Mon, 02 May 2016, 12:20 UTC — Tue, 03 May 2016, 01:00 UTC 

On-site

Seoul, Republic of Korea

Codegate CTF Finals event.

Format: Jeopardy Jeopardy

Official URL: http://ctf.codegate.org/

Future weight: 0.00 

Rating weight: 0.00 

Event organizers 


Scoreboard

9 teams total

PlaceTeamCTF pointsRating points
1 Plaid Parliament of Pwning 3570.0000.000
2 Odaysober 2658.0000.000
3 217 2632.0000.000
4 HackingForSoju 2423.0000.000
5 CLGT 2293.0000.000
6 teambob 2131.0000.000
7 tomcr00se 1925.0000.000
8 0ops 1383.0000.000
9 KaSec 785.0000.000
ZetaTwo – May 4, 2016, 6:22 a.m.

How come the rating was changed from 30 to 0?


kyprizel – May 4, 2016, 10:57 a.m.

@ZetaTwo, there was a rule-change and winners team disqualification by some unclarified reason, so I zeroed the weight for now.


gynvael – May 4, 2016, 1:37 p.m.

I must say that I'm curiously following the developments around the disqualification.

@kyprizel
Do you have any details on why your team (I believe you're listed on LC↯BC roster, right?) was disqualified and which rules did change?
One side of the story can be found in Korean press (http://dailysecu.com/news_view.php?article_id=13928 - i.e. players above the 4-player limit), but I'm interested to hear the second side as well. Is LC↯BC going to release an official statement about this?


kyprizel – May 4, 2016, 3:41 p.m.

@gynvael, I have not participated in the event so can't comment it, but yes - we discuss it with a team and going to make a statement. My personal opinion here is - you can't choose a winner you like and disqualify a team post-factum w/o proper warning or notice even if you run a CTF with a big trophy. But we need to hear both sides.

UPD: as a CTFtime maintainer I accept any decision of organizers.


gynvael – May 7, 2016, 6:57 a.m.

For the record - LC↯BC official statement:
http://mslc.ctf.su/wp/codegategate/


gynvael – May 7, 2016, 6:59 a.m.

So it seems there were two sets of rules? One on the CTF page, and one on CODEGATE's page (http://www.codegate.org/content/page/index.php?id=578).
The first one did not mention anything about remote players (i.e. it neither did allow them, nor forbid them), while the general one did explicitly disallow above 4 players in the finals:

"""
5. In general competition, there is no limit number of players in qualification. However, more than 4 are not allowed in the finals.
"""


kyprizel – May 7, 2016, 7:42 a.m.

@gynvael, LC/BC statement is pretty clear for me but I'm not choosing sides here, it's CTF organizers to decide how they treat rules - I still have not received final scoreboard from them.


gynvael – May 7, 2016, 7:50 a.m.

@kyprizel
LC/BC don't mention the general ruleset at all in the statement - I've added a comment to ask about it. I've also asked the orgs of the CTF for an official statement. Let's wait and see if anyone replies.


ZetaTwo – May 8, 2016, 8:13 p.m.

Well, I think the rules are, as @gynvael says, very clear. Only 4 players are allowed.

However, no matter whether you think LC/BC cheated or not, I think it's wrong to change the weight to 0.
If you think that the organizers have done something wrong, let that affect next year's competition instead.


kyprizel – May 8, 2016, 8:33 p.m.

@ZetaTwo, there will be weight voting as soon as I receive final scoreboard from organizers.


cctt – May 9, 2016, 3:53 a.m.

@ZetaTwo
I don't think so, it's clearly that the weight is used to evaluate the *current* event, not the next event.


ZetaTwo – May 9, 2016, 6:53 a.m.

@kyprizel Good. Thank you!


Dor1s – May 9, 2016, 8:48 a.m.

@ZetaTwo, yeah, rules mentioned by @gynvael say that 4 players are allowed. These rules (https://ctf.0ops.net/rules) say 6 players per team. These ones (https://quals.nuitduhack.com/) say about 5 players per team. It seems that I should share the knowledge about what all those rules have in common: they are not related to 'Codegate CTF Finals 2016' event. w00t!

The fact that organizers confirmed that the rules do not restrict number of players and have nothing about remote assistance, proves that point.

To be honest, I even surprised how you managed to get those rules, since:
https://ctftime.org/event/317 -> Official URL: http://ctf.codegate.org/ -> http://www.hackerschool.org/main.html - have no idea what it is
https://ctftime.org/event/299 -> Official URL: http://codegate.bpsec.co.kr/ -> http://codegate.bpsec.co.kr/rule - looks unreachable to me atm

Fortunately, Google has its cached version: https://webcache.googleusercontent.com/search?q=cache:5wStGdQhHQcJ:codegate.bpsec.co.kr/rule+&cd=1&hl=en&ct=clnk&gl=de

So, to make it clear for everyone, here are actual rules: http://codegate.bpsec.co.kr/rule.


gynvael – May 9, 2016, 12:50 p.m.

@Dor1s
"The fact that organizers confirmed that the rules do not restrict number of players and have nothing about remote assistance, proves that point."
Could you reveal the source of this claim? I was under the impression that LC/BC did not ask the organizers about the rule (at least that is what I derived from vos' answer to my follow-up questions on http://mslc.ctf.su/wp/codegategate/).

To sum up, given what has been written so far, the case looks like this:
1. The rules on Codegate did not address the number of players, but it was clear that 4 people are to attend the finals.
2. LC/BC did not ask the organizers to clarify the missing rule, but made a bet (consciously or not) that the rule is 'external players are allowed', in fact operating on an unknown (therefore: bet).
3. LC/BC lost the bet, since the organizers felt the default for this rule is 'disallowed'.
4. LC/BC is trying their best to lawyer themselves out of this (which is understandable, given human nature and everything), but in all honesty (an opposition to vos' opinion) , I don't think a case can be made for "by default external players are allowed".
I think there is a lesson in this: when in doubt about the rules, don't bet, ask.

Given the above, I'm happy to see that CTFTime administrator decided to respect the decision of CODEGATE organizers and not influence the ranking due to the disqualification.

Now, there are two more things bothering me:
1. CODEGATE's organizers not offering an official statement and being generally unresponsive to queries (especially in such an important case of a top team being disqualified).
2. And, as I understand, not all teams were asked "did anyone play externally for your team during this CTF", which is a thing worth doing if such an event happens.


JamesIsNoob – May 13, 2016, 6:26 a.m.

It's clear that using remote players in a on-site event is cheating. They said clearly that only 4 could attend finals. There's no misinterpreting it.
Anyways, I don't believe what LC/BC says in their blog post. Would their teammate really fall asleep so quickly in the one minute between submitting the flag and being questioned that he wasn't able to respond? Isn't it more likely that they cheated to steal the flag and didn't have an exploit to show the organizers?