Preface#
Looking forward to it, looking forward to it, the annual Cybersecurity Genshin hackergame search technical test has finally arrived. This year's introductory questions are fewer than last year's, only getting 1k7. As a non-computer major user, I feel I'm still too inexperienced.
Next, let's talk about the mental journey of solving each question, written in the order I solved them. It may include: AI is my big dad, ramblings, random memes, self-entertainment, and other chaotic elements.
Sign-in#
To open the door, you need to input the startup text in various languages within 60 seconds while listening to the melodious tune, but you cannot paste (annoying).
No way, I'm too inexperienced to do anything, so let's just say "Can't wait, starting now!" Why is there an extra ?pass=false in the address bar? Let's change it to true and see?
Just like that, I got the flag for the sign-in question: flag{We1C0ME-To-haCkerg@me-@Nd-EnJoY-hACk!n9-ZoZ4}
Here's a lyric from "hackergame Legendary": (from the official Writeup) This song is very nice, and everyone reading this article should loop it together.
Cat Q&A (Hackergame 10th Anniversary Edition)#
Familiar cat Q&A, familiar search technical test, familiar shouting when unable to find answers (
- In which classroom was the pre-competition lecture held the night before the Hackergame 2015 competition? (30 points) Hint: Fill in the classroom number, such as 5207, 3A101.
I searched several websites for this question, and finally found the content archive of the second information security competition at USTC (it wasn't called hackergame back then) through Hackergame's introduction page at LUG@USTC. In the competition schedule, it shows October 17, Saturday evening 19:30 3A204 Network Attack and Defense Skills Lecture. So the answer is 3A204. Just like that, a trivial question became a difficult one.
- It is well known that Hackergame has about 25 questions in total. In the Hackergame held in the last five years (excluding this year), how many people registered for the competition with the number of questions closest to this number? (30 points) Hint: It is a non-negative integer.
Looking at the introduction page of Hackergame mentioned in the first question, I counted the number of questions in each year's repository (the first few years were under the ustclug organization), and found that 2019 was the closest (28 questions). Then I threw hackergame 2019 to Gulu. I found this. So the answer is 2682.
- Which popular search term became the most searched term in the USTC library in October 2018? (20 points) Hint: It consists only of Chinese characters.
It is well known that only the cat Q&A will test library-related queries (if there are other tests, just ignore what I said).
Based on this, I directly located the Writeup for the 2018 cat Q&A and found the keyword for the library question The Self-Cultivation of Programmers, which is the answer to this question. This method of solving is somewhat coincidental and shouldn't be considered an expected solution, right?
- At this year's USENIX Security academic conference, the University of Science and Technology of China published a paper on email spoofing attacks, in which the authors proposed six attack methods and conducted experiments on how many combinations of email service providers and clients? (10 points) Hint: It is a non-negative integer.
Searching for USENIX Security USTC, USENIX Security email, USENIX USTC, etc., yielded no results, raising my blood pressure. Until later, I searched USENIX Security 2024 ustc and found a news article. The title of the paper mentioned in the question is FakeBehalf: Imperceptible Email Spoofing Attacks against the Delegation Mechanism in Email Systems. I went to Gulu to get the paper introduction link and the paper link.
But then came the second blood pressure point; the introduction of the paper stated that 16 and 20 are not the answers to the question, so I had to read the paper. After reading it back and forth, I found this paragraph under 6 Imperceptible Email Spoofing Attack (highlighted):
It mentions resulting in 336 combinations, so the answer is 336. Don't think I said this process was easy; it was very painful, and it was the second to last question I solved.
- On October 18, Greg Kroah-Hartman submitted a patch to the Linux mailing list that removed a large number of developers from the MAINTAINERS file. What is the commit ID of this patch that was merged into the Linux mainline? (5 points) Hint: The first 6 digits of the ID, in lowercase letters, such as c1e939.
Finally, we arrive at the familiar latest hot question. Because this incident was forwarded by various Telegram channels I follow, including AOSC's news article. The article directly provided the GitHub link for merging this terrible patch. So the answer is 6e90b6.
- Large language models break down input into individual tokens and continue computing. How many tokens will the HTML source code of this webpage be broken down into by Meta's Llama 3 70B model's tokenizer? (5 points) Hint: The HTML source code when this page is first opened, the answer is a non-negative integer.
I once thought of brute-forcing this question until I found Tiktokenizer later and started slacking off.
I entered incognito mode in the browser (and closed all plugins to eliminate the possibility of plugins modifying the webpage source code), used the token to enter the question website. Pressed F12 to copy the website code (right-clicking was not usable because the token was not the correct source code), and at this point, while doing other questions, I found a page for a large model and saw Tiktokenizer. Alright, I copied the website code into Tiktokenizer and got 1829, then tried a few numbers above to confirm 1833 as the correct answer.
Thus, I obtained two flags for this question: flag{4_GooD_©α7_iS_THE_c4t_ωHØ_c4n_P@ss_TH3_QuiZ} and flag{7eN_¥eαRs_of_hα©KergΛm3_ØmEd3tOบ_WI7h_ИEkO_QU12}.
Travel Photos 4.0#
Last year's 3.0 was unsuccessful, and I made a deep reflection on this. The main issue was a lack of focus. This year, after experiencing the need for concentration during PuzzleHunt, I am invincible now!
Then this year, I couldn't solve the image search question in GeekGame due to a lack of focus
LEO_CHAN? (Questions 1-2)#
Question 1: Which school gate is closer to the location where the photo was taken? (Format: X campus Y gate, both are one Chinese character)
I directly searched for the same image and learned that the image describes China Shushan Keli Kqi Innovation Station - USTC Station, then searched for the above location and found a news article, which states China Shushan Keli Kqi Innovation Station - USTC Station is located at the intersection of Jinzhai Road and Cao Ying Road, directly opposite the west gate of the East Campus of the University of Science and Technology of China.... So the answer to Question 1 is East Campus West Gate.
Question 2: By the way, when did Leo-chan last appear on the truss... at USTC's ACG concert this year? If I remember the event date correctly, what is it? (Format: YYYYMMDD)
I directly searched for USTC ACG concert and found related videos on Bilibili. I could find the USTC LEO Anime Association's account homepage through direct or indirect links. Scrolling through the dynamics, I found this post, confirming the date as 20240519.
Submitting gives flag1: flag{5UB5CR1B3_T0_L30_CH4N_0N_B1L1B1L1_PLZ_7647de202b} (In human terms: please follow LEO-chan on Bilibili, thank you meow)
FULL_RECALL (Questions 3-4)#
Question 3: What is the name of this park? (No need to fill in the city or district where the park is located)
Obvious Focusing, I noticed the trash can says "Liang'an Garden", then I just searched Liang'an Park one by one to match, and finally the answer is Central Forest Park.
Question 4: What is the name of the scenic spot where this landscape is located? (Three Chinese characters)
I directly searched for the image and found it is the Three Gorges Dam Stone. Searching for this term leads to its location at the Tanzi Ridge scenic area in Yichang.
Submitting gives flag2: flag{D3T41LS_M4TT3R_1F_R3V3RS3_S34RCH_1S_1MP0SS1BL3_f156cdbd44} (If reverse search is not possible, details are important), which fits perfectly with the method used in the second part.
OMINOUS_BELL (Questions 5-6)#
Question 5: What is the nearest hospital to the shooting location? (No need to include campus or place names, format: XXX Hospital)
Question 6: What is the model of the train in the lower left corner?
No, the adjacent GeekGame just tested railway knowledge (though I didn't solve it), why is Hackergame testing it too?
Back to the point. Both questions are on one image; searching the image directly yielded no clues, so I had to focus on the train model. I searched for the train in the image, and many results pointed to the Huai Mi model CRH6F-A. The paint scheme matched, and querying this information also revealed it is a four-car train, consistent with what was mentioned in the question about "seemingly a very iconic... four-car train?" Thus, the answer to the sixth question is out.
Searching for the Huai Mi model reveals it runs on the Beijing Suburban Railway Huairou - Miyun Line. Searching for this line, Baidu provided a highlighted map of the route, and then I analyzed the shooting angle of the image and the surrounding elements to match. Later, based on the road and three red roofs in the distance, I roughly confirmed the area (red circle), and there is a Beijing Jishuitan Hospital (green circle) nearby, which is the answer to the fifth question.
Submitting gives flag3: flag{1_C4NT_C0NT1NU3_TH3_5T0RY_4NYM0R3_50M30N3_PLZ_H3LP_1120265b41}
I must say the third set of questions was really exhausting, until later when inspiration struck, and I directly searched to get results.
Hello to CTFers Who Like Signing In#
I am Lei Jun, and I will now teach you the steps for this question. Through a series of search jumps, I found the official website of the Nebula team. I only realized while writing the Writeup that this website was listed under "Organizers". Why do I feel like I'm either doing useless work or on the path of doing useless work?
It can be seen that it is a Terminal-style webpage. Without any hesitation, I randomly typed help to see:
It provided all executable commands, so I tried them one by one (
When I tried env, we found the first flag: flag{actually_theres_another_flag_here_trY_to_f1nD_1t_y0urself___join_us_ustc_nebula}.
Then I couldn't try any further (
Looking back at the command execution record, I noticed that the output of the cat command showed a hidden file, so let's first use ls -a to see what hidden files there are (
Then I saw the hidden .flag, and ran cat .flag to get the second flag: flag{0k_175_a_h1dd3n_s3c3rt_f14g___please_join_us_ustc_nebula_anD_two_maJor_requirements_aRe_shown_somewhere_else}
Finally, while I was happily solving questions, I sudo jumped to the dragon, and you CTFers who like dragons listen up, if I see you messing with dragons again, I will remotely control the nearest Xiaomi SU7 to you!
(All content above is generated by humans)
Zero-Knowledge Sudoku#
Sudoku Expert#
As a non-computer major, I thought of solving Sudoku through websites rather than programming. Coincidentally, I found some dedicated Sudoku-solving websites while participating in Puzzle Hunt before. For example, Braised Noodles, Sudokumaker, Noq Solver. Just pick one to complete four levels of Sudoku to get a flag. (Why not show the flag? Because I don't want to write Sudoku anymore)
zk Expert#
I didn't expect this question to be a paper tiger level; the difficulty was mainly in configuring the environment and finding commands. Here’s my exploration process for this question.
I searched to understand the relevant content of zero-knowledge (and found that Sudoku is a typical example of zero-knowledge proof). I configured the basic environment according to this tutorial (for this question, I also had to install the npm circomlib package in the source code directory, otherwise, the referenced circuit wouldn't be found). Then, through Copilot, I understood its input format, modified unsolved_grid and solved_grid according to the input format example, and saved it as input.json. Then I foolishly executed setup.sh, overwriting the original sudoku.zkey and verification_key.json, and then generated the witness and signature step by step. During the operation, I found that the witness lacked a script and couldn't be generated, so I manually operated the command again, and finally generated proof.json, but when I submitted it for verification, it reported an error, which felt off.
Later, I thought if all intermediate files (referring to zkey and wasm) needed to be generated by myself, what was the purpose of providing some intermediate files in the code attachment? With this question, I revisited that article and found a command that could generate both the witness file and proof file in one go: snarkjs groth16 fullprove input.json circuit.wasm circuit_final.zkey proof.json public.json. It just happened to use the input JSON and the sudoku.wasm, sudoku.zkey provided in the question. After executing it, it generated proof.json normally, and I submitted it for verification and went home (
Flag: flag{you_are_a_5udoku_expert_and_pr0ved_your_kn0wledge_957bd00098}
By the end of the competition, only 66 people had solved this question. After sorting through the process, it wasn't complicated; it was mainly about learning principles and operations, and it felt a bit like a paper tiger.
The Box That Can't Be Opened#
I opened it with SolidWorks, but the software crashed, so I randomly found an online STL model preview website and discovered that I could see the flag by rotating the model in online frame mode.
Flag: flag{Dr4W_Us!nG_fR3E_C4D!!w0W}
Words Are Precious 3.0 / Question A#
Mainly just refer to which line reports an error and fill in the missing letters of variables/functions in that line, and it was done in seconds. It was indeed easier than last year.
Flag: flag{C0mpl3ted-Th3-Pyth0n-C0de-N0w}
Too Many Papers Daily!#
After downloading the paper, I had no clue for a day, but the next afternoon, I flipped through it again and saw that many people had solved it, feeling that it wasn't a very difficult question, so I started to tackle the paper.
On the paper webpage, I searched for flag using the browser and found hidden text in an image; pulling it out revealed the complete hidden text flag here. I thought I was looking for the flag in the hidden text, but until I grabbed a PDF editor and randomly dragged the image...
Wow! (And why is this image so blurry?)
Later, upon review, I found that this image had an unusual border, which might indicate that there was something wrong with it. Indeed, a lack of attention still requires luck to make up for it (not really).
Flag: flag{h4PpY_hAck1ng_3veRyd4y}
Comparing Big and Small Kings#
At first glance, this is a Ding Zhen script question, AI, activate! However, the generated Tampermonkey script was somewhat inefficient, and the opponent finished with only about 46 questions. So later, I had AI rewrite the console script. Interestingly, the console script still didn't win against the opponent, but it produced a flag. I feel there was a bit of luck involved.
Flag: flag{I-@M-7hE-h@CkEr-KINg-OF-Comp4RinG-NuMB3r$-ZOz4}
Attached is the console script generated by AI:
// Get the initial game data
let gameData = state.values;
let inputs = [];
let lessThanButton = document.getElementById('less-than');
let greaterThanButton = document.getElementById('greater-than');
// Use setInterval function to automatically submit an answer every 50 milliseconds
let intervalId = setInterval(() => {
// If the game has ended, clear the timer and submit the answer
if (inputs.length >= gameData.length) {
clearInterval(intervalId);
submit(inputs);
} else {
// Determine which of the two numbers is larger and simulate clicking the corresponding button
let pair = gameData[inputs.length];
if (pair[0] < pair[1]) {
lessThanButton.click();
inputs.push('<');
} else {
greaterThanButton.click();
inputs.push('>');
}
}
}, 50);
PaoluGPT / A Needle in a Haystack#
Upon seeing this question, I guessed that the flag was hidden in these chat records, but I didn't want to click each link, so I had AI write a Tampermonkey script to automatically explore all sub-paths on the webpage. Sure enough, the script found the webpage where the flag was located. When I opened the webpage, I found that I hadn't scrolled down, and simply dragging to the bottom revealed the flag.
For the second question, I tried a bit and had some clues but wasn't sure, then found it wasn't a template attack, so I gave up.
Flag: flag{zU1_xiA0_de_11m_Pa0lule!!!_a1a2048d7d}
Attached is the Tampermonkey script generated by AI:
// ==UserScript==
// @name Find Flag Links
// @namespace http://tampermonkey.net/
// @version 1.0
// @description Find links on the page that contain keywords
// @match Replace with the question environment link/*
// @grant none
// ==/UserScript==
(function() {
'use strict';
// Extract all links
const links = Array.from(document.querySelectorAll('a[href]')).map(a => a.href);
const keyword = 'flag'; // Keyword
// Find links that contain the keyword
const foundLinks = links.filter(link => {
const xhr = new XMLHttpRequest();
xhr.open('GET', link, false); // Use synchronous request
xhr.send(null);
return xhr.status === 200 && xhr.responseText.includes(keyword);
});
// Output results
if (foundLinks.length > 0) {
console.log('Found links containing the keyword:');
foundLinks.forEach(link => console.log(link));
} else {
console.log('No links containing the keyword found');
}
})();
Conclusion#
Here’s the scoring situation:
The ranking has hardly changed compared to last year. This year, I felt less familiar with Web, so I didn't score much; Math had a lower entry threshold this year, so I scored a bit more than last year; General questions had fewer easy points, still at the same level. Of course, it was a bit surprising to solve a question that less than 100 people managed to solve. But overall, as a newbie, I am still looking up to the big shots.
That's it, thank you all for reading. See you next year as a newbie!
This article was synchronized to xLog by Mix Space. The original link is https://zwh.moe/posts/moyu/hackergame-2024