README.md 2.9 KB
Newer Older
1
CTF Infrastructure
GovanifY's avatar
GovanifY committed
2
==========
3
4
5
6
7
8
9
10
11
12

This project is a full blown CTF infrastructure, aiming to integrate with CTFd
as a frontend. It includes:

* A server side infrastructure built in NixOS
* A suite of challenges that are unique, tested and whose solution is auto-generated
* An anti cheat system to prevent flag sharing between teams 

# Anti Cheat

GovanifY's avatar
GovanifY committed
13
This is a deterministic anti-cheat/unique binaries generator specially tailored
14
to CTFs. It creates a regex per challenge to load into CTFd. 
GovanifY's avatar
GovanifY committed
15
16
The flag itself is a sha2 of the challenge name plus a secret on top of 4 bytes
at a different position for each challenge identifying uniquely the team in a
17
18
19
20
sneaky fashion. 

# Challenge generation

GovanifY's avatar
GovanifY committed
21
22
23
24
25
26
27
28
The setup also includes ways to add junk code to binaries and have more
convoluted setup done to them through a python script.  
All the flags and binaries are deterministic, so as long as you don't re-roll
your secrets you will get the same result each time.  
The cheat detection part detects those bytes to see who cheated with who,
probabilistically or definitely, or simply who cheated if the identifying bytes
cannot be found. The whole idea is to have hashes that looks the most alike
possible while still being fairly certain about the origin of said flag.
GovanifY's avatar
GovanifY committed
29

GovanifY's avatar
GovanifY committed
30
## Setup:
31
32
33
34

Put your challengess in  the folder called "chals". 
One folder per challenge, each folder must contain a setup.py setting up the challenge 
final folder and removing unecessary files.  
GovanifY's avatar
GovanifY committed
35
36
37
38
39
40
41
42
43
44
45
46
You will end up with a folder tree such as:
```
chals_out/
├── access_security
│   ├── regex.txt
│   ├── test_team
│   │   ├── access_security
│   │   └── flag.txt
│   └── test_team2
│       ├── access_security
│       └── flag.txt
```
47
48
49
50
51
52
53
54

You can then call the `gen_chals.py` script which will take a partial export of
a CTFd database to generate each of your challenge per team. You'll find the
result in the folder `chals_out`. You can then use those challenges with the
infrastructure directly, and the regex.txt generated in CTFd to validate the
flags.

You can thus automate deployment of the binaries onto your VMs however you like. 
GovanifY's avatar
GovanifY committed
55
This setup works well with binaries that won't be executed remotely too and whatnot.
GovanifY's avatar
GovanifY committed
56
57


GovanifY's avatar
GovanifY committed
58
## RE CTF Edition:
59
60
61
62
63

This CTF includes the challenges made for the class "Reverse Engineering and
Binary exploitation" I taught for the École Supérieure de Génie Informatique, or
ESGI. The challenges included are:

GovanifY's avatar
GovanifY committed
64
65
66
67
68
69
70
71
72
- reverse_rop
- simple_rop
- simple_rop_2
- web_server
- snake_oil 
- snake_oil_2
- access_security
- web_server_2
- modern_rop
73
74
75
76
77
78
79
80
81

## Credits

This CTF infrastructure was made as a part of a class that I taught,
I being Gauvain Roussel-Tarbouriech, also commonly known as "GovanifY".
I made all the challenges, build system and anti cheat.

Ryan Lahfa made the original infrastructure work in a night(!) along with me,
which I later improved before deploying it. Huge thanks goes to him!