Sat, 23 Jan. 2016, 18:30 UTC — Sun, 24 Jan. 2016, 18:30 UTC 

On-line

Break In event.

Format:  

Official URL: https://felicity.iiit.ac.in/threads/breakin/

Future weight: 5.00 

Rating weight: 5.00 

Event organizers 

no logo

Event Details are on the event page.

Prizes

Event Details are on the event page.

Scoreboard

147 teams total

PlaceTeamCTF pointsRating points
1 Snatch The Root 1491.00010.000
2 p4 1170.0006.424
3 bletchleyhack 870.0004.584
4 guilanon 820.0004.000
5 khack40 770.0003.582
6 sauces 720.0003.248
7 BU 670.0002.961
8 TheFilesAreInTheComputer 670.0002.872
9 mementomori 670.0002.802
10 hanto 670.0002.747
11 Dragon Sector 620.0002.534
12 w0pr 620.0002.496
13 Raccoons 620.0002.464
14 Insanity 590.0002.336
15 Team_Action_Kaktus 570.0002.245
16 TokyoWesterns 570.0002.224
17 objEEdump 570.0002.206
18 scryptos 570.0002.189
19 randoom 520.0002.007
20 HackXore 470.0001.826
21 Rõnins 450.0001.747
22 arthepsy 420.0001.636
23 farsa 420.0001.626
24 AnonNouiri 420.0001.617
25 Namivanmi 420.0001.608
26 kileak 420.0001.601
27 MV9rwGOf08 420.0001.594
28 penthackon 420.0001.587
29 dcua 420.0001.581
30 xil.se 420.0001.575
31 nneonneo 400.0001.503
32 Rõnins 400.0003.245
33 Centaurs 400.0001.493
34 Maigel 400.0001.488
35 0x90r00t 370.0001.384
36 Root_Admin 350.0001.313
37 0xdeadbeef 320.0001.208
38 enZyme 320.0001.205
39 RingZer0 Team 320.0001.201
40 mage 320.0001.198
41 Guerilla 320.0001.195
42 ryko212 320.0001.192
43 Effective 320.0001.189
44 _Zlo 320.0001.187
45 TheExploiter 300.0001.117
46 CorpOfHack2 300.0001.115
47 vimvaders 300.0001.112
48 Nabla 300.0001.110
49 PENSIUN | DFCI | SUKSMA 270.0001.007
50 The_Flying_Dutchman 270.0001.005
51 tomerun 270.0001.003
52 Absurd 250.0000.935
53 Singularity 220.0000.832
54 Invulnerable 220.0000.830
55 OverDover 220.0000.829
56 wtf_I_Cant_register 220.0000.827
57 Tower of Hanoi 220.0000.825
58 the_real_team_the_best_team 220.0000.824
59 buttercup 220.0000.823
60 r3b00+ 220.0000.821
61 flipdot 220.0000.820
62 Hans 220.0000.818
63 NISNIS 220.0000.817
64 NiewidzialnaReka 200.0000.749
65 Tester 200.0000.748
66 blackflame 200.0000.746
67 dawnrojasw 200.0000.745
68 TotallyNotByteBandits 200.0000.744
69 auth12 200.0000.743
70 At Least We're Pretty 200.0000.742
71 tank1st99 200.0000.741
72 metis 200.0000.740
73 participe_ctf 200.0000.739
74 KNA_CTF 170.0000.638
75 TeamIA 170.0000.637
76 kakaolat 150.0000.569
77 qwerty 120.0000.467
78 flag_bearers 120.0000.467
79 The DHARMA Initiative 120.0000.466
80 SexForFlags 120.0000.465
81 th3jackers 120.0000.464
82 cybears 120.0000.463
83 ShadyBoyz 120.0000.463
84 !SpamAndHex 120.0000.462
85 pakodis 120.0000.461
86 Glidermed 120.0000.461
87 Breakers 120.0000.460
88 ernacktob 120.0000.459
89 spadesquad 120.0000.459
90 Blue_Beard 120.0000.458
91 guilty 120.0000.457
92 noraneco 120.0000.457
93 Hawks 120.0000.456
94 taurus 120.0000.456
95 BTSec 120.0000.455
96 Bulletproof 120.0000.454
97 Snipers 120.0000.454
98 cr4wl3r 120.0000.453
99 SomeTeamName 120.0000.453
100 Samurai 100.0000.385
101 black_knights 100.0000.385
102 Karpuz 100.0000.384
103 Gilgamesh 100.0000.384
104 0x8F 100.0000.383
105 MMMmmm 100.0000.383
106 Lights Out 100.0000.383
107 YACT 100.0000.382
108 ByteBandits 100.0000.382
109 ayurveda 100.0000.381
110 MLTeam 100.0000.381
111 loco 100.0000.380
112 Sud0 100.0000.380
113 rudolfos 100.0000.380
114 DjigIT 100.0000.379
115 Rdot.org 100.0000.379
116 BSUIR 100.0000.378
117 Sudo_root 100.0000.378
118 iamateam 100.0000.378
119 Matrix 100.0000.377
120 fhlasek 100.0000.377
121 test 100.0000.377
122 NULLify 100.0000.376
123 hy00un 100.0000.376
124 MeSelf 70.0000.275
125 magemage114514 70.0000.275
126 dodododo 50.0000.207
127 investigators 20.0000.106
128 bicycle_overdrive 20.0000.106
129 ssi7415 20.0000.106
130 UOSec 20.0000.106
131 WCSC 20.0000.105
132 DreamFellas 20.0000.105
133 UCCU 20.0000.105
134 tiwuileong 20.0000.104
135 loc123abc 20.0000.104
136 gl0balHack 20.0000.104
137 teamteam 20.0000.104
138 ISITDTU 20.0000.103
139 marvel 20.0000.103
140 mau5 20.0000.103
141 MrTacosShow 20.0000.103
142 Meta 20.0000.102
143 uSeemSurprised 20.0000.102
144 Droid_Hunter 20.0000.102
145 vic412 20.0000.102
146 rvns03_team 20.0000.101
147 Team_Socket 20.0000.051
hharchaniJan. 23, 2016, 12:25 p.m.

This is a 12 hour event, starting from 23 Jan. 2016, 1830 hours UTC — 24 Jan. 2016, 0630 hours UTC.
The timing here is wrong.


hharchaniJan. 24, 2016, 6:37 a.m.

The contest has ended.


factorealJan. 24, 2016, 9:27 a.m.

Bad designed tasks! and poor quality challenges.


zkuJan. 24, 2016, 9:36 a.m.

Very poorly designed steganography-only tasks.


unnamedJan. 24, 2016, 1:19 p.m.

tasks tagged with reverse engineering have nothing to do with software reverse engineering


msmJan. 24, 2016, 3:09 p.m.

I liked 'knock knock' task, but most challenges could be described as Yet Another "Guess-Me" Stegano


grizzlyJan. 24, 2016, 9:12 p.m.

This year organisation level was pretty similar to the 2015 one. There were some really annoying and guessing challenges (the same as year ago), but we noticed also some valuable tasks, which provide a lot of fun while solving them.
I think, that BreakIn 2016 deserves the same number of rating-points as its last year edition: 5, or maybe 10 - yeah, 10 is the max., which I'd give. Anyway, 0 points it's definitely unfair to Orgs, who put a lot of effort in preparing this CTF.


MikoUffinsJan. 24, 2016, 9:40 p.m.

As a part of the organizing force, I would like to thank all the participants who came for Break In '16. This is the third ever Break In. We are still improving. We would do more to improve upon the question quality for Break In '17, and hope to impress you with better quality questions the next time.

Once again, thank you for coming, and we are sorry if we could not meet your expectations.

@msm, I am the author of "Knock Knock". I am glad you liked it. :)
@Ahmed Abd El-Mawgood, The questions were tagged #reverse. We had no binary reverse engineering questions in Break In '16. The distinction was very vague, I agree. Break In '17 will try to be better.


ZzzJan. 24, 2016, 9:49 p.m.

Hi,
We were able to solve all the tasks during CTF, so I guess our opinion will be pretty objective. Yes, there was guessing involved, however not all tasks were designed in guess-what-to-do style. Some security-related skills (not only stegano) were required. What was perfect (and what other, smaller CTFs are missing quite often) was support - available all the time (it was 12h CTF, but still). Tasks were also up and running all the time, or (like "Bots are awesome") were rebooted pretty quickly in case of fuckup. The only weak point I see, was the scoreboard, that they managed to fully fix somewhere close to the end.
I enjoyed few challenges, like "Bots...", "Ethernet...", or mentioned by @msm "Knock, knock". Last year, there were some smaller CTFs with similar guess-fun ratio and usually they got 5 rating points, so I would do the same here.


solarwindJan. 24, 2016, 9:54 p.m.

Tasks and organization is very different from what it was previous years. Previously 'reversing' was actually about RE of ELF binaries, and guessing amount was controllable. But now all tasks were about guessing, no RE/pwn/web, just stego and recon. Something wrong happened after BreakIn 2015. They did not send prize to the winning team in 2015, and task level become worse. Rating weight 0 is more than enough for it, Saturday night wasted without any gain.


ZzzJan. 24, 2016, 11:15 p.m.

Can't relate to prizes from 2015, but: as I mentioned, we went over all the tasks and by "went over", I mean solved them. Yes, there was guessing and luck needed, but for me there was some sort of forensic, networking, IRC/misc, one web was also released during the game (the one with <style></style>). Not all CTFs cover all main categories. For example I can understand why organizers avoid pwn, or more complicated web tasks, as they're expensive (in terms of infrastructure) and more prone to fuckups. For this kind of tasks you have bigger CTFs with more seasoned organizers and >20 points. If you say 0, then you discourage new people from creating CTFs, that's why I say 5 (which afaik is the minimum here).


PharisaeusJan. 25, 2016, 12:39 a.m.

This CTF featured almost only the most hated categories of tasks -> Stegano, Recon and Guessing, but I think we should not judge it by the categories featured but rather by the "content".

While there were some really bad tasks (like the one with flag being some gibberish string, which we actually tried to "decode" for quite a while, since it looked nothing like a reasonable flag) there were also a couple of "normal" tasks which could appear on any CTF:
- knock knock was definitely a real net-sec type of task
- the stegano with reversed, flipped and sped-up audio was quite standard, so was the stegano with message hidden in low bits of colours
- esoteric languages with Piet and Malbolge was a doable Recon, so was the one with IRC-Bot


solarwindJan. 25, 2016, 4:02 a.m.

Oh come on, post/look writeups of these "content-full" and "real net-sec" tasks. The level of this CTF is much lower than US high-school CTFs like PicoCTF/sCTF/TJCTF/HSCTF/EasyCTF, which don't even have entries on ctftime not saying rating weight. This time BreakIn is complete bullsh*t, 0 is a right rating weight for it.


amonJan. 25, 2016, 6:09 a.m.

I only played for 10 minutes because my team didn't notice the corrections to the time in the comments to the CTF.

Anyway, I tried find_the_idiot and got the cracked password (dragon1) from the /etc/shadow within minutes but it was not apparent that that was a flag. I mean they dropped an entire linux filesystem structure so it would make sense if the user owned a file or something and it reused the password to encrypt some other file or something. That would definitely seem in line with a decent forensics challenge. But nope. dragon1 was the flag. Seriously?

Judging from the comments it seems like the other challenges were more or less in the same calibre.

PPP's guidelines to running a CTF should be mandatory reading for any CTF organiser (https://github.com/pwning/docs/blob/master/suggestions-for-running-a-ctf.markdown). I'd advise the organisers to make their challenge writers read it and familiarise themselves with high quality CTFs before jumping headfirst into their own.


m985Jan. 25, 2016, 11:17 p.m.

It would be nice to see a scoreboard from the organizers and ranking changed to 5 points for taking effort to play it and organize it. Otherwise it looks that it would be discouraging for the organizers and the participating teams.

Personally I found it quite niche and perfect for puzzle lovers, but that's also why I wouldn't rank it higher than 5.


strJan. 26, 2016, 7:05 a.m.

What a shitstorm it is, yay! Lemme put a few cents in.

Being listed on the ctftime.org is kind of a 'prize' for CTFs' Organizers.
They put some effort in creating a contest and sacrificed their time while running a CTF. They put some valuable (or less valuable - but still measuarable worthy) input into CTF scene. Rating-weight, which is assigned to their event allows to estimate how good/bad CTF was.
From the organization perspective - the CTF was really well prepared. I wish other events looked like that one. Admins were available on their IRC all the time. Moreover, even other ways of contact were easily accesible (e-mails' responses were extremely fast). There were no blackouts, all the challenges were up the whole time.
The second thing - challenges complexity. Yeah - I agree, there was some guessing required. But these were just a few challenges. There were also some easy challenges indeed. But guys, it's not Defcon, to have all sophisticated challenges. If it was, it would be given 90 rating points. This was less sophisticated, but still entertaining CTF, which deserves 5-10 rating points. Definitely not 0.

Mykola - please, stop acting like a child, who didn't win this time and keep yelling, that this CTF should have 0 rating-weight. Your team (dcua), solved just 2-3 challenges, how the hell can you even speak about challenges level, if you hadn't solved even 1/4 of them.

Speaking of "US high-school" CTFs, nah - they ain't listed here 'cos they are usually for individual players/got restrictions (like you must be in highschool, to take part in). That's the reason - not their difficulty/compexity of challenges' level.

Btw, you found some writeups for their challenges - nice!. 'cos it means, that people enjoyed their CTF. What would be a point of making CTF writeups for not-entertaining challenges?

The same Amon - you "only played for 10 minutes" and keep talking how bad this CTF was?

Michał and I solved all the challenges. Pharisaeus and msm solved almost all the challenges. Looks like we both have better insights in compexity level, then most shit-storming users here, who hadn't solved even 25% of all challenges.

To sum it up - if ctftime.org really wants to have some non-negligible contribution, to the CTF scene - they should definitely encourage new teams to create more and more CTFs. And by encouraging, I mean, estimate CTFs to more than 0 points. Giving 0 points to this CTF, would be just insulting - especially, that there were some really good challenges + organization level was pretty close to being perfect.


solarwindJan. 26, 2016, 8:24 a.m.

str str, I understand your desire to get max rating weight to ctf your team won, and I personally would like to give you 90.0 rating weight and CTFtime world TOP-10 place if I could.

But lets return to the facts -- this ctf is bullshit. Almost all solutions are available in writeups or were discussed in IRC channel. Some of them are available here https://ctftime.org/event/288/tasks/ . If you know any other tasks that have better level than mentioned, please share.
US high-school ctfs above allow participation of all teams, not only high-schools. There are separate scoreboards, for HS and non-HS teams. Team limits are not the reason -- see CSAW Finals and iCTF also have them (first is for USA and Canada, second for univ. only), but they have entries and rating weight here.

I think anyone -- both teams and orgs -- should earn rating weight, not to beg for it. Example of 5.0 points CTFs -- https://ctftime.org/event/176, https://ctftime.org/event/200 . This one is too far from them, and not deserve rating weight.


amonJan. 26, 2016, 2:37 p.m.

str str, I did look at the write ups. Hence my recommendation for the authors to read the PPP guidelines.


MikoUffinsFeb. 12, 2016, 12:29 p.m.

@Amon Narwhal, @Mykola Ilin,

I speak on behalf of the organizing team. I do in fact believe that we have sufficient, and sufficiently qualified questions to earn this contest 5.0 points. We are still a growing team, and we had no support nor relation from the team which conducted break in last year (as evidenced by the change in the team from "BreakIn" to "learners"). This was in effect our first CTF event. We are still in the process of improving and the feedback here will be used to make the contest next year better.

I would appeal to you to consider score of 5.0.

@Amon Narwhal, the writeups for the the questions were not complete at the time. Please review based on the completed writups which are provided now. A few questions, in particular "Knock Knock" and "Ethernet Patched Transmission", I believe, are fairly decent questions. We would also read the PPP guidelines before BreakIn '17.


solarwindFeb. 29, 2016, 9:45 p.m.

LOL, really?


Sign in to comment.