DevinCook.net

This was the first problem, and only worth 50 points. I think it should have probably been worth more than that, and apparently only 18 teams solved it.

The guys of 0xbadf00d have already done a pretty good job of eplaining the problem, so I'll try to focus on explaining the steps that our team went through to figure it out.

We started with the html file given, and quickly located the original to search for differences. While we were doing that I think someone tried calling the unfortunate person who happened to get Bryan Cantrill's old phone number (oops, sorry). The only differences really were spaces added at the end of some lines. We briefly thought about Whitespace, but it was quickly dismissed as there are no tabs in the file provided.

Here's where we made a mistake that ended up costing us a pretty significant amount of time. We found the difference in length of each line, resulting in the following:

>>> diffs = [len(a)-len(b) for a, b in zip(gits_version, original)]
>>> diffs
[2, 0, 4, 6, 8, 4, 9, 4, 9, 8, 7, 9, 0, 3, 4, 5, 4, 7, 9, 0, 3, 1, 8, 7, 5,
1, 0, 6, 6, 1, 1, 9, 6, 7, 0, 4, 1, 3, 0, 2, 3, 8, 4, 2, 5, 7, 6, 9, 3, 4,
0, 3, 0, 3, 2, 3, 4, 4, 0, 5, 0, 5, 1, 9, 5, 9, 5, 4, 4, 3, 4, 5, 6, 1, 0,
4, 5, 8, 6, 4, 2, 6, 5, 0, 3, 3, 2, 7, 6, 1, 6, 8, 5, 7, 2, 9, 7, 5, 0, 5,
9, 1, 8, 7, 6, 0, 9, 2, 4, 5, 6, 5, 8, 9, 2, 7, 3, 7, 8, 0, 8, 8, 5, 1, 9,
1, 5, 5, 6, 4, 6, 5, 6, 0, 0, 5, 8, 0, 6, 3, 2, 6, 1, 6, 1, 1, 1, 5, 6, 8,
3, 0, 7, 5, 4, 6, 0, 6, 4, 7, 2, 7, 1, 6, 1, 7, 7, 8, 5, 9, 3, 3, 5, 5, 1,
1, 4, 8, 2, 1, 9, 9, 0, 5, 9, 1, 6, 9, 2, 3, 5, 5, 5, 0, 0, 3, 3, 9, 7, 0,
7, 5, 7, 2, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0]

In hindsight, the -1 should have been an indicator that we screwed something up. We spent a some time trying to make sense of these numbers. Were they offsets for characters in each line? Could they be directly converted to ASCII somehow? After trying a few of these, we tried getting rid of the extra stuff and turning that into a nice long base-10 number. From that, we turned the number into hex, and finally an ascii string.

>>> num = int(''.join(map(str, diffs[:-63])))
>>> num
2046849498790345479031875106611967041302384257693403032344050519595443456104
5864265033276168572975059187609245658927378088519155646560058063261611156830
75460647271617785933551148219905916923555003397075722L
>>> hexstr = hex(num)
>>> hexstr
'0x687474703a2f2f656e2bc9ec6d8c9c8218cf44ef872f1791de5e929e203374ed39aee6260
5e46a6770ce83f2b333fbd5f6b200f4852e818bbbc1505ac3a75433d4cbbeb0e573234d61737
36163687573657474730aL'
>>> binascii.unhexlify(hexstr[2:-1])
'http://en+\xc9\xecm\x8c\x9c\x82\x18\xcfD\xef\x87/\x17\x91\xde^\x92\x9e 3t
\xed9\xae\xe6&\x05\xe4jgp\xce\x83\xf2\xb33\xfb\xd5\xf6\xb2\x00\xf4\x85.\x81
\x8b\xbb\xc1PZ\xc3\xa7T3\xd4\xcb\xbe\xb0\xe5s#Massachusetts\n'

Well... that's close. It looks like it was supposed to be a Wikipedia link. After some bitching in IRC (and lots of attempts at XOR-ing to find whatever was obfuscating the rest of our link), we finally realized we needed to disregard the original file, and instead only count the number of spaces at the end of each line in the GitS version. Repeating the same process with the new counts gave us the full http://en.wikipedia.org/wiki/List_of_burn_centers_in_the_United_States#Massachusetts link. The key was "Boston Medical Center". We spent way too long for those 50 points.

Defcon 20. Whoa. This year's defcon was very memorable for me. I actually spent most of it sequestered in a hotel room working on CTF problems... but it was totally worth it. I stayed in the Trump hotel, which is just a few minutes away. It's a nice hotel, and had a really chill vibe (no casino). It was nice to go back there after all the craziness that ensued during the day.

DT had a documentary crew on-site during the conference, and he's decided to release the video for free sometime this year. They've released a teaser that can be found on their media page if you look for "DEF CON Hacker Documentary" (direct torrent link). I can't wait to see the whole thing. The teaser had some people I know in it (like the crazy mohawk dude drinking out of what appears to be a fishbowl... haha).

The Talks

This year the talks looked pretty good. Unfortunately, I didn't have time to go to a single one of them. I did try to go to a coworker's talk, but stood in line and was then turned away because it was full. I hear they're available online somewhere, so I may watch some of them in the coming months. Definitely hit me up if there were any you thought were particularly good.

The Parties

I had some good contacts from previous years, and some that I met during my internship this summer. I was able to get on the invite list for several Black Hat parties. We kicked off Wednesday night at the FishNet party. It was in the Mirage, which I had never been inside of. It's a neat place, and the Revolution lounge is a good time. From there we hit up the WhiteHat/Accuvant/Palo Alto Networks party at Pure. I also went to Pure for defcon 18, but the party this year was even better. Of course, there was free food and booze, but they also had the inside open ...and Paul Oakenfold was playing. It was surreal. On the rooftop we had dessert and cigars, and sat and talked with some really smart guys from Mattersight (they do some impressive automated voice analysis stuff for call centers). I didn't manage to swing a Ninja party invite this time, but I wouldn't have had time to go anyway. I actually missed out on most of the defcon parties because I was working on CTF stuff. I did manage to check out the pool party (there's a brief clip of it in the documentary teaser), and I had a great time hanging out with my CTF teammates on Sunday night after the game ended.

Oh, and how could I forget the Toxic BBQ! It was back this year, and it was fantastic! I absolutely love this event, and hope I always get to go. This year I made a food run with some forum people I had just met. The Toxic BBQ is a great place to meet new friends and really interesting people. I can't explain how amazing the environment is there. I brought a few friends from my internship out, and they all seemed to enjoy themselves.

CTF

This was the last year that ddtek was hosting CTF. Next year it'll be someone else. The CTF CFP is stil open until the end of February. If you're interested in running the CTF, you should submit a proposal.

This year, DT apparently wanted to make CTF a bigger event. There were to be 20 teams (last year I believe there were 12). Half of those teams would be winners of certain other CTFs around the world. The other half would have to go through the standard qualification process. The setup was impressive, and according to other team members the problems this year were relatively challenging compared to previous years. I went into it without a whole lot of reverse engineering experience, only an elementary understanding of IPv6, and barely passable knowledge of FreeBSD (but tons of Linux experience). It was a shock, but I didn't feel out of place. There were actually a lot of people on the team that were really there to learn, and I think we all rose to the occasion. Of course, there were several legit badasses and tons of brilliant people on the team, so that helped a lot. Since the contest I've been practicing my binjitsu skills, and have started learning the art of RE. I'd like to be a much more solid asset next year.

I would like to note one more thing, and that's the infrastructure. It was really impressive to see how much work went into making sure we were all able to communicate, making sure we didn't have too much duplication of work, and making sure everyone had stuff to work on. Especially with a large team, this stuff is vital.

This was my first CTF experience and I had a blast. If you haven't done one before, they go on year-round all over the world. Some of them take place online. Check it out. You'll have fun and meet lots of smart people.

This has been one hell of a year. I've judged a science fair, taught forensics to transitioning soldiers, driven cross country, worked an internship in the San Francisco bay area, scored my first publication and subsequently traveled to England, played some CTF on team Samurai at defcon (we won!), met lots of cool people, played with some very cool toys (including some HPC stuff), learned a new programming language (Google's language - Go), and got to do some interesting research. It's actually really amazing to look back on it. I'll probably write some about defcon in another post as there's much to say about DC20.

On the school front, I have some good news and bad news. The spring semester this year was the last semester where I had to take classes. That's neat. Unfortunately, I'm a huge slacker and haven't done my dissertation proposal yet, so that will hopefully happen in January. I have chosen what I want my topic to be though, so that part is behind me at least. I probably won't make my self-imposed May deadline for having everything completed for my PhD, but I still feel good about having it done by the end of next summer. I can now say that I'm actively working on it, so there's that. I see several more publications in my near future. The one for last summer was a paper on some of the VMI research we did in the lab last year. The IEEE TrustCom conference was in Liverpool, UK this year. There were several other people doing similar things, including some guys from HP Research. There was actually a write-up done for the college of engineering's magazine on that research, defcon CTF, and some other happenings in our lab.

The rest of my summer was pretty neat as well. I spend about 10 weeks out in the bay area, and I have to say that I've fallen in love with San Francisco. I don't know how, but somehow I managed to grow up in southern California without ever visiting SF. Northern California has a totally different vibe. It's also really neat how you can walk around and just stumble upon the headquarters for all these companies you interact with online; I stumbled across Zynga, Facebook, Google, Square, MongoDB, Oracle, Shazam, and probably others that I'm forgetting. Oh lord, and the food! I gained 10 pounds during my time out there. There are so many amazing restaurants, food trucks (there's one that only sells creme brulee!), taquerias, street vendors of varying legitimacy, etc. One of my favorite discoveries were the late-night "street dogs" that people sell on the street. They're essentially a hot dog wrapped in bacon topped with grilled onions, mustard, mayo, and ketchup with a steamed bun. So good. So unhealthy. Hopefully when you eat one you're too drunk to care (I may have poured Irish whiskey on the first one I ate, and I'm not going to lie - I'd probably do that again if the opportunity were to present itself). I'm hoping we end up moving out there after a couple years.

As far as research in the lab goes, we've been most recently working on a project involving dynamic binary analysis using binary instrumentation techniques. We want to be able to detect and mitigate vulnerabilities in a semi-automated fashion. Of course, this is difficult, so we're taking an interesting approach. I'm sure I'll be writing more about that, especially if we can get some papers published on the topic. Stay tuned. More to come.

P.S. I disabled comments today... take that, spammers! It was really incredible the volume of spam comments that were being submitted. I thought briefly about trying to automate some kind of spam reporting (they all use URL shorteners, so I thought maybe I could get them shut down that way), but to be honest I don't think it's worth spending any time on.