The CCTF team is pushing the events to the next level by developing a decentralized CTF platform.

Vol9 is the first round where we are using our own smart contract as the CTF engine. The core features such as the flag submission, scoring, start/stop/pause functions are ready. We also bring in a new reputation system which will help all players to keep track of their achievements on-chain.

Solving challenges == proving your skills on-chain

The contract we created is not just used for submission of flags, but also to keep track of player’s skills. Each challenge requires some specific type of knowledge and when you solve one, your skill levels up.

In vol9 we are testing how the system works and by vol10 we’ll have a refined reputation system. This will also provide some cross-chain features for other projects that need highly skilled hackers (yes, the goal is that players will be able to mine out the value of their reputation through multiple platforms).

What are the rules?

**Main goal:** Collect as much flags as you can from the challenges and submit them successfully.

**Do NOT attack cryptoctf.org or hosts belonging to it. Do NOT initiate any denial of service (DoS) attacks. You can get banned for that.**

If you can take coins through the provided challenges from other players, it is allowed. Time matters – it is a wargame! Some wallets contain real tokens too… : )

A friendly note on challenge submissions: transactions are transparent.

From the HITB turn, top 5 players will get to the next level.

How can you play?

  1. 1. Read this blog post. For vol9. this is the RTFM challenge.
  2. 2. Grab the player files that will be disclosed at CCTF vol9, round 1. start. Possible sources:

    1. Matrix -> https://matrix.to/#/#CCTF:matrix.org
    2. git.hsbp.org -> https://git.hsbp.org/six/CCTF_Public/
    3. github.com -> https://github.com/smilingSix/CCTF_Public

  3. 3. Solve challenges and find the flags.
  4. 4. Submit signed transactions by the flags values (details below).

Registration process:

1. Generate your own Ethereum keys. This is what you will use to submit flags with (https://metamask.io/ or geth or other)

2. Call the CCTF smart contract register function and pass the string “I_read_it” to it. Otherwise it won’t work.

Address: 0x36a1424da63a50627863d8f65c0669da7347814a

Network: Polygon

URL to smart contract on explorer: https://polygonscan.com/address/0x36a1424da63a50627863d8f65c0669da7347814a

3. Congratulations, you have registered! Now lets submit a flag.

If you don’t have coins to register/submit…

…contact Natoshi Sakamoto. S/he might be able to support you on your journey: @natoshi_sakamoto:matrix.org

    How does flag submission work?

    The common CCTF{FLAG} format stays, but the values inside {} will be ethereum account private keys. You will need to use these keys to sign transactions to get points.

    There are multiple ways to generate Ethereum Signed Messages. First you can check out the web3py library:

    https://web3py.readthedocs.io/

    If this is not enough, six has a repository which might help: https://git.hsbp.org/six/eth_keygen/

    The official CCTF signed flag message script will be released after vol9 😉

    Awards and prizes

    In vol9, you are playing to get to Round 2 and to start building your on-chain reputation.

    Location is not yet disclosed, but as you saw in the past we will have a really nice yacht again!

    In round 2, we’ll focus more on providing more community/reputation values for everyone. Don’t be mistaken, this doesn’t mean we will have low cryptocurrency prizes!

    Top 5 players get in from the HITB 2022 event.

    Top 1 player get in from Bsides BUD 2022 event.

    Top 1 player get in from the Asis Crypto CTF 2022 event.

    Top 1 player get in from Q4 special challenge and 2 more if our sponsor budget will make it possible (will be decided in September).

    Contacting the winners

    This time, we will announce the winner addresses on our social channels and they need to send us a signed message using the winner keys through email (contact /at cryptoctf.org) or direct matrix message to six.

    Scoreboard

    You can find scoreboard.py in the CCTF_Public repository. This is community contribution, thank you Robin Jadoul!

    What about the CCTF frontend?

    1337 players can play from the terminal. Well, you might find some graphical tools or sites if you search hard enough. Contributions are welcome (:

    How to report bugs?

    If you think there is a bug or found a vulnerability, please contact six or silur on Matrix or Telegram.

    Where is the CCTF Metaverse?

    It is being developed, but in vol9, you will already find a challenge in kusama.momentum.xyz. Details will be shared when the game begins.

    Are you ready to hack?