rating.

Those were just examples, as I noted in my response. I didn't go over all existing challenges there. Almost everything we looked at was broken, so a few good webs/pwns doesn't make it a good CTF in my opinion. The overall quality was terrible, so was our experience playing it.

> Dragon Sector recent CTF was no different in that matter, at least that's what our logs say about the time it took us to solve certain challenges

We try to release hard challenges early, at least that's what we aim for. Looking at the logs, 4 hardest challs (<10 solves) were: BitmapManager, no-eeeeeeeeeeeemoji, Home Office 2, AppArmor2. BitmapManager and no-eeeeeeeeeeeemoji were available from the beginning of the CTF, and Home Office 2 and AppArmor2 after 18 hours (out of 48h duration), so I don't think it's as bad as you described it (but we intended to release Home Office 2 earlier, problems with deployment delayed it).


AkaiShuiDec. 15, 2020, 2:58 a.m.

@terjanq I don't think the service workers bypass using CSP is a new approach to CTF at all. You might want to check out https://ctftime.org/writeup/15351 , one of the Balsn CTF 2019 challenge and also in many Chinese CTFs.


NieDzejkobDec. 15, 2020, 5:12 p.m.

I'm disappointed with almost every challenge I looked at, including the entire crypto category.
- Coffeehouse: write a straight-forward decryption function corresponding to a block cipher, then brute force the key.
- Chloe: likewise, except you also need to know how XOR works, and writing the decryption routine is more laborious.
- Crusoe: re challenge that can be blackboxed as a substitution cipher. Most of the work was in handling the 2D ASCII-art output format. The base64 result was the flag, apparently, but the author somehow didn't realize that the first step is .tolower().
- Vote: stripped c++ pwn with heavy STL usage. Most of the work is in actually reversing the thing.
- Trio Couleurs: the crux of the challenge was implementing a DES cryptanalysis paper. That's quite time-consuming, so I would've preferred if the challenge was released earlier. As should be expected by now, a separate component of the challenge required lots of bruteforce. Considering the rest of the challenge, this did not add any difficulty whatsoever. As I've later learned, the attack in question has also appeared on 0CTF, giving an advantage to teams who happened to have a script laying around for that.
- Congruence: at first, this challenge was enticing with its mathematical purity. I was hoping for learning of an interesting solution once the CTF was over. However, the author did not share their solving script. Considering the lack of testing seen in earlier challenges, I am not sure the challenge is at all solvable anymore. As usual, an element of brute force was involved, but I'm not sure how justified it was in the context of the solution.
- Galiver: a highly nontrivial challenge, released just 6 hours before the end of the competition. The point of releasing challenges so late is beyond me.

One challenge doesn't fit this theme - Abbott was a pleasant compression reverse engineering challenge. Doable as black-box, but the binary was still there when you got stuck.