 We are here again the last round of the day Apologies for the 10 minute delay on this one We've we're trying to hunt down a bad cable once somewhere in our infrastructure is a bad cable And it's causing one of our streams to have issues So we might have some intermittent connectivity for one of our players Apologies for that. We're gonna go ahead and get a kick off right away We want to get these team members back to their teams as soon as we can so let's go ahead and get a countdown of five four three two One go And now they're off Okay, so We've already got the first one downloaded so again in this particular when you actually can you grab me my notebook over there with our teams or whatnot This one we've got the new organizers and I believe we've got Team Taiwan was the name that they they requested because it's again another one of these these mega teams that has a Elimination of many different different teams so we've got Team Balson team 217 team TSJ Dot TW and so there's another team that has TW in the name that's Tokyo westerns right a Japanese team But this is the Taiwanese team because it's dot TW right so let's go ahead and mix up Yeah, let's go ahead and take a look at Team I think team Balson should be the one that I've got over here on my monitor and They are already off and they're in Ida looking at our challenge now again You'll notice all of our challenges are named challenge. Just the way that our doctor deployment kind of works The official name of this challenge is called nerd sniped right And it's what are things you can get nerd sniped by a lot of things, but yeah We'll see how I get snipe by like a Rubik's Cube. Yeah a good a good puzzle. Maybe yeah a good puzzle You can see maybe something like that that'll do it so yeah, so we got you 1080p back and going hopefully we'll figure out our our issue with our HDMI cable and we'll have Much better consistent capture across both team members tomorrow Something about this cable is like it's heating up or something is the first we had several hours of testing last night with no problem And something something's going on now. So we'll we'll we'll get that around and sure enough I literally just saw a rename solve puzzle. So we've renamed this function solve the puzzle So what they're looking for they know it's a puzzle of some sort I'm curious if we get someone just kind of running it and interacting the binary or if we're gonna more static analysis But actually yeah, this should be should be much higher quality with with the full 1080 Unfortunately, we don't have even the local recordings. We're also not 1080. They were only in 720 as well So I apologize those first couple matches We're not gonna have We're not gonna have the the The higher quality video for those either but all 12 other matches from here on out are gonna be in high def Because we have a lot of these to go so you'll see your favorite players that wanted the first couple rounds They're gonna come back. We're gonna we're gonna see them again So, oh, no, that was cool. What was I didn't I didn't notice that website. Have you seen that one before? No, I'm curious what that was so now they're on the Ubuntu repo They're getting a particular glibc version which makes sense That's often common now I think for most of these we like included a libc if we thought it was necessary. Yes So it's kind of a hint to the teams like if we were we're trying to like give out everything that we could Make it as self-contained as possible. And so we'll see We'll see if that one ends up ends up being useful But we've got our binary challenge. This one is starting to to be a little bit more difficult though I would I would say our challenge difficulties cranking up. Yes a tiny bit And we're gonna see that kind of trend throughout the whole the whole rest of the weekend Right, I'm sure last to me zero on some that somebody finds an amazing solution to Solves it quickly. Yeah, but on the topic of like difficulty like That's I mean we have an idea of like what's more difficult than what's easier and so on but Of course, like we can be wrong like people can have like different, you know specializations and their skill sets and and so on so something that we might think is in both directions Yes, so Something that we might think is easy might be actually kind of tricky and then the other way around So it's gonna be interesting to see what's what's going on There's still some reversing like the initial reverse engineering going on of the program for example This kind of step was not really needed in the previous challenge where we just gave it on the full source code with like names and everything and and it is a Yeah, as an organizer you have a lot of levers to pull you have a lot It's ironic because we have the organizers here up play on though. Unfortunately. They're on our non-capture screen. Unfortunately I just had to make sure that we had them lined up right. I freaked out for a second that realized and yes They are there are the right haves But the team organizers were not seeing them But as a challenge organizer as somebody making challenges you can strip a binder You cannot strip a binder you can include debug symbols you cannot have any you know So all these yeah different levels of optimizations Yeah, like because a lot of my station also kind of accesses like like obfuscation mild obfuscation. Yeah, yeah So we have all seen these like, you know Optimized mem copies and everything but you have all this like magic stuff going on So yeah, you get vector operations in your in your mem copies. It's so yeah And that's and that's where to some degree you can make An easy challenge hard with just tedious things Yeah, so it is interesting that you see a lot of sort of like I would say cheap challenge design where it's like Yeah, we just made it harder by doing X right. I didn't make it more interesting It just made it like yeah, just slightly more annoying to do the thing that you want So it's sometimes a really good easy challenge is actually like you're just really focusing on that one core thing that you want You want to do yeah, which makes a lot of fun for for what we're doing here. So right So still at that some reversion and trying to name different things We've seen like they name the functions like so fossil and you see some variables getting named like the input It's all trying to like get get an understanding of What is this program doing? and they're kind of like two parts to it like first of all like what's the Intended functionality of the program and then from there you can start to understand In what way is it acting not as intent like where's the or or and this gets we're where the The author intended to bug right but in the normal case where it's unintended vulnerabilities Yeah, or in this case, what's the surface level intended? What's it? What's it claimed to be able to do? Yes, and then what is it? What does it actually do that maybe they may be different right? So let's see what we're doing. So and this is nice too because we're actually getting this is the first time We've seen a little reverse engineering workflow Yes a lot of the other ones have been like basically a quick glance at the code or disassembly has kind of like Revealed what's going on. Yeah here. They actually need to kind of understand what is going on Okay, so we're still sort of starting our framework for our exploit here, but I don't I think it's just Getting the menus and interacting with it, right? And so we're looking okay. So there's a current puzzle state all right, so Puzzle that puzzle looked interesting that was like maybe like a nine by nine grid. Yes numbers Yeah, it could be maybe like a Sudoku. I think that's a great guess Yeah, of course, you know, we're a little a little spoiled here a little tainted knowledge But this is indeed a Sudoku in fact when we when somebody was like Kind of play testing about it in this challenge We sort of were like wait a minute. You just you just saw the Sudoku and that's it and the author was like no no no no That's not actually not actually possible. So it is a little bit trickier than that. So we'll see as our teams discover It's not just a straight put it into Sudoku solver get a correct answer and win It is going to be a little bit more tricky and this is one I am almost positive We're gonna need a hint on right so I'm I'm gonna propose at like 15 minutes in if we don't see Like progress progress and see in fact actually let's why don't you go ahead and take a look at the organizers? Maybe I will do that and if we if we're looking for them to to kind of have a hint as to what they're doing Like indicate that they know what they're doing Yeah, yeah Oh, does it come on occasion? Okay, so it's apparently flickering in and out occasionally. We're getting getting our video We swapped out the capture card that worked for a while until it didn't And then we swapped out the usb-c cable and that worked for a while until it didn't And so now we're convinced that it's just the hdmi cable itself That is there's close in trouble and I think this has been true even if we were direct wired into the laptop So it's not the capture on the other side Yes, because we also did swap out the the usb-c adapter once too So we swapped every component except the the hdmi cable Partly because they're like taped to the floor and they're a 30-foot long cable So we got to go and get some oh, there we go. I saw I I did see a solver pop up briefly I saw a sudoku solver. I was just gonna say also the player from the organizers Copy pasted the current state of the puzzle into and they googled for a sudoku solver So we'll see to what extent that will help them Um, it's I mean again, I'm not completely familiar with the intended solution here, but I would assume that it still involves Like yeah solving the sudoku, but not only doing that. It is trickier than that. Yeah. Yeah, that's right. So Um, I have a little bit more info. Um, yeah, we're still seeing that that kind of solver flash in and out occasionally um on the on the display so, uh It it there's going to be some memory corruption here. Yeah, there is indeed. This is not just now, although I will say It is actually a perfectly valid category of challenge in a lot of cts, right where you would actually do have A more programming challenge or puzzle that happens and I think Honestly, even in moderation. I think those can be fun and enjoyable. Yes mixed in amongst your traditional like happy competition Yeah, typically they are branded as uh, ppc is the category in normal, uh cts Which I think is like professional programming challenge or something like this Uh, people familiar with like, you know, icpc style Algorithms competitions or so might find although usually they're kind of like framed, uh, slightly differently Yeah, but it's kind of like the same, uh, general idea there. Yeah, and there's there's no security flaw There's really just rather solving some hard mathematical problem with the right algorithm or with the right approach Yeah, uh to to kind of get it working right, but that's not the case here Like there's there's an aspect of that but that's not enough. We are doing this is this is truly a point of all There is memory corruption involved Uh, yeah, although I will say and I'm looking to see if somebody finds, um The the sort of like win function like when you have a correct solves cts correct solves sudoku um I think we're going to see like so this this function here, uh, they've named it check Returns right whether or not we've successfully calculated the value um, a valid, uh solve this, uh The result of that is going to determine basically what you call a win function So it is going to kind of do the win for you So you already sort of you know that you have to solve it Your just question is okay. What mechanic will actually get me to solve it and can I cheat it? Do I have to have a combination of a solver plus a cheat like what what what does that that ratio go to entail Because it's face value It kind of looks like you just solve the sudoku and you win Yeah, but you know like you def con finals even even being a sort of easy live ctf I would I would think people would be like now wait a minute like there's there's something here and I think if you can also Uh, there's not a lot of uh Values here and so I don't know like I think the idea is that this these are just not Solvable because there's not enough information and there like some sudoku balls are very minimal But they're designed to be solved right made to be solved without I think I remember that like if you have 13 digits You're guaranteed to have oh is that so here we go. So one two Okay, so this one definitely has more than that, but there's going to be some other issues with it still I'm not sure if my trivia is is is correct But I vaguely remember like if you have 13 digits you have a unique solution You can have a unique solution with fewer digits, but it's not guaranteed I don't know that that's true because I can just give you all of the ones for example And all of us nine And all and all the twos and that doesn't give you enough information to know where all the numbers other numbers are Maybe maybe it's no because like you know, so it's high. It's maybe it's 21 or something then I There is a number. I would believe it. I'm just you know, where's where's our cracking the cryptic? Oh, yeah, and go to the youtube stream Yeah, great, uh, great channel. So so here we go. We're seeing, uh, sudoku solver python So we're we're seeing people invest to get that. All right. We are now 15 minutes in I think we should be preparing our hint because I actually think this one is a little too subtle And we're going to have to point them In the right direction. Yes, uh without actually giving them the things. So yeah, we should notice notice now that even though The time is like 24 right five. We started 10 minutes late because of technical difficulties So they are only 15 minutes into the challenge. Correct, correct So we have we have more more time than the clock looks like compared to the other ones where we started much closer to to on time so We're trying a solver again. So so trying a solver on here, which is Not going to be sufficient. So I think we need to figure out if there is an official hint from the challenge author So we've got a glen over in in the production booth As it were which is otherwise known as the other side of the table that we're sitting on here Yeah, um It's going to it's going to reach out and see if we have an official We have like three times the number of computers compared to the number of crew members for this Set up we have a lot of displays and I mean an order of magnitude more cables I think than uh Yeah, but it's uh And once we once we find out what is breaking our our secondary capture Uh, and so actually speaking of which I'm going to go ahead and go take a look at the organizers I want to see what they're making progress. Right. Well, we figure out What we're doing with that With that hint if we're going to give it. Um, and if the chat if you guys have any questions about where we're going Let us know. Yep. Uh, and I'll be back in update. Great. Um, so While jordan does that uh, we can try to See is uh, that uh, we okay, so I've just been informed that Uh, the puzzle that the uh, that you are given Is impossible to solve. That's the kind of the trick here. So at face value Everything looks fine. You just need to solve the sudoku, but actually there is no solution. This is a an invalid state for the sudoku, uh, so Once they and this is something that can really throw you off right because if you Take this and like you put it into a solver or something and the solver says like now There's no solution. You might be starting to think like maybe the solver has a bug or like some maybe my in the format of My input is is wrong or something like this. Um It and only later you might question the like the impossibility of the puzzle Um, so this is where they have to then cheat to solve the impossible sudoku. Um To then get this win function um We can see here on on on the balsam screen that uh, they are Looking still at the kind of uh Decompilation here. Um, thinking hard about this Uh Trying to figure out like what what is going on here? Like why is this not working? Um They have this it's it's just check function, right? Uh, so they're trying to think about like what in what way does this function not behave? Uh, correctly. Maybe uh, maybe they have realized that like you're given an impossible puzzle So let's see they're gonna try to Seems like they're writing like a small like formatting Function they're looping through like the x and y axis and and uh printing something So yeah Still unsure exactly where they're going with that but like seeing in here now they run it So so so a quick update is Both teams are taking the sort of wrong approach now and they're still looking for solves So the hint they're both going to get is you can't win. You need to cheat right uh, which is uh Almost feel like there's some kind of deeper philosophical Thing. I mean it's it's a true life statement. Yeah. Yeah Yeah, that's uh um Yeah, I had a lot of thoughts about that, but let's not go too too off too deep. Yeah. Um, I you know So here's the other question. Do we want to give them a little bit more of a hint? Um, do we want to tell them exactly kind of how like the more of a hint as to what they want to I think we have time, right? No, no, we have time. Uh, let's do that and uh Yeah, in fact, well, that's too late now I mean, I was thinking in the in terms of like since this is the last match of the day We could have afforded like, you know extending the um Standard game time, but I don't know. It's if it's fair to do that once Well, we do it to the same two players either way It's it's only fair relative to each other Because every match is different different challenges different conditions and so to some degree, right, right? So you could argue that it's fair, but let's say you can't win. You need to cheat You need memory corruption. Yes It's uh, it's dangerous to go alone like take this. Yeah, take this. It's dangerous to go alone. Take this memory corruption. I love it All right Here goes the first hint. Yes We'll see if this gets them on the right track again or if we need to uh In the meantime, I'm trying to decipher what this uh script is doing They have a solve function there, which then will not really help them since you can't solve this It's uh Yeah, it's it's still like, you know a little bit unclear where the players are in this Unfortunately, we can't read the minds of the players that would be uh, immensely helpful when doing this type of commentary We can just try to guess based on what we're seeing on the screen So and yeah, again, like if you have any questions or comments from from All of you were watching this I got some smiles. I wish you all could have seen it, but there was like, oh, yeah Of course. Okay. Okay. So they both they were both, you know going down the solver approach So I think we're gonna see a lot more item now, right? We're gonna see them actually digging into the binary Right, uh and follow it that way So that's that's all that's nice to to hear that like the the hint was uh Appropriately leveled then that it was uh useful to the players. Yeah, I think they both they both were at a spot Where it's gonna help both of them We'll see if either one starts to starts to uh, take advantage of that or not. Okay. Yeah So we're looking at check-sec. We're looking at the binary properties seeing is you know And that's actually a great habit to be in too. I really think that a lot of people overlook that again We saw that last one with with a mallard with the ducks where Uh, like it not being randomized I think add a little bit extra slow down there. Right. Yes. Definitely. Uh, because you're gonna go straight into uh, you know Yeah, this is I I think I have this as a pretty good habit like always run file Always run check-sec. Yeah Yeah, it's kind of like when you're doing reversing reversing engineering challenges always run strings always been walk. Yeah, just like Just out of habit. Yeah, just like the things that you things that you do All right, so let's let's watch it. Okay. So now yeah, now we're seeing them actually where we want them now They're back to reversing nearing They're looking for vulnerabilities Uh, and and what they're gonna do Is they're gonna use the vulnerability to win they're gonna use the memory corruption Uh, to get to to to not Code execution directly, right, but to the winstay So what they're gonna do is they're gonna need to corrupt in such a way that they can create a solved board And they should have hopefully still remember this right because they know that the point was to win They saw that they saw the win they saw the winstay. They saw that's why they were trying to solve the puzzle So I think they know that yeah, the question is Uh, are they going to Uh Be able to figure out the memory corruption in time So that's the question that we're looking for and this is kind of interesting I think uh, this type of PON-able where like a lot of PON-ables you have kind of this like standard workflow where you try to Uh, gain control of certain aspects of memory. Yeah, you're trying it's always it's a pointer overwrite Or it's something that gets you a memory, right? So you get a pointer of right to a rough chain to like, you know, um But here you're just doing kind of like maybe what we call like a local memory corruption You're just like or or it's not quite a logic vulnerability in that it is memory corruption But it's not useful. It's not being used for control flow Hijacking you're using it specifically To just change the behavior of the state and change the behavior that yeah the functionality through it's it's normal legitimate means But by entering a memory state that it didn't intend for you to enter, right? So In a lot of these cases we have like the program wouldn't crash for example with the like if the exploit is like slightly Yeah, you just you just fail to get a great puzzle. It's just not solved, right? Yeah Uh, which is not to say that they couldn't crash with this vulnerability necessarily it depends on how it's actually constructed But there are there are certainly use cases or there are cases where you know an exploit Isn't actually exploitable in them in the You know direct code execution state. It is rather just by exercising some other Logical state of the program and I think uh in general like what everything we say here about like the you know Poneballs and like general ideas. There are a lot of like ifs and buts and stuff like to all of these and exceptions But you know we're trying to you know make some broad strokes here about different types of challenges I'm a little nervous. This one feels like that we the first one we might have to unleash a sudden death I'm hoping we don't right um, but I and and I like the challenge because I you know like we're talking about I think it has that that good twist that you're going to not get a A point or a right, but you're going to like you know influence the state of the binary So I'm hoping and we've got we've seen great work from all the teams so far. So we know we have high quality people Uh, we'll see how it's going This is also I said the one of the larger binaries we all get very small binaries very very self-contained Yep, this was a little bigger It's still I think small on the ctf scale of things which in ctf is smaller than Real-world binaries. Oh, yeah, but relative to the live ctf binaries. This is this is larger than some of them Yeah, luckily they don't have to like sift through a 300 megabyte binary. Yeah, what it doesn't love. Yeah Sorting out massive binaries. Yeah, I think I remember Opening the minecraft binary in ida at some point Uh, then I went to bed and uh, yeah Continue to do it still. Yeah. No, I think it was like just barely finished But it's like eight or nine hours to analyze that Yeah, big binary or even like obfuscated binaries can Can take a long time to analyze for sure. Yeah Oh, here we go. So let's look we're seeing an int 64 int So making sure the types are correct. That is like that's that's good. I think I think uh Analyzing the types is useful. Although what I will say is that just looking at decompiled code Is maybe not the best way to analyze any kind of type issues, right? No, I think it's like It's a good. It's a good start to give you the big picture. Uh, and uh But then at some point you might have to drill down On things and I think this is also kind of interesting again with like different types of Pornable challenges like uh, some portable challenges Like the bug is obvious and the exploitation is difficult. Absolutely And then you have these more like reversing heavy polynomials where like you have to figure out like very complex data structure But once you have kind of sorted everything out the bug just like appears And then from there, it's typically not that hard or yes And I think our previous examples several of our previous challenges were more on the side of like It's obvious where the bug was but actually landing it was was sort of the trigger like we just let you run This calls, but which ones that's the tricky part like actually you're payloaded the execution Same thing with like knob coding like we just ran your bites sort of you had to like do that It's I think there's a sort of like shell coding heavy and the sort of like constrained environments are some of my favorite challenges Um, probably because I'm just bad at the like the more, uh, I don't want to say tedious but the more in-depth Right So I mean I'm more of a reverse engineer myself So like I like those things But then for example when you get to these like, you know complex heap exploitation things then I'm you know completely You know out of luck there Well, there's always just you know kind of familiarity and and experience with it One of the things I was going to mention um, and and I say this I don't do the Reversing heavy ones as an author of a reverse engineering tool Well, maybe that's why you built the tool, right? Well, that's also why I have co-workers who are much better than I am that's the other I highly recommend that approach um So the but one of the things that I was going to comment on is that I like one of the things that Ghidor I think really does well that a lot of um Both Ida and binja have actually changed as a result is their side-by-side view having the synchronized side-by-side Decompilation with this assembly. I think was a really important improvement and kind of like the standard workflow And so now you'll see Ida and binja both have much better Split pane synchronization those kind of workflows very much inspired. I mean, you know, I assume ill fact also was was inspired and was like Oh, yeah, that's it. You know, I like the way the Ghidor does that too But I certainly from from binja's perspective like we definitely did that as well. Yeah So either thing it's it's good seeing difference. Oh, here we go. We've got uh I don't know. Is that the same? That's just the same screen Um, but we are so they're looking at libc Uh Trying to download like the appropriate libc version, right? Yeah, they're using this web page where you can like put in offsets for different functions to like To match up with like fingerprint the libc version and then download it. So Most of the times I think you need like two offsets and then it will match to which version of libc is running so again When we're building these challenges If we don't think they need Libc, we are not providing it now. That's not true in all competitions though. So, you know, they may not yes Trust us yet. I think this is like It is a convention among I would say like experienced Uh organizers within this right because why make that An extra tedious step that it's just it just mechanical and you just go the way we all know about the website We all know how you would do that however If you come up with a solution that's different than the intended one You might have a solution which does require absolutely and then you might go this round anyway Yeah, yeah, so it's it's not necessarily bad. It is just it should be a hint that maybe you're not taking the intended route Right. Yeah, doesn't mean that you're wrong But you might be venturing into like unknown territory. All right So let's be thinking about our next tent because like I said, I'm a little concerned We might need to do a different one. Um, I don't know triple tap control and get the uh, Get the spoken dictation pop up I'm gonna go Oh, nope. No, it's just somebody else in the background excited about something. Yeah, I thought for a second We had a surprise win and we're off-screen. I'm gonna go ahead and check in with uh Or was it organizers is is Organizers Unfortunately not being captured So we're kind of in the dark there. Um, so I'm gonna see if I get a little bit more of insight Hopefully we're making good progress there and I can come back with a little bit of an update. Yep And then maybe then go ahead with some hint and based on current status. Uh, so Yeah, again, they're looking at like, um Figuring out like libc versions or downloading Like an Ubuntu image. I'm not entirely sure what's going on there. Uh, but yeah We'll we'll see if we can manage to kind of like see what in what direction they're going with with this um But yeah, I uh It's it would be very interesting to see like if they have end of figure out where Uh, where this check function is going on Uh, unfortunately, I don't have like the reference solution. So I'm not like super familiar with like exactly where it's where like Where it's doing something incorrect but um Yeah, it's uh Also gonna be interesting to hear than what what the organizers are Up to if they have good progress. So we're also kind of a little bit in the in the dark, uh on that, but um hopefully We I think we are going to give them a hint that I'd see uh, Jordan and Ben are discussing a little bit. But what's the exact hint that we want to give them here to to, you know, uh point them in the right direction It's Yeah, we can see here in the uh Uh lower lower corner here. We have from time to time. We have uh the organizers screen like flickering in and out unfortunately that's the tech situation right now and In the meantime, I can give you a little bit of an update on the combined scoreboard for the for the defcon ctf. Uh, we have Still like a fairly tight race. Uh, we have a span of About 18 000 points for the the leaders katsubin down to 14 000 points for the team in 16th place. So Definitely still like everyone is definitely still in the game Uh with top three being katsubin uh mmm and perfect roots and they are all within like You know less than uh Some percent or so of each other. So it's it's uh, or maybe like 10 percent of each other. So Yeah, definitely a good Good competition there So, um Jordan is coming back here. So what's the status? What's the organizers doing? We're gonna need some hints. They're they're both still looking I don't see any kind of progress. So we're gonna we're gonna drop a hint. Yes The hint that we're gonna do is a couple of hints that we considered one is have you considered fuzzing Because literally just sending in a bunch of a bunch of bytes will actually cause Overwrite your your uh, your your your game state. Yes, right? So that's the key thing that they need to figure out if they send in just a too big of a solution It will actually corrupt the the states and they'll get weird boards boards and then it's a matter of oh, okay How do I now create a board that would be solvable? Right? So one that we considered the other one was um Don't let yourself be boxed in To your solution. It's a sudoku puzzle. That's a little probably more obscure. So yeah, um, I think we're gonna go with just um How big how like how big is your solution again question mark or how many bytes is your solution question mark? Um as our as our next hint and I think we're gonna need to give them that because there's still some work to be done Right, um, and we want to to give them both a shot at getting it Otherwise, we're going to go to our sudden death. So that's the hint. We're going to go with You need that way to comment here from from kegif These seems interesting c-challenges. I think it would try them all, but I'm sure I would take a lot longer I would too. Yeah, so that's okay, but it is like a good idea I mean in general for ctf's to like Try out challenges after they've been solved. Normally for a lot of ctf's people publish write-ups So you can like try the challenges That you didn't manage to solve And then kind of use like a write-up or so as a reference and then guide your Attempt as well to to learn more I think the idea is that we are releasing all the challenges It might take a few days for us to recover from this weekend. We have 15 matches so Another 11 matches to go after this one But yeah, we will we will definitely publish them and then Yeah, you can even like, you know, organize your own like mini tournament in your own, you know ctft more You know hacker space I know that I heard from Before the competition that Shellfish actually did some practice for this tournament By doing like a small Mini competition of their own within the team, which I think it paid off At least the players have paid off as one of the winning teams. Yeah, we'll see how far they can go So we have the hints prepared Jordan is going to go and hand that off to the players We are what's the clock at so we are So 545 so we are 35 minutes into the game, which just means that we are running Up like against the sudden death clock here Let's see if they can manage to figure out this on the other hand This is also kind of a similar situation to the previous challenge where we were 35 minutes into the game and then It kind of just like clicked for one of the players and they managed to go all the way so It's going to be really exciting to see what's going on still a bit difficult to kind of like get a read on Balsam's progress or like their understanding of the Duke They're kind of like looking at the code probably thinking very hard about you can see like the mouse moving around Trying to build this mental model of what's what's going on You're like kind of like running the code in your head. You know, what if this has this value? Like how does that probably it's probably the least interesting part of a live ctf, right? That's the only downside when you have a more reverse engineering heavy challenge Is that you're just seeing people like maybe name stuff if you're lucky or I comment But most of the time it's just looking at it Right and what we you know, we you know, you're getting closer when you start seeing a crash into debugger and a payload being written Yeah, and we don't have it yet. I'm gonna go ahead and keep an eye on the organizers just briefly Yeah, and see if we get any of kind of that similar progress Right, so we have Oh, okay, we did have a comment somebody else pointed out. Thank you for clarifying Um, the reason that that somebody was looking for the libc was to actually run it because if you don't have the same vm Uh handy you can't run that uh libc So you can just grab the libc from another another version Of linux to be able to run the binary. So that is another a completely valid reason that you might do that Um, yes, probably just easier to maybe look at a previous stream or have we actually I don't think we've told people What platform that most of our challenge all of our challenges were created on that's actually a good note Yeah, so for future for future things we should because that's again Normal and a ctf happens all the time you have to figure out The os that was created for match version information and whatnot Not our intention to make that part of the challenge here And it's the thing it's like ubuntu 22 was recent Somewhat recently went in like lts release and a lot of people haven't Updated to that yet. Um, I um, you know, I will accept like shared responsibility on this because I you know update your computers people 24 20204 would probably be that ubuntu. It's most you know common or debian Yeah, certainly it's it's frequently, but all right. I'm gonna go take a look at the orders. I'll be back and we'll see how it's going Awesome. So, um, I was Talking about something When it comes to these challenges um Trying to get back on you know my train of thought there um with Oh, yes. So, you know with this like Looking at another player looking at code trying to figure things out A lot of times when I talk to people, um Who are you know, not experienced ctf players or don't know what ctfs are You often get the question is like, oh, is this that some kind of like esports thing or like, could you could? Did you make this into some kind of like, uh esports thing and to an extent this is kind of what we're trying to do here Uh, but of course it has it's shortcomings that like some aspects of ctf Is Kind of like watching someone else take a maths exam It's you know, occasionally not the most exciting. So we're Really trying to by adding this commentary and trying to understand what the players are doing We're trying to make this an interesting and educational experience for all of you Viewers there So I I hope you do Enjoy this and then you're gonna have some takeaways and definitely check out the challenges afterwards To also kind of get a feel for That's you know, it might some of these might seem simple but when you're sitting here and actually trying to do it you have to Consider and take into account all of these like small little details like If you just out off by one like a small bit somewhere like the whole thing doesn't work You need to do all this troubleshooting debugging and I think I mentioned it earlier, but like when you're writing exploits you are Essentially, it's like software development, but with your like hands tied behind your back You don't get like all the nice tools and helps and error messages that you get like during normal software development Processes where you know you have all of these modern Tools to help you but here you're kind of like you're trying to bend something in a way that was not like intended to be used you're messing with the state of memory and so on so It's you really have like everything stacked Against you and that is like a big part of the challenge when doing these Pwnables these memory corruption challenges With looking here at the code here. We can see that The balsam player is writing some small helper function here to send the number Maybe they're gonna try to you know use this to try to send the different amount different number of numbers And you know see if they get a kind of any kind of reaction out of that Haven't really seen yet what oh so now they're gonna send like a thousand zeros that's that's interesting So the comment here like yeah, it's unsolvable. Yeah, like the sudoku itself is Unsolvable and that's kind of like the twist of this whole thing that You know at face value just sold the sudoku and win, but then it's it's unsolvable. So Yeah, that's kind of like the recap for for people just recently tuning in and speaking of recap Just to tell you again a little bit about what we're doing here. So we're here in vegas On site at def con so organizing this live cdf as part of the Official def con cdf. So this is kind of a sub event where all the 16 participating teams Participate in this like single elimination knockout tournament where in each match the teams send one player to go Head-to-head against the other team to be the first one to solve a relatively simple CTF challenge I mean relatively is relative. Yes. Yes. That's I really want to stress relatively and I want to be clear I wouldn't personally solve half of the ones that we're fielding in the allotted time Uh, I we you know tried some of them in it, you know, I could get them But maybe take a little bit a little bit longer. So I have a lot of respect for these people. They're all very very good And they're dealing with the pressure being on camera. There's a crowd standing around them watching them It is uh, it can be It can be pretty nerve-racking. So, uh, I'm predicting Oh, that is Quite the visual effect there. Yeah, uh, you know, the photo sensitivity warnings here, uh, I think it's only an arm under I don't see it. I don't see it as well. Yes, we have some. Yeah, so not sure what that's about Feels like our whole infrastructure is slowly melting. Uh, so we know it's fine. It's wow. That is That is unusual. Yep Maybe we're getting hacked by the players like through the hdmi cables They're playing the other game the other the other ctf challenge Yeah, I mean We would be lying if we would say that we did not have a discussion about like What shenanigans could the team try to pull off and how we would yeah Yeah, measure against it or what we would do so doing that kind of like threat Threat analysis, uh, or a threat modeling, uh against. Yeah, three more minutes We have three more minutes until it's gone. It's been very fast 45 minutes It's looking unlikely. Um, uh, that either one I did see some some debugger action. Yes I'm gonna make one last pass if we see somebody very close so that they're making progress We might be able to give them just a little bit extra, but basically we're about ready to deploy Or if they actually want to extend it Um, that's not a bad idea We can both ask both if they both say they want to extend it We'll let them go because they're the last one Yeah, and if so the rules are if one of them says they don't like they want to go south and Then we go south and then if both of them want to extend it, then it's fine. Exactly, right? Uh, we'll see what they say but ask them like, you know Independent like, you know one on one like to not give any like pressure Yeah, I mean it would it would be cool to see a solution on this and I think we do since we have been keeping up with the schedule. We do have that kind of time But again the uh, yeah, it's it's difficult to to to say what the players want Like this is also kind of like in kind of game theory thing like do you want to go to southern deaf or not? Like it's a High risk environment, right when you're gonna do this super fast Do you think that you basically you also you don't know the progress of the other player? Like do you think you have better progress than the other player in this challenge right now? And If you don't Do you think you have a better chance of beating them in the southern deaf one versus catching up with them in the current challenge? It's uh Definitely not an easy uh decision to make by the players So, uh, what's uh, what's the verdict? What do you think? What would you if you're in their shoes? Oh, no, I would say extend it. Absolutely. Yes. Okay. Nice. We have a game here Yeah, so they I'm I'm happy with this because I don't want to change the rules in the way that they're unhappy with But they both want to solve it. Maybe nobody wants to give up on a challenge No, that you've been working hard that you started you have a little bit of an idea I'm glad I really want to see them see this through. Yes, we'll let them go. It's the last one of the day So we're not running over anything else um I'm actually kind of excited. No 100%. So, uh Story related to that. So I was playing in the qualifiers for the def con CTF with our Scandinavian team north code And I was basically sitting all weekend with one challenge So, I mean I took breaks and met some friends and stuff, but there was a lot of hours This was Paris challenge. This was Paris challenge. It was the crypto-ponible thing Uh, so after I don't know if I spent uh, I don't remember it was like 10 20 or 30 hours on this but regardless I uh, solved it like two minutes after the CTF ended. Yep. And that uh, yeah I mean on the one hand it's crushing and on the other hand though You still solved it. Yeah, you still solved it. And that's the thing like When when the time ran out like I could have just stopped because like We it doesn't matter anymore. Like we're not going to get any points But I I was so close. I did not want to stop there. Yeah. Yeah. So the only kind of like um saving grace for or or you want to call it for that was that in the end Solving that challenge or not would not have affected whether we qualified or not that that would have been crushing That's a little demoralizing. Yeah, when it would have been it would have been the difference Luckily, even if with those points, we wouldn't we would have been just below the qualifying limits So at least at least you had clarity there there either way. Yeah, I was comfortable with that. That was fine. And also that means that you know, I could uh Be part of this without having to like betray the team, right? So Yeah, all right, okay, so We are There's a question here about whether it was NCATS. No, this was the uh, it was a crypto-ponible challenge It was about like a function closure thing C++ we could go ask. Yeah, Paris. She's somewhere. So she was she just was in the room. She just left right But yeah, I've heard a number of people that that worked on that. It was a great challenge. Like I I enjoyed it a lot Uh, but it was tough. Okay, so We we don't have a hard time But now now it's basically we're just going to let it go until either we are convinced it's going to take way too long or You know, we'll we'll we'll see at this point, but they both Want to keep going I would love for one of them to get it. It not only means we get to save one of our sudden deaths Um, but I think it's just way more fulfilling for them and for the audience to see kind of like the The hard one the hard one's all so we're looking forward to it um It is interesting that we've got rock gadget address just kind of coming out. I it looks like it looks like a template I think that this existed because yeah, hopefully they have an idea that that is But we are seeing like someone is writing something very deliberate here, right? This is like a to print out the board somehow, but Let's see they are Trying to see I mean this this like double loop there is to print out some states, but that's a part above You see something where they're like cutting off. They're swapping all right Oh, is this just to Generative valid generate a a Solution that they I mean I would just search the internet for sol's sudoku board and copy and paste it But but if that is what they're doing that would that would be valid, right? So the idea is that you want to kind of like overflow and stuff to like basically insert To modify the state into something that's either solvable or already solved Uh, and uh, so they they need to have that. Okay, so we're seeing we're seeing interesting. We're seeing calculations. We're seeing, uh, length calculations Uh, unfortunately, I was hoping we get some more, uh Video from the new organization. Oh, it came in briefly. Yes There was some debugger output there, right? Yeah, yeah, we'll leave it up for a second and just kind of show them both and we might be able to see a little bit Yep. Yep. See there. It's coming on Man, that's tantalizing. That's so mean. Yeah, this this cable is has been yeah, we might have to Do some shopping. Oh, there is definitely a shopping run tonight. So we we should be able to have this solved Uh and out of the way and that way we got a long day eight hours tomorrow of hopefully uninterrupted stream Yeah, we'll see we'll see if that if that turns out to be the case. I mean given that it's only been We swapped out the capture card the usbc cable The htmi is the only thing we haven't swapped out, but it's been that same side of the table consistently Yes, it's been having these problems Makes me think that yeah, we've just got a an htmi cable that is suspicious, uh, so We'll see we can we can get that going. All right. Um Actually, let me I'm gonna go ahead and do another in-person look. I'm gonna go ahead take a look at new organizers I'm we'll be back with an update shortly because I Debugger is generally a good sign. Yes. I saw oh wait. Oh Uh, I saw like a bin bash string in the debugger there somehow But that doesn't really make sense right because well, I mean with the intended solution That doesn't mean they're not gonna do. Oh, no. Yeah, and there also is the So I'm trying to remember how the wind function Runs it may just show it may be from the wind function On the stack as well too. I don't remember but no, they shouldn't be getting to that Yes, let's see. I don't see the In in the meantime, I wanted to take like the like just ask people who are Watching whether you are like, uh, and is anyone here in the in vegas attending defcon or are you watching from? All over the world like who do we have here? We saw someone from kenya even chimed in earlier Oh, wow there watching so we know you do have yeah Some worldwide watching interesting to go and see those like analytics afterwards see who's watching But yeah, it's do we have any people so and by the way like if you are If you are here at defcon, uh, you know, feel free to come by in the the ctf area Uh, we probably won't be able to talk a ton, but hopefully yeah, like if you come if you come during matches You can watch the matches if you come between matches, uh, you can you know have a chat with us. Hopefully if we're not panicking Uh, yeah, someone's watching from the ctf floor. Okay, nice And also from europe in the hotel room giving a feet a break. Yeah, that's a wise decision I'm I'm ready for my my feet my throat like several parts of me need a break. Oh, yeah Yeah, I mean we've we've been talking here for like okay, so there's this is interesting these these uh There's ascii values are being converted to integers on On this so we we're looking at debugger dump of the game state right so we could see We do see the the game state. There's zero, you know, it's really obvious to see those those numbers cool, um Yeah, and you can see Look at that base, uh thing there you have like generating a list of integers from zero to 96 which is Interesting is that um Yeah, we have a watcher from estonia brazil people who are saying they they want to go visit deftcon in the future Yeah, I think deftcon is like it's a cool event to to visit. It's uh, I think they're trying to increase the amount of streaming And online presence as well too, so you probably will be able to find other Streams I think there's even some webcam like 360 degree webcam virtual cameras They're putting up in a couple of the rooms where you can watch what's going on so Trying to improve like the accessibility. I mean, I'm certainly with with covid In general most conferences have tried to adapt better for okay. We have somebody Watching right next to our camera. Let's look they don't bump it But anyway again checking the Code here, they're right thing. Um, I'm trying to get a better feel for what they're doing like Again, they're generating like a list of numbers Uh, okay, so they need to find like the right Offset where they're overflow like this actually looks really good. Yes. This actually does like really good I'm glad we let them go finish this. Yeah. Yeah if they get the right offsets like let me go look at the other one But we might be closing in yes So that's that's really cool like we can like once they get that thing It's going to be real quick like we are probably going to miss There's a big risk. We're going to miss like the moment But so basically if I'm reading this correctly what I'm trying to do is like find the offset in memory like They're overflowing something and then like how far into this do they want to put Whatever they are placing there, which should be the the solved or solvable state So Yeah, they they might definitely onto something they're switching the numbers around a little bit Maybe it's that the so they switch the zeroes to a one Which seems to have crashed the program and then I'm checking why this is happening. Yeah, we have someone from Morocco as well. Cool That's it's cool to see we have people all over I guess the I'm trying to like Work out like what what time it is across the world at the moment But wait, that's the people are watching from Europe. It's like in the middle of the night there so that's Dedication Hope you're enjoying it Trying to see here that they're just quickly looking at the disassembly again Trying to Maybe looking for some specific offsets or so Yes, they did get some specific offset offset to to put a breakpoint There right and then they're also looking at the base Oh, yeah to make the breakpoint in the or maybe not the breakpoint or the The offset where to inspect the memory. Oh, yeah Oh, yeah, people saying they're watching from like, yeah, definitely middle of the night. Um, you know Awesome Netherlands representative as well. So I I'm seeing some interesting stuff there, but uh, what did you see? From the organizers from the organizers. Yeah, so the I mean, I hate to take bets. Yeah, because I've lost a lot of money at this table so far If uh, if uh, if this was a gambling arrangement, I would I would not be doing so well but I will I I feel also feel like I tend to favor my side of the table Yeah, and then we've had all these surprise victories from the other ones. Yeah pop up several times, but All that said, I do think team taiwan Has a little bit of a leap. So looking at the new organizers We've got a script. Uh, it has a bunch of it's some a mixture of gdb some phone tools and then as well, you know Sending inputs and kind of breaking in I didn't get the sense that they they had An overall plan for what to do right, but again The definitely the one thing I've learned is that I don't know what I'm doing anyways Like it's it is really hard to understand exactly what's going on their heads and so you're not always right um Whereas I will say It certainly looks like with that offset right with it. We were seeing a a a valid solved sudoku Trying to find the right offset to line it up, which Sounds like from what I understand of it is is the intended solution um so We'll see Yep Can we can we get some some confirmation is the the solution If is it just misaligning the correct board the certain number of bytes will that trigger it essentially? Any great board at the right offset so just put the right amount of padding bytes in and then it will overwrite it the right Say again Then you mark it as salt. Yeah Oh just send anything and it will just mark it as salt right Okay, so what uh our producer there said was that uh You first you send a solvable state you override the uh The thing the states with the solvable one and then you just send something to like Trigger to recheck and and like have it be uh solved and then you get to when uh there We can see here They are like working out in a text editor. I think they're like it still looks like they're trying to solve the state as it exists not overwrite The the state with their solve like so what I saw but I wonder I'm a little afraid They got the overwrite, but if their exploit didn't try to like send another round for validation It like overwrote it But then never oh, oh wow, that would be uh, that would be terrible Um, so it is possible that they've essentially had the right solution No, that's just didn't re-trigger it to be able to actually get to the wind function. Um so We will we will see We're only a little bit late Especially actually we technically we have two more minutes before the original length of this right and we're letting We're on long just because the the the last one of the day Um And we prefer they have a chance to do it if they can but there will our voices will give out and we'll be some point Which we say Sorry, we're cutting you off Uh, but none of us want that to happen. So So we'll see. Yeah, we're taking uh, we're taking bets here and uh Hoping this will work. Um, we're also about to lose power on our our chats. Yes, Tunisia. Excellent. Welcome Yeah, I've been to Tunisia for cdf competition Have you really I actually I think I could invite you to speak there one time at a conference and yeah, there we go So, uh, see if that actually powers it. I don't know what this is plugged into at this point Yeah, yeah, we are power on our one of our screens here. All right. Good and that one's We also have like a graphical glitch on the balsam screen, but it's just it's just blocking the ads So I'm okay with it. That sounds great. That's I wish I wish all of my graphics glist is just blocked out ads as I surfed Oh, yeah So, uh as an employee of a big ad tech company I would have to uh a large tech company whose revenue might depend heavily on ad. Yeah, uh, you know Yeah, yeah, are you allowed to ruin ad blockers? No, I'm not gonna make you talk at work. I'm not gonna make you talk at work All right. All right, but I can do that All right, so here we go so I this Still feels like we're trying to solve it I don't I don't see I don't see the the, uh The exploit like I don't see them actually like Exploding it. Well, I mean this Might still work like if their idea is to just like Overwrite a couple of values and make it soluble and then put into solution like but they're gonna they're gonna inherently have to Overwrite the whole thing though, right because they're just linearly Well, I mean it might be that they think that they can only overwrite like the beginning of it or something like this You're still gonna have a null at the end. So no, no, no necessarily because it's gonna convert in right Yeah, no, that's okay. That's fair. I mean it could it could work like it's not the not not the intended play, but uh could probably work So, yeah Unless there's a question mark at the very end of the puzzle if there's an unallocated one at the very end that Would have to be Well, we'll see Yeah, we'll see. All right Few more few few more bits Thanks everybody for hanging with us. This has been like just utterly exhausting and super exciting Um, just as a quick recap, you know from our from our earlier games We had a nail biter of a finish at the very beginning from uh shellfish versus ptb wtl Oh, yeah, like they were I think within a few keystrokes of each other like you can't get a tighter match I know we were looking at one screen as they were about to declare a winner Yeah, and then the other one popped it just was so quick. Yeah, so that was fantastic Make sure you go back and check the uh the replay on that one Uh, we're going to end the stream today when we're done with this particular challenge Um, sorry about that. I hit the microphone. Uh, we're going to end the stream today Uh, once we're we're done with this challenge And we wrap it up But uh, we'll we'll back tomorrow a long day tomorrow So the stream is going to run for eight hours straight. Uh, actually it's nine at least because we've got Eight challenge. No, no, that's right eight total hours eight hours to one hour. Yeah We'll see we may end up needing a break. Well, we're going to try to get breaks by taking the trading off You're going to see some guest commentators We're going to have some other people come in and fill out different roles. Should we uh, I think it was already written on Twitter, but the the idea is to have uh, we have uh, uh live overflow, uh, hopefully joining in and uh Kamosa brandon falc. Yeah so two popular people in like the security, uh, like Concentration the space. Yeah. Yeah, I'm I'm I'm excited. I'm looking forward to chatting with both of them Uh, and I'm also looking forward to have a break and as we each get to Yes, maybe maybe alternates uh, every other round. So one of us will we'll get to your rest and also Make sure we give our producer glen a break as well. So yeah, we'll be cycling through that um We've got uh, a variety of different challenges. Um, maybe for any of the teams that happen to be listening We want to talk about like the overall types of challenges that we have no no no super spoilers But like I will say I think we're pretty representative. Right, right. There is a uh heavy pwn focus a little bit of re. Yes, there's, um Certainly a little bit like shell coding or constrained exploitation um Solution having a quick look here again. Yeah, trying to get caught back up Oh, man. So they have a solution there, right? They're soul screen. This is I mean, it's they have a solve solution, but Yeah, there's a hashtag free jordan glen and kala. Uh, yes So, yeah, just to clarify. That's my uh, nickname or like, uh, then so, yeah In in in the pack harder. Thank you. Yes I mean if thank you, uh negasura this random person who showed up in our chat certainly not the author of this particular challenge that is, uh Stymied our opponents for so long. So right. Yeah, he but but uh, you're not wrong It's if they just would hack harder we could we could take a break and we could Yeah, we could get some dinner So let's let us because it is I would say we are going to have to hit sudden death pretty soon because we're looking at another several minutes of sudden death as well, so um We'll uh, we'll take a look. Maybe I'll take one more pass at new organizers We'll talk about having a uh, you know Cueing up a sudden death. We'll kind of consider what we want to go um, yeah I'll uh, I'll go ahead and give a bit of a oh just use a data glove. That's a what is a data glove That's a reference. I don't get uh, isn't that the uh, the The game controller thing that no, that's a power. That's a power. Yeah. Yeah, but child of the 80s. Of course. Yeah Yeah, yeah, no, no. I mean, yes, that's a thing before I was born. Sam. No trolling. No trolling Please stay no no no We will we will find you you're in the room. We remember this No, we don't we don't talk like that. That's uh, yeah, don't use it. Yeah That's you're going to be asking for for network forensics or something something crazy. Yeah, we might call the goons Yeah, having to take you out of the room. Yeah, I'll go check out new organizers and we'll be back. I'll give an update on the Defconn CTF scoreboard uh in the meantime so We have like a slightly larger spread now uh with Like spanning from just below 14 000 up to just above 18 000 points Between the 16th and the first place with uh, katsubin in first place mmm in second place and perfect route in third place And if I'm not misremembering, I think uh, last year we did have like a top fight between katsubin and uh, PPP as well. They have kind of Pulled ahead those two teams and created like a slight gap down to third place. So I do think this uh, like mirrors Some of what we saw last year went with the regards to like the standings, but This is only the first day of the defcon CTF. A lot of stuff can happen. Uh, this is like far from over so we're gonna be keeping an eye on that Throughout the weekend and give you updates It's uh, yeah, I mean if you're here in the CTF room, you can see this really funny Visualization the the nautilus institutes have put up. It's like some 3d animation of like a bunch of weird, uh Machines one for each team like spitting random objects at the other teams like showing I guess it's showing like who is attacking whom Possibly there's like seashells and stuff flying around Uh, you know, I guess there's some joke about there about like shells and seashells and you know that um but again taking a look at um the Screen of balsam here I'm I'm still not entirely sure with they have this like Partial solution or like a solution. They've split up the solution into two parts and then Trying to send some like they're sending some Data and then they're sending the other solution. It's still not exactly sure what's going on So we have explicit data hander crazy keyboards. Yeah, I will have to look that up Afterwards, uh, but uh, yeah, I still think uh, I'm still thinking power gloves would you know really help out in this situation Uh, maybe you could have them like, you know different like rock gadgets and stuff mapped to the A different buttons and stuff. That's uh, you know the way to go Anyway, you can see uh them like in the debugger here inspecting the memory there a little bit So I'm looking at the global variables You can see you have the standard in the standard out object and then further down They have these objects and you can see you can the Byte values there in the like the middle of the of the printed out block With the different digits of the sudoku solution um Yeah, it like it feels like they are Very close to to getting it but still like a bit unsure exactly what's going on um So, uh Yeah, we have uh, jordan coming back here now. So, uh, we'll get an update on on where we are We are going to give them a sudden death hints. We're going to give them a hint That is just because here's here's the the thing that we have missed talking about it so far I was looking back over with the the example solution And the the the nuance here Is that there's a length check that that we've been that has been kind of showing up a little bit now length check basically um Prevents you from even if you overwrite it with the fully solved board From actually solving it on that throw. So you overwrite the state of the board all but the last one Right and the last one you leave empty and then you can just solve it by overwriting the correct Last answer I see so It's a little bit along the lines what we've been talking about but it seems that they've done like a weaker variant of that where Uh, they didn't have like as good of a solution There was a question chat here about uh, is there anywhere to explain the ctf format? There's an ad going on as well as these one-on-ones. Yes. So kind of like the main of the main ctf the defcon ctf is the Traditional defcon attack defense that you know, we all know and love Although, you know, there've been like variants and twists to it over the years Then within this competition this live ctf is like a sub event where It's running parallel to the attack defense aspect of this So each team sends one player for each match and then we play this knockout tournament And at the end this will generate a ranking From the knockout tournament which is then fed back in and will affect the scores of the main ctf event, so This will be valuable and might definitely affect the final standings of the defcon ctf I'm not completely aware of like What's like the waiting factor is like how the scoring model works for for the ctf And so so I couldn't tell you like Exactly how valuable it is to win the tournament versus getting second place But we've been trying to find a balance where The teams can definitely I'll tell you in a second, but yes First I'm going to deliver the hints and I'll be right back and we'll see if we can we can bring this one home Right. Can you just read me the hints here first? Here we go First attempt overwrite almost all second attempt solves due to length check. Yes Sounds great and we will see if this does it. Yeah, this is almost like a straight up Solution like this could almost be like a write-up for the You have to understand what the program does and that that's the state that they've they've got So now we're going to give them like the the final hopefully final hint here that will just like Hopefully blow this case wide open and you know, they have them solve it from there. Did we get any? Reaction from the players on that was too busy coming back. I should have I should have watched. Okay. Okay. I see Yeah, we got we got some forehead touching Okay says says our producer. Yes um So we'll see will it I I think this was this one I think is on us I think this was a little too subtle for what we're kind of aiming for and again being in a high pressure thing It's just not to say that these are not excellent explorers It is just very hard and there's this was a little bit of a little bit nuance a little subtle nuance Oh, yeah, because of the the way that the length check happens in the binary You can't actually Fully overwrite and expect to do it. It will already know that's an invalid attempt And so it's not solvable But then you have overwritten the the correct state Such that you can then solve it because you moved it from an insolvable state to a solvable state, right? Somebody else might have got it. You don't know, but it's definitely this is definitely a little harder It's certainly it's it's more subtle than some of our previous challenges Yes But but we'll see what we'll do our best to keep keep dialing in the difficulty and See how it goes. So let's keep an eye out for the the winner We may see because we're not looking at the new organizers We might get that off-screen Or we might see team taiwan pull it off here In the main window, so I'm I keep rooting for for whoever we have the capture car working on just by very nature being on my side of the table Yeah, yeah, yeah but but you know like Being a Swiss not citizen, but Swiss resident. I'm you know kind of like maybe rooting for organizers a little bit So are they are they a swiss team? So they are a swiss british american team, I think Oh, there we go. All right So there you know have the winner Congratulations awesome awesome Oh my god down to there down to there. It happened again. It happened again So I'm gonna go you can go congratulate them. Go talk to the team. I'm gonna go ahead and see see y'all out Just a quick summary. I think we've already kind of covered what's what's happening the rest of the day We're gonna go recuperate. We're gonna fix our hdmi cable. So we'll come back with uh tomorrow. We'll uh, hopefully have Uh, the ability to see both screens more effectively Instead of having the flickering that we had this time And uh, we look forward to seeing eight challenges. We're gonna have eight more rounds We're gonna finish up in the morning four more rounds of round one And then in the afternoon, we're gonna move straight into round two And we're gonna go all the way from eight teams all the way down to four by the end of tomorrow So come back and uh, see that long day. Look forward to seeing you then take care and have a good one