most of #defconctf irc for the 2016 comp

20160521.log

[09:53:51] *** Joins: nwx ([email protected])
[09:54:09] *** Joins: WebIRC22009 ([email protected])
[09:54:54] *** Quits: Lightning ([email protected]) (Client Quit)
[09:56:11] *** Quits: mightym0 ([email protected]) (Ping timeout: 252 seconds)
[09:56:18] <nwx> ಠ_ಠ 
[09:57:22] *** Quits: IceGuest_78 ([email protected]) (Ping timeout: 252 seconds)
[10:01:31] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[10:03:57] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[10:05:14] *** Quits: WebIRC31809 ([email protected]) (Client Quit)
[10:06:43] <TMT> how much we should watch time_sink ?  :))
[10:07:19] *** Joins: WebIRC72005 ([email protected])
[10:08:35] <gynophage> TMT: I dunno. You better start over from the beginning just to make sure you get an accurate timing.
[10:08:47] <espes__> i cant run it
[10:08:58] *** Joins: WebIRC87118 ([email protected])
[10:09:01] <espes__> windows is too hard
[10:09:09] <TMT> i wish i have it's source after CTF
[10:09:28] <gynophage> TMT: That'll probably happen.
[10:09:36] <rok__> whom should i ask for "feedme" challenge?
[10:09:47] <TMT> TNX :X
[10:10:47] *** Quits: zzz ([email protected]) (Client Quit)
[10:11:29] <gnomus> I am stuck on all challenges.. propably should go get some sleep :D
[10:11:48] *** Joins: dddd ([email protected])
[10:12:19] *** Joins: zzz ([email protected])
[10:12:34] <gnomus> can't think straight anymore
[10:12:48] <dddd> hey, does time_sink supposed to generate access violation eception?
[10:12:54] *** Quits: cx ([email protected]) (Client Quit)
[10:13:47] *** Joins: uri ([email protected])
[10:16:26] *** Quits: sk123 (uid95049@2604:8300:100:200b:6667:1:1:7349) (Client Quit)
[10:16:35] *** Quits: WebIRC22009 ([email protected]) (Client Quit)
[10:17:44] *** Joins: Lightning ([email protected])
[10:17:44] *** ChanServ sets mode: +o Lightning
[10:20:53] <gynophage> Game moving too slow? There, I fixed it!
[10:20:57] <gynophage> (Unlocked badger)
[10:21:00] <gynophage> I'm so sorry.
[10:21:09] <Lightning> no your not
[10:21:52] <gynophage> you're*
[10:21:54] <gynophage> GET REKT
[10:22:11] <hj> last time I checked you're doesn't end with a *
[10:22:20] <gynophage> #DOUBLEREKT
[10:23:01] *** Joins: mightym0 ([email protected])
[10:23:21] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[10:23:27] <sirgoon> badger that name sounds familiar
[10:24:55] <gynophage> sirgoon: That's so weird!
[10:25:09] <gynophage> SO ODD I CAN'T EVEN
[10:25:25] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[10:25:33] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[10:26:10] <cai> oh you mean that challenge that we solved but couldn't solve? :p
[10:26:23] <gynophage> cai: Then it should be easy, right?
[10:26:35] <cai> i'm still distracted by another chal atm, so we'll see
[10:26:47] <nwx> stupid binary RE
[10:27:59] *** Joins: dapan ([email protected])
[10:30:21] *** Joins: WebIRC35378 ([email protected])
[10:30:30] *** Joins: pandoron ([email protected])
[10:31:03] *** Quits: liikt ([email protected]) (Ping timeout: 240 seconds)
[10:31:54] *** Joins: ltfish ([email protected])
[10:32:54] *** Joins: liikt ([email protected])
[10:33:30] <hj> nwx i know right if only all of challenges didn't involve re
[10:33:42] <nwx> :/
[10:33:54] *** Quits: fish__ ([email protected]) (Ping timeout: 240 seconds)
[10:33:56] <dddd> will be any web this year?
[10:34:45] <SallyCroak> all the challenges are on the web
[10:35:40] <gynophage> dddd: lol, no web. Go take your sqlmap elsewhere.
[10:35:53] <dddd> just asking last year there was one web
[10:36:18] <Lightning> wasn’t that a web with cgi exploitation?
[10:36:36] <dddd> nah, there was something with ruby
[10:36:41] <SallyCroak> or kernel exploits.
[10:36:47] <dddd> dont remember exactly
[10:37:38] <gynophage> The problem with web challenges.
[10:37:47] <gynophage> "Hey, remember that really cool web challenge?" - Nobody
[10:37:59] <dddd> but, to sum up: not a single web challenge this year, right?
[10:38:14] *** Quits: WebIRC87118 ([email protected]) (Client Quit)
[10:38:18] <Lightning> we didn’t say that
[10:38:21] <gynophage> I did.
[10:38:22] <gynophage> Like 4 times.
[10:38:25] <dddd> ;]
[10:38:30] <gynophage> NO
[10:38:31] <gynophage> WEB
[10:38:33] <gynophage> CHALLENGES
[10:38:41] <dddd> ok :)
[10:39:09] *** Joins: sugiken ([email protected])
[10:39:12] <dddd> then i have to tell my team mate who like webs, t go on learn some pwning, instead of waiting for webs :P
[10:39:13] <SallyCroak> but will there be any web challenges?
[10:39:47] <Lightning> while you guys are busy working i’m watching one of the guys rotate his laptop around in the air trying to get rotate events to work
[10:39:54] <Lightning> the fun we have on the back side
[10:39:56] <gynophage> SallyCroak: Sure, here: http://www.puffgames.com/flashhalo/
[10:40:13] *** Parts: sugiken ([email protected]) ()
[10:40:26] *** Joins: WebIRC95042 ([email protected])
[10:40:41] <WebIRC95042> hint please, baby-re
[10:41:33] <SallyCroak> lol flash isn't web. where's the sqli?
[10:43:35] *** Joins: WebIRC87776 ([email protected])
[10:43:54] *** Quits: KALRONG ([email protected]) (Ping timeout: 240 seconds)
[10:44:02] <SallyCroak> ooh, someone said the third part of xkcd is xss. I'm on it!
[10:44:10] <gynophage> SallyCroak: http://lmgtfy.com/?q=inurl%3Aselect+inurl%3Afrom+inurl%3Awhere
[10:44:12] <gynophage> Enjoy.
[10:45:02] <Lightning> WebIRC95042: if it is up then no, it has over 100 solves
[10:45:54] *** Quits: Guest92 ([email protected]) (Client Quit)
[10:46:39] *** Quits: WebIRC87776 ([email protected]) (Client Quit)
[10:47:00] <WebIRC95042> thanks
[10:47:05] *** Joins: p9 (~p9@2001:41d0:51:1::123b)
[10:47:11] *** Joins: Coconutz ([email protected])
[10:47:23] <Coconutz> Is there anywhere I can find the full scoreboard ?
[10:47:40] <SallyCroak> you want the complete scoreboard?
[10:47:44] <Coconutz> yeah
[10:47:49] <Lightning> no url, we might , maybe put something out later
[10:47:57] <SallyCroak> like at /scoreboard/complete ?
[10:48:00] <Lightning> at least no url i’m aware of
[10:48:19] <Lightning> SallyCroak: is right, we had that last year. forgot about that
[10:48:41] <Coconutz> wasn't aware of /complete , thanks :)
[10:48:42] *** Joins: Algo ([email protected])
[10:48:50] <Lightning> Coconutz: don’t feel bad, i forgot about it myself
[10:48:54] <gynophage> Lightning: we published /complete
[10:49:26] <SallyCroak> should we try to find other hidden pages on the scoreboard? :)
[10:49:42] <gynophage> SallyCroak: I guess if you want to get banned.
[10:49:44] <SallyCroak> I've heard good things about this dirbuster program
[10:50:06] *** Joins: WebIRC6929 ([email protected])
[10:50:09] *** gynophage changes topic to 'http://music.legitbs.net | Point values: https://twitter.com/LegitBS_CTF/status/733807024652193793 | Make CTF Great Again | https://2016.legitbs.net/scoreboard/complete'
[10:50:17] *** Quits: pandoron ([email protected]) (Client Quit)
[10:50:31] *** Joins: WebIRC87118 ([email protected])
[10:50:40] *** Quits: WebIRC6929 ([email protected]) (Client Quit)
[10:51:56] *** Quits: Coconutz ([email protected]) (Client Quit)
[10:52:25] *** Joins: WebIRC63190 ([email protected])
[10:52:38] <Octothrope> :) :)
[10:53:18] *** Joins: pandoron ([email protected])
[10:54:18] *** Quits: pandoron ([email protected]) (Client Quit)
[10:54:55] <Lightning> come on guys, there is a whole category that isn’t opened yet
[10:56:03] <nwx> https://imgur.com/c1f7nAR
[10:56:19] *** Quits: WebIRC63190 ([email protected]) (Client Quit)
[10:56:57] <nwx> someone messed up ^
[10:57:17] *** Quits: newb ([email protected]) (Client Quit)
[10:57:21] <gynophage> YES!
[10:57:22] *** Joins: KALRONG ([email protected])
[10:57:24] <gynophage> ITS WORKING
[10:57:49] *** Joins: kiwiii ([email protected])
[10:58:10] <Lightning> and there goes the rotation of the laptop again
[10:58:19] <gynophage> We're really smart over here.
[10:58:28] <gynophage> He's rotating his laptop and poking the screen.
[10:58:36] <gynophage> I don't have the heart to tell him it's not an iPad.
[11:00:12] *** Quits: TMT ([email protected]) (Client Quit)
[11:00:46] *** Quits: WebIRC64501 ([email protected]) (Client Quit)
[11:01:03] *** Quits: L0rdComm4ander (~Adium@2001:690:2100:1b:71c7:1c0e:8cf:334c) (Client Quit)
[11:01:53] <SallyCroak> video?
[11:02:15] *** Joins: L0rdComm4ander ([email protected])
[11:04:46] <Algo> what is the score formular?
[11:05:29] <Lightning> Algo: more solves = less points to all solvers
[11:07:23] *** Quits: asdfasdf ([email protected]) (Client Quit)
[11:07:25] <SallyCroak> the web chall is too hard :-(
[11:08:17] *** Joins: stick ([email protected])
[11:08:46] <hoju> https://gfycat.com/ThoughtfulShamelessChimpanzee
[11:09:26] *** Quits: WebIRC35378 ([email protected]) (Client Quit)
[11:12:31] *** Joins: WebIRC70842 (~7d1@2001:67c:10ec:52c7:8000::11d2)
[11:12:59] *** Joins: mourn ([email protected])
[11:13:39] <kiwiii> who solve heapfun4u
[11:13:45] *** Quits: wmliang ([email protected]) (Client Quit)
[11:14:01] <Lightning> “what is with you and keyboards shifted that way” <hand motion to the left> <other guy shifts the computer a bit to the right>
[11:15:45] *** Joins: withzombies ([email protected])
[11:15:54] <withzombies> easier isn't responding
[11:16:44] <withzombies> probably has a bunch of "this application stopped responding" popups to clear though ;)
[11:17:38] *** Quits: yingyeo ([email protected]) (Client Quit)
[11:17:57] *** Joins: Ninn ([email protected])
[11:18:01] <hj> kiwiii that is something that you need to be careful asking until sunday evening
[11:19:13] <gynophage> withzombies: I'll jump on and take a look.
[11:19:40] <Lightning> fixing music…
[11:19:47] *** Joins: j00ru ([email protected])
[11:19:57] <j00ru> "easier" down?
[11:20:05] <Lightning> looking
[11:20:25] <gynophage> European easier looks like it got rebooted. Nice.
[11:20:41] <withzombies> its back now
[11:20:54] <gynophage> Europe isn't yet.
[11:21:18] <SallyCroak> more important than the europeans and their easier, what's up with music?
[11:21:39] <gynophage> Europe is back.
[11:21:42] <gynophage> Music is coming up.
[11:21:42] <j00ru> thx!
[11:22:04] <gynophage> Musiqpad daemon rebooted.
[11:22:06] <gynophage> <3
[11:22:30] <gynophage> Now, if you'll excuse me, I have a very long list of boxes that have just set xhost + to attend to.
[11:24:08] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[11:24:28] <Lightning> i’m re-adding that video for later for those that missed it
[11:24:55] <riatre> And one of these will be a VcXsrv running on Windows
[11:25:55] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[11:26:20] *** Joins: scymo ([email protected])
[11:26:30] <gynophage> xloadimage doesn't care.
[11:26:33] <scymo> whats up bois
[11:26:55] <riatre> lol please don't load NSFW things
[11:27:18] *** Joins: IceGuest_78 ([email protected])
[11:27:23] *** Joins: WebIRC19244 ([email protected])
[11:29:35] *** Quits: falcon ([email protected]) (Client Quit)
[11:30:15] *** Joins: jawaharlal ([email protected])
[11:31:15] <j00ru> eu easier seems down again 
[11:32:18] <scymo> how could i monetize a hacked tweetdeck
[11:32:44] <gynophage> j00ru: So many "dc.exe has stopped working" dialogs. :-p
[11:33:00] <j00ru> it would make sense to disable WER altogether
[11:33:00] <Lightning> there goes the laptop upside down
[11:33:19] <j00ru> so these dialogs don't pop up
[11:33:21] <Lightning> and he’s now folded it in half the wrong direction...
[11:33:44] <gynophage> It's up.
[11:33:47] *** Joins: valis ([email protected])
[11:33:52] <gynophage> And wer is down.
[11:34:00] <j00ru> thx. :)
[11:34:04] <gynophage> Yup.
[11:34:05] <gynophage> Close?
[11:34:24] <j00ru> somewhere halfway I guess ;)
[11:34:38] *** Quits: WebIRC72294 ([email protected]) (Client Quit)
[11:34:46] <gynophage> Rock on dude.
[11:34:55] *** Joins: add1ct ([email protected])
[11:34:56] *** Quits: at1as ([email protected]) (Remote host closed the connection)
[11:35:40] *** Joins: andy ([email protected])
[11:36:02] *** Joins: lenerd ([email protected])
[11:36:14] *** Parts: scymo ([email protected]) ()
[11:36:49] <j00ru> is the Windows edition/version public info? I suppose no?
[11:37:54] <gynophage> At noon, if nobody has asked for it to remain private, I will publish a screenshot of winver.exe?
[11:38:03] *** Joins: at1as ([email protected])
[11:38:04] <gynophage> (23 minutes for timezone stuff)
[11:38:50] *** Quits: ravencoding ([email protected]) (Client Quit)
[11:39:00] <j00ru> sgtm
[11:39:33] <gynophage> Just want to leave enough time for everybody to have a say. I will say it's running on EC2. And EC2 has very few Windows AMIs, that I know of.
[11:39:33] *** Quits: kkk ([email protected]) (Client Quit)
[11:41:13] *** Joins: WebIRC24794 ([email protected])
[11:42:05] *** Joins: WebIRC70190 ([email protected])
[11:44:08] *** Joins: digitalseraphim ([email protected])
[11:44:10] *** Joins: WebIRC19476 ([email protected])
[11:44:35] *** Joins: nebel ([email protected])
[11:44:35] *** Joins: err0r ([email protected])
[11:44:49] *** Quits: WebIRC19476 ([email protected]) (Client Quit)
[11:45:10] *** Joins: tomandjerry ([email protected])
[11:45:13] <BrainInAJar> plus they cost more
[11:45:51] *** Joins: arbiter_ ([email protected])
[11:45:57] *** Quits: arbiter_ ([email protected]) (Client Quit)
[11:46:08] *** Joins: arbiter_ ([email protected])
[11:47:03] *** Joins: Beluc ([email protected])
[11:47:11] <Beluc> Hi
[11:47:29] <gynophage> HI!
[11:47:44] <Beluc> is there some challenges that does not imply binaries ?*
[11:47:55] <gynophage> I don't understand your question.
[11:48:01] *** gynophage sets mode: +v magichands
[11:48:12] <Beluc> I wanna challenge smth but I'm not very good at binaries stuff ;)
[11:48:30] <gynophage> Beluc: I think you might be in the wrong place.
[11:48:33] <bmc> cat /dev/random | socat?
[11:48:46] <bmc> success is possible!
[11:49:06] <tomandjerry> Isn't there any problem to the Badger challenge?
[11:49:16] <gynophage> Hmm?
[11:49:38] <gynophage> Testing badger's exploit across the ARs.
[11:49:40] <gynophage> Just a sec.
[11:50:09] <Beluc> gynophage: what do you mean wrong place ?
[11:50:18] *** Joins: Guest92 ([email protected])
[11:50:23] <gynophage> Beluc: I mean this isn't the right game for you.
[11:50:33] <Beluc> ah ok :)
[11:50:37] <Beluc> too bad
[11:50:43] <gynophage> Go level up your binary analysis with the baby's first.
[11:50:51] <gynophage> Or go watch time_sink.
[11:51:01] <Beluc> ok
[11:51:08] <Beluc> i will give a try
[11:51:37] <Beluc> tx u
[11:52:02] <gynophage> badger confirmed working us-east.
[11:52:10] <gynophage> badger confirmed working europe.
[11:52:49] <gynophage> badger confirmed working asia pacific.
[11:52:58] *** Quits: WebIRC95042 ([email protected]) (Client Quit)
[11:52:59] <gynophage> (Exploit thrown against all 3)
[11:53:06] *** Joins: scifi ([email protected])
[11:53:19] <tomandjerry> Thx gynophage
[11:53:27] <gynophage> No problem tomandjerry 
[11:54:07] <BrainInAJar> at least being able to do *some* binary analysis is crucial for like, everything in the scene.
[11:54:40] <Beluc> $ wine time_sink.exe
[11:54:40] <Beluc> wine: Unhandled page fault on execute access to 0x7ffdf000 at address 0x7ffdf000 (thread 0009), starting debugger...
[11:54:40] <Beluc> err:dbghelp_msc:pe_load_debug_directory Got a page fault while loading symbols
[11:54:44] <Beluc> normal ?
[11:56:37] <Lightning> Beluc: if attempting to use wine, yes. It is trying to find things wine doesn’t support
[11:57:49] <Beluc> Lightning: tx, I will try unix one so ;)
[11:58:20] <BrainInAJar> xkcd is p. easy
[11:59:27] <IceGuest_78> hard
[11:59:30] <BrainInAJar> the downside is it's amd64, so if you want to use IDA you either need to (have your employer) pay for it, or steal it, because the free demo won't load it
[12:00:05] <BrainInAJar> you could bang your head against the wall with r2 too, i guess. I'm too dumb for radare2
[12:00:15] <gynophage> Or fucking disas main with gdb.
[12:00:18] <gynophage> It's like 2 function calls.
[12:00:31] <BrainInAJar> never!
[12:01:02] <gynophage> https://usercontent.irccloud-cdn.com/file/XB52Gxr3/Screen%20Shot%202016-05-21%20at%2011.59.33%20AM.png
[12:01:20] <gynophage> j00ru: Gynvael tylerni7 cai withzombies 
[12:01:22] <gynophage> ^^
[12:01:26] <j00ru> :D
[12:01:31] <j00ru> useful, thx
[12:01:45] <Gynvael> yaaay ;)
[12:02:15] *** Quits: dddd ([email protected]) (Client Quit)
[12:04:24] *** gynophage changes topic to 'http://2016.legitbs.net/scoreboard/complete | easier: https://usercontent.irccloud-cdn.com/file/XB52Gxr3/Screen%20Shot%202016-05-21%20at%2011.59.33%20AM.png | http://music.legitbs.net'
[12:04:25] *** Quits: icernica ([email protected]) (Client Quit)
[12:04:59] *** Quits: vap0r ([email protected]) (Client Quit)
[12:10:18] *** Quits: Algo ([email protected]) (Client Quit)
[12:10:22] <WebIRC81467> Can I get some help for getting 'badger' to run? I'm getting an "Couldn't get peername: Socket operation on non-socket" error :-(
[12:10:50] *** Joins: kkk ([email protected])
[12:11:07] *** Quits: nayryan ([email protected]) (Ping timeout: 252 seconds)
[12:12:12] *** Joins: Algo ([email protected])
[12:12:22] <gynophage> WebIRC81467: When you run it locally?
[12:13:22] *** Quits: Algo ([email protected]) (Client Quit)
[12:13:47] <WebIRC81467> yes
[12:13:48] <gynophage> (Am I racist because I assume anybody with a WebIRC* nick is a newb?)
[12:13:56] <gynophage> WebIRC81467: Is standard in a socket?
[12:13:58] <WebIRC81467> (probably)
[12:14:25] <gynophage> What does it do to standard in?
[12:14:43] <gynophage> And if you say "I don't know, I just downloaded it and ran it," I've got another challenge for you.
[12:15:21] <gynophage> http://downloads.shallweplayaga.me/totallynotcryptolocker.exe
[12:15:41] *** Joins: rrddd ([email protected])
[12:15:56] <WebIRC81467> Ty, finally a windows challenge that I can run on my real machine
[12:20:14] *** Quits: MrMan ([email protected]) (Client Quit)
[12:21:24] *** Quits: lenerd ([email protected]) (Ping timeout: 240 seconds)
[12:23:27] *** Quits: Beluc ([email protected]) (Client Quit)
[12:23:46] *** Quits: Guest92 ([email protected]) (Client Quit)
[12:24:52] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[12:24:52] *** Joins: nayryan ([email protected])
[12:25:42] *** Joins: cebrusfs ([email protected])
[12:26:26] *** Joins: bigred ([email protected])
[12:27:46] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[12:29:09] <enen> gynophage: you just won the best troll of dcq2016 award, how does it feel champ?
[12:29:58] <gynophage> SO many people with X11 forwarding open.
[12:30:05] *** Joins: tyega ([email protected])
[12:30:43] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[12:32:23] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[12:33:09] *** Quits: kishor ([email protected]) (Client Quit)
[12:33:58] *** Quits: digitalseraphim ([email protected]) (Read error: Connection reset by peer)
[12:34:35] <[SpamAndHex]KT> hi all! we have locally working exploits for multiple challenges, but it does not work remotely? is execve /bin/sh blocked intentionally?
[12:34:43] *** Quits: WebIRC95558 ([email protected]) (Client Quit)
[12:34:59] <gynophage> [SpamAndHex]KT: I'm almost certain your shell code is bad.
[12:35:09] <[SpamAndHex]KT> ROP chain, open + read + write works
[12:35:23] <[SpamAndHex]KT> i mean we are using ROP chain, not shellcode
[12:35:41] <[SpamAndHex]KT> and if we change the ROP chain to a open + read + write one, then it works
[12:35:43] <gynophage> There is no block on execve. Why don't you tell me if /bin/sh
[12:35:45] *** Joins: WebIRC95558 ([email protected])
[12:35:46] <gynophage> is special.
[12:37:58] *** Quits: tyega ([email protected]) (Remote host closed the connection)
[12:39:45] *** Joins: hexa- (~hexa-@freifunk/darmstadt/hexa-)
[12:41:36] *** Joins: autolycos ([email protected])
[12:42:00] *** Quits: zzoru ([email protected]) (Ping timeout: 252 seconds)
[12:43:07] *** gynophage changes topic to 'http://music.legitbs.net | Point values: https://twitter.com/LegitBS_CTF/status/733807024652193793 | Make CTF Great Again | https://2016.legitbs.net/scoreboard/complete | pwnables have busybox -> /bin/sh. Your execve shell code is probably broken.'
[12:44:43] *** Joins: breadsticks ([email protected])
[12:45:24] *** Quits: nayryan ([email protected]) (Ping timeout: 240 seconds)
[12:46:37] *** Quits: BrainInAJar ([email protected]) (Client Quit)
[12:46:52] <mourn> gynophage: the badger's uart isn't supposed to respond as-is ?
[12:46:57] *** Quits: kiwiii ([email protected]) (Client Quit)
[12:47:15] *** Joins: heapheap ([email protected])
[12:47:20] <heapheap> ah...
[12:47:26] <heapheap> heapfun drving me crazy..
[12:47:55] *** Joins: WebIRC2227 ([email protected])
[12:48:09] <WebIRC2227> feedme is down. Could you fix it?
[12:48:19] <leonidaz0r> hi @[SpamAndHex]KT 
[12:49:10] *** Joins: BrainInAJar ([email protected])
[12:50:17] <gynophage> mourn: We have a working exploit for badger that we just tested against all availability regions.
[12:50:21] *** Quits: breadsticks ([email protected]) (Ping timeout: 252 seconds)
[12:50:36] <gynophage> WebIRC2227: Looking at feedme.
[12:50:52] <gynophage> feedme us-east was under excessive load.
[12:50:54] <gynophage> Should be working.
[12:52:06] <espes__> gynophage: now you tell us
[12:52:14] <mourn> gynophage: ok, i'll try harder
[12:52:52] <gynophage> espes__: most teams had working open();read();write() payloads. You *could* have figured it out with those. Or not just leaned on ROPgadget.py's broken ass shell code.
[12:53:17] *** Joins: PPRCHBC_hex ([email protected])
[12:53:22] <WebIRC2227> it's hard to solve feedme with this lag
[12:53:33] <gynophage> "Hard"
[12:53:40] <dave0x6d> gynophage: or radare2
[12:53:47] <gynophage> OHH MAN GUISE, IT'S SO FUCKING HARD TO LET A SCRIPT RUN
[12:54:12] *** Joins: zzoru ([email protected])
[12:54:38] <gynophage> sirgoon's doing yard work.
[12:54:46] <gynophage> He laughs at your silly script runtimes.
[12:54:58] <PPRCHBC_hex> kinda new to this, this isn't like the other two CTFs I've done, how are we supposed to open the files? Notepad is mostly garbage with a little text
[12:55:24] *** Joins: breadsticks ([email protected])
[12:55:48] *** Quits: WebIRC87118 ([email protected]) (Client Quit)
[12:56:03] *** Joins: WebIRC57496 ([email protected])
[12:56:24] <dave0x6d> PPRCHBC_hex: any hex editor.
[12:56:35] <SallyCroak> just rename the files and add a .exe and you can run them
[12:56:36] <[SpamAndHex]KT> <leonidaz0r>: hey :)
[12:56:43] <PPRCHBC_hex> ookay, thanks dave
[12:56:46] <dave0x6d> SallyCroak: how do i do that on mac?
[12:56:52] <gynophage> PPRCHBC_hex: What did you play before?
[12:57:00] <dave0x6d> gynophage: web stuff I assume
[12:57:07] <PPRCHBC_hex> pactf and a little bit of hsctf
[12:57:14] <PPRCHBC_hex> didn't get very far but it was fun
[12:57:25] <SallyCroak> oh, I think most of these are for windows 98. at least that's what I'm using
[12:57:51] <dave0x6d> afaik this is the most popular hex editor on Windows? https://www.x-ways.net/winhex/
[12:57:55] <PPRCHBC_hex> time for a virtual machine then..
[12:57:59] <PPRCHBC_hex> thanks dave
[12:58:04] <dave0x6d> PPRCHBC_hex: no, you don't need a VM for this.
[12:58:09] <dave0x6d> what OS are you running?
[12:58:17] <PPRCHBC_hex> he said most of it was for windows98
[12:58:25] <dave0x6d> he was joking.
[12:58:25] <PPRCHBC_hex> I'm on Windows 10
[12:58:32] <PPRCHBC_hex> oh...
[12:58:35] <dave0x6d> there is definitely hex editors for windows 10.
[12:58:52] *** Quits: WebIRC57496 ([email protected]) (Client Quit)
[12:58:53] <SallyCroak> you just need 88 more windows if you've already got 10
[12:59:03] *** Joins: digitalseraphim ([email protected])
[12:59:05] <PPRCHBC_hex> darn
[12:59:17] <PPRCHBC_hex> I guess I'll need to install some more ram then
[12:59:23] <dave0x6d> why not download it?
[12:59:37] <PPRCHBC_hex> good idea
[12:59:41] <dave0x6d> http://downloadmoreram.com/
[12:59:47] <PPRCHBC_hex> lol
[12:59:57] <gynophage> lololol
[13:00:03] <gynophage> "Segfault at 0 in /bin/sh"
[13:00:10] <gynophage> STAHP
[13:00:12] *** Joins: WebIRC58077 (~a29@2601:14c:4400:32cf:bc5c:15b:a43:5db5)
[13:00:24] <dave0x6d> gynophage: stop mocking us :p
[13:00:38] <gynophage> execve("/bin/sh", NULL, NULL) will do that.
[13:00:53] <gynophage> execve("/bin/sh", "/bin/sh", NULL) is love, execve("/bin/sh", "/bin/sh", NULL) is life.
[13:01:28] <[w33]Luwenth> I am slowly getting to enjoy radare2.  save me. 
[13:01:31] <tylerni7> execve("/bin/sh", "/bin/sh", "/bin/sh", "/bin/sh", NULL), just to be safe
[13:01:36] <hj> to be fair shouldn't it be execve("/bin/sh", {"/bin/sh", NULL}, NULL)
[13:02:42] <xiao> radare2 is the best, colorblind people wouldn't understand.
[13:03:05] <[w33]Luwenth> I'm so old my monitor is B&W, I didn't know it had colors *cries*
[13:03:33] <tylerni7> colorblind people can understand binary ninja, it has a color-blind mode
[13:03:48] *** Joins: lolz ([email protected])
[13:04:08] <[w33]Luwenth> wut is binary ninja?  binary.ninja?
[13:04:14] <xiao> They will never know the pleasure of holding in "R" in visual mode
[13:04:50] <gynophage> [w33]Luwenth: Binary.ninja is pretty cool.
[13:04:54] <dave0x6d> it is indeed.
[13:05:04] <dave0x6d> it works on baby-re nicely.
[13:05:11] <gynophage> SUPER nicely.
[13:05:16] <xiao> >Please complete the security check to access binary.ninja
[13:05:18] <dave0x6d> doesn't make my eyes bleed either.
[13:05:21] <xiao> Much security.
[13:05:35] <dave0x6d> xiao: cloudflare, no?
[13:05:49] <xiao> Yes
[13:05:53] <gynophage> psifertex: Looks like you're about to get some beta requests. :-p
[13:05:58] *** Joins: rr ([email protected])
[13:06:10] *** Joins: Algo ([email protected])
[13:06:13] <gynophage> verylazyguy: Complete scoreboard view no longer requires authentication.
[13:06:37] *** Joins: selir ([email protected])
[13:06:53] <[w33]Luwenth> Hahahah... it does look sweet. :)
[13:06:58] *** gynophage sets mode: +o selir
[13:07:52] <sirgoon> selir!
[13:07:56] *** ChanServ sets mode: -vvvv zardus psifertex tylerni7 verylazyguy
[13:07:57] *** ChanServ sets mode: -vvvo magichands computerality bmc thing2
[13:07:57] -ChanServ- gynophage set flags +O on selir
[13:07:57] *** ChanServ sets mode: -v sewilton
[13:09:12] *** Quits: PPRCHBC_hex ([email protected]) (Client Quit)
[13:11:58] *** Joins: lenerd ([email protected])
[13:12:05] <vito> i get a bit weirded out when i see gynophage typing but nothing shows up here
[13:12:58] <dave0x6d> vito: he's rooting your box.
[13:13:21] <gynophage> He could punch me.
[13:13:33] <gynophage> I'm sitting like 2 feet from him.
[13:13:37] <dave0x6d> you could punch him first.
[13:13:52] <dave0x6d> better to be safe then sorry.
[13:14:05] <gynophage> But I like him. He's pretty cool.
[13:14:12] <gynophage> And he makes there be a scoreboard.
[13:14:21] <vito> and chairs 
[13:14:52] <gynophage> I'm still sitting on a square toilet.
[13:16:08] <dave0x6d> not for long!
[13:17:09] <dave0x6d> what the hell, I can't make forks private on github?
[13:17:32] <vito> you can if you sever the link
[13:17:35] *** Joins: rms ([email protected])
[13:17:39] <vito> i.e. clone it locally and push it to a new private repo
[13:17:52] <stypr> omg
[13:17:57] <heapheap> is there serious problem for me, if i can't solve heapfun4u during last 17 hours?
[13:18:18] <dave0x6d> vito: yeah I know, but I wanted to be lazy since I'm going to be making a PR tomorrow.
[13:19:04] *** Quits: WebIRC70190 ([email protected]) (Client Quit)
[13:20:10] <vito> oh and make the fork public tomorrow?
[13:20:13] <vito> then just don't push it i guess
[13:20:18] <vito> or push it to a new forked repo
[13:20:21] <[w33]Luwenth> heapheap: No more than my serious problem looking at feedme and understanding what I am going to need to do, but still being unable to figure it out since last night.  
[13:20:27] <[w33]Luwenth> I'll get it, maybe next week though.
[13:20:31] <vito> git's nice because of immutable storage like that
[13:20:49] <[w33]Luwenth> (I'm also learning new tools, because I never get time between these quals to actuall go learn more of this stuff *cries some more*
[13:21:04] <dave0x6d> should I be calling my write-ups defcon2016-quals, or should I refer to them as legitbs2016?
[13:22:26] <vito> former's a good choice
[13:22:32] *** Quits: rr ([email protected]) (Client Quit)
[13:22:34] <vito> this won't be the only game we run this year
[13:22:45] *** Joins: ak ([email protected])
[13:23:06] <[w33]Luwenth> vito: oh?   That sounds good...
[13:23:19] <vito> because we run one in august too
[13:23:28] <gynophage> SPOILERS: ITS IN VEGAS
[13:23:52] <vito> lol he literally just said he wasn't gonna be a dick
[13:23:54] <[w33]Luwenth> Dammit.  I thought you meant another quals
[13:24:01] <gynophage> It kinda is.
[13:24:04] <gynophage> For 2017 finals.
[13:24:05] *** Quits: add1ct ([email protected]) (Ping timeout: 252 seconds)
[13:24:09] <[w33]Luwenth> bitch :)
[13:24:32] <vito> https://scienceissexydotcom.files.wordpress.com/2014/03/tim-and-eric_mind-blown_sis1.gif
[13:24:33] *** Joins: nizzedd (er@2001:470:5a98:11:995b:a999:5fa4:1699)
[13:24:47] * gynophage slaps [w33]Luwenth around a bit with a large crocodile shark
[13:24:52] <vito> http://25.media.tumblr.com/015b90b4b557896bf8c04f0e3cc1d1ec/tumblr_mgp533fVam1rt8i4vo1_500.gif
[13:26:19] <[w33]Luwenth> Oh!  Cute little crocosharkie!
[13:27:07] <gynophage> irc cloud doesn't use large trout?
[13:27:12] *** Parts: nizzedd (er@2001:470:5a98:11:995b:a999:5fa4:1699) ()
[13:27:33] * gynophage slaps me around a bit with a large squarehead catfish
[13:27:35] * gynophage slaps me around a bit with a large swampfish
[13:27:35] * gynophage slaps me around a bit with a large stickleback
[13:27:38] <gynophage> Dumb.
[13:27:45] *** Quits: w0 ([email protected]) (Ping timeout: 252 seconds)
[13:30:15] *** Quits: WebIRC2227 ([email protected]) (Client Quit)
[13:30:31] * vito slaps bass around a bit with a large blackchin
[13:30:43] <vito> playing the seinfeld theme with a large blockchain
[13:31:28] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[13:31:29] <BrainInAJar> so the next note takes at least 60 seconds to be confirmed before you can play it
[13:31:58] <vito> takes you twenty minutes to get good confirmation for skull trumpet
[13:32:05] <gynophage> BrainInAJar: I mean, you've had 1 month.
[13:32:08] <gynophage> Or 2?
[13:32:08] <vito> and uses more electricity than las vegas does in a year
[13:32:24] <gynophage> Since April 1.
[13:33:16] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[13:33:37] *** Joins: tyega ([email protected])
[13:33:39] <gynophage> Ohh wow, completely miss that.
[13:33:41] <gynophage> missed*
[13:33:44] <gynophage> whoosh.
[13:33:44] *** Quits: tyega ([email protected]) (Remote host closed the connection)
[13:34:02] *** Joins: w0 ([email protected])
[13:35:55] *** Joins: Mutter ([email protected])
[13:35:58] *** Joins: BitK ([email protected])
[13:36:29] *** Mutter is now known as anothermother
[13:37:45] *** Quits: anothermother ([email protected]) (Remote host closed the connection)
[13:38:01] *** Quits: autolycos ([email protected]) (Client Quit)
[13:38:09] <Murmus> that skip was amazing
[13:38:18] *** Quits: kkk ([email protected]) (Client Quit)
[13:40:19] *** Joins: WebIRC70190 ([email protected])
[13:40:36] *** Joins: tyega ([email protected])
[13:40:36] *** Joins: stuart091 ([email protected])
[13:40:58] <[w33]Luwenth> 'mouth silence' is a good name for this album.   He should have practiced that while recording it.
[13:41:35] <vito> you take that back you bastard
[13:42:05] <vito> it's the sequel to mouth sounds, the album in which he imagined a world where all music was smash mouth
[13:42:16] <vito> (mouth silence imagines a world where smash mouth never existed)
[13:43:42] *** Quits: jawaharlal ([email protected]) (Client Quit)
[13:44:27] <Lightning> we have such a wide and varied view of things to play
[13:44:35] <Lightning> 3 DJs rotating makes it interesting
[13:45:07] <[w33]Luwenth> Yeah, this is almost as entertaining as my pandora playlist which is a bit schizophrenic.
[13:45:15] <dave0x6d> dear god, I timed my solution for baby-re and it takes frigging 8 minutes.
[13:45:36] <[w33]Luwenth> If it get's 'er done, who cares? :) 
[13:45:45] <Lightning> i’m resisting from adding random annoying videos like nyan cat
[13:45:59] <Lightning> afraid hoju will slap my hands and remove DJ
[13:46:02] <gynophage> dave0x6d: Stop obsessing. The past is past.
[13:46:40] <dave0x6d> gynophage: hah true, I'm throwing my code in an examples repo though. Whatever I guess. =) 
[13:47:03] *** Joins: t1deman ([email protected])
[13:47:06] *** Parts: t1deman ([email protected]) ()
[13:47:09] *** Joins: t1deman ([email protected])
[13:47:55] <[w33]Luwenth> You can always put a typical 'optimization is left as an exercise for the reader' math-teacher style.
[13:49:53] <gynophage> A 6 minute solve beats most of the solve times for the challenge.
[13:50:06] <gynophage> So, why?
[13:50:21] *** Joins: cd80 ([email protected])
[13:50:32] <cd80> whom should i ask for badger?
[13:50:34] *** Quits: zzoru ([email protected]) (Ping timeout: 252 seconds)
[13:50:34] <dropkick> shit where has music.legitbs.net been my whole life
[13:50:54] <Lightning> hope you are enjoying the random assortment of 3 DJs that don’t agree :)
[13:51:29] <gynophage> cd80: What's up?
[13:51:39] <cd80> will pm, thanks
[13:52:07] *** Quits: tyega ([email protected]) (Remote host closed the connection)
[13:55:54] *** Joins: bic ([email protected])
[13:56:08] *** Quits: ling ([email protected]) (Remote host closed the connection)
[13:56:29] *** Quits: bic ([email protected]) (Client Quit)
[13:56:30] *** Joins: ling ([email protected])
[13:57:38] *** Quits: okaji39 ([email protected]) (Client Quit)
[13:58:11] <Lightning> food arrived, we are all going to eat and ignore you peeps :)
[13:58:45] *** Joins: WebIRC57496 ([email protected])
[13:59:01] <[w33]Luwenth> I love this track!!! :) 
[13:59:05] <[w33]Luwenth> spaghetti!
[14:00:59] *** Quits: WebIRC57496 ([email protected]) (Client Quit)
[14:01:54] *** Joins: kalax ([email protected])
[14:03:41] <Lightning> i couldnt resist
[14:04:15] *** Joins: tyega ([email protected])
[14:05:41] *** Joins: WebIRC57496 ([email protected])
[14:06:20] *** Quits: rhydis ([email protected]) (Ping timeout: 252 seconds)
[14:08:20] <dropkick> how the shit do these ppl not die laughing while performing
[14:08:39] <Lightning> they all got it out months before :)
[14:09:43] *** Joins: anotherctfer ([email protected])
[14:11:16] <[SpamAndHex]KT> any tip on running time_sink without getting access violations?
[14:11:30] <gynophage> [SpamAndHex]KT: Don't run it in Wine?
[14:11:38] <[SpamAndHex]KT> i am running on Windows 7
[14:11:42] <gynophage> VM?
[14:11:47] <[SpamAndHex]KT> yep
[14:11:49] *** Quits: tyega ([email protected]) (Remote host closed the connection)
[14:11:50] <gynophage> lol
[14:11:53] <gynophage> Don't do that either.
[14:11:53] <anotherctfer> when I run badger I get: "Couldn't get peername: Socket operation on non-socket"
[14:12:05] <gynophage> anotherctfer: Are you running it locally? Is stdin a socket?
[14:12:08] <[SpamAndHex]KT> gynophage: will it format my harddrive? :D
[14:12:15] <anotherctfer> lol
[14:12:20] <Lightning> it is a time sink…
[14:12:22] <gynophage> [SpamAndHex]KT: It requires DX11. I promise you it doesn't have any malicious code.
[14:12:44] <gynophage> We're not fucking DC949.
[14:12:48] * gynophage rolls his eyes
[14:12:50] <anotherctfer> lmao
[14:13:19] <gynophage> I mean, I'm having fun popping X windows on people's boxes, but that's because they're setting xhost +...
[14:13:26] <[SpamAndHex]KT> thx :D
[14:13:34] <gynophage> Running?
[14:15:41] *** Joins: autolycos ([email protected])
[14:16:53] <anotherctfer> is there something I need to include to get badger to run for peername?
[14:17:08] <scifi> who  can i ask about time sink chall ??
[14:17:37] *** Quits: aradia ([email protected]) (Ping timeout: 252 seconds)
[14:17:44] *** Joins: rhydis ([email protected])
[14:17:49] <gynophage> anotherctfer: Yes. stdin needs to be a socket.
[14:18:03] <anotherctfer> ok
[14:18:14] <anotherctfer> thanks!
[14:18:27] <[SpamAndHex]KT> <gynophage> sadly no, it does not crash on a real PC, but it does not do anything
[14:18:33] <Lightning> scifi: what about it?
[14:18:37] <Lightning> you can pm if need be
[14:18:42] <gynophage> [SpamAndHex]KT: Got DX11?
[14:19:37] *** Quits: autolycos ([email protected]) (Client Quit)
[14:19:51] <[SpamAndHex]KT> dxdiag says i have
[14:20:55] *** Joins: aradia ([email protected])
[14:21:24] <gynophage> Chat with Lightning 
[14:21:32] *** Parts: hexa- (~hexa-@freifunk/darmstadt/hexa-) (WeeChat 1.5)
[14:23:10] *** Quits: kalax ([email protected]) (Client Quit)
[14:24:30] *** Quits: WebIRC70842 (~7d1@2001:67c:10ec:52c7:8000::11d2) (Client Quit)
[14:26:00] <computerality> is easier down?
[14:27:40] <gynophage> computerality: Restarted in all ARs.
[14:27:57] <computerality> thnx
[14:28:23] *** Joins: joemalone ([email protected])
[14:29:31] <gynophage> computerality: Thanks for the heads up.
[14:30:06] *** Joins: mandlebro (~ben@2001:690:2100:1b:4450:4ae:18d5:2041)
[14:30:55] <nwx> every. single. ctf... https://imgur.com/4VHlKTq
[14:31:20] *** gynophage sets mode: +b IceGuest_78!*@*
[14:31:25] *** IceGuest_78 was kicked by gynophage (IceGuest_78)
[14:31:27] <vito> IceGuest_78 is so low energy. Needs help for xkcd. Sad!
[14:31:47] <gynophage> You're not the first to report that.
[14:31:56] <soen> justice is swift and hilarious
[14:32:58] <mandlebro> hey guys 
[14:33:00] <mandlebro> wat up
[14:33:19] *** Joins: daniel-wer ([email protected])
[14:33:20] <Lightning> hi mandlebro 
[14:34:08] <mandlebro> any crypto challs coming up?
[14:34:47] *** Quits: nebel ([email protected]) (Read error: No route to host)
[14:34:53] <gynophage> easier
[14:36:45] *** Quits: ling ([email protected]) (Remote host closed the connection)
[14:37:06] *** Joins: ling ([email protected])
[14:40:26] *** Quits: packetwalker ([email protected]) (Ping timeout: 252 seconds)
[14:41:35] <vito> AAAAUUUUGGGGHHHHH
[14:42:21] *** Joins: jhuzlxw ([email protected])
[14:42:32] *** Joins: dahlukeh ([email protected])
[14:44:23] *** Quits: ecto_ ([email protected]) (Client Quit)
[14:44:29] *** Quits: WebIRC72005 ([email protected]) (Client Quit)
[14:46:59] *** Joins: WebIRC7032 ([email protected])
[14:47:01] *** Joins: zzoru ([email protected])
[14:47:09] *** WebIRC7032 is now known as nerder[fuffateam]
[14:47:34] *** Joins: TMT ([email protected])
[14:47:58] <Murmus> aw, am I not doing well enough to have people asking me for flags?
[14:48:27] <gynophage> If you have to ask...
[14:48:29] *** Joins: WebIRC15955 ([email protected])
[14:49:23] <mx_> Murmus: what's the flag of jamaica?
[14:49:25] <dave0x6d> what's the twitter handle again for the competition?
[14:49:33] <Murmus> ooh, I know this one.
[14:49:36] <Murmus> It's green, right?
[14:49:45] <dave0x6d> with colors right?
[14:49:50] <Murmus> yeah, like that
[14:49:52] <mx_> it has green in it, almost there!
[14:50:13] *** Quits: WebIRC81467 (~7d1@2001:67c:10ec:52c7:8000::2ee) (Client Quit)
[14:50:41] <vito> dave0x6d: is it legitbs_ctf ?
[14:52:11] *** Joins: WebIRC7202 ([email protected])
[14:53:07] *** Joins: WebIRC87118 ([email protected])
[14:53:36] *** Joins: Pyxel ([email protected])
[14:53:47] <dave0x6d> thanks.
[14:55:04] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[14:55:50] *** Quits: zzoru ([email protected]) (Ping timeout: 252 seconds)
[14:55:59] <Lightning> i think we are heading down the weird video avenue
[14:56:18] <gynophage> TOOT TOOT
[14:56:35] <SallyCroak> it's about time, I'm tired of the boring vids
[14:57:03] <ReidB> Any hints for catwestern?
[14:57:06] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[14:57:54] *** Joins: stick_ ([email protected])
[14:58:08] <gynophage> ReidB: You did it wrong. It's cat western
[14:58:19] <gynophage> Make sure you have a file named western in the current directory.
[14:58:25] <ReidB> Damn it, that fixed it, thanks!
[14:58:29] *** Joins: hexife ([email protected])
[14:58:43] <SallyCroak> that makes so much more sense! I thought it was catwe stern
[14:59:22] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[14:59:37] *** Joins: vap0r ([email protected])
[14:59:52] <gynophage> No, we've got a howard stern binary.
[15:00:07] <gynophage> I can see how it's confusing, catwe is howard in spanish.
[15:00:36] *** Quits: stick ([email protected]) (Ping timeout: 252 seconds)
[15:01:59] <SallyCroak> what a coincidence, since spanish is catwe in howard too
[15:02:38] *** Parts: Celelibi ([email protected]) ()
[15:02:39] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[15:03:08] <SallyCroak> and we seem to have made a turn, cause this doesn't look like a weird video
[15:03:34] * Lightning chuckles
[15:03:42] <Lightning> i’m up next
[15:05:50] <Murmus> of course this is what you choose
[15:06:19] <Lightning> you want more weird?
[15:06:22] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[15:06:30] <gynophage> This is the strangest prom I've ever seen.
[15:06:48] <ReidB> Lightning: Always and forever <3
[15:06:48] *** Quits: WebIRC24794 ([email protected]) (Client Quit)
[15:07:22] <Murmus> here we go
[15:07:38] <SallyCroak> not as good as the death metal version
[15:08:13] *** Quits: w0 ([email protected]) (Ping timeout: 252 seconds)
[15:08:14] *** Joins: WebIRC35378 ([email protected])
[15:08:21] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[15:08:50] <Lightning> want more japanese gameshow stuff?
[15:09:35] <gynophage> So much for "release the hard shit early"
[15:09:53] *** Quits: ling ([email protected]) (Remote host closed the connection)
[15:10:01] *** Quits: WebIRC35378 ([email protected]) (Client Quit)
[15:10:07] *** Joins: w0 ([email protected])
[15:10:35] <SallyCroak> Lightning: https://www.youtube.com/watch?v=pi00ykRg_5c
[15:10:51] <Lightning> gyno put the last one on :)
[15:12:19] <tylerni7> pm about badger?
[15:12:21] <tylerni7> who should I ask
[15:13:26] <tylerni7> sirgoon: you around?
[15:14:11] <tylerni7> or gynophage ?
[15:14:24] <ltfish> time sink is a real time sink...
[15:14:24] <gynophage> What you wanna know?
[15:14:31] <tylerni7> gynophage: can I pm?
[15:14:36] <gynophage> Certainly.
[15:17:04] *** Joins: [SaH]NGG ([email protected])
[15:18:05] <gynophage> If you think you pwned badger, we had the wrong key in the database.
[15:18:39] *** Joins: teooo ([email protected])
[15:19:18] *** Quits: KALRONG ([email protected]) (Ping timeout: 252 seconds)
[15:19:55] <Lightning> such a hard decision… what to open….
[15:20:02] <ltfish> CGC!
[15:20:08] *** Quits: vap0r ([email protected]) (Client Quit)
[15:20:49] <Lightning> all this wasted time when a new challenge could be started
[15:21:20] <gynophage> ANNNNNND PPP gets control over the scoreboard again.
[15:21:24] <gynophage> Which one will they take?
[15:21:32] *** Joins: stick ([email protected])
[15:22:20] <gynophage> Woo! CGC Opened.
[15:22:23] <gynophage> This should go quickly.
[15:23:18] *** Joins: n2n ([email protected])
[15:24:04] *** Joins: stick__ ([email protected])
[15:24:43] *** Quits: stick_ ([email protected]) (Ping timeout: 252 seconds)
[15:25:00] *** Quits: Pyxel ([email protected]) (Client Quit)
[15:26:17] * Lightning chuckles
[15:26:55] *** Quits: stick ([email protected]) (Ping timeout: 252 seconds)
[15:27:00] <SallyCroak> Lightning: out of videos already? we saw this a few hours ago
[15:27:02] *** Quits: teooo ([email protected]) (Client Quit)
[15:27:14] <Lightning> some people were sleeping so i pulled it back up
[15:27:41] <Murmus> doing this one hourly?
[15:28:41] *** Quits: dapan ([email protected]) (Client Quit)
[15:28:43] <Lightning> no, did it this morning and a lot were sleeping, so threw it back up. might maybe do it tonight if i care enough
[15:29:10] *** Quits: WebIRC19244 ([email protected]) (Client Quit)
[15:29:56] *** Joins: dapan ([email protected])
[15:31:13] <dave0x6d> well r2 is flipping out over xkcd.
[15:31:47] *** Joins: insaida ([email protected])
[15:32:48] *** Quits: n2n ([email protected]) (Client Quit)
[15:32:57] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[15:33:09] <Murmus> just replaying everything, aren't we?
[15:35:01] *** Joins: KALRONG ([email protected])
[15:35:04] *** Quits: stuart091 ([email protected]) (Ping timeout: 252 seconds)
[15:35:27] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[15:38:35] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[15:39:34] *** Joins: stick ([email protected])
[15:40:28] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[15:41:30] *** Joins: john ([email protected])
[15:42:07] *** Joins: stick_ ([email protected])
[15:42:09] *** Joins: WebIRC58876 ([email protected])
[15:42:19] *** Quits: stick__ ([email protected]) (Ping timeout: 252 seconds)
[15:42:41] <Murmus> why is this called a wrong gig?
[15:42:50] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[15:42:55] <Lightning> look at the drummer
[15:43:01] *** Quits: WebIRC58876 ([email protected]) (Client Quit)
[15:43:05] <Lightning> if you weren’t paying attention that is
[15:43:35] *** Joins: opss ([email protected])
[15:43:49] <opss> will be any hints for persky released? This challenge is killing me :o
[15:43:59] <Murmus> I mean, he was super into it
[15:44:04] <Murmus> but that seems like a good thing?
[15:44:32] <vito> opss: almost a hundred solves on that one, so don't count on it
[15:44:38] <Lightning> you mean prasky?
[15:44:46] <opss> yeah, sorry for typo
[15:44:51] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[15:45:05] <gynophage> Tick tock PPP.
[15:45:09] <gynophage> tylerni7: ^
[15:45:13] <opss> just stuck on nowhere for like 5 hours of trying to solve it :x
[15:45:19] <[SaH]NGG> What's the goal for the CGC challenges? Should it just crash or should we set EIP to something special or what?
[15:45:20] *** Quits: stick ([email protected]) (Ping timeout: 252 seconds)
[15:45:43] <tylerni7> gynophage: I don't get it, it's not like you care about opening stuff up quickly
[15:45:48] <tylerni7> :P
[15:45:59] <vito> [SaH]NGG: https://cgc-docs.legitbs.net/
[15:46:29] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[15:46:43] *** Joins: shellphishuser (~a2d@2605:e000:1c0d:c04c:63c0:349c:13cf:1af3)
[15:46:44] <vito> the quick version is submit a CFE-style PoV
[15:46:58] <vito> https://cgc-docs.legitbs.net/cgc-release-documentation/walk-throughs/understanding-cfe-povs/
[15:46:58] *** Joins: stick__ ([email protected])
[15:47:21] *** Quits: WebIRC87118 ([email protected]) (Client Quit)
[15:47:34] *** gynophage changes topic to 'http://music.legitbs.net | Point values: https://twitter.com/LegitBS_CTF/status/733807024652193793 | Make CTF Great Again | https://2016.legitbs.net/scoreboard/complete | pwnables have busybox -> /bin/sh. Your execve shell code is probably broken. | CGC Category - https://cgc-docs.legitbs.net/cgc-release-documentation/walk-throughs/understanding-cfe-povs/'
[15:47:34] *** Quits: jhuzlxw ([email protected]) (Remote host closed the connection)
[15:47:50] <vito> gynophage: ay just post notices for those
[15:47:55] <vito> nobody reads more than ten words of topic
[15:48:43] <opss> what is CGC category?
[15:49:45] <Lightning> opss: go see our blog posts, blog.legitbs.net
[15:49:56] <hellman> what is pwn category??
[15:50:06] *** Quits: stick_ ([email protected]) (Ping timeout: 252 seconds)
[15:50:08] <BrainInAJar> what is reverse engineering you guys?
[15:50:21] <SallyCroak> any hints for the web challenge?
[15:50:22] *** Joins: stick ([email protected])
[15:50:25] <BrainInAJar> haha
[15:50:30] <Lightning> i’m digging for old videos now
[15:50:35] *** Quits: nerder[fuffateam] ([email protected]) (Client Quit)
[15:52:00] *** Joins: WebIRC87118 ([email protected])
[15:52:01] *** Joins: zzoru ([email protected])
[15:52:26] *** Joins: stick_ ([email protected])
[15:52:40] *** Quits: stick__ ([email protected]) (Ping timeout: 252 seconds)
[15:53:02] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[15:53:07] *** Quits: john ([email protected]) (Client Quit)
[15:54:51] *** Joins: stick__ ([email protected])
[15:55:00] *** Joins: nerder ([email protected])
[15:55:06] <dave0x6d> huh, is xkcd supposed to be really easy? I feel like I'm overlooking something.
[15:55:31] *** Quits: stick ([email protected]) (Ping timeout: 252 seconds)
[15:55:43] <gynophage> dave0x6d: Yes.
[15:55:54] <nerder> for b3s23 why the binary is provided?
[15:56:06] *** Quits: marcof ([email protected]) (Client Quit)
[15:56:12] <nerder> it's suppose to be a coding challs or a reverse?
[15:56:15] *** Quits: BrainInAJar ([email protected]) (Client Quit)
[15:56:30] <gynophage> nerder: It's an oracle so you don't have to guess what happens to your input buffer.
[15:56:42] <gynophage> We don't want you to bang our server throwing random bullshit at it.
[15:57:13] <gynophage> You can reverse it. Or google b3s23. Either will give you a pretty good idea of what it does.
[15:58:04] *** Joins: stick ([email protected])
[15:58:05] *** Quits: stick_ ([email protected]) (Ping timeout: 252 seconds)
[16:00:00] *** Joins: stick_ ([email protected])
[16:00:15] <hoju> legit bs smokin meat everyday http://i.imgur.com/wdY4s0X.jpg
[16:00:17] *** Quits: stick__ ([email protected]) (Ping timeout: 252 seconds)
[16:00:24] *** Quits: zzoru ([email protected]) (Ping timeout: 240 seconds)
[16:00:28] <dave0x6d> [19:56:01] <gynophage> We don't want you to bang our server
[16:00:31] <dave0x6d> who are you to judge?
[16:00:58] *** Quits: dapan ([email protected]) (Client Quit)
[16:01:16] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[16:01:22] *** Joins: gym (~S_a_H][email protected])
[16:01:26] *** Joins: dapan ([email protected])
[16:02:16] <hj> we don't want our server to catch anything from you nasty people
[16:02:32] *** Joins: stick__ ([email protected])
[16:02:51] *** Quits: stick ([email protected]) (Ping timeout: 252 seconds)
[16:03:11] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[16:03:28] <gynophage> Crippled is to be updated soon. It's missing a version with a banner. The banner provides a small hint as to how to interact with it.
[16:03:49] <dave0x6d> hj: wow, so just because I use a fuzzer you assume I have something?
[16:03:53] <gynophage> Lightning will update when that's in place.
[16:04:09] <gynophage> dave0x6d: Fuzzer? That's like wearing a raincoat in the shower.
[16:04:13] <hj> spreading your data around like its everyones business i bet you do
[16:04:25] *** Joins: john ([email protected])
[16:04:27] <dave0x6d> i am open minded about my data.
[16:04:28] <hj> do you even https bro
[16:04:37] <dave0x6d> why would I use https? I have nothing to hide.
[16:04:47] *** Quits: arbiter_ ([email protected]) (Client Quit)
[16:05:47] *** Quits: stick_ ([email protected]) (Ping timeout: 252 seconds)
[16:06:52] <Lightning> crippled is updated, banner now has usable example. was in the repo but never made it to master, sorry about that
[16:06:58] *** Quits: rhydis ([email protected]) (Ping timeout: 252 seconds)
[16:07:22] <dave0x6d> oh, this takes input on stdin
[16:07:31] <Ymgve> which admin is responsible for time sink?
[16:07:38] <gynophage> Lightning
[16:07:39] * Lightning raises their hand
[16:08:10] * dave0x6d smacks Lightning's hand down.
[16:08:13] <dave0x6d> ssshhhhh.
[16:08:16] <dave0x6d> no hints :p
[16:08:30] *** Quits: shellphishuser (~a2d@2605:e000:1c0d:c04c:63c0:349c:13cf:1af3) (Client Quit)
[16:09:40] *** Quits: WebIdodo ([email protected]) (Client Quit)
[16:09:42] *** Joins: john` ([email protected])
[16:09:54] *** Quits: john ([email protected]) (Client Quit)
[16:10:16] *** Joins: WebIdodo ([email protected])
[16:10:39] *** Quits: WebIRC87118 ([email protected]) (Client Quit)
[16:14:42] *** Quits: opss ([email protected]) (Client Quit)
[16:15:00] <withzombies> do i need to submit a type2 pov?
[16:15:51] *** Joins: IceGuest_78_ ([email protected])
[16:16:47] <Lightning> i’m poking the others, they aren’t paying attention
[16:17:12] <Lightning> I COULDNT RESIST
[16:17:15] <Murmus> ooooh.
[16:17:17] <Murmus> booo
[16:19:22] <gynophage> withzombies: result = subprocess.call(['/usr/local/bin/cb-test', '--negotiate', '--xml', pov_filename, '--directory', path, '--failure_ok', '--should_core', '--cb', cb])
[16:19:33] <withzombies> okay
[16:19:48] *** Joins: toomanybananas ([email protected])
[16:20:01] <gynophage> I think some of the others in the category force you down a path.
[16:20:13] <toomanybananas> Are we supposed to submit our CGC povs in xml form?
[16:20:39] *** Joins: stick ([email protected])
[16:20:50] <gynophage> toomanybananas: I *think* it'll do either. We throw C-style POVs.
[16:20:58] <gynophage> (Compiled)
[16:21:05] <toomanybananas> Okay, thanks
[16:21:42] <anotherctfer> POV makes me laugh everytime, still referencing something else in my brain
[16:21:49] <gynophage> The --xml is just...poorly named.
[16:21:57] * gynophage grumbs at bmc
[16:23:07] *** Joins: Guest40 ([email protected])
[16:23:23] *** Quits: stick__ ([email protected]) (Ping timeout: 252 seconds)
[16:23:47] *** Joins: WebIRC24794 ([email protected])
[16:24:47] *** Quits: anotherctfer ([email protected]) (Client Quit)
[16:24:53] *** Quits: Guest40 ([email protected]) (Client Quit)
[16:25:20] *** Joins: BrainInAJar ([email protected])
[16:26:09] <[SaH]NGG> So we need to send you a cgc binary that first negotiates the pov via fd 3, and then communicates with the cb on stdin/stdout?
[16:26:24] *** Quits: john` ([email protected]) (Ping timeout: 240 seconds)
[16:26:27] *** Joins: Yogurt ([email protected])
[16:26:35] *** Joins: WebIRC12394 ([email protected])
[16:26:48] <WebIRC12394> hey, who's the author of time_sink?
[16:26:59] <Lightning> WebIRC12394: me
[16:27:27] <gynophage> [SaH]NGG: If you build a proper CGC binary and use their API, it'll negotiate.
[16:27:57] <[w33]Luwenth> someone has a fast "next" finger on the radio show
[16:28:15] <laxa> gynophage: could you say if arch is important or not on crippled ? :p
[16:28:29] <Lightning> laxa: it’s 32bit
[16:28:33] <laxa> ok thanks
[16:29:03] <gynophage> [SaH]NGG: nm, xml does it. If you write it from scratch in C, you have to negotiate on C by hand.
[16:30:19] *** Quits: nerder ([email protected]) (Client Quit)
[16:30:45] *** Joins: nerder ([email protected])
[16:31:21] *** Joins: rabidwh0re ([email protected])
[16:32:21] *** Quits: dapan ([email protected]) (Client Quit)
[16:32:22] *** Quits: nerder ([email protected]) (Client Quit)
[16:32:54] *** Quits: WebIRC24794 ([email protected]) (Client Quit)
[16:33:02] *** Joins: nerder ([email protected])
[16:33:06] *** Joins: rffdtdtdtrdtrrth ([email protected])
[16:34:30] *** Quits: rffdtdtdtrdtrrth ([email protected]) (Client Quit)
[16:34:45] *** Joins: dapan ([email protected])
[16:35:59] *** Quits: null ([email protected]) (Client Quit)
[16:36:14] *** Joins: stick_ ([email protected])
[16:38:41] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[16:39:09] *** Quits: stick ([email protected]) (Ping timeout: 252 seconds)
[16:39:34] *** Quits: WebIRC12394 ([email protected]) (Client Quit)
[16:39:53] *** Quits: WebIRC7202 ([email protected]) (Client Quit)
[16:40:42] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[16:41:21] <vito> psifertex: hey why can't i pinch-zoom in binary ninja
[16:43:13] <Gynvael> qq, is crippled being changed on the fly?
[16:43:21] <[w33]Luwenth> just because: http://worldsbiggestpacman.com/
[16:43:43] <Gynvael> it seems to behave differently than it did some time ago ^_-
[16:44:14] *** Joins: nebel ([email protected])
[16:44:20] *** Quits: nebel ([email protected]) (Client Quit)
[16:44:43] *** Quits: WebIRC57496 ([email protected]) (Client Quit)
[16:45:07] *** Quits: gael (~gael@2a01:e35:2425:a090:c044:704d:566a:e782) (Client Quit)
[16:45:11] <Lightning> Gynvael: i only updated the header, the backend compiler did not change
[16:45:23] <Lightning> the header simply gave a working example 
[16:45:49] <Gynvael> Lightning: ack, thanks
[16:49:44] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[16:50:39] *** Joins: rffdtdtdtrdtrrth ([email protected])
[16:51:37] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[16:51:42] *** Quits: digitalseraphim ([email protected]) (Ping timeout: 252 seconds)
[16:52:09] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[16:52:21] *** Quits: RoMaNSoFt ([email protected]) (Ping timeout: 252 seconds)
[16:52:37] *** Quits: whateveranymore ([email protected]) (Client Quit)
[16:53:13] *** Quits: rffdtdtdtrdtrrth ([email protected]) (Client Quit)
[16:53:30] *** Joins: rffdtdtdtrdtrrth ([email protected])
[16:53:34] *** Joins: WebIRC47530 ([email protected])
[16:53:36] *** Joins: stick__ ([email protected])
[16:54:09] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[16:55:34] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[16:56:17] *** Joins: stick ([email protected])
[16:56:28] *** Quits: stick_ ([email protected]) (Ping timeout: 252 seconds)
[16:57:03] *** Joins: zzoru ([email protected])
[16:57:24] *** Quits: rffdtdtdtrdtrrth ([email protected]) (Client Quit)
[16:57:37] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[16:58:35] *** Quits: bata ([email protected]) (Client Quit)
[16:58:45] *** Joins: stick_ ([email protected])
[16:59:02] *** Quits: stick__ ([email protected]) (Ping timeout: 252 seconds)
[16:59:11] *** Quits: BrainInAJar ([email protected]) (Client Quit)
[16:59:14] <Lightning> :D
[16:59:16] *** Joins: robbje ([email protected])
[16:59:38] *** Joins: rffdtdtdtrdtrrth ([email protected])
[16:59:57] *** Quits: WebIRC47530 ([email protected]) (Client Quit)
[17:00:47] *** Joins: WebIRC70842 ([email protected])
[17:01:22] *** Joins: stick__ ([email protected])
[17:01:58] *** Quits: stick ([email protected]) (Ping timeout: 252 seconds)
[17:03:04] *** Joins: bata ([email protected])
[17:03:17] <jiggajuice> any info on protections in feedme? aslr? NX?
[17:03:57] *** Joins: WebIRC7202 ([email protected])
[17:03:58] *** Joins: stick ([email protected])
[17:04:32] *** Quits: stick_ ([email protected]) (Ping timeout: 252 seconds)
[17:04:54] <Lightning> easy things for 60 people to figure out
[17:05:33] *** Quits: zzoru ([email protected]) (Ping timeout: 252 seconds)
[17:05:54] *** Quits: dapan ([email protected]) (Client Quit)
[17:06:00] *** Joins: dapan ([email protected])
[17:06:23] *** Joins: stick_ ([email protected])
[17:07:06] *** Quits: stick__ ([email protected]) (Ping timeout: 252 seconds)
[17:07:16] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[17:08:47] *** Quits: rffdtdtdtrdtrrth ([email protected]) (Client Quit)
[17:08:51] <dave0x6d> speaking of C, Cling is the coolest thing I've found recently to test out snippets of C/C++ 
[17:08:56] <_2can> so assuming I have an xml POV, what do I do now? imma so lost
[17:09:05] <dave0x6d> it's a REPL that uses Clang for the backend.
[17:09:18] *** Quits: stick ([email protected]) (Ping timeout: 252 seconds)
[17:09:20] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[17:09:42] <gynophage> _2can: Send it up?
[17:10:09] *** Quits: WebIRC15955 ([email protected]) (Client Quit)
[17:10:12] *** Joins: [SaH]vasporig ([email protected])
[17:11:21] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[17:11:41] *** Joins: rffdtdtdtrdtrrth ([email protected])
[17:11:52] *** Quits: liikt ([email protected]) (Client Quit)
[17:12:15] <[SaH]NGG> I think _2can wanted to ask whether he needs to send the xml or c code or cgc binary?
[17:12:50] *** Joins: liikt ([email protected])
[17:13:24] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[17:14:00] *** Joins: albn ([email protected])
[17:15:00] *** Joins: WebIRC49603 ([email protected])
[17:15:08] <gynophage> xml or a binary.
[17:15:35] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[17:15:49] *** Quits: KALRONG ([email protected]) (Ping timeout: 252 seconds)
[17:15:50] <[SaH]vasporig> I think i found an unintended bug in easier, who can ask about it?
[17:16:15] *** Joins: WebIRC76486 ([email protected])
[17:16:41] *** Quits: nerder ([email protected]) (Client Quit)
[17:16:43] <Lightning> [SaH]vasporig: bug gyno, the author isn’t around
[17:16:53] <gynophage> [SaH]vasporig: You can talk to me, but I know exactly what you're going to say.
[17:18:11] *** Joins: vap0r ([email protected])
[17:18:45] <WebIRC76486> who is the author of b3s23 ?
[17:18:47] *** Joins: nerder ([email protected])
[17:19:18] <Lightning> me
[17:19:25] <Lightning> i hope you are enjoying it
[17:19:40] <Lightning> message me if you have something specific to ask
[17:20:46] <withzombies> it won't let me submit my type2 pov
[17:20:48] <withzombies> :(
[17:20:50] <withzombies> it says its too big
[17:21:11] *** Joins: rjenish ([email protected])
[17:21:56] *** Joins: stick__ ([email protected])
[17:22:16] <gynophage> http://download.quals.shallweplayaga.me/launcher/submitters.zip
[17:22:57] <withzombies> aww that's bullshit
[17:22:58] <q3k> >It's not just you! http://music.legitbs.net looks down from here.
[17:23:00] <withzombies> my pov is too big by that setting
[17:23:02] <q3k> gw
[17:23:03] <withzombies> its 181k
[17:23:30] <Lightning> yep, it’s down
[17:23:36] <gynophage> Back up.
[17:25:04] *** Quits: stick_ ([email protected]) (Ping timeout: 252 seconds)
[17:25:41] <gynophage> withzombies: Our POV is 5k...
[17:25:51] <gynophage> We figured 20x ours was decent overhead.
[17:25:52] <hj> yeah 181k seems realy bit
[17:26:17] <withzombies> i mean, my .o file is much smaller
[17:26:25] <withzombies> all the linked in libs are causing the issues
[17:26:26] <gynophage> Strip the damn PDF?
[17:26:28] <computerality> are they still putting in that shitty pdf?
[17:26:44] <withzombies> $ ls -lh legit_pov*
[17:26:45] <withzombies> -rwxr-xr-x 1 vagrant vagrant 181K May 21 21:24 legit_pov
[17:26:47] <withzombies> -rw-r--r-- 1 vagrant vagrant 2.8K May 21 21:17 legit_pov.c
[17:26:49] <withzombies> -rw-r--r-- 1 vagrant vagrant 1.9K May 21 21:23 legit_pov.o
[17:27:09] <withzombies> no pdf
[17:27:15] *** Joins: stick ([email protected])
[17:27:27] <withzombies> or maybe there is
[17:27:28] <gynophage> ...what the hell are you linking in?
[17:27:32] <withzombies> idk
[17:27:44] * mike_pizza enters chatroom
[17:27:53] <gynophage> @hj - your call.
[17:27:56] <withzombies> $ /usr/i386-linux-cgc/bin/clang -c -o legit_pov.o legit_pov.c -Llibpov -lpov -Wall -Wextra -pedantic -DNPATCHED -nostdlib -fno-builtin -nostdinc -Iinclude -Ilib -I/usr/include -O2 -Wno-overlength-strings -Wno-packed -Wno-unused-function -Os
[17:27:58] <withzombies> $ /usr/i386-linux-cgc/bin/ld -o legit_pov -lpov -Llibpov -lcgc -L/usr/lib -Os legit_pov.o -lcgc -lpov
[17:28:13] <toomanybananas> is it accepting xmls properly? I submitted an xml (validated with pov-xml2c) and it says it doesn't even negotiate
[17:28:50] *** Quits: nerder ([email protected]) (Client Quit)
[17:29:16] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[17:29:43] *** Joins: stick_ ([email protected])
[17:29:54] *** Quits: stick__ ([email protected]) (Ping timeout: 240 seconds)
[17:30:53] <gynophage> We're giving you a MB, withzombies 
[17:30:54] *** Joins: KALRONG ([email protected])
[17:31:42] <gynophage> This shouldn't be this hard. But we've also been playing with CGC for a while, so, we've got better tooling and smaller libraries.
[17:31:49] <gynophage> And I imagine CFE teams do as well.
[17:32:01] <gynophage> You may fire when ready.
[17:32:16] <WebIRC76486> is the whole See Ga See category about CGC ?
[17:32:17] <gynophage> toomanybananas: I uploaded the launchers. Try those out?
[17:32:24] *** Quits: stick ([email protected]) (Ping timeout: 240 seconds)
[17:32:26] <gynophage> WebIRC76486: Yes.
[17:32:29] <WebIRC76486> :/
[17:32:58] <gynophage> WebIRC76486: It's a really big piece of finals. One of our goals with our qualifier is to...qualify...teams for that.
[17:33:12] <WebIRC76486> is there anyone even use it in real life?
[17:33:13] <withzombies> still says too long
[17:33:25] <WebIRC76486> so this year Defcon wont be attack defence?
[17:33:54] <gynophage> This year defcon will be exploitation and patching.
[17:34:04] *** Quits: halb ([email protected]) (Client Quit)
[17:34:14] <gynophage> If you think defense is holes in LegitBS monitoring scripts and redirecting traffic off box, then no, it won't be Attack Defense.
[17:34:33] <gynophage> withzombies: Try again?
[17:34:43] <WebIRC76486> I mean, if the structure of finals will be different than year ago
[17:34:52] *** Joins: stick ([email protected])
[17:35:08] <gynophage> WebIRC76486: Yes.
[17:35:12] <WebIRC76486> anyway, TBH, is CGC used in real life, for mass scale?
[17:35:26] <gynophage> WebIRC76486: Nope.
[17:35:37] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[17:35:37] <WebIRC76486> then... what's the point of it? :/
[17:36:12] <vito> https://blog.legitbs.net/2016/05/what-is-cyber-grand-challenge.html
[17:37:04] *** Quits: dapan ([email protected]) (Client Quit)
[17:37:08] *** Joins: stick__ ([email protected])
[17:37:16] <gynophage> WebIRC76486: Same point as CTF always. It's a stand in for real world.
[17:37:43] <Lightning> and then SPACE
[17:37:54] *** Quits: stick_ ([email protected]) (Ping timeout: 240 seconds)
[17:38:12] *** Joins: WebIRC87118 ([email protected])
[17:38:31] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[17:38:38] <aterribleloss> so many IPs!
[17:38:44] <WebIRC76486> CTFs always wide you knowledne on real-life stuff, like pwning, like reversing, like webs
[17:38:47] *** Joins: [w33]deorth ([email protected])
[17:39:04] <WebIRC76486> cgc is no real life stuff, is just something which noone uses
[17:39:15] <gynophage> WebIRC76486: Do you think CGC lacks reversing and owning?
[17:39:22] <gynophage> Fuck webs.
[17:39:31] <WebIRC76486> ok, right
[17:39:37] <hj> have you even popped one into ida?
[17:39:38] <WebIRC76486> fuck webs, but also fuck architectures noone uses
[17:39:38] <Lightning> if you think reversing is just web then you have some more reading to do. CGC is advancing the ideas and methods of machine defense
[17:39:44] <SallyCroak> video is spoilers for the web challenge!!
[17:39:47] *** Joins: stick_ ([email protected])
[17:39:59] <gynophage> WebIRC76486: Sure. Then fuck every CTF ever.
[17:40:07] <Lightning> WebIRC76486: curious, like what architectures, arm?
[17:40:19] <gynophage> Fuck dosfun4u
[17:40:20] <gynophage> Fuck badger
[17:40:21] <WebIRC76486> nah, mos of ctfs got x86, then a little arm
[17:40:23] *** Quits: stick ([email protected]) (Ping timeout: 252 seconds)
[17:40:33] <WebIRC76486> here, you got 1/2 of your CTF with architecture noone uses
[17:40:37] <gynophage> Fuck all the FreeBSD stuff.
[17:40:40] <WebIRC76486> ok, maybe less than 1/2, ut still a lot
[17:40:41] <hj> ooh and windows iot arm
[17:40:45] *** Quits: breadsticks ([email protected]) (Ping timeout: 252 seconds)
[17:40:45] <gynophage> Fuck Google's CTF with PowerPC.
[17:40:49] <hj> ooh and mips and msp430
[17:41:06] *** Quits: root1 ([email protected]) (Client Quit)
[17:41:20] <Lightning> Well, CGC is linux x86 32bit with a few modifications, phones use arm, i’m not seeing the issue
[17:41:21] <WebIRC76486> No, I don't mean fuck them all. I mean prepare variety of challenges but with reasonable ratio
[17:41:32] *** Joins: breadsticks ([email protected])
[17:41:38] <WebIRC76486> if most people use x86 and arm, then do most x86 and arm and maybe 1-2 cgc
[17:41:44] <Lightning> so like finals last year with x86 32bit, x86 64bit, arm, mips, and arm64 bit?
[17:41:44] <WebIRC76486> not like the half of ctf with cgc challenges
[17:41:50] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[17:42:12] *** Joins: dapan ([email protected])
[17:42:19] <gynophage> WebIRC76486: Holy fucking shit. If only CGC was x86.
[17:42:24] <gynophage> OHH WAIT IT IS
[17:42:25] <toomanybananas> hey @WebIRC76486 how many points you got
[17:42:29] <Lightning> this year is known to be the winning CGC computer against 14 best teams, we have to make sure that those that compete can compete, even with CGC being a modified linux setup
[17:42:32] <hj> so I assume that you have done all the other challenges
[17:42:57] *** Quits: stick__ ([email protected]) (Ping timeout: 252 seconds)
[17:43:05] <withzombies> i solved it
[17:43:06] <withzombies> thanks
[17:43:08] <withzombies> o/
[17:43:13] <gynophage> \o
[17:43:13] <hj> excellent
[17:44:39] <WebIRC76486> you dont see my point here, anyway, that's just my opinion. Pushing new stuff, for like 50% of the most popular CTF is just weird
[17:44:54] <gynophage> Fuck innovation. Fuck new things.
[17:45:00] <WebIRC76486> anyway I appretiate the effort you put to create all the challenges (even the cgc)
[17:45:02] <gynophage> Let's pump the same game out every year.
[17:45:05] <[w33]deorth> Fuck The Planet
[17:45:15] <computerality> ^^
[17:45:24] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[17:45:29] * aterribleloss opens bag of popcorn
[17:45:39] <WebIRC76486> nah, fuck forcing innovation by forcing 50% of ctf to be something new, which noone uses in real life
[17:45:44] <nwx> computerality: i think you mean "Hack The Planet"
[17:45:46] <[w33]deorth> also Fuck xkcd.. we are apparently super lame this year :/
[17:46:00] <computerality> nwx: is there a difference?
[17:46:04] <nwx> lol
[17:46:08] <[w33]deorth> onf of the points of ctf has been to expose people to new things
[17:46:12] <[w33]deorth> to force people to think
[17:46:24] <[w33]deorth> I like that I never know what arch or OS I'm going to encounter
[17:46:49] <[w33]deorth> there was a one the other year involving xbox kinetic and fucking semaphore
[17:46:52] <[w33]deorth> that was awesome
[17:46:56] <WebIRC76486> yeah, and you can force them, but creating 1-2 'technology-innovative' challenges, not like 12 challenges for CGC
[17:47:04] <hj> that was the year I got my second black badge
[17:47:17] <hj> the point of quals is to prepare teams for finals
[17:47:19] <[w33]Luwenth> WebIRC76486: This isn't "regurgitate what you already know" class.  This is a serious CTF.  This is "do you know your shit well enough to apply it to something you've probably never thought about before". 
[17:47:20] <WebIRC76486> [w33]deorth: ok, but there wasn't 12 challenges about xbox kinetic
[17:47:21] <hj> 1-2 does not do that
[17:47:26] <[w33]deorth> The reason for the 12 CGC challenges (at a guess) is so that the qualifiers are prepared to put on a good show againats the CGC computer
[17:47:30] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[17:47:34] <[w33]deorth> it seems reasonable to me
[17:48:27] <hj> and to be fair, the two currently unlocked are just two sides of the same coin
[17:48:28] <withzombies> i like this points system
[17:48:30] <hj> pwn it and patch it
[17:48:38] <hj> glad you approve
[17:49:29] <WebIRC76486> If you prepared 12 different, innovate, not-well-known technologies/architectures, I woudn't complain.
[17:49:41] <hj> yeah it gets rid of our subjective ideas of what the points should be
[17:49:48] <hj> yes you would
[17:49:58] <[w33]Luwenth> WebIRC76486: I'm pretty sure you'd still complain :)
[17:50:02] <verylazyguy> I dislike how they don't start with subjective point values though
[17:50:28] <[w33]deorth> thats the thing they're trying to overcome
[17:50:36] <WebIRC76486> [w33]deorth: no, 'cos if I won't like CGC, I could switch to other challenge. Here, half of ctf is CGC
[17:50:37] <[w33]Luwenth> The new points system is definitely interesting, and conceptually does fix the problem of "what value should each puzzle really have"? 
[17:50:49] <hj> no only two challenges that are open are cgc
[17:50:59] <hj> have you solved every other open one
[17:51:04] <mx_> WebIRC76486: stop whining dude. it makes my eyes hurt
[17:51:10] <hj> you must be on ppp
[17:51:19] <[w33]deorth> ppp.. fucking whiners
[17:51:24] <WebIRC76486> :D
[17:51:27] <hj> right, man always bitchin
[17:51:44] <gynophage> withzombies: Thanks! We put some thought into it. We wanted to do it last year.
[17:51:53] <WebIRC76486> of course, I haven't solved others yet - but when I see, that 50% of defcon is just cgc, then...my eyes hurt ;]
[17:52:15] *** Joins: WebIRC95042 ([email protected])
[17:52:27] <WebIRC76486> scoring system - nice; pwnies/re - nice; 50% of cgc - wtf - that's my opinion. Guess it's EOT from my side :)
[17:52:30] <[w33]Luwenth> How do you get to 50%?   Looking at babys-first 1 out of 5 is a CGC.  1!
[17:52:32] <gynophage> WebIRC76486: If it makes you feel a bit better, MOST of the CGC category is own, and patch of the same thing.
[17:52:48] <WebIRC76486> [w33]deorth: the whole See Ga See category will be about CGC
[17:52:58] <[w33]deorth> so fucking what ? :)
[17:53:14] <[w33]deorth> if they're shitty puzzles that are easy to solve, then they'll not be worth much
[17:53:25] <[w33]deorth> if they're hardp uzzles, then thats what cTF is about
[17:53:31] <hj> ugh, back to zelda
[17:53:41] <gynophage> It's x86 Linux, with different sys call numbers.
[17:53:48] <gynophage> If you can pop Linux, you can mostly pop CGC.
[17:54:07] <b2xiao> oh man we should hold a public vote on what to open
[17:54:15] <tylerni7> b2xiao: hahaha
[17:54:19] *** Quits: albn ([email protected]) (Client Quit)
[17:54:20] <gynophage> b2xiao: What would you open?
[17:54:23] <tylerni7> I am okay with that
[17:54:26] <b2xiao> crypto
[17:54:30] <b2xiao> I would open all the crypto
[17:54:33] <b2xiao> and qr codes challenges
[17:54:38] <b2xiao> those too I love QR codes man
[17:54:45] <[w33]Luwenth> I vote we own the rest of babys-first, so I have things I can try to solve :) 
[17:54:46] <[w33]deorth> something forensiccy
[17:54:49] <[w33]deorth> I always like those
[17:55:03] <[w33]Luwenth> where's the web stuff this year??? 
[17:55:05] <[w33]deorth> yeah.. babys first is kicking our ass thie year :(
[17:55:10] *** Quits: WebIRC87118 ([email protected]) (Client Quit)
[17:55:12] <computerality> b2xiao: you are now my spirit animal
[17:55:14] <hj> you mean when you had to concatenate all the bits of an unused flag on an ntfs partition and know that it was a flag
[17:55:40] <gynophage> Would you guys like a "Guess the flag" category next year?
[17:56:02] <gynophage> It'll just be the text area with no hint or download.
[17:56:02] <hj> or it the md5sum of a file deleteded but not actually erased
[17:56:20] <[w33]Luwenth> Depends, what's the rate-limit on guesses? :)  If it's not 'as fast as I can go with my neighboring AWS instance', then that would be cool :)
[17:56:41] <computerality> gynophage: could you include a timezone guessing category too please?
[17:56:52] <gynophage> computerality: Absolutely.
[17:56:59] <hj> world wide this time, not just mountain time
[17:57:16] <[w33]Luwenth> wait, I thought this was all pacific time this year
[17:57:37] *** Quits: WebIRC7202 ([email protected]) (Client Quit)
[17:57:43] <gynophage> computerality: 3 hour delay category too?
[17:58:04] <computerality> only if it's 2 hour delay sometimes because of daylight saving
[17:59:14] <hj> hey Web### another cgc challenge has been opened for you. enjoy
[18:00:17] *** Quits: rffdtdtdtrdtrrth ([email protected]) (Client Quit)
[18:00:34] <dave0x6d> How many teams are playing anyway?
[18:00:55] <gnomus> 5
[18:01:00] <dave0x6d> -.-
[18:01:01] <gynophage> 253 have any points.
[18:01:12] <gynophage> 238*
[18:01:25] <gnomus> we just went back under 100 points :(
[18:01:27] <dave0x6d> nice, so i'm in the top 238
[18:01:29] <gynophage> 1214 teams registered.
[18:02:17] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[18:02:40] *** Joins: supahot ([email protected])
[18:02:46] *** Quits: WebIRC76486 ([email protected]) (Client Quit)
[18:02:50] *** Joins: rffdtdtdtrdtrrth ([email protected])
[18:03:16] *** Joins: nerder ([email protected])
[18:04:18] <Lightning> don’t forget about the 1000’th of a second accuracy but the logs provided only give 100’th accuracy
[18:04:24] <Lightning> after guessing the timezone
[18:04:49] <[w33]Luwenth> eh, 100 guesses ain't tbat had :)
[18:05:07] *** Joins: ling ([email protected])
[18:05:27] *** Quits: nerder ([email protected]) (Client Quit)
[18:05:51] *** Joins: zzoru ([email protected])
[18:06:43] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[18:07:30] <aterribleloss> how about some signal demodulation?
[18:07:33] *** Quits: rok__ ([email protected]) (Client Quit)
[18:07:47] *** Joins: c21 ([email protected])
[18:08:43] <L0rdComm4ander> who can I ask about easy-prasky?
[18:08:53] <Lightning> go bug gyno
[18:09:31] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[18:10:20] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[18:10:23] *** Joins: WebIRC25733 ([email protected])
[18:10:32] *** Quits: zzoru ([email protected]) (Ping timeout: 252 seconds)
[18:10:52] <vito> L0rdComm4ander: i wrote it, but it's also been solved like a hundred times
[18:11:57] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[18:12:21] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[18:13:10] *** Quits: dapan ([email protected]) (Client Quit)
[18:14:04] <fester> this song is the best
[18:14:25] *** Quits: Ninn ([email protected]) (Client Quit)
[18:14:26] *** Quits: b3h3m0th (uid26288@2604:8300:100:200b:6667:2:0:66b0) (Client Quit)
[18:14:54] <fester> vito: easy-prasky pissed me off
[18:15:16] <fester> when i "solved" it
[18:15:29] <vito> how so?
[18:15:37] <gynophage> In PM.
[18:15:50] *** Quits: rffdtdtdtrdtrrth ([email protected]) (Client Quit)
[18:15:50] <vito> fester: yeah PM if it's about how you solved it
[18:15:56] *** Joins: rffdtdtdtrdtrrth ([email protected])
[18:16:02] <vito> because it's not a spoiler at this point to say that 334_cuts is very similar
[18:16:19] *** Quits: Piratmajor ([email protected]) (Ping timeout: 252 seconds)
[18:16:29] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[18:17:20] *** Joins: WebIRC87118 ([email protected])
[18:17:45] <supahot> anyone I can ask about baby-re?
[18:18:06] <Lightning> depends on the question, at this point unless it is down we can’t say much due to the high number of solves
[18:18:24] *** Joins: autolycos ([email protected])
[18:18:31] <gnomus> fester: us too :D
[18:18:41] <gnomus> wasted like an hour or something
[18:19:47] *** Quits: autolycos ([email protected]) (Client Quit)
[18:19:57] *** Joins: cx ([email protected])
[18:25:44] <supahot> @Lightning nevermind I got it
[18:29:30] *** Joins: zzoru ([email protected])
[18:31:09] *** Quits: hellman (~shellman@2001:7e8:d4d1:9702:c91:d5c3:548f:fd73) (Remote host closed the connection)
[18:33:30] *** Quits: vap0r ([email protected]) (Client Quit)
[18:33:48] <riatre> Weird, I received "# cb-server: CB generated signal (pid: 25, signal: 11)" and "not ok - pov did not negotiate" when I tried to submit a xml pov.
[18:33:59] *** Joins: autolycos ([email protected])
[18:34:15] <riatre> Works well locally, with exactly same command line as in `submit.py`
[18:34:17] *** Quits: zzoru ([email protected]) (Ping timeout: 252 seconds)
[18:35:38] <gynophage> riatre: http://cgc-docs.legitbs.net/cgc-release-documentation/walk-throughs/understanding-cfe-povs/
[18:36:33] *** Joins: WebIRC7330 ([email protected])
[18:36:35] <riatre> thanks
[18:36:50] *** Joins: vap0r ([email protected])
[18:37:05] *** Quits: WebIRC87118 ([email protected]) (Client Quit)
[18:37:11] *** Joins: WebIRC87118 ([email protected])
[18:37:43] *** Quits: rffdtdtdtrdtrrth ([email protected]) (Client Quit)
[18:38:25] *** Quits: w0 ([email protected]) (Remote host closed the connection)
[18:39:11] *** Quits: cx ([email protected]) (Client Quit)
[18:39:36] *** Joins: rffdtdtdtrdtrrth ([email protected])
[18:39:53] <b2xiao> fuck
[18:40:01] <b2xiao> why are we always having to pick a category
[18:40:02] *** Joins: cx ([email protected])
[18:40:17] *** Quits: vap0r ([email protected]) (Client Quit)
[18:40:28] <withzombies> unlock more cgc ones
[18:40:43] <withzombies> one of the 334 is a repeat
[18:40:49] <withzombies> i was lied to
[18:41:55] *** Joins: Ninn ([email protected])
[18:41:56] *** Joins: okaji39 ([email protected])
[18:43:54] *** Quits: WebIRC25733 ([email protected]) (Client Quit)
[18:44:24] <vito> withzombies: pm me which two
[18:46:19] <IceGuest_78_> hey bors
[18:46:21] <IceGuest_78_> bros
[18:46:30] <IceGuest_78_> what about xkcd ??
[18:47:02] <Lightning> it’s a good comic strip
[18:47:25] *** gynophage sets mode: +b IceGuest_78_!*@*
[18:47:28] *** IceGuest_78_ was kicked by gynophage (IceGuest_78_)
[18:47:32] <Lightning> i liked friday’s with the exact copies of digital data
[18:48:28] *** gynophage sets mode: +b *!*@105.158.152.121
[18:48:54] <dave0x6d> huh, did I just solve step already?
[18:49:08] <Lightning> dunno, try to submit the key
[18:50:03] *** Quits: cx ([email protected]) (Ping timeout: 252 seconds)
[18:51:25] *** Joins: cx ([email protected])
[18:52:25] *** Quits: rffdtdtdtrdtrrth ([email protected]) (Client Quit)
[18:52:26] *** Joins: cheybu_ ([email protected])
[18:52:33] <lenerd> Can I ask a question regarding crippled?
[18:52:56] *** Joins: cx1 ([email protected])
[18:53:03] <gynophage> lenerd: PM.
[18:53:20] *** Joins: albn ([email protected])
[18:53:48] <dave0x6d> Lightning: when I ncat to the server it's not sending any data.
[18:53:56] *** Quits: c21 ([email protected]) (Client Quit)
[18:54:09] <Lightning> i don’t know anything about step
[18:54:12] <dave0x6d> oh there we go, netcat works
[18:55:06] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[18:55:24] *** Quits: chebaraska ([email protected]) (Ping timeout: 240 seconds)
[18:55:38] *** Quits: cx ([email protected]) (Ping timeout: 252 seconds)
[18:55:57] *** Quits: joemalone ([email protected]) (Client Quit)
[18:56:25] *** Quits: cx1 ([email protected]) (Read error: Connection reset by peer)
[18:56:30] *** Joins: cx ([email protected])
[18:56:31] *** Joins: C21 ([email protected])
[18:56:33] *** Joins: zzoru ([email protected])
[18:56:37] *** Joins: digitalseraphim_ ([email protected])
[18:56:57] *** digitalseraphim_ is now known as digitalseraphim
[18:57:07] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[18:57:20] *** Joins: gael (~gael@2a01:e34:ec02:c450:d547:b4b7:2303:2487)
[18:58:15] <SallyCroak> Lightning: https://www.youtube.com/watch?v=QrGrOK8oZG8
[18:58:45] <vito> I can't wait to enterTAYNE you
[18:59:05] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[18:59:13] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[19:00:44] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[19:00:46] *** Quits: zzoru ([email protected]) (Ping timeout: 252 seconds)
[19:00:56] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[19:01:05] <Lightning> SallyCroak: better?
[19:01:24] <dave0x6d> this is sad, I think I have the solution, but don't know how to print it properly with python lol
[19:02:24] <SallyCroak> Lightning: it wasn't a complaint, just a recommendation of another worthwhile video
[19:02:46] <Lightning> see if anyone adds it, multiple DJs going on. I’m digging around for some older things
[19:02:53] *** Quits: albn ([email protected]) (Client Quit)
[19:02:59] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[19:03:00] <hbw> i love how youtube changed the video title to be in the correct font
[19:03:20] <dave0x6d> huh, it segfaults now.
[19:03:24] <dave0x6d> that's weird
[19:05:04] *** Joins: WebIRC36807 ([email protected])
[19:05:17] <WebIRC36807> hey, how many teams go to Defcon from this quals?
[19:05:25] *** Joins: cx1 ([email protected])
[19:05:28] *** Quits: cx ([email protected]) (Read error: Connection reset by peer)
[19:05:56] * vito checks spreadsheet
[19:06:02] <dave0x6d> vito: ha, geek.
[19:06:04] <Lightning> 14 - number that qualified which is 6 so 8 by my count
[19:06:12] <vito> 7
[19:06:25] <vito> 6
[19:06:28] <vito> something
[19:06:29] <vito> i can't count
[19:06:34] <vito> that's why i have a spreadsheet
[19:06:55] <WebIRC36807> TOP8 ?
[19:07:00] <WebIRC36807> goes to LV
[19:07:00] *** Quits: dt ([email protected]) (Ping timeout: 252 seconds)
[19:07:11] <Lightning> WebIRC36807: top 8 + however many already qualified
[19:07:27] <WebIRC36807> yeah, I mean TOP8 from this quals-ctf
[19:07:27] <Lightning> https://blog.legitbs.net/2016/05/quick-quals-qupdate.html anyone on that list in the top 8 means we move past them
[19:07:31] <WebIRC36807> and 6 from others ctfs
[19:07:41] <sewilton> This guy is my spirit animal: https://assets-2016.legitbs.net/assets/mangle/retina/3-mangle-1-a43e37da9cea9e4ec8e4e86ba45c4fd8.jpg
[19:07:51] <Lightning> the 15th is the CGC computer bringing it to 15 teams at finals
[19:08:27] *** Joins: rhydis ([email protected])
[19:09:35] <vito> sewilton: https://assets-2016.legitbs.net/assets/mangle/retina/3-mangle-2-04e8207c625242069affee6be1160e0e.jpg
[19:09:36] <gnomus> would be funny if the team that build the winning computer also qualifies
[19:09:52] <gnomus> then they would have to play against their creation
[19:09:56] *** Quits: cx1 ([email protected]) (Ping timeout: 252 seconds)
[19:09:58] <vito> gnomus: funny but… not 100% surprising
[19:09:59] <fester> who would win
[19:09:59] <gynophage> gnomus: Not really. They won't be allowed to play.
[19:10:10] <sewilton> vito: That's a good one. I'm really digging this businesspunk theme
[19:10:25] <gnomus> gynophage: thats sad. would be fun to watch
[19:10:44] <gynophage> We have no way of knowing they're not seeding their CRS to beat all the humans through the network, in order to get the "We built a machine that beat humans." story published.
[19:11:31] <gnomus> i see
[19:12:11] <gynophage> It's shitty, but it's got to be that way. Also, when all the CGC teams accepted the invite last year, I believe they all agreed to that stipulation (though I was very drunk)
[19:12:40] <dave0x6d> bleh, are we allowed to try exploiting the RE challenges?
[19:12:56] <gynophage> dave0x6d: How many points do you have?
[19:13:00] <dave0x6d> ...not many.
[19:13:04] <gynophage> Sure, go ahead.
[19:13:11] <dave0x6d> lol
[19:13:14] <gynophage> If you think you've got an exploit in something people have RE'd, go right ahead.
[19:14:47] <Ymgve> time sink has definitely become a time sink for me
[19:15:46] *** Joins: cx ([email protected])
[19:16:03] *** Quits: t1deman ([email protected]) (Remote host closed the connection)
[19:16:09] *** Joins: wahrwolf ([email protected])
[19:16:15] <vito> gj shellphish
[19:16:20] <dave0x6d> I feel like binary ninja might be lying to me.
[19:16:37] *** Joins: t1deman ([email protected])
[19:16:40] <cao> vito: ty ;)
[19:17:04] *** Joins: WebIRC25733 ([email protected])
[19:17:24] *** Quits: rjenish ([email protected]) (Ping timeout: 240 seconds)
[19:17:25] *** Quits: C21 ([email protected]) (Client Quit)
[19:18:36] <sewilton> Is "time sink" intended to actually open any windows or anything? We haven't found a machine that can run it yet -- everything just crashes or hangs
[19:18:56] <vito> open a window to your soul
[19:19:05] <sewilton> Ah I'll look there, thanks!
[19:19:14] *** Quits: Ninn ([email protected]) (Client Quit)
[19:19:22] <vito> you're welcome!
[19:20:33] <WebIRC36807> who is the author of 334cuts?
[19:21:10] *** Quits: scifi ([email protected]) (Client Quit)
[19:21:16] <vito> it's me
[19:21:27] <vito> maybe play it and don't pm literally every legitbs member
[19:21:52] <WebIRC36807> i pm only two of you
[19:21:53] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[19:21:59] <vito> still though
[19:22:06] *** Joins: jrackham (~a29@2601:601:c480:448:7566:de3b:48f9:757)
[19:22:20] *** Quits: supahot ([email protected]) (Client Quit)
[19:22:42] <WebIRC36807> err, what's your problem then?
[19:23:09] <dave0x6d> huh, IDA doesn't like step.
[19:23:10] <WebIRC36807> 'cos PM'ing two people is not 'literally every members' :/
[19:23:10] <dave0x6d> go figure.
[19:23:59] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[19:24:02] *** Joins: ar1s ([email protected])
[19:24:19] <vito> but to answer your question, easy-prasky_335e35448b30ce7697fbb036cce45e34.quals.shallweplayaga.me:10001 and 334_cuts_22ffeb97cf4f6ddb1802bf64c03e2aab.quals.shallweplayaga.me:10334 don't point to the same thing
[19:25:11] *** Quits: WebIRC58077 (~a29@2601:14c:4400:32cf:bc5c:15b:a43:5db5) (Client Quit)
[19:25:20] <WebIRC36807> thank you, that's the answer i was expect, instead of insulting me
[19:25:24] *** Quits: t1deman ([email protected]) (Ping timeout: 240 seconds)
[19:25:25] <dave0x6d> gynophage: the RE step challenge doesn't really explain if there's a difference between what's running on the server, or what we have.
[19:25:48] <gynophage> dave0x6d: There's not. Just like literally every challenge we've done.
[19:26:04] <dave0x6d> gynophage: so I don't need to use the remote server to get the flag...?
[19:26:24] *** Quits: liikt ([email protected]) (Client Quit)
[19:26:48] *** Joins: WebIRC35378 ([email protected])
[19:27:14] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[19:27:38] *** Quits: heapheap ([email protected]) (Client Quit)
[19:27:56] *** Joins: power ([email protected])
[19:29:25] <Ymgve> dave0x6d: I assume there's some flag file that the challenge reads from or something
[19:30:23] *** Quits: ak ([email protected]) (Ping timeout: 252 seconds)
[19:30:28] <power> in legit00003, the given binary is same with running binary at server??
[19:30:30] *** Quits: jrackham (~a29@2601:601:c480:448:7566:de3b:48f9:757) (Client Quit)
[19:30:58] <gynophage> Yes.
[19:31:04] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[19:31:43] *** Joins: albn ([email protected])
[19:32:00] *** Joins: marble (Vos4wFyTXt@2a00:d0c0:200:0:b9:1a:9c0f:340)
[19:32:12] *** gynophage is now known as WebIRC00069
[19:32:42] *** Lightning is now known as WebIRC01337
[19:33:13] <ar1s> any CGC gurus here? my cb-test always complain that it doesn't negotiate. I have the right <negitiate> tags
[19:33:16] *** Joins: dt ([email protected])
[19:33:26] <WebIRC00069> ar1s: Do you?
[19:33:32] <ar1s> I hope so
[19:33:37] <WebIRC00069> PM me?
[19:33:51] <WebIRC00069> I'm really good at computers.
[19:33:55] <WebIRC00069> You can tell by my nick.
[19:34:05] <ar1s> cool, I have a few friends who're good too
[19:34:14] <ar1s> they just work on real exploits, not CGC crap
[19:34:24] *** Quits: ling ([email protected]) (Ping timeout: 240 seconds)
[19:34:24] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[19:34:32] <WebIRC00069> Another one of you.
[19:34:34] <WebIRC00069> Cool.
[19:34:50] <WebIRC00069> "I don't understand, so I should be angry"
[19:35:08] <WebIRC00069> I've offered to help you, and asked you to PM me.
[19:35:28] <WebIRC36807> nah, real life experience is more valuable then cgc-which-noone-uses experience
[19:35:29] <WebIRC00069> No need for calling things crap because you don't understand them.
[19:35:53] <WebIRC00069> WebIRC36807: Then go fucking pop Chrome and leave us be.
[19:36:05] <bmc> Chrome > CGC
[19:36:09] <SallyCroak> at least pick a handle. we can't keep track of which webirc person is the douche and which one is just annoying
[19:36:33] *** Quits: WebIRC36807 ([email protected]) (Client Quit)
[19:37:07] <dwn> "A successful Type 1 POV must result in the target binary faulting at the negotiated instruction pointer address with one additional general purpose register containing the second negotiated value."
[19:37:14] <dwn> what are the magic values
[19:37:17] <dwn> that this thing wants
[19:37:19] <WebIRC01337> didn’t realize i was annoying or a douche
[19:37:28] <WebIRC01337> I’m one of the nicer ones
[19:37:45] <ar1s> I see the idea behind CGC, but the doc is not very good and the first experience is frustrating
[19:37:49] <dwn> negotiated values = 0x41414141 and 0x42424242?
[19:37:57] *** Joins: WebIRC63556 ([email protected])
[19:38:06] *** Quits: WebIRC87118 ([email protected]) (Client Quit)
[19:38:41] <ar1s> dwn: from what I understand you'll use the magic in places where they're supposed to be sent and it will replace them with what the server decided
[19:38:52] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[19:39:11] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[19:39:41] *** WebIRC01337 is now known as WebIRC31337
[19:40:07] <dave0x6d> bleh, I wish there was points for segfaulting :p
[19:40:57] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[19:40:57] *** Joins: nebel ([email protected])
[19:41:56] *** Joins: Xaxxix ([email protected])
[19:42:19] *** Quits: cx ([email protected]) (Client Quit)
[19:43:02] <vito> get in a delorean and go to a year ago
[19:43:02] *** Joins: t1deman ([email protected])
[19:44:02] *** gnomus is now known as WebIRC42424
[19:44:09] *** Quits: nebel ([email protected]) (Client Quit)
[19:44:10] <WebIRC42424> hello.
[19:44:17] <WebIRC42424> where are the web challenges?
[19:44:53] <WebIRC25733> no
[19:45:06] <WebIRC31337> mine is in the garage
[19:45:16] <anthraxx> WebIRC42424: if you want http then use r2 on the challs, it has a web ui ^.^
[19:45:23] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[19:45:38] <WebIRC42424> i can haz webz plz
[19:45:40] <WebIRC42424> :D
[19:45:46] <WebIRC42424> anthraxx: fuck web lol
[19:45:49] <anthraxx> fuck web lol
[19:45:50] <anthraxx> !
[19:45:51] *** WebIRC42424 is now known as gnomus
[19:45:58] <vito> hell yeah b1o0p opened 666 cuts https://youtu.be/UbzUTRAUac4
[19:46:05] <WebIRC00069> dwn: ar1s - http://cgc-docs.legitbs.net/cgc-release-documentation/walk-throughs/understanding-cfe-povs/
[19:46:15] <WebIRC00069> Covers how negotiation works.
[19:46:36] <ar1s> thanks for the link, I've read that already. I think I'm stuck on a technicality, I'll continue digging
[19:46:57] <gnomus> there should be web challenges powered by a webserver running on cgc
[19:47:01] *** Joins: e^ipi ([email protected])
[19:47:02] <gnomus> everyone would be happy
[19:47:10] <WebIRC00069> ar1s: Feel free to PM me. If it's *really* a technicality, I may prod you the right way. I'm not going to feed you an exploit, though. :)
[19:47:20] *** Joins: cx ([email protected])
[19:47:29] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[19:47:32] <WebIRC00069> gnomus: If only CGC had a filesystem API...
[19:47:41] <gnomus> damn CGC crap
[19:47:47] <e^ipi> the points keep decaying even after you've solved the challenge?
[19:47:52] <gnomus> this is why we canÄt have nice things
[19:47:55] <WebIRC00069> e^ipi: Yes.
[19:47:59] <e^ipi> gotcha
[19:48:09] <gnomus> you should implement zfs support for cgc
[19:48:14] <WebIRC00069> e^ipi: Don't want to penalize teams who are asleep when a challenge unlocks.
[19:49:28] <gnomus> you shold penalize people who are asleep
[19:49:40] <vito> nah, we sleep
[19:49:43] <vito> that's what hard challenges are for
[19:51:14] <gnomus> organizing ccc congress teached me to stay awake for >24 hours :D
[19:51:51] <WebIRC31337> that makes it harder at the end, we prefer rest :)
[19:51:56] *** Joins: WebIRC49338 (~a29@2601:151:c000:2f10:ac91:47c7:baa9:6501)
[19:51:57] <gnomus> yeh
[19:51:58] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[19:52:08] <gnomus> but i reached my skill levels 10 hours ago
[19:52:22] <gnomus> just chillin and helping out my teammates now
[19:52:52] *** Quits: WebIRC49338 (~a29@2601:151:c000:2f10:ac91:47c7:baa9:6501) (Client Quit)
[19:53:25] *** Quits: power ([email protected]) (Client Quit)
[19:53:45] <gnomus> at least we got pudding \o/
[19:54:12] <e^ipi> WebIRC00069: yeah, I get it. I just wasn't expecting it
[19:54:15] <e^ipi> now I know
[19:54:18] <dave0x6d> ah what the hell. https://i.imgur.com/uJdPm3x.png
[19:54:19] <e^ipi> it's your ctf, run it how you like
[19:54:40] <WebIRC31337> there goes 666 cuts
[19:54:51] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[19:54:56] *** mike_pizza is now known as dino_pizza
[19:54:59] *** Joins: jsc ([email protected])
[19:55:05] <dino_pizza> welcome jsc 
[19:55:10] <WebIRC00069> e^ipi: It was a last minute announcement. There are a lot of really nice properties to it if you think about it.
[19:55:18] <jsc> thanks dino_pizza 
[19:56:05] <WebIRC00069> For example - a problem that is worth fewer points is probably easier (it has more solves...so its either easier, or it's cheated on).
[19:56:08] <[w33]deorth> dave0x6d: what disassembler package you using there ?
[19:56:16] <dave0x6d> [w33]deorth: it's binary ninja.
[19:56:20] <[w33]deorth> nice
[19:56:31] <dave0x6d> you can get into the beta for free.
[19:56:43] *** Joins: power ([email protected])
[19:56:50] <[w33]deorth> yeah.. I think I shall :)
[19:58:35] *** Quits: autolycos ([email protected]) (Client Quit)
[19:58:38] *** Quits: TMT ([email protected]) (Client Quit)
[20:00:27] <e^ipi> WebIRC00069: sure, it's not even close to the worst idea i've heard. Makes a lot of sense for this CTF. Maybe not every CTF but certainly this one
[20:01:19] <gnomus> man this pudding is awesome
[20:01:28] <dave0x6d> it makes sense for the more competitive teams IMO
[20:01:40] <dave0x6d> kinda sucks when you're not competitive and just see your score keep falling down.
[20:01:47] *** Joins: zzoru ([email protected])
[20:01:53] <rawrus> roofies are always the sweetest when they're fresh my good gnomus 
[20:02:17] <dave0x6d> heh, linode user.
[20:02:17] <gnomus> rawrus: yeh
[20:02:26] <enen> gnomus: cocaine puddin?
[20:02:39] <rawrus> dave0x6d: whats wrong with leenode :pp
[20:02:41] <enen> wheres the snackle snaps?
[20:02:43] <gnomus> enen: nahh chocolate pudding
[20:03:14] *** Joins: autolycos ([email protected])
[20:03:15] <gnomus> enen: see https://twitter.com/c3h2_ctf/status/734140379054886912
[20:04:18] *** Quits: autolycos ([email protected]) (Client Quit)
[20:04:18] <e^ipi> dave0x6d: that's sorta where I am, I just want to see how many points I can collect until tomorrow 
[20:04:44] <e^ipi> that said, the format shouldn't be based around my own incompetence ;)
[20:05:23] <enen> thats... a lot of pudding
[20:05:54] <gnomus> we are 7 people currently...
[20:06:01] <dino_pizza> jsc: how are you? it's nice to see you again
[20:06:04] <gnomus> much pudding needed
[20:06:05] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[20:06:22] <e^ipi> what the hell are you guys talking about putting?
[20:06:28] <e^ipi> *pudding
[20:06:34] <WebIRC31337> Who’s on first?
[20:06:38] <gnomus> e^ipi: we made pudding
[20:06:47] <gnomus> and now we eat it
[20:06:53] <gnomus> and it's awesome
[20:07:03] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[20:07:09] <jsc> dino_pizza: doing pretty well, just contemplating when to start this beer
[20:07:14] <jsc> how's your evening going?
[20:07:21] *** Joins: whoisj0hngalt ([email protected])
[20:07:25] <gnomus> e^ipi: see https://twitter.com/c3h2_ctf/status/734140379054886912
[20:07:44] <whoisj0hngalt> Can someone tell me where the cb-replay-pov binary is?
[20:08:18] *** Joins: tdrv ([email protected])
[20:08:28] <gnomus> whoisj0hngalt: have you looked in the pudding?
[20:09:08] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[20:09:27] <WebIRC00069> https://github.com/CyberGrandChallenge/cb-testing/blob/master/cb-replay-pov
[20:10:07] <whoisj0hngalt> You are a god. Thank you
[20:10:15] *** Quits: zzz ([email protected]) (Client Quit)
[20:10:18] *** dino_pizza is now known as dino
[20:10:26] *** Quits: zzoru ([email protected]) (Ping timeout: 252 seconds)
[20:10:27] <dino> jsc: it's alright
[20:11:04] <WebIRC7330> WebIRC31337: Then who's playing first?
[20:11:05] <dave0x6d> what the hell is amd64g_calculate_RCL?
[20:11:19] <enen> 3~/win 19
[20:11:23] <dwn> in an XML POV how tf do I specify the input to the CB?
[20:11:26] <jsc> /win 666
[20:11:49] *** Joins: autolycos ([email protected])
[20:12:13] *** Joins: zzz ([email protected])
[20:12:38] *** Quits: t1deman ([email protected]) (Ping timeout: 252 seconds)
[20:13:55] <dave0x6d> rotate through carry left?
[20:16:53] <[w33]Luwenth> Why does this lead singer look like the guitarist from "Spinal Tap"?
[20:20:37] *** Joins: autolycos1 ([email protected])
[20:21:18] *** Joins: WebIRC36312 ([email protected])
[20:21:22] *** Quits: albn ([email protected]) (Client Quit)
[20:24:08] <dave0x6d> why wouldn't he?
[20:24:53] *** Quits: insaida ([email protected]) (Client Quit)
[20:25:16] *** Quits: autolycos ([email protected]) (Client Quit)
[20:27:27] *** Quits: zzz ([email protected]) (Client Quit)
[20:29:57] *** Joins: t1deman ([email protected])
[20:30:09] *** Quits: Xaxxix ([email protected]) (Ping timeout: 252 seconds)
[20:30:45] <whoisj0hngalt> Stupid question. I suspect my banker PoC isn't working due to the busybox comment in the topic. Can anyone elaborate on that for me?
[20:33:25] <WebIRC31337> PM'd
[20:33:43] <WebIRC00069> whoisj0hngalt: execve("/bin/sh", NULL, NULL) will crash busybox.
[20:34:58] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[20:36:16] <e^ipi> gnomus: club mate is too expensive, you can just get a kilo of mate from a latin grocery for like $4
[20:36:59] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[20:38:23] <dave0x6d> what's the point exactly of having the RE challenges on a remote server?
[20:38:33] *** Joins: Guest92 ([email protected])
[20:39:24] <dwn> do we have to run pov-xml2c on our povs and compile before sending?
[20:39:38] *** Quits: L0rdComm4ander ([email protected]) (Client Quit)
[20:39:39] <dwn> says I'm not negotiating like what
[20:39:43] *** Quits: mandlebro (~ben@2001:690:2100:1b:4450:4ae:18d5:2041) (Client Quit)
[20:40:09] <anthraxx> dave0x6d: a RE chall doesn't mean the flag needs to be inside the provided binary
[20:40:12] <WebIRC00069> dwn: Try it?
[20:40:51] *** WebIRC00069 is now known as gynophage
[20:41:13] <gnomus> e^ipi: we are in germany. it's cheap here
[20:41:39] *** Quits: WebIRC36312 ([email protected]) (Client Quit)
[20:43:06] *** Quits: NeedToLearn (~NeedToLea@2a01:e35:8b3c:cd30:f9ec:6607:fb1f:3d7) (Remote host closed the connection)
[20:43:23] *** Quits: Algo ([email protected]) (Client Quit)
[20:44:13] *** Joins: Rad ([email protected])
[20:44:13] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[20:44:24] <gnomus> also club mate != mate tea :)
[20:44:42] *** Joins: albn ([email protected])
[20:45:52] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[20:47:17] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[20:47:51] *** Joins: WebIRC6208 ([email protected])
[20:48:02] <WebIRC6208> hey, who is the author of parsky?
[20:48:05] *** Quits: Rad ([email protected]) (Client Quit)
[20:48:17] <WebIRC6208> *prasky
[20:48:56] *** Joins: rad ([email protected])
[20:49:52] <rad> Hi cgc noob here
[20:49:57] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[20:50:15] <dave0x6d> $ cat /defcon/payload4 | ./step 
[20:50:15] <dave0x6d> Key1: Illegal instruction (core dumped)
[20:50:22] <dave0x6d> TIL that's a possible way to dump your core lol
[20:50:35] <rad> I am trying to solve babysfirst category easy cgc one
[20:51:06] <rad> I can segfault locally with vagrant
[20:51:19] <rad> But on server it does not
[20:51:31] <dave0x6d> how do you know it doesn't segfault on the server?
[20:51:32] <rad> What may be the problem
[20:51:35] <WebIRC6208> what you have on the server?
[20:51:52] <rad> It says so 
[20:52:07] <rad> There is a runner.py
[20:52:33] <rad> You send the crash string with base64 encode
[20:52:42] *** WebIRC31337 is now known as Lightning
[20:52:45] <WebIRC6208> do you have any info back from the server after your payload?
[20:53:00] *** Quits: cx ([email protected]) (Client Quit)
[20:53:09] <gynophage> Rad, please PM me.
[20:53:11] <rad> Yes the python code says if it segfaulted
[20:53:39] *** Joins: dm_me_ur_flags ([email protected])
[20:54:10] <WebIRC6208> gynophage: may I also PM you, speaking of this challenge?
[20:54:24] <gynophage> You may.
[20:54:43] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[20:56:18] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[20:56:38] *** Joins: vap0r ([email protected])
[20:57:57] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[20:59:41] <gynophage> I forget if it was announced. easier was owned.
[21:00:24] <vito> https://gist.github.com/vito-lbs/124f7b33bc148d3a06ab7e0dcd9f2a7c
[21:00:25] <dave0x6d> who bought it?
[21:01:31] *** Joins: kkk ([email protected])
[21:01:39] *** Joins: Epidem1x ([email protected])
[21:02:16] <SallyCroak> awesome video selection!
[21:03:22] *** Quits: Epidem1x ([email protected]) (Client Quit)
[21:05:48] *** Quits: ReidB ([email protected]) (Ping timeout: 252 seconds)
[21:06:10] *** Quits: KALRONG ([email protected]) (Ping timeout: 252 seconds)
[21:07:28] *** Joins: zzoru ([email protected])
[21:08:38] *** Joins: bool101 ([email protected])
[21:09:30] * bool101 waves hello
[21:09:41] *** Quits: Yogurt ([email protected]) (Client Quit)
[21:11:41] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[21:12:20] *** Joins: RoadKill ([email protected])
[21:13:15] * Lightning waves back
[21:14:15] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[21:15:15] *** Quits: zzoru ([email protected]) (Ping timeout: 252 seconds)
[21:15:18] *** Joins: lurcifer ([email protected])
[21:16:26] *** Joins: autolycos ([email protected])
[21:16:30] *** Quits: WebIRC6208 ([email protected]) (Client Quit)
[21:16:35] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[21:16:55] *** Quits: lurcifer ([email protected]) (Client Quit)
[21:17:54] *** Joins: WebIRC42649 (~7d1@2001:da8:b800:228:1d6a:c22b:9e2f:2d19)
[21:18:10] *** Quits: vap0r ([email protected]) (Client Quit)
[21:18:40] *** Joins: lurcifer ([email protected])
[21:19:06] *** Quits: autolycos ([email protected]) (Client Quit)
[21:19:25] *** Joins: emtzlqjm ([email protected])
[21:19:38] <rad> On CGC environment can we run edb or any other gui debugger
[21:19:46] *** Quits: emtzlqjm ([email protected]) (Remote host closed the connection)
[21:19:49] *** Joins: lcwntq ([email protected])
[21:20:12] *** Quits: [SaH]vasporig ([email protected]) (Client Quit)
[21:20:42] *** Joins: WebIRC3387 ([email protected])
[21:21:00] *** Joins: WebIRC85611 ([email protected])
[21:21:03] <vito> idk
[21:21:06] <orbit> Is this LegitBS Bank support? I’m stuck in Tijuana and I seem to have lost my password to the online system, my username was something like admeen or admin ….
[21:21:11] <vito> if they're a wrapper over gdb, maybe
[21:21:16] *** Joins: WebIRC3632 ([email protected])
[21:21:20] <vito> orbit: try •••••••
[21:21:20] *** Joins: Question (~7d1@2001:da8:b800:228:1d6a:c22b:9e2f:2d19)
[21:21:36] *** Quits: lurcifer ([email protected]) (Client Quit)
[21:21:39] <SallyCroak> don't you know that irc censors your password if you type it in?
[21:21:53] *** Quits: WebIRC42649 (~7d1@2001:da8:b800:228:1d6a:c22b:9e2f:2d19) (Client Quit)
[21:21:55] <Question> I'm sorry but this contest doesn't have web?
[21:22:06] *** Joins: KALRONG ([email protected])
[21:22:12] <Lightning> Web? What is that?
[21:22:19] <orbit> thanks vito, worked!
[21:22:34] <orbit> just gotta find an atm…
[21:22:52] <Question> web pentest
[21:23:09] <enen> websexual
[21:23:15] <orbit> SallyCroak you probably dont have the supported banking client
[21:24:02] <Lightning> never heard of web pen testing, is that anything like tracert?
[21:25:02] *** Quits: Question (~7d1@2001:da8:b800:228:1d6a:c22b:9e2f:2d19) (Client Quit)
[21:25:56] *** Joins: Question (~7d1@2001:da8:b800:228:1d6a:c22b:9e2f:2d19)
[21:25:57] <WebIRC3387> It's something like removing a web nest at the top of the ceiling in your house
[21:26:25] *** Quits: rad ([email protected]) (Remote host closed the connection)
[21:26:42] <Ymgve> is something up with the legit_00003 challenge? it doesn't seem to respond the same way even though I give it the same input
[21:26:43] <Question> Jeopardy-style CTFs has a couple of questions (tasks) in range of categories. For example, Web, Forensic, Crypto, Binary or something else.
[21:26:51] <bspar> lol
[21:27:01] *** Quits: its_a_feature ([email protected]) (Client Quit)
[21:27:29] <Lightning> We have Baby’s First, Coding, See Gee, Sea, Pwnable, Reverse Engineering, There I Fixed it. Any of those fit? :)
[21:27:55] <vito> fwiw none of them support sqlmap
[21:27:56] <cao> recon and forensics are clearly missing
[21:28:10] <rhydis> all categories are accessible through a *web* interface if that helps
[21:28:12] <cao> those are the bestest
[21:28:18] * gynophage slaps cao around a bit with a large tope
[21:28:37] <vito> i do know that https://cgc-docs.legitbs.net/ isn't a secret ctf challenge
[21:28:47] <gynophage> We had recon.
[21:28:50] <gynophage> It was fucking research CGC.
[21:28:53] <gynophage> You ALL fucking failed.
[21:29:02] * vito looks at cgc category solutions
[21:29:05] <vito> well, some teams didn't fail
[21:29:17] *** Joins: ling ([email protected])
[21:29:23] <Lightning> Question: Can I use my cgi to access the http of the url on the browser of the remote server?
[21:29:52] *** Joins: Xaxxix ([email protected])
[21:29:54] <Ymgve> can someone verify that legit_00003 works as intended now? because it seems like it has some wires crossed and I get the response from other people's exploits
[21:30:18] <cao> Ymgve: works as intended
[21:30:55] <Ymgve> it's just that it crashes on input that's _not_ supposed to crash it
[21:31:32] *** Quits: Question (~7d1@2001:da8:b800:228:1d6a:c22b:9e2f:2d19) (Client Quit)
[21:32:49] <Lightning> i told gyno, up to him if he responds
[21:33:15] <WebIRC3387> Who is the guy with red hair?
[21:33:36] <Lightning> probably gyno, he usually dyes his hair
[21:34:00] <WebIRC3387> I want to dye my hair like him
[21:34:03] <WebIRC3387> I am fan of him
[21:34:04] <WebIRC3387> ;)
[21:34:25] <Lightning> could have been deadwood too (if i’m not mixing people up) but gyno dyes his hair more
[21:34:47] <gynophage> WebIRC3387: It was probably me.
[21:35:36] <WebIRC3387> Great!
[21:37:54] *** Quits: WebIRC70190 ([email protected]) (Client Quit)
[21:38:17] <fester> I read through https://cgc-docs.legitbs.net/cgc-release-documentation/walk-throughs/understanding-cfe-povs/
[21:38:26] <vito> cool
[21:38:34] <fester> but I don't understand where this goes inside the pov, is there an example pov?
[21:38:43] <gynophage> fester: Yes!
[21:39:09] *** Quits: WebIRC3387 ([email protected]) (Client Quit)
[21:40:01] <gynophage> https://github.com/CyberGrandChallenge/samples/blob/c96765ed584c573c850b1a06ce3fb42ad98dea38/templates/service-template/pov/POV_00002.povxml
[21:40:28] <vito> and the two pov_0 and pov_1 dirs in that template too
[21:40:50] <fester> thank you
[21:41:46] *** Joins: ReidB ([email protected])
[21:42:51] *** Joins: Hankein ([email protected])
[21:43:56] *** Quits: c3h2beamer ([email protected]) (Client Quit)
[21:44:51] <gynophage> fester: <3
[21:44:52] <mserrano> who wrote amadhj?
[21:44:55] <gynophage> hj
[21:44:57] *** Quits: WebIRC7330 ([email protected]) (Client Quit)
[21:44:59] <gynophage> A Mad HJ.
[21:45:06] <hj> surprise
[21:46:10] *** Quits: dt ([email protected]) (Client Quit)
[21:46:17] <hoju> <3
[21:49:07] *** Quits: albn ([email protected]) (Client Quit)
[21:55:01] <dave0x6d> So for step, is this anywhere close to what I should be getting? https://0bin.net/paste/nvl68z6NfoI1lj2v#1aYjxIQtJWQWmwTemt+iTBCw++i6lNqI6ocKwWl3vav
[21:55:29] <dave0x6d> actually no, that can't be it.
[21:56:08] <dave0x6d> hj: I didn't think that data was that private =\
[21:56:21] *** Joins: dt ([email protected])
[21:58:08] *** Joins: cx ([email protected])
[21:59:35] *** Quits: tdrv ([email protected]) (Client Quit)
[22:02:00] <dave0x6d> anyway, that paste is not helpful in the slightly way to other teams if anyone was wondering. it's literally just capstone disassembling a bit of the binary.
[22:02:04] <b2xiao> so now I really want a graph of the scores over time
[22:02:08] <b2xiao> because of the decreasing thing
[22:02:12] <b2xiao> it would be super interesting
[22:05:07] *** Quits: [w33]deorth ([email protected]) (Ping timeout: 252 seconds)
[22:06:23] *** Joins: lurcifer ([email protected])
[22:06:27] <b2xiao> gynophage, hj: anyone up to make a scoreboard graph?
[22:06:35] <b2xiao> it would be interesting to see!
[22:06:50] <hj> that would probably be a vito job
[22:06:53] <hj> he has all the datas
[22:07:23] *** Joins: zzoru ([email protected])
[22:07:56] <Lightning> b2xiao: no promises before the end of quals
[22:08:04] <Lightning> he’s a bit tied up right now
[22:08:04] <sigtrap_> so can you do arithmetic expressions in POVML?
[22:08:16] <hj> there some kinky stuff going on at gynos house
[22:08:30] <gynophage> sigtrap_: XML won't work.
[22:08:32] <Lightning> hj: i should know :)
[22:08:46] <gynophage> Just use the xmlpov2c thing.
[22:08:48] <gynophage> And make a binary.
[22:08:59] <gynophage> b2xiao: That can be a post processing thing. We have all the data.
[22:09:00] <hj> im jealous i have some mad rope skills
[22:09:15] <gynophage> Vito is making slushies for robots.
[22:09:24] <sigtrap_> -_- already did that for the other one, idk why I'm so dumb
[22:09:57] <gynophage> Maybe you just keep bad company?
[22:11:51] *** Quits: lurcifer ([email protected]) (Client Quit)
[22:13:15] *** Joins: lurcifer ([email protected])
[22:14:23] <sigtrap_> I'm going to continue to blame the meds
[22:14:39] *** Quits: WebIRC85611 ([email protected]) (Client Quit)
[22:14:47] <crowell> 420 med it
[22:14:52] <gynophage> I did mis-inform earlier.
[22:14:57] <gynophage> I thought XML would work. I was wrong.
[22:15:11] <gynophage> Someone thought checking the extension instead of the file magic was a good idea.
[22:15:19] *** Quits: lurcifer ([email protected]) (Client Quit)
[22:15:34] <gynophage> (cb-replay-pov issue)
[22:15:46] <gynophage> Err..."feature"
[22:16:34] *** Quits: spaghetti ([email protected]) (Ping timeout: 252 seconds)
[22:16:50] *** Joins: lurcifer ([email protected])
[22:18:04] *** Joins: spaghetti ([email protected])
[22:18:26] <zzoru> gynophage: Will you patch that?
[22:18:53] <gynophage> No.
[22:18:54] *** Quits: lurcifer ([email protected]) (Client Quit)
[22:19:22] <gynophage> That'd be like asking me to patch busybox to not crash if argv[0] is NULL.
[22:19:50] <zzoru> Nope, xml problem
[22:20:50] <gynophage> There's a tool to change xml to c.
[22:20:55] <gynophage> Use that.
[22:21:05] <zzoru> Thanks :)
[22:21:29] *** Joins: stick ([email protected])
[22:21:41] *** Joins: ReidB_ ([email protected])
[22:22:36] <whoisj0hngalt> Where is the xmlpov2c tool? Don't immediately see it in the crs vm
[22:23:10] *** Quits: ReidB ([email protected]) (Ping timeout: 252 seconds)
[22:23:18] *** Joins: null ([email protected])
[22:24:05] <gynophage> https://github.com/CyberGrandChallenge/pov-xml2c
[22:24:33] *** Quits: stick_ ([email protected]) (Ping timeout: 252 seconds)
[22:25:57] <dacat> sorry i just woke up and didnt scroll all the way back to see if this was answered, but for Legit_00003 do we send the entire pov XML or just a string
[22:26:14] <gynophage> dacat - binary.
[22:26:21] <dacat> cool thanks!
[22:26:45] <gynophage> So, go run that tool I just mentioned, to make c, and then compile that with the gcc toolchain.
[22:26:48] <gynophage> cgc*
[22:26:53] <dacat> got ya :)
[22:27:07] <gynophage> I thought our stuff supported XML. I was wrong. I'm sorry. :(
[22:27:57] *** Joins: nerder ([email protected])
[22:27:57] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[22:28:24] *** Joins: H2 ([email protected])
[22:28:30] *** Joins: tdrv ([email protected])
[22:29:29] *** Quits: nerder ([email protected]) (Client Quit)
[22:29:57] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[22:31:36] <power> if i want to solve legit00003
[22:31:52] <power> should i read all of https://cgc-docs.legitbs.net???
[22:32:20] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[22:32:39] *** Quits: rms ([email protected]) (Client Quit)
[22:34:03] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[22:34:35] <dave0x6d> power: no, only line numbers that are multiples of log(2^π)
[22:35:35] *** Quits: tdrv ([email protected]) (Client Quit)
[22:36:04] *** Quits: bigred ([email protected]) (Client Quit)
[22:36:43] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[22:36:48] *** Joins: [w33]deorth ([email protected])
[22:37:16] <toomanybananas> heh
[22:37:19] <r3dey3> I thought it was multiples of ln(e^2).. man i was wrong
[22:37:32] <toomanybananas> pretty sure i solved 334 cuts in the complete opposite way of intended
[22:38:45] <anthraxx> gynophage: can I /q you for a question about libpov?
[22:38:46] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[22:39:28] *** Joins: [w33]deo1th ([email protected])
[22:39:33] *** Quits: [w33]deo1th ([email protected]) (Client Quit)
[22:39:49] *** Quits: [w33]deorth ([email protected]) (Client Quit)
[22:39:59] *** Joins: [w33]deorth ([email protected])
[22:40:30] *** Joins: WebIRC7330 ([email protected])
[22:40:43] <[w33]deorth> wtf is matineechannel
[22:40:52] <[w33]deorth> and why am I seeing snow on the music feed :)
[22:41:47] *** Quits: WebIRC7330 ([email protected]) (Client Quit)
[22:42:55] *** Quits: KALRONG ([email protected]) (Client Quit)
[22:43:19] <hoju> because youtube
[22:43:25] <[w33]deorth> :)
[22:43:31] *** Joins: structure ([email protected])
[22:43:32] <[w33]deorth> it happens
[22:43:37] *** Quits: spaghetti ([email protected]) (Remote host closed the connection)
[22:44:08] * nwx wonders where said music feed might reside on the internets
[22:44:16] *** Joins: spaghetti ([email protected])
[22:44:17] * [w33]deorth points to the topic
[22:44:45] <nwx> oh 
[22:44:50] * nwx facepalms
[22:44:57] *** Quits: WebIRC70842 ([email protected]) (Client Quit)
[22:45:02] <[w33]deorth> :)
[22:49:48] *** Joins: agix ([email protected])
[22:50:08] <[w33]deorth> I’ve never actually seen the video for what does the fox say
[22:50:11] <[w33]deorth> thank you :)
[22:50:48] *** Quits: power ([email protected]) (Client Quit)
[22:50:55] <gynophage> anthraxx: Sure!
[22:51:12] *** Joins: heapisnotfun ([email protected])
[22:51:46] <nwx> what is up with this "music"
[22:51:49] <nwx> ಠ_ಠ 
[22:52:07] <[w33]deorth> not all music is musical :)
[22:52:26] <heapisnotfun> maybe i'm the only one who can't solve heapfun4u until now
[22:52:39] <heapisnotfun> heapfun4u makes me crazy
[22:53:36] *** Quits: spq ([email protected]) (Ping timeout: 252 seconds)
[22:53:39] *** Joins: spq ([email protected])
[22:55:31] *** Joins: FADEC0D3 ([email protected])
[22:55:37] <FADEC0D3> any admins available to ping?
[22:55:43] *** Joins: autolycos ([email protected])
[22:56:07] *** Quits: offw0rld_ ([email protected]) (Client Quit)
[22:57:02] *** Quits: Xaxxix ([email protected]) (Remote host closed the connection)
[22:57:06] <nwx> ಠ_ಠ https://imgur.com/Z05b8Q0
[22:57:16] *** Quits: heapisnotfun ([email protected]) (Client Quit)
[22:57:40] <gynophage> FADEC0D3: Sup?
[22:58:57] *** Quits: okaji39 ([email protected]) (Client Quit)
[22:59:19] *** Joins: dapan ([email protected])
[23:00:19] *** Quits: autolycos ([email protected]) (Client Quit)
[23:00:20] <agix> hello, any documentation how to compile pov from the xml format ?
[23:00:48] *** Joins: autolycos ([email protected])
[23:01:10] <gynophage> https://github.com/CyberGrandChallenge/cb-testing
[23:01:15] <gynophage> cgc-cb.mk
[23:01:18] <gynophage> Has some stuff.
[23:01:33] <agix> mmh ok
[23:01:45] *** Quits: t1deman ([email protected]) (Remote host closed the connection)
[23:01:46] <vito> http://cgc-docs.legitbs.net/pov-xml2c/pov-xml2c/
[23:01:56] <agix> yep to get C code it's okay
[23:02:26] <agix> then I found an ugly way to compile but it does nothing
[23:02:40] <agix> xml crash the binary
[23:02:43] *** Quits: uri ([email protected]) (Remote host closed the connection)
[23:03:04] <agix> not the converted then compiled version
[23:03:29] <[SpamAndHex]KT> how much time b1o0p has to open a new challenge?
[23:03:46] <ltfish> they are making a really careful decision :-)
[23:04:14] *** Quits: rhydis ([email protected]) (Ping timeout: 252 seconds)
[23:04:22] *** Joins: WebIRC45137 ([email protected])
[23:04:34] *** Joins: Shortman ([email protected])
[23:04:42] *** Quits: WebIRC45137 ([email protected]) (Client Quit)
[23:04:49] *** Joins: WebIRC18115 ([email protected])
[23:04:51] <cao> stalling you mean to have more time to solve LEGIT_00002 ;-)
[23:05:00] *** Joins: WebIRC75432 ([email protected])
[23:05:50] *** Quits: H2 ([email protected]) (Client Quit)
[23:07:47] <gynophage> If they don't pick soon, we'll pick one so we can go to bed.
[23:08:27] <ltfish> patching is open
[23:08:50] <ltfish> free points for b1o0p I guess :-)
[23:10:13] *** Joins: WebIRC98736 ([email protected])
[23:10:28] *** Joins: WebIRC22159 ([email protected])
[23:10:39] <WebIRC22159> hey, I can't resolve the hostname to submit my 04 patch
[23:11:22] <gynophage> WebIRC22159: Looking at it.
[23:11:37] *** Joins: okaji39 ([email protected])
[23:12:15] <tylerni7> lol
[23:12:16] <tylerni7> sniped
[23:12:20] <tylerni7> lolol
[23:12:25] <WebIRC22159> dammit I still can’t resolve
[23:12:35] <[w33]deorth> did you reboot?
[23:12:40] *** Joins: giosch ([email protected])
[23:12:40] <WebIRC22159> dig +trace
[23:12:44] <WebIRC22159> from a different box too
[23:12:53] <tylerni7> WebIRC22159: ;)
[23:13:19] <giosch> are there any admin that can help me with cgc pov file format?
[23:13:23] <[w33]deorth> https://www.youtube.com/watch?v=SXmv8quf_xM
[23:14:07] <gynophage> Question text updated.
[23:14:09] <gynophage> Sorry.
[23:14:11] <WebIRC18115> Address: 8.8.8.8#53
[23:14:11] <WebIRC18115> ** server can't find legit_00004_patch_c87784d25829f281e6d0205eaac5da7c.shallweplayaga.me: NXDOMAIN
[23:14:17] <WebIRC18115> What is the IP for that?
[23:14:19] <gynophage> WebIRC18115: Missing quals
[23:14:29] *** Joins: t1deman ([email protected])
[23:14:31] <gynophage> legit_00004_patch_{}.quals.shallweplayaga.me
[23:14:39] <gynophage> We updated the question text.
[23:14:43] <WebIRC22159> dammit I would've had first blood on that
[23:14:44] <WebIRC18115> I see
[23:14:50] <WebIRC22159> refreshed right as it came up and it didn't resolve :(
[23:14:53] <tylerni7> WebIRC22159: we were pretty quick on the f5 waiting for it
[23:15:04] <WebIRC22159> I had the line ready, was just waiting for a hostname
[23:15:23] <WebIRC22159> gj, still salty though :)
[23:15:24] *** Quits: eegeek (~eegeek@hackint/user/eegeek) (Ping timeout: 240 seconds)
[23:15:28] <tylerni7> WebIRC22159: :P
[23:15:31] <cd80> wow
[23:15:34] <WebIRC98736> '
[23:15:35] <cd80> ppp guessed the url
[23:15:45] <WebIRC25733> *pattern matched
[23:16:13] <withzombies> does anyone else have issues with ida 6.9 on the mac?
[23:16:19] <withzombies> it stops letting me click on things in hexrays
[23:16:21] <withzombies> :(
[23:16:27] <cao> withzombies: I can try, just send me your ida
[23:16:32] <WebIRC22159> it works fine here, both wine and not
[23:16:40] <withzombies> i mean the os x version
[23:16:40] <dwn> working fine on windows here
[23:16:47] <withzombies> the windows one always works
[23:16:50] <withzombies> its the only one they test
[23:16:50] <dwn> ;)
[23:16:57] <marble> I have problems with my binary
[23:17:10] <marble> It's too many one and too few zeros
[23:17:12] *** Joins: bigred ([email protected])
[23:17:14] <dwn> withzombies: binja allows you to click on things
[23:17:17] *** Quits: WebIRC18115 ([email protected]) (Client Quit)
[23:17:33] *** Joins: eegeek (~eegeek@hackint/user/eegeek)
[23:18:01] <WebIRC22159> withzombies: I use both mac and windows, both work really well here
[23:18:06] *** Joins: add1ct ([email protected])
[23:18:08] <gynophage> PPP - we're cooling you down soon.
[23:18:12] <gynophage> Pick your poison.
[23:18:44] <gynophage> We're trying to decide if we get to sleep.
[23:18:54] *** Quits: t1deman ([email protected]) (Ping timeout: 252 seconds)
[23:19:11] <b2xiao> it would be interesting to see!
[23:19:20] <b2xiao> up-enter fail
[23:20:15] <withzombies> dwn: i use binja
[23:20:30] * nwx is slightly confused
[23:20:33] <nwx> *very
[23:22:03] *** Quits: kkk ([email protected]) (Client Quit)
[23:22:29] <e^ipi> withzombies: nope, works fine with me
[23:24:57] *** Quits: IAmG0d ([email protected]) (Client Quit)
[23:25:25] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[23:26:05] *** Joins: TheVamp_ ([email protected])
[23:28:16] <toomanybananas> wtf am i watching
[23:29:06] <[w33]Luwenth> Something hysterically funny... 
[23:29:07] <nsr_> toomanybananas: the distraction module? :P
[23:29:27] <[w33]Luwenth> "36 D batteries"
[23:29:52] <[w33]deorth> hehe
[23:29:54] *** Quits: TheVamp ([email protected]) (Ping timeout: 252 seconds)
[23:30:01] <[w33]deorth> this is... bizarre
[23:30:04] <[w33]deorth> but good
[23:31:14] <[w33]Luwenth> "it'd take a lot of work to whip this dip by hand" ... uh... sure it wou.d.
[23:31:16] <dm_me_ur_flags> thanks for the fun
[23:31:17] <[w33]Luwenth> (would)
[23:31:25] *** Parts: dm_me_ur_flags ([email protected]) ()
[23:35:50] *** Quits: giosch ([email protected]) (Client Quit)
[23:36:08] <hoju> poor dip
[23:36:13] <[w33]deorth> :)
[23:36:56] <computerality> what team solved easier?
[23:36:56] *** Quits: ling ([email protected]) (Remote host closed the connection)
[23:37:28] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[23:37:40] *** Joins: ling ([email protected])
[23:37:50] <gynophage> DEFKOR
[23:39:00] <[w33]Luwenth> How do we get the weekend playlist out of musiqpad ??? 
[23:39:38] <gynophage> [w33]Luwenth: Check your youtube history.
[23:39:39] <gynophage> <3
[23:40:24] <[w33]Luwenth> gynophage: Hahaha... no.  You've been playing on my xbox all weekend.
[23:40:32] <gynophage> Aww. :\
[23:40:34] <[w33]Luwenth> But I found it :) 
[23:40:52] <[w33]Luwenth> (so you know, if you do pwn my xbox, please go level me up in Fallout4 a bunch.  kthxbye)
[23:41:09] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[23:41:25] <[w33]Luwenth> Oh dammit, history is only 50 deep :( 
[23:43:24] <[w33]Luwenth> How can I remember all the distractoids when I'm trying to feedme!
[23:43:28] *** Joins: kkk ([email protected])
[23:43:54] *** Joins: WebIRC88495 ([email protected])
[23:44:06] <rabidwh0re> man, all this shit is over my head. Didn't solve any challs, but I guess my IDA and angr skills are better now.¯\_(ツ)_/¯
[23:44:22] <nwx> ^
[23:44:53] <nwx> hey is this Intel or AT&T? https://www.exploit-db.com/exploits/39700/
[23:46:00] <[w33]Luwenth> I'm betting intel.
[23:46:05] <[w33]deorth> looks like it
[23:46:09] <[w33]Luwenth> I think att tends to put % and $ all over the place.
[23:46:18] <[w33]deorth> att always looks noisy
[23:46:52] <nwx> but don't intel registers usually not start with r: eax eip vs. rax rsi...
[23:47:09] <rabidwh0re> "sub    sp,0xfef" makes me think its ATT
[23:47:09] <[w33]deorth> thats 32 bit vs 64bit
[23:47:18] <nwx> ah
[23:47:23] <[w33]deorth> 64 bit intel registers start with r
[23:47:29] <rabidwh0re> but im shit at asm
[23:47:40] <gynophage> [w33]deorth: Then what about r0 in MIPS?
[23:47:41] <gynophage> #REKT
[23:47:46] <[w33]deorth> well yeah
[23:47:52] <[w33]deorth> I'm giving the guy generalizations :)
[23:48:13] <[w33]deorth> you want specifics, I say RTFM
[23:48:22] <[w33]deorth> :)
[23:48:28] <nwx> [w33]deorth: lol i though you said "gay generalizations"
[23:48:59] *** Joins: giosch ([email protected])
[23:49:04] *** Quits: at1as ([email protected]) (Read error: Connection reset by peer)
[23:50:24] *** Joins: at1as ([email protected])
[23:52:06] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[23:53:06] *** Quits: WebIRC95042 ([email protected]) (Client Quit)
[23:54:53] <[w33]deorth> jesus gyno
[23:55:00] <[w33]deorth> 8 mins of this ?
[23:55:05] <gynophage> 10.
[23:55:15] <[w33]deorth> I guess it could have been nyancat
[23:55:17] <gynophage> We're tired.
[23:55:22] <[w33]deorth> I will count my blessings
[23:55:22] <gynophage> I kinda forgot I was DJ.
[23:55:38] <[w33]deorth> the music channel has been pretty awesome
[23:55:53] *** Quits: Octothrope ([email protected]) (Client Quit)
[23:56:19] <fester> how can i tell if a pov is successful? I just get #done #waiting
[23:57:24] <gynophage> fester: You'll get a flag.
[23:57:30] <fester> locally
[23:58:50] *** Joins: q1a1 ([email protected])

20160522.log

[00:01:21] *** Quits: TheVamp_ ([email protected]) (Ping timeout: 252 seconds)
[00:02:31] <dacat> yeah so im not having any luck compiling output of the pov-xml2c :(
[00:03:22] <dacat> nvm 
[00:03:32] <fester> lol
[00:03:39] <dacat> hehe
[00:04:17] *** Quits: Lightning ([email protected]) (Client Quit)
[00:04:34] *** Quits: selir ([email protected]) (Client Quit)
[00:05:48] *** Joins: WebIRC87118 ([email protected])
[00:06:48] *** Quits: WebIRC87118 ([email protected]) (Client Quit)
[00:08:14] *** Quits: WebIRC52671 ([email protected]) (Client Quit)
[00:08:29] *** Quits: WebIRC88495 ([email protected]) (Client Quit)
[00:09:03] *** Quits: FADEC0D3 ([email protected]) (Ping timeout: 252 seconds)
[00:13:45] *** Quits: autolycos ([email protected]) (Client Quit)
[00:15:37] *** Joins: autolycos ([email protected])
[00:16:19] *** Joins: t1deman ([email protected])
[00:17:24] *** Joins: FADEC0D3 ([email protected])
[00:20:47] *** Quits: t1deman ([email protected]) (Ping timeout: 252 seconds)
[00:21:58] *** Quits: FADEC0D3 ([email protected]) (Ping timeout: 252 seconds)
[00:26:19] *** Joins: stick_ ([email protected])
[00:26:50] *** Joins: Sliden ([email protected])
[00:26:50] *** Quits: Sliden_ ([email protected]) (Read error: Connection reset by peer)
[00:28:03] *** Joins: anotherctfer ([email protected])
[00:28:14] *** Joins: nerder ([email protected])
[00:29:09] *** Joins: stick__ ([email protected])
[00:29:18] *** Quits: stick ([email protected]) (Ping timeout: 252 seconds)
[00:29:39] *** Quits: nerder ([email protected]) (Client Quit)
[00:29:53] <WebIRC98736> crippled..
[00:30:44] <Ymgve> it really _is_ crippled
[00:30:50] *** Joins: Sliden_ ([email protected])
[00:31:08] *** Quits: Sliden ([email protected]) (Ping timeout: 252 seconds)
[00:31:10] <Ymgve> whoever coded that compiler must have been drunk :)
[00:31:22] <[w33]deorth> like.. beyond the ballmer peak ?
[00:31:45] *** Quits: tyh (uid164708@2604:8300:100:200b:6667:5:2:8364) (Client Quit)
[00:31:47] *** Quits: stick_ ([email protected]) (Ping timeout: 252 seconds)
[00:32:30] *** Joins: stick ([email protected])
[00:34:43] *** Quits: stick__ ([email protected]) (Ping timeout: 252 seconds)
[00:34:53] *** Quits: WebIRC3632 ([email protected]) (Client Quit)
[00:35:54] *** Joins: WebIRC28460 ([email protected])
[00:36:12] *** Joins: Avery3R ([email protected])
[00:36:37] *** Joins: stick_ ([email protected])
[00:39:16] *** Joins: stick__ ([email protected])
[00:39:29] *** Quits: stick ([email protected]) (Ping timeout: 252 seconds)
[00:39:51] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[00:40:03] *** Joins: tyh ([email protected])
[00:40:24] *** Quits: rawrus ([email protected]) (Ping timeout: 240 seconds)
[00:41:31] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[00:42:08] *** Quits: stick_ ([email protected]) (Ping timeout: 252 seconds)
[00:42:46] *** Joins: stick ([email protected])
[00:44:42] *** Quits: stick__ ([email protected]) (Ping timeout: 252 seconds)
[00:46:40] *** Joins: halb ([email protected])
[00:47:02] *** Joins: stick_ ([email protected])
[00:49:25] *** Joins: stick__ ([email protected])
[00:49:50] *** Quits: stick ([email protected]) (Ping timeout: 252 seconds)
[00:50:11] *** Joins: kalax ([email protected])
[00:50:56] *** Quits: Sliden_ ([email protected]) (Client Quit)
[00:51:58] *** Quits: daniel-wer ([email protected]) (Client Quit)
[00:52:09] <gynophage> Admins going to sleep.
[00:52:13] <gynophage> Minimal support mode.
[00:52:19] *** Quits: stick_ ([email protected]) (Ping timeout: 252 seconds)
[00:53:50] <gynophage> We'll be up in a few shifts for any questions you may have. Good night and good luck!
[00:55:21] *** Joins: rok__ ([email protected])
[00:58:27] *** Joins: johnnyjoe ([email protected])
[00:59:21] <anotherctfer> and the music goes with it? Ahhhh
[01:01:06] <johnnyjoe> feedme is really frustrating me, I've got a local exploit but it won't work remotely for whatever reason
[01:02:13] <Murmus> johnnyjoe: check the topic
[01:07:13] *** Joins: rawrus ([email protected])
[01:09:05] <[w33]Luwenth> Hey M
[01:09:06] <[w33]Luwenth> ~
[01:09:48] *** Quits: AlissonB (~alb@hackint/user/AlissonB) (Client Quit)
[01:09:55] <[w33]Luwenth> feedme has me really frustrated, I haven't figured out where to kill it yet 
[01:10:05] <[w33]Luwenth> (no hints requested, just stating an obvious)
[01:10:22] *** Quits: spaghetti ([email protected]) (Ping timeout: 252 seconds)
[01:11:11] <[w33]Luwenth> And... "Hey Mr. Dj can you get this started..."
[01:11:25] <[w33]deorth> Djs are sleeping now.... :)
[01:11:35] <[w33]Luwenth> Yeah... and they didn't annoint another to fill their void.
[01:11:59] *** Joins: spaghetti ([email protected])
[01:15:34] *** Joins: l0stb1t ([email protected])
[01:17:47] *** Joins: ccchh ([email protected])
[01:17:48] *** Joins: lenerd_ ([email protected])
[01:18:29] *** Joins: t1deman ([email protected])
[01:18:53] *** Quits: cx ([email protected]) (Client Quit)
[01:19:05] *** Quits: clubraum ([email protected]) (Ping timeout: 252 seconds)
[01:19:10] *** Quits: wahrwolf ([email protected]) (Ping timeout: 252 seconds)
[01:19:49] *** Quits: lenerd ([email protected]) (Ping timeout: 252 seconds)
[01:22:50] *** Quits: t1deman ([email protected]) (Ping timeout: 252 seconds)
[01:24:55] <[w33]Luwenth> any radare2 guru's out there?  I have a question about something it just did to me and it doesn't make sense.
[01:26:07] <crowell> ya
[01:26:32] *** Quits: RoadKill ([email protected]) (Client Quit)
[01:26:39] <crowell> [w33]Luwenth: 
[01:26:45] <[w33]Luwenth> iz just stopped showing me strings.   I have a projectfile for this problem.  When I load up the projectfile, iz gives a blank line.  If I load radare2 on the binary, 'aaa', and then iz... I get a ton of strings.  
[01:26:50] <[w33]Luwenth> What stupid thing have I done? :) 
[01:26:59] <WebIRC22159> does radare2 have an undo button
[01:27:13] <[w33]Luwenth> If I knew what I'd done ... 
[01:27:18] <crowell> project files are a bit "wip"
[01:27:26] <[w33]Luwenth> ohfun
[01:27:59] <[w33]Luwenth> Maybe I should go poke the inside of it to see if there's something that looks akimbo to me?
[01:28:16] <WebIRC98736> i want to ask about crippled
[01:28:25] <WebIRC98736> who is there
[01:28:37] <crowell> [w33]Luwenth: ping me on monday in #radare
[01:29:52] <[w33]Luwenth> crowell: If I remove everything in the #meta section, will it rebuild that?
[01:29:59] <[w33]Luwenth> (with the next 'aaa')
[01:30:12] *** Quits: breadsticks ([email protected]) (Client Quit)
[01:31:56] <[w33]Luwenth> #radare on which irc server?
[01:32:00] <crowell> on freenode
[01:32:17] <crowell> and #meta section is just comments
[01:32:18] <[w33]Luwenth> I shouldn't have had to ask, I'm sure that's ont the radare site :) 
[01:32:44] <[w33]Luwenth> About the only thing I care about in the project file is some of the afn's I've done to keep things easier to find.
[01:34:51] *** Quits: sushant94 ([email protected]) (Client Quit)
[01:34:54] <crowell> strings shouldn't disappear, and they dont for me. but that's enough for now :P
[01:35:25] *** Quits: l0stb1t ([email protected]) (Client Quit)
[01:35:26] <[w33]Luwenth> Yeah, not expecting you to diagnose right now.  I wondered if someone knew a magic key combination that would have made that happen.  If they did I could figure out the undo :) 
[01:37:44] <[w33]Luwenth> Ugh, I think I very much broke it.
[01:38:23] <[w33]Luwenth> I think I can recreate pretty quickly though, so no big loss.  And will let me re-organize my thoughts and give me a better idea on how to tackle this problem.   Probably ping on Monday and see what debugging we can do then :)
[01:39:01] *** Joins: FADEC0D3 ([email protected])
[01:39:18] <withzombies> ugh my vagrant shutdown due to my battery life going below 5%
[01:39:20] <withzombies> :(
[01:40:36] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[01:40:58] <WebIRC28460> is there any hint for time_sink in officialy?
[01:41:58] <toomanybananas> hah, my scripts for 334 cuts worked for 666 and 1000 cuts with no modifications :)
[01:42:22] <withzombies> toomanybananas: same :P
[01:42:33] *** Quits: WebIRC25733 ([email protected]) (Client Quit)
[01:42:41] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[01:43:23] <tylerni7> I imagine most people's do... I think that's more a comment on those challs than the solve scripts though :P
[01:44:06] *** Quits: digitalseraphim ([email protected]) (Ping timeout: 252 seconds)
[01:44:30] <withzombies> tylerni7 is just grumpy that his robot is solving all the good challenges
[01:45:12] <tylerni7> well, I'm partially just grumpy in general
[01:45:31] <tylerni7> but our stuff didn't solve those, because of the silly restrictions they have
[01:47:15] <WebIRC98736> no admin?
[01:47:21] <WebIRC98736> i want to ask crippled
[01:47:55] <[w33]Luwenth> gyno is the only one that shows as signed into IRC right now, but I'm pretty sure he said he was off sleepign...
[01:48:20] <[w33]Luwenth> If you think you're close and have one small question, I'd document for yourself and go work on something else... 
[01:48:30] <[w33]Luwenth> (just my strategy, may not be a winner)
[01:48:45] <[w33]deorth> yeah gyno is out for a while
[01:48:49] <[w33]deorth> he was pretty darn tired
[01:49:21] <WebIRC98736> is there anyone who solve crippled?
[01:54:39] *** Joins: vap0r ([email protected])
[01:55:39] *** Quits: vap0r ([email protected]) (Client Quit)
[01:58:42] *** Quits: Avery3R ([email protected]) (Client Quit)
[02:00:48] *** Joins: arbiter_ (uid60882@2001:67c:2f08:6::edd2)
[02:02:26] *** Joins: l0stb1t ([email protected])
[02:04:55] <Kokjo> any hints for kiss?
[02:05:07] <[w33]Luwenth> pucker up?
[02:05:17] <[w33]Luwenth> Or 'Detroit Rock City'?
[02:06:32] *** Joins: bic ([email protected])
[02:08:44] *** Joins: poizan42 ([email protected])
[02:08:59] <[w33]deorth> I'm more a god of thunder guy myself
[02:09:05] <[w33]deorth> or strutter
[02:09:06] <poizan42> Is easier down?
[02:09:54] <withzombies> ugh how do i debug a binary pov
[02:10:01] <withzombies> bmc
[02:10:16] <[w33]Luwenth> bi-nary ... so you do it twice?
[02:11:55] <[w33]deorth> that'll take like.. 6 minutes tho
[02:12:02] <[w33]deorth> (yes its that point in the evening)
[02:12:20] *** Joins: WebIRC87800 ([email protected])
[02:12:43] <[w33]Luwenth> did you need goatse inspirational imagery?
[02:13:15] *** Quits: whoisj0hngalt ([email protected]) (Client Quit)
[02:13:21] <memed4> any op there for Problem easier?
[02:14:16] <[w33]Luwenth>  /names -ops 
[02:15:25] <[w33]Luwenth> FYI: w33t34m has been the bad comedy branch / anti-rant branch of quals for ... a decade now?  we have fun with the puzzles but if we solve them it's a small miracle.
[02:15:44] <[w33]Luwenth> So asking us "hey, how did you tackle NNNN?" isn't gonna get you far. 
[02:15:49] <[w33]Luwenth> Plus, we read the rules.
[02:16:02] *** Quits: ling ([email protected]) (Remote host closed the connection)
[02:16:46] *** Joins: nerder ([email protected])
[02:20:48] *** Joins: WebIRC30395 ([email protected])
[02:21:31] *** Quits: autolycos ([email protected]) (Client Quit)
[02:23:15] *** Joins: autolycos ([email protected])
[02:23:55] *** Quits: WebIRC30395 ([email protected]) (Client Quit)
[02:25:20] *** Quits: nerder ([email protected]) (Client Quit)
[02:26:02] <rg> 0ly
[02:27:02] *** Quits: WebIRC35378 ([email protected]) (Client Quit)
[02:30:59] <WebIRC98736> who can answer about crippled
[02:32:58] *** Joins: unused ([email protected])
[02:33:43] *** Joins: nerder ([email protected])
[02:35:06] *** Joins: rad ([email protected])
[02:37:09] <sewilton> I really like the patch category this year
[02:37:14] *** Joins: hexkcd ([email protected])
[02:37:24] *** Joins: wahrwolf ([email protected])
[02:38:14] <sewilton> + my whole team has been enjoying the dynamic point system. Nice job with quals :)
[02:38:34] *** Quits: wahrwolf ([email protected]) (Remote host closed the connection)
[02:39:38] *** Quits: WebIRC49603 ([email protected]) (Client Quit)
[02:39:44] *** Joins: WebIRC49603 ([email protected])
[02:40:23] *** Joins: Ninn ([email protected])
[02:40:40] *** Quits: rad ([email protected]) (Client Quit)
[02:41:20] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[02:43:00] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[02:45:24] *** Quits: autolycos ([email protected]) (Client Quit)
[02:45:44] *** Quits: l0stb1t ([email protected]) (Client Quit)
[02:46:00] *** Joins: l0stb1t ([email protected])
[02:47:31] *** Quits: nerder ([email protected]) (Client Quit)
[02:47:35] *** Quits: okaji39 ([email protected]) (Client Quit)
[02:48:07] *** Quits: bic ([email protected]) (Client Quit)
[02:50:09] *** Joins: rad ([email protected])
[02:51:26] *** Joins: rad_ ([email protected])
[02:52:44] <poizan42> Any organizers who's awake? easier seems to be down
[02:53:21] <sewilton> Try harder. I found it to be easier
[02:53:42] <poizan42> connection times out...
[02:54:17] *** Quits: rad_ ([email protected]) (Remote host closed the connection)
[02:56:05] *** Quits: stick__ ([email protected]) (Remote host closed the connection)
[02:56:57] <fester> any admins on still?
[02:57:12] *** Quits: kalax ([email protected]) (Client Quit)
[02:57:52] <[w33]Luwenth> '/names -ops' will tell you who the admins are.  However, I am betting they are all asleep right now.
[02:58:46] *** Joins: wahrwolf ([email protected])
[02:59:50] <fester> literally the only thing that i submit in the POV is "3\n" and the legit3 segfaults
[03:00:04] <[w33]Luwenth> Is that valid for a POV? 
[03:00:11] <fester> yes
[03:00:18] <[w33]Luwenth> Check /topic - it sounds like you might be needing some of the informtaion there
[03:00:23] <fester> i did
[03:01:27] <toomanybananas> if it's segaulting it means you're on the right track ;)
[03:02:49] <fester> not in this case
[03:02:57] <fester> it should exit with 0
[03:09:46] *** Quits: structure ([email protected]) (Client Quit)
[03:11:53] <WebIRC28460> any hint for time_sink?
[03:12:37] *** Joins: WebIRC70842 ([email protected])
[03:14:47] <anotherctfer> I can't even get it to run
[03:14:51] <anotherctfer> have you gotten that far?
[03:15:08] *** Joins: SandwichMan ([email protected])
[03:15:49] <fester> i think all their cgc binaries are just segfaulting
[03:17:04] <WebIRC22159> hint for time sink is you need a dll if it's broken
[03:17:46] <anotherctfer> Thanks!!!!!
[03:18:29] *** Quits: autolycos1 ([email protected]) (Client Quit)
[03:20:29] *** Joins: t1deman ([email protected])
[03:20:31] <SandwichMan> anyone else finding differences in running step locally v remote after key1?
[03:21:26] *** Joins: WebIRC15744 ([email protected])
[03:21:43] <SandwichMan> the server outputs 'key2:' but locally it just exits, no failure or crash
[03:23:54] <toomanybananas> @fester : nope, just tested it and legit 03 works
[03:24:42] <fester> well, shit, what could i be doing that would cause mine to segfault no matter what inputs i give it
[03:24:56] *** Quits: t1deman ([email protected]) (Ping timeout: 252 seconds)
[03:25:23] <toomanybananas> are you building the pov from an xml?
[03:26:11] <dacat> tips for running time sink on win10? doesnt run on any of my pcs
[03:26:11] *** ReidB_ is now known as toofeworanges
[03:26:15] <rad> for the easy-prasky-with-buffalo-on-bing do we need any pov or something like that?
[03:26:38] <toomanybananas> rad: no, connect to the server and read the instructions
[03:26:47] *** Joins: autolycos ([email protected])
[03:26:56] <toofeworanges> WHERE ARE THERE EXTRA ORANGES???
[03:27:03] *** Joins: H2 ([email protected])
[03:27:24] *** Parts: H2 ([email protected]) ()
[03:28:01] <fester> toofeworanges: i'm submitting the xml
[03:28:27] <toofeworanges> Oh thank god. XML Orange services will save us all from scurvy!
[03:29:03] *** Joins: H2 ([email protected])
[03:29:11] <fester> toomanybananas: yes
[03:29:39] *** toofeworanges is now known as ReidB
[03:31:29] <fester> toomanybananas: thank you
[03:31:30] <toomanybananas> @fester: i'm not sure if you can submit an xml, i couldn't get it to work that way
[03:32:02] *** Quits: gael (~gael@2a01:e34:ec02:c450:d547:b4b7:2303:2487) (Client Quit)
[03:32:06] <toomanybananas> but if you have an xml you can build it and submit that
[03:33:19] <FADEC0D3> do we have to patch the binary to solve the cgc cb challenges?
[03:34:09] *** Joins: L0rdComm4ander ([email protected])
[03:35:23] <toomanybananas> FADECOD3: for the patch ones yeah
[03:35:37] <FADEC0D3> such as LEGIT_00003 ?
[03:35:45] <FADEC0D3> oh I see
[03:35:58] <FADEC0D3> Thanks
[03:35:59] *** Quits: null ([email protected]) (Client Quit)
[03:36:10] * dino enters the chat
[03:36:45] *** Quits: toomanybananas ([email protected]) (Client Quit)
[03:38:50] *** Joins: insaida ([email protected])
[03:42:06] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[03:43:12] *** Quits: l0stb1t ([email protected]) (Client Quit)
[03:43:27] *** Joins: l0stb1t ([email protected])
[03:44:28] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[03:44:49] <FADEC0D3> still trying to get the pov xml formatted correctly
[04:06:35] <FADEC0D3> any admins on?
[04:06:44] <gynophage> Yeah
[04:06:50] <FADEC0D3> ah cool
[04:06:52] *** Quits: L0rdComm4ander ([email protected]) (Client Quit)
[04:10:01] <agix> still a problem for us too
[04:10:41] *** Quits: l0stb1t ([email protected]) (Client Quit)
[04:11:53] *** Quits: autolycos ([email protected]) (Client Quit)
[04:12:18] *** Joins: meumeu ([email protected])
[04:12:24] <gynophage> Easier has been restarted.
[04:14:53] *** Joins: autolycos ([email protected])
[04:16:34] *** Quits: kakakikikaka ([email protected]) (Remote host closed the connection)
[04:16:49] *** Joins: kakakikikaka ([email protected])
[04:18:17] *** Joins: TheVamp_ ([email protected])
[04:19:20] *** Joins: shivanshu ([email protected])
[04:21:35] *** Quits: H2 ([email protected]) (Client Quit)
[04:24:29] *** Quits: hexkcd ([email protected]) (Client Quit)
[04:24:29] <gynophage> I'm up for another 6 minutes.
[04:24:34] <gynophage> Then I'm back to sleep.
[04:24:40] <gynophage> Any other views?
[04:24:42] <gynophage> fires*
[04:26:32] *** Joins: joemalone ([email protected])
[04:27:48] <SallyCroak> the video stream is dead
[04:28:33] *** Joins: NeedToLearn (~NeedToLea@2a01:e35:8b3c:cd30:169:337d:cc86:9566)
[04:29:34] <aterribleloss> this ^
[04:30:18] *** Quits: NeedToLearn (~NeedToLea@2a01:e35:8b3c:cd30:169:337d:cc86:9566) (Client Quit)
[04:34:20] <gynophage> Fixed.
[04:37:12] *** Joins: w0 ([email protected])
[04:38:31] *** Quits: w0 ([email protected]) (Client Quit)
[04:40:07] <gynophage> Alright. Back to sleep.
[04:40:11] <gynophage> Good job on Glados.
[04:40:41] *** Joins: gael (~gael@2a01:e35:2425:a090:28e2:832:1c59:5d70)
[04:42:04] *** Joins: csec ([email protected])
[04:42:17] *** Quits: joemalone ([email protected]) (Client Quit)
[04:42:39] *** Joins: WebIRC25733 ([email protected])
[04:43:21] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[04:44:20] <agix> woot solve our first cgc !
[04:44:27] *** Quits: WebIRC25733 ([email protected]) (Client Quit)
[04:44:44] <agix> we should have trouble converting xml to c
[04:44:50] <agix> so we directly wrote c
[04:44:51] <agix> pov
[04:44:55] <agix> like this one
[04:44:56] <agix> https://github.com/CyberGrandChallenge/samples/blob/master/examples/CROMU_00071/pov_1/pov.c
[04:45:26] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[04:45:33] *** Quits: Ninn ([email protected]) (Client Quit)
[04:50:10] *** Joins: uri ([email protected])
[04:52:34] *** Quits: rabidwh0re ([email protected]) (Ping timeout: 252 seconds)
[04:53:23] *** Quits: agix ([email protected]) (Client Quit)
[04:54:58] *** Joins: L0rdComm4ander (~Adium@2001:690:2100:1b:f031:ba59:a048:5920)
[04:58:26] *** Quits: shivanshu ([email protected]) (Ping timeout: 252 seconds)
[05:02:00] <WebIRC22159> nooooo binja
[05:05:20] *** Joins: rffdtdtdtrdtrrth ([email protected])
[05:06:00] <Kokjo> gynophage: Do you have any hints for kiss?
[05:07:24] *** Quits: andy ([email protected]) (Ping timeout: 240 seconds)
[05:07:49] <WebIRC98736> anyone who can talk about crippled
[05:09:31] *** Joins: ManyAAsForFun ([email protected])
[05:09:48] *** Quits: mgaya ([email protected]) (Ping timeout: 252 seconds)
[05:10:05] <rok__> any one here to help me on feedme
[05:10:21] <rok__> challenge 
[05:10:44] <ManyAAsForFun> any chance the libc has been dropped for kiss?
[05:15:02] *** Joins: andy ([email protected])
[05:15:58] *** Joins: ling ([email protected])
[05:17:16] *** Quits: lenerd_ ([email protected]) (Read error: Connection reset by peer)
[05:17:39] *** Joins: lenerd ([email protected])
[05:22:54] *** Joins: t1deman ([email protected])
[05:23:51] <amadan> is there an admin available for  b3s23?
[05:26:52] *** Quits: ling ([email protected]) (Remote host closed the connection)
[05:27:08] *** Quits: WebIRC70842 ([email protected]) (Client Quit)
[05:27:19] *** Quits: t1deman ([email protected]) (Ping timeout: 252 seconds)
[05:27:24] <meumeu> is there any problem with cgc probs?
[05:27:40] <meumeu> server cannot connect itself
[05:28:40] *** Quits: autolycos ([email protected]) (Client Quit)
[05:29:53] <ricky> Aw, we don't get to choose what to open next? :-(
[05:30:58] <meumeu> Is PoV servers running properly?
[05:32:55] <amadan> is the b3s23 service running correctly? i've set it up on another machine and tested it successfully, but it doesn't for for the official one
[05:33:04] <sewilton> ricky:  you should pick "There I Fixed It"
[05:34:07] <WebIRC22159> amadan: read topic
[05:34:58] *** Joins: shivanshu ([email protected])
[05:35:48] <amadan> myeah but b3s23 is in the coding category; still applicable i guess
[05:36:37] *** Quits: insaida ([email protected]) (Client Quit)
[05:39:48] *** Quits: WebIRC98736 ([email protected]) (Excess Flood)
[05:40:10] *** Joins: WebIRC79009 ([email protected])
[05:40:11] <bool101> not wanting to open another one?
[05:40:46] *** sewilton is now known as [ppp]tylerni
[05:40:55] <[ppp]tylerni> hj: we decided to open a new fix it problem
[05:41:17] <WebIRC22159> if ppp doesn't pick a category soon I'm going to pick for them
[05:41:47] <ricky> What should we pick?
[05:41:49] <mserrano> lol
[05:41:53] <mserrano> we pick forensics
[05:41:57] <mserrano> where are the forensics
[05:41:58] *** Joins: c21 ([email protected])
[05:42:35] <WebIRC22159> web 436
[05:43:26] <mserrano> actually scratch that
[05:43:28] <mserrano> we pick ucucuga
[05:43:48] <WebIRC22159> potent potables
[05:44:07] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[05:44:23] <bool101> I really like the scoring for quals
[05:44:32] <WebIRC22159> the part where you're near the top?
[05:44:58] <bool101> very elegant way to discourage flag sharing and remove bias from difficulty assessments
[05:45:05] *** [ppp]tylerni is now known as sewilton
[05:46:38] *** Joins: nerder ([email protected])
[05:47:34] *** Quits: FADEC0D3 ([email protected]) (Ping timeout: 252 seconds)
[05:47:55] <WebIRC79009> !p
[05:48:03] *** Quits: nerder ([email protected]) (Client Quit)
[05:48:29] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[05:53:05] *** Quits: WebIRC87800 ([email protected]) (Client Quit)
[06:00:10] *** Quits: ManyAAsForFun ([email protected]) (Client Quit)
[06:00:24] *** Joins: WebIRC25980 ([email protected])
[06:02:02] *** Quits: johnnyjoe ([email protected]) (Client Quit)
[06:02:55] *** Joins: mandlebro (~ben@2001:690:2100:1b:51f9:7e18:fd52:732)
[06:03:56] *** Joins: dmz (~02@2a04:5c87:300:1134:290:f5ff:feed:d83e)
[06:04:06] <dmz> hi, admin here for easy-pranky ?
[06:05:32] <dmz> why I keep getting this trying to debug in gdb : Program terminated with signal SIGCHLD, Child status changed.
[06:06:12] <WebIRC22159> handle SIGCHLD nostop
[06:07:47] <dmz> yup but even with that I cant step
[06:08:11] <dmz> when the breakpoint is hit, trying "si" and bim get this fuckig sicgchld in the face
[06:08:23] <dmz> so annoying to use those pesky decree shitz
[06:08:30] <dmz> never works
[06:09:49] *** Joins: WebIRC11307 ([email protected])
[06:11:37] <WebIRC79009> anyone who can talk about crippled?
[06:15:07] *** Joins: rhydis ([email protected])
[06:16:46] *** Quits: WebIRC22159 ([email protected]) (Client Quit)
[06:18:04] *** Quits: hexife ([email protected]) (Client Quit)
[06:25:02] *** Joins: t1deman ([email protected])
[06:26:12] *** Joins: WebIRC35378 ([email protected])
[06:27:14] <dino> any admins online i can talk to about easier?
[06:27:47] *** Quits: WebIRC35378 ([email protected]) (Client Quit)
[06:29:18] <dmz> admin ?$
[06:29:20] <dmz> ffs
[06:29:24] *** Quits: t1deman ([email protected]) (Ping timeout: 240 seconds)
[06:30:15] <c3> anyone to talk about kiss?
[06:39:40] *** Joins: hexife ([email protected])
[06:39:47] *** Joins: daniel-wer ([email protected])
[06:42:19] *** Joins: WebIRC56235 ([email protected])
[06:43:40] *** Joins: FADEC0D3 ([email protected])
[06:46:53] *** Quits: WebIRC56235 ([email protected]) (Client Quit)
[06:47:04] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[06:48:21] *** Quits: FADEC0D3 ([email protected]) (Ping timeout: 252 seconds)
[06:49:09] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[06:49:35] *** Joins: war3tease ([email protected])
[06:52:40] *** Joins: nerder ([email protected])
[06:54:18] *** Quits: nerder ([email protected]) (Client Quit)
[07:00:17] *** Joins: WebIRC61265 ([email protected])
[07:00:25] *** Joins: nerder ([email protected])
[07:05:46] <dmz> worst ctf ever
[07:05:47] <dmz> gg
[07:05:52] *** Quits: dmz (~02@2a04:5c87:300:1134:290:f5ff:feed:d83e) (Client Quit)
[07:06:19] <stypr> his mom is worst, too bad
[07:11:44] <gynophage> What's up?
[07:12:44] *** Quits: nerder ([email protected]) (Client Quit)
[07:12:45] <mserrano> gynophage: needs more wub
[07:12:57] <dino> gynophage: can you tell me what the windows version is for easier?
[07:13:50] <gynophage> https://usercontent.irccloud-cdn.com/file/uR7Z8Eee/Screen%20Shot%202016-05-21%20at%2011.59.33%20AM.png
[07:14:06] <gynophage> dino ^^
[07:14:43] <gynophage> mserrano: Did music stop?
[07:14:59] <dino> gynophage: ty
[07:16:25] *** Quits: rad ([email protected]) (Client Quit)
[07:18:58] *** Joins: nerder ([email protected])
[07:20:21] <mserrano> gynophage: I have no clue
[07:20:49] <mserrano> https://www.youtube.com/watch?v=rY8DSFZ08JQ\
[07:20:56] <mserrano> er https://www.youtube.com/watch?v=rY8DSFZ08JQ
[07:21:45] *** Quits: nerder ([email protected]) (Client Quit)
[07:22:28] *** Joins: XMPPwocky ([email protected])
[07:25:16] *** Quits: cybint1122 ([email protected]) (Remote host closed the connection)
[07:25:31] *** Joins: cybint1122 ([email protected])
[07:26:32] *** Joins: tuxcoder_ ([email protected])
[07:27:07] *** Joins: AlissonB (~alb@hackint/user/AlissonB)
[07:28:09] *** Quits: aradia ([email protected]) (Remote host closed the connection)
[07:29:26] *** Joins: touff ([email protected])
[07:29:28] <gynophage> 2 challenges remain!
[07:32:26] *** Quits: TouF ([email protected]) (Ping timeout: 252 seconds)
[07:32:27] *** Joins: nerder ([email protected])
[07:36:29] *** Quits: spaghetti ([email protected]) (Remote host closed the connection)
[07:40:35] *** Joins: touf__ ([email protected])
[07:41:21] *** Joins: lefu ([email protected])
[07:42:14] <gynophage> c3: What's up?
[07:42:44] <gynophage> Oh, lol, j/k, you're the same one who was asking about kiss yesterday.
[07:43:26] *** Quits: touff ([email protected]) (Ping timeout: 252 seconds)
[07:44:45] <dino> is justintime down ?
[07:46:10] <gynophage> dino: Checking.
[07:47:38] <gynophage> dino: It's up in europe and asia pacific.
[07:47:49] <gynophage> us-east is giving me some problems.
[07:47:53] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[07:49:23] <gynophage> ANNNNND I can't even ssh in.
[07:49:55] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[07:49:55] <mserrano> rip
[07:57:41] <ar1s> once you've understood how to write the gcg xmls, it's serial pwnage
[07:59:05] <gynophage> Yeah.
[07:59:09] <gynophage> Glad you seem to have finally got it. :)
[07:59:35] *** Joins: RoMaNSoFt ([email protected])
[08:02:43] <gynophage> dino: Rebooting justintime (us-east) now-isa.
[08:02:49] <gynophage> now-ish*
[08:04:32] <anotherctfer> any hints on how to make time sink sink less time?
[08:04:47] <gynophage> anotherctfer: Why would you do that?
[08:04:57] <gynophage> Lightning put all that work into pretty visuals.
[08:05:11] <anotherctfer> and they are pretty
[08:05:14] *** Quits: WebIRC11307 ([email protected]) (Client Quit)
[08:05:25] <gynophage> It's not about the destination, it's about the journey.
[08:05:28] <gynophage> Sit back.
[08:05:29] <gynophage> Relax.
[08:05:32] <gynophage> Watch it.
[08:05:34] <gynophage> Enjoy it.
[08:05:38] <gynophage> Kids these days.
[08:05:45] <gynophage> With their instant gratification.
[08:05:46] <anotherctfer> i'm up to over  9000 flying toasters
[08:05:46] <anotherctfer> :D
[08:07:14] <anotherctfer> could you tell me how long it took from opening to the first solve on it?
[08:07:17] <gynophage> dino: Still looking at justintime1-east
[08:07:35] <gynophage> AWS console isn't really letting us reboot it. :\
[08:07:39] <gynophage> anotherctfer: 
[08:08:31] <gynophage> 2016-05-21 16:24:00 UTC
[08:08:33] <gynophage> Was first solve.
[08:09:14] <gynophage> dino: 54.171.71.172 (the european one) should let you in while we get us-east up.
[08:09:37] <riatre> Good job crashing my IDA with "Binary data is incorrect, maximum possible value is 261."
[08:10:00] <riatre> Now am I supposed to debug IDA? :p
[08:10:49] *** Joins: WebIRC90506 (~02@2a02:1205:34db:7ab0:d4c1:1f90:bb92:be32)
[08:10:49] *** Quits: nerder ([email protected]) (Client Quit)
[08:10:54] <anotherctfer> thanks @gynophage!
[08:11:15] <gynophage> And, justintime is back up in US-east.
[08:12:11] <jvoisin> riatre: try radare2 :D
[08:18:38] <ar1s> https://twitter.com/agixid/status/734134069160742914/photo/1 ROFL
[08:20:21] *** Quits: solidsnake ([email protected]) (Remote host closed the connection)
[08:25:26] *** Joins: cx ([email protected])
[08:26:09] <ccm> who is author of badger? got a question
[08:26:22] *** Quits: WebIRC25980 ([email protected]) (Client Quit)
[08:26:57] *** Joins: t1deman ([email protected])
[08:28:36] *** Parts: marble (Vos4wFyTXt@2a00:d0c0:200:0:b9:1a:9c0f:340) ()
[08:31:28] *** Quits: t1deman ([email protected]) (Ping timeout: 252 seconds)
[08:32:28] *** Quits: WebIRC95558 ([email protected]) (Client Quit)
[08:34:31] *** Joins: WebIRC97892 ([email protected])
[08:37:00] <whatitdo> 9gag memes increase hacking proficiency
[08:37:05] <gynophage> sirgoon is.
[08:37:09] <ccm> thx
[08:37:26] <gynophage> I love people who only barely read the documentation.
[08:38:06] <gynophage> <ipmask>0x41414141</ipmask> shows they didn't RTFM.
[08:41:15] <mourn> we ain't no time for that
[08:41:20] *** Joins: tyson (tyson@shellhost/fnordserver)
[08:41:34] <tyson> hi
[08:41:46] <tyson> if i have -$2000 on a $1000 limit credit card
[08:41:50] <tyson> does that mean i have $3000 to spend?
[08:45:43] *** Joins: a ([email protected])
[08:48:39] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[08:50:16] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[08:51:11] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[08:55:51] *** Joins: grrrr ([email protected])
[08:56:09] <grrrr> hey, could you show any example PoV for example vulnerability?
[08:56:56] <gynophage> https://github.com/CyberGrandChallenge/samples/tree/master/templates/service-template
[08:58:39] <grrrr> hmm
[08:58:41] <grrrr> thx
[09:00:39] <gynophage> grrrr: You'll have to go from xml to c to a binary pov.
[09:01:05] <grrrr> so my PoV should be sent in a binary format?
[09:03:59] <gynophage> Yeah.
[09:04:07] <gynophage> A DECREE executable.
[09:04:23] <gynophage> https://github.com/CyberGrandChallenge/cb-testing/blob/master/cgc-cb.mk
[09:04:40] <gynophage> More specifically: https://github.com/CyberGrandChallenge/cb-testing/blob/master/cgc-cb.mk#L163
[09:04:59] <gynophage> Unwinding all the cruft to find out what to run and whatnot is an exercise left to the reader.
[09:05:07] <grrrr> what about *patch levels? Just sending patched cgc binary?
[09:05:23] *** Joins: stick__ ([email protected])
[09:05:29] <gynophage> Yes.
[09:05:53] <grrrr> btw, why there is so many CGC this year?
[09:05:55] *** Joins: WebIRC41899 ([email protected])
[09:07:39] <err0r> who can ask about 334 cuts ?
[09:10:24] <hj> vito
[09:10:40] <grrrr> gynophage: patched cgc binaries should be sent in raw-format, or base64-encode/whatever-encode them ?
[09:12:18] <whatitdo> =D
[09:13:21] *** dino is now known as dino_pizza
[09:14:14] *** Quits: S00NN (~S00NN@hackint/user/S00ND43) (Remote host closed the connection)
[09:14:19] *** Joins: its_a_feature ([email protected])
[09:14:22] *** Quits: its_a_feature ([email protected]) (Client Quit)
[09:15:43] *** Joins: WebIRC64217 ([email protected])
[09:15:57] <WebIRC64217> hi, is kiss challenge down?????
[09:16:39] *** Joins: S00NN ([email protected])
[09:16:39] *** Quits: S00NN ([email protected]) (Changing host)
[09:16:39] *** Joins: S00NN (~S00NN@hackint/user/S00ND43)
[09:16:41] <gynophage> WebIRC64217: I don't know I'll check!!!!!!!!
[09:17:57] <gynophage> WebIRC64217: No, I just pwned it in all regions!!!!!!
[09:18:03] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[09:18:08] *** Joins: ravencoding ([email protected])
[09:19:33] *** Quits: ravencoding ([email protected]) (Client Quit)
[09:20:22] <WebIRC64217> $ nc kiss_88581d4e20dc97355f1d86b6905f6103.quals.shallweplayaga.me 3155
[09:20:22] <WebIRC64217> kiss_88581d4e20dc97355f1d86b6905f6103.quals.shallweplayaga.me [54.171.115.187] 3155 (?) : No route to host
[09:22:43] <hj> problem is on your end
[09:22:47] <hj> works for me
[09:23:01] <grrrr> also works from here
[09:23:07] <grrrr> (the kiss chall)
[09:23:26] <hj> I get a different ip
[09:23:31] *** Quits: WebIRC15744 ([email protected]) (Client Quit)
[09:23:39] <hj> flush dns cache
[09:24:24] <gynophage> @hj - stahp
[09:24:40] *** Joins: WebIRC75360 ([email protected])
[09:25:05] <gynophage> hj: That's the europe endpoint.
[09:25:12] *** Quits: WebIRC28460 ([email protected]) (Client Quit)
[09:25:13] <hj> rgr oops
[09:26:30] *** Quits: cx ([email protected]) (Client Quit)
[09:26:47] <gynophage> /tmp ❯❯❯ nc 54.171.115.187 3155
[09:26:47] <gynophage> KISS - Keep It Simple Stupid
[09:26:51] <gynophage> Works for me.
[09:27:27] <gynophage> WebIRC64217: Are you at a school or something?
[09:27:49] <gynophage> 3155 is (seemingly) a Rainbow 6 multiplayer port.
[09:27:54] <gynophage> Maybe firewall blocking it?
[09:28:17] <WebIRC64217> ok i'll check
[09:28:25] *** Quits: Dor1s ([email protected]) (Read error: Connection reset by peer)
[09:29:38] *** Joins: Dor1s ([email protected])
[09:29:54] *** Joins: nebel ([email protected])
[09:30:54] *** Quits: giosch ([email protected]) (Client Quit)
[09:31:29] <fester> tyson: yes
[09:31:51] <tyson> thanks fester 
[09:31:58] <tyson> what's a good $3000 laptop for grad school?
[09:32:22] *** Joins: cx ([email protected])
[09:32:30] <ccm> microsoft surface
[09:32:44] <gynophage> Macbook pro after June refresh.
[09:32:49] <rffdtdtdtrdtrrth> dell alienware
[09:32:56] <dino_pizza> ^
[09:33:08] <tyson> okay ty. 
[09:33:22] <ccm> surface is smaller and has enough for keys for doing sql injection
[09:33:30] <tyson> i think i'll go for a mac since they're harder to hack
[09:33:58] <gynophage> lol, macs are easy mode.
[09:34:04] <gynophage> To pwn.
[09:34:14] <gynophage> But their hardware is better than most.
[09:34:30] *** Joins: attila ([email protected])
[09:34:42] <gynophage> Most of LBS is MacBooks. Selir and Sirgoon are HP/Dell users.
[09:35:05] <tyson> my friend from phrack says macbooks are hard to hack if u know how to configure them
[09:35:08] <tyson> maybe he is wrong though
[09:35:37] *** Quits: WebIRC64217 ([email protected]) (Client Quit)
[09:36:11] <gynophage> He is.
[09:36:32] <gynophage> Well, for as valid as that statement is, I guess.
[09:36:45] <gynophage> There haven't been many (public) pure remotes against it, I guess.
[09:37:10] <gynophage> But, "if you know how to configure them", all computers are secure. For certain values of "configure" and "secure"
[09:39:07] <gynophage> WOOOOT!
[09:39:11] *** Joins: ravencoding ([email protected])
[09:39:24] <gynophage> Last challenge unlocked. Sirgoon and secrf get to have their revenge!
[09:40:52] <cai> \o/
[09:41:01] <ricky> Come on... open
[09:41:05] <sirgoon> oh ya
[09:41:05] <ricky> Then sleeeeep
[09:41:32] <ricky> is there a choice here? I recommend There I Fixed It 
[09:41:37] <ricky> I hear that category has good challenges
[09:41:52] <mserrano> gynophage: did you unlock it? it's still showing as locked
[09:42:02] <ricky> WE currently have nothing to solve.
[09:42:25] <ricky> gynophage: Hm, don't see it on the scoreboard either
[09:42:31] *** Quits: Guest92 ([email protected]) (Ping timeout: 252 seconds)
[09:42:34] <cai> chal plz
[09:42:59] <gynophage> ...hmm?
[09:43:20] <gynophage> Ohh.
[09:43:21] <sirgoon> DEFKOR hasn't unlocked it yet
[09:43:26] *** Joins: FADEC0D3 ([email protected])
[09:43:31] <mserrano> which means we're just sittin' here with nothing to do :P
[09:43:51] <gynophage> DEFKOR - quit trying to catch up.
[09:44:12] <gynophage> Fuck it.
[09:44:28] <gynophage> ADMINISTRATIVELY UNLOCKED
[09:44:30] <gynophage> GOGOGOGO
[09:44:35] <cai> lol
[09:44:38] <mserrano> thanks lol
[09:46:13] *** Quits: rffdtdtdtrdtrrth ([email protected]) (Client Quit)
[09:46:18] <riatre> lol secrf
[09:46:39] <gynophage> sirgoon was mad there wasn't a solve for it last year.
[09:47:02] *** a is now known as ak
[09:47:44] <riatre> It was unlocked 1 or 2 hours before contest end iirc
[09:47:54] <sirgoon> 3.5 hours I believe
[09:47:54] <gynophage> Like 4 or 5 hours I thought.
[09:47:56] <gynophage> Whatever.
[09:48:06] *** Quits: FADEC0D3 ([email protected]) (Ping timeout: 252 seconds)
[09:48:10] <gynophage> We were gonna admin unlock it in 12 minutes anyway.
[09:48:49] <gynophage> He wanted people to...experience...it.
[09:48:52] <ar1s> 10 hours left and all challenges unlocked, I think that's good
[09:49:22] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[09:49:33] *** Quits: stick__ ([email protected]) (Client Quit)
[09:50:07] *** Joins: nerder ([email protected])
[09:50:08] <ebeip90> Pretty sure I just conjured up *the most convoluted* solution to GladOS
[09:50:13] <ebeip90> But fuck it, it works.
[09:51:30] *** Quits: nerder ([email protected]) (Client Quit)
[09:51:41] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[09:52:09] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[09:53:35] <bool101> n33d m04r flags
[09:53:42] *** Joins: Lightning ([email protected])
[09:54:08] *** Quits: Lightning ([email protected]) (Changing host)
[09:54:09] *** Joins: Lightning ([email protected])
[09:54:09] *** ChanServ sets mode: +o Lightning
[09:54:13] <Lightning> morning
[09:55:48] <dino_pizza> gynophage: may i ask the name of the flag file on easier ?
[09:59:47] <gynophage> key.txt
[10:00:10] <gynophage> Err, at least, AppJailLauncher is launched with /key:key.txt
[10:02:12] *** Quits: Dor1s ([email protected]) (Client Quit)
[10:02:31] <dino_pizza> thanks
[10:02:45] *** Joins: Dor1s ([email protected])
[10:02:52] <Lightning> down to < 10 hours, seems you guys fully opened the board
[10:04:15] *** Joins: digitalseraphim ([email protected])
[10:05:29] <psifertex> *yawn* just waking up. binary ninja in the scrollback, I see. 
[10:06:10] <psifertex> vito: 'cause we haven't implemented the OS X scroll stuff. You can hold control and two finger swipe up and down to zoom.
[10:06:16] <psifertex> dave0x6d: Figure out your problem?
[10:06:36] <gynophage> psifertex: Where's your points? :-p
[10:07:04] <psifertex> gynophage: I got one yesterday, just not on a team you'd expect. :-)
[10:07:18] <psifertex> Working on badger now.
[10:07:21] <gynophage> Not Lonliest?
[10:07:24] <psifertex> Excited to do it again.
[10:07:28] <gynophage> Are you helping DERPA or something?
[10:08:39] *** Quits: SandwichMan ([email protected]) (Client Quit)
[10:09:53] <dino_pizza> gynophage: come on the windows one is down :(
[10:10:09] <gynophage> dino_pizza: Fucking manners.
[10:10:16] <dino_pizza> gynophage: please.......
[10:10:42] *** Joins: SandwichMan ([email protected])
[10:10:45] *** Quits: Dor1s ([email protected]) (Ping timeout: 252 seconds)
[10:10:55] <dino_pizza> thanks
[10:12:10] <gynophage> No prob.
[10:12:41] <dino_pizza> but still... no luck over here.
[10:13:05] *** Joins: Admir4l ([email protected])
[10:13:39] <niklasb> https://releases.hashicorp.com/vagrant/1.8.1/vagrant_1.8.1_x86_64.deb
[10:13:44] <niklasb> nvm
[10:14:17] <Ymgve> cgc is much easier to exploit when you actually send cgc binaries instead of what you thought was the input to the program
[10:14:30] <Ymgve> makes me wonder what the hell the verifier actually _did_ with my old input
[10:16:20] *** Quits: attila ([email protected]) (Ping timeout: 252 seconds)
[10:17:24] <gynophage> easier just went down in US-east. Fixing.
[10:17:37] <gynophage> Fix'd.
[10:18:09] <dino_pizza> thanks
[10:18:39] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[10:24:46] *** Quits: SandwichMan ([email protected]) (Client Quit)
[10:28:28] *** Quits: WebIRC97892 ([email protected]) (Client Quit)
[10:28:41] *** Joins: t1deman ([email protected])
[10:29:44] *** Joins: WebIRC83603 ([email protected])
[10:31:05] <gynophage> SHELLPHISH - CALM THE FUCK DOWN ON EASIER
[10:31:45] <gynophage> zardus: ^
[10:32:53] <gynophage> Thanks.
[10:33:03] <gynophage> You're allowed to hit it. Just not as hard.
[10:33:14] <gynophage> You keep bouncing it and making me do stuff.
[10:34:18] *** Quits: t1deman ([email protected]) (Ping timeout: 252 seconds)
[10:39:44] *** Joins: selir ([email protected])
[10:39:44] *** ChanServ sets mode: +o selir
[10:41:26] *** Quits: WebIRC79009 ([email protected]) (Excess Flood)
[10:42:35] *** Joins: rabidwh0re ([email protected])
[10:42:46] *** Joins: heapfun ([email protected])
[10:43:22] *** Joins: t1deman ([email protected])
[10:45:17] <rabidwh0re> lessons learned so far: 1) angr isnt magic, 2) vuln discovery is harder than exploit dev, 3) Im pretty shit at hacking
[10:45:19] *** Joins: nerder ([email protected])
[10:46:08] <rabidwh0re> gonna spend these last hours figuring out this CGC shit
[10:47:47] <grrrr> definitely too much CGC this year
[10:48:10] <grrrr> wish there were more cool pwning, like year ago
[10:48:20] <gynophage> grrrr: Did you pop all the owning we had?
[10:48:55] <grrrr> of course I haven't, some of them are too hard for me :) But still, getting higher variety is better
[10:49:02] <Lightning> 12 of 31 were CGC, rest were not cgc related
[10:49:05] <Lightning> by my count
[10:49:18] <grrrr> that's still a lot, why so many cgc this year?
[10:49:32] <Lightning> guess 19 non-cgc wasn’t good enough then :P
[10:49:40] <gynophage> grrrr: Finals is CGC against DARPA's winning super computer.
[10:49:43] <Lightning> oh, i dunno, cgc winning computer competing in finals?
[10:49:45] <grrrr> btw, is there any syscall documentation for cgc?
[10:49:53] <gynophage> grrrr: http://cgc-docs.legitbs.net
[10:50:01] <grrrr> gynophage: ahh, ok, that's reasonable then
[10:50:18] <gynophage> grrrr: Also, half the CGC category is patching the original bug.
[10:50:28] <grrrr> gynophage: doesn't see syscall there
[10:50:29] <gynophage> The solve times for the _patched services is on the order of 2 minutes.
[10:50:43] *** Quits: nerder ([email protected]) (Client Quit)
[10:50:47] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[10:50:55] <gynophage> grrrr: http://cgc-docs.legitbs.net/libcgc/cgcabi/
[10:51:13] <grrrr> thx
[10:51:28] <gynophage> <3
[10:53:02] *** Joins: sudhackar ([email protected])
[10:54:32] <niklasb> who can I talk to about LEGIT_00004_patch?
[10:56:01] <gynophage> Me.
[10:56:22] *** Quits: grrrr ([email protected]) (Client Quit)
[10:56:38] *** Joins: WebIRC67671 ([email protected])
[10:56:56] *** Joins: xan ([email protected])
[10:57:29] *** Joins: WebIRC24417 ([email protected])
[10:59:12] *** Quits: WebIRC83603 ([email protected]) (Client Quit)
[10:59:40] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[11:00:25] *** Joins: Ninn ([email protected])
[11:00:46] <wyatt_earp> i find it very clever to crowd source solving the CGC with defcon quals; boss move
[11:01:22] <vito> wyatt_earp: it's not as much that as finals is going to be cgc-based
[11:01:32] <vito> so we need to train all you dopes to beat computers at their own game
[11:01:45] <vito> also FUCK this is great coffee
[11:01:50] <vito> just noticed a really nice berry undertone
[11:02:19] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[11:02:50] *** Quits: Hankein ([email protected]) (Client Quit)
[11:02:54] <wyatt_earp> the cgc platform has been intesting, first i've ever had the chance to actually look at it
[11:03:57] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[11:04:13] <Lightning> wyatt_earp: the knowledge coming out of it could change bug hunting and defense in the industry over the years. It has introduced new ways to analyze and think about things
[11:07:01] *** Joins: WebIRC28460 ([email protected])
[11:07:39] <wyatt_earp> definitely, i was reading the reddit ama from a couple of years ago and it's definitely something i'm going to have to spend more time reading on
[11:07:44] *** Joins: Dor1s ([email protected])
[11:08:14] *** Joins: aradia ([email protected])
[11:10:08] *** Joins: SandwichMan ([email protected])
[11:11:47] *** Joins: saa ([email protected])
[11:11:59] *** Joins: heapheapheap ([email protected])
[11:15:01] <WebIdodo> does kiss problem need  gadgets in libc ?
[11:15:10] *** Joins: wh ([email protected])
[11:15:42] *** Joins: WebIRC22159 ([email protected])
[11:15:44] <Lightning> kiss wants an answer :)
[11:16:01] *** Quits: Dor1s ([email protected]) (Ping timeout: 252 seconds)
[11:16:40] *** Quits: WebIRC61265 ([email protected]) (Client Quit)
[11:16:41] <wh> Hi I'am a newbie to cgc. I want to know how to compile c source file which is produced by xml-2cgc?
[11:16:59] <Lightning> i’ll have gyno poke you once he sits back down
[11:17:07] *** Quits: WebIRC22159 ([email protected]) (Client Quit)
[11:17:50] <wh> I use this command "gcc output1.c -o op -lpov" but things go wrong
[11:17:59] *** Parts: saa ([email protected]) ()
[11:18:45] <wh> things like "/lib/libpov.a: could not read symbols: File format not recognized"
[11:18:54] <gynophage> wh: lol.
[11:19:33] <gynophage> wh: https://github.com/CyberGrandChallenge/cb-testing/blob/master/cgc-cb.mk#L163
[11:20:00] <wh> gynophage, thanks
[11:20:18] *** Quits: kkk ([email protected]) (Client Quit)
[11:21:18] *** Quits: SandwichMan ([email protected]) (Client Quit)
[11:23:32] *** Quits: WebIRC28460 ([email protected]) (Client Quit)
[11:23:45] <Lightning> either everyone is sleeping or working
[11:23:47] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[11:24:47] *** Quits: WebIRC67671 ([email protected]) (Client Quit)
[11:24:47] *** Quits: Admir4l ([email protected]) (Read error: Connection reset by peer)
[11:25:02] <Lightning> http://i.imgur.com/RtORygd.png
[11:25:51] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[11:26:14] *** Joins: SandwichMan ([email protected])
[11:26:36] *** Quits: xan ([email protected]) (Client Quit)
[11:28:35] *** Quits: wh ([email protected]) (Client Quit)
[11:28:39] *** Joins: wh ([email protected])
[11:29:40] *** Joins: Guest92 ([email protected])
[11:29:50] <gynophage> https://pbs.twimg.com/media/CZNJmkPWwAAsCyN.jpg
[11:30:53] *** Quits: wh ([email protected]) (Client Quit)
[11:30:58] <heapfun> is there anyone who still can't solve heapfun4u
[11:30:59] *** Joins: wh ([email protected])
[11:31:03] <heapfun> maybe only me
[11:31:28] <gnomus> heapfun: we don't have it too
[11:32:03] <whatitdo> secx*
[11:34:09] *** Quits: wh ([email protected]) (Client Quit)
[11:34:14] *** Joins: WebIRC35378 ([email protected])
[11:36:25] <vito> https://pbs.twimg.com/media/Ch1ZZRDUoAUZRwp.jpg:large
[11:36:54] <vito> https://i.warosu.org/data/tg/img/0355/87/1413646602252.jpg
[11:37:00] *** Joins: FADEC0D3_ ([email protected])
[11:37:43] *** Quits: SandwichMan ([email protected]) (Client Quit)
[11:39:33] *** Joins: WebIRC72005 ([email protected])
[11:41:02] *** Joins: nerder ([email protected])
[11:41:15] *** Joins: Hankein ([email protected])
[11:42:43] <Lightning> oh god, gynophage is torturing us with his youtube findings… enjoy what i have on until then
[11:42:52] *** Quits: WebIRC72005 ([email protected]) (Client Quit)
[11:42:58] *** Joins: kkk ([email protected])
[11:43:20] <gynophage> WAKE THE FUCK UP YALL
[11:43:22] <gynophage> ITS QUALS TIME
[11:43:57] *** Quits: nerder ([email protected]) (Client Quit)
[11:47:09] <unused> is anyone aware of people livestreaming the last hours of the event? would love to watch
[11:48:31] <Lightning> you mean quals or finals?
[11:49:13] <Lightning> for quals there it is already all online, for finals we don’t like cameras in the area and in the past we hid scores on the last day to avoid knowing ranks
[11:52:17] *** Parts: FADEC0D3_ ([email protected]) ()
[11:52:28] *** Joins: wmliang ([email protected])
[11:52:45] *** Joins: WebIRC87800 ([email protected])
[11:53:10] *** Quits: t1deman ([email protected]) (Remote host closed the connection)
[11:53:58] <Lightning> What’s going on?!?
[11:54:02] *** Joins: gbb ([email protected])
[11:54:08] <Lightning> YEAAA YEAAA YEAA YEAHEE HAA
[11:54:24] *** Quits: shivanshu ([email protected]) (Ping timeout: 240 seconds)
[11:54:31] <gbb> Hey guys, what do you expect to prove for the cgc PoV? seems more than just a segfault?
[11:55:07] <vito> gbb: which one?
[11:55:12] <vito> the cuts just need a segfault
[11:55:15] <gbb> 01 or 03
[11:55:23] <vito> LEGIT_0000? needs https://cgc-docs.legitbs.net/cgc-release-documentation/walk-throughs/understanding-cfe-povs/
[11:55:31] <unused> yeah just the quals Lightning, could you direct me towards some links? can't find anything on the twitterz
[11:55:58] <gbb> ty vito
[11:56:27] <Lightning> unused: 2016.legitbs.net, https://twitter.com/LegitBS_CTF/
[11:57:44] <heapfun> in this ctf
[11:57:56] <heapfun> why there are many CGC stuffs ?
[11:58:10] <vito> if you think quals has lots of cgc, wait until you see finals
[11:58:34] <Lightning> heapfun: finals will just have the winning cgc computer competing, we thought it would be fair for the players to know how to use the stuff :)
[11:58:56] <heapfun> CGC is made by you guys?
[11:59:00] <gynophage> Nope.
[11:59:05] <heapfun> anyway
[11:59:10] <heapfun> i'm not good at enlgish
[11:59:19] <heapfun> it very burden to me read lots of cgc docs
[11:59:26] <heapfun> so can't try CGC stuff
[11:59:29] <heapfun> so sad
[11:59:54] <heapfun> can't understand why cgc is used ..
[11:59:55] <vito> it'll still be there tomorrow morning
[12:00:17] <vito> and in the future cgc technology won't be restricted to cgc binaries either so you'll have to learn it sooner or later
[12:00:45] <heapfun> is it important in security?
[12:00:54] <Lightning> heapfun: CGC was put together by DARPA, automatic bug hunting and patching
[12:00:55] *** Joins: ucq ([email protected])
[12:01:05] <heapfun> hm..
[12:01:08] <Lightning> the winning setup is competing against humans this year
[12:01:13] <Lightning> in our game at least
[12:01:15] <vito> and for your job next year ha ha ha
[12:01:20] <heapfun> i spent lots of time executing legit0003
[12:01:31] <heapfun> but now i dont know how to submit answer to server
[12:01:41] <heapfun> again, i should read docs!
[12:01:49] <heapfun> but i dont know what doc should i read
[12:01:52] <heapfun> it's chaos..
[12:02:05] <heapfun> so complicate
[12:03:21] <gbb> heapfun: it's really not
[12:03:24] *** Quits: Ninn ([email protected]) (Ping timeout: 240 seconds)
[12:03:25] <Lightning> i thought gyno put up a link yesterday on that stuff
[12:03:34] <gbb> it's a binary that supports a contrained number of syscalls
[12:03:51] <gynophage> http://cgc-docs.legitbs.net/
[12:03:54] <gbb> can't open fds
[12:03:55] <heapfun> ok but it takes so many time
[12:03:58] <heapfun> to execute it
[12:04:00] <gynophage> Specifically: http://cgc-docs.legitbs.net/libcgc/cgcabi/
[12:04:08] <heapfun> i should read those docs
[12:04:21] <heapfun> it's not simple things to someone who not good at eng
[12:04:29] <heapfun> it takes so many times
[12:04:36] <heapfun> i thinks it's not fair..
[12:05:04] <heapfun> i hardly make environment for executing legit0003
[12:05:06] <Lightning> we are only a small team running ctf, we didn’t create CGC
[12:05:09] <heapfun> but now i have to learn
[12:05:13] <heapfun> how to submit answer!
[12:05:22] <heapfun> pov? xml? what the
[12:05:23] <kriztw> It's also unfair to people who don't know assembly
[12:05:31] <kriztw> Which might even be a larger group!
[12:05:36] *** Joins: Ninn ([email protected])
[12:05:48] <heapfun> u compare asm and cgc ?
[12:05:57] <gynophage> heapfun: pov.
[12:05:59] <gbb> heapfun: pov https://cgc-docs.legitbs.net/cgc-release-documentation/walk-throughs/understanding-cfe-povs/
[12:06:04] <heapfun> i know that docs
[12:06:10] <gynophage> heapfun: https://github.com/CyberGrandChallenge/cb-testing/blob/master/cgc-cb.mk#L163
[12:06:24] <heapfun> i said reading is too hard
[12:06:24] <vito> one of the reasons we're hosting qualifiers this weekend is to determine who is qualified for finals
[12:06:34] *** Quits: WebIdodo ([email protected]) (Client Quit)
[12:07:03] *** Joins: shivanshu ([email protected])
[12:07:16] <heapfun> is it announced before start the quals that cgc will be used?
[12:07:29] <vito> "heavily foreshadowed"
[12:07:33] <gbb> vito: doing this based on merit doesn't seem fair
[12:07:41] <gbb> /s
[12:07:41] <vito> 2015 quals had some cgc
[12:07:50] <vito> we've had blog posts about cgc for the last month
[12:08:04] <heapfun> ok..
[12:08:06] <vito> and a few hours before qualifiers we aggregated all the cgc docs in one place
[12:08:07] <heapfun> that's good..
[12:09:02] <heapfun> sorry for whining
[12:09:07] <heapfun> just whining
[12:09:23] <vito> and going by how quick the cgc category burned down, it's obvious that many teams are qualified for it
[12:09:38] <vito> sorry you're not one of them i guess ¯\_(ツ)_/¯
[12:09:42] <gbb> I regret not looking at it until now
[12:09:45] <Lightning> we also announced cgc at finals during closing ceremonies at defcon and it was repeated in a few places if i recall correctly
[12:09:58] <gynophage> heapfun: https://twitter.com/LegitBS_CTF/status/733729805674373120
[12:10:08] <gynophage> heapfun: https://twitter.com/LegitBS_CTF/status/731131033626628096
[12:10:19] <gynophage> heapfun: https://twitter.com/LegitBS_CTF/status/731131033626628096
[12:11:01] <vito> https://twitter.com/LegitBS_CTF/status/630537981166620672
[12:11:08] <vito> check the date on that one ^^
[12:11:18] <heapfun> @vito dont sarcastic
[12:11:36] <gynophage> Facts have a sarcastic bias?
[12:11:48] <heapfun> not u
[12:12:16] *** Quits: WebIRC75360 ([email protected]) (Client Quit)
[12:12:45] *** Joins: Dor1s ([email protected])
[12:13:49] <Lightning> https://twitter.com/defcon/status/727960402651455489
[12:14:09] <gynophage> Meh, we've made our point. And he's made his. Those all are English.
[12:15:50] <gbb> What are all the different VMs that come with the decree vagrant file?
[12:16:40] <vito> gbb: https://cgc-docs.legitbs.net/cgc-release-documentation/walk-throughs/virtual-competiton/
[12:16:59] <gynophage> gbb: For quals, mostly a rounding error?
[12:17:20] <gynophage> But, yeah, for finals, or general CGC knowledge, that virtual-competition document is probably pretty good to read.
[12:19:14] <gbb> thanks wish i read up more before this started
[12:19:23] <vito> while i was putting those docs together i read them all, and it was the kind of thing i'd wished i'd read a year ago
[12:20:44] <gbb> yeah they seem awesome
[12:20:54] *** Quits: Dor1s ([email protected]) (Ping timeout: 240 seconds)
[12:21:07] <gbb> I hadn't heard about cgc until thursday. Thanks so much for making it an easy set up
[12:21:45] <gynophage> gbb: I'm glad the docs have been helpful. It's mostly a reformatting of the official CGC docs.
[12:21:53] <gynophage> And pulling them all in to one place.
[12:21:57] <gbb> that can make a big difference
[12:21:59] *** Quits: ak ([email protected]) (Client Quit)
[12:23:18] *** Joins: nerder ([email protected])
[12:24:33] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[12:26:08] *** Joins: ak ([email protected])
[12:26:37] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[12:27:02] *** Joins: anon2121 ([email protected])
[12:28:17] *** Quits: ak ([email protected]) (Client Quit)
[12:34:24] *** Joins: ak ([email protected])
[12:36:15] * nwx can't wait for writeups
[12:36:59] *** Joins: t1deman ([email protected])
[12:37:33] *** Quits: ak ([email protected]) (Client Quit)
[12:38:24] *** Quits: Hankein ([email protected]) (Client Quit)
[12:38:34] *** Joins: WebIRC63991 ([email protected])
[12:38:38] <WebIRC63991> legitBS like "moha" too?
[12:38:43] <WebIRC63991> exciting!
[12:41:15] <Lightning> nwx: neither can we
[12:42:16] *** Quits: Ninn ([email protected]) (Ping timeout: 252 seconds)
[12:42:16] <nwx> well i haven't done a single problem...
[12:43:17] <e^ipi> vito: a pointer to the cgc IDA plugins would've been nice but other than that *shrug*
[12:43:38] <e^ipi> i found them anyway
[12:43:44] *** Quits: tyh ([email protected]) (Ping timeout: 252 seconds)
[12:43:56] <[w33]Luwenth> omg, what an infomercial!
[12:44:28] *** Quits: TheVamp_ ([email protected]) (Ping timeout: 252 seconds)
[12:44:52] <Lightning> i think im going to go find the vr system
[12:44:58] *** Quits: heapfun ([email protected]) (Client Quit)
[12:45:00] *** Joins: ak ([email protected])
[12:45:02] <Lightning> enjoy the next 7ish hours
[12:45:17] *** Joins: Ninn ([email protected])
[12:46:48] <Lightning> :D
[12:47:04] *** Joins: tyh ([email protected])
[12:47:44] <vito> e^ipi: adding that to my list for stuff that could be added to the docs
[12:48:24] *** Quits: sudhackar ([email protected]) (Ping timeout: 240 seconds)
[12:53:58] *** Quits: ak ([email protected]) (Client Quit)
[12:54:06] <e^ipi> "How to run it" was trivial... there's a vagrant file... 
[12:54:40] <e^ipi> anyway... this noob thinks it was fine, so anyone that had problems is too dumb for computers.
[12:54:47] <gynophage> e^ipi: cgc2elf is better. I hate eagle's IDA plugin.
[12:55:01] <gynophage> Last time I used it, it didn't decode string xrefs right.
[12:56:32] <e^ipi> it was like, kinda janky, but it was alright
[12:58:51] <Ymgve> gynophage: how will the finals be organized btw? boxes teams can log in on, or is everything just submitting povs and patched binaries?
[12:59:17] <gynophage> We're working on the exact implementation. But it'll more or less "rhyme" with virtual-competition.
[12:59:28] <vito> very closely
[12:59:48] <vito> we basically have to match DARPA's API if their winning CRS is going to function
[13:00:02] <gynophage> Human can adapt. Machines are kinda shitty at that. :\
[13:00:21] <vito> we've adapted most of virtual-competition's acceptance tests
[13:00:24] *** Quits: AlissonB (~alb@hackint/user/AlissonB) (Ping timeout: 240 seconds)
[13:00:33] *** Joins: hihi_em_la_ml_ne ([email protected])
[13:00:38] <vito> past tense, because it's been under development for a while
[13:00:50] <hihi_em_la_ml_ne> qwer
[13:00:55] <gynophage> tyuiop
[13:00:56] <vito> tyuiop
[13:00:56] <hihi_em_la_ml_ne> ml :)
[13:01:00] <vito> gods damn you
[13:01:12] <hihi_em_la_ml_ne> dm rd hihi dm k9.clgt
[13:01:21] *** Joins: sdb ([email protected])
[13:01:24] <gynophage> ddv,mgsnm, gsjksg8xc8 7w3 ykjhs kjhw kjrhefs 
[13:01:28] *** Joins: SandwichMan ([email protected])
[13:01:32] <hihi_em_la_ml_ne> dm hphan
[13:01:37] <hihi_em_la_ml_ne> dm rd
[13:01:59] *** Joins: whoisj0hngalt ([email protected])
[13:02:19] <Ymgve> La-li-lu-le-lo?
[13:02:33] <vito> http://www.kanyezone.com/
[13:03:21] <gynophage> Į̭̲t̨ͬ҉͚͙ ̛͚t̐ͧa̸͔ķ̓͌eͬ̽҉̶̨ ̨̨ǎ̼̘ ̸̂҉̛͎l͍̰ǫ̸̪t̙͓ ̨̧t̶͚ö̷̺ ̽͋҉̡̖m̵̵a̵̡k̸̵e̵̸ ̧̛a̶̛ ̸̛s͛ͤ҉̸̹t̶̵e̓ͫ҉̶́w͓̱
[13:03:47] *** Quits: hihi_em_la_ml_ne ([email protected]) (Client Quit)
[13:03:58] <gbb> anyone have a good sane doc on how to write POVs?
[13:04:10] <vito> other than the one we've linked a half dozen times?
[13:04:11] <gbb> i spent too much time trynig to exploit before realizing we didn't need to
[13:04:24] <gynophage> gdb: http://cgc-docs.legitbs.net
[13:04:26] <gynophage> Specifically...
[13:04:41] <gynophage> http://cgc-docs.legitbs.net/cgc-release-documentation/walk-throughs/understanding-cfe-povs/
[13:04:54] *** Joins: AlissonB ([email protected])
[13:04:59] <gynophage> https://github.com/CyberGrandChallenge/samples/tree/master/templates/service-template
[13:05:03] <gynophage> Is good (pop folder)
[13:05:05] <vito> i'd strongly recommend starting from https://github.com/CyberGrandChallenge/samples/blob/master/templates/service-template/pov_0/pov.c or https://github.com/CyberGrandChallenge/samples/blob/master/templates/service-template/pov_1/pov.c
[13:05:07] <gynophage> pov*
[13:05:13] <vito> xml ones are garbo
[13:05:16] <vito> there i said it
[13:05:35] <gynophage> https://github.com/CyberGrandChallenge/cb-testing/blob/master/cgc-cb.mk#L163
[13:05:40] *** Quits: Guest92 ([email protected]) (Client Quit)
[13:05:46] <Ymgve> xml ones are OK to start with
[13:06:02] <gynophage> If you want to make an xml one, that's how you go from xml to c to binary. If you're in the CGC environment.
[13:06:11] <gbb> does the server expect a bin or xml?
[13:06:16] <vito> bin
[13:07:18] <gbb> ok
[13:10:26] *** Quits: nebel ([email protected]) (Client Quit)
[13:12:30] *** Quits: WebIRC49603 ([email protected]) (Client Quit)
[13:13:00] *** Quits: SandwichMan ([email protected]) (Client Quit)
[13:14:23] *** Joins: WebIRC49603 ([email protected])
[13:15:39] <q3k> vito: ,3
[13:15:40] <q3k> *<3
[13:16:10] <vito> q3k: we can't get over that you put us in the same list as fail 0verflow :3
[13:16:16] <vito> feels goodman
[13:16:41] *** Joins: Dor1s ([email protected])
[13:17:45] *** Quits: WebIRC49603 ([email protected]) (Client Quit)
[13:19:16] *** Joins: WebIRC49603 ([email protected])
[13:19:17] *** Joins: soul8 ([email protected])
[13:21:27] <soul8> hi
[13:21:40] *** Quits: kkk ([email protected]) (Client Quit)
[13:21:41] *** Quits: twizzR (~7d1@2001:700:300:1430:dcb5:e442:6aa8:19ef) (Client Quit)
[13:21:57] <gynophage> hi
[13:22:27] *** Quits: WebIRC63991 ([email protected]) (Client Quit)
[13:23:49] <gynophage> Vito just solved baby-re!
[13:24:05] <gynophage> They grow up so fast...
[13:25:17] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[13:26:16] *** Joins: WebIRC3633 ([email protected])
[13:26:28] <gnomus> lol
[13:26:46] *** Quits: dapan ([email protected]) (Client Quit)
[13:26:54] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[13:26:58] *** Joins: dapan ([email protected])
[13:28:15] * vito celebrates with a beer
[13:29:20] *** Quits: WebIRC49603 ([email protected]) (Client Quit)
[13:29:53] <ar1s> yeah done with CGC. I'm both happy and disgusted at the same time
[13:31:20] <gynophage> https://usercontent.irccloud-cdn.com/file/QueLlpLK/IMG_6261.JPG
[13:31:24] <gynophage> ROOSTER BREWSTER
[13:31:26] *** Joins: WebIRC22159 ([email protected])
[13:32:32] <vito> once i finish this brewdog punk ipa
[13:32:35] <vito> hecho en scotland
[13:32:54] <robbje> glados was nuts. kudos
[13:33:05] <gynophage> All Lightning.
[13:36:44] *** Parts: orbit ([email protected]) ()
[13:37:34] *** Joins: WebIRC49603 ([email protected])
[13:41:41] <[w33]Luwenth> w33 - struggling to get some points at the last hours :(   
[13:41:53] <[SaH]NGG> Hi! I have another problem with cgc problem. For legit_00004 if I send a pov even with an empty main function, it says timeout. It looks like the code inside main doesn't even start.
[13:42:05] <Lightning> glad you liked it robbje 
[13:42:13] <[w33]Luwenth> You'd think we'd get better at this, we just get older and feel more stupid each year.  Maybe this will be the year we'll find time to practice ...
[13:42:38] <Lightning> we try to not just create challenges from research papers :)
[13:42:43] <wyatt_earp> have a kid, it helps i hear
[13:42:55] <[SaH]NGG> If I tried to debug the pov with cb-replay-pov's --attach_port then gdb shows it's somewhere trying to do some regex magic, but we do not even call regex functions
[13:43:37] <cai> so tired :/
[13:43:43] <Lightning> gotta love twitter things, people complaining about the ctf just being cgc and binaries and no forensics. i don’t recall last time we had forensics :P
[13:43:54] <vito> i've had four cups of coffee and got up pretty late, all good here cai 
[13:43:57] <gynophage> Lightning: "We"? Never.
[13:44:52] <cai> vito: haha, yeah, i don't drink coffee normally but i needed some caffeine this morning.
[13:45:06] <gynophage> cai: Having fun?
[13:45:08] <vito> this coffee was soooo fucking great
[13:45:20] <[w33]Luwenth> It's been a few years, w33t34m misses them.  I think there are reasonable forensic challenges to be made, but I figure I shouldn't bitch until I can have a few examples :)
[13:45:23] <vito> roasted it tuesday, did a drip brew with it for the first time today
[13:45:25] <cai> gynophage: yep.
[13:45:25] <j00ru> eu easier down?
[13:45:31] <gynophage> cai: Glad.
[13:45:34] <vito> some really great flavor notes came up
[13:45:37] <vito> almost cried
[13:45:45] <vito> like i almost cry every time i watch frozen
[13:45:47] <gynophage> j00ru: I'll take a look. We've got nagios watching it now, but it only tells me every 5 minutes.
[13:45:54] <cai> not a fan of this intense race tho
[13:45:58] <j00ru> thx
[13:45:59] <[w33]Luwenth> vito: I've only watched it once, I almost cried that I had to watch the whole thing.
[13:46:01] <sirgoon> you can't sleep now gotta get that last challenge!
[13:46:02] *** Quits: daniel-wer ([email protected]) (Client Quit)
[13:46:07] <gynophage> j00ru: Try now?
[13:46:10] <j00ru> works thx
[13:46:12] <gynophage> <3
[13:46:12] <Lightning> wyatt_earp: my kids got me up at 6:30 after getting to bed at 1am, they don’t help :P
[13:46:13] <cai> sirgoon: we will
[13:46:14] <vito> [w33]Luwenth: yeah i've only watched it once
[13:46:18] <vito> it's no "fury road"
[13:46:28] <[w33]Luwenth> WHICH I STILL HAVEN'T SEEN! 
[13:46:31] <gynophage> Bouncing the other instances because reasons.
[13:46:45] <[w33]Luwenth> I may have to go buy a couple movies and let my brain solidify later 
[13:47:05] <vito> watched it for the fifth time on the way to cccamp after def con last year
[13:47:07] <vito> so great
[13:47:11] <gynophage> Bounced them all.
[13:47:23] <Lightning> [w33]Luwenth: got get a vive, it’s a blast to play with
[13:47:46] <gynophage> Whenever somebody picks up the vive, we lose them for at least an hour.
[13:47:53] <gynophage> Duchess was gone for like 3 yesterday.
[13:48:14] *** Quits: WebIRC49603 ([email protected]) (Client Quit)
[13:48:27] *** Joins: WebIRC49603 ([email protected])
[13:48:30] <wyatt_earp> Lightning: true story. it was 3am for me ... glad i was still up doing ctf?
[13:48:56] <Lightning> are you glad you were? I got some rest, been relaxing today :)
[13:49:01] <Lightning> you relaxed?
[13:49:03] *** Quits: sdb ([email protected]) (Client Quit)
[13:50:04] *** Quits: WebIRC49603 ([email protected]) (Client Quit)
[13:50:48] <wyatt_earp> open('relax.txt', 'r'); raise file not found
[13:52:22] *** Joins: WebIRC49603 ([email protected])
[13:52:43] *** Joins: andrei (xed@hackint/user/xed)
[13:52:58] <[w33]Luwenth> a vibe? 
[13:53:53] <vito> pontiac
[13:54:13] <vito> https://upload.wikimedia.org/wikipedia/commons/5/53/2007_Pontiac_Vibe_--_NHTSA.jpg
[13:54:16] <gnomus> have you tried VR pr0n?
[13:54:34] *** Quits: soul8 ([email protected]) (Client Quit)
[13:54:36] <[w33]Luwenth> You should throw the vive video into this mix :)
[13:54:44] *** Quits: bool101 ([email protected]) (Client Quit)
[13:55:00] *** Parts: andrei (xed@hackint/user/xed) ()
[13:55:01] <gynophage> [w33]Luwenth: I wonder if this supports live streaming...
[13:55:38] *** Joins: bool101 ([email protected])
[13:55:46] <gynophage> bool101: !
[13:55:51] <bool101> !
[13:56:29] <[w33]Luwenth> gynophage: The vive itself?  That'd be a bad combo with the vr pr0n
[13:56:40] <bool101> enjoyed crunchtme nice one lightning
[13:56:42] *** Quits: tyegas ([email protected]) (Client Quit)
[13:56:47] <vito> unironically love how DARPA funds /r/shittyrobots with the robotics grand challenge
[13:56:49] <vito> yeah
[13:56:53] <vito> if you thought cgc shit was finicky
[13:56:57] <vito> try irl
[13:57:05] <Lightning> you guys should be happy, i spent 6 months on 6 challenges instead of 6 months on 1 :)
[13:57:19] <Lightning> bool101: glad you enjoyed it :)
[13:57:22] <bool101> very happy! which were your other 5?
[13:57:26] <[w33]Luwenth> Lightning: Does that mean you've gotten better at creating challenges? 
[13:58:06] <[w33]Luwenth> Re: vive - For $1600 ... I can spend my money on other things.
[13:58:21] <Lightning> no, it means i didnt take the time to top dosfun4u or byte sexual (GiTS) type things
[13:58:53] <[w33]Luwenth> Is the vive good for games like Civ? :)
[13:59:04] <bool101> it's goof for VR pr0n
[13:59:05] <gynophage> [w33]Luwenth: No Civ like games yet.
[13:59:13] <bool101> *good
[13:59:15] <vito> is the vive good for stephen's sausage roll
[13:59:25] <gynophage> I'm actually really excited about dota2 spectator mode.
[13:59:50] <gynophage> https://www.youtube.com/watch?v=009z6g1D6Dw
[13:59:58] <[w33]Luwenth> Lightning: I don't remember those, but I'll assume they were problems that would be hard to beat 
[14:00:01] <gnomus> HotS > dota2
[14:00:17] <vito> Hoverboarding on the Sauce
[14:00:20] <bool101> every link from gynophage feels like a risky click
[14:00:22] <gynophage> gnomus: I agree, but HotS doesn't have a good VR spectator mode.
[14:00:25] <Lightning> bool101: were they hard? i suspect you know
[14:00:35] <Lightning> as a 3rd party
[14:00:40] <gynophage> bool101: To be fair, you've been clicking my links all weekend (who do you think controls the scoreboard...)
[14:00:41] <gnomus> gynophage: VR play would be cool
[14:00:45] <[w33]Luwenth> gynophage: That looks like an interesting way to play dota
[14:00:50] <vito> it's me
[14:00:52] <gynophage> gnomus: Not as cool as you think.
[14:00:54] <vito> i control the scoreboard
[14:00:54] <bool101> lol
[14:01:01] <bool101> they were medium difficulty
[14:01:15] <vito> https://usercontent.irccloud-cdn.com/file/9NutJPay/DEF%20CON%20CTF%202016%202016-05-22%2014-01-08.png
[14:01:17] <vito> totally control that scoreboard
[14:01:17] <gynophage> gnomus: If your body thinks you move, but you don't move, headache city.
[14:01:20] <[w33]Luwenth> if I ever break the scoreboard, I am going to rickroll the entire contest :)
[14:01:21] <bool101> not defcon finals hard
[14:01:38] <[w33]Luwenth> (likelyhood of this happening, probably about 10 minutes after I win the lottery)
[14:01:42] <gynophage> Makes FPS games, and (I imagine) RTS kinda rough.
[14:01:56] <gnomus> propably
[14:02:08] <gnomus> they'll find solutions to sell to us
[14:02:19] <Lightning> [w33]Luwenth: byte sexual would show up as a 32bit binary but at the block layer (everytime it branched) it would alter between 32 and 64bit code execution. dosfun4u was 16bit dos protected mode with a key in memory and a key on the harddrive. for every team that got code exec and read the key from memory, it would take them another 4 hours for the harddrive due to how bad it was to write shellcode for.
[14:02:48] <gynophage> [w33]Luwenth: dosfun: https://github.com/legitbs/quals-2014/tree/master/dosfun4u
[14:02:54] <bool101> anyone ever seen a SMM CTF problem?
[14:02:57] *** Joins: WebIRC68682 ([email protected])
[14:03:16] <gynophage> bool101: Kinda hard to do online and trust all the teams to not fuck everything up. :\
[14:03:53] <[w33]Luwenth> 2 keys, one with a built-in 4 hour delay to be able to access?
[14:04:10] <Lightning> nope
[14:04:34] <Lightning> rewriting execing shellcode on it took a minimum 4 hours due to how hard it was to write shellcode due to the bug
[14:04:39] *** Joins: bono ([email protected])
[14:04:51] <bool101> back to hacking ttyl
[14:06:00] *** Joins: soul8 ([email protected])
[14:06:39] <gynophage> soul8: vito is in VR right now.
[14:08:15] *** Joins: Guest92 ([email protected])
[14:08:18] *** Quits: cx ([email protected]) (Client Quit)
[14:08:47] *** Parts: bono ([email protected]) ()
[14:10:19] *** Joins: cx ([email protected])
[14:10:40] *** Quits: Guest92 ([email protected]) (Client Quit)
[14:11:20] <cai> yo
[14:11:21] <cai> gynophage: 
[14:11:26] <cai> why is your submission saying 500
[14:11:28] <tylerni7> ^
[14:11:55] *** Joins: bono ([email protected])
[14:12:07] <b2xiao> yeah
[14:12:14] <b2xiao> your submissions are teh broken
[14:12:28] <cai> it's probably because it doesn't know how to handle burning challenge when there's none to open
[14:13:07] <cai> vito: 
[14:13:09] <b2xiao> lolol
[14:14:17] *** Joins: attila ([email protected])
[14:14:23] <vito> lol shit
[14:14:25] <Lightning> he went to get Vito to look
[14:14:30] <gbb> for cripple, is it expected that it will actually mangle a hardcoded string I enter?
[14:14:45] *** Quits: WebIRC49603 ([email protected]) (Client Quit)
[14:14:52] <Lightning> does the example work?
[14:15:53] <gynophage> Try now?
[14:16:11] <cai> worked
[14:16:16] <b2xiao> yaaaay
[14:16:16] <cai> Cool
[14:16:18] <cai> Thanks!
[14:16:19] <sirgoon> congrats!
[14:16:28] <hj> nice
[14:16:43] <robbje> congrats, PPP
[14:16:54] <cai> ty
[14:17:30] <gynophage> After all those prequals I was worried you guys wouldn't get in. :-p
[14:17:39] <b2xiao> D:
[14:17:45] <gynophage> <3
[14:18:04] <Lightning> congrats
[14:18:16] <gbb> Lightning:Yeah i guess it just looks mangled because it's not sending back my non ascii
[14:18:22] <tylerni7> gynophage: I mean, you made the second place in one of the CTFs not count...
[14:18:39] <tylerni7> :P
[14:18:40] <Lightning> it’s not gcc or llvm on the back end
[14:18:41] <b2xiao> and codegate wasn't a qualifier :P
[14:18:56] <gynophage> I hear we didn't miss much by doing that.
[14:19:04] *** Quits: q1a1 ([email protected]) (Ping timeout: 252 seconds)
[14:19:05] <tylerni7> and we can't play in our own ctf..
[14:19:06] *** Quits: ravencoding ([email protected]) (Client Quit)
[14:19:18] <b2xiao> yeah haha, hosting a qualifier doesn't count for qualification
[14:19:25] <tylerni7> (not that it should)
[14:19:39] <robbje> all these excuses...
[14:19:41] <robbje> ;)
[14:19:45] *** Quits: WebIRC3633 ([email protected]) (Client Quit)
[14:19:50] <gynophage> For those who don't know, the game is *still* running.
[14:19:58] <gynophage> For another ~6 hours.
[14:20:05] <b2xiao> so yeah, don't say nothing about any of the challenges
[14:20:05] <gynophage> So, get qualified.
[14:20:36] <gynophage> And, yeah, this isn't time to show all the cards.
[14:20:43] <gynophage> Post game shit talk in 6 hours. :)
[14:20:46] <WebIRC22159> now's the time to drop a web chal
[14:20:49] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[14:20:53] <ReidB> Unless your cards are sweet gen 1 magic cards.
[14:20:56] <ReidB> Then show them all.
[14:21:06] <gynophage> WebIRC22159: PPP found the web chal. Vito has to solve the 500 error. :-p
[14:21:37] <cai> ;)
[14:21:46] <cai> Was my guess correct?
[14:21:47] <wyatt_earp> i was so excited
[14:21:56] <gynophage> cai: We'll let you know?
[14:22:08] <cai> cool
[14:22:08] <vito> i don't believe it is
[14:22:15] <cai> huh interesting.
[14:22:17] <stypr> grats ppp
[14:22:19] <Rex> congratulation PPP!
[14:22:25] <vito> figuring out which hot challenges are left is done somewhere other than in the solve challenges screen
[14:22:32] <Rex> always impressive :p
[14:24:34] <vito> of course urgent web shit happens /after/ i've started drinking
[14:24:35] <vito> :P
[14:24:38] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[14:24:41] <cai> heh
[14:24:54] <WebIRC22159> just need to revert that sql change
[14:24:58] <WebIRC22159> and we'll have a chance
[14:25:07] <vito> downloading the database to run locally
[14:25:14] *** Joins: exploit7002 ([email protected])
[14:25:27] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[14:27:10] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[14:28:10] *** Quits: anotherctfer ([email protected]) (Client Quit)
[14:28:54] *** Quits: WebIRC63556 ([email protected]) (Client Quit)
[14:29:00] <vito> just joined ppp
[14:29:03] <niklasb> hi who can I ask about legit_00004? gynophage can I pm?
[14:29:14] <b2xiao> vito: welcome!
[14:29:18] <vito> thanks!
[14:29:20] <Lightning> remember when keygens use to be interesting?
[14:29:35] <Lightning> niklasb: wait a few minutes, he stepped away to talk to one of the guys
[14:29:45] <Lightning> unless vito jumps in but he’s tracking down a web issue
[14:29:58] <vito> i don't know shit 'bout legit 4
[14:30:34] <e^ipi> vito: just never stop drinking, then you're functional even when you're drunk
[14:30:41] <vito> yeah i watch archer too
[14:32:26] <vito> goddamn it
[14:32:33] <vito> it's just some cheevo code i forgot to take out /cc cai 
[14:32:46] <vito> cheevo code that literally never got called since nobody won the year we had cheevos
[14:32:53] <b2xiao> cheevo meaning
[14:33:01] <cai> haha
[14:33:04] <cai> achievement?
[14:33:06] <gynophage> achievement
[14:33:09] <[w33]Luwenth> They're like cheetos, but green
[14:33:11] <[w33]Luwenth> Never sold well.
[14:33:12] <vito> b2xiao: https://legitbs.net/statdump_2014/achievements.html
[14:33:32] <cai> vito: could not have guessed that one ;)
[14:34:00] <vito> neither could i, heh
[14:34:05] * vito reënters the matrix
[14:34:47] *** Quits: arbiter_ (uid60882@2001:67c:2f08:6::edd2) (Client Quit)
[14:36:10] <b2xiao> huh
[14:36:16] <b2xiao> well, I saw mention of achievements
[14:36:17] <cai> time to sleeeep
[14:36:19] *** Quits: cx ([email protected]) (Client Quit)
[14:36:20] <b2xiao> but no actual...achievements
[14:36:26] *** Joins: SandwichMan ([email protected])
[14:37:35] *** Quits: meumeu ([email protected]) (Client Quit)
[14:38:01] *** Quits: WebIRC90506 (~02@2a02:1205:34db:7ab0:d4c1:1f90:bb92:be32) (Client Quit)
[14:38:08] *** Quits: attila ([email protected]) (Ping timeout: 252 seconds)
[14:39:53] *** Joins: tyh_ ([email protected])
[14:42:32] *** Quits: tyh ([email protected]) (Ping timeout: 252 seconds)
[14:45:48] <uri> is int3rupt working well on eu?
[14:47:29] <Lightning> checking
[14:47:57] <Lightning> works for me
[14:48:03] <Lightning> threw the exploit at it
[14:49:54] <uri> thanks for checking, it started behaving different all of a sudden
[14:51:50] *** Joins: WebIRC13502 ([email protected])
[14:51:52] <Lightning> i didn’t do anything, just threw the exploit
[14:54:20] *** Quits: SandwichMan ([email protected]) (Client Quit)
[14:54:24] *** Quits: rabidwh0re ([email protected]) (Ping timeout: 240 seconds)
[14:56:54] *** Quits: exploit7002 ([email protected]) (Ping timeout: 240 seconds)
[14:57:33] *** Quits: rok__ ([email protected]) (Client Quit)
[14:57:40] <[w33]Luwenth> Now do you open up the "super-easy" category to give PPP something to do with the rest of their weekend? :) 
[14:58:29] *** Quits: gael (~gael@2a01:e35:2425:a090:28e2:832:1c59:5d70) (Client Quit)
[14:58:42] <Lightning> i’m sure they already closed up shop and are off drinking
[14:59:59] <Lightning> tick tock tick tock, 5 hours left to get your slot for finals!
[15:00:04] *** Quits: WebIRC24417 ([email protected]) (Client Quit)
[15:01:58] *** Quits: digitalseraphim ([email protected]) (Ping timeout: 252 seconds)
[15:02:58] *** Joins: rabidwh0re ([email protected])
[15:04:10] <mandlebro> is 666 cuts ok?
[15:06:20] <zozo> 666 is ok
[15:06:54] <ccm> uri it is working
[15:07:06] <mandlebro> sry being nab
[15:09:35] *** Quits: rabidwh0re ([email protected]) (Ping timeout: 252 seconds)
[15:12:01] *** Quits: whoisj0hngalt ([email protected]) (Client Quit)
[15:13:09] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[15:14:51] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[15:15:48] *** Joins: rabidwh0re ([email protected])
[15:16:00] *** Joins: ssq (~02@2a02:a317:c940:2b00:4cac:f85a:c0d0:e100)
[15:16:02] <ssq> hey
[15:16:06] <Lightning> hi
[15:16:21] <ssq> how to compile/transform/whtever my xml PoV into binary format? (I guess, I have to send it in raw-binary?)
[15:16:48] *** Joins: offw0rld ([email protected])
[15:16:55] <offw0rld> hi
[15:17:06] <Lightning> gynophage *poke*
[15:17:10] <offw0rld> hi, i have a good Key1 for step, but in local, do not prompt key2, only exit1, it's normal ?
[15:18:08] <gynophage> ssq: https://github.com/CyberGrandChallenge/cb-testing/blob/master/cgc-cb.mk#L163
[15:19:13] <soul8> strange, cores with xml but not povxml
[15:21:31] <[w33]Luwenth> Is *that* what a vive looks like? :) 
[15:21:41] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[15:21:46] <vito> big ass goggles?
[15:21:47] <gynophage> [w33]Luwenth:  https://youtu.be/Xn5fZcS_EjM YUUUUUP
[15:21:47] <vito> yeah
[15:22:23] *** Joins: WebIRC63991 ([email protected])
[15:22:48] <Lightning> the aperature lab area is fun and looks better imo
[15:23:21] <[w33]Luwenth> I am kind of disturbed, you painted your living room one of the colors that I painted my bedroom.
[15:23:31] <gbb> http://cgc-docs.legitbs.net/cgc-release-documentation/walk-throughs/understanding-cfe-povs/ first link is broken
[15:23:46] <vito> the one to darpa's documents page?
[15:24:18] <gbb> Yes
[15:24:31] <nwx> lol https://www.youtube.com/watch?v=UW8sQmBzgOM @gynophage
[15:24:43] *** Joins: sudhackar ([email protected])
[15:24:57] <vito> gbb: i'd claim that it's obsoleted by the doc you're reading :P but i'll see what i can do
[15:24:59] <vito> later tho
[15:25:00] <gynophage> nwx: LBS built a CRS. What of it?
[15:25:12] <nwx> ?
[15:25:19] <gbb> just fyi yeah your docs are fine
[15:25:27] *** Quits: rabidwh0re ([email protected]) (Client Quit)
[15:26:03] *** Joins: breadsticks ([email protected])
[15:27:32] *** Joins: JoyRe (anon1@gateway/tor-unverified)
[15:29:41] <soul8> anyone know why an xml pov would segfault but the built binary pov would not? (same instructions except negotiation details)
[15:32:44] <gynophage> soul8: It wouldn't.
[15:32:54] *** Quits: poizan42 ([email protected]) (Ping timeout: 240 seconds)
[15:34:30] *** Joins: q1a1 ([email protected])
[15:37:07] *** Quits: bburky ([email protected]) (Client Quit)
[15:37:58] *** Quits: oszi (~oszi@hackint/user/oszi) (Quit: Input/output error)
[15:38:41] <Lightning> i loved that game
[15:38:53] *** Quits: WebIRC63991 ([email protected]) (Client Quit)
[15:39:29] *** Quits: ssq (~02@2a02:a317:c940:2b00:4cac:f85a:c0d0:e100) (Client Quit)
[15:39:32] *** Joins: oszi (~oszi@hackint/user/oszi)
[15:39:46] *** Joins: fff (~02@2a02:a317:c940:2b00:4cac:f85a:c0d0:e100)
[15:39:57] <fff> hey, who is responsible for CGC and who may I PM ?
[15:40:46] <Lightning> bug gynophage
[15:41:12] *** Quits: at1as ([email protected]) (Ping timeout: 252 seconds)
[15:45:23] *** Quits: war3tease ([email protected]) (Client Quit)
[15:48:23] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[15:48:32] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[15:50:03] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[15:50:04] <soul8> PoV stands for proof of virility right
[15:50:16] <Lightning> proof of virgin
[15:50:26] <soul8> oh much more sense
[15:50:47] *** Quits: bool101 ([email protected]) (Client Quit)
[15:51:01] <nwx> lol
[15:51:56] <soul8> was looking up "dtd pov" on google, needed the keyword "format" in there
[15:52:31] *** Joins: bool101 ([email protected])
[15:58:04] *** Quits: rhydis ([email protected]) (Ping timeout: 252 seconds)
[15:58:37] *** Joins: attila ([email protected])
[16:00:52] <Lightning> 4 hours to go :)
[16:01:55] <nwx> :(
[16:06:49] <spq> who can we ask something about badger?
[16:08:33] <gynophage> Me or sirgoon.
[16:12:00] *** Quits: rg ([email protected]) (Ping timeout: 252 seconds)
[16:12:20] *** Joins: bic ([email protected])
[16:12:48] *** Joins: dinggul ([email protected])
[16:12:49] *** Quits: bic ([email protected]) (Client Quit)
[16:15:19] *** Joins: cx ([email protected])
[16:15:57] *** Quits: shivanshu ([email protected]) (Ping timeout: 252 seconds)
[16:16:20] *** Joins: shivanshu ([email protected])
[16:18:10] <hoju> this guy inspired me as a teenager to get into Maya 3D
[16:18:46] <jiggajuice> well, the maya were wrong
[16:19:58] <[w33]deorth> I have a friend who was a huge maya person, trained folks in it. Works at Autodesk now
[16:20:31] <hoju> is his desk automatic?
[16:20:53] <[w33]deorth> autodesk make maya :P
[16:20:58] <[w33]deorth> but her desk may well be automatic
[16:21:57] <hoju> good
[16:22:06] <[w33]deorth> I know mine is :)
[16:23:23] *** Joins: structure ([email protected])
[16:27:39] *** Quits: cd80 ([email protected]) (Client Quit)
[16:32:21] <ar1s> how many teams from the top score will go to vegas ?
[16:32:28] *** Quits: nerder ([email protected]) (Client Quit)
[16:32:31] <[w33]deorth> 9 I think
[16:32:42] <[w33]deorth> or maybe 8 plus 1 alt
[16:33:00] <[w33]deorth> then theres the prequalified folks from 5 other ctfs
[16:33:02] <Lightning> 8
[16:33:06] <[w33]deorth> and the CGC computer
[16:33:32] <Lightning> 15 total teams, cgc is the 15th. so 14 humans. there are 6 qualified
[16:33:41] <[w33]deorth> what he said :)
[16:33:54] <ar1s> hmm k
[16:34:01] <[w33]deorth> +-1 makes little difference to those of us with zero points ;)
[16:34:02] <Lightning> so top 8, skipping any that already qualified (DEFKOR for instance)
[16:34:21] <ar1s> so we better go back to #8 :)
[16:35:06] <Lightning> just make sure you stay high enough :)
[16:35:14] <[w33]deorth> "win the game"
[16:35:20] <[w33]deorth> easy goal
[16:35:31] <[w33]deorth> :)
[16:37:35] <Lightning> PPP already did that, at this point you just need to be in the top :)
[16:38:08] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[16:38:13] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[16:38:58] *** Joins: WebIRC63991 ([email protected])
[16:40:11] <withzombies> did ppp solve everything?
[16:40:17] <fff> yup
[16:41:03] <ar1s> https://blog.legitbs.net/2016/05/quick-quals-qupdate.html " 	Online Jeopardy style, qualifying eight teams"
[16:41:16] *** Joins: dvx ([email protected])
[16:41:56] *** Parts: mattypiper ([email protected]) ()
[16:47:05] *** Joins: gael ([email protected])
[16:50:08] *** Quits: shivanshu ([email protected]) (Ping timeout: 252 seconds)
[16:50:40] <fff> btw, will Defcon2017 also be full of CGC?
[16:51:02] *** Joins: shivanshu ([email protected])
[16:51:20] <Lightning> other than this year we’ve never announced what the next year will contain
[16:51:38] <gnomus> DEFCON 2017 will be web only
[16:51:52] <fff> ok :)
[16:51:56] <johncool> gnomus: don't forget stega
[16:52:00] <gnomus> yeh
[16:52:03] *** Quits: WebIRC63991 ([email protected]) (Client Quit)
[16:52:20] <Lightning> stego with the rare option that has to be compiled into a tool no one uses? :)
[16:52:23] <gynophage> gnomus: Not if we're still running it.
[16:52:38] <gynophage> If we host next year, we should run all quals challenges on port 80.
[16:52:59] <fff> and the harder ones on 443 ;]
[16:53:00] <gnomus> you shall upload your POVs over http
[16:53:00] <Lightning> or 443
[16:54:12] *** Joins: mallle (~mallle@2a03:f80:ed15:37:235:60:56:1)
[16:54:15] *** Joins: Pyxel ([email protected])
[16:55:20] *** Parts: Pyxel ([email protected]) ()
[16:56:04] <gynophage> gnomus: If we host next year, we will *NOT* be doing CGC.
[16:57:42] <fff> why not?
[16:58:04] *** Joins: jawaharlal (uid120577@2604:8300:100:200b:6667:5:1:d701)
[16:58:42] *** Joins: WebIRC83603 ([email protected])
[16:59:02] <Lightning> at that point it’s been done?
[16:59:56] <fff> thought your goal was to make cgc be more popular, so more and more ctfs will be in that form
[17:00:20] <Lightning> isn’t that we are doing this year? Bringing even more attention to CGC?
[17:01:13] <fff> bringing attention should have any goal. The only goal I see could be "yay, cgc is so awesome, it should be in every ctf'
[17:01:24] <fff> what's your other goal in bringing attention then?
[17:01:58] <gynophage> fff: You seem to have misunderstood.
[17:02:12] <gynophage> My goal is to qualify people to play finals.
[17:02:12] <Lightning> The work done to compete in CGC is changing the types of tools and thoughts that can change bug hunting and auto patching of systems. That is a game changer itself in the security world.
[17:02:15] <gynophage> That's what a qualifier does.
[17:02:32] <nwx> https://goo.gl/aMN2Aj
[17:02:33] <gynophage> If that weren't my goal, the qualifying criteria would be "who buys gynophage the nicest thing"
[17:02:36] <Lightning> But the qualifier for this year puts humans vs computer, see how things go
[17:03:19] <gynophage> This year, finals is CGC. To play against the CGC computer.
[17:03:21] <fff> ok, so if finals wasn't be human vs computer, then there woudn't be so many cgcs, right?
[17:03:28] <fff> ok, got ya ;]
[17:03:30] <gynophage> fff: Yes.
[17:03:44] <gynophage> There's no CGC game next year.
[17:03:54] <gynophage> So, fuck it. Spectacle over.
[17:04:49] <robbje> computer wins DEF CON CTF, humans give up, end of story
[17:05:30] <gynophage> lol
[17:06:44] <ar1s> computers better than humans, humans ruled obsolete
[17:07:09] *** Joins: SandwichMan ([email protected])
[17:07:15] <ar1s> at least it didn't stop humans from playing chess, but it introduced many opportinities for cheating
[17:07:37] *** Joins: nerder ([email protected])
[17:07:44] <gynophage> ar1s: I mean, that's more or less what's going to happen with CGC.
[17:08:01] *** Quits: criple_ripper ([email protected]) (Client Quit)
[17:08:04] <gynophage> These CRS's exist in different forms of completion, for "Linux" with a different sys call table.
[17:08:18] <gynophage> How long is it going to take to port them to the 50 sys calls Linux CTFs use?
[17:09:19] <ar1s> I think the computer will pwn everyone and get the best score the first day
[17:09:35] <ar1s> then more and more subtle bugs will be solved by humans
[17:09:55] <ar1s> it all depends on the score system to see who will win
[17:09:56] <gynophage> Probably. But there's only one way to find out. :)
[17:10:31] <ar1s> btw if there's a machine that could solve Legit_00004 automatically, I want to see it
[17:10:38] <gynophage> Me too.
[17:12:03] *** Quits: nerder ([email protected]) (Client Quit)
[17:13:01] <gynophage> I'm really curious how humans and computers will stand against each other.
[17:13:16] <gynophage> And I'm in the perfect position to ask the question.
[17:14:01] <ar1s> do we know already whose research team will have the gcg computer ?
[17:14:29] <stach> my guess is the computer rack will stand taller than most humans :P
[17:14:56] <gynophage> ar1s: http://cybergrandchallenge.com/site/index.html#teams
[17:15:15] <gynophage> We won't know who qualifies until the day before DEF CON CTF Finals.
[17:15:55] <ar1s> nice
[17:16:59] *** Quits: cx ([email protected]) (Client Quit)
[17:17:24] *** Quits: breadsticks ([email protected]) (Ping timeout: 240 seconds)
[17:18:46] *** Joins: v1d ([email protected])
[17:18:51] *** Joins: WebIRC3633 ([email protected])
[17:18:55] <Lightning> i’m to help you guys not have to hear gyno’s selections :P
[17:19:40] <Lightning> less than 3 hours, come on guys, losing time to get your slots :)
[17:20:06] <[w33]Luwenth> Oh wait, I have this pile of answers to submit! 
[17:20:08] <[w33]Luwenth> (not)
[17:20:28] *** Quits: WebIRC3633 ([email protected]) (Client Quit)
[17:20:48] <wyatt_earp> The key is: <** stack smashing detected **>
[17:21:36] *** Joins: anotherctfer ([email protected])
[17:21:46] <ar1s> prepare it in a <data> tag
[17:22:26] <likestoplay> gynophage: Lightning: what happens if a cgc team and human team both qual
[17:22:32] <likestoplay> ala Shellphish or FaS/PPP
[17:22:55] <gynophage> Mike Walker, the DARPA PM in charge of CGC has asked that if that happens, the humans don't participate.
[17:23:15] <gynophage> I imagine we'll just have 1 fewer slot at finals.
[17:23:33] <gynophage> I don't want to spin a team out there hoping they might maybe get in.
[17:23:47] <likestoplay> no alternates?
[17:23:59] <gynophage> alternates would favor US based teams.
[17:24:09] <Lightning> a lot of teams are international, a cost issue for them to come to not play. don’t want to favor last minute US teams
[17:24:11] <likestoplay> not if theyd be at defcon already anyway
[17:24:26] <gynophage> LBS hasn't really talked about it.
[17:24:37] *** Joins: breadsticks ([email protected])
[17:24:47] *** Quits: tomandjerry ([email protected]) (Client Quit)
[17:25:03] *** Quits: breadsticks ([email protected]) (Client Quit)
[17:25:08] <vito> we'll worry when we know who the qualifiers and alternates from this game are
[17:25:19] <vito> and there's still 2.5 hours left
[17:25:21] *** Joins: breadsticks ([email protected])
[17:25:42] <gynophage> I guess the sarcastic answer is "don't be the alternate"
[17:25:48] <likestoplay> i wont be, dont worry
[17:25:50] <gynophage> Then you have nothing to worry about.
[17:26:03] <likestoplay> but i like knowing rules ahead of time ;)
[17:26:16] <likestoplay> because y'know, transparency and stuff
[17:26:19] <gynophage> The problem with the humans and computer playing is we have no way of knowing if they're feeding info to their CRS so they get the press about designing the CRS which beat all the humans.
[17:26:31] <gynophage> That is, the CRS + its author.
[17:26:33] <likestoplay> ah, ethics, yeah
[17:27:15] <gynophage> They would both know best what data their CRS would find useful, and may also be able to infer information about exploits based on their CRS's submitted patches and whatnot.
[17:27:34] <gynophage> Ohh yeah, that's the other *huge* thing.
[17:27:50] <gynophage> Consensus evaluation.
[17:27:57] <gynophage> All patches are made available to every player.
[17:28:00] <vito> we'll be bloggin' about that soon
[17:28:20] <gynophage> It's a way to prove that the patches are sound, and not a bunch of "lol, make the sub esp bigger" bullshit.
[17:28:29] <vito> heh
[17:28:34] <vito> are we saving _patched submissions?
[17:28:41] <gynophage> Nope. :(
[17:28:48] <gynophage> That would have been cool information to look through.
[17:30:56] *** Joins: nathan ([email protected])
[17:31:00] <nathan> ciaoo
[17:31:04] <nathan> !list
[17:31:17] <gynophage> easier
[17:31:19] <gynophage> flag
[17:31:32] <Lightning> 2.5 hours left, no pressure
[17:32:01] <anotherctfer> @gynophage you told me to sit back and watch time_sink, its now been 8 hours but what I got isn't working can I dm some questions?
[17:32:08] *** Quits: nathan ([email protected]) (Client Quit)
[17:33:40] <gynophage> anotherctfer: You probably missed the middle letter. Better double check.
[17:34:00] <anotherctfer> lol
[17:34:14] *** Joins: WebIRC44242 (~02@2a02:a317:c940:2b00:4cac:f85a:c0d0:e100)
[17:34:17] <anotherctfer> can I buy a vowel?
[17:34:26] <Lightning> Z
[17:35:10] *** Joins: WebIRC58849 ([email protected])
[17:35:33] <[w33]Luwenth> oh look, aquaman only less cool.
[17:35:50] <anotherctfer> I also have a bug report for time_sink, kind of a funny one actually, where can I submit that?
[17:36:04] *** Parts: tyson (tyson@shellhost/fnordserver) ()
[17:36:19] <Lightning> you can PM me but i doubt you’ll get anything as it is probably what everyone else has told me :)
[17:36:26] *** Quits: gael ([email protected]) (Client Quit)
[17:36:56] <withzombies> ugggggghhhhhh vagrant
[17:37:04] <withzombies> it kept launching my crs vm from last june
[17:37:17] <withzombies> no wonder none of the tools were installed (and there's no random page)
[17:37:26] <vito> use the vagrant administration tool
[17:37:31] <withzombies> rm -rf
[17:37:36] <vito> `rm -rf ~/.vagrant`
[17:37:43] <withzombies> yeah, that's what i did
[17:37:47] <withzombies> but I didn't notice
[17:37:53] <withzombies> I solved 9 cgc challenges before noticing
[17:37:55] <withzombies> lol
[17:37:59] <vito> lag
[17:38:44] <withzombies> I did wonder why my secret data was always "000000"
[17:38:47] <withzombies> but meh
[17:41:25] *** Joins: rg ([email protected])
[17:41:36] <stach> didn't run the ToB CRS?
[17:41:58] <vito> they didn't want to not qualify dohohohoho
[17:42:06] * vito makes swish motion
[17:42:47] <gynophage> didn't they not? Or didn't they not not?
[17:42:59] <withzombies> its expensive to run that thing
[17:43:01] <withzombies> :P
[17:44:40] *** Joins: gael (~gael@2a01:e34:ec02:c450:c549:5f31:7810:8596)
[17:44:56] *** Quits: SandwichMan ([email protected]) (Client Quit)
[17:45:14] *** Quits: WebIRC58849 ([email protected]) (Client Quit)
[17:45:23] *** Quits: attila ([email protected]) (Remote host closed the connection)
[17:47:31] <gynophage> us-east easier went down. Just bounced it.
[17:47:42] *** Quits: wahrwolf ([email protected]) (Ping timeout: 252 seconds)
[17:47:52] *** Quits: fff (~02@2a02:a317:c940:2b00:4cac:f85a:c0d0:e100) (Client Quit)
[17:48:20] <anotherctfer> lmao friday dubstep!!!
[17:48:21] *** Quits: zzoru ([email protected]) (Ping timeout: 252 seconds)
[17:49:26] *** Quits: soul8 ([email protected]) (Client Quit)
[17:49:35] *** Joins: WebIRC84753 ([email protected])
[17:52:04] *** Joins: WebIRC63991 ([email protected])
[17:52:42] *** Joins: WebIRC1712 ([email protected])
[17:52:42] *** Joins: rhydis ([email protected])
[17:53:28] *** Quits: WebIRC87800 ([email protected]) (Client Quit)
[17:54:05] <WebIRC1712> Hello? I'd like to ask about badger privately. Who should I ask to?
[17:54:45] *** Joins: stuart091 ([email protected])
[17:55:12] *** Joins: n00000b ([email protected])
[17:56:48] *** Joins: zzoru ([email protected])
[17:57:57] <gynophage> WebIRC1712: You can ask me.
[18:00:23] *** Quits: WebIRC83603 ([email protected]) (Client Quit)
[18:00:28] *** Quits: WebIRC84753 ([email protected]) (Client Quit)
[18:01:05] <vito> just about food time at legitbs hq
[18:01:07] <vito> https://pbs.twimg.com/media/CjFcx34VEAAz1An.jpg:large
[18:01:24] *** Quits: breadsticks ([email protected]) (Ping timeout: 240 seconds)
[18:01:46] <n00000b> having troubles with easy-prasky. can't figure out how to segfault, but not destroy the canary
[18:01:51] <vito> ok
[18:02:16] <vito> are you using a debugger with it?
[18:02:19] <vito> if not… you should, heh
[18:02:20] * [w33]Luwenth sites with n00000b.  
[18:02:36] <[w33]Luwenth> gdb and r2 to look at it :)
[18:02:42] <salls> vito: easier is down, we're kinda close but I think we keep knocking it offline :/
[18:03:00] <vito> que region?
[18:03:11] <salls> US
[18:03:19] <laxa> vito: you are french ? :D
[18:03:23] *** Joins: WebIRC84753 ([email protected])
[18:04:03] <jvoisin> "que region" produces a parsing error in French
[18:04:10] *** Parts: nwx ([email protected]) ()
[18:04:11] *** Joins: nwx ([email protected])
[18:04:12] <vito> http://67.media.tumblr.com/965848047ff984dd97bdfc9c043a9c7b/tumblr_inline_o6tw0dieqY1ryl9fq_500.jpg
[18:04:19] <laxa> if you had the 'l', then it works, I know you are french jvoisin
[18:04:24] <laxa> -had+add
[18:04:51] *** Quits: WebIRC63991 ([email protected]) (Client Quit)
[18:05:19] *** Quits: WebIRC84753 ([email protected]) (Client Quit)
[18:05:51] <[w33]Luwenth> vito: I kinda like that ida...
[18:05:55] <[w33]Luwenth> (idea)
[18:10:40] *** Joins: breadsticks ([email protected])
[18:10:51] <Lightning> we now give a 3d rainbow dickbutt homer combo in the VR drawing area
[18:14:19] *** Joins: cx ([email protected])
[18:17:21] *** Joins: WebIRC42855 ([email protected])
[18:18:00] <nwx> ^_^
[18:20:11] <Lightning> food is here, we might become unavailable :P
[18:20:39] *** Joins: Admir4l ([email protected])
[18:26:01] *** Quits: bono ([email protected]) (Client Quit)
[18:28:33] *** Joins: exploit7002 ([email protected])
[18:29:33] *** Quits: v1d ([email protected]) (Client Quit)
[18:31:27] <Lightning> 1.5 hours, just a reminder :)
[18:31:49] * nwx notices ubuntor is here
[18:35:38] *** Quits: Ninn ([email protected]) (Client Quit)
[18:37:22] *** Joins: Lightning_ ([email protected])
[18:37:22] *** ChanServ sets mode: +o Lightning_
[18:38:53] <[w33]Luwenth> Love Galdys! 
[18:39:06] <[w33]Luwenth> I wondered if glados was a reference to the insane robot overlordess :) 
[18:39:12] <Lightning_> oooo, i know what i’m adding to the play list
[18:39:20] <Lightning_> [w33]Luwenth: ever compete in GiTS?
[18:39:28] <[w33]Luwenth> Not that I recall... 
[18:39:32] *** Joins: immerse ([email protected])
[18:39:49] <Lightning_> then you’ll enjoy a variation of this in a few
[18:40:00] <Lightning_> i did a forensics challenge on this song
[18:40:01] * nwx wonders if i could get at least 1 point before the end :(
[18:40:05] <[w33]Luwenth> I think the team has decided this will be the year where we'll be practicing a bit more.   Get used to the tools and techniques, walk in with much better 'prep' 
[18:40:24] *** Quits: Lightning ([email protected]) (Ping timeout: 240 seconds)
[18:40:24] *** Lightning_ is now known as Lightning
[18:40:25] <Lightning> a wise thing to do
[18:40:38] <gynophage> [w33]Luwenth: Then you'll kick ass in 2017, the year of the Linux desktop.
[18:40:52] <[w33]Luwenth> gynophage: That might put me to sleep... 
[18:41:03] <[w33]Luwenth> nwx: The min points you can earn right now is kxcd @ 21. 
[18:41:08] *** Quits: WebIRC44242 (~02@2a02:a317:c940:2b00:4cac:f85a:c0d0:e100) (Client Quit)
[18:41:08] <[w33]Luwenth> But if you solve it then it will be worth less.
[18:41:24] <nwx> yeah :/
[18:42:12] <gynophage> But that does qualify as "at least 1"
[18:43:10] <Lightning> [w33]Luwenth: try this on, should go watch :)
[18:43:53] <Lightning> i had to hand type all of those symbols in the corner then time them properly
[18:45:12] *** Joins: FADEC0D3 ([email protected])
[18:45:12] <[w33]Luwenth> Lightning: I should try to get some point or my team in thel last 1:15 ... I'm actually feeling like I'm close for the first time this weekend
[18:45:31] <Lightning> then go work and just listen :)
[18:45:36] * nwx is totally lost
[18:46:02] <Lightning> nwx: the song playing was a challenge in GiTS a few years ago
[18:46:05] <[w33]Luwenth> Lightning: Just peeked.   You rat bastard :)
[18:46:07] <Lightning> that i created
[18:46:26] <Lightning> Portal 2 for GiTS up next
[18:47:54] *** Quits: rg ([email protected]) (Ping timeout: 240 seconds)
[18:47:55] *** Quits: AlissonB ([email protected]) (Read error: Connection reset by peer)
[18:48:00] <ar1s> for DC, is it the plan that there will only be CGC binaries, or usual stuff too ?
[18:49:38] <gynophage> Only CGC.
[18:49:39] *** Joins: rg ([email protected])
[18:49:53] <ar1s> yeaah
[18:50:02] <gynophage> If there's others, it would be disingenuous to say "humans won" or "computers won"
[18:50:22] <gynophage> The others could have distracted the humans. Or would have added points that were impossible for the computers to get.
[18:50:36] <mserrano> even within just CGC depending on the design of the game it seems like it could be weighted in either direction
[18:50:42] <mserrano> (fwiw I know very little about CGC but)
[18:50:50] <mserrano> like if you had a million trivial binaries the computers would probably win
[18:50:55] <gynophage> We've always had the option to "throw" the game.
[18:51:04] <gynophage> Even in human vs human games.
[18:51:19] <gynophage> Want HatesIrony to win? Bunch of Windows challenges.
[18:51:48] <mserrano> right
[18:51:59] *** Joins: timpwn (anon1@gateway/tor-unverified)
[18:52:01] *** Joins: dqi ([email protected])
[18:52:01] <vito> That's why we have a zillion CGC challenges this year, to get y'all to prepare for it
[18:52:07] <mserrano> want DEFKOR to win again? every problem is a browser :P
[18:52:26] <gynophage> I'm not really interested in throwing the game. I spend too much time on this shit.
[18:52:29] *** Joins: b3h3m0th ([email protected])
[18:52:39] <b3h3m0th> hello
[18:52:53] <gynophage> Or, just throw the game to some team in exchange for a black badge.
[18:52:55] <b3h3m0th> whom can I contact for issues regarding feedme ?
[18:53:02] <mserrano> don't you already have like 3
[18:53:15] <gynophage> Fine. A jacket.
[18:53:17] <gynophage> Mine's ripped. ;(
[18:53:20] *** Quits: stuart091 ([email protected]) (Ping timeout: 252 seconds)
[18:53:30] <mserrano> so's mine sadly
[18:53:44] <gynophage> Or ${other thing}
[18:53:51] <[w33]Luwenth> gynophage: went hulk-tastic while wearing his fav. jacket
[18:54:08] <gynophage> I went bulktastic. Food is delicious.
[18:54:17] <gynophage> :\
[18:54:30] <Lightning> We have all types of ties in various groups due to years of playing and now running, we want to put on a good game and get people thinking. This is why we try to do unique things each year. First arm, then arm + physical hardware badge created by us (FPGA with MSP430), then 5 architectures, and now CGC.
[18:54:50] <Lightning> we don’t want to favor anyone
[18:55:16] <gynophage> We'll very likely do what we do every year.
[18:55:20] *** Quits: bool101 ([email protected]) (Client Quit)
[18:55:34] <gynophage> Make interesting challenges inspired by stupid shit we've seen in our adventures in IDA.
[18:57:22] *** Quits: rg ([email protected]) (Ping timeout: 252 seconds)
[18:57:25] *** Joins: bool101 ([email protected])
[18:58:39] <nwx> http://www.ytcracker.com/music/spamtec%20-%20delilah.mp3
[18:59:12] *** Quits: rhydis ([email protected]) (Ping timeout: 252 seconds)
[18:59:12] *** Joins: rg ([email protected])
[18:59:34] <gynophage> bool101: An hour left. You gonna pop something out?
[19:00:03] <Lightning> Friendly reminder, 1 hour left. No pressure, just fighting for a slot into finals :)
[19:00:22] <[w33]Luwenth> Or a spot on the board itself!
[19:00:30] <nwx> ^
[19:02:54] *** Quits: dinggul ([email protected]) (Client Quit)
[19:02:54] <anotherctfer> or a score
[19:02:56] <anotherctfer> :D
[19:03:23] <gynophage> I get to sleep soon.
[19:03:25] <gynophage> :)
[19:03:42] *** Quits: jawaharlal (uid120577@2604:8300:100:200b:6667:5:1:d701) (Client Quit)
[19:05:02] *** Joins: WebIRC63991 ([email protected])
[19:05:28] <Gynvael> easier up?
[19:05:47] <Gynvael> gynophage: ^ :)
[19:06:03] <Gynvael> EU
[19:06:09] *** Parts: offline ([email protected]) ()
[19:06:21] *** Joins: stuart091 ([email protected])
[19:06:26] <gynophage> Gynvael: Fire.
[19:06:29] <Gynvael> thanks!
[19:07:38] *** Joins: patcdr ([email protected])
[19:08:20] *** Quits: unused ([email protected]) (Remote host closed the connection)
[19:10:06] <Lightning> 50
[19:10:45] <[w33]deorth> I fucking hate stack math
[19:11:46] <ar1s> stack math > stock meth
[19:13:04] *** Quits: rrddd ([email protected]) (Client Quit)
[19:13:17] <salls> gynophage: easier in US seems down again
[19:13:30] *** Joins: WebIRC66557 ([email protected])
[19:14:15] *** likestoplay is now known as borski
[19:14:24] <gynophage> salls: Back up.
[19:14:33] <salls> thanks
[19:14:42] <salls> sorry for always knocking it down :p
[19:14:49] <WebIRC66557> i wonder heapfun4u~~
[19:14:58] <Lightning> it’s fun :)
[19:16:33] *** Quits: WebIRC63991 ([email protected]) (Client Quit)
[19:17:05] <ccm> so, where is web challenges?
[19:17:21] <ccm> sqlmap didn't work on other challenges
[19:17:32] <WebIRC66557> is there web challenges ?
[19:17:39] <ccm> yeah admins keep hiding them
[19:17:41] <vito> haha good one
[19:17:46] <ccm> you need sqlmap with xss support for it
[19:17:56] <ccm> ;)
[19:17:58] <WebIRC66557> which one
[19:18:05] <ccm> WebIRC66557: secret as i said
[19:18:10] <ccm> you need sqlmap
[19:18:17] <WebIRC66557> i only found lots of cgc
[19:18:19] <ccm> but add support for XSS via beef framework for auto exploiting
[19:18:29] <ccm> yeah you can solve cgc with xss but don't tell anyone
[19:18:37] *** Joins: WebIRC76167 ([email protected])
[19:22:57] *** Quits: zzoru ([email protected]) (Ping timeout: 252 seconds)
[19:24:07] <Lightning> tick tock
[19:24:19] <gynophage> justintime, DERPA got...justintime
[19:24:29] <gynophage> That'd be a terrible name for a human.
[19:24:35] <gynophage> "Hi, I'm Justin Time"
[19:26:06] <ReidB> I've gotta admit, seeing DERPA vs DARPA in finals would be entertaining...
[19:26:23] <gynophage> I guess.
[19:27:40] <[w33]Luwenth> gynophage: I think I met someone with that name a long long time ago.
[19:27:52] <[w33]Luwenth> And the typo wins!
[19:29:18] *** Quits: structure ([email protected]) (Client Quit)
[19:29:27] <vito> Lightning: https://www.doomworld.com/vb/post/1586811
[19:31:10] <Lightning> 30 minutes!
[19:31:24] *** Quits: t1deman ([email protected]) (Ping timeout: 240 seconds)
[19:31:40] <WebIRC22159> any hints for secrf so we can make defkor look bad
[19:31:50] <borski> any hints for defcon?
[19:31:53] <borski> how do i win?
[19:31:58] <gynophage> WebIRC22159: Yes, the flag is in a file named "flag"
[19:32:15] <WebIRC22159> gynophage: right! that's probably what they're missing. thanks!
[19:33:27] <withzombies> i liked 'key'
[19:33:30] <withzombies> because keys are secret
[19:33:32] <withzombies> and they unlock things
[19:33:38] <withzombies> they're definitely more valuable than flags
[19:33:51] <gynophage> But it's not a key party.
[19:33:52] <[w33]Luwenth> anyone can make a flag 
[19:33:53] <gynophage> It's a capture the flag.
[19:33:53] <WebIRC22159> ppp's secret revealed
[19:34:00] <withzombies> when the real cyber starts, we don't be stealing flags
[19:34:12] <WebIRC22159> capture the pov
[19:34:13] <ar1s> we'll be writing xml's
[19:34:33] <ar1s> "Defcon's Write-the-xml challenge"
[19:34:40] <vito> so write c instead
[19:34:46] <WebIRC22159> xxe in the scoring server
[19:34:47] <sewilton> vito: Can you revert your tie breaking fix from Friday? I want to see ricky's face when he wakes up to second place
[19:34:54] <wyatt_earp> ​( ಠ益ಠ)=ε/̵͇̿̿/’̿’̿ ̿ ̿̿ ̿̿ ̿̿ -= ⊏cyber⊃
[19:34:57] <WebIRC22159> real web chal
[19:34:59] <vito> sewilton: can, yes. will? no
[19:35:09] <gynophage> When's he going to wake up?
[19:35:10] <vito> wizard bullets
[19:35:18] <vito> when september ends
[19:35:37] <WebIRC22159> vito: that would also swap samurai and defkor!
[19:35:45] <WebIRC22159> it's all roses
[19:35:48] *** Joins: t1deman ([email protected])
[19:36:09] *** Quits: lenerd ([email protected]) (Ping timeout: 252 seconds)
[19:36:26] <Lightning> vito: https://www.youtube.com/watch?v=kpk2tdsPh0A
[19:37:15] <sewilton> Did we just become defkor
[19:37:46] <Gynvael> so many defkors...
[19:38:09] <sewilton> Pretty sure defkor has 6228 points and should be in first
[19:38:11] <WebIRC22159> 9447 might shoot up still
[19:38:12] <sewilton> I think your scoring is broken
[19:38:16] <mserrano> all the defkors
[19:38:39] <WebIRC22159> when is livectf
[19:39:09] *** Quits: Dor1s ([email protected]) (Client Quit)
[19:39:23] <[w33]Luwenth> And at the wire, w33t34m puts points on the board! :) 
[19:39:30] <jsc> Lightning: that guy is far too leet
[19:39:32] <[w33]Luwenth> God I should have figured that out hours ago :( 
[19:39:47] <Lightning> that is the type of things i enjoy toying with
[19:39:53] <vito> [w33]Luwenth: dangit you're beating me
[19:39:56] <Lightning> and you wonder where my ideas come from at times :P
[19:39:59] <WebIRC22159> lol vito
[19:40:01] <jsc> I spent a whole day watching his videos. He's too hardcore
[19:40:21] <[w33]Luwenth> You did babys-re?  I looked at that one, but got lost in the mangled mess I saw there.
[19:40:33] <sewilton> Looks like ppp isn't going to qual this year
[19:40:44] <vito> but gynophage is!
[19:40:51] *** Quits: exploit7002 ([email protected]) (Client Quit)
[19:41:04] <stypr> ppp disappeared
[19:41:16] <Ymgve> rippp
[19:41:17] <dropkick> were they ever really here?
[19:41:20] <nwx> ??
[19:41:27] <[w33]deorth> we are redeemed!
[19:41:38] *** Joins: kkk ([email protected])
[19:41:43] *** Joins: P1kachu ([email protected])
[19:41:45] <stypr> all of a sudden, samurai is higher than defkor. maybe the scoreboard is drunk
[19:41:47] <WebIRC22159> vito: does this mean we have to sit by ppp
[19:42:04] <stypr> omg
[19:42:09] <WebIRC22159> vito is drunk
[19:42:10] <stypr> no drug on scoreboard please
[19:42:15] <WebIRC22159> WHO WINS
[19:42:19] <Lightning> HAHAHA
[19:42:19] <mserrano> oh man rip us
[19:42:25] <mserrano> lol everyone is vito
[19:42:26] <ar1s> is that the blind last 20 minutes ?
[19:42:27] <sewilton> i think the scoreboard is bugged
[19:42:30] <[w33]deorth> so.. baby-re
[19:42:31] <WebIRC22159> vito has 100k points
[19:42:34] <[w33]deorth> fuck that shit
[19:42:42] <[SaH]NGG> i'm vito yeah
[19:42:43] <WebIRC22159> vito is the final boss
[19:42:43] <gynophage> Scoreboard looks good to us.
[19:42:45] <dropkick> nobody qualified
[19:42:56] <WebIRC22159> gynophage: any tips for vito 436
[19:42:59] <jsc> vito seems to be doing pretty well this year
[19:43:00] *** Joins: mak ([email protected])
[19:43:03] <gynophage> Now vito finally knows what it's like to be on top of a CTF scoreboard.
[19:43:04] <crowell> dang gj vito
[19:43:05] <mak> ohai!
[19:43:06] <stypr> vito, vito, vito, vito, vito, vito, vito, ... got qualified
[19:43:08] <sewilton> WebIRC22159: try running sqlvito on it
[19:43:08] <[SaH]NGG> :)
[19:43:08] <[w33]deorth> seems legit
[19:43:14] <WebIRC22159> vito makes a last minute solve
[19:43:15] <gynophage> https://i.ytimg.com/vi/LiAaAhlmM8o/maxresdefault.jpg
[19:43:15] <stypr> qualified: ['vito']*15
[19:43:22] <WebIRC22159> you should post an announcement
[19:43:32] <WebIRC22159> vito solved <chal that doesn't exist>
[19:43:42] *** Joins: jinmo123 ([email protected])
[19:43:57] <[SaH]NGG> inferior human team 22 ftw
[19:43:58] <[w33]Luwenth> Hey, it looks good to me.   It's all vito and then w33t34m is the 2nd name, so we qualified!!!! 
[19:44:05] <WebIRC22159> how do you pick the numbers
[19:44:08] <[w33]deorth> totes legit
[19:44:13] *** Joins: jinblack ([email protected])
[19:44:14] *** Quits: add1ct ([email protected]) (Read error: Connection reset by peer)
[19:44:19] <WebIRC22159> ppp is actually already robots
[19:44:27] <jinmo123> aww
[19:44:36] <WebIRC22159> and bloop took 97 seconds for a cgc solve
[19:44:39] *** Joins: rhydis ([email protected])
[19:44:40] <jinmo123> why RF prob is almost everywhere nowadays
[19:44:41] <[w33]Luwenth> only cgc competitors are qualified this year
[19:44:43] <dropkick> We made the difficult decision to not accept any qualifying teams from DEFCON quals.  While the contest went spectacularly well, there was never any real intention of qualifying anybody else.  Legitimate Business Syndicate has nothing but the complete and utmost respect for the DEFCON quals and we hope to promote and work with them again in the future.
[19:44:43] <vito> i solved the sql injection challenge
[19:45:14] <[w33]Luwenth> waitwut, there was an SQLI? 
[19:45:18] <[w33]Luwenth> Bring back web!!!! :) 
[19:45:23] *** Joins: bic ([email protected])
[19:45:24] *** Quits: stuart091 ([email protected]) (Ping timeout: 240 seconds)
[19:45:29] <WebIRC22159> social engineering challenge
[19:45:35] <vito> used the `psql` tool to find a sql injection vuln
[19:45:36] <gynophage> vito found a box he could type sql in to and fuck up the scoreboard.
[19:45:41] *** Quits: eegeek (~eegeek@hackint/user/eegeek) (Remote host closed the connection)
[19:45:44] <[w33]deorth> :)
[19:45:50] <WebIRC22159> execve('/bin/psql', null, null)
[19:46:30] <Ymgve> ohhey, it seems like this is actually happening https://www.coursera.org/course/crypto2
[19:46:31] <WebIRC22159> is the scoreboard a cgc cb
[19:46:36] <cao> WebIRC22159: that won't work on busybox
[19:46:41] <vito> Ymgve: lol good one
[19:46:41] *** Joins: add1ct ([email protected])
[19:46:52] <WebIRC22159> cao busybox doesn't have psql
[19:47:00] <cao> yours might not
[19:47:24] <jinmo123> in fact, busybox has psql!
[19:47:38] <sewilton> It's /bin/pgsh
[19:48:17] <[w33]deorth> @gynophage: how many teams actually got points ?
[19:48:29] <withzombies> at least 25
[19:48:30] <gynophage> http://2016.legitbs.net/scoreboard/complete
[19:48:32] <sewilton> [w33]deorth: https://2016.legitbs.net/scoreboard/complete
[19:48:34] <[w33]deorth> aha.. thanks!
[19:48:52] <WebIRC22159> defkor is asleep?
[19:49:24] *** Quits: WebIRC13502 ([email protected]) (Client Quit)
[19:49:44] <vito> yeah it's like 9am there
[19:49:57] <[SaH]NGG> 276 teams
[19:49:57] *** Joins: WebIRC76102 ([email protected])
[19:50:20] <_2can> [SaH]NGG: dickwad
[19:50:28] <[w33]deorth> how many registered ?
[19:50:46] <jinmo123> I hate RF
[19:51:08] <Lightning> 10 MINUTES!
[19:51:10] <WebIRC22159> quick devalue secrfrevenge so it's worth negative points
[19:51:16] <jinmo123> aww, for real, RF EVERYWHWEREDSFSDFSDF!
[19:51:40] *** Quits: offw0rld ([email protected]) (Client Quit)
[19:51:59] *** Joins: [SaH]vasporig ([email protected])
[19:52:09] <jinmo123> @WebIRC22159 charming idea
[19:52:22] <WebIRC22159> just needs 1000 submits
[19:53:04] *** Quits: hexife ([email protected]) (Client Quit)
[19:53:08] <WebIRC22159> 9447 has five minutes to come in second
[19:55:06] <b2xiao> 5 minutes
[19:55:07] *** _2can is now known as [SpamAndSex]_2can
[19:55:17] <jinmo123> the final countdown
[19:55:19] <[w33]deorth> there it is :)
[19:55:28] <vito> http://music.legitbs.net/
[19:55:36] <Ymgve> I got hit buy ctf fatigue at the end
[19:55:40] <jinmo123> It's the final countdown!!!!!!!!!!!!
[19:55:45] <[SaH]NGG> his site can’t be reached
[19:55:45] <[SaH]NGG> music.legitbs.net refused to connect. :(
[19:55:48] <[SaH]NGG> oops
[19:55:53] <WebIRC22159> stop solving chals you're increasing ppp's lead by diluting everyone
[19:55:53] <vito> llmmmaaaaooo
[19:55:53] <Ymgve> "what's the use starting a new challenge, I won't finish it in time"
[19:55:54] <jinmo123> me too :(
[19:55:56] <Lightning> stupid music site!
[19:56:03] <hoju> but but its the final countdown
[19:56:12] *** Joins: whoisj0hngalt ([email protected])
[19:56:13] <Lightning> at least we got it started before :)
[19:56:19] *** Joins: digitalseraphim ([email protected])
[19:56:22] <gynophage> lol, musiqpad ate a dick.
[19:56:24] <[w33]Luwenth> premature countdown?
[19:56:30] <[w33]deorth> hate it when that happens
[19:56:31] <gynophage> Nope.
[19:56:40] *** Quits: repnzscasb ([email protected]) (Quit: bye)
[19:56:41] <[w33]deorth> they played the rock bar in san jose a while back
[19:56:47] <[w33]deorth> I was so tempted to go but I only know one song
[19:57:03] <ReidB> they have more then one song?
[19:57:12] <[w33]Luwenth> Well, they have one final song :)
[19:57:13] <Lightning> i think we overloaded the music site :p
[19:57:19] <[w33]deorth> plus it was $90 for the reserved seats, and only *$70* to meet and greet the band
[19:57:23] <[w33]deorth> which is.. amusing ;)
[19:57:51] <[w33]deorth> they had two songs that were big IIRC
[19:58:00] <dave0x6d> almost over eh?
[19:58:13] <Lightning> lesson learned, don’t ever use nodejs/musicpad
[19:58:30] <[w33]Luwenth> It survived most of the weekend... why are you dissing on it now?
[19:58:35] <jinmo123> woah, score is changing fastly
[19:58:41] <Lightning> you didn’t see the number of times we had to restart it
[19:58:59] *** Joins: WebIRC63991 ([email protected])
[19:59:09] *** Joins: WebIRC66970 ([email protected])
[19:59:37] <WebIRC22159> will you release web chal now
[19:59:51] <Lightning> 9
[19:59:52] <Lightning> 8
[19:59:53] <Lightning> 7
[19:59:54] <Lightning> 6
[19:59:54] <Lightning> 5
[19:59:55] <Lightning> 4
[19:59:55] <[w33]Luwenth> There's a node app that will monitor your service and restart it... maybe it's called: forever
[19:59:56] <sirgoon> 4
[19:59:56] <Lightning> 3
[19:59:56] <sirgoon> 3
[19:59:57] <Ymgve> yes, a web chal and you have to solve it in 5 secs
[19:59:57] <sirgoon> 2
[19:59:57] <Lightning> 2
[19:59:58] <Lightning> 1
[19:59:58] <sirgoon> 1
[20:00:00] <sirgoon> !!!!!!!!!!!
[20:00:01] <Lightning> GAME OVER!
[20:00:02] <WebIRC22159> PPP WINS
[20:00:03] <rhydis> gg everyone
[20:00:04] <spq> ty for the ctf!
[20:00:05] <hj> woohoo
[20:00:08] <mserrano> gg all
[20:00:08] <sirgoon> gg
[20:00:09] <Ymgve> gg
[20:00:11] <[w33]deorth> thanks guys.. awesome contest once again
[20:00:19] <esanfelix> nice, gg everyone :)
[20:00:20] <ccm> where is web challenge?
[20:00:24] <sirgoon> lol
[20:00:27] <esanfelix> www.google.com
[20:00:28] <ar1s> :(
[20:00:28] <ricky> Woo, good game
[20:00:29] <zardus> holy shit
[20:00:31] <ccm> ah thx :D
[20:00:31] <[SaH]NGG> congratz for the last minute solves :P
[20:00:34] <zardus> submission with *3* seconds left
[20:00:37] <ltfish> OMG
[20:00:38] <Lightning> Anyone that has questions about b3s23, crippled, glados, time sink,  kiss, or crunchtime PM me as i will probably miss it here
[20:00:41] <sirgoon> for what?
[20:00:41] <soen> gg
[20:00:43] <WebIRC66970> ooooh!
[20:00:50] <zardus> sirgoon: crunchtime
[20:00:51] <ltfish> got the flag at 17 secs
[20:00:51] <b2xiao> gg everyone
[20:00:51] <ltfish> ...
[20:00:52] <cao> last flag :D
[20:00:54] <sirgoon> nice!
[20:00:56] <esanfelix> can someone share what was the vuln in glados ?
[20:00:58] <Ymgve> Lightning: what was the _best_ way to solve time sink?
[20:00:58] <sewilton> Good game! Nice job with running it this year
[20:01:00] <ltfish> thanks to all organizers
[20:01:00] <Gynvael> gg :)
[20:01:01] <cao> that was absurd here
[20:01:02] <dave0x6d> write up for baby-re. https://twitter.com/DaveManouchehri/status/734534485576974340
[20:01:05] <esanfelix> well, whatever they exploited :)
[20:01:06] <ltfish> good game
[20:01:07] <[SaH]vasporig> what about easier?
[20:01:07] <[w33]deorth> ok, what was the secret with baby-re ?
[20:01:08] <jason_____> how you guys solved time_sink?
[20:01:10] *** Joins: WebIRC52470 ([email protected])
[20:01:10] <ltfish> qualified!
[20:01:12] <zardus> sirgoon: it was really racing against the clock with bandwidth
[20:01:16] <WebIRC41899> gg
[20:01:18] <Murmus> wtb kiss answer
[20:01:18] <b2xiao> glados: raw data core doesn't initialize data
[20:01:19] <jinmo123> angr rules
[20:01:19] <cao> thanks @legitbs
[20:01:21] <[w33]deorth> no way I was going to plow thru all that math in CheckSolution
[20:01:22] <Ymgve> jason_____: found the speed factor and watched it at 100x speed
[20:01:25] <mandlebro> crippled any1?
[20:01:26] <vito> dave0x6d: nice
[20:01:27] <Murmus> Lightning: are you the one responsible for glados?
[20:01:28] <[SaH]NGG> gg
[20:01:29] <Lightning> Ymgve: unpack it, speed up the time in the loop to watch it on fast as each frame was based on time
[20:01:32] <jsc> oh whoa, there was a ctf going on?!
[20:01:32] <Lightning> Murmus: yes
[20:01:37] <[SaH]vasporig> easier, someone  ?
[20:01:38] <ricky> So pillpusher... was there an unintended bug?
[20:01:45] <sewilton> Ymgve: We watched it at 100x speed and recorded to Fraps so we could seek back and forth
[20:01:46] <hj> must have been
[20:01:52] <hj> how did you solve it?
[20:01:56] <WebIRC66970> teach easy-prasky,plz
[20:01:56] <Ymgve> Lightning: heh, I thought it might be possible to decompile scripts or something
[20:01:56] <[SaH]NGG> did you know that for legit0004_patch you could send the original binary?
[20:01:59] <ricky> Because DEFKOR beat us to that by a lot!
[20:01:59] <[SaH]NGG> and you got the flag
[20:02:01] <Gynvael> easier <--- wow ;)
[20:02:06] *** Joins: WebIRC42810 ([email protected])
[20:02:07] <esanfelix> Lightning: what was the intended solution for glados? I was trying to do a double free due to uninitialized mem after delete - add - delete...
[20:02:10] <ricky> We overwrite DF, write zero over pill list capacity
[20:02:12] <Gynvael> thanks for the awesome ctf guys :)
[20:02:12] <Ymgve> [SaH]NGG: haha, lol
[20:02:14] <hj> yeah I was surprised they finished in an hour
[20:02:16] <ricky> Er, set DF
[20:02:16] <[SaH]NGG> i don't think it was intended :D
[20:02:17] <[w33]Luwenth> btw, radare2 lost iz again :( 
[20:02:18] <Ymgve> [SaH]NGG: should have tried that
[20:02:31] <Ymgve> what _was_ the bug in legit00004 btw?
[20:02:31] <Admir4l> in last Minute 
[20:02:31] <ricky> So I'm dying to know if they either figured that out so fast, or if there was an easy bug we missed
[20:02:34] <Admir4l> found baby-re 
[20:02:37] <Admir4l> flag :'(
[20:02:40] <Admir4l> but not solved !! 
[20:02:41] <[w33]deorth> tell me how you got baby-re
[20:02:43] <[w33]Luwenth> Awwww... 
[20:02:43] <ar1s> we were at 10' close from having glados :(
[20:02:43] <sewilton> Congrats ricky tylerni7 and co. You guys killed it :)
[20:02:43] <Admir4l> :(
[20:02:44] <gynophage> Baby-RE secret: https://github.com/legitbs/quals-2016/tree/master/baby-re
[20:02:46] <mserrano> esanfelix: I think that'show we did it
[20:02:47] *** Joins: WebIRC40217 ([email protected])
[20:02:47] <[w33]deorth> thanks :)
[20:02:48] <Admir4l> w3333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333
[20:02:50] <[SpamAndSex]_2can> [SaH]NGG: no way dude
[20:02:51] <ltfish> angr got first blood on two re challenges :-)
[20:02:53] <b2xiao> sewilton: thanks
[20:02:53] <Admir4l> NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO
[20:02:54] <Admir4l> :(
[20:02:56] *** Quits: vhost- ([email protected]) (Remote host closed the connection)
[20:02:57] <Admir4l> i lost
[20:02:59] <Admir4l> :-(
[20:03:00] <Admir4l> :'(
[20:03:01] <Admir4l> :'(
[20:03:02] <Admir4l> :'(
[20:03:02] <Admir4l> :'(
[20:03:03] <Admir4l> :'(
[20:03:04] <Admir4l> :'(
[20:03:05] *** anotherctfer was kicked by gynophage (anotherctfer)
[20:03:06] <esanfelix> mserrano: i couldn't get past the ABORTs ... stupid me
[20:03:07] <gynophage> Err.
[20:03:09] *** Joins: vhost- ([email protected])
[20:03:13] <Lightning> esanfelix: use the data array negative read to read memory, allocate buffers and release them then allocate another module (think the raw buffer one) that would free the pointer if it was assigned although i never set the pointer on load of hte module so a controlled pointer to free
[20:03:14] <Ymgve> my pretty b3s23 solution http://pastebin.com/pDvDLxw5
[20:03:14] <mserrano> rip anotherctfer
[20:03:17] <Admir4l> baby-re :'(
[20:03:20] *** Quits: WebIRC42810 ([email protected]) (Client Quit)
[20:03:33] <spq> how to actually run time_sink? we were unable to run it under various windows versions in vms and on physical pcs
[20:03:39] <nwx> gynophage: kicked the wrong person?
[20:03:43] <esanfelix> Lightning: ok i was trying to do that
[20:03:44] <soen> thanks for opensourcing everything
[20:03:47] <gynophage> Tab happy.
[20:03:48] <esanfelix> didn't finish it though
[20:03:49] <b2xiao> Ymgve: fancy
[20:03:50] <dave0x6d> gynophage: huh, what anti reversing things were in it? I didn't run across any.
[20:03:57] <Gynvael> spq: some version of windows 7 with full updates did work and was enough to get it unpacked
[20:04:04] <Gynvael> spq: unpacked worked everywhere basically
[20:04:11] <Lightning> btw: Time sink was suppose to be 48.5 hours long, i missed a letter and didn’t catch it hence the 21 hour run
[20:04:13] <gynophage> dave0x6d: If you used binary ninja you didn't see them.
[20:04:21] <dave0x6d> ahh
[20:04:22] <Ymgve> spq: did you place the required dll in the directory of the binary?
[20:04:24] <Lightning> esanfelix: check our repo, my exploit is there. we put everything up :)
[20:04:26] <WebIRC22159> lol
[20:04:34] <spq> damn, we dont work with windows very often so have no up to date machines :D
[20:04:36] <esanfelix> ricky: i used a stack buffer overflow when constructing scrip for pillpusher
[20:04:38] <Lightning> nevermind, gyno took the exploits out
[20:04:48] <hj> in case you didn't see the twitters https://github.com/legitbs/quals-2016
[20:04:51] <wyatt_earp> imma fork that repo, repos love forks
[20:04:56] <borski> what was the solution for secrfrevenge??
[20:04:58] <ricky> esanfelix: Yeah, but then the only thing you can easily overwrite is overwriting DF right? (or did we screw up our math?)
[20:05:03] <hj> how big of an overflow did you get esanfelix
[20:05:04] *** Quits: bic ([email protected]) (Client Quit)
[20:05:07] <ricky> Rather, overwriting eflags to set df
[20:05:08] <Gynvael> Lightning: btw, top8 qualify, or 8 unqualified-yet teams?
[20:05:14] <esanfelix> ricky: yeah eflags, yeah
[20:05:15] <esanfelix> indeed
[20:05:21] <Gynvael> Lightning: wondering if we should celebrate or be sad ;)
[20:05:21] <vito> Gynvael: the latter
[20:05:26] <Gynvael> vito: thanks :)
[20:05:27] <esanfelix> so overwrite eflags to prevent the trapping
[20:05:29] <vito> i'll be punching up the spreadsheet on that… later this week
[20:05:33] <ricky> OK, so the two solutions we know of used DF - super curious whether there was another bug.
[20:05:37] <Lightning> esanfelix: my exploit didn’t double free, it created fake allocated blocks to give me 4 byte writes anywhere
[20:05:42] <[SpamAndHex]KT> @vito: and b1o0p is blue-lotus or not? :P
[20:05:45] <Lightning> i used that to rewrite the stack
[20:05:45] <Ymgve> anyone solve b3s23 with a pattern that was _not_ stable?
[20:05:51] <esanfelix> Lightning: i see, that should be easier
[20:05:52] <Admir4l> just 10 teams qualified to DEFCON or what ?
[20:06:02] *** Quits: RoMaNSoFt ([email protected]) (Remote host closed the connection)
[20:06:02] <esanfelix> add_pill(mypills[1], 1, 1, ['constipation'])
[20:06:03] <esanfelix> OFF = 0x2f0
[20:06:03] <esanfelix> eflags = 0x0101010101010246
[20:06:04] <esanfelix> mypills.append("A"*2 + p64(eflags) +p64(leak - OFF))
[20:06:08] <ricky> esanfelix: Wait, did you use DF or not? We didn't do anything other than not setting the trap flag
[20:06:09] <esanfelix> ricky: that's what i did
[20:06:20] <WebIRC22159> if shellphish wins cgc does a new team qual
[20:06:22] <Murmus> Admir4l: possibly slightly more
[20:06:22] *** Quits: lefu ([email protected]) (Client Quit)
[20:06:23] <WebIRC66557> heapfun4u is 'use after free bug'?
[20:06:24] <esanfelix> so eflags and return to the heap directly
[20:06:29] <Admir4l> what ? 
[20:06:31] <ricky> Whaaaaa
[20:06:34] <esanfelix> to another chunk
[20:06:34] <ricky> We screwed up math
[20:06:35] <ltfish> b1o0p = blue-lotus + 0ops
[20:06:36] <ricky> Noooo
[20:06:37] <esanfelix> so probably way easier
[20:06:40] <[SaH]NGG> will we be qualified for the finals with 10th place? :)
[20:06:44] <esanfelix> than what you guys did?
[20:06:46] <jinmo123> I used jmp rsp gadget
[20:06:50] <jinmo123> it was fun
[20:06:52] <computerality> thanks for the challenges
[20:06:55] <ricky> Sigh
[20:07:07] <[SaH]NGG> does bloop count towards the 8 qualified teams?
[20:07:14] *** Quits: mandlebro (~ben@2001:690:2100:1b:51f9:7e18:fd52:732) (Client Quit)
[20:07:18] <jinmo123> 'cause we could modify values around [esp]
[20:07:25] <jinmo123> from input directly
[20:07:30] <Admir4l> wish spam&hex qualifief :D
[20:07:34] <Admir4l> qualified ;) 
[20:07:44] <Admir4l> i want SMAPANDHEX to qualif to DEFCON 24
[20:07:45] <Admir4l> :D
[20:07:48] <dave0x6d> hey, so for step, what was the "correct" way of solving it?
[20:07:49] <wyatt_earp> the music.legitbs.net site was pretty awesome as well, kudos on that
[20:07:50] <Admir4l> they will !!
[20:07:53] <[SaH]NGG> thx :)
[20:08:01] <dave0x6d> I got stuck at a ton of 'add     byte ptr [rax], al'
[20:08:06] *** Joins: WebIRC37424 ([email protected])
[20:08:08] <Admir4l> are you spamandhex member NGG
[20:08:11] <gynophage> music.legitbs.net ate my final countdown.
[20:08:13] <gynophage> It is dead to me.
[20:08:15] *** Quits: patcdr ([email protected]) (Client Quit)
[20:08:21] <WebIRC37424> How many teams go to the final?
[20:08:21] <Ymgve> crippled solution: http://pastebin.com/WFtQf59B
[20:08:31] <[SaH]NGG> yes
[20:08:35] <timpwn> what was the vulnerability in kiss?
[20:08:40] <dave0x6d> managed to get it to segfault it with 2eea b330, 1b80 0853 and 25b7 7d08.
[20:08:40] *** [SaH]NGG is now known as [SpamAndHex]NGG
[20:09:10] *** Joins: repnzscasb ([email protected])
[20:09:16] <ar1s> what are the teams already qualified? PPP, Defktor and that's all ?
[20:09:18] *** Quits: WebIRC63991 ([email protected]) (Client Quit)
[20:09:27] <csec> heap
[20:09:29] <[SpamAndHex]KT> ar1s: PPP not
[20:09:31] *** Quits: WebIRC40217 ([email protected]) (Client Quit)
[20:09:31] <[SpamAndHex]AKG> PPP was not
[20:09:33] <WebIRC66557> is there write up of heapfun4u?
[20:09:33] <vito> ar1s: https://legitbs.net/
[20:09:34] <[SpamAndHex]NGG> half of bloop
[20:09:35] <mak> exploit for glados anyone? 
[20:09:42] <zardus> thank you, legitbs, as always. see you in vegas!
[20:10:05] <gynophage> zardus: We'll see you from the stage as we announce the winner.
[20:10:08] <mserrano> mak: you can use the fact that it will sometimes call `free` on an uninitialized pointer to create an arbitrary write primitive
[20:10:09] <[SpamAndHex]AKG> mak, we found out the real vuln 35 minutes ago
[20:10:23] <zardus> :-)
[20:10:27] <ar1s> we're #11 :( good luck at vegas guys
[20:10:35] <mak> heh we have a bug, but i wasn't sure i can exploit it
[20:10:40] <b2xiao> Ymgve: Huh, I didn't realize the cap structure could be stabilized
[20:10:48] <mak> mserrano: wasn't free protected?
[20:10:54] *** Quits: FADEC0D3 ([email protected]) (Ping timeout: 240 seconds)
[20:10:58] <[SpamAndHex]KT> <gynophage> do you know whether b1o0p is prequalified as blue-lotus or not? (b1o0p = blue-lotus + 0ops)
[20:10:58] <mserrano> protected how?
[20:11:11] *** Joins: at1as ([email protected])
[20:11:12] <at1as> great game, all!
[20:11:12] <vito> they are prequalified
[20:11:19] <mserrano> b2xiao actually wrote the exploit iirc so he probably has the real answers :P
[20:11:29] <mak> normal libc checks?
[20:11:32] <[SpamAndHex]AKG> vito, cool then it means we are qualified as well?
[20:11:35] <b2xiao> Ymgve: we ended up doing b3s23 using only still lifes
[20:11:37] <gynophage> [SpamAndHex]KT: All those details will shake out soon.
[20:11:37] <[SpamAndHex]AKG> (#10)
[20:11:39] <b2xiao> http://pastebin.com/kfvGZykb
[20:11:42] <spq> mak: core #7 didnt init its data ptr and free'd it on destroy even when len was 0 (all other positions checked for len != 0)
[20:11:45] <Ymgve> b2xiao: what cap structure?
[20:11:52] *** Quits: WebIRC76102 ([email protected]) (Client Quit)
[20:11:53] <gynophage> I don't want to go promising anybody any spots until after we've slept and looked over the database.
[20:11:53] <vito> [SpamAndHex]AKG: don't want to commit until i've looked at my spreadsheet and not in the mood rn
[20:11:59] <jinmo123> woah,
[20:12:16] <[SpamAndHex]AKG> vito, okay
[20:12:37] <hbw> so for crunchtime, once you set the direction flag... then what?
[20:12:40] <mak> spq: can you share exploit?
[20:12:44] <b2xiao> .XX. X..X XXXX
[20:12:46] <b2xiao> you used the inverse
[20:12:52] <b2xiao> but that's apparently called "cap"
[20:12:54] *** Quits: sirgoon ([email protected]) (Ping timeout: 240 seconds)
[20:13:18] *** Joins: jordan ([email protected])
[20:13:45] <jordan> any hint for easier to deal with the uninitialized stack variable ?
[20:13:45] *** Joins: sirgoon ([email protected])
[20:13:45] *** ChanServ sets mode: +o sirgoon
[20:13:51] <Ymgve> b2xiao: stable because it's on the edge
[20:13:56] <uri> was there a simple solution for kiss? our solution was rather messy
[20:13:59] <spq> mak: nope, only found the vuln - after i slept it was solved :>
[20:14:01] <ricky> hbw: was that the crc one? You make generate crc go backwards and overwrite pc
[20:14:03] <Ymgve> I had to use the "H" structure later
[20:14:16] <P1kachu> https://twitter.com/0xP1kachu/status/734537663387205632 #baby re writeup :)
[20:14:18] *** Joins: WebIRC71010 ([email protected])
[20:14:25] <hbw> ricky: whoaaaaa, that's neat! hahaha
[20:14:25] <b2xiao> Ymgve: yeah, I see that. neat
[20:14:32] <jinmo123> @b2xiao cool
[20:14:39] <spq> mak: robbje should have the exploit if you cant find one
[20:14:43] *** Quits: ReidB ([email protected]) (Read error: Connection reset by peer)
[20:14:55] <niklasb> so how did y'all solve kiss?
[20:15:03] <b2xiao> so I don't know what to think about using old challenges
[20:15:09] <vito> P1kachu: haha wow
[20:15:19] <Lightning> rop via ld and libc after getting known control of the deref
[20:15:22] <WebIRC22159> gynophage: legit04_patch was broken?
[20:15:31] <Lightning> mine stack pivot’d to system()
[20:15:39] <b2xiao> on the one hand it's a cute idea, on the other it feels weird seeing previously-solved challenges
[20:15:41] *** Joins: lefu ([email protected])
[20:15:42] <b2xiao> oh well
[20:15:50] <Murmus> Lightning: how do you get something into rsp?
[20:15:53] <Lightning> b2xiao: they all had bugs that were removed as the original bugs hadn’t been used
[20:16:04] <vito> https://www.irccloud.com/pastebin/RSZNNPsU/baby_re_vito.py
[20:16:04] <spq> how did crunchtime work?
[20:16:05] <Lightning> murmus: mov rsp, rbx in ld
[20:16:05] *** Quits: WebIRC71010 ([email protected]) (Client Quit)
[20:16:06] <[SpamAndHex]AKG> Murmus, which challange?
[20:16:07] <b2xiao> Lightning: I reused my bug from DC2015
[20:16:15] <b2xiao> so that bug wasn't removed
[20:16:22] <niklasb> Lightning: rop with esp=0??
[20:16:26] <vito> P1kachu: i used binary ninja to find the avoid addresses which was 2ez
[20:16:30] <Lightning> spq: flip direction bit in flags so the crc writing will write the wrong direction on the stack giving control of eip
[20:16:32] <vito> but yeah it took me like a day of looking at it on and off
[20:16:38] <b2xiao> err, for secrfrevenge
[20:16:48] <niklasb> Lightning: what is the gadget? and did we need to guess libc?
[20:16:49] <Murmus> mak: I've got an example to trigger the bug, but wasn't able to turn it into a full exploit before hands
[20:16:53] <Ymgve> how did you identify the version of ld and libc for kiss? just assumed it was the same as in other pwns?
[20:16:55] <Lightning> i removed the single eip overwrite that most (all?) used on crunchtime the first time aroun
[20:17:06] <P1kachu> vito: Ahah ! I didn't have much time to solve this year sadly 
[20:17:07] *** Joins: Sceptic ([email protected])
[20:17:09] <mak> Murmus: kinda similar as i
[20:17:10] *** Joins: FADEC0D3 ([email protected])
[20:17:13] <Lightning> niklasb: both libc and ld are at a known offset from the binary, per linux library load design
[20:17:14] <spq> Lightning: hm, ok - thought about that but only tried to overwrite heap structures
[20:17:20] <b2xiao> Lightning: yeah we saw that, actually the df-based exploit is much cuted
[20:17:22] <mak> but i give up, sice i started looking at it 1h ago
[20:17:23] <b2xiao> cuter
[20:17:23] <Lightning> so if you know where the binary is you know where they are without any extra leaks
[20:17:26] <b2xiao> so I liked that one
[20:17:28] <P1kachu> vito: so angr was really helpful
[20:17:33] <niklasb> Lightning: but it depends on libc and OS version...
[20:17:41] <jinmo123> and CRC table was slightly modified right?
[20:17:51] <niklasb> also, how to get the stack pivot? we didn't find any gadgets in the binary or heapfun's libc
[20:17:52] <Murmus> yeah. I see how to do it, and have a whiteboard drawing of turning it something useful, but couldn't quite get everything lined up
[20:17:53] <b2xiao> jinmo123: I think the CRC table was standard but the constant was different
[20:17:57] <ar1s> Lightning: we observed that it was only true on a few distributions, including ubuntu 14.04
[20:17:58] *** Quits: whoisj0hngalt ([email protected]) (Client Quit)
[20:17:59] <hj> i am curious about their traffic analysis for this weekend
[20:18:05] <b2xiao> usually it starts with 0xffffffff
[20:18:09] <Lightning> niklasb: libc offset is purely from size, unlike some competitions we try to keep our OS’s stable and common across all
[20:18:13] <hj> heapfun didn not need a stack pivot
[20:18:14] <b2xiao> also: where's my pretty graphs of scores over time
[20:18:15] <jinmo123> @b2xiao ah then my mistake
[20:18:19] <hj> the heap was executable
[20:18:19] *** Quits: WebIRC37424 ([email protected]) (Client Quit)
[20:18:23] <b2xiao> I want to see the scores going down towards the end :P
[20:18:24] *** Quits: ltfish ([email protected]) (Ping timeout: 240 seconds)
[20:18:28] <Lightning> so it is easy enough to know, and if not know at least guess as amazon has only certain things that are quick to spin
[20:18:29] <ar1s> niklasb: r_movrsp = 0x001698B
[20:18:47] <jinmo123> it felt really cool when I could use jmp rsp for pwning chall
[20:18:55] <jordan> any hints for easier :'( ?
[20:19:06] <jordan> what was the deal with the uninit stack variables
[20:19:08] *** Quits: shivanshu ([email protected]) (Ping timeout: 252 seconds)
[20:19:09] <jordan> ?
[20:19:10] <mak> btw, was it only me or there was something wrong with /bin/sh on most pwns?
[20:19:19] <WebIRC22159> mak: see topic. it's busybox
[20:19:36] <niklasb> ar1s: could you tell me which libc that was?
[20:19:39] <jinmo123> ah
[20:19:42] <gynophage> execve with a NULL 2nd argument in busy box is bad.
[20:19:44] <jinmo123> argv[0] was important so..
[20:19:45] <ar1s> niklasb: eglibc from ubuntu 14.04
[20:19:47] <soen> what were people's approaches to solving easier?  I was using z3 for enc /dec , was there a way to reduce the math?
[20:19:56] <niklasb> ar1s: and you guessed which libc it was?
[20:19:56] <sigtrap_> I'm curious how many teams had a crs for the cgc challenges, and how many challenges were solved automatically
[20:20:05] <niklasb> because other libc's didn't have that gadget I think
[20:20:06] <b2xiao> soen: it's just XTEA with modified constant
[20:20:06] <gynophage> sigtrap_: You did.
[20:20:07] <gynophage> :-p
[20:20:12] <gynophage> How did that work out for you?
[20:20:13] <WebIRC22159> samurai solved all the cgc without a crs
[20:20:15] <Lightning> busybox uses the argument to know what to do, a null argument to the 2nd param of execve results in busybox not knowing what program you are trying to run
[20:20:21] <sigtrap_> lol I didn't, I was the crs
[20:20:27] <ar1s> niklasb: from another vuln in a different service,+ historically legitbs uses ubuntu LTS & same distro everywhere
[20:20:29] <mak> WebIRC22159: was it available during ctf?
[20:20:30] <Lightning> so execve(“/bin/sh”, {“/bin/sh”, 0}, 0); is proper
[20:20:41] <gynophage> Lightning: It's worse than that.
[20:20:45] <soen> b2xiao: oh! thanks...I didn't recognize that when reversing
[20:20:47] <mak> yeah but execve("/bin/sh",0,0) isn't
[20:20:49] <niklasb> ar1s: ok thanks
[20:20:53] <gynophage> busybox actually derefs NULL
[20:20:54] <[SpamAndHex]NGG> we solved all cgcs without crs as well
[20:20:58] <b2xiao> yeah they deliberately made it hard to google by changing const
[20:21:14] *** Quits: L0rdComm4ander (~Adium@2001:690:2100:1b:f031:ba59:a048:5920) (Client Quit)
[20:21:17] <jinmo123> what's crs?
[20:21:20] *** Quits: digitalseraphim ([email protected]) (Ping timeout: 252 seconds)
[20:21:39] <sigtrap_> buzzword reasoning system
[20:21:48] <[SpamAndHex]NGG> cyber reasoning system (what they have to make for the darpa challenge)
[20:21:55] <Ymgve> wizard reasoning system
[20:22:03] <jinmo123> ah
[20:22:04] <vito> https://blog.legitbs.net/p/cgc-glossary.html
[20:22:10] <[SpamAndHex]AKG> actually we installed the vm with vagrant 2 days ago
[20:22:23] <WebIRC22159> didn't use the vm :)
[20:22:24] *** Quits: FADEC0D3 ([email protected]) (Ping timeout: 240 seconds)
[20:22:31] <jinmo123> thanks
[20:22:39] <vito> [SpamAndHex]AKG: unless you solved all 1000 cuts by hand, you have a baby crs
[20:22:40] <sigtrap_> yeah I installed vagrant and the decree vm around 4pm yesterday lol
[20:22:42] <ar1s> btw the patched version of Legit_00004 that I submited failed tests, so I submited the unpatched one. It scored :)
[20:22:42] <b2xiao> haha
[20:22:43] <Lightning> more questions?
[20:22:45] *** Quits: selir ([email protected]) (Client Quit)
[20:22:53] <riatre> haha yes
[20:22:53] <mak> ar1s: same here;]
[20:22:54] <WebIRC22159> vito: someone fuzzed it and used strings I think
[20:23:00] <WebIRC22159> so...
[20:23:05] <b2xiao> WebIRC22159: pretty much what ours does
[20:23:09] <jinmo123> I'm really curious about secrfrevenge
[20:23:14] <WebIRC22159> I wrote a real solver but they were faster
[20:23:14] <riatre> Submitting the original LEGIT_00004 binary scored.
[20:23:19] <b2xiao> jinmo123: it's nastay
[20:23:19] <WebIRC22159> yep ^^^^
[20:23:21] <Ymgve> was there a way to solve legit_2 with pure XML?
[20:23:28] <jinmo123> wrote exploit for packet but couldn't write encoder
[20:23:34] <jinmo123> I hate it
[20:23:34] <[SpamAndHex]NGG> we used strings and bruteforced the offsets for 1000cuts
[20:23:37] <sigtrap_> did everyone go for a type2 POV on legit2?
[20:23:39] <[SpamAndHex]AKG> vito, thats right, a few lines of python :)
[20:23:46] <ar1s> Ymgve: I think I did
[20:23:50] <Ymgve> sigtrap_: was there any other way
[20:24:06] <niklasb> ar1s: 
[20:24:10] <niklasb> sorry
[20:24:15] *** Quits: aradia ([email protected]) (Remote host closed the connection)
[20:24:15] <b2xiao> [SpamAndHex]NGG: yep, best way
[20:24:22] <sigtrap_> that's what I'm curious about Ymgve
[20:24:31] <WebIRC41899> Is it top 10 for finals?
[20:24:39] <b2xiao> top 8 who haven't already qualed
[20:24:46] <jinmo123> I couldn't the RF protocol for secrf
[20:24:48] <WebIRC22159> and bloop qual'd
[20:24:51] <timpwn> The solver I wrote for 334 cuts also worked unmodified on 666 and 1000
[20:24:58] <timpwn> Binary analysis
[20:25:05] <niklasb> timpwn: yep same. I don't know what progression they had in mind
[20:25:08] <Admir4l> :'(
[20:25:10] <Admir4l> fuck 
[20:25:15] <Lightning> top 8 that qualified that aren’t already pre-qualified
[20:25:18] <Ymgve> I had to modify the .c program to do a negation so you could have TYPE2_ADDR ^ 0xffffffff and then TYPE2_ADDR
[20:25:19] <Admir4l> i'm tired  
[20:25:22] <b2xiao> jinmo123: it's FSK, 40 cycles per bit, 1300Hz for a 1 and 2100Hz for a 0
[20:25:22] <Admir4l> with 0 pts 
[20:25:25] <sigtrap_> and I didn't use XML b/c I had no idea how to do arithmetic expressions in the xml
[20:25:30] <Lightning> we have to contact the teams, etc
[20:25:33] <jinmo123> aww, meh, rar...
[20:25:34] <Admir4l> i found baby-re in the last minute 
[20:25:34] <niklasb> timpwn: was it any smart? because mine was just dumbest possible fuzzing with a hook in strcmp
[20:25:39] <Admir4l> but not solved
[20:25:40] <Admir4l> :'(
[20:25:42] <johncool> actually what are the differences between 334/666/1000 ? 
[20:25:43] <ar1s> Ymgve: I paste my xml if you want
[20:25:56] <sigtrap_> ar1s: I'd also be interested
[20:25:58] <niklasb> johncool: 334 hat strcmp at a constant address, 666 vs 1000 I have no idea
[20:26:01] <Ymgve> ar1s: well not in the channel :)
[20:26:05] <b2xiao> to get I plotted the freq response of the two IIR filters
[20:26:13] <Ymgve> pastebin it
[20:26:13] <b2xiao> *to get that
[20:26:17] <ar1s> Ymgve: http://pastebin.com/gM2SJRhu despite the name it's for legit00002
[20:26:28] <b2xiao> and then just did the sin generator with the right frequencies
[20:26:31] <timpwn> niklasb: moderately smart - followed calls from start to vulnerable func, parsed out the buffer and canary offsets (and canary), made crash string - 100% accuracy
[20:26:41] <timpwn> niklasb: this was all static analysis, no need to run the binary
[20:27:01] <niklasb> ok nice
[20:27:06] <Ymgve> ar1s: what is that address at the end?
[20:27:07] <niklasb> did you use angr or something?
[20:27:08] <sigtrap_> ar1s: so you don't use a TYPE2_ADDR?
[20:27:10] <b2xiao> johncool: IIRC between 334 and 666 they added a bunch of random crap that made your exploit fail if you only overwrote LSB of PC
[20:27:11] <riatre> Are there automatical solutions to b3/s23?
[20:27:12] *** Quits: WebIRC1712 ([email protected]) (Client Quit)
[20:27:25] <riatre> Or everyone solved it by hand..
[20:27:31] <ar1s> I hardcoded TYPE2_ADDR
[20:27:32] <Lightning> riatre: i did still life by hand for my solution
[20:27:34] <timpwn> niklasb: just pwnlib. i wouldn't want to use it for anything more complex!
[20:27:39] <withzombies> i scripted my 2000 cuts solution wth binary ninja
[20:27:42] <b2xiao> riatre: we did still life by hand
[20:27:44] <withzombies> and it worked across all the challenges
[20:27:51] <Ymgve> ar1s: how did you get TYPE2_ADDR out of the verifier?
[20:27:51] <jinmo123> me too
[20:27:52] <Lightning> my still life setup called read() into the buffer that is executing
[20:27:54] <withzombies> i was sad when the 1000 cuts challenge only asked for 2 strings
[20:28:00] <withzombies> 10*
[20:28:01] <b2xiao> Lightning: ours too
[20:28:08] <jinmo123> but didn't expected it for 101 pattern
[20:28:11] <WebIRC22159> solved *cuts using ida batch mode and string manipulation
[20:28:18] <Ymgve> Lightning: same way I did it
[20:28:25] <sigtrap_> withzombies: my 334 solution was a bit naieve, assumed a static addr for a func, but once I fixed it to be based off xrefs to the hacker detected string, it worked across all 3 as well
[20:28:33] <ar1s> oh ok. I exported the xml to a .c with pov-xml2c then compiled and submited the bin
[20:28:44] *** Joins: structure ([email protected])
[20:28:45] <sigtrap_> naive* even
[20:28:46] <ar1s> I didn't think submitting xml only would work
[20:28:52] *** Quits: gym (~S_a_H][email protected]) (Client Quit)
[20:28:58] <niklasb> wow Ymgve you're clearly better in shellcoding than I am if you fit getpc + read in there
[20:28:59] <dvx> b2xiao: you just switched between the 2 oscillators? of same amplitude?
[20:29:01] <Lightning> the state space blows up otherwise. the original design was 3x as large screen area until i recompiled the binary with various optimizations and shuffled things resulting in more usable values in the registers
[20:29:01] <sigtrap_> withzombies: did you just scan for the first 3 lea's?
[20:29:01] <niklasb> how much bytes is it?
[20:29:06] <b2xiao> dvx: yes
[20:29:08] <withzombies> sigtrap_: no
[20:29:13] <Lightning> that let me shrink the space and wrap it a bit to avoid the 8 byte alignment for the fun
[20:29:16] <Admir4l> who can help me for understand baby-re good ? 
[20:29:19] <Admir4l> :-D
[20:29:20] <b2xiao> here's my secrf exploit
[20:29:21] <b2xiao> https://www.dropbox.com/s/ucdscd4ag97jppz/exploit.wav?dl=0
[20:29:23] <b2xiao> :P
[20:29:24] <Admir4l> :-)
[20:29:25] <Ymgve> niklasb: why getpc? it's already in rbx (last pixel you wrote to)
[20:29:27] <dave0x6d> Admir4l: I posted mine.
[20:29:30] <withzombies> I did it on stack frame sizes and number of calls (to see if the string was inlined)
[20:29:37] <niklasb> Ymgve: hm ok I missed that I guess
[20:29:38] <niklasb> thanks
[20:29:46] <dvx> damn... didn't get the 0 freq right
[20:29:46] <niklasb> goddamit
[20:29:46] *** Quits: jordan ([email protected]) (Client Quit)
[20:29:50] <sigtrap_> I was way too lazy for that
[20:29:58] <jinmo123> wrote ROP payload for that but couldn't exploit
[20:30:04] <dave0x6d> ^ my life.
[20:30:19] <c3> any libc only solution for kiss?
[20:30:20] <b2xiao> jinmo123: which team are you on, out of curiousity
[20:30:26] <Ymgve> how did people solve crippled btw?
[20:30:26] <jinmo123> I dont know!!
[20:30:39] <borski> b2xiao: what was the script you used to solve it?
[20:30:39] <jinmo123> joke
[20:31:26] *** Joins: WebIRC63991 ([email protected])
[20:32:08] *** Quits: structure ([email protected]) (Client Quit)
[20:32:17] <Lightning> Ymgve: writing small test apps
[20:32:30] <Lightning> i took a simple compiler and stripped a few things out then shuffled all the math ops
[20:32:58] <Lightning> but the write() function was valid (per the example given to show that existed), that way you could write the binary back to yourself to find that i was mucking with your math ops
[20:33:18] <spq> Ymgve: well, rop into write with a return_read_syscall_nr function before that
[20:33:26] *** Quits: WebIRC63991 ([email protected]) (Client Quit)
[20:33:29] <Ymgve> was there some way to do pure asm or overwrite main()?
[20:33:31] <Lightning> spq: yep
[20:33:43] <Lightning> Ymgve: nope, no pure asm, no #define, no #include, i stripped all that
[20:33:43] <Ymgve> when I overwrote things in global scope it just seemed to hang
[20:34:05] <Lightning> the compiler is very simple. it isn’t gcc or llvm so any of the more complex things can hang the compiler
[20:34:07] <spq> Lightning: i only found + and - being switched ^^
[20:34:14] <Ymgve> spq: you actually messed with the stack?
[20:34:19] <withzombies> sigtrap_: really? binja just lets me query them and i knew the next reference over 21 (the size of the buffer for the canary string) was the size of the buffer you overflowed
[20:34:31] <Lightning> Ymgve: could you message me a simple example of that? I was seeing an odd pointer inf loop during compiling but never had traffic to find what did it
[20:34:39] <wyatt_earp> Lightning: one of our guys was super disappointed when using write to overwrite 1 byte in write() via assignment didn't work
[20:34:41] <Lightning> and being we ran everything in memory there was no file to pull
[20:34:43] <withzombies> then reading out the string was easy on the memcmp
[20:34:53] *** Joins: WebIRC71010 ([email protected])
[20:35:19] <spq> Ymgve: well, int a;int *b = &a;b[-2] = ret_gadget; or something like that returned into the parent function which had a int rop[32]; array
[20:36:03] <spq> most probably an array alone was enough but that worked and i didnt touch it again :>
[20:36:11] <Lightning> spq: depended on the setup. the actual assembly was randomized when interacting with things but fixed were not swapped as much due to multi-level function parsing for math operation order
[20:36:17] <Ymgve> Lightning: don't have it saved, but it was basically doing int foo(){} then char* foo = "dsadsdas";
[20:36:36] <Ymgve> spq: I did http://pastebin.com/WFtQf59B
[20:36:39] <Lightning> ok, gives me an idea of how to cause trouble as i’d like to fix it :)
[20:36:57] <johncool> ok guys time to sleep here, thanks for the ctf ! See you next year 
[20:37:09] *** Quits: WebIRC41899 ([email protected]) (Client Quit)
[20:37:12] <Ymgve> dummy function to set up stack, return value from dummy goes into eax, then call write+5 to skip the eax setup
[20:37:17] *** Quits: SallyCroak ([email protected]) (Client Quit)
[20:37:24] *** Quits: csec ([email protected]) (Ping timeout: 240 seconds)
[20:37:38] <Lightning> cya johncool 
[20:37:47] *** Quits: WebIRC66970 ([email protected]) (Client Quit)
[20:37:55] <Lightning> Ymgve: that is similar to what i did
[20:38:12] *** Joins: digitalseraphim ([email protected])
[20:38:15] <sigtrap_> withzombies: I was just so lazy that I did NextHead until GetDisasm contained a lea, first was offset of the oflow buf, 2nd was the canary string, 3rd was offset of canary buff
[20:38:27] *** Quits: [SaH]vasporig ([email protected]) (Client Quit)
[20:38:37] *** Quits: add1ct ([email protected]) (Read error: Connection reset by peer)
[20:38:41] <spq> Ymgve: http://sprunge.us/TWiC
[20:38:52] <spq> very dirty, didnt clean up after i got the flag :>
[20:39:10] <b2xiao> hehe
[20:39:14] <b2xiao> we just called write+5
[20:39:24] <b2xiao> which because of silly operator crap we wrote as write-7
[20:39:38] <Lightning> :D
[20:39:44] <Lightning> it was crippled/broken
[20:40:05] <Ymgve> look at this garbage https://github.com/legitbs/quals-2016/blob/master/crippled/neatcc.patch
[20:40:08] <withzombies> sigtrap_: i called .stack_layout on my function object ;)
[20:40:24] <Lightning> :)
[20:40:27] <Lightning> look at neatld
[20:40:33] <Lightning> i added in randomizing of the static base
[20:40:34] <sigtrap_> that must've been nice to have :x
[20:41:01] *** Joins: add1ct ([email protected])
[20:41:19] <spq> i expected the compiler to be much more broken so did not try to call write+5 (or -7) so tried the rop directly :>
[20:41:33] *** Quits: gael (~gael@2a01:e34:ec02:c450:c549:5f31:7810:8596) (Client Quit)
[20:41:46] <Lightning> ok, unless you guys have anything else for me i think i’ll start winding down
[20:42:06] *** Quits: uri ([email protected]) (Client Quit)
[20:42:36] *** Quits: [SpamAndHex]AKG ([email protected]) (Ping timeout: 252 seconds)
[20:42:55] <Ymgve> I also learned to use capstone in this ctf!
[20:43:16] <Ymgve> did it to easily find instruction length in stage 2 of "step"
[20:43:45] *** Quits: WebIRC71010 ([email protected]) (Client Quit)
[20:43:56] *** Joins: WebIRC71010 ([email protected])
[20:44:25] *** Quits: WebIRC71010 ([email protected]) (Client Quit)
[20:44:29] <b2xiao> Lightning: so much swapping
[20:44:53] <Lightning> would you have preferred i put 6 months of effort into 1 thing instead of 6? :)
[20:45:01] *** Joins: WebIRC63991 ([email protected])
[20:45:10] *** Joins: WebIRC71010 ([email protected])
[20:45:39] *** Quits: WebIRC71010 ([email protected]) (Client Quit)
[20:45:59] <b2xiao> Ymgve: IDA: "ItemSize" + patchbytes in a loop
[20:46:11] *** Quits: rhydis ([email protected]) (Ping timeout: 252 seconds)
[20:46:19] <Ymgve> b2xiao: some day, I'll learn to use IDA scripting
[20:46:41] <Admir4l> me too :'(
[20:46:56] <spq> Ymgve: i wrote a sigaction ld preload .so
[20:47:14] <Lightning> i’m off, if you guys have questions then read a writeup or go look at github source
[20:47:24] <spq> which intercepted the signal handler and dumped the rip
[20:47:27] *** Quits: dvx ([email protected]) (Remote host closed the connection)
[20:47:32] *** Joins: fish__ ([email protected])
[20:47:43] <b2xiao> spq: haha nice
[20:47:46] <b2xiao> that's a cute solution
[20:47:47] *** Quits: Lightning ([email protected]) (Client Quit)
[20:48:24] <sigtrap_> gg guys, thanks legitbs ppl, wish I could've played the whole time
[20:48:33] <b2xiao> IDA scripting is so easy though
[20:48:37] <b2xiao> if you know Python
[20:48:38] <b2xiao> http://pastebin.com/akk42scf
[20:48:39] <fish__> guys, is there a solution to easier?
[20:48:46] <b2xiao> that's pretty much all we had
[20:49:29] <fish__> b2xiao: I manually fixed all those xor'ed bytes
[20:49:46] <Ymgve> fish__: I started doing that for one function but then I saw there were lots more
[20:49:58] <q3k> here's my super advanced cyber security autosploiter for [0-9]{1,3} cuts: https://paste.q3k.org/paste/6Q6nXGB6#a48pToKHkSf7b6+9gq1bxHa4nWjN7WBJCaPX6NaoFOP
[20:50:05] <Ymgve> for everyone who liked time_waster https://www.youtube.com/watch?v=2Vguvli1Y0k
[20:50:05] <q3k> ida pro automation is best automation
[20:50:20] <vito> YES thanks Ymgve 
[20:50:55] <q3k> can I haz DERPA monies now????
[20:50:56] <Ymgve> I spent _hours_ trying to get a glimpse of those purple letters
[20:50:59] <b2xiao> nice
[20:51:03] <aterribleloss> anyone have a drver for feedme I seem to be missing a something in mine, just stuck cheacking for canaries
[20:51:08] <b2xiao> q3k: that's a very nice script
[20:51:50] *** Joins: ltfish ([email protected])
[20:52:36] <gynophage> aterribleloss: I do.
[20:52:57] <gynophage> Did we miss something in the github publish?
[20:53:19] <niklasb> heh that demo is from my town :( but still I wasn't able to run it 
[20:53:54] *** Quits: fish__ ([email protected]) (Ping timeout: 240 seconds)
[20:53:58] <aterribleloss> ill check
[20:55:01] <[w33]Luwenth> I can't be
[20:55:18] <b2xiao> secrf exploit: https://www.dropbox.com/sh/occqsi0krd2pv3i/AADR4FWuj34wqIDMPE4NIXk2a?dl=0
[20:55:36] <[w33]Luwenth> be-lieve that it took me that long of looking at that problem to get the solution.  :(   I so totally need to practice more so I don't get this rusty year-over-year
[20:57:53] *** Quits: bool101 ([email protected]) (Client Quit)
[20:58:31] *** Joins: bool101 ([email protected])
[20:58:50] <spq> aterribleloss: http://sprunge.us/hcFJ
[20:59:39] <WebIRC66557> https://2016.legitbs.net/scoreboard/complete is down?
[20:59:46] <q3k> b2xiao: I got stuck trying to understand the DSP functions :<
[20:59:47] <Admir4l> yes
[20:59:53] <gynophage> Yes.
[20:59:59] <WebIRC66557> it will be comeback?
[21:00:03] <gynophage> No.
[21:00:08] <WebIRC66557> :(
[21:00:16] <WebIRC66557> i want to check my rank
[21:00:21] <spq> again, not very clean - tried the autogenerated ropchain (with /bin/sh argv[0] = 0) which didnt work remotely so thought stack would be too short - so i used a stack pivot and 2 stages
[21:00:21] <q3k> b2xiao: I got to some sort of FSM, but couldn't understand the magic between samples -> input to FSM
[21:00:29] <spq> aterribleloss: ^
[21:00:38] <WebIRC66557> is there any plan to announce entire rank?
[21:00:43] <WebIRC22159> no
[21:00:53] *** Quits: c21 ([email protected]) (Client Quit)
[21:01:24] <[SpamAndHex]KT> http://pastebin.com/kHvEqqRa
[21:01:36] <[SpamAndHex]KT> @<WebIRC66557> ^^
[21:01:51] <WebIRC66557> thank you!
[21:02:29] <b2xiao> q3k: so the pipeline is samples -> noise added -> IIR filters for frequencies -> bits -> bit periods -> FSM input
[21:02:52] <q3k> b2xiao: okay, so these were IIR filters
[21:02:53] <b2xiao> where the data is encoded FSK (1300Hz=1, 2100Hz=0), with 40 samples per bit
[21:03:06] *** Joins: fish (~fish@2600:3c01::f03c:91ff:fe73:12d0)
[21:03:08] <b2xiao> yeah the pair of functions that shift a bunch of BSS vars around
[21:03:15] <b2xiao> and then multiply by a bunch of constants
[21:03:21] <q3k> b2xiao: I got that it moved shit around wiht constan...
[21:03:23] <q3k> yeah.
[21:03:31] <q3k> but I couldn't know what it was, not enough math/DSP background :<
[21:03:39] <q3k> b2xiao: nice exploit.
[21:03:56] <aterribleloss> spq: thanks for the info
[21:04:53] *** Quits: dqi ([email protected]) (Ping timeout: 252 seconds)
[21:07:52] <spq> was there an easier writeup posted?
[21:08:41] <spq> it was intentionally full of useless bugs, right?
[21:09:55] *** Quits: Sceptic ([email protected]) (Client Quit)
[21:10:01] <spq> was the diffie hellman code in the beginning actually usefull? i couldnt see where the session secret was used afterwards...
[21:11:02] *** Quits: jinmo123 ([email protected]) (Client Quit)
[21:11:06] <b2xiao> spq: it wasn't
[21:11:10] <b2xiao> key = {1,2,3,4}
[21:11:18] <b2xiao> DH stuff appears to have been red herring
[21:11:38] <fish> there's DH and TEA
[21:11:51] <fish> just to make reversing people happy I guess?
[21:11:52] * gynophage twiddles thumbs
[21:15:01] *** Quits: n00000b ([email protected]) (Client Quit)
[21:15:27] *** Quits: lolz ([email protected]) (Client Quit)
[21:15:34] * b2xiao goes back to reviewing papers
[21:15:48] * zardus gets back to writing papers
[21:15:51] *** Joins: n00000b ([email protected])
[21:17:10] *** Quits: dapan ([email protected]) (Client Quit)
[21:18:58] *** Quits: Gorge0us ([email protected]) (Quit: Hackint WebIRC - http://hackint.org/)
[21:20:36] *** Joins: Gorge0us ([email protected])
[21:24:43] *** Quits: bigred ([email protected]) (Client Quit)
[21:25:16] *** Quits: n00000b ([email protected]) (Client Quit)
[21:25:36] *** Joins: wh (~960@2400:dd01:1001:112:9c76:4b4d:c5f5:ac2d)
[21:26:09] *** Quits: WebIRC42855 ([email protected]) (Client Quit)
[21:26:20] *** Joins: n00000b ([email protected])
[21:27:51] *** Quits: n00000b ([email protected]) (Client Quit)
[21:29:53] *** Quits: WebIRC52470 ([email protected]) (Client Quit)
[21:32:20] *** Joins: WebIRC25733 ([email protected])
[21:33:15] *** Quits: b2xiao ([email protected]) (Client Quit)
[21:33:30] *** Joins: lolz ([email protected])
[21:33:35] *** Joins: tyega ([email protected])
[21:35:19] *** Quits: ltfish ([email protected]) (Ping timeout: 252 seconds)
[21:36:34] *** Quits: WebIRC66557 ([email protected]) (Client Quit)
[21:36:50] *** Joins: WebIRC76102 ([email protected])
[21:39:20] <vito> gets back to toilet paper
[21:39:48] <Admir4l> by�
[21:39:50] <Admir4l> all
[21:39:53] <Admir4l> good night :) 
[21:40:38] *** Quits: WebIRC76167 ([email protected]) (Client Quit)
[21:40:40] <gynophage> One more thing:
[21:40:41] <gynophage> https://hub.docker.com/r/legitbs/
[21:40:42] <gynophage> <3
[21:41:15] <Admir4l> <3
[21:43:23] *** Quits: cybint1122 ([email protected]) (Ping timeout: 252 seconds)
[21:45:07] *** Quits: WebIRC25733 ([email protected]) (Client Quit)
[21:47:04] *** Joins: WebIRC61265 ([email protected])
[21:47:36] *** Joins: WebIRC71010 ([email protected])
[21:49:48] *** Quits: WebIRC71010 ([email protected]) (Client Quit)
[21:50:00] *** Quits: WebIRC22159 ([email protected]) (Client Quit)
[21:58:13] <[w33]Luwenth> gynophage: Docker images??   <3!!!!
[21:59:12] <e^ipi> that's pretty super
[21:59:29] <gynophage> Those are as we ran them (I'm pretty sure)
[21:59:50] <gynophage> If you find that to be untrue, please let me know and I'll update it.
[22:00:19] <gynophage> I THINK most entrypoints got updated. But our services were generated into runc containers for speed reasons.
[22:01:06] <gynophage> So, there may be some disconnect. I spot tested a few. And obviously the cgc ones need a cgc kernel to run.
[22:01:29] *** Quits: jinblack ([email protected]) (Remote host closed the connection)
[22:03:16] *** Quits: digitalseraphim ([email protected]) (Ping timeout: 252 seconds)
[22:03:38] *** Quits: rg ([email protected]) (Ping timeout: 252 seconds)
[22:05:27] <tylerni7> super awesome to release that :) thanks legitbs crew <3 
[22:05:39] *** Joins: WebIRC71010 ([email protected])
[22:05:41] <Admir4l> tylerni7 good job brother ^^ 
[22:06:05] <Admir4l> @tylerni7 really your are great hacker in the earth :D
[22:06:31] <tylerni7> lolol, I solved like nothing on PPP, I kept getting sniped by b2xiao who solved everything faster
[22:06:42] <Admir4l> wow :D
[22:06:43] <Admir4l> xD
[22:06:46] <Admir4l> good 
[22:06:54] <Admir4l> i want to talking with b2xiao :D
[22:07:04] <Admir4l> i want to learn somethings ^^ 
[22:08:01] *** Quits: WebIRC71010 ([email protected]) (Client Quit)
[22:09:35] *** Joins: WebIRC71010 ([email protected])
[22:11:12] <q3k> gynophage: that's a pretty sweet setup
[22:11:34] <q3k> gynophage: I'm thinking of doing similar for the dragonsector ctf - currently we just have tarballs extracted into ubuntu chroots running under nsjail
[22:11:37] *** Joins: WebIRC30394 ([email protected])
[22:11:43] *** Joins: spk ([email protected])
[22:11:52] <q3k> gynophage: letting task authors develop on docker and then running on nsjail would probably be better
[22:12:00] <q3k> *and then run
[22:12:13] *** Quits: WebIRC71010 ([email protected]) (Client Quit)
[22:12:31] *** Quits: halb ([email protected]) (Client Quit)
[22:12:55] <gynophage> q3k - you probably want runc
[22:13:13] <gynophage> It injests a docker export.
[22:13:20] <gynophage> And it supports seccomp natively.
[22:13:29] *** Joins: WebIRC71010 ([email protected])
[22:13:32] <gynophage> That's what we did.
[22:13:42] <gynophage> We didn't use seccomp.
[22:14:08] <gynophage> But, docker takes too long to spin a container on each connection.
[22:14:19] <gynophage> I may be working on something less hacky.
[22:14:24] <gynophage> Now that I have free time.
[22:14:26] *** Quits: b3h3m0th ([email protected]) (Client Quit)
[22:15:36] <q3k> gynophage: I'll look into runc, never seen it before. nsjail is nice because it kind of knows it'll be running malicious code
[22:15:50] <q3k> gynophage: and has a builtin xinetd-like sever with rlimits per connections
[22:16:03] <q3k> gynophage: (so no need to have alarm()'s in tasks, etc)
[22:16:13] <gynophage> Ohh. That's nice.
[22:16:46] <gynophage> I prefer posix timers.
[22:17:27] <gynophage> You set them, they live across a fork, and then you seccomp the posix timers API.
[22:18:05] <gynophage> rlimits always bothered me because they don't count time unless the process is doing work.
[22:18:06] <e^ipi> q3k: i use solaris branded zones for that. if your code tries to do anything janky, it's not supported by the kernel anyway
[22:18:09] <memed4> gynophage: could I ask about problem easier?
[22:18:13] <gynophage> alarm is too easy to undo.
[22:18:15] *** Quits: WebIRC71010 ([email protected]) (Client Quit)
[22:19:08] <Ymgve> in-program alarm is so annoying
[22:19:20] <Ymgve> "why did gdb just say my program finished?"
[22:19:33] <q3k> gynophage: nsjail just polls running jails to see if they're over their limit, heh
[22:19:50] <tylerni7> yeah.. like obviously it's not hard to patch out, but it is slightly annoying to not just be able to run something and interact with it while testing...
[22:19:53] <q3k> gynophage: web scale programming
[22:20:11] <q3k> e^ipi: well, if you want every CTF task to be a solaris task...
[22:20:11] <gynophage> We have a watcher that does that too.
[22:20:39] *** Parts: Antisocial_Engineering ([email protected]) ()
[22:20:40] <gynophage> I don't like any extra code in process.
[22:20:45] *** Quits: Admir4l ([email protected]) (Client Quit)
[22:20:46] <q3k> yeah
[22:20:48] <gynophage> I HATED ddtek backdoored.
[22:21:06] <q3k> ...the badger task had an alarm :/
[22:21:19] *** Joins: WebIRC71010 ([email protected])
[22:22:39] *** Quits: WebIRC71010 ([email protected]) (Client Quit)
[22:22:45] <gynophage> Badger was quickly ported from the msp430.
[22:23:09] <q3k> ...badger had an alarm on the msp430? :V
[22:23:26] *** Quits: WebIRC30394 ([email protected]) (Client Quit)
[22:23:37] <[w33]Luwenth> I think I'm missing something simple here.   Got docker installed, ran through their short tutorial and docker/whalesay works fine.   I created the updated image and ran that fine.  When I do a 'docker run easy-prasky' I get: docker: Error response from daemon: Container command '/home/${service}/runner.py' not found or does not exist..
[22:23:56] <sirgoon> no it did not =p
[22:23:56] <q3k> [w33]Luwenth: ENTRYPOINT broken..?
[22:24:04] <[w33]Luwenth> Debugging, I used: docker run -it legitbs/easy-prasky bash --- logged in, $service is set, and the path is there. 
[22:24:16] <[w33]Luwenth> q3k: Is that what docker pays attention to?
[22:24:30] <q3k> sirgoon: you were supposed to release some docs on the origin badger, yo
[22:24:30] <sirgoon> it also had the flag file memory mapped since I wrote the verilog code for the FPGA to map it in
[22:24:33] <q3k> sirgoon: I still have mine
[22:24:38] <q3k> sirgoon: battery puffed and all
[22:24:44] <sirgoon> cheap batteries
[22:24:49] <sirgoon> we tried to cover them in silicone
[22:24:51] <q3k> sirgoon: waiting for a pin UCF so I can reflash it with something fun
[22:25:24] <q3k> i dunno, that spartan should be enough to host some NES reimplementation
[22:25:32] <sirgoon> it might
[22:25:40] <Ymgve> for next defcon quals, please have a web challenge: https://www.w3.org/Daemon/
[22:25:42] <sirgoon> screen resolution is sufficient?
[22:25:56] <q3k> sirgoon: good question, no idea
[22:26:04] <sirgoon> Spartan-6 LX-9 had enough BRAM for 64K of RAM/ROM
[22:26:14] <q3k> sirgoon: I know GB is pretty low res, a bit more than 128x128
[22:26:21] <sirgoon> plus you have a very capable RF chipset too
[22:26:24] <q3k> (GB=the gameboy)
[22:26:33] <sirgoon> could get about a mile or two of range out of it at a lower bit rate
[22:27:11] <sirgoon> it also had 1MBit of SPI SRAM
[22:27:38] <[w33]Luwenth> q3k: Is there a way to view the Dockerfile for an docker image I've pulled?
[22:27:48] <[w33]Luwenth> Here, let me google that for myself :)
[22:28:05] <q3k> [w33]Luwenth: depends whether the docker image tasks uploaded it to the docker hub, or just pushed the images
[22:28:12] <q3k> [w33]Luwenth: you can do some inspection of an image
[22:28:28] <q3k> [w33]Luwenth: that gives you a JSON with stuff like the default entrypoint and cmdline
[22:28:54] <sirgoon> did b2xiao share the wav file of their sploit for secrf?
[22:29:28] <tylerni7> sirgoon: he uploaded his script, and posted a dropbox link on here just a bit ago
[22:29:31] <q3k> yeah, it's somewhere there ^
[22:29:41] <sirgoon> awesome :)
[22:29:47] *** Joins: WebIRC30394 ([email protected])
[22:29:51] <q3k> b2xiao | here's my secrf exploit
[22:29:53] <q3k> b2xiao | https://www.dropbox.com/s/ucdscd4ag97jppz/exploit.wav?dl=0
[22:29:55] <q3k> b2xiao | :P
[22:30:19] <[w33]Luwenth> q3k: Thanks, I did find the json blob that described the image, and the command is there.  But it's acting like it doesn't know how to set $service when I just do a run.  I have a feeling I need to feed a setting somehow so hunting how that works.
[22:30:38] <q3k> not sure how variable interpolation in the entrypoint works tbh
[22:30:43] <sirgoon> the FSK receiver was tuned to 1200 Hz and 2200Hz, (Dell 303 Modem)
[22:30:46] <q3k> I didn't even know you could do that
[22:30:53] *** Joins: structure ([email protected])
[22:30:53] <sirgoon> *Bell 202 modem
[22:31:14] <e^ipi> q3k: actually a retro CTF would be kinda neat
[22:31:17] <sirgoon> tho the bit rate was much lower
[22:31:24] <e^ipi> "here's some IRIX, here's some Solaris, here's VMS... have at it"
[22:31:31] <e^ipi> here's that connor kids mainframe, good luck.
[22:31:39] <q3k> e^ipi: well, there was Itanium at the CONFidence CTF we organized two days ago
[22:31:46] <e^ipi> ... what?
[22:31:46] <q3k> e^ipi: I wanted to get HPUX on it
[22:31:47] <[w33]Luwenth> God, I've managed 2 out of 3 of those, and used all 3 of them
[22:31:56] <q3k> e^ipi: next up is SPARC... maybe? :3
[22:32:06] <[w33]Luwenth> But really, can we have SunOS 4.1.6u3 (I think I have the versioning correct)
[22:32:07] *** Quits: tyega ([email protected]) (Remote host closed the connection)
[22:32:10] <sirgoon> sparc... you can buy old servers on ebay pretty cheap
[22:32:14] *** Joins: WebIRC71010 ([email protected])
[22:32:16] <sirgoon> they just weigh a ton
[22:32:17] <q3k> sirgoon: ...I know, right.
[22:32:19] <[w33]Luwenth> I have a U60 in my garage... 
[22:32:22] <e^ipi> yeah you can pull them out of the trash too...
[22:32:28] <sirgoon> don't ask me how I know about that...
[22:32:30] <q3k> https://twitter.com/q3k/status/733029665959464960
[22:32:36] <e^ipi> i've got a blade1000 in my mom's garage
[22:32:41] *** Quits: structure ([email protected]) (Client Quit)
[22:32:59] <e^ipi> best workstation sun ever built. previous to that, U2.
[22:33:04] <sirgoon> those sparcs use a lot of power too
[22:33:17] <e^ipi> anyway. Goog's CTF used POWER
[22:33:17] *** Quits: WebIRC71010 ([email protected]) (Client Quit)
[22:33:24] <e^ipi> so, it's not unprecedented 
[22:33:32] <q3k> e^ipi: we had a POWER task, too
[22:33:33] <[w33]Luwenth> Ugh, I see the Env settings, I see the Cmd uses the $service that is set in Env.  
[22:33:41] <q3k> e^ipi: nobody solved either the POWER or Itanium task :<<<
[22:33:45] <[w33]Luwenth> It all looks good so far.
[22:33:47] <e^ipi> q3k: what CTF was this?
[22:33:55] <e^ipi> it sounds like I wish I were in it
[22:34:03] <e^ipi> i have... a weird thing with Itanic. I think it's super.
[22:34:05] <q3k> e^ipi: https://ctftime.org/event/308
[22:34:13] <sirgoon> ctf on xbox360?
[22:34:22] <sirgoon> lol
[22:34:23] <q3k> e^ipi: we would've also had a task for the online teaser, but we couldn't get it colocated up until then
[22:34:49] <e^ipi> oh it was in poland, no wonder i couldn't be there
[22:35:00] <q3k> yeah.
[22:35:11] <q3k> we're really thinking of making a serious online CTF soon
[22:35:16] <q3k> but -ENOTIME
[22:35:22] *** Joins: tyega ([email protected])
[22:35:27] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[22:35:34] <e^ipi> ain't that always the case...
[22:35:43] <q3k> yeah.
[22:35:50] <sirgoon> I remember life before running DEFCON
[22:35:53] <sirgoon> sooo much free time
[22:35:56] <q3k> lol
[22:36:03] *** Quits: cx ([email protected]) (Client Quit)
[22:36:54] <memed4> anyone here could I ask for easier...
[22:37:18] *** Quits: WebIRC30394 ([email protected]) (Client Quit)
[22:37:42] <[w33]Luwenth> Ahh... found it.  runner.py's first line is borked.  It should be /usr/bin/env not /bin/env 
[22:38:01] *** Joins: WebIRC71010 ([email protected])
[22:39:22] *** Quits: WebIRC71010 ([email protected]) (Client Quit)
[22:40:17] *** Joins: WebIRC30394 ([email protected])
[22:41:25] <zozo> i see g, nice cgc, :))
[22:41:36] <zozo> great ctf
[22:41:44] <vito> [w33]Luwenth: oops
[22:46:37] *** Quits: Gorge0us ([email protected]) (Client Quit)
[22:47:16] *** Joins: WebIRC71010 ([email protected])
[22:47:26] *** Quits: WebIRC71010 ([email protected]) (Client Quit)
[22:48:54] *** Quits: tyega ([email protected]) (Remote host closed the connection)
[22:49:13] *** Parts: xyz (sid126543@2604:8300:100:200b:6667:5:1:ee4f) ()
[22:51:35] <zozo> how can you handle signal in step?
[22:52:52] <Ymgve> you don't
[22:53:10] <Ymgve> you statically RE what the handler does :)
[22:53:21] <zozo> 'timeskip' also interesting, waiting for solution...
[22:55:16] *** Quits: WebIRC75432 ([email protected]) (Client Quit)
[22:55:30] *** Quits: WebIRC30394 ([email protected]) (Client Quit)
[22:56:19] *** Joins: cgg ([email protected])
[22:56:39] *** Joins: WebIRC30394 ([email protected])
[22:57:17] <vito> timeskip is great
[22:57:18] <vito> https://pbs.twimg.com/media/CjGLu8sWYAUdaQh.png:large
[22:57:28] <vito> h/t to lightning for that one
[22:58:04] *** Quits: WebIRC30394 ([email protected]) (Client Quit)
[22:58:28] <cgg> vito: how do you debug the LEGIT_00002?
[22:58:37] <vito> gdb in a cgc vm
[22:58:42] <vito> and other acronyms
[22:58:54] <vito> http://cgc-docs.legitbs.net/cgc-release-documentation/walk-throughs/debugging-a-cb/
[22:59:08] <cgg> it's ok to debug the other chals, not LEGIT_00002
[22:59:12] *** Joins: tyega ([email protected])
[22:59:24] *** Joins: WebIRC30394 ([email protected])
[22:59:38] <vito> vºv i didn't actually look at that one myself
[22:59:52] <cgg> transmit(0, "Enter the length: ", 18, [0]) = -1 EBADF (Operation not permitted)
[22:59:54] *** Quits: WebIRC30394 ([email protected]) (Client Quit)
[22:59:56] <Ymgve> oh right, legit_00002 tries to write to fp 0
[23:00:02] <Ymgve> I patched the binary
[23:00:27] <cgg> yes, because of the mmap
[23:00:53] <[w33]Luwenth> vito: Any chance you can get a corrected version up?  (I expect you guys wrote a new runner.py)
[23:01:04] <vito> [w33]Luwenth: for which one?
[23:01:22] <cgg> but i don't know why the LEGIT_00002 behave differently
[23:01:43] <[w33]Luwenth> easy-prasky 
[23:02:02] <vito> https://gist.github.com/vito-lbs/124f7b33bc148d3a06ab7e0dcd9f2a7c
[23:02:04] <cgg> eg: if you run ./LEGIT_00002, it works, but if you run ./LEGIT_00002 < input, it fails to run
[23:02:06] <vito> afaik this is correct to production
[23:02:15] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[23:02:28] <vito> but that /bin/env thing would explain why the runc file has to run `python` that
[23:02:32] * vito checks runc
[23:02:34] <Ymgve> cgg: the other binaries use 1 for transmit
[23:02:52] <[w33]Luwenth> the docker image legitbs/easy-prasky has the same script.  /bin/env doesn't exist.
[23:03:14] <vito> "python", "-u", "runner.py"
[23:03:18] <vito> heh welf
[23:03:19] *** Joins: WebIRC30394 ([email protected])
[23:03:23] <vito> python -u runner.py then
[23:03:25] *** Quits: tyega ([email protected]) (Remote host closed the connection)
[23:03:37] <[w33]Luwenth> heh, okay then :) 
[23:04:26] <[w33]Luwenth> That's not the Cmd that shows up in docker inspect :) 
[23:04:35] <vito> yeah, we used runc in prod, not docker
[23:04:50] <[w33]Luwenth> Oh.
[23:04:58] <[w33]Luwenth> *laugh*  Okay then 
[23:05:03] <vito> good to know, but have to defer to gynophage for docker stuff, and he's indisposed for a while vºv
[23:05:34] <vito> depending on that docker in a dockerfile and then CMD python -u runner.py should work
[23:05:45] <vito> but i don't have a cgc kernel with docker enabled handy
[23:06:02] <[w33]Luwenth> No worries, I figured i'd have to figure that part of it out
[23:06:36] *** Quits: cgg ([email protected]) (Client Quit)
[23:07:03] <[w33]Luwenth> that seems to work, except for the acting as a service part.  Will struggle with it later, food now.
[23:07:52] *** Joins: tyega ([email protected])
[23:08:14] *** Quits: mak ([email protected]) (Remote host closed the connection)
[23:11:21] *** Quits: WebIRC30394 ([email protected]) (Client Quit)
[23:12:40] *** Quits: tyega ([email protected]) (Remote host closed the connection)
[23:13:28] *** Joins: fish__ ([email protected])
[23:13:55] <vito> 👍🏻
[23:19:45] *** Joins: structure ([email protected])
[23:21:17] *** Joins: anotherctfer ([email protected])
[23:21:36] *** Joins: tyega ([email protected])
[23:21:57] *** Joins: [SpamAndHex]AKG ([email protected])
[23:24:16] *** Quits: tyega ([email protected]) (Remote host closed the connection)
[23:24:51] *** Quits: fish__ ([email protected]) (Remote host closed the connection)
[23:25:26] *** Quits: structure ([email protected]) (Client Quit)
[23:25:30] *** Joins: tyega ([email protected])
[23:34:29] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[23:40:36] *** Joins: WebIRC47048 ([email protected])
[23:40:51] *** Quits: tyega ([email protected]) (Remote host closed the connection)
[23:41:24] <WebIRC47048> gynophage: can you say whether performance will affect points during finals?
[23:43:31] *** Quits: WebIRC47048 ([email protected]) (Client Quit)
[23:43:37] *** Joins: WebIRC47048 ([email protected])
[23:48:08] *** Quits: lolz ([email protected]) (Client Quit)
[23:49:01] <zardus> if it doesn't, it'll really throw our crs for a loop
[23:49:02] <zardus> ;-)
[23:51:33] <vito> WebIRC35378: it absolutely will
[23:52:11] <vito> have to incentivize you bastards to use less cluster time
[23:53:20] *** Joins: WebIRC25733 ([email protected])
[23:55:51] *** Joins: cx ([email protected])
[23:57:03] <WebIRC47048> vito: isn't that a perverse incentive to optimize random parts of our services?
[23:57:15] <vito> optimize all the parts
[23:57:37] <WebIRC47048> weird.
[23:58:17] *** Quits: kkk ([email protected]) (Client Quit)
[23:58:57] <vito> multiple dimensions of perf too: binary size, maxrss, time

20160523.log

[00:01:11] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[00:01:48] * vito sleeps
[00:01:54] *** Joins: tyega ([email protected])
[00:02:05] *** Quits: WebIRC61265 ([email protected]) (Client Quit)
[00:03:06] *** Joins: FinishOption ([email protected])
[00:04:15] *** Quits: FinishOption ([email protected]) (Client Quit)
[00:05:15] *** Quits: WebIRC25733 ([email protected]) (Client Quit)
[00:05:22] *** Joins: WebIRC25733 ([email protected])
[00:06:50] *** Quits: q1a1 ([email protected]) (Ping timeout: 252 seconds)
[00:14:28] *** Quits: bool101 ([email protected]) (Client Quit)
[00:14:28] *** Joins: kkk ([email protected])
[00:14:53] *** Joins: bool101 ([email protected])
[00:17:53] *** Parts: attobit ([email protected]) ()
[00:38:22] *** Quits: t1deman ([email protected]) (Ping timeout: 252 seconds)
[00:40:15] <WebIRC47048> vito: so this sounds way different from previous defcon scoring
[00:48:26] <WebIRC47048> vito: does the same apply to povs or just services?
[00:52:47] <gynophage> I'll fix the /bin/env thing.
[00:53:26] <gynophage> Sorry. Like Vito said - it was lost in translation. runc spec doesn't parse entrypoint.
[00:55:58] <gynophage> Also, the cgc images have the huge "must have cgc kernel" caveat.
[00:56:20] <gynophage> I dunno if I'm gonna get the images updated tonight. I just drove 180 miles.
[01:04:55] <WebIRC47048> any idea how much perf/footprint will affect scoring, and whether it will be just services or also povs?
[01:05:40] *** Parts: hugsy ([email protected]) (Connection reset by beer)
[01:06:26] <[w33]Luwenth> gynophage: When you get a chance is fine, thanks :) 
[01:06:43] <[w33]Luwenth> we're going to keep bashing on them and having the real puzzle to bash will be nice :)
[01:06:44] <zardus> WebIRC47048: welcome to our hell: https://github.com/CyberGrandChallenge/cgc-release-documentation/blob/master/walk-throughs/scoring-cbs.md, https://cgc.darpa.mil/CGC_FAQ.pdf
[01:08:34] <WebIRC47048> thanks!
[01:09:29] <WebIRC47048> so that indicates just challenge binaries are scored and pov efficiency doesn't matter as much
[01:10:15] <WebIRC47048> still bugs me that tis-100-cheating-style cycle hacks could help my defcon finals score
[01:13:36] <WebIRC47048> also what about round times?
[01:15:51] *** Quits: bool101 ([email protected]) (Client Quit)
[01:16:21] *** Joins: bool101 ([email protected])
[01:24:07] *** Quits: tyega ([email protected]) (Ping timeout: 252 seconds)
[01:26:23] *** Joins: tyega ([email protected])
[01:27:42] *** Quits: sudhackar ([email protected]) (Client Quit)
[01:33:17] *** Quits: WebIRC47048 ([email protected]) (Client Quit)
[01:33:23] *** Joins: WebIRC47048 ([email protected])
[01:34:23] *** Quits: WebIRC25733 ([email protected]) (Client Quit)
[01:34:31] *** Joins: WebIRC25733 ([email protected])
[01:43:40] *** Quits: tyega ([email protected]) (Remote host closed the connection)
[01:44:03] *** Joins: tyega ([email protected])
[01:45:03] *** Quits: WebIRC25733 ([email protected]) (Client Quit)
[01:45:10] *** Joins: WebIRC25733 ([email protected])
[01:50:22] <zardus> WebIRC47048: err, sorry. the POVs matter a ton. Check out: https://cgc.darpa.mil/CGC_Rules_18_Nov_14_Version_3.pdf
[01:50:53] <zardus> gdi, so many docs
[01:51:21] <zardus> check out the scoring in the FAQ :-)
[01:51:21] *** Quits: WebIRC47048 ([email protected]) (Client Quit)
[01:52:21] *** Quits: WebIRC25733 ([email protected]) (Client Quit)
[01:52:27] *** Joins: WebIRC25733 ([email protected])
[01:53:41] *** Joins: WebIRC47048 ([email protected])
[01:57:31] *** Quits: WebIRC47048 ([email protected]) (Client Quit)
[01:58:56] *** Quits: WebIRC25733 ([email protected]) (Client Quit)
[01:59:46] *** Quits: dt ([email protected]) (Client Quit)
[02:02:27] *** Joins: WebIRC47048 ([email protected])
[02:04:41] *** Quits: WebIRC47048 ([email protected]) (Client Quit)
[02:04:55] *** Joins: WebIRC47048 ([email protected])
[02:07:21] *** Quits: visi_is_jizi ([email protected]) (Quit: leaving)
[02:08:17] *** Quits: WebIRC47048 ([email protected]) (Client Quit)
[02:09:35] *** Joins: jinmo123 ([email protected])
[02:10:15] *** Parts: mx_ ([email protected]) ()
[02:10:57] *** Joins: WebIRC47048 ([email protected])
[02:12:23] *** Quits: WebIRC47048 ([email protected]) (Client Quit)
[02:16:10] *** Quits: cx ([email protected]) (Client Quit)
[02:17:10] *** Quits: bool101 ([email protected]) (Client Quit)
[02:17:45] *** Joins: bool101 ([email protected])
[02:20:29] *** Quits: jinmo123 ([email protected]) (Client Quit)
[02:23:28] *** Quits: lefu ([email protected]) (Client Quit)
[02:23:36] *** Parts: dahlukeh ([email protected]) ()
[02:26:07] *** Quits: add1ct ([email protected]) (Read error: Connection reset by peer)
[02:28:26] *** Joins: add1ct ([email protected])
[02:30:40] *** Joins: t1deman ([email protected])
[02:35:15] *** Quits: t1deman ([email protected]) (Ping timeout: 252 seconds)
[02:37:17] *** Quits: WebIRC76102 ([email protected]) (Client Quit)
[02:39:00] *** Joins: Ninn ([email protected])
[02:46:32] *** Joins: jinmo123 ([email protected])
[02:49:21] *** Joins: dqi ([email protected])
[02:53:32] *** Quits: wmliang ([email protected]) (Client Quit)
[03:02:45] *** Quits: jinmo123 ([email protected]) (Client Quit)
[03:03:35] *** Joins: WebIRC47048 ([email protected])
[03:06:02] *** Parts: xiao ([email protected]) ()
[03:06:50] *** Joins: WebIRC76102 ([email protected])
[03:07:24] *** Joins: jinmo123x ([email protected])
[03:11:51] *** Joins: n2n ([email protected])
[03:17:21] <e^ipi> in re CGC, has anyone actually published a cgc engine as a sort of idea of where to start?
[03:17:28] *** Joins: lefu ([email protected])
[03:18:03] <zardus> like, a CRS?
[03:19:29] *** Quits: bool101 ([email protected]) (Client Quit)
[03:19:41] *** Joins: bool101 ([email protected])
[03:21:27] <e^ipi> uhh
[03:21:32] <e^ipi> okay?
[03:21:44] <WebIRC47048> you mean the automated solving and patching code?
[03:21:52] <e^ipi> yah
[03:21:55] <e^ipi> that's what i mean :)
[03:21:55] <WebIRC47048> yeah that's a CRS
[03:21:57] <zardus> not that i'm aware of. anyone that's building a CRS for the finals is in competition for the prize moneys, so i guess most are hoarding their secrets
[03:22:26] <WebIRC47048> kinda makes me want to build shittyCRS that has everything but reasonable algorithms
[03:22:33] <zardus> the closest that i can think of is angr (https://github.com/angr/angr), which is one of the building blocks of our (Shellphish's) CRS
[03:22:34] <WebIRC47048> will help for finals anyway
[03:22:46] <e^ipi> WebIRC47048: that'd be super awesome.
[03:22:53] <e^ipi> I learned operating systems that way... 
[03:22:57] <zardus> but angr is really a program analysis building block. there's a lot of other stuff that needs to go into a CRS
[03:23:28] <WebIRC47048> otoh I have other things on my list to build for finals
[03:23:31] <WebIRC47048> e^ipi: which team are you on?
[03:24:56] <ar1s> zardus: did you CRS find/solve Legit00004 ?
[03:25:07] <ar1s> *your
[03:25:08] <WebIRC47048> ar1s: you kidding?
[03:25:17] <e^ipi> WebIRC47048: one of the crappy ones. :P 
[03:25:23] <WebIRC47048> I guess you could fuzz and find a correlation?
[03:25:29] <e^ipi> I was just more curious how it's done
[03:25:33] <zardus> ar1s: that'd be a trade secret right there ;-)
[03:25:39] <WebIRC47048> actually...
[03:25:41] <ar1s> zardus: :)
[03:26:04] <WebIRC47048> ar1s: after the fact I can definitely think of ways a CRS can solve that kind of leak
[03:26:28] <ar1s> being able to infer that the secret page is leaking into code paths would be very hard to do
[03:26:38] <ar1s> especially since I think that violates CGC rules
[03:27:33] <WebIRC47048> well...
[03:27:45] <WebIRC47048> I have a thing that would find that correlation
[03:28:05] <WebIRC47048> the problem I had with 00004 was you can't patch that reasonably
[03:28:15] <WebIRC47048> unless cgc rules are broken
[03:28:50] <ar1s> my patch would have been to change the adresses from secret page back to rodata
[03:28:55] <ar1s> and read pdf's instead
[03:29:30] <WebIRC47048> my theoretical patch was to change +1 to +8 or sth
[03:29:35] <WebIRC47048> so you don't get adjacent bytes
[03:29:42] <ar1s> but that's not a decision a machine could take
[03:30:11] <ar1s> hmm yes changing the +2 to +5 or so
[03:30:11] <WebIRC47048> honestly patching this would be harder than finding it with a machine
[03:30:34] <WebIRC47048> but yeah I think this still violates rules
[03:32:00] <jinmo123x> if binary can be completely analyzed than is it can be reconstructed?
[03:32:35] <ar1s> I haven't read a rule specifying secret page shouldn't been accessed by legit CB, but a rule specifying control flow can't depend on random values
[03:36:10] *** Quits: n2n ([email protected]) (Client Quit)
[03:36:13] *** Joins: n2n ([email protected])
[03:41:07] *** Quits: n2n ([email protected]) (Client Quit)
[03:43:54] *** Quits: dqi ([email protected]) (Ping timeout: 252 seconds)
[03:44:37] *** Quits: jinmo123x ([email protected]) (Client Quit)
[03:50:33] *** Quits: tyega ([email protected]) (Remote host closed the connection)
[03:52:44] *** Joins: tyega ([email protected])
[03:52:45] *** Quits: tyega ([email protected]) (Remote host closed the connection)
[03:52:47] *** Joins: tyega ([email protected])
[03:55:09] *** Joins: tyega_ ([email protected])
[03:55:37] *** Joins: b3h3m0th (uid26288@2604:8300:100:200b:6667:2:0:66b0)
[03:55:56] <b3h3m0th> When can we expect scoreboard to be up ?
[03:56:52] *** Joins: Dor1s ([email protected])
[03:57:06] *** Quits: tyega ([email protected]) (Ping timeout: 252 seconds)
[04:01:25] *** Quits: Dor1s ([email protected]) (Ping timeout: 252 seconds)
[04:02:03] <espes__> time sink was such a time sink
[04:02:31] <espes__> didn't really have a dx11 computer so spent most of the contest doing it statically -_-
[04:03:35] <espes__> https://gist.github.com/espes/7477523e65b0f2619620d7f2c2fd4fbc/
[04:04:41] <factoreal> hi all
[04:04:48] <factoreal> where I can see full scoreboard?
[04:05:13] <factoreal> it seems that site id down, right?
[04:11:18] <b3h3m0th> factoreal:  yeah, it's been down since a few minutes after contest ended.
[04:16:30] *** Quits: lefu ([email protected]) (Client Quit)
[04:16:50] *** Joins: Dor1s ([email protected])
[04:18:42] *** Joins: lefu ([email protected])
[04:20:41] *** Quits: bool101 ([email protected]) (Client Quit)
[04:21:13] *** Quits: Dor1s ([email protected]) (Ping timeout: 252 seconds)
[04:21:24] *** Joins: bool101 ([email protected])
[04:32:44] *** Joins: t1deman ([email protected])
[04:36:02] <b3h3m0th> ops around ?
[04:36:19] *** Joins: Jetski ([email protected])
[04:36:34] <Jetski> yo
[04:37:04] *** Quits: t1deman ([email protected]) (Ping timeout: 252 seconds)
[04:37:04] <b3h3m0th> are you op ?
[04:37:18] <Jetski> na
[04:39:49] *** Quits: warl0ck ([email protected]) (Quit: Hackint WebIRC - http://hackint.org/)
[04:41:05] <b3h3m0th> http://webcache.googleusercontent.com/search?q=cache:2016.legitbs.net/scoreboard/complete
[04:41:13] <b3h3m0th> factoreal: ^
[04:43:12] *** Quits: Ninn ([email protected]) (Client Quit)
[04:44:12] *** Quits: Jetski ([email protected]) (Client Quit)
[04:51:57] <laxa> vito, hoju, Gynvael: there is a typo in your blog wrapup 
[04:52:04] <laxa> gh link is broken
[04:52:28] *** Quits: tyega_ ([email protected]) (Ping timeout: 252 seconds)
[05:01:26] *** Joins: shivanshu ([email protected])
[05:04:52] *** Quits: WebIRC47048 ([email protected]) (Client Quit)
[05:09:42] *** Joins: lenerd_ ([email protected])
[05:15:54] *** Quits: win ([email protected]) (Ping timeout: 240 seconds)
[05:20:37] *** Quits: lenerd_ ([email protected]) (Ping timeout: 252 seconds)
[05:21:30] *** Joins: csec ([email protected])
[05:24:19] *** Quits: kkk ([email protected]) (Client Quit)
[05:25:46] *** Quits: bool101 ([email protected]) (Client Quit)
[05:25:49] *** Joins: Ninn ([email protected])
[05:25:52] *** Quits: csec ([email protected]) (Client Quit)
[05:26:21] *** Joins: bool101 ([email protected])
[05:34:38] *** Parts: dtouch3d ([email protected]) ()
[05:35:31] *** Joins: tyega ([email protected])
[05:35:49] *** Joins: lenerd ([email protected])
[05:40:30] *** Quits: lenerd ([email protected]) (Ping timeout: 252 seconds)
[05:43:04] *** Quits: tyega ([email protected]) (Ping timeout: 252 seconds)
[05:43:21] *** Quits: RJHacker18134 ([email protected]) ()
[05:44:23] *** Joins: Oshino ([email protected])
[05:44:33] *** Oshino is now known as RJHacker77684
[05:47:59] *** Parts: mourn ([email protected]) ()
[06:04:14] *** Joins: WebIRC47048 ([email protected])
[06:05:39] *** Quits: WebIRC47048 ([email protected]) (Client Quit)
[06:05:43] *** Joins: Dor1s ([email protected])
[06:10:52] *** Quits: Dor1s ([email protected]) (Client Quit)
[06:16:56] *** Quits: WebIRC35378 ([email protected]) (Client Quit)
[06:27:58] *** Quits: bool101 ([email protected]) (Client Quit)
[06:28:20] *** Joins: bool101 ([email protected])
[06:29:27] *** Joins: lenerd_ ([email protected])
[06:32:34] *** Quits: [SpamAndHex]AKG ([email protected]) (Ping timeout: 252 seconds)
[06:33:47] *** Joins: zzoru ([email protected])
[06:34:38] *** Joins: t1deman ([email protected])
[06:37:48] *** Joins: mourn ([email protected])
[06:38:07] <mourn> https://github.com/legitbs/quals-2016/blob/master/badger/lzssvw.c#L28
[06:38:18] <mourn> how is this a fix when it still overflows by 800 bytes
[06:38:21] <mourn> ?
[06:39:24] *** Quits: zzoru ([email protected]) (Ping timeout: 240 seconds)
[06:39:54] *** Quits: t1deman ([email protected]) (Ping timeout: 240 seconds)
[06:42:12] *** Parts: frienz (~illblew@2001:19f0:300:602c:5400:ff:fe1c:280) (WeeChat 1.3)
[06:46:49] *** Quits: JoyRe (anon1@gateway/tor-unverified) (Ping timeout: 134 seconds)
[06:47:35] *** Joins: win ([email protected])
[06:52:35] *** Joins: yanewbie ([email protected])
[06:52:35] <gynophage> ar1s: if the magic page is accessible by the CB under benign code paths, it makes it impossible to patch (assuming the poller depends on this - CGC pollers have access to magic page data). And that makes for lame stuff.
[06:52:51] <ar1s> https://github.com/legitbs/quals-2016/blob/master/legit_00004/poller/for-release/machine.py#L51 we were lucky that legitbs' exploit wasn't working and the patch was automatically accepted
[06:53:38] <ar1s> gynophage: funny I was right browsing that code
[06:53:48] <ar1s> *currently
[06:54:10] <ar1s> sorry not exploit, "pov"
[06:54:25] <gynophage> Whatever. Exploit.
[06:54:33] <gynophage> I'm not DARPA. I do what I want.
[06:55:42] <gynophage> I don't have to pretend any of this is defensive. Title authority and all that shit aren't in play. And some neckbeard from the ACLU isn't going to cry about my game.
[06:56:10] <ar1s> the solution would be to randomly change the behavior of the CG (bitflips ?) while hopping it would pass test but stop the pov from working
[06:56:48] <gynophage> "Hope" makes for a shitty and subjective game.
[06:57:33] <gynophage> We shouldn't have anything unpatchable in finals.
[06:58:11] <ar1s> French people call that the "Jean-Claude Dusse method" in reference to a famous French movie. "Forget it's hopeless and go ahead, it might work on a misunderstanding"
[06:58:25] <gynophage> Well, patching makes you lose SLA.
[06:58:58] <ar1s> yes, not familiar with the undisclosed DCCTF rules yet :)
[06:59:27] *** Joins: lolz ([email protected])
[06:59:44] <yanewbie> how the time_sink chal was come? it just has a single patch file
[07:00:46] <gynophage> We'll make it clear. It makes sense. There's no ASLR in DECREE. The "downtime on patch" rules keeps teams from releasing a new path every round with a different base address, and then suddenly ASLR.
[07:02:19] <ar1s> I had some thoughts about how to restrict the kind of patches teams could use, an idea I had was to restrict w/ a maximum hamming weight between orig & patched
[07:02:40] <ar1s> so rebasing and weird sandboxing tricks are out of the question
[07:03:20] <mourn> dc ctf will be exclusively cgc then ?
[07:03:27] <ar1s> mourn: yes
[07:03:41] <yanewbie> all chall for decree vm??
[07:04:16] <yanewbie> ah, so cgc finalists will compete together?
[07:05:04] *** Joins: WebIRC47048 ([email protected])
[07:06:16] <[SpamAndHex]NGG> will it be attack-defense style cgc, so everyone has to patch the binaries on their own vm and get the flags from others every few minutes? or will it be like cgc pov tasks in this qual?
[07:07:01] *** Quits: WebIRC47048 ([email protected]) (Client Quit)
[07:07:31] <gynophage> ar1s: that seems to be the case. CGC is diminished a bit in what you can do, but that theoretically keeps voodoo super man defenses out.
[07:08:37] <gynophage> [SpamAndHex]NGG: somewhere between the two. You'll submit RBs, and POVs. But you won't have a box to be a janitor of.
[07:08:56] *** Joins: zirolkisho (node1@hackint/user/zirolkisho)
[07:10:23] <gynophage> And you'll get all other teams RBs. So if they patch in a shitty way, you'll still be able to provide a pov.
[07:11:20] *** Joins: Dor1s ([email protected])
[07:11:30] *** [SpamAndSex]_2can is now known as _2can
[07:11:33] <[SpamAndHex]NGG> so if i upload a new RB all existing POVs will be tested against it? and vice-versa?
[07:11:47] <gynophage> I think?
[07:12:10] <gynophage> I forget if teams say who they want to throw their pov against. I think they do?
[07:12:11] <ar1s> and you get a tweet when your pov aren't working anymore
[07:12:39] <[SpamAndHex]NGG> If I receive other teams' RBs then why can't I simply submit it as well?
[07:14:14] *** Joins: [SpamAndHex]AKG ([email protected])
[07:14:15] <mourn> i think you apply patch to you vm and attack others
[07:14:48] <gynophage> I really like the sharing of patches. If LBS hosts another year, we'll probably include that into our normal style game.
[07:15:26] <mourn> you plan on continuing with cgc for next year ?
[07:15:59] <[SpamAndHex]NGG> But then if the first team patches his binary then all the other teams will just copy that patch, won't they?
[07:17:24] *** Quits: Dor1s ([email protected]) (Ping timeout: 240 seconds)
[07:17:36] *** Joins: tyega ([email protected])
[07:17:46] <[SpamAndHex]NGG> Assuming I have an exploit then I should not patch my own vm because then my exploit will be worthless. I don't really understand how can it work
[07:18:29] <gynophage> [SpamAndHex]NGG: nothing mechanically prevents what you've suggested. I can think of many reasons why doing so wouldn't be wise. This is left as an exercise to the reader.
[07:18:31] <mourn> the only winning move is not to play
[07:19:14] <[SpamAndHex]NGG> ok, thx for the info
[07:19:16] *** Joins: dqi ([email protected])
[07:29:02] <[SpamAndHex]NGG> There will be packed, obfuscated patches with hidden backdoors :) I love it already :)
[07:32:24] *** Quits: dqi ([email protected]) (Ping timeout: 240 seconds)
[07:32:43] <ar1s> change all instructions with synonyms to increase the binary difference ratio
[07:47:49] <Kokjo> Does anyone have a writeup of kiss?
[07:52:03] <ar1s> haven't seen one
[07:52:31] <ar1s> there were two tricks after you get control of rip
[07:53:09] <ar1s> notice that binbase ld.so base and libc.so base delta are constant on ubuntu 14.04
[07:54:19] <ar1s> there's a useful mov rsp, xxx gadget in ldsobase + 0x1698B, from there it's a simple rop
[08:01:41] *** Quits: yanewbie ([email protected]) (Client Quit)
[08:03:02] *** Joins: tyega_ ([email protected])
[08:04:01] <c3> ar1s: i wonder if anyone solved it without ld.so
[08:04:53] *** Quits: tyega ([email protected]) (Ping timeout: 252 seconds)
[08:05:29] <ar1s> at some point we contemplated trying every accessible .text address and watch for interesting results, but no tool for it (and dirty!)
[08:05:53] *** Joins: WebIRC47048 ([email protected])
[08:07:00] <c3> i was thinking about using JOP, and i had a few good gadgets for setting rdi, but always dependet on rax (which i couldn't set)
[08:07:49] *** Quits: WebIRC47048 ([email protected]) (Client Quit)
[08:16:51] *** Joins: dqi ([email protected])
[08:20:18] <Ymgve> gynophage: won't sharing patched binaries mean everyone just copies the first patch they find?
[08:21:27] <gynophage> Ymgve: lol
[08:21:50] <gynophage> Totally_patched_binary.exe
[08:23:07] <ar1s> emmawatsonnude.jgp.exe
[08:23:30] <Ymgve> how will attack discovery work btw? do we get logs of the "network traffic" or access to other teams POVs?
[08:23:44] <Ymgve> or will it just be "your shit's pwned. fix it."
[08:24:43] *** Quits: tyega_ ([email protected]) (Remote host closed the connection)
[08:27:12] *** Joins: Dor1s ([email protected])
[08:29:28] <ar1s> I looked for a way for cb-test, cb-server and others to generate a traffic trace, didn't find anything
[08:30:56] *** Quits: bool101 ([email protected]) (Client Quit)
[08:31:14] *** Joins: bool101 ([email protected])
[08:31:24] *** Quits: Dor1s ([email protected]) (Ping timeout: 240 seconds)
[08:35:19] *** Quits: dqi ([email protected]) (Ping timeout: 252 seconds)
[08:37:27] *** Joins: t1deman ([email protected])
[08:40:18] <gynophage> ar1s --pcap option exists on one of those tools
[08:41:03] <ar1s> should have searched better. I rolled back to printf debugging
[08:41:08] <gynophage> There's some network trace made available that's not exactly pcap. I have a feeling we'll throw that data into a pcap with faked source/dest info
[08:41:48] <gynophage> While also providing the same data stream from CFE (we have to do that second part or the machine will be blind)
[08:41:55] *** Quits: t1deman ([email protected]) (Ping timeout: 252 seconds)
[08:43:30] *** Joins: L0rdComm4ander (~Adium@2001:690:2100:1b:2978:ae6e:bef5:27b7)
[08:47:09] *** Joins: tyega ([email protected])
[08:48:43] *** Quits: whatitdo ([email protected]) (Client Quit)
[08:50:14] <Ymgve> I guess we'll just steal the unobfuscated patches
[08:52:14] *** Quits: tyega ([email protected]) (Remote host closed the connection)
[08:53:26] *** Joins: tyega ([email protected])
[08:53:44] *** Quits: lenerd_ ([email protected]) (Ping timeout: 252 seconds)
[08:55:34] *** Quits: tyega ([email protected]) (Remote host closed the connection)
[08:56:46] *** Joins: tyega ([email protected])
[09:01:38] <bmc> gynophage: you can read it with wireshark!
[09:01:49] *** Quits: lcwntq ([email protected]) (Remote host closed the connection)
[09:01:50] *** Joins: dqi ([email protected])
[09:01:57] <bmc> There is a released wireshark plugin, as the protocol is pretty trivial
[09:03:38] *** Quits: [SpamAndHex]AKG ([email protected]) (Ping timeout: 252 seconds)
[09:06:29] *** Joins: WebIRC47048 ([email protected])
[09:07:08] *** Quits: [SpamAndHex]NGG ([email protected]) (Client Quit)
[09:07:33] *** Joins: [SpamAndHex]NGG ([email protected])
[09:08:20] <[SpamAndHex]NGG> obfuscated patches can have backdoors in them, the author of the patch will still be able to exploit if you steal that
[09:08:24] *** Quits: WebIRC47048 ([email protected]) (Client Quit)
[09:09:49] *** Joins: err0r_ ([email protected])
[09:09:59] <ar1s> they'll also be very easy to spot, but I want to see someone falling for it
[09:10:17] <Ymgve> the backdoor or the obfuscation?
[09:10:38] <[SpamAndHex]NGG> the backdoor won't be easily spottable if the whole binary is packed and obfuscated
[09:11:54] *** Quits: err0r ([email protected]) (Ping timeout: 240 seconds)
[09:12:50] *** Quits: tyega ([email protected]) (Remote host closed the connection)
[09:21:09] *** Joins: tyega ([email protected])
[09:24:55] *** Quits: uafio ([email protected]) (Quit: Leaving.)
[09:25:58] *** Quits: tyega ([email protected]) (Remote host closed the connection)
[09:29:10] *** Joins: WebIRC87118 ([email protected])
[09:32:10] *** Quits: bool101 ([email protected]) (Client Quit)
[09:32:40] *** Joins: bool101 ([email protected])
[09:33:24] *** Quits: Ninn ([email protected]) (Ping timeout: 240 seconds)
[09:35:02] *** Joins: Ninn ([email protected])
[09:38:26] *** Quits: WebIRC87118 ([email protected]) (Client Quit)
[09:45:54] *** Quits: jay ([email protected]) (Quit: Hackint WebIRC - http://hackint.org/)
[09:49:06] *** Quits: dqi ([email protected]) (Ping timeout: 252 seconds)
[09:50:02] *** Quits: breadsticks ([email protected]) (Client Quit)
[09:56:26] *** Quits: win ([email protected]) (Ping timeout: 252 seconds)
[10:07:18] *** Joins: WebIRC47048 ([email protected])
[10:07:39] *** Joins: tyega ([email protected])
[10:08:52] *** Quits: WebIRC47048 ([email protected]) (Client Quit)
[10:10:22] *** Joins: qwe0asd ([email protected])
[10:12:07] *** Quits: tyega ([email protected]) (Ping timeout: 252 seconds)
[10:15:17] *** Joins: Dor1s ([email protected])
[10:15:29] *** Quits: Ninn ([email protected]) (Read error: Connection reset by peer)
[10:18:50] *** Joins: Ninn ([email protected])
[10:19:24] *** Quits: Dor1s ([email protected]) (Ping timeout: 240 seconds)
[10:24:28] *** Joins: [SpamAndHex]AKG ([email protected])
[10:29:52] *** Joins: dqi ([email protected])
[10:32:44] *** Quits: Ninn ([email protected]) (Read error: Connection reset by peer)
[10:33:54] *** Quits: bool101 ([email protected]) (Client Quit)
[10:34:08] *** Joins: bool101 ([email protected])
[10:35:18] *** Quits: dqi ([email protected]) (Ping timeout: 252 seconds)
[10:39:17] *** Joins: t1deman ([email protected])
[10:39:28] *** Joins: Ninn ([email protected])
[10:42:24] *** Joins: JoyRe (anon1@gateway/tor-unverified)
[10:43:44] *** Quits: Ninn ([email protected]) (Ping timeout: 252 seconds)
[10:43:44] *** Quits: t1deman ([email protected]) (Ping timeout: 252 seconds)
[10:44:26] *** Quits: b3h3m0th (uid26288@2604:8300:100:200b:6667:2:0:66b0) (Client Quit)
[10:46:05] *** Quits: WebIRC68682 ([email protected]) (Client Quit)
[10:48:40] *** Joins: dvx ([email protected])
[10:53:02] <qwe0asd> any writeups for kiss ?
[10:53:07] *** qwe0asd is now known as uafio
[10:57:14] *** Quits: zirolkisho (node1@hackint/user/zirolkisho) (Remote host closed the connection)
[10:57:52] *** Joins: lenerd ([email protected])
[11:06:04] *** Joins: win ([email protected])
[11:07:59] *** Joins: WebIRC47048 ([email protected])
[11:11:33] *** Quits: WebIRC47048 ([email protected]) (Client Quit)
[11:21:11] *** Joins: Dor1s ([email protected])
[11:24:35] <[SpamAndHex]AKG> any news when to expect the list of qualified teams?
[11:32:53] *** Quits: Dor1s ([email protected]) (Client Quit)
[11:34:46] *** Joins: dqi ([email protected])
[11:35:21] *** Quits: bool101 ([email protected]) (Client Quit)
[11:35:35] *** Joins: bool101 ([email protected])
[11:38:38] *** Joins: aradia ([email protected])
[11:39:01] *** Quits: dqi ([email protected]) (Ping timeout: 252 seconds)
[11:40:15] *** Joins: WebIRC47048 ([email protected])
[11:43:51] <P1kachu> They tweeted something about this (some wrapup post)
[11:50:00] *** Quits: dvx ([email protected]) (Client Quit)
[11:52:51] *** Joins: WebIRC35378 ([email protected])
[11:56:57] <fester> https://blog.legitbs.net/
[12:03:35] <gynophage> bmc - didn't know about the wire shark plugin. Thanks.
[12:03:40] *** Quits: lenerd ([email protected]) (Ping timeout: 252 seconds)
[12:04:40] *** Quits: WebIRC47048 ([email protected]) (Client Quit)
[12:04:40] *** Quits: lefu ([email protected]) (Client Quit)
[12:16:05] *** Quits: L0rdComm4ander (~Adium@2001:690:2100:1b:2978:ae6e:bef5:27b7) (Client Quit)
[12:20:05] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[12:21:46] <bmc> https://github.com/CyberGrandChallenge/network-appliance/blob/master/extra/cgc.lua 
[12:29:31] *** Joins: zzoru ([email protected])
[12:33:56] *** Quits: aradia ([email protected]) (Remote host closed the connection)
[12:36:33] *** Quits: bool101 ([email protected]) (Client Quit)
[12:37:12] *** Joins: bool101 ([email protected])
[12:37:50] *** Joins: aradia ([email protected])
[12:41:07] *** Joins: t1deman ([email protected])
[12:43:11] *** Quits: zzoru ([email protected]) (Ping timeout: 252 seconds)
[12:44:02] *** Joins: lefu ([email protected])
[12:46:34] *** Quits: t1deman ([email protected]) (Ping timeout: 252 seconds)
[12:46:57] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[12:52:17] *** Quits: lefu ([email protected]) (Client Quit)
[12:55:01] *** Joins: rjenish ([email protected])
[13:03:44] *** Joins: WebIRC47048 ([email protected])
[13:05:21] *** Quits: WebIRC47048 ([email protected]) (Client Quit)
[13:06:05] <gynophage> If only there were a centralized dump of all this info...
[13:07:18] *** Quits: timpwn (anon1@gateway/tor-unverified) (Ping timeout: 134 seconds)
[13:08:51] *** Joins: timpwn (anon1@gateway/tor-unverified)
[13:09:52] *** Quits: WebIRC76102 ([email protected]) (Client Quit)
[13:22:51] *** Joins: L0rdComm4ander (~Adium@2001:690:2100:19:d9ff:1c64:5cd3:c67e)
[13:23:22] *** Joins: ripr4p (sid156184@hackint/user/ripr4p)
[13:23:30] *** Joins: WebIRC47048 ([email protected])
[13:24:54] *** Quits: WebIRC47048 ([email protected]) (Client Quit)
[13:26:03] *** Joins: nnqufq ([email protected])
[13:27:10] *** Joins: Dor1s ([email protected])
[13:28:33] <WebIRC35378> Is there a chat log archive for this channel?
[13:31:35] *** Quits: Dor1s ([email protected]) (Ping timeout: 252 seconds)
[13:32:46] *** Quits: shivanshu ([email protected]) (Ping timeout: 252 seconds)
[13:37:27] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[13:37:40] <[SpamAndHex]AKG> P1kachu, nothing about the qulified team's list
[13:40:41] <P1kachu> Oh my bad
[13:40:54] <P1kachu> Wait, may have something else 
[13:43:04] <P1kachu> [SpamAndHex]AKG: https://twitter.com/_antonio_bc_/status/734550540965707776
[13:43:11] <P1kachu> Not official but quite accurate
[13:46:31] *** Joins: Ninn ([email protected])
[13:48:40] <[SpamAndHex]AKG> we know the results, but we still remain a question
[13:50:32] <[SpamAndHex]AKG> PPP is prequalified, and blue-lotus is prequalified (who played in blo0p = blue-lotus + 0ops) but regarding this we don't know wether we should count with blo0p or not
[13:50:39] <[SpamAndHex]AKG> P1kachu, ^
[13:50:39] *** Quits: aradia ([email protected]) (Remote host closed the connection)
[13:51:31] <mserrano> we're not prequalified
[13:51:34] <mserrano> we qualified through these quals
[13:53:21] *** Joins: lenerd ([email protected])
[13:53:44] <ar1s> Defktor was prequalified
[13:54:22] <[SpamAndHex]AKG> mserrano, are you in blo0p?
[13:55:57] <[SpamAndHex]AKG> mserrano, sorry i fucked up DEFKOR instead of PP
[13:55:59] <[SpamAndHex]AKG> *PPP
[13:59:42] <nwx> WebIRC35378: did you want logs?
[14:01:12] <WebIRC35378> Yeah :)
[14:01:17] <nwx> 1 sec