Skip to content

Instantly share code, notes, and snippets.

@vampjaz
Created May 23, 2016 18:04
Show Gist options
  • Save vampjaz/76eaded2f250bef2e3b4bb125e926b28 to your computer and use it in GitHub Desktop.
Save vampjaz/76eaded2f250bef2e3b4bb125e926b28 to your computer and use it in GitHub Desktop.
most of #defconctf irc for the 2016 comp
[09:53:51] *** Joins: nwx (~nwx@159.203.213.221)
[09:54:09] *** Joins: WebIRC22009 (~9a05ae4f@d154-5-174-79.bchsia.telus.net)
[09:54:54] *** Quits: Lightning (~Lightning@legitbs.net) (Client Quit)
[09:56:11] *** Quits: mightym0 (cNGfd8PwkY@atria.uberspace.de) (Ping timeout: 252 seconds)
[09:56:18] <nwx> ಠ_ಠ
[09:57:22] *** Quits: IceGuest_78 (~IceChat78@adsl196-199-89-217-196.adsl196-11.iam.net.ma) (Ping timeout: 252 seconds)
[10:01:31] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[10:03:57] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[10:05:14] *** Quits: WebIRC31809 (~4fb6d8f9@bzq-79-182-216-249.red.bezeqint.net) (Client Quit)
[10:06:43] <TMT> how much we should watch time_sink ? :))
[10:07:19] *** Joins: WebIRC72005 (~626d2047@pool-98-109-32-71.nwrknj.fios.verizon.net)
[10:08:35] <gynophage> TMT: I dunno. You better start over from the beginning just to make sure you get an accurate timing.
[10:08:47] <espes__> i cant run it
[10:08:58] *** Joins: WebIRC87118 (~d06be726@host-38-231-107-208.midco.net)
[10:09:01] <espes__> windows is too hard
[10:09:09] <TMT> i wish i have it's source after CTF
[10:09:28] <gynophage> TMT: That'll probably happen.
[10:09:36] <rok__> whom should i ask for "feedme" challenge?
[10:09:47] <TMT> TNX :X
[10:10:47] *** Quits: zzz (~4de7d5c0@77.231.213.192) (Client Quit)
[10:11:29] <gnomus> I am stuck on all challenges.. propably should go get some sleep :D
[10:11:48] *** Joins: dddd (~4e083e98@dynamic-78-8-62-152.ssp.dialog.net.pl)
[10:12:19] *** Joins: zzz (~4de7d5c0@77.231.213.192)
[10:12:34] <gnomus> can't think straight anymore
[10:12:48] <dddd> hey, does time_sink supposed to generate access violation eception?
[10:12:54] *** Quits: cx (~Adium@189.217.214.103) (Client Quit)
[10:13:47] *** Joins: uri (~uri@248.red-213-96-13.staticip.rima-tde.net)
[10:16:26] *** Quits: sk123 (uid95049@2604:8300:100:200b:6667:1:1:7349) (Client Quit)
[10:16:35] *** Quits: WebIRC22009 (~9a05ae4f@d154-5-174-79.bchsia.telus.net) (Client Quit)
[10:17:44] *** Joins: Lightning (~Lightning@legitbs.net)
[10:17:44] *** ChanServ sets mode: +o Lightning
[10:20:53] <gynophage> Game moving too slow? There, I fixed it!
[10:20:57] <gynophage> (Unlocked badger)
[10:21:00] <gynophage> I'm so sorry.
[10:21:09] <Lightning> no your not
[10:21:52] <gynophage> you're*
[10:21:54] <gynophage> GET REKT
[10:22:11] <hj> last time I checked you're doesn't end with a *
[10:22:20] <gynophage> #DOUBLEREKT
[10:23:01] *** Joins: mightym0 (yiV2JUbKSM@atria.uberspace.de)
[10:23:21] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[10:23:27] <sirgoon> badger that name sounds familiar
[10:24:55] <gynophage> sirgoon: That's so weird!
[10:25:09] <gynophage> SO ODD I CAN'T EVEN
[10:25:25] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[10:25:33] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[10:26:10] <cai> oh you mean that challenge that we solved but couldn't solve? :p
[10:26:23] <gynophage> cai: Then it should be easy, right?
[10:26:35] <cai> i'm still distracted by another chal atm, so we'll see
[10:26:47] <nwx> stupid binary RE
[10:27:59] *** Joins: dapan (~77ca50cb@119.202.80.203)
[10:30:21] *** Joins: WebIRC35378 (~9a05ae4f@d154-5-174-79.bchsia.telus.net)
[10:30:30] *** Joins: pandoron (~pandoron@p5DDB5CBC.dip0.t-ipconnect.de)
[10:31:03] *** Quits: liikt (~liikt@p549FCD3F.dip0.t-ipconnect.de) (Ping timeout: 240 seconds)
[10:31:54] *** Joins: ltfish (~fish__@li521-79.members.linode.com)
[10:32:54] *** Joins: liikt (~liikt@p549FCD3F.dip0.t-ipconnect.de)
[10:33:30] <hj> nwx i know right if only all of challenges didn't involve re
[10:33:42] <nwx> :/
[10:33:54] *** Quits: fish__ (~fish__@li521-79.members.linode.com) (Ping timeout: 240 seconds)
[10:33:56] <dddd> will be any web this year?
[10:34:45] <SallyCroak> all the challenges are on the web
[10:35:40] <gynophage> dddd: lol, no web. Go take your sqlmap elsewhere.
[10:35:53] <dddd> just asking last year there was one web
[10:36:18] <Lightning> wasn’t that a web with cgi exploitation?
[10:36:36] <dddd> nah, there was something with ruby
[10:36:41] <SallyCroak> or kernel exploits.
[10:36:47] <dddd> dont remember exactly
[10:37:38] <gynophage> The problem with web challenges.
[10:37:47] <gynophage> "Hey, remember that really cool web challenge?" - Nobody
[10:37:59] <dddd> but, to sum up: not a single web challenge this year, right?
[10:38:14] *** Quits: WebIRC87118 (~d06be726@host-38-231-107-208.midco.net) (Client Quit)
[10:38:18] <Lightning> we didn’t say that
[10:38:21] <gynophage> I did.
[10:38:22] <gynophage> Like 4 times.
[10:38:25] <dddd> ;]
[10:38:30] <gynophage> NO
[10:38:31] <gynophage> WEB
[10:38:33] <gynophage> CHALLENGES
[10:38:41] <dddd> ok :)
[10:39:09] *** Joins: sugiken (~753744aa@em117-55-68-170.emobile.ad.jp)
[10:39:12] <dddd> then i have to tell my team mate who like webs, t go on learn some pwning, instead of waiting for webs :P
[10:39:13] <SallyCroak> but will there be any web challenges?
[10:39:47] <Lightning> while you guys are busy working i’m watching one of the guys rotate his laptop around in the air trying to get rotate events to work
[10:39:54] <Lightning> the fun we have on the back side
[10:39:56] <gynophage> SallyCroak: Sure, here: http://www.puffgames.com/flashhalo/
[10:40:13] *** Parts: sugiken (~753744aa@em117-55-68-170.emobile.ad.jp) ()
[10:40:26] *** Joins: WebIRC95042 (~753744aa@em117-55-68-170.emobile.ad.jp)
[10:40:41] <WebIRC95042> hint please, baby-re
[10:41:33] <SallyCroak> lol flash isn't web. where's the sqli?
[10:43:35] *** Joins: WebIRC87776 (~caa61d11@202.166.29.17)
[10:43:54] *** Quits: KALRONG (~kalrong@213.143.50.1) (Ping timeout: 240 seconds)
[10:44:02] <SallyCroak> ooh, someone said the third part of xkcd is xss. I'm on it!
[10:44:10] <gynophage> SallyCroak: http://lmgtfy.com/?q=inurl%3Aselect+inurl%3Afrom+inurl%3Awhere
[10:44:12] <gynophage> Enjoy.
[10:45:02] <Lightning> WebIRC95042: if it is up then no, it has over 100 solves
[10:45:54] *** Quits: Guest92 (~textual@211.170.156.176) (Client Quit)
[10:46:39] *** Quits: WebIRC87776 (~caa61d11@202.166.29.17) (Client Quit)
[10:47:00] <WebIRC95042> thanks
[10:47:05] *** Joins: p9 (~p9@2001:41d0:51:1::123b)
[10:47:11] *** Joins: Coconutz (~298d2066@41.141.32.102)
[10:47:23] <Coconutz> Is there anywhere I can find the full scoreboard ?
[10:47:40] <SallyCroak> you want the complete scoreboard?
[10:47:44] <Coconutz> yeah
[10:47:49] <Lightning> no url, we might , maybe put something out later
[10:47:57] <SallyCroak> like at /scoreboard/complete ?
[10:48:00] <Lightning> at least no url i’m aware of
[10:48:19] <Lightning> SallyCroak: is right, we had that last year. forgot about that
[10:48:41] <Coconutz> wasn't aware of /complete , thanks :)
[10:48:42] *** Joins: Algo (~8ddfafe6@plus20.postech.ac.kr)
[10:48:50] <Lightning> Coconutz: don’t feel bad, i forgot about it myself
[10:48:54] <gynophage> Lightning: we published /complete
[10:49:26] <SallyCroak> should we try to find other hidden pages on the scoreboard? :)
[10:49:42] <gynophage> SallyCroak: I guess if you want to get banned.
[10:49:44] <SallyCroak> I've heard good things about this dirbuster program
[10:50:06] *** Joins: WebIRC6929 (~70a9d8e1@112.169.216.225)
[10:50:09] *** gynophage changes topic to 'http://music.legitbs.net | Point values: https://twitter.com/LegitBS_CTF/status/733807024652193793 | Make CTF Great Again | https://2016.legitbs.net/scoreboard/complete'
[10:50:17] *** Quits: pandoron (~pandoron@p5DDB5CBC.dip0.t-ipconnect.de) (Client Quit)
[10:50:31] *** Joins: WebIRC87118 (~d06be726@host-38-231-107-208.midco.net)
[10:50:40] *** Quits: WebIRC6929 (~70a9d8e1@112.169.216.225) (Client Quit)
[10:51:56] *** Quits: Coconutz (~298d2066@41.141.32.102) (Client Quit)
[10:52:25] *** Joins: WebIRC63190 (~caa61d11@202.166.29.17)
[10:52:38] <Octothrope> :) :)
[10:53:18] *** Joins: pandoron (~pandoron@p5DDB5CBC.dip0.t-ipconnect.de)
[10:54:18] *** Quits: pandoron (~pandoron@p5DDB5CBC.dip0.t-ipconnect.de) (Client Quit)
[10:54:55] <Lightning> come on guys, there is a whole category that isn’t opened yet
[10:56:03] <nwx> https://imgur.com/c1f7nAR
[10:56:19] *** Quits: WebIRC63190 (~caa61d11@202.166.29.17) (Client Quit)
[10:56:57] <nwx> someone messed up ^
[10:57:17] *** Quits: newb (~7d83e0b2@125.131.224.178) (Client Quit)
[10:57:21] <gynophage> YES!
[10:57:22] *** Joins: KALRONG (~kalrong@helga.network118.com)
[10:57:24] <gynophage> ITS WORKING
[10:57:49] *** Joins: kiwiii (~7d83e0b2@125.131.224.178)
[10:58:10] <Lightning> and there goes the rotation of the laptop again
[10:58:19] <gynophage> We're really smart over here.
[10:58:28] <gynophage> He's rotating his laptop and poking the screen.
[10:58:36] <gynophage> I don't have the heart to tell him it's not an iPad.
[11:00:12] *** Quits: TMT (~TMT@2.146.230.71) (Client Quit)
[11:00:46] *** Quits: WebIRC64501 (~77c0bafd@119.192.186.253) (Client Quit)
[11:01:03] *** Quits: L0rdComm4ander (~Adium@2001:690:2100:1b:71c7:1c0e:8cf:334c) (Client Quit)
[11:01:53] <SallyCroak> video?
[11:02:15] *** Joins: L0rdComm4ander (~Adium@194.210.230.86)
[11:04:46] <Algo> what is the score formular?
[11:05:29] <Lightning> Algo: more solves = less points to all solvers
[11:07:23] *** Quits: asdfasdf (~7dbae6fd@125.186.230.253) (Client Quit)
[11:07:25] <SallyCroak> the web chall is too hard :-(
[11:08:17] *** Joins: stick (~stick@216.68.89.100)
[11:08:46] <hoju> https://gfycat.com/ThoughtfulShamelessChimpanzee
[11:09:26] *** Quits: WebIRC35378 (~9a05ae4f@d154-5-174-79.bchsia.telus.net) (Client Quit)
[11:12:31] *** Joins: WebIRC70842 (~7d1@2001:67c:10ec:52c7:8000::11d2)
[11:12:59] *** Joins: mourn (~johndoe@62-210-69-147.rev.poneytelecom.eu)
[11:13:39] <kiwiii> who solve heapfun4u
[11:13:45] *** Quits: wmliang (~8c7188da@NCTU-Wireless-NAT218.nctu.edu.tw) (Client Quit)
[11:14:01] <Lightning> “what is with you and keyboards shifted that way” <hand motion to the left> <other guy shifts the computer a bit to the right>
[11:15:45] *** Joins: withzombies (~ryan@45.55.194.163)
[11:15:54] <withzombies> easier isn't responding
[11:16:44] <withzombies> probably has a bunch of "this application stopped responding" popups to clear though ;)
[11:17:38] *** Quits: yingyeo (~31a5cb56@49.165.203.86) (Client Quit)
[11:17:57] *** Joins: Ninn (~rekt@130.225.98.198)
[11:18:01] <hj> kiwiii that is something that you need to be careful asking until sunday evening
[11:19:13] <gynophage> withzombies: I'll jump on and take a look.
[11:19:40] <Lightning> fixing music…
[11:19:47] *** Joins: j00ru (~j00ru@80-218-143-42.dclient.hispeed.ch)
[11:19:57] <j00ru> "easier" down?
[11:20:05] <Lightning> looking
[11:20:25] <gynophage> European easier looks like it got rebooted. Nice.
[11:20:41] <withzombies> its back now
[11:20:54] <gynophage> Europe isn't yet.
[11:21:18] <SallyCroak> more important than the europeans and their easier, what's up with music?
[11:21:39] <gynophage> Europe is back.
[11:21:42] <gynophage> Music is coming up.
[11:21:42] <j00ru> thx!
[11:22:04] <gynophage> Musiqpad daemon rebooted.
[11:22:06] <gynophage> <3
[11:22:30] <gynophage> Now, if you'll excuse me, I have a very long list of boxes that have just set xhost + to attend to.
[11:24:08] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[11:24:28] <Lightning> i’m re-adding that video for later for those that missed it
[11:24:55] <riatre> And one of these will be a VcXsrv running on Windows
[11:25:55] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[11:26:20] *** Joins: scymo (~18e433cc@ool-18e433cc.dyn.optonline.net)
[11:26:30] <gynophage> xloadimage doesn't care.
[11:26:33] <scymo> whats up bois
[11:26:55] <riatre> lol please don't load NSFW things
[11:27:18] *** Joins: IceGuest_78 (~IceChat78@105.158.152.121)
[11:27:23] *** Joins: WebIRC19244 (~7dbae6fd@125.186.230.253)
[11:29:35] *** Quits: falcon (~72a1db49@p4073-ipngn100103okayamaima.okayama.ocn.ne.jp) (Client Quit)
[11:30:15] *** Joins: jawaharlal (uid120577@id-120577.brockwell.irccloud.com)
[11:31:15] <j00ru> eu easier seems down again
[11:32:18] <scymo> how could i monetize a hacked tweetdeck
[11:32:44] <gynophage> j00ru: So many "dc.exe has stopped working" dialogs. :-p
[11:33:00] <j00ru> it would make sense to disable WER altogether
[11:33:00] <Lightning> there goes the laptop upside down
[11:33:19] <j00ru> so these dialogs don't pop up
[11:33:21] <Lightning> and he’s now folded it in half the wrong direction...
[11:33:44] <gynophage> It's up.
[11:33:47] *** Joins: valis (~valis@li269-212.members.linode.com)
[11:33:52] <gynophage> And wer is down.
[11:34:00] <j00ru> thx. :)
[11:34:04] <gynophage> Yup.
[11:34:05] <gynophage> Close?
[11:34:24] <j00ru> somewhere halfway I guess ;)
[11:34:38] *** Quits: WebIRC72294 (~daa4bb2c@218-164-187-44.dynamic.hinet.net) (Client Quit)
[11:34:46] <gynophage> Rock on dude.
[11:34:55] *** Joins: add1ct (~add1ct@203.208.200.206)
[11:34:56] *** Quits: at1as (~at1as@kurios.r4780y.com) (Remote host closed the connection)
[11:35:40] *** Joins: andy (~andy@server.galauner.de)
[11:36:02] *** Joins: lenerd (~lenerd@port-24829.pppoe.wtnet.de)
[11:36:14] *** Parts: scymo (~18e433cc@ool-18e433cc.dyn.optonline.net) ()
[11:36:49] <j00ru> is the Windows edition/version public info? I suppose no?
[11:37:54] <gynophage> At noon, if nobody has asked for it to remain private, I will publish a screenshot of winver.exe?
[11:38:03] *** Joins: at1as (~at1as@kurios.r4780y.com)
[11:38:04] <gynophage> (23 minutes for timezone stuff)
[11:38:50] *** Quits: ravencoding (~72a1db49@p4073-ipngn100103okayamaima.okayama.ocn.ne.jp) (Client Quit)
[11:39:00] <j00ru> sgtm
[11:39:33] <gynophage> Just want to leave enough time for everybody to have a say. I will say it's running on EC2. And EC2 has very few Windows AMIs, that I know of.
[11:39:33] *** Quits: kkk (~kkkk@202.120.39.99) (Client Quit)
[11:41:13] *** Joins: WebIRC24794 (~56068d05@cpc2-lewi16-2-0-cust260.2-4.cable.virginm.net)
[11:42:05] *** Joins: WebIRC70190 (~c04c1be0@3840-1.gradacc.ox.ac.uk)
[11:44:08] *** Joins: digitalseraphim (~digitalse@rrcs-72-43-234-250.nys.biz.rr.com)
[11:44:10] *** Joins: WebIRC19476 (~77ca5504@119.202.85.4)
[11:44:35] *** Joins: nebel (~nicolai@130.225.98.198)
[11:44:35] *** Joins: err0r (~err0r@dyn.144-85-128-217.dsl.vtx.ch)
[11:44:49] *** Quits: WebIRC19476 (~77ca5504@119.202.85.4) (Client Quit)
[11:45:10] *** Joins: tomandjerry (~77ca5504@119.202.85.4)
[11:45:13] <BrainInAJar> plus they cost more
[11:45:51] *** Joins: arbiter_ (uid60882@id-60882.richmond.irccloud.com)
[11:45:57] *** Quits: arbiter_ (uid60882@id-60882.richmond.irccloud.com) (Client Quit)
[11:46:08] *** Joins: arbiter_ (uid60882@id-60882.richmond.irccloud.com)
[11:47:03] *** Joins: Beluc (~58a0ed34@arg62-2-88-160-237-52.fbx.proxad.net)
[11:47:11] <Beluc> Hi
[11:47:29] <gynophage> HI!
[11:47:44] <Beluc> is there some challenges that does not imply binaries ?*
[11:47:55] <gynophage> I don't understand your question.
[11:48:01] *** gynophage sets mode: +v magichands
[11:48:12] <Beluc> I wanna challenge smth but I'm not very good at binaries stuff ;)
[11:48:30] <gynophage> Beluc: I think you might be in the wrong place.
[11:48:33] <bmc> cat /dev/random | socat?
[11:48:46] <bmc> success is possible!
[11:49:06] <tomandjerry> Isn't there any problem to the Badger challenge?
[11:49:16] <gynophage> Hmm?
[11:49:38] <gynophage> Testing badger's exploit across the ARs.
[11:49:40] <gynophage> Just a sec.
[11:50:09] <Beluc> gynophage: what do you mean wrong place ?
[11:50:18] *** Joins: Guest92 (~textual@210.99.30.195)
[11:50:23] <gynophage> Beluc: I mean this isn't the right game for you.
[11:50:33] <Beluc> ah ok :)
[11:50:37] <Beluc> too bad
[11:50:43] <gynophage> Go level up your binary analysis with the baby's first.
[11:50:51] <gynophage> Or go watch time_sink.
[11:51:01] <Beluc> ok
[11:51:08] <Beluc> i will give a try
[11:51:37] <Beluc> tx u
[11:52:02] <gynophage> badger confirmed working us-east.
[11:52:10] <gynophage> badger confirmed working europe.
[11:52:49] <gynophage> badger confirmed working asia pacific.
[11:52:58] *** Quits: WebIRC95042 (~753744aa@em117-55-68-170.emobile.ad.jp) (Client Quit)
[11:52:59] <gynophage> (Exploit thrown against all 3)
[11:53:06] *** Joins: scifi (~2a74062c@42.116.6.44)
[11:53:19] <tomandjerry> Thx gynophage
[11:53:27] <gynophage> No problem tomandjerry
[11:54:07] <BrainInAJar> at least being able to do *some* binary analysis is crucial for like, everything in the scene.
[11:54:40] <Beluc> $ wine time_sink.exe
[11:54:40] <Beluc> wine: Unhandled page fault on execute access to 0x7ffdf000 at address 0x7ffdf000 (thread 0009), starting debugger...
[11:54:40] <Beluc> err:dbghelp_msc:pe_load_debug_directory Got a page fault while loading symbols
[11:54:44] <Beluc> normal ?
[11:56:37] <Lightning> Beluc: if attempting to use wine, yes. It is trying to find things wine doesn’t support
[11:57:49] <Beluc> Lightning: tx, I will try unix one so ;)
[11:58:20] <BrainInAJar> xkcd is p. easy
[11:59:27] <IceGuest_78> hard
[11:59:30] <BrainInAJar> the downside is it's amd64, so if you want to use IDA you either need to (have your employer) pay for it, or steal it, because the free demo won't load it
[12:00:05] <BrainInAJar> you could bang your head against the wall with r2 too, i guess. I'm too dumb for radare2
[12:00:15] <gynophage> Or fucking disas main with gdb.
[12:00:18] <gynophage> It's like 2 function calls.
[12:00:31] <BrainInAJar> never!
[12:01:02] <gynophage> https://usercontent.irccloud-cdn.com/file/XB52Gxr3/Screen%20Shot%202016-05-21%20at%2011.59.33%20AM.png
[12:01:20] <gynophage> j00ru: Gynvael tylerni7 cai withzombies
[12:01:22] <gynophage> ^^
[12:01:26] <j00ru> :D
[12:01:31] <j00ru> useful, thx
[12:01:45] <Gynvael> yaaay ;)
[12:02:15] *** Quits: dddd (~4e083e98@dynamic-78-8-62-152.ssp.dialog.net.pl) (Client Quit)
[12:04:24] *** gynophage changes topic to 'http://2016.legitbs.net/scoreboard/complete | easier: https://usercontent.irccloud-cdn.com/file/XB52Gxr3/Screen%20Shot%202016-05-21%20at%2011.59.33%20AM.png | http://music.legitbs.net'
[12:04:25] *** Quits: icernica (~56228632@86.34.134.50) (Client Quit)
[12:04:59] *** Quits: vap0r (~d06be726@host-38-231-107-208.midco.net) (Client Quit)
[12:10:18] *** Quits: Algo (~8ddfafe6@plus20.postech.ac.kr) (Client Quit)
[12:10:22] <WebIRC81467> Can I get some help for getting 'badger' to run? I'm getting an "Couldn't get peername: Socket operation on non-socket" error :-(
[12:10:50] *** Joins: kkk (~kkkk@101.87.235.99)
[12:11:07] *** Quits: nayryan (~ryan@162-231-143-126.lightspeed.cicril.sbcglobal.net) (Ping timeout: 252 seconds)
[12:12:12] *** Joins: Algo (~8ddfafe6@plus20.postech.ac.kr)
[12:12:22] <gynophage> WebIRC81467: When you run it locally?
[12:13:22] *** Quits: Algo (~8ddfafe6@plus20.postech.ac.kr) (Client Quit)
[12:13:47] <WebIRC81467> yes
[12:13:48] <gynophage> (Am I racist because I assume anybody with a WebIRC* nick is a newb?)
[12:13:56] <gynophage> WebIRC81467: Is standard in a socket?
[12:13:58] <WebIRC81467> (probably)
[12:14:25] <gynophage> What does it do to standard in?
[12:14:43] <gynophage> And if you say "I don't know, I just downloaded it and ran it," I've got another challenge for you.
[12:15:21] <gynophage> http://downloads.shallweplayaga.me/totallynotcryptolocker.exe
[12:15:41] *** Joins: rrddd (~b764d5a3@183.100.213.163)
[12:15:56] <WebIRC81467> Ty, finally a windows challenge that I can run on my real machine
[12:20:14] *** Quits: MrMan (~5541b722@85.65.183.34.dynamic.barak-online.net) (Client Quit)
[12:21:24] *** Quits: lenerd (~lenerd@port-24829.pppoe.wtnet.de) (Ping timeout: 240 seconds)
[12:23:27] *** Quits: Beluc (~58a0ed34@arg62-2-88-160-237-52.fbx.proxad.net) (Client Quit)
[12:23:46] *** Quits: Guest92 (~textual@210.99.30.195) (Client Quit)
[12:24:52] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[12:24:52] *** Joins: nayryan (~ryan@162-231-143-126.lightspeed.cicril.sbcglobal.net)
[12:25:42] *** Joins: cebrusfs (~cebrusfs@icpc.csie.ntu.edu.tw)
[12:26:26] *** Joins: bigred (~d8445964@216.68.89.100)
[12:27:46] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[12:29:09] <enen> gynophage: you just won the best troll of dcq2016 award, how does it feel champ?
[12:29:58] <gynophage> SO many people with X11 forwarding open.
[12:30:05] *** Joins: tyega (~tyega@www19456ue.sakura.ne.jp)
[12:30:43] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[12:32:23] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[12:33:09] *** Quits: kishor (~Kishor@c-73-231-85-91.hsd1.ca.comcast.net) (Client Quit)
[12:33:58] *** Quits: digitalseraphim (~digitalse@rrcs-72-43-234-250.nys.biz.rr.com) (Read error: Connection reset by peer)
[12:34:35] <[SpamAndHex]KT> hi all! we have locally working exploits for multiple challenges, but it does not work remotely? is execve /bin/sh blocked intentionally?
[12:34:43] *** Quits: WebIRC95558 (~8ff8ebd3@143.248.235.211) (Client Quit)
[12:34:59] <gynophage> [SpamAndHex]KT: I'm almost certain your shell code is bad.
[12:35:09] <[SpamAndHex]KT> ROP chain, open + read + write works
[12:35:23] <[SpamAndHex]KT> i mean we are using ROP chain, not shellcode
[12:35:41] <[SpamAndHex]KT> and if we change the ROP chain to a open + read + write one, then it works
[12:35:43] <gynophage> There is no block on execve. Why don't you tell me if /bin/sh
[12:35:45] *** Joins: WebIRC95558 (~8ff8ebd3@143.248.235.211)
[12:35:46] <gynophage> is special.
[12:37:58] *** Quits: tyega (~tyega@www19456ue.sakura.ne.jp) (Remote host closed the connection)
[12:39:45] *** Joins: hexa- (~hexa-@freifunk/darmstadt/hexa-)
[12:41:36] *** Joins: autolycos (~6f570996@111.87.9.150)
[12:42:00] *** Quits: zzoru (~zzoru@143.248.230.88) (Ping timeout: 252 seconds)
[12:43:07] *** gynophage changes topic to 'http://music.legitbs.net | Point values: https://twitter.com/LegitBS_CTF/status/733807024652193793 | Make CTF Great Again | https://2016.legitbs.net/scoreboard/complete | pwnables have busybox -> /bin/sh. Your execve shell code is probably broken.'
[12:44:43] *** Joins: breadsticks (~breadstic@64.184.102.169)
[12:45:24] *** Quits: nayryan (~ryan@162-231-143-126.lightspeed.cicril.sbcglobal.net) (Ping timeout: 240 seconds)
[12:46:37] *** Quits: BrainInAJar (~ae067a03@S0106c056276078b0.vc.shawcable.net) (Client Quit)
[12:46:52] <mourn> gynophage: the badger's uart isn't supposed to respond as-is ?
[12:46:57] *** Quits: kiwiii (~7d83e0b2@125.131.224.178) (Client Quit)
[12:47:15] *** Joins: heapheap (~7d83e0b2@125.131.224.178)
[12:47:20] <heapheap> ah...
[12:47:26] <heapheap> heapfun drving me crazy..
[12:47:55] *** Joins: WebIRC2227 (~25b61ae9@net-37-182-26-233.cust.vodafonedsl.it)
[12:48:09] <WebIRC2227> feedme is down. Could you fix it?
[12:48:19] <leonidaz0r> hi @[SpamAndHex]KT
[12:49:10] *** Joins: BrainInAJar (~ae067a03@S0106c056276078b0.vc.shawcable.net)
[12:50:17] <gynophage> mourn: We have a working exploit for badger that we just tested against all availability regions.
[12:50:21] *** Quits: breadsticks (~breadstic@64.184.102.169) (Ping timeout: 252 seconds)
[12:50:36] <gynophage> WebIRC2227: Looking at feedme.
[12:50:52] <gynophage> feedme us-east was under excessive load.
[12:50:54] <gynophage> Should be working.
[12:52:06] <espes__> gynophage: now you tell us
[12:52:14] <mourn> gynophage: ok, i'll try harder
[12:52:52] <gynophage> espes__: most teams had working open();read();write() payloads. You *could* have figured it out with those. Or not just leaned on ROPgadget.py's broken ass shell code.
[12:53:17] *** Joins: PPRCHBC_hex (~47add104@71.173.209.4)
[12:53:22] <WebIRC2227> it's hard to solve feedme with this lag
[12:53:33] <gynophage> "Hard"
[12:53:40] <dave0x6d> gynophage: or radare2
[12:53:47] <gynophage> OHH MAN GUISE, IT'S SO FUCKING HARD TO LET A SCRIPT RUN
[12:54:12] *** Joins: zzoru (~zzoru@143.248.230.88)
[12:54:38] <gynophage> sirgoon's doing yard work.
[12:54:46] <gynophage> He laughs at your silly script runtimes.
[12:54:58] <PPRCHBC_hex> kinda new to this, this isn't like the other two CTFs I've done, how are we supposed to open the files? Notepad is mostly garbage with a little text
[12:55:24] *** Joins: breadsticks (~breadstic@64.184.102.169)
[12:55:48] *** Quits: WebIRC87118 (~d06be726@host-38-231-107-208.midco.net) (Client Quit)
[12:56:03] *** Joins: WebIRC57496 (~43a157db@c-67-161-87-219.hsd1.wa.comcast.net)
[12:56:24] <dave0x6d> PPRCHBC_hex: any hex editor.
[12:56:35] <SallyCroak> just rename the files and add a .exe and you can run them
[12:56:36] <[SpamAndHex]KT> <leonidaz0r>: hey :)
[12:56:43] <PPRCHBC_hex> ookay, thanks dave
[12:56:46] <dave0x6d> SallyCroak: how do i do that on mac?
[12:56:52] <gynophage> PPRCHBC_hex: What did you play before?
[12:57:00] <dave0x6d> gynophage: web stuff I assume
[12:57:07] <PPRCHBC_hex> pactf and a little bit of hsctf
[12:57:14] <PPRCHBC_hex> didn't get very far but it was fun
[12:57:25] <SallyCroak> oh, I think most of these are for windows 98. at least that's what I'm using
[12:57:51] <dave0x6d> afaik this is the most popular hex editor on Windows? https://www.x-ways.net/winhex/
[12:57:55] <PPRCHBC_hex> time for a virtual machine then..
[12:57:59] <PPRCHBC_hex> thanks dave
[12:58:04] <dave0x6d> PPRCHBC_hex: no, you don't need a VM for this.
[12:58:09] <dave0x6d> what OS are you running?
[12:58:17] <PPRCHBC_hex> he said most of it was for windows98
[12:58:25] <dave0x6d> he was joking.
[12:58:25] <PPRCHBC_hex> I'm on Windows 10
[12:58:32] <PPRCHBC_hex> oh...
[12:58:35] <dave0x6d> there is definitely hex editors for windows 10.
[12:58:52] *** Quits: WebIRC57496 (~43a157db@c-67-161-87-219.hsd1.wa.comcast.net) (Client Quit)
[12:58:53] <SallyCroak> you just need 88 more windows if you've already got 10
[12:59:03] *** Joins: digitalseraphim (~digitalse@rrcs-72-43-234-250.nys.biz.rr.com)
[12:59:05] <PPRCHBC_hex> darn
[12:59:17] <PPRCHBC_hex> I guess I'll need to install some more ram then
[12:59:23] <dave0x6d> why not download it?
[12:59:37] <PPRCHBC_hex> good idea
[12:59:41] <dave0x6d> http://downloadmoreram.com/
[12:59:47] <PPRCHBC_hex> lol
[12:59:57] <gynophage> lololol
[13:00:03] <gynophage> "Segfault at 0 in /bin/sh"
[13:00:10] <gynophage> STAHP
[13:00:12] *** Joins: WebIRC58077 (~a29@2601:14c:4400:32cf:bc5c:15b:a43:5db5)
[13:00:24] <dave0x6d> gynophage: stop mocking us :p
[13:00:38] <gynophage> execve("/bin/sh", NULL, NULL) will do that.
[13:00:53] <gynophage> execve("/bin/sh", "/bin/sh", NULL) is love, execve("/bin/sh", "/bin/sh", NULL) is life.
[13:01:28] <[w33]Luwenth> I am slowly getting to enjoy radare2. save me.
[13:01:31] <tylerni7> execve("/bin/sh", "/bin/sh", "/bin/sh", "/bin/sh", NULL), just to be safe
[13:01:36] <hj> to be fair shouldn't it be execve("/bin/sh", {"/bin/sh", NULL}, NULL)
[13:02:42] <xiao> radare2 is the best, colorblind people wouldn't understand.
[13:03:05] <[w33]Luwenth> I'm so old my monitor is B&W, I didn't know it had colors *cries*
[13:03:33] <tylerni7> colorblind people can understand binary ninja, it has a color-blind mode
[13:03:48] *** Joins: lolz (~7cf8ddba@124.248.221.186)
[13:04:08] <[w33]Luwenth> wut is binary ninja? binary.ninja?
[13:04:14] <xiao> They will never know the pleasure of holding in "R" in visual mode
[13:04:50] <gynophage> [w33]Luwenth: Binary.ninja is pretty cool.
[13:04:54] <dave0x6d> it is indeed.
[13:05:04] <dave0x6d> it works on baby-re nicely.
[13:05:11] <gynophage> SUPER nicely.
[13:05:16] <xiao> >Please complete the security check to access binary.ninja
[13:05:18] <dave0x6d> doesn't make my eyes bleed either.
[13:05:21] <xiao> Much security.
[13:05:35] <dave0x6d> xiao: cloudflare, no?
[13:05:49] <xiao> Yes
[13:05:53] <gynophage> psifertex: Looks like you're about to get some beta requests. :-p
[13:05:58] *** Joins: rr (~734a51f1@115.74.81.241)
[13:06:10] *** Joins: Algo (~8ddfafe6@plus20.postech.ac.kr)
[13:06:13] <gynophage> verylazyguy: Complete scoreboard view no longer requires authentication.
[13:06:37] *** Joins: selir (~selir@50-89-219-191.res.bhn.net)
[13:06:53] <[w33]Luwenth> Hahahah... it does look sweet. :)
[13:06:58] *** gynophage sets mode: +o selir
[13:07:52] <sirgoon> selir!
[13:07:56] *** ChanServ sets mode: -vvvv zardus psifertex tylerni7 verylazyguy
[13:07:57] *** ChanServ sets mode: -vvvo magichands computerality bmc thing2
[13:07:57] -ChanServ- gynophage set flags +O on selir
[13:07:57] *** ChanServ sets mode: -v sewilton
[13:09:12] *** Quits: PPRCHBC_hex (~47add104@71.173.209.4) (Client Quit)
[13:11:58] *** Joins: lenerd (~lenerd@p5DC6DC56.dip0.t-ipconnect.de)
[13:12:05] <vito> i get a bit weirded out when i see gynophage typing but nothing shows up here
[13:12:58] <dave0x6d> vito: he's rooting your box.
[13:13:21] <gynophage> He could punch me.
[13:13:33] <gynophage> I'm sitting like 2 feet from him.
[13:13:37] <dave0x6d> you could punch him first.
[13:13:52] <dave0x6d> better to be safe then sorry.
[13:14:05] <gynophage> But I like him. He's pretty cool.
[13:14:12] <gynophage> And he makes there be a scoreboard.
[13:14:21] <vito> and chairs
[13:14:52] <gynophage> I'm still sitting on a square toilet.
[13:16:08] <dave0x6d> not for long!
[13:17:09] <dave0x6d> what the hell, I can't make forks private on github?
[13:17:32] <vito> you can if you sever the link
[13:17:35] *** Joins: rms (~b764d5a3@183.100.213.163)
[13:17:39] <vito> i.e. clone it locally and push it to a new private repo
[13:17:52] <stypr> omg
[13:17:57] <heapheap> is there serious problem for me, if i can't solve heapfun4u during last 17 hours?
[13:18:18] <dave0x6d> vito: yeah I know, but I wanted to be lazy since I'm going to be making a PR tomorrow.
[13:19:04] *** Quits: WebIRC70190 (~c04c1be0@3840-1.gradacc.ox.ac.uk) (Client Quit)
[13:20:10] <vito> oh and make the fork public tomorrow?
[13:20:13] <vito> then just don't push it i guess
[13:20:18] <vito> or push it to a new forked repo
[13:20:21] <[w33]Luwenth> heapheap: No more than my serious problem looking at feedme and understanding what I am going to need to do, but still being unable to figure it out since last night.
[13:20:27] <[w33]Luwenth> I'll get it, maybe next week though.
[13:20:31] <vito> git's nice because of immutable storage like that
[13:20:49] <[w33]Luwenth> (I'm also learning new tools, because I never get time between these quals to actuall go learn more of this stuff *cries some more*
[13:21:04] <dave0x6d> should I be calling my write-ups defcon2016-quals, or should I refer to them as legitbs2016?
[13:22:26] <vito> former's a good choice
[13:22:32] *** Quits: rr (~734a51f1@115.74.81.241) (Client Quit)
[13:22:34] <vito> this won't be the only game we run this year
[13:22:45] *** Joins: ak (~add1ct@203.208.200.206)
[13:23:06] <[w33]Luwenth> vito: oh? That sounds good...
[13:23:19] <vito> because we run one in august too
[13:23:28] <gynophage> SPOILERS: ITS IN VEGAS
[13:23:52] <vito> lol he literally just said he wasn't gonna be a dick
[13:23:54] <[w33]Luwenth> Dammit. I thought you meant another quals
[13:24:01] <gynophage> It kinda is.
[13:24:04] <gynophage> For 2017 finals.
[13:24:05] *** Quits: add1ct (~add1ct@203.208.200.206) (Ping timeout: 252 seconds)
[13:24:09] <[w33]Luwenth> bitch :)
[13:24:32] <vito> https://scienceissexydotcom.files.wordpress.com/2014/03/tim-and-eric_mind-blown_sis1.gif
[13:24:33] *** Joins: nizzedd (er@2001:470:5a98:11:995b:a999:5fa4:1699)
[13:24:47] * gynophage slaps [w33]Luwenth around a bit with a large crocodile shark
[13:24:52] <vito> http://25.media.tumblr.com/015b90b4b557896bf8c04f0e3cc1d1ec/tumblr_mgp533fVam1rt8i4vo1_500.gif
[13:26:19] <[w33]Luwenth> Oh! Cute little crocosharkie!
[13:27:07] <gynophage> irc cloud doesn't use large trout?
[13:27:12] *** Parts: nizzedd (er@2001:470:5a98:11:995b:a999:5fa4:1699) ()
[13:27:33] * gynophage slaps me around a bit with a large squarehead catfish
[13:27:35] * gynophage slaps me around a bit with a large swampfish
[13:27:35] * gynophage slaps me around a bit with a large stickleback
[13:27:38] <gynophage> Dumb.
[13:27:45] *** Quits: w0 (~w0@37.228.235.175) (Ping timeout: 252 seconds)
[13:30:15] *** Quits: WebIRC2227 (~25b61ae9@net-37-182-26-233.cust.vodafonedsl.it) (Client Quit)
[13:30:31] * vito slaps bass around a bit with a large blackchin
[13:30:43] <vito> playing the seinfeld theme with a large blockchain
[13:31:28] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[13:31:29] <BrainInAJar> so the next note takes at least 60 seconds to be confirmed before you can play it
[13:31:58] <vito> takes you twenty minutes to get good confirmation for skull trumpet
[13:32:05] <gynophage> BrainInAJar: I mean, you've had 1 month.
[13:32:08] <gynophage> Or 2?
[13:32:08] <vito> and uses more electricity than las vegas does in a year
[13:32:24] <gynophage> Since April 1.
[13:33:16] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[13:33:37] *** Joins: tyega (~tyega@www19456ue.sakura.ne.jp)
[13:33:39] <gynophage> Ohh wow, completely miss that.
[13:33:41] <gynophage> missed*
[13:33:44] <gynophage> whoosh.
[13:33:44] *** Quits: tyega (~tyega@www19456ue.sakura.ne.jp) (Remote host closed the connection)
[13:34:02] *** Joins: w0 (~w0@37.228.235.175)
[13:35:55] *** Joins: Mutter (~Mutter@c-67-182-246-88.hsd1.ut.comcast.net)
[13:35:58] *** Joins: BitK (~philip_l@bi.tk)
[13:36:29] *** Mutter is now known as anothermother
[13:37:45] *** Quits: anothermother (~Mutter@c-67-182-246-88.hsd1.ut.comcast.net) (Remote host closed the connection)
[13:38:01] *** Quits: autolycos (~6f570996@111.87.9.150) (Client Quit)
[13:38:09] <Murmus> that skip was amazing
[13:38:18] *** Quits: kkk (~kkkk@101.87.235.99) (Client Quit)
[13:40:19] *** Joins: WebIRC70190 (~c04c080d@client-8-13.eduroam.oxuni.org.uk)
[13:40:36] *** Joins: tyega (~tyega@www19456ue.sakura.ne.jp)
[13:40:36] *** Joins: stuart091 (~user@208.167.254.26)
[13:40:58] <[w33]Luwenth> 'mouth silence' is a good name for this album. He should have practiced that while recording it.
[13:41:35] <vito> you take that back you bastard
[13:42:05] <vito> it's the sequel to mouth sounds, the album in which he imagined a world where all music was smash mouth
[13:42:16] <vito> (mouth silence imagines a world where smash mouth never existed)
[13:43:42] *** Quits: jawaharlal (uid120577@id-120577.brockwell.irccloud.com) (Client Quit)
[13:44:27] <Lightning> we have such a wide and varied view of things to play
[13:44:35] <Lightning> 3 DJs rotating makes it interesting
[13:45:07] <[w33]Luwenth> Yeah, this is almost as entertaining as my pandora playlist which is a bit schizophrenic.
[13:45:15] <dave0x6d> dear god, I timed my solution for baby-re and it takes frigging 8 minutes.
[13:45:36] <[w33]Luwenth> If it get's 'er done, who cares? :)
[13:45:45] <Lightning> i’m resisting from adding random annoying videos like nyan cat
[13:45:59] <Lightning> afraid hoju will slap my hands and remove DJ
[13:46:02] <gynophage> dave0x6d: Stop obsessing. The past is past.
[13:46:40] <dave0x6d> gynophage: hah true, I'm throwing my code in an examples repo though. Whatever I guess. =)
[13:47:03] *** Joins: t1deman (~t1deman@173-21-155-204.client.mchsi.com)
[13:47:06] *** Parts: t1deman (~t1deman@173-21-155-204.client.mchsi.com) ()
[13:47:09] *** Joins: t1deman (~t1deman@173-21-155-204.client.mchsi.com)
[13:47:55] <[w33]Luwenth> You can always put a typical 'optimization is left as an exercise for the reader' math-teacher style.
[13:49:53] <gynophage> A 6 minute solve beats most of the solve times for the challenge.
[13:50:06] <gynophage> So, why?
[13:50:21] *** Joins: cd80 (~7941369c@121.65.54.156)
[13:50:32] <cd80> whom should i ask for badger?
[13:50:34] *** Quits: zzoru (~zzoru@143.248.230.88) (Ping timeout: 252 seconds)
[13:50:34] <dropkick> shit where has music.legitbs.net been my whole life
[13:50:54] <Lightning> hope you are enjoying the random assortment of 3 DJs that don’t agree :)
[13:51:29] <gynophage> cd80: What's up?
[13:51:39] <cd80> will pm, thanks
[13:52:07] *** Quits: tyega (~tyega@www19456ue.sakura.ne.jp) (Remote host closed the connection)
[13:55:54] *** Joins: bic (~446e4151@ip68-110-65-81.ph.ph.cox.net)
[13:56:08] *** Quits: ling (~ling@li763-200.members.linode.com) (Remote host closed the connection)
[13:56:29] *** Quits: bic (~446e4151@ip68-110-65-81.ph.ph.cox.net) (Client Quit)
[13:56:30] *** Joins: ling (~ling@li763-200.members.linode.com)
[13:57:38] *** Quits: okaji39 (~7537441b@em117-55-68-27.emobile.ad.jp) (Client Quit)
[13:58:11] <Lightning> food arrived, we are all going to eat and ignore you peeps :)
[13:58:45] *** Joins: WebIRC57496 (~43a157db@c-67-161-87-219.hsd1.wa.comcast.net)
[13:59:01] <[w33]Luwenth> I love this track!!! :)
[13:59:05] <[w33]Luwenth> spaghetti!
[14:00:59] *** Quits: WebIRC57496 (~43a157db@c-67-161-87-219.hsd1.wa.comcast.net) (Client Quit)
[14:01:54] *** Joins: kalax (c188270a@m-c.clients.kiwiirc.com)
[14:03:41] <Lightning> i couldnt resist
[14:04:15] *** Joins: tyega (~tyega@www19456ue.sakura.ne.jp)
[14:05:41] *** Joins: WebIRC57496 (~43a157db@c-67-161-87-219.hsd1.wa.comcast.net)
[14:06:20] *** Quits: rhydis (~rhydis@anon-32-153.vpn.ipredator.se) (Ping timeout: 252 seconds)
[14:08:20] <dropkick> how the shit do these ppl not die laughing while performing
[14:08:39] <Lightning> they all got it out months before :)
[14:09:43] *** Joins: anotherctfer (~d8a94d9c@216.169.77.156)
[14:11:16] <[SpamAndHex]KT> any tip on running time_sink without getting access violations?
[14:11:30] <gynophage> [SpamAndHex]KT: Don't run it in Wine?
[14:11:38] <[SpamAndHex]KT> i am running on Windows 7
[14:11:42] <gynophage> VM?
[14:11:47] <[SpamAndHex]KT> yep
[14:11:49] *** Quits: tyega (~tyega@www19456ue.sakura.ne.jp) (Remote host closed the connection)
[14:11:50] <gynophage> lol
[14:11:53] <gynophage> Don't do that either.
[14:11:53] <anotherctfer> when I run badger I get: "Couldn't get peername: Socket operation on non-socket"
[14:12:05] <gynophage> anotherctfer: Are you running it locally? Is stdin a socket?
[14:12:08] <[SpamAndHex]KT> gynophage: will it format my harddrive? :D
[14:12:15] <anotherctfer> lol
[14:12:20] <Lightning> it is a time sink…
[14:12:22] <gynophage> [SpamAndHex]KT: It requires DX11. I promise you it doesn't have any malicious code.
[14:12:44] <gynophage> We're not fucking DC949.
[14:12:48] * gynophage rolls his eyes
[14:12:50] <anotherctfer> lmao
[14:13:19] <gynophage> I mean, I'm having fun popping X windows on people's boxes, but that's because they're setting xhost +...
[14:13:26] <[SpamAndHex]KT> thx :D
[14:13:34] <gynophage> Running?
[14:15:41] *** Joins: autolycos (~6f570996@111.87.9.150)
[14:16:53] <anotherctfer> is there something I need to include to get badger to run for peername?
[14:17:08] <scifi> who can i ask about time sink chall ??
[14:17:37] *** Quits: aradia (~aradia@cblmdm170-253-150-190.maxxsouthbb.net) (Ping timeout: 252 seconds)
[14:17:44] *** Joins: rhydis (~rhydis@anon-63-70.vpn.ipredator.se)
[14:17:49] <gynophage> anotherctfer: Yes. stdin needs to be a socket.
[14:18:03] <anotherctfer> ok
[14:18:14] <anotherctfer> thanks!
[14:18:27] <[SpamAndHex]KT> <gynophage> sadly no, it does not crash on a real PC, but it does not do anything
[14:18:33] <Lightning> scifi: what about it?
[14:18:37] <Lightning> you can pm if need be
[14:18:42] <gynophage> [SpamAndHex]KT: Got DX11?
[14:19:37] *** Quits: autolycos (~6f570996@111.87.9.150) (Client Quit)
[14:19:51] <[SpamAndHex]KT> dxdiag says i have
[14:20:55] *** Joins: aradia (~aradia@cblmdm170-253-150-190.maxxsouthbb.net)
[14:21:24] <gynophage> Chat with Lightning
[14:21:32] *** Parts: hexa- (~hexa-@freifunk/darmstadt/hexa-) (WeeChat 1.5)
[14:23:10] *** Quits: kalax (c188270a@m-c.clients.kiwiirc.com) (Client Quit)
[14:24:30] *** Quits: WebIRC70842 (~7d1@2001:67c:10ec:52c7:8000::11d2) (Client Quit)
[14:26:00] <computerality> is easier down?
[14:27:40] <gynophage> computerality: Restarted in all ARs.
[14:27:57] <computerality> thnx
[14:28:23] *** Joins: joemalone (~5449cb3c@84-73-203-60.dclient.hispeed.ch)
[14:29:31] <gynophage> computerality: Thanks for the heads up.
[14:30:06] *** Joins: mandlebro (~ben@2001:690:2100:1b:4450:4ae:18d5:2041)
[14:30:55] <nwx> every. single. ctf... https://imgur.com/4VHlKTq
[14:31:20] *** gynophage sets mode: +b IceGuest_78!*@*
[14:31:25] *** IceGuest_78 was kicked by gynophage (IceGuest_78)
[14:31:27] <vito> IceGuest_78 is so low energy. Needs help for xkcd. Sad!
[14:31:47] <gynophage> You're not the first to report that.
[14:31:56] <soen> justice is swift and hilarious
[14:32:58] <mandlebro> hey guys
[14:33:00] <mandlebro> wat up
[14:33:19] *** Joins: daniel-wer (~8d594bb5@75-181.wlan.rz.uni-potsdam.de)
[14:33:20] <Lightning> hi mandlebro
[14:34:08] <mandlebro> any crypto challs coming up?
[14:34:47] *** Quits: nebel (~nicolai@130.225.98.198) (Read error: No route to host)
[14:34:53] <gynophage> easier
[14:36:45] *** Quits: ling (~ling@li763-200.members.linode.com) (Remote host closed the connection)
[14:37:06] *** Joins: ling (~ling@li763-200.members.linode.com)
[14:40:26] *** Quits: packetwalker (~packetwal@70-139-213-61.lightspeed.cyprtx.sbcglobal.net) (Ping timeout: 252 seconds)
[14:41:35] <vito> AAAAUUUUGGGGHHHHH
[14:42:21] *** Joins: jhuzlxw (~jhuzlxw@192.95.u.lmu)
[14:42:32] *** Joins: dahlukeh (~luke@user-31-175-40-2.play-internet.pl)
[14:44:23] *** Quits: ecto_ (~ecto@cpc72751-sgyl32-2-0-cust605.18-2.cable.virginm.net) (Client Quit)
[14:44:29] *** Quits: WebIRC72005 (~626d2047@pool-98-109-32-71.nwrknj.fios.verizon.net) (Client Quit)
[14:46:59] *** Joins: WebIRC7032 (~c2dcb87b@194.220.184.123)
[14:47:01] *** Joins: zzoru (~zzoru@143.248.230.88)
[14:47:09] *** WebIRC7032 is now known as nerder[fuffateam]
[14:47:34] *** Joins: TMT (~TMT@5.210.33.114)
[14:47:58] <Murmus> aw, am I not doing well enough to have people asking me for flags?
[14:48:27] <gynophage> If you have to ask...
[14:48:29] *** Joins: WebIRC15955 (~5d22bb9e@93-34-187-158.ip51.fastwebnet.it)
[14:49:23] <mx_> Murmus: what's the flag of jamaica?
[14:49:25] <dave0x6d> what's the twitter handle again for the competition?
[14:49:33] <Murmus> ooh, I know this one.
[14:49:36] <Murmus> It's green, right?
[14:49:45] <dave0x6d> with colors right?
[14:49:50] <Murmus> yeah, like that
[14:49:52] <mx_> it has green in it, almost there!
[14:50:13] *** Quits: WebIRC81467 (~7d1@2001:67c:10ec:52c7:8000::2ee) (Client Quit)
[14:50:41] <vito> dave0x6d: is it legitbs_ctf ?
[14:52:11] *** Joins: WebIRC7202 (~4b36d86a@75-54-216-106.lightspeed.mlpsca.sbcglobal.net)
[14:53:07] *** Joins: WebIRC87118 (~d06be726@host-38-231-107-208.midco.net)
[14:53:36] *** Joins: Pyxel (~446564bd@ip68-101-100-189.oc.oc.cox.net)
[14:53:47] <dave0x6d> thanks.
[14:55:04] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[14:55:50] *** Quits: zzoru (~zzoru@143.248.230.88) (Ping timeout: 252 seconds)
[14:55:59] <Lightning> i think we are heading down the weird video avenue
[14:56:18] <gynophage> TOOT TOOT
[14:56:35] <SallyCroak> it's about time, I'm tired of the boring vids
[14:57:03] <ReidB> Any hints for catwestern?
[14:57:06] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[14:57:54] *** Joins: stick_ (~stick@216.68.89.100)
[14:58:08] <gynophage> ReidB: You did it wrong. It's cat western
[14:58:19] <gynophage> Make sure you have a file named western in the current directory.
[14:58:25] <ReidB> Damn it, that fixed it, thanks!
[14:58:29] *** Joins: hexife (~dc751451@220.117.20.81)
[14:58:43] <SallyCroak> that makes so much more sense! I thought it was catwe stern
[14:59:22] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[14:59:37] *** Joins: vap0r (~d06be726@host-38-231-107-208.midco.net)
[14:59:52] <gynophage> No, we've got a howard stern binary.
[15:00:07] <gynophage> I can see how it's confusing, catwe is howard in spanish.
[15:00:36] *** Quits: stick (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[15:01:59] <SallyCroak> what a coincidence, since spanish is catwe in howard too
[15:02:38] *** Parts: Celelibi (celelibi@par69-9-88-166-81-29.fbx.proxad.net) ()
[15:02:39] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[15:03:08] <SallyCroak> and we seem to have made a turn, cause this doesn't look like a weird video
[15:03:34] * Lightning chuckles
[15:03:42] <Lightning> i’m up next
[15:05:50] <Murmus> of course this is what you choose
[15:06:19] <Lightning> you want more weird?
[15:06:22] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[15:06:30] <gynophage> This is the strangest prom I've ever seen.
[15:06:48] <ReidB> Lightning: Always and forever <3
[15:06:48] *** Quits: WebIRC24794 (~56068d05@cpc2-lewi16-2-0-cust260.2-4.cable.virginm.net) (Client Quit)
[15:07:22] <Murmus> here we go
[15:07:38] <SallyCroak> not as good as the death metal version
[15:08:13] *** Quits: w0 (~w0@37.228.235.175) (Ping timeout: 252 seconds)
[15:08:14] *** Joins: WebIRC35378 (~9a05ae4f@d154-5-174-79.bchsia.telus.net)
[15:08:21] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[15:08:50] <Lightning> want more japanese gameshow stuff?
[15:09:35] <gynophage> So much for "release the hard shit early"
[15:09:53] *** Quits: ling (~ling@li763-200.members.linode.com) (Remote host closed the connection)
[15:10:01] *** Quits: WebIRC35378 (~9a05ae4f@d154-5-174-79.bchsia.telus.net) (Client Quit)
[15:10:07] *** Joins: w0 (~w0@37.228.235.175)
[15:10:35] <SallyCroak> Lightning: https://www.youtube.com/watch?v=pi00ykRg_5c
[15:10:51] <Lightning> gyno put the last one on :)
[15:12:19] <tylerni7> pm about badger?
[15:12:21] <tylerni7> who should I ask
[15:13:26] <tylerni7> sirgoon: you around?
[15:14:11] <tylerni7> or gynophage ?
[15:14:24] <ltfish> time sink is a real time sink...
[15:14:24] <gynophage> What you wanna know?
[15:14:31] <tylerni7> gynophage: can I pm?
[15:14:36] <gynophage> Certainly.
[15:17:04] *** Joins: [SaH]NGG (~c338a952@195.56.169.82)
[15:18:05] <gynophage> If you think you pwned badger, we had the wrong key in the database.
[15:18:39] *** Joins: teooo (~5702a8de@host222-168-dynamic.2-87-r.retail.telecomitalia.it)
[15:19:18] *** Quits: KALRONG (~kalrong@helga.network118.com) (Ping timeout: 252 seconds)
[15:19:55] <Lightning> such a hard decision… what to open….
[15:20:02] <ltfish> CGC!
[15:20:08] *** Quits: vap0r (~d06be726@host-38-231-107-208.midco.net) (Client Quit)
[15:20:49] <Lightning> all this wasted time when a new challenge could be started
[15:21:20] <gynophage> ANNNNNND PPP gets control over the scoreboard again.
[15:21:24] <gynophage> Which one will they take?
[15:21:32] *** Joins: stick (~stick@216.68.89.100)
[15:22:20] <gynophage> Woo! CGC Opened.
[15:22:23] <gynophage> This should go quickly.
[15:23:18] *** Joins: n2n (~7aac378c@122.172.55.140)
[15:24:04] *** Joins: stick__ (~stick@216.68.89.100)
[15:24:43] *** Quits: stick_ (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[15:25:00] *** Quits: Pyxel (~446564bd@ip68-101-100-189.oc.oc.cox.net) (Client Quit)
[15:26:17] * Lightning chuckles
[15:26:55] *** Quits: stick (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[15:27:00] <SallyCroak> Lightning: out of videos already? we saw this a few hours ago
[15:27:02] *** Quits: teooo (~5702a8de@host222-168-dynamic.2-87-r.retail.telecomitalia.it) (Client Quit)
[15:27:14] <Lightning> some people were sleeping so i pulled it back up
[15:27:41] <Murmus> doing this one hourly?
[15:28:41] *** Quits: dapan (~77ca50cb@119.202.80.203) (Client Quit)
[15:28:43] <Lightning> no, did it this morning and a lot were sleeping, so threw it back up. might maybe do it tonight if i care enough
[15:29:10] *** Quits: WebIRC19244 (~7dbae6fd@125.186.230.253) (Client Quit)
[15:29:56] *** Joins: dapan (~77ca50cb@119.202.80.203)
[15:31:13] <dave0x6d> well r2 is flipping out over xkcd.
[15:31:47] *** Joins: insaida (c4dc8009@ircip4.mibbit.com)
[15:32:48] *** Quits: n2n (~7aac378c@122.172.55.140) (Client Quit)
[15:32:57] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[15:33:09] <Murmus> just replaying everything, aren't we?
[15:35:01] *** Joins: KALRONG (~kalrong@213.143.50.1)
[15:35:04] *** Quits: stuart091 (~user@208.167.254.26) (Ping timeout: 252 seconds)
[15:35:27] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[15:38:35] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[15:39:34] *** Joins: stick (~stick@216.68.89.100)
[15:40:28] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[15:41:30] *** Joins: john (~john@dhcp-18-111-101-86.dyn.mit.edu)
[15:42:07] *** Joins: stick_ (~stick@216.68.89.100)
[15:42:09] *** Joins: WebIRC58876 (~caa61d11@202.166.29.17)
[15:42:19] *** Quits: stick__ (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[15:42:41] <Murmus> why is this called a wrong gig?
[15:42:50] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[15:42:55] <Lightning> look at the drummer
[15:43:01] *** Quits: WebIRC58876 (~caa61d11@202.166.29.17) (Client Quit)
[15:43:05] <Lightning> if you weren’t paying attention that is
[15:43:35] *** Joins: opss (~4e083e98@dynamic-78-8-62-152.ssp.dialog.net.pl)
[15:43:49] <opss> will be any hints for persky released? This challenge is killing me :o
[15:43:59] <Murmus> I mean, he was super into it
[15:44:04] <Murmus> but that seems like a good thing?
[15:44:32] <vito> opss: almost a hundred solves on that one, so don't count on it
[15:44:38] <Lightning> you mean prasky?
[15:44:46] <opss> yeah, sorry for typo
[15:44:51] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[15:45:05] <gynophage> Tick tock PPP.
[15:45:09] <gynophage> tylerni7: ^
[15:45:13] <opss> just stuck on nowhere for like 5 hours of trying to solve it :x
[15:45:19] <[SaH]NGG> What's the goal for the CGC challenges? Should it just crash or should we set EIP to something special or what?
[15:45:20] *** Quits: stick (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[15:45:43] <tylerni7> gynophage: I don't get it, it's not like you care about opening stuff up quickly
[15:45:48] <tylerni7> :P
[15:45:59] <vito> [SaH]NGG: https://cgc-docs.legitbs.net/
[15:46:29] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[15:46:43] *** Joins: shellphishuser (~a2d@2605:e000:1c0d:c04c:63c0:349c:13cf:1af3)
[15:46:44] <vito> the quick version is submit a CFE-style PoV
[15:46:58] <vito> https://cgc-docs.legitbs.net/cgc-release-documentation/walk-throughs/understanding-cfe-povs/
[15:46:58] *** Joins: stick__ (~stick@216.68.89.100)
[15:47:21] *** Quits: WebIRC87118 (~d06be726@host-38-231-107-208.midco.net) (Client Quit)
[15:47:34] *** gynophage changes topic to 'http://music.legitbs.net | Point values: https://twitter.com/LegitBS_CTF/status/733807024652193793 | Make CTF Great Again | https://2016.legitbs.net/scoreboard/complete | pwnables have busybox -> /bin/sh. Your execve shell code is probably broken. | CGC Category - https://cgc-docs.legitbs.net/cgc-release-documentation/walk-throughs/understanding-cfe-povs/'
[15:47:34] *** Quits: jhuzlxw (~jhuzlxw@192.95.u.lmu) (Remote host closed the connection)
[15:47:50] <vito> gynophage: ay just post notices for those
[15:47:55] <vito> nobody reads more than ten words of topic
[15:48:43] <opss> what is CGC category?
[15:49:45] <Lightning> opss: go see our blog posts, blog.legitbs.net
[15:49:56] <hellman> what is pwn category??
[15:50:06] *** Quits: stick_ (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[15:50:08] <BrainInAJar> what is reverse engineering you guys?
[15:50:21] <SallyCroak> any hints for the web challenge?
[15:50:22] *** Joins: stick (~stick@216.68.89.100)
[15:50:25] <BrainInAJar> haha
[15:50:30] <Lightning> i’m digging for old videos now
[15:50:35] *** Quits: nerder[fuffateam] (~c2dcb87b@194.220.184.123) (Client Quit)
[15:52:00] *** Joins: WebIRC87118 (~d06be726@host-38-231-107-208.midco.net)
[15:52:01] *** Joins: zzoru (~zzoru@143.248.230.88)
[15:52:26] *** Joins: stick_ (~stick@216.68.89.100)
[15:52:40] *** Quits: stick__ (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[15:53:02] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[15:53:07] *** Quits: john (~john@dhcp-18-111-101-86.dyn.mit.edu) (Client Quit)
[15:54:51] *** Joins: stick__ (~stick@216.68.89.100)
[15:55:00] *** Joins: nerder (~c2dcb87b@194.220.184.123)
[15:55:06] <dave0x6d> huh, is xkcd supposed to be really easy? I feel like I'm overlooking something.
[15:55:31] *** Quits: stick (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[15:55:43] <gynophage> dave0x6d: Yes.
[15:55:54] <nerder> for b3s23 why the binary is provided?
[15:56:06] *** Quits: marcof (~marcof@global-deiInsideNECST.dei.polimi.it) (Client Quit)
[15:56:12] <nerder> it's suppose to be a coding challs or a reverse?
[15:56:15] *** Quits: BrainInAJar (~ae067a03@S0106c056276078b0.vc.shawcable.net) (Client Quit)
[15:56:30] <gynophage> nerder: It's an oracle so you don't have to guess what happens to your input buffer.
[15:56:42] <gynophage> We don't want you to bang our server throwing random bullshit at it.
[15:57:13] <gynophage> You can reverse it. Or google b3s23. Either will give you a pretty good idea of what it does.
[15:58:04] *** Joins: stick (~stick@216.68.89.100)
[15:58:05] *** Quits: stick_ (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[16:00:00] *** Joins: stick_ (~stick@216.68.89.100)
[16:00:15] <hoju> legit bs smokin meat everyday http://i.imgur.com/wdY4s0X.jpg
[16:00:17] *** Quits: stick__ (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[16:00:24] *** Quits: zzoru (~zzoru@143.248.230.88) (Ping timeout: 240 seconds)
[16:00:28] <dave0x6d> [19:56:01] <gynophage> We don't want you to bang our server
[16:00:31] <dave0x6d> who are you to judge?
[16:00:58] *** Quits: dapan (~77ca50cb@119.202.80.203) (Client Quit)
[16:01:16] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[16:01:22] *** Joins: gym (~S_a_H]GyM@195.56.169.82)
[16:01:26] *** Joins: dapan (~77ca50cb@119.202.80.203)
[16:02:16] <hj> we don't want our server to catch anything from you nasty people
[16:02:32] *** Joins: stick__ (~stick@216.68.89.100)
[16:02:51] *** Quits: stick (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[16:03:11] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[16:03:28] <gynophage> Crippled is to be updated soon. It's missing a version with a banner. The banner provides a small hint as to how to interact with it.
[16:03:49] <dave0x6d> hj: wow, so just because I use a fuzzer you assume I have something?
[16:03:53] <gynophage> Lightning will update when that's in place.
[16:04:09] <gynophage> dave0x6d: Fuzzer? That's like wearing a raincoat in the shower.
[16:04:13] <hj> spreading your data around like its everyones business i bet you do
[16:04:25] *** Joins: john (~john@dhcp-18-111-101-86.dyn.MIT.EDU)
[16:04:27] <dave0x6d> i am open minded about my data.
[16:04:28] <hj> do you even https bro
[16:04:37] <dave0x6d> why would I use https? I have nothing to hide.
[16:04:47] *** Quits: arbiter_ (uid60882@id-60882.richmond.irccloud.com) (Client Quit)
[16:05:47] *** Quits: stick_ (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[16:06:52] <Lightning> crippled is updated, banner now has usable example. was in the repo but never made it to master, sorry about that
[16:06:58] *** Quits: rhydis (~rhydis@anon-63-70.vpn.ipredator.se) (Ping timeout: 252 seconds)
[16:07:22] <dave0x6d> oh, this takes input on stdin
[16:07:31] <Ymgve> which admin is responsible for time sink?
[16:07:38] <gynophage> Lightning
[16:07:39] * Lightning raises their hand
[16:08:10] * dave0x6d smacks Lightning's hand down.
[16:08:13] <dave0x6d> ssshhhhh.
[16:08:16] <dave0x6d> no hints :p
[16:08:30] *** Quits: shellphishuser (~a2d@2605:e000:1c0d:c04c:63c0:349c:13cf:1af3) (Client Quit)
[16:09:40] *** Quits: WebIdodo (~24ea89f2@36-234-137-242.dynamic-ip.hinet.net) (Client Quit)
[16:09:42] *** Joins: john` (~user@dhcp-18-111-101-86.dyn.mit.edu)
[16:09:54] *** Quits: john (~john@dhcp-18-111-101-86.dyn.MIT.EDU) (Client Quit)
[16:10:16] *** Joins: WebIdodo (~24ea89f2@36-234-137-242.dynamic-ip.hinet.net)
[16:10:39] *** Quits: WebIRC87118 (~d06be726@host-38-231-107-208.midco.net) (Client Quit)
[16:14:42] *** Quits: opss (~4e083e98@dynamic-78-8-62-152.ssp.dialog.net.pl) (Client Quit)
[16:15:00] <withzombies> do i need to submit a type2 pov?
[16:15:51] *** Joins: IceGuest_78_ (~IceChat78@105.158.152.121)
[16:16:47] <Lightning> i’m poking the others, they aren’t paying attention
[16:17:12] <Lightning> I COULDNT RESIST
[16:17:15] <Murmus> ooooh.
[16:17:17] <Murmus> booo
[16:19:22] <gynophage> withzombies: result = subprocess.call(['/usr/local/bin/cb-test', '--negotiate', '--xml', pov_filename, '--directory', path, '--failure_ok', '--should_core', '--cb', cb])
[16:19:33] <withzombies> okay
[16:19:48] *** Joins: toomanybananas (~60f1b411@pool-96-241-180-17.washdc.fios.verizon.net)
[16:20:01] <gynophage> I think some of the others in the category force you down a path.
[16:20:13] <toomanybananas> Are we supposed to submit our CGC povs in xml form?
[16:20:39] *** Joins: stick (~stick@216.68.89.100)
[16:20:50] <gynophage> toomanybananas: I *think* it'll do either. We throw C-style POVs.
[16:20:58] <gynophage> (Compiled)
[16:21:05] <toomanybananas> Okay, thanks
[16:21:42] <anotherctfer> POV makes me laugh everytime, still referencing something else in my brain
[16:21:49] <gynophage> The --xml is just...poorly named.
[16:21:57] * gynophage grumbs at bmc
[16:23:07] *** Joins: Guest40 (~textual@c-73-223-205-181.hsd1.ca.comcast.net)
[16:23:23] *** Quits: stick__ (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[16:23:47] *** Joins: WebIRC24794 (~56068d05@cpc2-lewi16-2-0-cust260.2-4.cable.virginm.net)
[16:24:47] *** Quits: anotherctfer (~d8a94d9c@216.169.77.156) (Client Quit)
[16:24:53] *** Quits: Guest40 (~textual@c-73-223-205-181.hsd1.ca.comcast.net) (Client Quit)
[16:25:20] *** Joins: BrainInAJar (~18721975@24.114.25.117)
[16:26:09] <[SaH]NGG> So we need to send you a cgc binary that first negotiates the pov via fd 3, and then communicates with the cb on stdin/stdout?
[16:26:24] *** Quits: john` (~user@dhcp-18-111-101-86.dyn.mit.edu) (Ping timeout: 240 seconds)
[16:26:27] *** Joins: Yogurt (~48ea8c68@udp223884uds.hawaiiantel.net)
[16:26:35] *** Joins: WebIRC12394 (~4e083e98@dynamic-78-8-62-152.ssp.dialog.net.pl)
[16:26:48] <WebIRC12394> hey, who's the author of time_sink?
[16:26:59] <Lightning> WebIRC12394: me
[16:27:27] <gynophage> [SaH]NGG: If you build a proper CGC binary and use their API, it'll negotiate.
[16:27:57] <[w33]Luwenth> someone has a fast "next" finger on the radio show
[16:28:15] <laxa> gynophage: could you say if arch is important or not on crippled ? :p
[16:28:29] <Lightning> laxa: it’s 32bit
[16:28:33] <laxa> ok thanks
[16:29:03] <gynophage> [SaH]NGG: nm, xml does it. If you write it from scratch in C, you have to negotiate on C by hand.
[16:30:19] *** Quits: nerder (~c2dcb87b@194.220.184.123) (Client Quit)
[16:30:45] *** Joins: nerder (~c2dcb87b@194.220.184.123)
[16:31:21] *** Joins: rabidwh0re (~Lucas@c-76-31-77-249.hsd1.tx.comcast.net)
[16:32:21] *** Quits: dapan (~77ca50cb@119.202.80.203) (Client Quit)
[16:32:22] *** Quits: nerder (~c2dcb87b@194.220.184.123) (Client Quit)
[16:32:54] *** Quits: WebIRC24794 (~56068d05@cpc2-lewi16-2-0-cust260.2-4.cable.virginm.net) (Client Quit)
[16:33:02] *** Joins: nerder (~c2dcb87b@194.220.184.123)
[16:33:06] *** Joins: rffdtdtdtrdtrrth (~56068d05@cpc2-lewi16-2-0-cust260.2-4.cable.virginm.net)
[16:34:30] *** Quits: rffdtdtdtrdtrrth (~56068d05@cpc2-lewi16-2-0-cust260.2-4.cable.virginm.net) (Client Quit)
[16:34:45] *** Joins: dapan (~77ca50cb@119.202.80.203)
[16:35:59] *** Quits: null (uid40108@id-40108.charlton.irccloud.com) (Client Quit)
[16:36:14] *** Joins: stick_ (~stick@216.68.89.100)
[16:38:41] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[16:39:09] *** Quits: stick (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[16:39:34] *** Quits: WebIRC12394 (~4e083e98@dynamic-78-8-62-152.ssp.dialog.net.pl) (Client Quit)
[16:39:53] *** Quits: WebIRC7202 (~4b36d86a@75-54-216-106.lightspeed.mlpsca.sbcglobal.net) (Client Quit)
[16:40:42] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[16:41:21] <vito> psifertex: hey why can't i pinch-zoom in binary ninja
[16:43:13] <Gynvael> qq, is crippled being changed on the fly?
[16:43:21] <[w33]Luwenth> just because: http://worldsbiggestpacman.com/
[16:43:43] <Gynvael> it seems to behave differently than it did some time ago ^_-
[16:44:14] *** Joins: nebel (~nicolai@130.225.98.198)
[16:44:20] *** Quits: nebel (~nicolai@130.225.98.198) (Client Quit)
[16:44:43] *** Quits: WebIRC57496 (~43a157db@c-67-161-87-219.hsd1.wa.comcast.net) (Client Quit)
[16:45:07] *** Quits: gael (~gael@2a01:e35:2425:a090:c044:704d:566a:e782) (Client Quit)
[16:45:11] <Lightning> Gynvael: i only updated the header, the backend compiler did not change
[16:45:23] <Lightning> the header simply gave a working example
[16:45:49] <Gynvael> Lightning: ack, thanks
[16:49:44] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[16:50:39] *** Joins: rffdtdtdtrdtrrth (~56068d05@cpc2-lewi16-2-0-cust260.2-4.cable.virginm.net)
[16:51:37] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[16:51:42] *** Quits: digitalseraphim (~digitalse@rrcs-72-43-234-250.nys.biz.rr.com) (Ping timeout: 252 seconds)
[16:52:09] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[16:52:21] *** Quits: RoMaNSoFt (~roman@23.red-81-34-135.dynamicip.rima-tde.net) (Ping timeout: 252 seconds)
[16:52:37] *** Quits: whateveranymore (~whatevera@172-97-185-92.cpe.distributel.net) (Client Quit)
[16:53:13] *** Quits: rffdtdtdtrdtrrth (~56068d05@cpc2-lewi16-2-0-cust260.2-4.cable.virginm.net) (Client Quit)
[16:53:30] *** Joins: rffdtdtdtrdtrrth (~56068d05@cpc2-lewi16-2-0-cust260.2-4.cable.virginm.net)
[16:53:34] *** Joins: WebIRC47530 (~b764d5a3@183.100.213.163)
[16:53:36] *** Joins: stick__ (~stick@216.68.89.100)
[16:54:09] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[16:55:34] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[16:56:17] *** Joins: stick (~stick@216.68.89.100)
[16:56:28] *** Quits: stick_ (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[16:57:03] *** Joins: zzoru (~zzoru@143.248.230.88)
[16:57:24] *** Quits: rffdtdtdtrdtrrth (~56068d05@cpc2-lewi16-2-0-cust260.2-4.cable.virginm.net) (Client Quit)
[16:57:37] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[16:58:35] *** Quits: bata (~bata@166-199-102-121.flets.hi-ho.ne.jp) (Client Quit)
[16:58:45] *** Joins: stick_ (~stick@216.68.89.100)
[16:59:02] *** Quits: stick__ (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[16:59:11] *** Quits: BrainInAJar (~18721975@24.114.25.117) (Client Quit)
[16:59:14] <Lightning> :D
[16:59:16] *** Joins: robbje (~robbje@slashem.de)
[16:59:38] *** Joins: rffdtdtdtrdtrrth (~56068d05@cpc2-lewi16-2-0-cust260.2-4.cable.virginm.net)
[16:59:57] *** Quits: WebIRC47530 (~b764d5a3@183.100.213.163) (Client Quit)
[17:00:47] *** Joins: WebIRC70842 (~d5909513@213.144.149.19)
[17:01:22] *** Joins: stick__ (~stick@216.68.89.100)
[17:01:58] *** Quits: stick (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[17:03:04] *** Joins: bata (~bata@66-160-126-219.flets.hi-ho.ne.jp)
[17:03:17] <jiggajuice> any info on protections in feedme? aslr? NX?
[17:03:57] *** Joins: WebIRC7202 (~4b36d86a@75-54-216-106.lightspeed.mlpsca.sbcglobal.net)
[17:03:58] *** Joins: stick (~stick@216.68.89.100)
[17:04:32] *** Quits: stick_ (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[17:04:54] <Lightning> easy things for 60 people to figure out
[17:05:33] *** Quits: zzoru (~zzoru@143.248.230.88) (Ping timeout: 252 seconds)
[17:05:54] *** Quits: dapan (~77ca50cb@119.202.80.203) (Client Quit)
[17:06:00] *** Joins: dapan (~77ca50cb@119.202.80.203)
[17:06:23] *** Joins: stick_ (~stick@216.68.89.100)
[17:07:06] *** Quits: stick__ (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[17:07:16] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[17:08:47] *** Quits: rffdtdtdtrdtrrth (~56068d05@cpc2-lewi16-2-0-cust260.2-4.cable.virginm.net) (Client Quit)
[17:08:51] <dave0x6d> speaking of C, Cling is the coolest thing I've found recently to test out snippets of C/C++
[17:08:56] <_2can> so assuming I have an xml POV, what do I do now? imma so lost
[17:09:05] <dave0x6d> it's a REPL that uses Clang for the backend.
[17:09:18] *** Quits: stick (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[17:09:20] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[17:09:42] <gynophage> _2can: Send it up?
[17:10:09] *** Quits: WebIRC15955 (~5d22bb9e@93-34-187-158.ip51.fastwebnet.it) (Client Quit)
[17:10:12] *** Joins: [SaH]vasporig (~c338a952@195.56.169.82)
[17:11:21] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[17:11:41] *** Joins: rffdtdtdtrdtrrth (~56068d05@cpc2-lewi16-2-0-cust260.2-4.cable.virginm.net)
[17:11:52] *** Quits: liikt (~liikt@p549FCD3F.dip0.t-ipconnect.de) (Client Quit)
[17:12:15] <[SaH]NGG> I think _2can wanted to ask whether he needs to send the xml or c code or cgc binary?
[17:12:50] *** Joins: liikt (~liikt@p549FCD3F.dip0.t-ipconnect.de)
[17:13:24] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[17:14:00] *** Joins: albn (~1883e35c@c-24-131-227-92.hsd1.pa.comcast.net)
[17:15:00] *** Joins: WebIRC49603 (~6f5dda04@111.93.218.4)
[17:15:08] <gynophage> xml or a binary.
[17:15:35] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[17:15:49] *** Quits: KALRONG (~kalrong@213.143.50.1) (Ping timeout: 252 seconds)
[17:15:50] <[SaH]vasporig> I think i found an unintended bug in easier, who can ask about it?
[17:16:15] *** Joins: WebIRC76486 (~4e083e98@dynamic-78-8-62-152.ssp.dialog.net.pl)
[17:16:41] *** Quits: nerder (~c2dcb87b@194.220.184.123) (Client Quit)
[17:16:43] <Lightning> [SaH]vasporig: bug gyno, the author isn’t around
[17:16:53] <gynophage> [SaH]vasporig: You can talk to me, but I know exactly what you're going to say.
[17:18:11] *** Joins: vap0r (~d06be726@host-38-231-107-208.midco.net)
[17:18:45] <WebIRC76486> who is the author of b3s23 ?
[17:18:47] *** Joins: nerder (~c2dcb87b@194.220.184.123)
[17:19:18] <Lightning> me
[17:19:25] <Lightning> i hope you are enjoying it
[17:19:40] <Lightning> message me if you have something specific to ask
[17:20:46] <withzombies> it won't let me submit my type2 pov
[17:20:48] <withzombies> :(
[17:20:50] <withzombies> it says its too big
[17:21:11] *** Joins: rjenish (rjenish@bitcoinshell.mooo.com)
[17:21:56] *** Joins: stick__ (~stick@216.68.89.100)
[17:22:16] <gynophage> http://download.quals.shallweplayaga.me/launcher/submitters.zip
[17:22:57] <withzombies> aww that's bullshit
[17:22:58] <q3k> >It's not just you! http://music.legitbs.net looks down from here.
[17:23:00] <withzombies> my pov is too big by that setting
[17:23:02] <q3k> gw
[17:23:03] <withzombies> its 181k
[17:23:30] <Lightning> yep, it’s down
[17:23:36] <gynophage> Back up.
[17:25:04] *** Quits: stick_ (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[17:25:41] <gynophage> withzombies: Our POV is 5k...
[17:25:51] <gynophage> We figured 20x ours was decent overhead.
[17:25:52] <hj> yeah 181k seems realy bit
[17:26:17] <withzombies> i mean, my .o file is much smaller
[17:26:25] <withzombies> all the linked in libs are causing the issues
[17:26:26] <gynophage> Strip the damn PDF?
[17:26:28] <computerality> are they still putting in that shitty pdf?
[17:26:44] <withzombies> $ ls -lh legit_pov*
[17:26:45] <withzombies> -rwxr-xr-x 1 vagrant vagrant 181K May 21 21:24 legit_pov
[17:26:47] <withzombies> -rw-r--r-- 1 vagrant vagrant 2.8K May 21 21:17 legit_pov.c
[17:26:49] <withzombies> -rw-r--r-- 1 vagrant vagrant 1.9K May 21 21:23 legit_pov.o
[17:27:09] <withzombies> no pdf
[17:27:15] *** Joins: stick (~stick@216.68.89.100)
[17:27:27] <withzombies> or maybe there is
[17:27:28] <gynophage> ...what the hell are you linking in?
[17:27:32] <withzombies> idk
[17:27:44] * mike_pizza enters chatroom
[17:27:53] <gynophage> @hj - your call.
[17:27:56] <withzombies> $ /usr/i386-linux-cgc/bin/clang -c -o legit_pov.o legit_pov.c -Llibpov -lpov -Wall -Wextra -pedantic -DNPATCHED -nostdlib -fno-builtin -nostdinc -Iinclude -Ilib -I/usr/include -O2 -Wno-overlength-strings -Wno-packed -Wno-unused-function -Os
[17:27:58] <withzombies> $ /usr/i386-linux-cgc/bin/ld -o legit_pov -lpov -Llibpov -lcgc -L/usr/lib -Os legit_pov.o -lcgc -lpov
[17:28:13] <toomanybananas> is it accepting xmls properly? I submitted an xml (validated with pov-xml2c) and it says it doesn't even negotiate
[17:28:50] *** Quits: nerder (~c2dcb87b@194.220.184.123) (Client Quit)
[17:29:16] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[17:29:43] *** Joins: stick_ (~stick@216.68.89.100)
[17:29:54] *** Quits: stick__ (~stick@216.68.89.100) (Ping timeout: 240 seconds)
[17:30:53] <gynophage> We're giving you a MB, withzombies
[17:30:54] *** Joins: KALRONG (~kalrong@helga.network118.com)
[17:31:42] <gynophage> This shouldn't be this hard. But we've also been playing with CGC for a while, so, we've got better tooling and smaller libraries.
[17:31:49] <gynophage> And I imagine CFE teams do as well.
[17:32:01] <gynophage> You may fire when ready.
[17:32:16] <WebIRC76486> is the whole See Ga See category about CGC ?
[17:32:17] <gynophage> toomanybananas: I uploaded the launchers. Try those out?
[17:32:24] *** Quits: stick (~stick@216.68.89.100) (Ping timeout: 240 seconds)
[17:32:26] <gynophage> WebIRC76486: Yes.
[17:32:29] <WebIRC76486> :/
[17:32:58] <gynophage> WebIRC76486: It's a really big piece of finals. One of our goals with our qualifier is to...qualify...teams for that.
[17:33:12] <WebIRC76486> is there anyone even use it in real life?
[17:33:13] <withzombies> still says too long
[17:33:25] <WebIRC76486> so this year Defcon wont be attack defence?
[17:33:54] <gynophage> This year defcon will be exploitation and patching.
[17:34:04] *** Quits: halb (~1817b6be@c-24-23-182-190.hsd1.ca.comcast.net) (Client Quit)
[17:34:14] <gynophage> If you think defense is holes in LegitBS monitoring scripts and redirecting traffic off box, then no, it won't be Attack Defense.
[17:34:33] <gynophage> withzombies: Try again?
[17:34:43] <WebIRC76486> I mean, if the structure of finals will be different than year ago
[17:34:52] *** Joins: stick (~stick@216.68.89.100)
[17:35:08] <gynophage> WebIRC76486: Yes.
[17:35:12] <WebIRC76486> anyway, TBH, is CGC used in real life, for mass scale?
[17:35:26] <gynophage> WebIRC76486: Nope.
[17:35:37] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[17:35:37] <WebIRC76486> then... what's the point of it? :/
[17:36:12] <vito> https://blog.legitbs.net/2016/05/what-is-cyber-grand-challenge.html
[17:37:04] *** Quits: dapan (~77ca50cb@119.202.80.203) (Client Quit)
[17:37:08] *** Joins: stick__ (~stick@216.68.89.100)
[17:37:16] <gynophage> WebIRC76486: Same point as CTF always. It's a stand in for real world.
[17:37:43] <Lightning> and then SPACE
[17:37:54] *** Quits: stick_ (~stick@216.68.89.100) (Ping timeout: 240 seconds)
[17:38:12] *** Joins: WebIRC87118 (~d06be726@host-38-231-107-208.midco.net)
[17:38:31] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[17:38:38] <aterribleloss> so many IPs!
[17:38:44] <WebIRC76486> CTFs always wide you knowledne on real-life stuff, like pwning, like reversing, like webs
[17:38:47] *** Joins: [w33]deorth (~deorth@c-76-126-64-50.hsd1.ca.comcast.net)
[17:39:04] <WebIRC76486> cgc is no real life stuff, is just something which noone uses
[17:39:15] <gynophage> WebIRC76486: Do you think CGC lacks reversing and owning?
[17:39:22] <gynophage> Fuck webs.
[17:39:31] <WebIRC76486> ok, right
[17:39:37] <hj> have you even popped one into ida?
[17:39:38] <WebIRC76486> fuck webs, but also fuck architectures noone uses
[17:39:38] <Lightning> if you think reversing is just web then you have some more reading to do. CGC is advancing the ideas and methods of machine defense
[17:39:44] <SallyCroak> video is spoilers for the web challenge!!
[17:39:47] *** Joins: stick_ (~stick@216.68.89.100)
[17:39:59] <gynophage> WebIRC76486: Sure. Then fuck every CTF ever.
[17:40:07] <Lightning> WebIRC76486: curious, like what architectures, arm?
[17:40:19] <gynophage> Fuck dosfun4u
[17:40:20] <gynophage> Fuck badger
[17:40:21] <WebIRC76486> nah, mos of ctfs got x86, then a little arm
[17:40:23] *** Quits: stick (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[17:40:33] <WebIRC76486> here, you got 1/2 of your CTF with architecture noone uses
[17:40:37] <gynophage> Fuck all the FreeBSD stuff.
[17:40:40] <WebIRC76486> ok, maybe less than 1/2, ut still a lot
[17:40:41] <hj> ooh and windows iot arm
[17:40:45] *** Quits: breadsticks (~breadstic@64.184.102.169) (Ping timeout: 252 seconds)
[17:40:45] <gynophage> Fuck Google's CTF with PowerPC.
[17:40:49] <hj> ooh and mips and msp430
[17:41:06] *** Quits: root1 (~root@108-208-210-123.lightspeed.renonv.sbcglobal.net) (Client Quit)
[17:41:20] <Lightning> Well, CGC is linux x86 32bit with a few modifications, phones use arm, i’m not seeing the issue
[17:41:21] <WebIRC76486> No, I don't mean fuck them all. I mean prepare variety of challenges but with reasonable ratio
[17:41:32] *** Joins: breadsticks (~breadstic@64.184.102.169)
[17:41:38] <WebIRC76486> if most people use x86 and arm, then do most x86 and arm and maybe 1-2 cgc
[17:41:44] <Lightning> so like finals last year with x86 32bit, x86 64bit, arm, mips, and arm64 bit?
[17:41:44] <WebIRC76486> not like the half of ctf with cgc challenges
[17:41:50] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[17:42:12] *** Joins: dapan (~77ca50cb@119.202.80.203)
[17:42:19] <gynophage> WebIRC76486: Holy fucking shit. If only CGC was x86.
[17:42:24] <gynophage> OHH WAIT IT IS
[17:42:25] <toomanybananas> hey @WebIRC76486 how many points you got
[17:42:29] <Lightning> this year is known to be the winning CGC computer against 14 best teams, we have to make sure that those that compete can compete, even with CGC being a modified linux setup
[17:42:32] <hj> so I assume that you have done all the other challenges
[17:42:57] *** Quits: stick__ (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[17:43:05] <withzombies> i solved it
[17:43:06] <withzombies> thanks
[17:43:08] <withzombies> o/
[17:43:13] <gynophage> \o
[17:43:13] <hj> excellent
[17:44:39] <WebIRC76486> you dont see my point here, anyway, that's just my opinion. Pushing new stuff, for like 50% of the most popular CTF is just weird
[17:44:54] <gynophage> Fuck innovation. Fuck new things.
[17:45:00] <WebIRC76486> anyway I appretiate the effort you put to create all the challenges (even the cgc)
[17:45:02] <gynophage> Let's pump the same game out every year.
[17:45:05] <[w33]deorth> Fuck The Planet
[17:45:15] <computerality> ^^
[17:45:24] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[17:45:29] * aterribleloss opens bag of popcorn
[17:45:39] <WebIRC76486> nah, fuck forcing innovation by forcing 50% of ctf to be something new, which noone uses in real life
[17:45:44] <nwx> computerality: i think you mean "Hack The Planet"
[17:45:46] <[w33]deorth> also Fuck xkcd.. we are apparently super lame this year :/
[17:46:00] <computerality> nwx: is there a difference?
[17:46:04] <nwx> lol
[17:46:08] <[w33]deorth> onf of the points of ctf has been to expose people to new things
[17:46:12] <[w33]deorth> to force people to think
[17:46:24] <[w33]deorth> I like that I never know what arch or OS I'm going to encounter
[17:46:49] <[w33]deorth> there was a one the other year involving xbox kinetic and fucking semaphore
[17:46:52] <[w33]deorth> that was awesome
[17:46:56] <WebIRC76486> yeah, and you can force them, but creating 1-2 'technology-innovative' challenges, not like 12 challenges for CGC
[17:47:04] <hj> that was the year I got my second black badge
[17:47:17] <hj> the point of quals is to prepare teams for finals
[17:47:19] <[w33]Luwenth> WebIRC76486: This isn't "regurgitate what you already know" class. This is a serious CTF. This is "do you know your shit well enough to apply it to something you've probably never thought about before".
[17:47:20] <WebIRC76486> [w33]deorth: ok, but there wasn't 12 challenges about xbox kinetic
[17:47:21] <hj> 1-2 does not do that
[17:47:26] <[w33]deorth> The reason for the 12 CGC challenges (at a guess) is so that the qualifiers are prepared to put on a good show againats the CGC computer
[17:47:30] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[17:47:34] <[w33]deorth> it seems reasonable to me
[17:48:27] <hj> and to be fair, the two currently unlocked are just two sides of the same coin
[17:48:28] <withzombies> i like this points system
[17:48:30] <hj> pwn it and patch it
[17:48:38] <hj> glad you approve
[17:49:29] <WebIRC76486> If you prepared 12 different, innovate, not-well-known technologies/architectures, I woudn't complain.
[17:49:41] <hj> yeah it gets rid of our subjective ideas of what the points should be
[17:49:48] <hj> yes you would
[17:49:58] <[w33]Luwenth> WebIRC76486: I'm pretty sure you'd still complain :)
[17:50:02] <verylazyguy> I dislike how they don't start with subjective point values though
[17:50:28] <[w33]deorth> thats the thing they're trying to overcome
[17:50:36] <WebIRC76486> [w33]deorth: no, 'cos if I won't like CGC, I could switch to other challenge. Here, half of ctf is CGC
[17:50:37] <[w33]Luwenth> The new points system is definitely interesting, and conceptually does fix the problem of "what value should each puzzle really have"?
[17:50:49] <hj> no only two challenges that are open are cgc
[17:50:59] <hj> have you solved every other open one
[17:51:04] <mx_> WebIRC76486: stop whining dude. it makes my eyes hurt
[17:51:10] <hj> you must be on ppp
[17:51:19] <[w33]deorth> ppp.. fucking whiners
[17:51:24] <WebIRC76486> :D
[17:51:27] <hj> right, man always bitchin
[17:51:44] <gynophage> withzombies: Thanks! We put some thought into it. We wanted to do it last year.
[17:51:53] <WebIRC76486> of course, I haven't solved others yet - but when I see, that 50% of defcon is just cgc, then...my eyes hurt ;]
[17:52:15] *** Joins: WebIRC95042 (~7748c68a@em119-72-198-138.pool.e-mobile.ne.jp)
[17:52:27] <WebIRC76486> scoring system - nice; pwnies/re - nice; 50% of cgc - wtf - that's my opinion. Guess it's EOT from my side :)
[17:52:30] <[w33]Luwenth> How do you get to 50%? Looking at babys-first 1 out of 5 is a CGC. 1!
[17:52:32] <gynophage> WebIRC76486: If it makes you feel a bit better, MOST of the CGC category is own, and patch of the same thing.
[17:52:48] <WebIRC76486> [w33]deorth: the whole See Ga See category will be about CGC
[17:52:58] <[w33]deorth> so fucking what ? :)
[17:53:14] <[w33]deorth> if they're shitty puzzles that are easy to solve, then they'll not be worth much
[17:53:25] <[w33]deorth> if they're hardp uzzles, then thats what cTF is about
[17:53:31] <hj> ugh, back to zelda
[17:53:41] <gynophage> It's x86 Linux, with different sys call numbers.
[17:53:48] <gynophage> If you can pop Linux, you can mostly pop CGC.
[17:54:07] <b2xiao> oh man we should hold a public vote on what to open
[17:54:15] <tylerni7> b2xiao: hahaha
[17:54:19] *** Quits: albn (~1883e35c@c-24-131-227-92.hsd1.pa.comcast.net) (Client Quit)
[17:54:20] <gynophage> b2xiao: What would you open?
[17:54:23] <tylerni7> I am okay with that
[17:54:26] <b2xiao> crypto
[17:54:30] <b2xiao> I would open all the crypto
[17:54:33] <b2xiao> and qr codes challenges
[17:54:38] <b2xiao> those too I love QR codes man
[17:54:45] <[w33]Luwenth> I vote we own the rest of babys-first, so I have things I can try to solve :)
[17:54:46] <[w33]deorth> something forensiccy
[17:54:49] <[w33]deorth> I always like those
[17:55:03] <[w33]Luwenth> where's the web stuff this year???
[17:55:05] <[w33]deorth> yeah.. babys first is kicking our ass thie year :(
[17:55:10] *** Quits: WebIRC87118 (~d06be726@host-38-231-107-208.midco.net) (Client Quit)
[17:55:12] <computerality> b2xiao: you are now my spirit animal
[17:55:14] <hj> you mean when you had to concatenate all the bits of an unused flag on an ntfs partition and know that it was a flag
[17:55:40] <gynophage> Would you guys like a "Guess the flag" category next year?
[17:56:02] <gynophage> It'll just be the text area with no hint or download.
[17:56:02] <hj> or it the md5sum of a file deleteded but not actually erased
[17:56:20] <[w33]Luwenth> Depends, what's the rate-limit on guesses? :) If it's not 'as fast as I can go with my neighboring AWS instance', then that would be cool :)
[17:56:41] <computerality> gynophage: could you include a timezone guessing category too please?
[17:56:52] <gynophage> computerality: Absolutely.
[17:56:59] <hj> world wide this time, not just mountain time
[17:57:16] <[w33]Luwenth> wait, I thought this was all pacific time this year
[17:57:37] *** Quits: WebIRC7202 (~4b36d86a@75-54-216-106.lightspeed.mlpsca.sbcglobal.net) (Client Quit)
[17:57:43] <gynophage> computerality: 3 hour delay category too?
[17:58:04] <computerality> only if it's 2 hour delay sometimes because of daylight saving
[17:59:14] <hj> hey Web### another cgc challenge has been opened for you. enjoy
[18:00:17] *** Quits: rffdtdtdtrdtrrth (~56068d05@cpc2-lewi16-2-0-cust260.2-4.cable.virginm.net) (Client Quit)
[18:00:34] <dave0x6d> How many teams are playing anyway?
[18:00:55] <gnomus> 5
[18:01:00] <dave0x6d> -.-
[18:01:01] <gynophage> 253 have any points.
[18:01:12] <gynophage> 238*
[18:01:25] <gnomus> we just went back under 100 points :(
[18:01:27] <dave0x6d> nice, so i'm in the top 238
[18:01:29] <gynophage> 1214 teams registered.
[18:02:17] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[18:02:40] *** Joins: supahot (~3e5c6fd3@62.92.111.211)
[18:02:46] *** Quits: WebIRC76486 (~4e083e98@dynamic-78-8-62-152.ssp.dialog.net.pl) (Client Quit)
[18:02:50] *** Joins: rffdtdtdtrdtrrth (~56068d05@cpc2-lewi16-2-0-cust260.2-4.cable.virginm.net)
[18:03:16] *** Joins: nerder (~c2dcb87b@194.220.184.123)
[18:04:18] <Lightning> don’t forget about the 1000’th of a second accuracy but the logs provided only give 100’th accuracy
[18:04:24] <Lightning> after guessing the timezone
[18:04:49] <[w33]Luwenth> eh, 100 guesses ain't tbat had :)
[18:05:07] *** Joins: ling (~ling@li763-200.members.linode.com)
[18:05:27] *** Quits: nerder (~c2dcb87b@194.220.184.123) (Client Quit)
[18:05:51] *** Joins: zzoru (~zzoru@143.248.198.13)
[18:06:43] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[18:07:30] <aterribleloss> how about some signal demodulation?
[18:07:33] *** Quits: rok__ (uid35317@id-35317.tooting.irccloud.com) (Client Quit)
[18:07:47] *** Joins: c21 (d4101c82@ircip3.mibbit.com)
[18:08:43] <L0rdComm4ander> who can I ask about easy-prasky?
[18:08:53] <Lightning> go bug gyno
[18:09:31] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[18:10:20] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[18:10:23] *** Joins: WebIRC25733 (~49e7fda6@c-73-231-253-166.hsd1.ca.comcast.net)
[18:10:32] *** Quits: zzoru (~zzoru@143.248.198.13) (Ping timeout: 252 seconds)
[18:10:52] <vito> L0rdComm4ander: i wrote it, but it's also been solved like a hundred times
[18:11:57] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[18:12:21] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[18:13:10] *** Quits: dapan (~77ca50cb@119.202.80.203) (Client Quit)
[18:14:04] <fester> this song is the best
[18:14:25] *** Quits: Ninn (~rekt@130.225.98.198) (Client Quit)
[18:14:26] *** Quits: b3h3m0th (uid26288@2604:8300:100:200b:6667:2:0:66b0) (Client Quit)
[18:14:54] <fester> vito: easy-prasky pissed me off
[18:15:16] <fester> when i "solved" it
[18:15:29] <vito> how so?
[18:15:37] <gynophage> In PM.
[18:15:50] *** Quits: rffdtdtdtrdtrrth (~56068d05@cpc2-lewi16-2-0-cust260.2-4.cable.virginm.net) (Client Quit)
[18:15:50] <vito> fester: yeah PM if it's about how you solved it
[18:15:56] *** Joins: rffdtdtdtrdtrrth (~56068d05@cpc2-lewi16-2-0-cust260.2-4.cable.virginm.net)
[18:16:02] <vito> because it's not a spoiler at this point to say that 334_cuts is very similar
[18:16:19] *** Quits: Piratmajor (~Piratmajo@ti0013a400-1255.bb.online.no) (Ping timeout: 252 seconds)
[18:16:29] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[18:17:20] *** Joins: WebIRC87118 (~d06be726@host-38-231-107-208.midco.net)
[18:17:45] <supahot> anyone I can ask about baby-re?
[18:18:06] <Lightning> depends on the question, at this point unless it is down we can’t say much due to the high number of solves
[18:18:24] *** Joins: autolycos (~6f570996@111.87.9.150)
[18:18:31] <gnomus> fester: us too :D
[18:18:41] <gnomus> wasted like an hour or something
[18:19:47] *** Quits: autolycos (~6f570996@111.87.9.150) (Client Quit)
[18:19:57] *** Joins: cx (~Adium@189.217.214.103)
[18:25:44] <supahot> @Lightning nevermind I got it
[18:29:30] *** Joins: zzoru (~zzoru@143.248.198.13)
[18:31:09] *** Quits: hellman (~shellman@2001:7e8:d4d1:9702:c91:d5c3:548f:fd73) (Remote host closed the connection)
[18:33:30] *** Quits: vap0r (~d06be726@host-38-231-107-208.midco.net) (Client Quit)
[18:33:48] <riatre> Weird, I received "# cb-server: CB generated signal (pid: 25, signal: 11)" and "not ok - pov did not negotiate" when I tried to submit a xml pov.
[18:33:59] *** Joins: autolycos (~6f570996@111.87.9.150)
[18:34:15] <riatre> Works well locally, with exactly same command line as in `submit.py`
[18:34:17] *** Quits: zzoru (~zzoru@143.248.198.13) (Ping timeout: 252 seconds)
[18:35:38] <gynophage> riatre: http://cgc-docs.legitbs.net/cgc-release-documentation/walk-throughs/understanding-cfe-povs/
[18:36:33] *** Joins: WebIRC7330 (~d06be726@host-38-231-107-208.midco.net)
[18:36:35] <riatre> thanks
[18:36:50] *** Joins: vap0r (~d06be726@host-38-231-107-208.midco.net)
[18:37:05] *** Quits: WebIRC87118 (~d06be726@host-38-231-107-208.midco.net) (Client Quit)
[18:37:11] *** Joins: WebIRC87118 (~d06be726@host-38-231-107-208.midco.net)
[18:37:43] *** Quits: rffdtdtdtrdtrrth (~56068d05@cpc2-lewi16-2-0-cust260.2-4.cable.virginm.net) (Client Quit)
[18:38:25] *** Quits: w0 (~w0@37.228.235.175) (Remote host closed the connection)
[18:39:11] *** Quits: cx (~Adium@189.217.214.103) (Client Quit)
[18:39:36] *** Joins: rffdtdtdtrdtrrth (~56068d05@cpc2-lewi16-2-0-cust260.2-4.cable.virginm.net)
[18:39:53] <b2xiao> fuck
[18:40:01] <b2xiao> why are we always having to pick a category
[18:40:02] *** Joins: cx (~Adium@189.217.214.103)
[18:40:17] *** Quits: vap0r (~d06be726@host-38-231-107-208.midco.net) (Client Quit)
[18:40:28] <withzombies> unlock more cgc ones
[18:40:43] <withzombies> one of the 334 is a repeat
[18:40:49] <withzombies> i was lied to
[18:41:55] *** Joins: Ninn (~rekt@85.204.132.144.ip4.gigabit.dk)
[18:41:56] *** Joins: okaji39 (~7748c10a@em119-72-193-10.pool.e-mobile.ne.jp)
[18:43:54] *** Quits: WebIRC25733 (~49e7fda6@c-73-231-253-166.hsd1.ca.comcast.net) (Client Quit)
[18:44:24] <vito> withzombies: pm me which two
[18:46:19] <IceGuest_78_> hey bors
[18:46:21] <IceGuest_78_> bros
[18:46:30] <IceGuest_78_> what about xkcd ??
[18:47:02] <Lightning> it’s a good comic strip
[18:47:25] *** gynophage sets mode: +b IceGuest_78_!*@*
[18:47:28] *** IceGuest_78_ was kicked by gynophage (IceGuest_78_)
[18:47:32] <Lightning> i liked friday’s with the exact copies of digital data
[18:48:28] *** gynophage sets mode: +b *!*@105.158.152.121
[18:48:54] <dave0x6d> huh, did I just solve step already?
[18:49:08] <Lightning> dunno, try to submit the key
[18:50:03] *** Quits: cx (~Adium@189.217.214.103) (Ping timeout: 252 seconds)
[18:51:25] *** Joins: cx (~Adium@189.217.196.237)
[18:52:25] *** Quits: rffdtdtdtrdtrrth (~56068d05@cpc2-lewi16-2-0-cust260.2-4.cable.virginm.net) (Client Quit)
[18:52:26] *** Joins: cheybu_ (~cheybu@192.73.244.235)
[18:52:33] <lenerd> Can I ask a question regarding crippled?
[18:52:56] *** Joins: cx1 (~Adium@189.217.206.55)
[18:53:03] <gynophage> lenerd: PM.
[18:53:20] *** Joins: albn (~1883e35c@c-24-131-227-92.hsd1.pa.comcast.net)
[18:53:48] <dave0x6d> Lightning: when I ncat to the server it's not sending any data.
[18:53:56] *** Quits: c21 (d4101c82@ircip3.mibbit.com) (Client Quit)
[18:54:09] <Lightning> i don’t know anything about step
[18:54:12] <dave0x6d> oh there we go, netcat works
[18:55:06] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[18:55:24] *** Quits: chebaraska (~cheybu@192.73.244.235) (Ping timeout: 240 seconds)
[18:55:38] *** Quits: cx (~Adium@189.217.196.237) (Ping timeout: 252 seconds)
[18:55:57] *** Quits: joemalone (~5449cb3c@84-73-203-60.dclient.hispeed.ch) (Client Quit)
[18:56:25] *** Quits: cx1 (~Adium@189.217.206.55) (Read error: Connection reset by peer)
[18:56:30] *** Joins: cx (~Adium@189.217.206.55)
[18:56:31] *** Joins: C21 (d4101c82@ircip2.mibbit.com)
[18:56:33] *** Joins: zzoru (~zzoru@143.248.198.13)
[18:56:37] *** Joins: digitalseraphim_ (~digitalse@cpe-74-78-215-239.twcny.res.rr.com)
[18:56:57] *** digitalseraphim_ is now known as digitalseraphim
[18:57:07] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[18:57:20] *** Joins: gael (~gael@2a01:e34:ec02:c450:d547:b4b7:2303:2487)
[18:58:15] <SallyCroak> Lightning: https://www.youtube.com/watch?v=QrGrOK8oZG8
[18:58:45] <vito> I can't wait to enterTAYNE you
[18:59:05] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[18:59:13] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[19:00:44] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[19:00:46] *** Quits: zzoru (~zzoru@143.248.198.13) (Ping timeout: 252 seconds)
[19:00:56] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[19:01:05] <Lightning> SallyCroak: better?
[19:01:24] <dave0x6d> this is sad, I think I have the solution, but don't know how to print it properly with python lol
[19:02:24] <SallyCroak> Lightning: it wasn't a complaint, just a recommendation of another worthwhile video
[19:02:46] <Lightning> see if anyone adds it, multiple DJs going on. I’m digging around for some older things
[19:02:53] *** Quits: albn (~1883e35c@c-24-131-227-92.hsd1.pa.comcast.net) (Client Quit)
[19:02:59] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[19:03:00] <hbw> i love how youtube changed the video title to be in the correct font
[19:03:20] <dave0x6d> huh, it segfaults now.
[19:03:24] <dave0x6d> that's weird
[19:05:04] *** Joins: WebIRC36807 (~4e083e98@dynamic-78-8-62-152.ssp.dialog.net.pl)
[19:05:17] <WebIRC36807> hey, how many teams go to Defcon from this quals?
[19:05:25] *** Joins: cx1 (~Adium@189.217.206.55)
[19:05:28] *** Quits: cx (~Adium@189.217.206.55) (Read error: Connection reset by peer)
[19:05:56] * vito checks spreadsheet
[19:06:02] <dave0x6d> vito: ha, geek.
[19:06:04] <Lightning> 14 - number that qualified which is 6 so 8 by my count
[19:06:12] <vito> 7
[19:06:25] <vito> 6
[19:06:28] <vito> something
[19:06:29] <vito> i can't count
[19:06:34] <vito> that's why i have a spreadsheet
[19:06:55] <WebIRC36807> TOP8 ?
[19:07:00] <WebIRC36807> goes to LV
[19:07:00] *** Quits: dt (~dt@107.170.206.167) (Ping timeout: 252 seconds)
[19:07:11] <Lightning> WebIRC36807: top 8 + however many already qualified
[19:07:27] <WebIRC36807> yeah, I mean TOP8 from this quals-ctf
[19:07:27] <Lightning> https://blog.legitbs.net/2016/05/quick-quals-qupdate.html anyone on that list in the top 8 means we move past them
[19:07:31] <WebIRC36807> and 6 from others ctfs
[19:07:41] <sewilton> This guy is my spirit animal: https://assets-2016.legitbs.net/assets/mangle/retina/3-mangle-1-a43e37da9cea9e4ec8e4e86ba45c4fd8.jpg
[19:07:51] <Lightning> the 15th is the CGC computer bringing it to 15 teams at finals
[19:08:27] *** Joins: rhydis (~rhydis@anon-38-190.vpn.ipredator.se)
[19:09:35] <vito> sewilton: https://assets-2016.legitbs.net/assets/mangle/retina/3-mangle-2-04e8207c625242069affee6be1160e0e.jpg
[19:09:36] <gnomus> would be funny if the team that build the winning computer also qualifies
[19:09:52] <gnomus> then they would have to play against their creation
[19:09:56] *** Quits: cx1 (~Adium@189.217.206.55) (Ping timeout: 252 seconds)
[19:09:58] <vito> gnomus: funny but… not 100% surprising
[19:09:59] <fester> who would win
[19:09:59] <gynophage> gnomus: Not really. They won't be allowed to play.
[19:10:10] <sewilton> vito: That's a good one. I'm really digging this businesspunk theme
[19:10:25] <gnomus> gynophage: thats sad. would be fun to watch
[19:10:44] <gynophage> We have no way of knowing they're not seeding their CRS to beat all the humans through the network, in order to get the "We built a machine that beat humans." story published.
[19:11:31] <gnomus> i see
[19:12:11] <gynophage> It's shitty, but it's got to be that way. Also, when all the CGC teams accepted the invite last year, I believe they all agreed to that stipulation (though I was very drunk)
[19:12:40] <dave0x6d> bleh, are we allowed to try exploiting the RE challenges?
[19:12:56] <gynophage> dave0x6d: How many points do you have?
[19:13:00] <dave0x6d> ...not many.
[19:13:04] <gynophage> Sure, go ahead.
[19:13:11] <dave0x6d> lol
[19:13:14] <gynophage> If you think you've got an exploit in something people have RE'd, go right ahead.
[19:14:47] <Ymgve> time sink has definitely become a time sink for me
[19:15:46] *** Joins: cx (~Adium@189.217.214.103)
[19:16:03] *** Quits: t1deman (~t1deman@173-21-155-204.client.mchsi.com) (Remote host closed the connection)
[19:16:09] *** Joins: wahrwolf (~wahrwolf@p5DC6DC56.dip0.t-ipconnect.de)
[19:16:15] <vito> gj shellphish
[19:16:20] <dave0x6d> I feel like binary ninja might be lying to me.
[19:16:37] *** Joins: t1deman (~t1deman@173-21-155-204.client.mchsi.com)
[19:16:40] <cao> vito: ty ;)
[19:17:04] *** Joins: WebIRC25733 (~49e7fda6@c-73-231-253-166.hsd1.ca.comcast.net)
[19:17:24] *** Quits: rjenish (rjenish@bitcoinshell.mooo.com) (Ping timeout: 240 seconds)
[19:17:25] *** Quits: C21 (d4101c82@ircip2.mibbit.com) (Client Quit)
[19:18:36] <sewilton> Is "time sink" intended to actually open any windows or anything? We haven't found a machine that can run it yet -- everything just crashes or hangs
[19:18:56] <vito> open a window to your soul
[19:19:05] <sewilton> Ah I'll look there, thanks!
[19:19:14] *** Quits: Ninn (~rekt@85.204.132.144.ip4.gigabit.dk) (Client Quit)
[19:19:22] <vito> you're welcome!
[19:20:33] <WebIRC36807> who is the author of 334cuts?
[19:21:10] *** Quits: scifi (~2a74062c@42.116.6.44) (Client Quit)
[19:21:16] <vito> it's me
[19:21:27] <vito> maybe play it and don't pm literally every legitbs member
[19:21:52] <WebIRC36807> i pm only two of you
[19:21:53] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[19:21:59] <vito> still though
[19:22:06] *** Joins: jrackham (~a29@2601:601:c480:448:7566:de3b:48f9:757)
[19:22:20] *** Quits: supahot (~3e5c6fd3@62.92.111.211) (Client Quit)
[19:22:42] <WebIRC36807> err, what's your problem then?
[19:23:09] <dave0x6d> huh, IDA doesn't like step.
[19:23:10] <WebIRC36807> 'cos PM'ing two people is not 'literally every members' :/
[19:23:10] <dave0x6d> go figure.
[19:23:59] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[19:24:02] *** Joins: ar1s (~ar1s@host-85-201-47-135.dynamic.voo.be)
[19:24:19] <vito> but to answer your question, easy-prasky_335e35448b30ce7697fbb036cce45e34.quals.shallweplayaga.me:10001 and 334_cuts_22ffeb97cf4f6ddb1802bf64c03e2aab.quals.shallweplayaga.me:10334 don't point to the same thing
[19:25:11] *** Quits: WebIRC58077 (~a29@2601:14c:4400:32cf:bc5c:15b:a43:5db5) (Client Quit)
[19:25:20] <WebIRC36807> thank you, that's the answer i was expect, instead of insulting me
[19:25:24] *** Quits: t1deman (~t1deman@173-21-155-204.client.mchsi.com) (Ping timeout: 240 seconds)
[19:25:25] <dave0x6d> gynophage: the RE step challenge doesn't really explain if there's a difference between what's running on the server, or what we have.
[19:25:48] <gynophage> dave0x6d: There's not. Just like literally every challenge we've done.
[19:26:04] <dave0x6d> gynophage: so I don't need to use the remote server to get the flag...?
[19:26:24] *** Quits: liikt (~liikt@p549FCD3F.dip0.t-ipconnect.de) (Client Quit)
[19:26:48] *** Joins: WebIRC35378 (~9a05ae4f@d154-5-174-79.bchsia.telus.net)
[19:27:14] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[19:27:38] *** Quits: heapheap (~7d83e0b2@125.131.224.178) (Client Quit)
[19:27:56] *** Joins: power (~7d83e0b2@125.131.224.178)
[19:29:25] <Ymgve> dave0x6d: I assume there's some flag file that the challenge reads from or something
[19:30:23] *** Quits: ak (~add1ct@203.208.200.206) (Ping timeout: 252 seconds)
[19:30:28] <power> in legit00003, the given binary is same with running binary at server??
[19:30:30] *** Quits: jrackham (~a29@2601:601:c480:448:7566:de3b:48f9:757) (Client Quit)
[19:30:58] <gynophage> Yes.
[19:31:04] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[19:31:43] *** Joins: albn (~1883e35c@c-24-131-227-92.hsd1.pa.comcast.net)
[19:32:00] *** Joins: marble (Vos4wFyTXt@2a00:d0c0:200:0:b9:1a:9c0f:340)
[19:32:12] *** gynophage is now known as WebIRC00069
[19:32:42] *** Lightning is now known as WebIRC01337
[19:33:13] <ar1s> any CGC gurus here? my cb-test always complain that it doesn't negotiate. I have the right <negitiate> tags
[19:33:16] *** Joins: dt (~dt@107.170.206.167)
[19:33:26] <WebIRC00069> ar1s: Do you?
[19:33:32] <ar1s> I hope so
[19:33:37] <WebIRC00069> PM me?
[19:33:51] <WebIRC00069> I'm really good at computers.
[19:33:55] <WebIRC00069> You can tell by my nick.
[19:34:05] <ar1s> cool, I have a few friends who're good too
[19:34:14] <ar1s> they just work on real exploits, not CGC crap
[19:34:24] *** Quits: ling (~ling@li763-200.members.linode.com) (Ping timeout: 240 seconds)
[19:34:24] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[19:34:32] <WebIRC00069> Another one of you.
[19:34:34] <WebIRC00069> Cool.
[19:34:50] <WebIRC00069> "I don't understand, so I should be angry"
[19:35:08] <WebIRC00069> I've offered to help you, and asked you to PM me.
[19:35:28] <WebIRC36807> nah, real life experience is more valuable then cgc-which-noone-uses experience
[19:35:29] <WebIRC00069> No need for calling things crap because you don't understand them.
[19:35:53] <WebIRC00069> WebIRC36807: Then go fucking pop Chrome and leave us be.
[19:36:05] <bmc> Chrome > CGC
[19:36:09] <SallyCroak> at least pick a handle. we can't keep track of which webirc person is the douche and which one is just annoying
[19:36:33] *** Quits: WebIRC36807 (~4e083e98@dynamic-78-8-62-152.ssp.dialog.net.pl) (Client Quit)
[19:37:07] <dwn> "A successful Type 1 POV must result in the target binary faulting at the negotiated instruction pointer address with one additional general purpose register containing the second negotiated value."
[19:37:14] <dwn> what are the magic values
[19:37:17] <dwn> that this thing wants
[19:37:19] <WebIRC01337> didn’t realize i was annoying or a douche
[19:37:28] <WebIRC01337> I’m one of the nicer ones
[19:37:45] <ar1s> I see the idea behind CGC, but the doc is not very good and the first experience is frustrating
[19:37:49] <dwn> negotiated values = 0x41414141 and 0x42424242?
[19:37:57] *** Joins: WebIRC63556 (~c6e9cca6@198.233.204.166)
[19:38:06] *** Quits: WebIRC87118 (~d06be726@host-38-231-107-208.midco.net) (Client Quit)
[19:38:41] <ar1s> dwn: from what I understand you'll use the magic in places where they're supposed to be sent and it will replace them with what the server decided
[19:38:52] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[19:39:11] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[19:39:41] *** WebIRC01337 is now known as WebIRC31337
[19:40:07] <dave0x6d> bleh, I wish there was points for segfaulting :p
[19:40:57] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[19:40:57] *** Joins: nebel (~nicolai@130.225.98.198)
[19:41:56] *** Joins: Xaxxix (~Xaxxix@71-214-116-14.ptld.qwest.net)
[19:42:19] *** Quits: cx (~Adium@189.217.214.103) (Client Quit)
[19:43:02] <vito> get in a delorean and go to a year ago
[19:43:02] *** Joins: t1deman (~t1deman@173-21-155-204.client.mchsi.com)
[19:44:02] *** gnomus is now known as WebIRC42424
[19:44:09] *** Quits: nebel (~nicolai@130.225.98.198) (Client Quit)
[19:44:10] <WebIRC42424> hello.
[19:44:17] <WebIRC42424> where are the web challenges?
[19:44:53] <WebIRC25733> no
[19:45:06] <WebIRC31337> mine is in the garage
[19:45:16] <anthraxx> WebIRC42424: if you want http then use r2 on the challs, it has a web ui ^.^
[19:45:23] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[19:45:38] <WebIRC42424> i can haz webz plz
[19:45:40] <WebIRC42424> :D
[19:45:46] <WebIRC42424> anthraxx: fuck web lol
[19:45:49] <anthraxx> fuck web lol
[19:45:50] <anthraxx> !
[19:45:51] *** WebIRC42424 is now known as gnomus
[19:45:58] <vito> hell yeah b1o0p opened 666 cuts https://youtu.be/UbzUTRAUac4
[19:46:05] <WebIRC00069> dwn: ar1s - http://cgc-docs.legitbs.net/cgc-release-documentation/walk-throughs/understanding-cfe-povs/
[19:46:15] <WebIRC00069> Covers how negotiation works.
[19:46:36] <ar1s> thanks for the link, I've read that already. I think I'm stuck on a technicality, I'll continue digging
[19:46:57] <gnomus> there should be web challenges powered by a webserver running on cgc
[19:47:01] *** Joins: e^ipi (~john@104.131.112.129)
[19:47:02] <gnomus> everyone would be happy
[19:47:10] <WebIRC00069> ar1s: Feel free to PM me. If it's *really* a technicality, I may prod you the right way. I'm not going to feed you an exploit, though. :)
[19:47:20] *** Joins: cx (~Adium@189.217.214.103)
[19:47:29] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[19:47:32] <WebIRC00069> gnomus: If only CGC had a filesystem API...
[19:47:41] <gnomus> damn CGC crap
[19:47:47] <e^ipi> the points keep decaying even after you've solved the challenge?
[19:47:52] <gnomus> this is why we canÄt have nice things
[19:47:55] <WebIRC00069> e^ipi: Yes.
[19:47:59] <e^ipi> gotcha
[19:48:09] <gnomus> you should implement zfs support for cgc
[19:48:14] <WebIRC00069> e^ipi: Don't want to penalize teams who are asleep when a challenge unlocks.
[19:49:28] <gnomus> you shold penalize people who are asleep
[19:49:40] <vito> nah, we sleep
[19:49:43] <vito> that's what hard challenges are for
[19:51:14] <gnomus> organizing ccc congress teached me to stay awake for >24 hours :D
[19:51:51] <WebIRC31337> that makes it harder at the end, we prefer rest :)
[19:51:56] *** Joins: WebIRC49338 (~a29@2601:151:c000:2f10:ac91:47c7:baa9:6501)
[19:51:57] <gnomus> yeh
[19:51:58] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[19:52:08] <gnomus> but i reached my skill levels 10 hours ago
[19:52:22] <gnomus> just chillin and helping out my teammates now
[19:52:52] *** Quits: WebIRC49338 (~a29@2601:151:c000:2f10:ac91:47c7:baa9:6501) (Client Quit)
[19:53:25] *** Quits: power (~7d83e0b2@125.131.224.178) (Client Quit)
[19:53:45] <gnomus> at least we got pudding \o/
[19:54:12] <e^ipi> WebIRC00069: yeah, I get it. I just wasn't expecting it
[19:54:15] <e^ipi> now I know
[19:54:18] <dave0x6d> ah what the hell. https://i.imgur.com/uJdPm3x.png
[19:54:19] <e^ipi> it's your ctf, run it how you like
[19:54:40] <WebIRC31337> there goes 666 cuts
[19:54:51] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[19:54:56] *** mike_pizza is now known as dino_pizza
[19:54:59] *** Joins: jsc (~jsc@milstar.rpisec.org)
[19:55:05] <dino_pizza> welcome jsc
[19:55:10] <WebIRC00069> e^ipi: It was a last minute announcement. There are a lot of really nice properties to it if you think about it.
[19:55:18] <jsc> thanks dino_pizza
[19:56:05] <WebIRC00069> For example - a problem that is worth fewer points is probably easier (it has more solves...so its either easier, or it's cheated on).
[19:56:08] <[w33]deorth> dave0x6d: what disassembler package you using there ?
[19:56:16] <dave0x6d> [w33]deorth: it's binary ninja.
[19:56:20] <[w33]deorth> nice
[19:56:31] <dave0x6d> you can get into the beta for free.
[19:56:43] *** Joins: power (~7d83e0b2@125.131.224.178)
[19:56:50] <[w33]deorth> yeah.. I think I shall :)
[19:58:35] *** Quits: autolycos (~6f570996@111.87.9.150) (Client Quit)
[19:58:38] *** Quits: TMT (~TMT@5.210.33.114) (Client Quit)
[20:00:27] <e^ipi> WebIRC00069: sure, it's not even close to the worst idea i've heard. Makes a lot of sense for this CTF. Maybe not every CTF but certainly this one
[20:01:19] <gnomus> man this pudding is awesome
[20:01:28] <dave0x6d> it makes sense for the more competitive teams IMO
[20:01:40] <dave0x6d> kinda sucks when you're not competitive and just see your score keep falling down.
[20:01:47] *** Joins: zzoru (~zzoru@143.248.230.88)
[20:01:53] <rawrus> roofies are always the sweetest when they're fresh my good gnomus
[20:02:17] <dave0x6d> heh, linode user.
[20:02:17] <gnomus> rawrus: yeh
[20:02:26] <enen> gnomus: cocaine puddin?
[20:02:39] <rawrus> dave0x6d: whats wrong with leenode :pp
[20:02:41] <enen> wheres the snackle snaps?
[20:02:43] <gnomus> enen: nahh chocolate pudding
[20:03:14] *** Joins: autolycos (~6f570996@111.87.9.150)
[20:03:15] <gnomus> enen: see https://twitter.com/c3h2_ctf/status/734140379054886912
[20:04:18] *** Quits: autolycos (~6f570996@111.87.9.150) (Client Quit)
[20:04:18] <e^ipi> dave0x6d: that's sorta where I am, I just want to see how many points I can collect until tomorrow
[20:04:44] <e^ipi> that said, the format shouldn't be based around my own incompetence ;)
[20:05:23] <enen> thats... a lot of pudding
[20:05:54] <gnomus> we are 7 people currently...
[20:06:01] <dino_pizza> jsc: how are you? it's nice to see you again
[20:06:04] <gnomus> much pudding needed
[20:06:05] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[20:06:22] <e^ipi> what the hell are you guys talking about putting?
[20:06:28] <e^ipi> *pudding
[20:06:34] <WebIRC31337> Who’s on first?
[20:06:38] <gnomus> e^ipi: we made pudding
[20:06:47] <gnomus> and now we eat it
[20:06:53] <gnomus> and it's awesome
[20:07:03] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[20:07:09] <jsc> dino_pizza: doing pretty well, just contemplating when to start this beer
[20:07:14] <jsc> how's your evening going?
[20:07:21] *** Joins: whoisj0hngalt (~46b82536@wsip-70-184-37-54.tu.ok.cox.net)
[20:07:25] <gnomus> e^ipi: see https://twitter.com/c3h2_ctf/status/734140379054886912
[20:07:44] <whoisj0hngalt> Can someone tell me where the cb-replay-pov binary is?
[20:08:18] *** Joins: tdrv (~7ca8d7e4@124-168-215-228.dyn.iinet.net.au)
[20:08:28] <gnomus> whoisj0hngalt: have you looked in the pudding?
[20:09:08] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[20:09:27] <WebIRC00069> https://github.com/CyberGrandChallenge/cb-testing/blob/master/cb-replay-pov
[20:10:07] <whoisj0hngalt> You are a god. Thank you
[20:10:15] *** Quits: zzz (~4de7d5c0@77.231.213.192) (Client Quit)
[20:10:18] *** dino_pizza is now known as dino
[20:10:26] *** Quits: zzoru (~zzoru@143.248.230.88) (Ping timeout: 252 seconds)
[20:10:27] <dino> jsc: it's alright
[20:11:04] <WebIRC7330> WebIRC31337: Then who's playing first?
[20:11:05] <dave0x6d> what the hell is amd64g_calculate_RCL?
[20:11:19] <enen> 3~/win 19
[20:11:23] <dwn> in an XML POV how tf do I specify the input to the CB?
[20:11:26] <jsc> /win 666
[20:11:49] *** Joins: autolycos (~cb68807b@203.104.128.123)
[20:12:13] *** Joins: zzz (~4de7d5c0@77.231.213.192)
[20:12:38] *** Quits: t1deman (~t1deman@173-21-155-204.client.mchsi.com) (Ping timeout: 252 seconds)
[20:13:55] <dave0x6d> rotate through carry left?
[20:16:53] <[w33]Luwenth> Why does this lead singer look like the guitarist from "Spinal Tap"?
[20:20:37] *** Joins: autolycos1 (~cb68807b@203.104.128.123)
[20:21:18] *** Joins: WebIRC36312 (~8d594bb5@75-181.wlan.rz.uni-potsdam.de)
[20:21:22] *** Quits: albn (~1883e35c@c-24-131-227-92.hsd1.pa.comcast.net) (Client Quit)
[20:24:08] <dave0x6d> why wouldn't he?
[20:24:53] *** Quits: insaida (c4dc8009@ircip4.mibbit.com) (Client Quit)
[20:25:16] *** Quits: autolycos (~cb68807b@203.104.128.123) (Client Quit)
[20:27:27] *** Quits: zzz (~4de7d5c0@77.231.213.192) (Client Quit)
[20:29:57] *** Joins: t1deman (~t1deman@173-21-155-204.client.mchsi.com)
[20:30:09] *** Quits: Xaxxix (~Xaxxix@71-214-116-14.ptld.qwest.net) (Ping timeout: 252 seconds)
[20:30:45] <whoisj0hngalt> Stupid question. I suspect my banker PoC isn't working due to the busybox comment in the topic. Can anyone elaborate on that for me?
[20:33:25] <WebIRC31337> PM'd
[20:33:43] <WebIRC00069> whoisj0hngalt: execve("/bin/sh", NULL, NULL) will crash busybox.
[20:34:58] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[20:36:16] <e^ipi> gnomus: club mate is too expensive, you can just get a kilo of mate from a latin grocery for like $4
[20:36:59] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[20:38:23] <dave0x6d> what's the point exactly of having the RE challenges on a remote server?
[20:38:33] *** Joins: Guest92 (~textual@211.170.156.176)
[20:39:24] <dwn> do we have to run pov-xml2c on our povs and compile before sending?
[20:39:38] *** Quits: L0rdComm4ander (~Adium@194.210.230.86) (Client Quit)
[20:39:39] <dwn> says I'm not negotiating like what
[20:39:43] *** Quits: mandlebro (~ben@2001:690:2100:1b:4450:4ae:18d5:2041) (Client Quit)
[20:40:09] <anthraxx> dave0x6d: a RE chall doesn't mean the flag needs to be inside the provided binary
[20:40:12] <WebIRC00069> dwn: Try it?
[20:40:51] *** WebIRC00069 is now known as gynophage
[20:41:13] <gnomus> e^ipi: we are in germany. it's cheap here
[20:41:39] *** Quits: WebIRC36312 (~8d594bb5@75-181.wlan.rz.uni-potsdam.de) (Client Quit)
[20:43:06] *** Quits: NeedToLearn (~NeedToLea@2a01:e35:8b3c:cd30:f9ec:6607:fb1f:3d7) (Remote host closed the connection)
[20:43:23] *** Quits: Algo (~8ddfafe6@plus20.postech.ac.kr) (Client Quit)
[20:44:13] *** Joins: Rad (~c38eb243@195.142.178.67)
[20:44:13] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[20:44:24] <gnomus> also club mate != mate tea :)
[20:44:42] *** Joins: albn (~1883e35c@c-24-131-227-92.hsd1.pa.comcast.net)
[20:45:52] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[20:47:17] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[20:47:51] *** Joins: WebIRC6208 (~4e083720@dynamic-78-8-55-32.ssp.dialog.net.pl)
[20:48:02] <WebIRC6208> hey, who is the author of parsky?
[20:48:05] *** Quits: Rad (~c38eb243@195.142.178.67) (Client Quit)
[20:48:17] <WebIRC6208> *prasky
[20:48:56] *** Joins: rad (~Mutter@195.142.178.67)
[20:49:52] <rad> Hi cgc noob here
[20:49:57] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[20:50:15] <dave0x6d> $ cat /defcon/payload4 | ./step
[20:50:15] <dave0x6d> Key1: Illegal instruction (core dumped)
[20:50:22] <dave0x6d> TIL that's a possible way to dump your core lol
[20:50:35] <rad> I am trying to solve babysfirst category easy cgc one
[20:51:06] <rad> I can segfault locally with vagrant
[20:51:19] <rad> But on server it does not
[20:51:31] <dave0x6d> how do you know it doesn't segfault on the server?
[20:51:32] <rad> What may be the problem
[20:51:35] <WebIRC6208> what you have on the server?
[20:51:52] <rad> It says so
[20:52:07] <rad> There is a runner.py
[20:52:33] <rad> You send the crash string with base64 encode
[20:52:42] *** WebIRC31337 is now known as Lightning
[20:52:45] <WebIRC6208> do you have any info back from the server after your payload?
[20:53:00] *** Quits: cx (~Adium@189.217.214.103) (Client Quit)
[20:53:09] <gynophage> Rad, please PM me.
[20:53:11] <rad> Yes the python code says if it segfaulted
[20:53:39] *** Joins: dm_me_ur_flags (~47d6740e@71-214-116-14.ptld.qwest.net)
[20:54:10] <WebIRC6208> gynophage: may I also PM you, speaking of this challenge?
[20:54:24] <gynophage> You may.
[20:54:43] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[20:56:18] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[20:56:38] *** Joins: vap0r (~d06be726@host-38-231-107-208.midco.net)
[20:57:57] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[20:59:41] <gynophage> I forget if it was announced. easier was owned.
[21:00:24] <vito> https://gist.github.com/vito-lbs/124f7b33bc148d3a06ab7e0dcd9f2a7c
[21:00:25] <dave0x6d> who bought it?
[21:01:31] *** Joins: kkk (~kkkk@101.87.235.99)
[21:01:39] *** Joins: Epidem1x (~6c2d63c9@pool-108-45-99-201.washdc.fios.verizon.net)
[21:02:16] <SallyCroak> awesome video selection!
[21:03:22] *** Quits: Epidem1x (~6c2d63c9@pool-108-45-99-201.washdc.fios.verizon.net) (Client Quit)
[21:05:48] *** Quits: ReidB (~ReidB@198.233.204.166) (Ping timeout: 252 seconds)
[21:06:10] *** Quits: KALRONG (~kalrong@helga.network118.com) (Ping timeout: 252 seconds)
[21:07:28] *** Joins: zzoru (~zzoru@143.248.230.88)
[21:08:38] *** Joins: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net)
[21:09:30] * bool101 waves hello
[21:09:41] *** Quits: Yogurt (~48ea8c68@udp223884uds.hawaiiantel.net) (Client Quit)
[21:11:41] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[21:12:20] *** Joins: RoadKill (~RK@122-61-155-8.jetstream.xtra.co.nz)
[21:13:15] * Lightning waves back
[21:14:15] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[21:15:15] *** Quits: zzoru (~zzoru@143.248.230.88) (Ping timeout: 252 seconds)
[21:15:18] *** Joins: lurcifer (~4987ba92@c-73-135-186-146.hsd1.md.comcast.net)
[21:16:26] *** Joins: autolycos (~cb68807b@203.104.128.123)
[21:16:30] *** Quits: WebIRC6208 (~4e083720@dynamic-78-8-55-32.ssp.dialog.net.pl) (Client Quit)
[21:16:35] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[21:16:55] *** Quits: lurcifer (~4987ba92@c-73-135-186-146.hsd1.md.comcast.net) (Client Quit)
[21:17:54] *** Joins: WebIRC42649 (~7d1@2001:da8:b800:228:1d6a:c22b:9e2f:2d19)
[21:18:10] *** Quits: vap0r (~d06be726@host-38-231-107-208.midco.net) (Client Quit)
[21:18:40] *** Joins: lurcifer (~4987ba92@c-73-135-186-146.hsd1.md.comcast.net)
[21:19:06] *** Quits: autolycos (~cb68807b@203.104.128.123) (Client Quit)
[21:19:25] *** Joins: emtzlqjm (~emtzlqjm@192.95.u.lmu)
[21:19:38] <rad> On CGC environment can we run edb or any other gui debugger
[21:19:46] *** Quits: emtzlqjm (~emtzlqjm@192.95.u.lmu) (Remote host closed the connection)
[21:19:49] *** Joins: lcwntq (~lcwntq@192.95.u.lmu)
[21:20:12] *** Quits: [SaH]vasporig (~c338a952@195.56.169.82) (Client Quit)
[21:20:42] *** Joins: WebIRC3387 (~17fcc2f8@23.252.194.248)
[21:21:00] *** Joins: WebIRC85611 (~d23b5f87@210.59.95.135)
[21:21:03] <vito> idk
[21:21:06] <orbit> Is this LegitBS Bank support? I’m stuck in Tijuana and I seem to have lost my password to the online system, my username was something like admeen or admin ….
[21:21:11] <vito> if they're a wrapper over gdb, maybe
[21:21:16] *** Joins: WebIRC3632 (~6c0f7545@pool-108-15-117-69.bltmmd.fios.verizon.net)
[21:21:20] <vito> orbit: try •••••••
[21:21:20] *** Joins: Question (~7d1@2001:da8:b800:228:1d6a:c22b:9e2f:2d19)
[21:21:36] *** Quits: lurcifer (~4987ba92@c-73-135-186-146.hsd1.md.comcast.net) (Client Quit)
[21:21:39] <SallyCroak> don't you know that irc censors your password if you type it in?
[21:21:53] *** Quits: WebIRC42649 (~7d1@2001:da8:b800:228:1d6a:c22b:9e2f:2d19) (Client Quit)
[21:21:55] <Question> I'm sorry but this contest doesn't have web?
[21:22:06] *** Joins: KALRONG (~kalrong@213.143.50.1)
[21:22:12] <Lightning> Web? What is that?
[21:22:19] <orbit> thanks vito, worked!
[21:22:34] <orbit> just gotta find an atm…
[21:22:52] <Question> web pentest
[21:23:09] <enen> websexual
[21:23:15] <orbit> SallyCroak you probably dont have the supported banking client
[21:24:02] <Lightning> never heard of web pen testing, is that anything like tracert?
[21:25:02] *** Quits: Question (~7d1@2001:da8:b800:228:1d6a:c22b:9e2f:2d19) (Client Quit)
[21:25:56] *** Joins: Question (~7d1@2001:da8:b800:228:1d6a:c22b:9e2f:2d19)
[21:25:57] <WebIRC3387> It's something like removing a web nest at the top of the ceiling in your house
[21:26:25] *** Quits: rad (~Mutter@195.142.178.67) (Remote host closed the connection)
[21:26:42] <Ymgve> is something up with the legit_00003 challenge? it doesn't seem to respond the same way even though I give it the same input
[21:26:43] <Question> Jeopardy-style CTFs has a couple of questions (tasks) in range of categories. For example, Web, Forensic, Crypto, Binary or something else.
[21:26:51] <bspar> lol
[21:27:01] *** Quits: its_a_feature (~ad45af21@pool-173-69-175-33.bltmmd.fios.verizon.net) (Client Quit)
[21:27:29] <Lightning> We have Baby’s First, Coding, See Gee, Sea, Pwnable, Reverse Engineering, There I Fixed it. Any of those fit? :)
[21:27:55] <vito> fwiw none of them support sqlmap
[21:27:56] <cao> recon and forensics are clearly missing
[21:28:10] <rhydis> all categories are accessible through a *web* interface if that helps
[21:28:12] <cao> those are the bestest
[21:28:18] * gynophage slaps cao around a bit with a large tope
[21:28:37] <vito> i do know that https://cgc-docs.legitbs.net/ isn't a secret ctf challenge
[21:28:47] <gynophage> We had recon.
[21:28:50] <gynophage> It was fucking research CGC.
[21:28:53] <gynophage> You ALL fucking failed.
[21:29:02] * vito looks at cgc category solutions
[21:29:05] <vito> well, some teams didn't fail
[21:29:17] *** Joins: ling (~ling@li763-200.members.linode.com)
[21:29:23] <Lightning> Question: Can I use my cgi to access the http of the url on the browser of the remote server?
[21:29:52] *** Joins: Xaxxix (~Xaxxix@71-214-116-14.ptld.qwest.net)
[21:29:54] <Ymgve> can someone verify that legit_00003 works as intended now? because it seems like it has some wires crossed and I get the response from other people's exploits
[21:30:18] <cao> Ymgve: works as intended
[21:30:55] <Ymgve> it's just that it crashes on input that's _not_ supposed to crash it
[21:31:32] *** Quits: Question (~7d1@2001:da8:b800:228:1d6a:c22b:9e2f:2d19) (Client Quit)
[21:32:49] <Lightning> i told gyno, up to him if he responds
[21:33:15] <WebIRC3387> Who is the guy with red hair?
[21:33:36] <Lightning> probably gyno, he usually dyes his hair
[21:34:00] <WebIRC3387> I want to dye my hair like him
[21:34:03] <WebIRC3387> I am fan of him
[21:34:04] <WebIRC3387> ;)
[21:34:25] <Lightning> could have been deadwood too (if i’m not mixing people up) but gyno dyes his hair more
[21:34:47] <gynophage> WebIRC3387: It was probably me.
[21:35:36] <WebIRC3387> Great!
[21:37:54] *** Quits: WebIRC70190 (~c04c080d@client-8-13.eduroam.oxuni.org.uk) (Client Quit)
[21:38:17] <fester> I read through https://cgc-docs.legitbs.net/cgc-release-documentation/walk-throughs/understanding-cfe-povs/
[21:38:26] <vito> cool
[21:38:34] <fester> but I don't understand where this goes inside the pov, is there an example pov?
[21:38:43] <gynophage> fester: Yes!
[21:39:09] *** Quits: WebIRC3387 (~17fcc2f8@23.252.194.248) (Client Quit)
[21:40:01] <gynophage> https://github.com/CyberGrandChallenge/samples/blob/c96765ed584c573c850b1a06ce3fb42ad98dea38/templates/service-template/pov/POV_00002.povxml
[21:40:28] <vito> and the two pov_0 and pov_1 dirs in that template too
[21:40:50] <fester> thank you
[21:41:46] *** Joins: ReidB (~ReidB@198.233.204.166)
[21:42:51] *** Joins: Hankein (~de800f6a@222.128.15.106)
[21:43:56] *** Quits: c3h2beamer (~felix@p5DC6DC56.dip0.t-ipconnect.de) (Client Quit)
[21:44:51] <gynophage> fester: <3
[21:44:52] <mserrano> who wrote amadhj?
[21:44:55] <gynophage> hj
[21:44:57] *** Quits: WebIRC7330 (~d06be726@host-38-231-107-208.midco.net) (Client Quit)
[21:44:59] <gynophage> A Mad HJ.
[21:45:06] <hj> surprise
[21:46:10] *** Quits: dt (~dt@107.170.206.167) (Client Quit)
[21:46:17] <hoju> <3
[21:49:07] *** Quits: albn (~1883e35c@c-24-131-227-92.hsd1.pa.comcast.net) (Client Quit)
[21:55:01] <dave0x6d> So for step, is this anywhere close to what I should be getting? https://0bin.net/paste/nvl68z6NfoI1lj2v#1aYjxIQtJWQWmwTemt+iTBCw++i6lNqI6ocKwWl3vav
[21:55:29] <dave0x6d> actually no, that can't be it.
[21:56:08] <dave0x6d> hj: I didn't think that data was that private =\
[21:56:21] *** Joins: dt (~dt@107.170.206.167)
[21:58:08] *** Joins: cx (~Adium@189.217.214.103)
[21:59:35] *** Quits: tdrv (~7ca8d7e4@124-168-215-228.dyn.iinet.net.au) (Client Quit)
[22:02:00] <dave0x6d> anyway, that paste is not helpful in the slightly way to other teams if anyone was wondering. it's literally just capstone disassembling a bit of the binary.
[22:02:04] <b2xiao> so now I really want a graph of the scores over time
[22:02:08] <b2xiao> because of the decreasing thing
[22:02:12] <b2xiao> it would be super interesting
[22:05:07] *** Quits: [w33]deorth (~deorth@c-76-126-64-50.hsd1.ca.comcast.net) (Ping timeout: 252 seconds)
[22:06:23] *** Joins: lurcifer (~4987ba92@c-73-135-186-146.hsd1.md.comcast.net)
[22:06:27] <b2xiao> gynophage, hj: anyone up to make a scoreboard graph?
[22:06:35] <b2xiao> it would be interesting to see!
[22:06:50] <hj> that would probably be a vito job
[22:06:53] <hj> he has all the datas
[22:07:23] *** Joins: zzoru (~zzoru@143.248.230.88)
[22:07:56] <Lightning> b2xiao: no promises before the end of quals
[22:08:04] <Lightning> he’s a bit tied up right now
[22:08:04] <sigtrap_> so can you do arithmetic expressions in POVML?
[22:08:16] <hj> there some kinky stuff going on at gynos house
[22:08:30] <gynophage> sigtrap_: XML won't work.
[22:08:32] <Lightning> hj: i should know :)
[22:08:46] <gynophage> Just use the xmlpov2c thing.
[22:08:48] <gynophage> And make a binary.
[22:08:59] <gynophage> b2xiao: That can be a post processing thing. We have all the data.
[22:09:00] <hj> im jealous i have some mad rope skills
[22:09:15] <gynophage> Vito is making slushies for robots.
[22:09:24] <sigtrap_> -_- already did that for the other one, idk why I'm so dumb
[22:09:57] <gynophage> Maybe you just keep bad company?
[22:11:51] *** Quits: lurcifer (~4987ba92@c-73-135-186-146.hsd1.md.comcast.net) (Client Quit)
[22:13:15] *** Joins: lurcifer (~4987ba92@c-73-135-186-146.hsd1.md.comcast.net)
[22:14:23] <sigtrap_> I'm going to continue to blame the meds
[22:14:39] *** Quits: WebIRC85611 (~d23b5f87@210.59.95.135) (Client Quit)
[22:14:47] <crowell> 420 med it
[22:14:52] <gynophage> I did mis-inform earlier.
[22:14:57] <gynophage> I thought XML would work. I was wrong.
[22:15:11] <gynophage> Someone thought checking the extension instead of the file magic was a good idea.
[22:15:19] *** Quits: lurcifer (~4987ba92@c-73-135-186-146.hsd1.md.comcast.net) (Client Quit)
[22:15:34] <gynophage> (cb-replay-pov issue)
[22:15:46] <gynophage> Err..."feature"
[22:16:34] *** Quits: spaghetti (~pasta@152.179.157.250) (Ping timeout: 252 seconds)
[22:16:50] *** Joins: lurcifer (~4987ba92@c-73-135-186-146.hsd1.md.comcast.net)
[22:18:04] *** Joins: spaghetti (~pasta@65.216.151.126)
[22:18:26] <zzoru> gynophage: Will you patch that?
[22:18:53] <gynophage> No.
[22:18:54] *** Quits: lurcifer (~4987ba92@c-73-135-186-146.hsd1.md.comcast.net) (Client Quit)
[22:19:22] <gynophage> That'd be like asking me to patch busybox to not crash if argv[0] is NULL.
[22:19:50] <zzoru> Nope, xml problem
[22:20:50] <gynophage> There's a tool to change xml to c.
[22:20:55] <gynophage> Use that.
[22:21:05] <zzoru> Thanks :)
[22:21:29] *** Joins: stick (~stick@216.68.89.100)
[22:21:41] *** Joins: ReidB_ (~ReidB@198.233.204.166)
[22:22:36] <whoisj0hngalt> Where is the xmlpov2c tool? Don't immediately see it in the crs vm
[22:23:10] *** Quits: ReidB (~ReidB@198.233.204.166) (Ping timeout: 252 seconds)
[22:23:18] *** Joins: null (uid40108@id-40108.charlton.irccloud.com)
[22:24:05] <gynophage> https://github.com/CyberGrandChallenge/pov-xml2c
[22:24:33] *** Quits: stick_ (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[22:25:57] <dacat> sorry i just woke up and didnt scroll all the way back to see if this was answered, but for Legit_00003 do we send the entire pov XML or just a string
[22:26:14] <gynophage> dacat - binary.
[22:26:21] <dacat> cool thanks!
[22:26:45] <gynophage> So, go run that tool I just mentioned, to make c, and then compile that with the gcc toolchain.
[22:26:48] <gynophage> cgc*
[22:26:53] <dacat> got ya :)
[22:27:07] <gynophage> I thought our stuff supported XML. I was wrong. I'm sorry. :(
[22:27:57] *** Joins: nerder (~c2dcb87b@194.220.184.123)
[22:27:57] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[22:28:24] *** Joins: H2 (~0e34601a@14.52.96.26)
[22:28:30] *** Joins: tdrv (~7ca8d7e4@124-168-215-228.dyn.iinet.net.au)
[22:29:29] *** Quits: nerder (~c2dcb87b@194.220.184.123) (Client Quit)
[22:29:57] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[22:31:36] <power> if i want to solve legit00003
[22:31:52] <power> should i read all of https://cgc-docs.legitbs.net???
[22:32:20] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[22:32:39] *** Quits: rms (~b764d5a3@183.100.213.163) (Client Quit)
[22:34:03] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[22:34:35] <dave0x6d> power: no, only line numbers that are multiples of log(2^π)
[22:35:35] *** Quits: tdrv (~7ca8d7e4@124-168-215-228.dyn.iinet.net.au) (Client Quit)
[22:36:04] *** Quits: bigred (~d8445964@216.68.89.100) (Client Quit)
[22:36:43] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[22:36:48] *** Joins: [w33]deorth (~deorth@c-76-126-64-50.hsd1.ca.comcast.net)
[22:37:16] <toomanybananas> heh
[22:37:19] <r3dey3> I thought it was multiples of ln(e^2).. man i was wrong
[22:37:32] <toomanybananas> pretty sure i solved 334 cuts in the complete opposite way of intended
[22:38:45] <anthraxx> gynophage: can I /q you for a question about libpov?
[22:38:46] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[22:39:28] *** Joins: [w33]deo1th (~deorth@c-76-126-64-50.hsd1.ca.comcast.net)
[22:39:33] *** Quits: [w33]deo1th (~deorth@c-76-126-64-50.hsd1.ca.comcast.net) (Client Quit)
[22:39:49] *** Quits: [w33]deorth (~deorth@c-76-126-64-50.hsd1.ca.comcast.net) (Client Quit)
[22:39:59] *** Joins: [w33]deorth (~deorth@c-76-126-64-50.hsd1.ca.comcast.net)
[22:40:30] *** Joins: WebIRC7330 (~18e63889@host-137-56-230-24.midco.net)
[22:40:43] <[w33]deorth> wtf is matineechannel
[22:40:52] <[w33]deorth> and why am I seeing snow on the music feed :)
[22:41:47] *** Quits: WebIRC7330 (~18e63889@host-137-56-230-24.midco.net) (Client Quit)
[22:42:55] *** Quits: KALRONG (~kalrong@213.143.50.1) (Client Quit)
[22:43:19] <hoju> because youtube
[22:43:25] <[w33]deorth> :)
[22:43:31] *** Joins: structure (~440eaa68@ip68-14-170-104.ok.ok.cox.net)
[22:43:32] <[w33]deorth> it happens
[22:43:37] *** Quits: spaghetti (~pasta@65.216.151.126) (Remote host closed the connection)
[22:44:08] * nwx wonders where said music feed might reside on the internets
[22:44:16] *** Joins: spaghetti (~pasta@65.216.151.126)
[22:44:17] * [w33]deorth points to the topic
[22:44:45] <nwx> oh
[22:44:50] * nwx facepalms
[22:44:57] *** Quits: WebIRC70842 (~d5909513@213.144.149.19) (Client Quit)
[22:45:02] <[w33]deorth> :)
[22:49:48] *** Joins: agix (~5758af27@che33-h05-87-88-175-39.dsl.sta.abo.bbox.fr)
[22:50:08] <[w33]deorth> I’ve never actually seen the video for what does the fox say
[22:50:11] <[w33]deorth> thank you :)
[22:50:48] *** Quits: power (~7d83e0b2@125.131.224.178) (Client Quit)
[22:50:55] <gynophage> anthraxx: Sure!
[22:51:12] *** Joins: heapisnotfun (~7d83e0b2@125.131.224.178)
[22:51:46] <nwx> what is up with this "music"
[22:51:49] <nwx> ಠ_ಠ
[22:52:07] <[w33]deorth> not all music is musical :)
[22:52:26] <heapisnotfun> maybe i'm the only one who can't solve heapfun4u until now
[22:52:39] <heapisnotfun> heapfun4u makes me crazy
[22:53:36] *** Quits: spq (~spq@arm.kjanke.com) (Ping timeout: 252 seconds)
[22:53:39] *** Joins: spq (~spq@arm.kjanke.com)
[22:55:31] *** Joins: FADEC0D3 (~FADEC0D3@d-26-169-194-623.hsd0.ca.comcast.net)
[22:55:37] <FADEC0D3> any admins available to ping?
[22:55:43] *** Joins: autolycos (~cb68807b@203.104.128.123)
[22:56:07] *** Quits: offw0rld_ (~offw0rld@5.254.148.12) (Client Quit)
[22:57:02] *** Quits: Xaxxix (~Xaxxix@71-214-116-14.ptld.qwest.net) (Remote host closed the connection)
[22:57:06] <nwx> ಠ_ಠ https://imgur.com/Z05b8Q0
[22:57:16] *** Quits: heapisnotfun (~7d83e0b2@125.131.224.178) (Client Quit)
[22:57:40] <gynophage> FADEC0D3: Sup?
[22:58:57] *** Quits: okaji39 (~7748c10a@em119-72-193-10.pool.e-mobile.ne.jp) (Client Quit)
[22:59:19] *** Joins: dapan (~77ca50cb@119.202.80.203)
[23:00:19] *** Quits: autolycos (~cb68807b@203.104.128.123) (Client Quit)
[23:00:20] <agix> hello, any documentation how to compile pov from the xml format ?
[23:00:48] *** Joins: autolycos (~6f570996@111.87.9.150)
[23:01:10] <gynophage> https://github.com/CyberGrandChallenge/cb-testing
[23:01:15] <gynophage> cgc-cb.mk
[23:01:18] <gynophage> Has some stuff.
[23:01:33] <agix> mmh ok
[23:01:45] *** Quits: t1deman (~t1deman@173-21-155-204.client.mchsi.com) (Remote host closed the connection)
[23:01:46] <vito> http://cgc-docs.legitbs.net/pov-xml2c/pov-xml2c/
[23:01:56] <agix> yep to get C code it's okay
[23:02:26] <agix> then I found an ugly way to compile but it does nothing
[23:02:40] <agix> xml crash the binary
[23:02:43] *** Quits: uri (~uri@248.red-213-96-13.staticip.rima-tde.net) (Remote host closed the connection)
[23:03:04] <agix> not the converted then compiled version
[23:03:29] <[SpamAndHex]KT> how much time b1o0p has to open a new challenge?
[23:03:46] <ltfish> they are making a really careful decision :-)
[23:04:14] *** Quits: rhydis (~rhydis@anon-38-190.vpn.ipredator.se) (Ping timeout: 252 seconds)
[23:04:22] *** Joins: WebIRC45137 (~17fcc382@23.252.195.130)
[23:04:34] *** Joins: Shortman (~textual@seclab-fw.seclab.cs.ucsb.edu)
[23:04:42] *** Quits: WebIRC45137 (~17fcc382@23.252.195.130) (Client Quit)
[23:04:49] *** Joins: WebIRC18115 (~17fcc382@23.252.195.130)
[23:04:51] <cao> stalling you mean to have more time to solve LEGIT_00002 ;-)
[23:05:00] *** Joins: WebIRC75432 (~6e4c6541@110.76.101.65)
[23:05:50] *** Quits: H2 (~0e34601a@14.52.96.26) (Client Quit)
[23:07:47] <gynophage> If they don't pick soon, we'll pick one so we can go to bed.
[23:08:27] <ltfish> patching is open
[23:08:50] <ltfish> free points for b1o0p I guess :-)
[23:10:13] *** Joins: WebIRC98736 (~7d83e0b2@125.131.224.178)
[23:10:28] *** Joins: WebIRC22159 (~49e7555b@c-73-231-85-91.hsd1.ca.comcast.net)
[23:10:39] <WebIRC22159> hey, I can't resolve the hostname to submit my 04 patch
[23:11:22] <gynophage> WebIRC22159: Looking at it.
[23:11:37] *** Joins: okaji39 (~75374499@em117-55-68-153.emobile.ad.jp)
[23:12:15] <tylerni7> lol
[23:12:16] <tylerni7> sniped
[23:12:20] <tylerni7> lolol
[23:12:25] <WebIRC22159> dammit I still can’t resolve
[23:12:35] <[w33]deorth> did you reboot?
[23:12:40] *** Joins: giosch (~83af1cc5@global-deiInsideNECST.dei.polimi.it)
[23:12:40] <WebIRC22159> dig +trace
[23:12:44] <WebIRC22159> from a different box too
[23:12:53] <tylerni7> WebIRC22159: ;)
[23:13:19] <giosch> are there any admin that can help me with cgc pov file format?
[23:13:23] <[w33]deorth> https://www.youtube.com/watch?v=SXmv8quf_xM
[23:14:07] <gynophage> Question text updated.
[23:14:09] <gynophage> Sorry.
[23:14:11] <WebIRC18115> Address: 8.8.8.8#53
[23:14:11] <WebIRC18115> ** server can't find legit_00004_patch_c87784d25829f281e6d0205eaac5da7c.shallweplayaga.me: NXDOMAIN
[23:14:17] <WebIRC18115> What is the IP for that?
[23:14:19] <gynophage> WebIRC18115: Missing quals
[23:14:29] *** Joins: t1deman (~t1deman@173-21-155-204.client.mchsi.com)
[23:14:31] <gynophage> legit_00004_patch_{}.quals.shallweplayaga.me
[23:14:39] <gynophage> We updated the question text.
[23:14:43] <WebIRC22159> dammit I would've had first blood on that
[23:14:44] <WebIRC18115> I see
[23:14:50] <WebIRC22159> refreshed right as it came up and it didn't resolve :(
[23:14:53] <tylerni7> WebIRC22159: we were pretty quick on the f5 waiting for it
[23:15:04] <WebIRC22159> I had the line ready, was just waiting for a hostname
[23:15:23] <WebIRC22159> gj, still salty though :)
[23:15:24] *** Quits: eegeek (~eegeek@hackint/user/eegeek) (Ping timeout: 240 seconds)
[23:15:28] <tylerni7> WebIRC22159: :P
[23:15:31] <cd80> wow
[23:15:34] <WebIRC98736> '
[23:15:35] <cd80> ppp guessed the url
[23:15:45] <WebIRC25733> *pattern matched
[23:16:13] <withzombies> does anyone else have issues with ida 6.9 on the mac?
[23:16:19] <withzombies> it stops letting me click on things in hexrays
[23:16:21] <withzombies> :(
[23:16:27] <cao> withzombies: I can try, just send me your ida
[23:16:32] <WebIRC22159> it works fine here, both wine and not
[23:16:40] <withzombies> i mean the os x version
[23:16:40] <dwn> working fine on windows here
[23:16:47] <withzombies> the windows one always works
[23:16:50] <withzombies> its the only one they test
[23:16:50] <dwn> ;)
[23:16:57] <marble> I have problems with my binary
[23:17:10] <marble> It's too many one and too few zeros
[23:17:12] *** Joins: bigred (~474f28be@cpe-71-79-40-190.cinci.res.rr.com)
[23:17:14] <dwn> withzombies: binja allows you to click on things
[23:17:17] *** Quits: WebIRC18115 (~17fcc382@23.252.195.130) (Client Quit)
[23:17:33] *** Joins: eegeek (~eegeek@hackint/user/eegeek)
[23:18:01] <WebIRC22159> withzombies: I use both mac and windows, both work really well here
[23:18:06] *** Joins: add1ct (~add1ct@203.208.200.206)
[23:18:08] <gynophage> PPP - we're cooling you down soon.
[23:18:12] <gynophage> Pick your poison.
[23:18:44] <gynophage> We're trying to decide if we get to sleep.
[23:18:54] *** Quits: t1deman (~t1deman@173-21-155-204.client.mchsi.com) (Ping timeout: 252 seconds)
[23:19:11] <b2xiao> it would be interesting to see!
[23:19:20] <b2xiao> up-enter fail
[23:20:15] <withzombies> dwn: i use binja
[23:20:30] * nwx is slightly confused
[23:20:33] <nwx> *very
[23:22:03] *** Quits: kkk (~kkkk@101.87.235.99) (Client Quit)
[23:22:29] <e^ipi> withzombies: nope, works fine with me
[23:24:57] *** Quits: IAmG0d (~44860fdb@pool-68-134-15-219.bltmmd.fios.verizon.net) (Client Quit)
[23:25:25] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[23:26:05] *** Joins: TheVamp_ (~TheVamp@p579606D5.dip0.t-ipconnect.de)
[23:28:16] <toomanybananas> wtf am i watching
[23:29:06] <[w33]Luwenth> Something hysterically funny...
[23:29:07] <nsr_> toomanybananas: the distraction module? :P
[23:29:27] <[w33]Luwenth> "36 D batteries"
[23:29:52] <[w33]deorth> hehe
[23:29:54] *** Quits: TheVamp (~TheVamp@p57960EA4.dip0.t-ipconnect.de) (Ping timeout: 252 seconds)
[23:30:01] <[w33]deorth> this is... bizarre
[23:30:04] <[w33]deorth> but good
[23:31:14] <[w33]Luwenth> "it'd take a lot of work to whip this dip by hand" ... uh... sure it wou.d.
[23:31:16] <dm_me_ur_flags> thanks for the fun
[23:31:17] <[w33]Luwenth> (would)
[23:31:25] *** Parts: dm_me_ur_flags (~47d6740e@71-214-116-14.ptld.qwest.net) ()
[23:35:50] *** Quits: giosch (~83af1cc5@global-deiInsideNECST.dei.polimi.it) (Client Quit)
[23:36:08] <hoju> poor dip
[23:36:13] <[w33]deorth> :)
[23:36:56] <computerality> what team solved easier?
[23:36:56] *** Quits: ling (~ling@li763-200.members.linode.com) (Remote host closed the connection)
[23:37:28] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[23:37:40] *** Joins: ling (~ling@li763-200.members.linode.com)
[23:37:50] <gynophage> DEFKOR
[23:39:00] <[w33]Luwenth> How do we get the weekend playlist out of musiqpad ???
[23:39:38] <gynophage> [w33]Luwenth: Check your youtube history.
[23:39:39] <gynophage> <3
[23:40:24] <[w33]Luwenth> gynophage: Hahaha... no. You've been playing on my xbox all weekend.
[23:40:32] <gynophage> Aww. :\
[23:40:34] <[w33]Luwenth> But I found it :)
[23:40:52] <[w33]Luwenth> (so you know, if you do pwn my xbox, please go level me up in Fallout4 a bunch. kthxbye)
[23:41:09] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[23:41:25] <[w33]Luwenth> Oh dammit, history is only 50 deep :(
[23:43:24] <[w33]Luwenth> How can I remember all the distractoids when I'm trying to feedme!
[23:43:28] *** Joins: kkk (~kkkk@202.120.39.99)
[23:43:54] *** Joins: WebIRC88495 (~0e34601a@14.52.96.26)
[23:44:06] <rabidwh0re> man, all this shit is over my head. Didn't solve any challs, but I guess my IDA and angr skills are better now.¯\_(ツ)_/¯
[23:44:22] <nwx> ^
[23:44:53] <nwx> hey is this Intel or AT&T? https://www.exploit-db.com/exploits/39700/
[23:46:00] <[w33]Luwenth> I'm betting intel.
[23:46:05] <[w33]deorth> looks like it
[23:46:09] <[w33]Luwenth> I think att tends to put % and $ all over the place.
[23:46:18] <[w33]deorth> att always looks noisy
[23:46:52] <nwx> but don't intel registers usually not start with r: eax eip vs. rax rsi...
[23:47:09] <rabidwh0re> "sub sp,0xfef" makes me think its ATT
[23:47:09] <[w33]deorth> thats 32 bit vs 64bit
[23:47:18] <nwx> ah
[23:47:23] <[w33]deorth> 64 bit intel registers start with r
[23:47:29] <rabidwh0re> but im shit at asm
[23:47:40] <gynophage> [w33]deorth: Then what about r0 in MIPS?
[23:47:41] <gynophage> #REKT
[23:47:46] <[w33]deorth> well yeah
[23:47:52] <[w33]deorth> I'm giving the guy generalizations :)
[23:48:13] <[w33]deorth> you want specifics, I say RTFM
[23:48:22] <[w33]deorth> :)
[23:48:28] <nwx> [w33]deorth: lol i though you said "gay generalizations"
[23:48:59] *** Joins: giosch (~83af1cc5@global-deiInsideNECST.dei.polimi.it)
[23:49:04] *** Quits: at1as (~at1as@kurios.r4780y.com) (Read error: Connection reset by peer)
[23:50:24] *** Joins: at1as (~at1as@kurios.r4780y.com)
[23:52:06] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[23:53:06] *** Quits: WebIRC95042 (~7748c68a@em119-72-198-138.pool.e-mobile.ne.jp) (Client Quit)
[23:54:53] <[w33]deorth> jesus gyno
[23:55:00] <[w33]deorth> 8 mins of this ?
[23:55:05] <gynophage> 10.
[23:55:15] <[w33]deorth> I guess it could have been nyancat
[23:55:17] <gynophage> We're tired.
[23:55:22] <[w33]deorth> I will count my blessings
[23:55:22] <gynophage> I kinda forgot I was DJ.
[23:55:38] <[w33]deorth> the music channel has been pretty awesome
[23:55:53] *** Quits: Octothrope (~d06be726@host-38-231-107-208.midco.net) (Client Quit)
[23:56:19] <fester> how can i tell if a pov is successful? I just get #done #waiting
[23:57:24] <gynophage> fester: You'll get a flag.
[23:57:30] <fester> locally
[23:58:50] *** Joins: q1a1 (~Thunderbi@111.93.218.4)
[00:01:21] *** Quits: TheVamp_ (~TheVamp@p579606D5.dip0.t-ipconnect.de) (Ping timeout: 252 seconds)
[00:02:31] <dacat> yeah so im not having any luck compiling output of the pov-xml2c :(
[00:03:22] <dacat> nvm
[00:03:32] <fester> lol
[00:03:39] <dacat> hehe
[00:04:17] *** Quits: Lightning (~Lightning@legitbs.net) (Client Quit)
[00:04:34] *** Quits: selir (~selir@50-89-219-191.res.bhn.net) (Client Quit)
[00:05:48] *** Joins: WebIRC87118 (~d06be726@host-38-231-107-208.midco.net)
[00:06:48] *** Quits: WebIRC87118 (~d06be726@host-38-231-107-208.midco.net) (Client Quit)
[00:08:14] *** Quits: WebIRC52671 (~ad33addb@173.51.173.219) (Client Quit)
[00:08:29] *** Quits: WebIRC88495 (~0e34601a@14.52.96.26) (Client Quit)
[00:09:03] *** Quits: FADEC0D3 (~FADEC0D3@d-26-169-194-623.hsd0.ca.comcast.net) (Ping timeout: 252 seconds)
[00:13:45] *** Quits: autolycos (~6f570996@111.87.9.150) (Client Quit)
[00:15:37] *** Joins: autolycos (~6f570996@111.87.9.150)
[00:16:19] *** Joins: t1deman (~t1deman@173-21-155-204.client.mchsi.com)
[00:17:24] *** Joins: FADEC0D3 (~FADEC0D3@d-26-169-194-623.hsd0.ca.comcast.net)
[00:20:47] *** Quits: t1deman (~t1deman@173-21-155-204.client.mchsi.com) (Ping timeout: 252 seconds)
[00:21:58] *** Quits: FADEC0D3 (~FADEC0D3@d-26-169-194-623.hsd0.ca.comcast.net) (Ping timeout: 252 seconds)
[00:26:19] *** Joins: stick_ (~stick@216.68.89.100)
[00:26:50] *** Joins: Sliden (Sliden@dhcp-18-111-18-34.dyn.mit.edu)
[00:26:50] *** Quits: Sliden_ (Sliden@dhcp-18-111-18-34.dyn.mit.edu) (Read error: Connection reset by peer)
[00:28:03] *** Joins: anotherctfer (~d8a94d9c@216.169.77.156)
[00:28:14] *** Joins: nerder (~c2dcb87b@194.220.184.123)
[00:29:09] *** Joins: stick__ (~stick@216.68.89.100)
[00:29:18] *** Quits: stick (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[00:29:39] *** Quits: nerder (~c2dcb87b@194.220.184.123) (Client Quit)
[00:29:53] <WebIRC98736> crippled..
[00:30:44] <Ymgve> it really _is_ crippled
[00:30:50] *** Joins: Sliden_ (Sliden@dhcp-18-111-18-34.dyn.mit.edu)
[00:31:08] *** Quits: Sliden (Sliden@dhcp-18-111-18-34.dyn.mit.edu) (Ping timeout: 252 seconds)
[00:31:10] <Ymgve> whoever coded that compiler must have been drunk :)
[00:31:22] <[w33]deorth> like.. beyond the ballmer peak ?
[00:31:45] *** Quits: tyh (uid164708@2604:8300:100:200b:6667:5:2:8364) (Client Quit)
[00:31:47] *** Quits: stick_ (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[00:32:30] *** Joins: stick (~stick@216.68.89.100)
[00:34:43] *** Quits: stick__ (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[00:34:53] *** Quits: WebIRC3632 (~6c0f7545@pool-108-15-117-69.bltmmd.fios.verizon.net) (Client Quit)
[00:35:54] *** Joins: WebIRC28460 (~0e34601a@14.52.96.26)
[00:36:12] *** Joins: Avery3R (HaltNCF@ip72-207-24-71.sd.sd.cox.net)
[00:36:37] *** Joins: stick_ (~stick@216.68.89.100)
[00:39:16] *** Joins: stick__ (~stick@216.68.89.100)
[00:39:29] *** Quits: stick (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[00:39:51] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[00:40:03] *** Joins: tyh (~tyh@71-46-77-212.res.bhn.net)
[00:40:24] *** Quits: rawrus (~rawrus@li913-17.members.linode.com) (Ping timeout: 240 seconds)
[00:41:31] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[00:42:08] *** Quits: stick_ (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[00:42:46] *** Joins: stick (~stick@216.68.89.100)
[00:44:42] *** Quits: stick__ (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[00:46:40] *** Joins: halb (~1817b6be@c-24-23-182-190.hsd1.ca.comcast.net)
[00:47:02] *** Joins: stick_ (~stick@216.68.89.100)
[00:49:25] *** Joins: stick__ (~stick@216.68.89.100)
[00:49:50] *** Quits: stick (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[00:50:11] *** Joins: kalax (~kalax@out-traffic.dcc.fc.up.pt)
[00:50:56] *** Quits: Sliden_ (Sliden@dhcp-18-111-18-34.dyn.mit.edu) (Client Quit)
[00:51:58] *** Quits: daniel-wer (~8d594bb5@75-181.wlan.rz.uni-potsdam.de) (Client Quit)
[00:52:09] <gynophage> Admins going to sleep.
[00:52:13] <gynophage> Minimal support mode.
[00:52:19] *** Quits: stick_ (~stick@216.68.89.100) (Ping timeout: 252 seconds)
[00:53:50] <gynophage> We'll be up in a few shifts for any questions you may have. Good night and good luck!
[00:55:21] *** Joins: rok__ (uid35317@id-35317.tooting.irccloud.com)
[00:58:27] *** Joins: johnnyjoe (~45b5eb70@c-69-181-235-112.hsd1.ca.comcast.net)
[00:59:21] <anotherctfer> and the music goes with it? Ahhhh
[01:01:06] <johnnyjoe> feedme is really frustrating me, I've got a local exploit but it won't work remotely for whatever reason
[01:02:13] <Murmus> johnnyjoe: check the topic
[01:07:13] *** Joins: rawrus (~rawrus@li913-17.members.linode.com)
[01:09:05] <[w33]Luwenth> Hey M
[01:09:06] <[w33]Luwenth> ~
[01:09:48] *** Quits: AlissonB (~alb@hackint/user/AlissonB) (Client Quit)
[01:09:55] <[w33]Luwenth> feedme has me really frustrated, I haven't figured out where to kill it yet
[01:10:05] <[w33]Luwenth> (no hints requested, just stating an obvious)
[01:10:22] *** Quits: spaghetti (~pasta@65.216.151.126) (Ping timeout: 252 seconds)
[01:11:11] <[w33]Luwenth> And... "Hey Mr. Dj can you get this started..."
[01:11:25] <[w33]deorth> Djs are sleeping now.... :)
[01:11:35] <[w33]Luwenth> Yeah... and they didn't annoint another to fill their void.
[01:11:59] *** Joins: spaghetti (~pasta@152.179.157.250)
[01:15:34] *** Joins: l0stb1t (~2a705797@42.112.87.151)
[01:17:47] *** Joins: ccchh (~z9@p5DC6D46B.dip0.t-ipconnect.de)
[01:17:48] *** Joins: lenerd_ (~lenerd@p5DC6D46B.dip0.t-ipconnect.de)
[01:18:29] *** Joins: t1deman (~t1deman@173-21-155-204.client.mchsi.com)
[01:18:53] *** Quits: cx (~Adium@189.217.214.103) (Client Quit)
[01:19:05] *** Quits: clubraum (~z9@p5DC6DC56.dip0.t-ipconnect.de) (Ping timeout: 252 seconds)
[01:19:10] *** Quits: wahrwolf (~wahrwolf@p5DC6DC56.dip0.t-ipconnect.de) (Ping timeout: 252 seconds)
[01:19:49] *** Quits: lenerd (~lenerd@p5DC6DC56.dip0.t-ipconnect.de) (Ping timeout: 252 seconds)
[01:22:50] *** Quits: t1deman (~t1deman@173-21-155-204.client.mchsi.com) (Ping timeout: 252 seconds)
[01:24:55] <[w33]Luwenth> any radare2 guru's out there? I have a question about something it just did to me and it doesn't make sense.
[01:26:07] <crowell> ya
[01:26:32] *** Quits: RoadKill (~RK@122-61-155-8.jetstream.xtra.co.nz) (Client Quit)
[01:26:39] <crowell> [w33]Luwenth:
[01:26:45] <[w33]Luwenth> iz just stopped showing me strings. I have a projectfile for this problem. When I load up the projectfile, iz gives a blank line. If I load radare2 on the binary, 'aaa', and then iz... I get a ton of strings.
[01:26:50] <[w33]Luwenth> What stupid thing have I done? :)
[01:26:59] <WebIRC22159> does radare2 have an undo button
[01:27:13] <[w33]Luwenth> If I knew what I'd done ...
[01:27:18] <crowell> project files are a bit "wip"
[01:27:26] <[w33]Luwenth> ohfun
[01:27:59] <[w33]Luwenth> Maybe I should go poke the inside of it to see if there's something that looks akimbo to me?
[01:28:16] <WebIRC98736> i want to ask about crippled
[01:28:25] <WebIRC98736> who is there
[01:28:37] <crowell> [w33]Luwenth: ping me on monday in #radare
[01:29:52] <[w33]Luwenth> crowell: If I remove everything in the #meta section, will it rebuild that?
[01:29:59] <[w33]Luwenth> (with the next 'aaa')
[01:30:12] *** Quits: breadsticks (~breadstic@64.184.102.169) (Client Quit)
[01:31:56] <[w33]Luwenth> #radare on which irc server?
[01:32:00] <crowell> on freenode
[01:32:17] <crowell> and #meta section is just comments
[01:32:18] <[w33]Luwenth> I shouldn't have had to ask, I'm sure that's ont the radare site :)
[01:32:44] <[w33]Luwenth> About the only thing I care about in the project file is some of the afn's I've done to keep things easier to find.
[01:34:51] *** Quits: sushant94 (~sushant94@106.51.25.55) (Client Quit)
[01:34:54] <crowell> strings shouldn't disappear, and they dont for me. but that's enough for now :P
[01:35:25] *** Quits: l0stb1t (~2a705797@42.112.87.151) (Client Quit)
[01:35:26] <[w33]Luwenth> Yeah, not expecting you to diagnose right now. I wondered if someone knew a magic key combination that would have made that happen. If they did I could figure out the undo :)
[01:37:44] <[w33]Luwenth> Ugh, I think I very much broke it.
[01:38:23] <[w33]Luwenth> I think I can recreate pretty quickly though, so no big loss. And will let me re-organize my thoughts and give me a better idea on how to tackle this problem. Probably ping on Monday and see what debugging we can do then :)
[01:39:01] *** Joins: FADEC0D3 (~FADEC0D3@f-69-281-253-0.hsd3.ca.comcast.net)
[01:39:18] <withzombies> ugh my vagrant shutdown due to my battery life going below 5%
[01:39:20] <withzombies> :(
[01:40:36] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[01:40:58] <WebIRC28460> is there any hint for time_sink in officialy?
[01:41:58] <toomanybananas> hah, my scripts for 334 cuts worked for 666 and 1000 cuts with no modifications :)
[01:42:22] <withzombies> toomanybananas: same :P
[01:42:33] *** Quits: WebIRC25733 (~49e7fda6@c-73-231-253-166.hsd1.ca.comcast.net) (Client Quit)
[01:42:41] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[01:43:23] <tylerni7> I imagine most people's do... I think that's more a comment on those challs than the solve scripts though :P
[01:44:06] *** Quits: digitalseraphim (~digitalse@cpe-74-78-215-239.twcny.res.rr.com) (Ping timeout: 252 seconds)
[01:44:30] <withzombies> tylerni7 is just grumpy that his robot is solving all the good challenges
[01:45:12] <tylerni7> well, I'm partially just grumpy in general
[01:45:31] <tylerni7> but our stuff didn't solve those, because of the silly restrictions they have
[01:47:15] <WebIRC98736> no admin?
[01:47:21] <WebIRC98736> i want to ask crippled
[01:47:55] <[w33]Luwenth> gyno is the only one that shows as signed into IRC right now, but I'm pretty sure he said he was off sleepign...
[01:48:20] <[w33]Luwenth> If you think you're close and have one small question, I'd document for yourself and go work on something else...
[01:48:30] <[w33]Luwenth> (just my strategy, may not be a winner)
[01:48:45] <[w33]deorth> yeah gyno is out for a while
[01:48:49] <[w33]deorth> he was pretty darn tired
[01:49:21] <WebIRC98736> is there anyone who solve crippled?
[01:54:39] *** Joins: vap0r (~d06be726@host-38-231-107-208.midco.net)
[01:55:39] *** Quits: vap0r (~d06be726@host-38-231-107-208.midco.net) (Client Quit)
[01:58:42] *** Quits: Avery3R (HaltNCF@ip72-207-24-71.sd.sd.cox.net) (Client Quit)
[02:00:48] *** Joins: arbiter_ (uid60882@2001:67c:2f08:6::edd2)
[02:02:26] *** Joins: l0stb1t (~2a705797@42.112.87.151)
[02:04:55] <Kokjo> any hints for kiss?
[02:05:07] <[w33]Luwenth> pucker up?
[02:05:17] <[w33]Luwenth> Or 'Detroit Rock City'?
[02:06:32] *** Joins: bic (~446e4151@ip68-110-65-81.ph.ph.cox.net)
[02:08:44] *** Joins: poizan42 (~poizan@130.225.98.192)
[02:08:59] <[w33]deorth> I'm more a god of thunder guy myself
[02:09:05] <[w33]deorth> or strutter
[02:09:06] <poizan42> Is easier down?
[02:09:54] <withzombies> ugh how do i debug a binary pov
[02:10:01] <withzombies> bmc
[02:10:16] <[w33]Luwenth> bi-nary ... so you do it twice?
[02:11:55] <[w33]deorth> that'll take like.. 6 minutes tho
[02:12:02] <[w33]deorth> (yes its that point in the evening)
[02:12:20] *** Joins: WebIRC87800 (~7748c320@em119-72-195-32.pool.e-mobile.ne.jp)
[02:12:43] <[w33]Luwenth> did you need goatse inspirational imagery?
[02:13:15] *** Quits: whoisj0hngalt (~46b82536@wsip-70-184-37-54.tu.ok.cox.net) (Client Quit)
[02:13:21] <memed4> any op there for Problem easier?
[02:14:16] <[w33]Luwenth> /names -ops
[02:15:25] <[w33]Luwenth> FYI: w33t34m has been the bad comedy branch / anti-rant branch of quals for ... a decade now? we have fun with the puzzles but if we solve them it's a small miracle.
[02:15:44] <[w33]Luwenth> So asking us "hey, how did you tackle NNNN?" isn't gonna get you far.
[02:15:49] <[w33]Luwenth> Plus, we read the rules.
[02:16:02] *** Quits: ling (~ling@li763-200.members.linode.com) (Remote host closed the connection)
[02:16:46] *** Joins: nerder (~c2dcb87b@194.220.184.123)
[02:20:48] *** Joins: WebIRC30395 (~48c9b288@ip72-201-178-136.ph.ph.cox.net)
[02:21:31] *** Quits: autolycos (~6f570996@111.87.9.150) (Client Quit)
[02:23:15] *** Joins: autolycos (~6f570996@111.87.9.150)
[02:23:55] *** Quits: WebIRC30395 (~48c9b288@ip72-201-178-136.ph.ph.cox.net) (Client Quit)
[02:25:20] *** Quits: nerder (~c2dcb87b@194.220.184.123) (Client Quit)
[02:26:02] <rg> 0ly
[02:27:02] *** Quits: WebIRC35378 (~9a05ae4f@d154-5-174-79.bchsia.telus.net) (Client Quit)
[02:30:59] <WebIRC98736> who can answer about crippled
[02:32:58] *** Joins: unused (~unusedb@199.30.199.146.dyn.plus.net)
[02:33:43] *** Joins: nerder (~c2dcb87b@194.220.184.123)
[02:35:06] *** Joins: rad (~Mutter@195.142.178.12)
[02:37:09] <sewilton> I really like the patch category this year
[02:37:14] *** Joins: hexkcd (~ca034dee@202.3.77.238)
[02:37:24] *** Joins: wahrwolf (~wahrwolf@p5DC6D46B.dip0.t-ipconnect.de)
[02:38:14] <sewilton> + my whole team has been enjoying the dynamic point system. Nice job with quals :)
[02:38:34] *** Quits: wahrwolf (~wahrwolf@p5DC6D46B.dip0.t-ipconnect.de) (Remote host closed the connection)
[02:39:38] *** Quits: WebIRC49603 (~6f5dda04@111.93.218.4) (Client Quit)
[02:39:44] *** Joins: WebIRC49603 (~6f5dda04@111.93.218.4)
[02:40:23] *** Joins: Ninn (~rekt@85.204.132.144.ip4.gigabit.dk)
[02:40:40] *** Quits: rad (~Mutter@195.142.178.12) (Client Quit)
[02:41:20] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[02:43:00] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[02:45:24] *** Quits: autolycos (~6f570996@111.87.9.150) (Client Quit)
[02:45:44] *** Quits: l0stb1t (~2a705797@42.112.87.151) (Client Quit)
[02:46:00] *** Joins: l0stb1t (~2a705797@42.112.87.151)
[02:47:31] *** Quits: nerder (~c2dcb87b@194.220.184.123) (Client Quit)
[02:47:35] *** Quits: okaji39 (~75374499@em117-55-68-153.emobile.ad.jp) (Client Quit)
[02:48:07] *** Quits: bic (~446e4151@ip68-110-65-81.ph.ph.cox.net) (Client Quit)
[02:50:09] *** Joins: rad (~c38eb20c@195.142.178.12)
[02:51:26] *** Joins: rad_ (~Mutter@195.142.178.12)
[02:52:44] <poizan42> Any organizers who's awake? easier seems to be down
[02:53:21] <sewilton> Try harder. I found it to be easier
[02:53:42] <poizan42> connection times out...
[02:54:17] *** Quits: rad_ (~Mutter@195.142.178.12) (Remote host closed the connection)
[02:56:05] *** Quits: stick__ (~stick@216.68.89.100) (Remote host closed the connection)
[02:56:57] <fester> any admins on still?
[02:57:12] *** Quits: kalax (~kalax@out-traffic.dcc.fc.up.pt) (Client Quit)
[02:57:52] <[w33]Luwenth> '/names -ops' will tell you who the admins are. However, I am betting they are all asleep right now.
[02:58:46] *** Joins: wahrwolf (~wahrwolf@p5DC6D46B.dip0.t-ipconnect.de)
[02:59:50] <fester> literally the only thing that i submit in the POV is "3\n" and the legit3 segfaults
[03:00:04] <[w33]Luwenth> Is that valid for a POV?
[03:00:11] <fester> yes
[03:00:18] <[w33]Luwenth> Check /topic - it sounds like you might be needing some of the informtaion there
[03:00:23] <fester> i did
[03:01:27] <toomanybananas> if it's segaulting it means you're on the right track ;)
[03:02:49] <fester> not in this case
[03:02:57] <fester> it should exit with 0
[03:09:46] *** Quits: structure (~440eaa68@ip68-14-170-104.ok.ok.cox.net) (Client Quit)
[03:11:53] <WebIRC28460> any hint for time_sink?
[03:12:37] *** Joins: WebIRC70842 (~d5909513@213.144.149.19)
[03:14:47] <anotherctfer> I can't even get it to run
[03:14:51] <anotherctfer> have you gotten that far?
[03:15:08] *** Joins: SandwichMan (~adfaeec9@D-173-250-238-201.dhcp4.washington.edu)
[03:15:49] <fester> i think all their cgc binaries are just segfaulting
[03:17:04] <WebIRC22159> hint for time sink is you need a dll if it's broken
[03:17:46] <anotherctfer> Thanks!!!!!
[03:18:29] *** Quits: autolycos1 (~cb68807b@203.104.128.123) (Client Quit)
[03:20:29] *** Joins: t1deman (~t1deman@173-21-155-204.client.mchsi.com)
[03:20:31] <SandwichMan> anyone else finding differences in running step locally v remote after key1?
[03:21:26] *** Joins: WebIRC15744 (~daa4b892@218-164-184-146.dynamic.hinet.net)
[03:21:43] <SandwichMan> the server outputs 'key2:' but locally it just exits, no failure or crash
[03:23:54] <toomanybananas> @fester : nope, just tested it and legit 03 works
[03:24:42] <fester> well, shit, what could i be doing that would cause mine to segfault no matter what inputs i give it
[03:24:56] *** Quits: t1deman (~t1deman@173-21-155-204.client.mchsi.com) (Ping timeout: 252 seconds)
[03:25:23] <toomanybananas> are you building the pov from an xml?
[03:26:11] <dacat> tips for running time sink on win10? doesnt run on any of my pcs
[03:26:11] *** ReidB_ is now known as toofeworanges
[03:26:15] <rad> for the easy-prasky-with-buffalo-on-bing do we need any pov or something like that?
[03:26:38] <toomanybananas> rad: no, connect to the server and read the instructions
[03:26:47] *** Joins: autolycos (~6f570996@111.87.9.150)
[03:26:56] <toofeworanges> WHERE ARE THERE EXTRA ORANGES???
[03:27:03] *** Joins: H2 (~0e34601a@14.52.96.26)
[03:27:24] *** Parts: H2 (~0e34601a@14.52.96.26) ()
[03:28:01] <fester> toofeworanges: i'm submitting the xml
[03:28:27] <toofeworanges> Oh thank god. XML Orange services will save us all from scurvy!
[03:29:03] *** Joins: H2 (~0e34601a@14.52.96.26)
[03:29:11] <fester> toomanybananas: yes
[03:29:39] *** toofeworanges is now known as ReidB
[03:31:29] <fester> toomanybananas: thank you
[03:31:30] <toomanybananas> @fester: i'm not sure if you can submit an xml, i couldn't get it to work that way
[03:32:02] *** Quits: gael (~gael@2a01:e34:ec02:c450:d547:b4b7:2303:2487) (Client Quit)
[03:32:06] <toomanybananas> but if you have an xml you can build it and submit that
[03:33:19] <FADEC0D3> do we have to patch the binary to solve the cgc cb challenges?
[03:34:09] *** Joins: L0rdComm4ander (~Adium@71.210.115.89.rev.vodafone.pt)
[03:35:23] <toomanybananas> FADECOD3: for the patch ones yeah
[03:35:37] <FADEC0D3> such as LEGIT_00003 ?
[03:35:45] <FADEC0D3> oh I see
[03:35:58] <FADEC0D3> Thanks
[03:35:59] *** Quits: null (uid40108@id-40108.charlton.irccloud.com) (Client Quit)
[03:36:10] * dino enters the chat
[03:36:45] *** Quits: toomanybananas (~60f1b411@pool-96-241-180-17.washdc.fios.verizon.net) (Client Quit)
[03:38:50] *** Joins: insaida (~c4dc8009@196.220.128.9)
[03:42:06] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[03:43:12] *** Quits: l0stb1t (~2a705797@42.112.87.151) (Client Quit)
[03:43:27] *** Joins: l0stb1t (~2a705797@42.112.87.151)
[03:44:28] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[03:44:49] <FADEC0D3> still trying to get the pov xml formatted correctly
[04:06:35] <FADEC0D3> any admins on?
[04:06:44] <gynophage> Yeah
[04:06:50] <FADEC0D3> ah cool
[04:06:52] *** Quits: L0rdComm4ander (~Adium@71.210.115.89.rev.vodafone.pt) (Client Quit)
[04:10:01] <agix> still a problem for us too
[04:10:41] *** Quits: l0stb1t (~2a705797@42.112.87.151) (Client Quit)
[04:11:53] *** Quits: autolycos (~6f570996@111.87.9.150) (Client Quit)
[04:12:18] *** Joins: meumeu (~a3981417@163.152.20.23)
[04:12:24] <gynophage> Easier has been restarted.
[04:14:53] *** Joins: autolycos (~6f570996@111.87.9.150)
[04:16:34] *** Quits: kakakikikaka (~kakakikik@ec2-52-62-61-237.ap-southeast-2.compute.amazonaws.com) (Remote host closed the connection)
[04:16:49] *** Joins: kakakikikaka (~kakakikik@ec2-52-62-61-237.ap-southeast-2.compute.amazonaws.com)
[04:18:17] *** Joins: TheVamp_ (~TheVamp@p579606D5.dip0.t-ipconnect.de)
[04:19:20] *** Joins: shivanshu (~admin@202.3.77.204)
[04:21:35] *** Quits: H2 (~0e34601a@14.52.96.26) (Client Quit)
[04:24:29] *** Quits: hexkcd (~ca034dee@202.3.77.238) (Client Quit)
[04:24:29] <gynophage> I'm up for another 6 minutes.
[04:24:34] <gynophage> Then I'm back to sleep.
[04:24:40] <gynophage> Any other views?
[04:24:42] <gynophage> fires*
[04:26:32] *** Joins: joemalone (~5449cb3c@84-73-203-60.dclient.hispeed.ch)
[04:27:48] <SallyCroak> the video stream is dead
[04:28:33] *** Joins: NeedToLearn (~NeedToLea@2a01:e35:8b3c:cd30:169:337d:cc86:9566)
[04:29:34] <aterribleloss> this ^
[04:30:18] *** Quits: NeedToLearn (~NeedToLea@2a01:e35:8b3c:cd30:169:337d:cc86:9566) (Client Quit)
[04:34:20] <gynophage> Fixed.
[04:37:12] *** Joins: w0 (~w0@37.228.235.175)
[04:38:31] *** Quits: w0 (~w0@37.228.235.175) (Client Quit)
[04:40:07] <gynophage> Alright. Back to sleep.
[04:40:11] <gynophage> Good job on Glados.
[04:40:41] *** Joins: gael (~gael@2a01:e35:2425:a090:28e2:832:1c59:5d70)
[04:42:04] *** Joins: csec (~csec@84-73-203-60.dclient.hispeed.ch)
[04:42:17] *** Quits: joemalone (~5449cb3c@84-73-203-60.dclient.hispeed.ch) (Client Quit)
[04:42:39] *** Joins: WebIRC25733 (~d0573b63@208.87.59.99)
[04:43:21] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[04:44:20] <agix> woot solve our first cgc !
[04:44:27] *** Quits: WebIRC25733 (~d0573b63@208.87.59.99) (Client Quit)
[04:44:44] <agix> we should have trouble converting xml to c
[04:44:50] <agix> so we directly wrote c
[04:44:51] <agix> pov
[04:44:55] <agix> like this one
[04:44:56] <agix> https://github.com/CyberGrandChallenge/samples/blob/master/examples/CROMU_00071/pov_1/pov.c
[04:45:26] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[04:45:33] *** Quits: Ninn (~rekt@85.204.132.144.ip4.gigabit.dk) (Client Quit)
[04:50:10] *** Joins: uri (~uri@248.red-213-96-13.staticip.rima-tde.net)
[04:52:34] *** Quits: rabidwh0re (~Lucas@c-76-31-77-249.hsd1.tx.comcast.net) (Ping timeout: 252 seconds)
[04:53:23] *** Quits: agix (~5758af27@che33-h05-87-88-175-39.dsl.sta.abo.bbox.fr) (Client Quit)
[04:54:58] *** Joins: L0rdComm4ander (~Adium@2001:690:2100:1b:f031:ba59:a048:5920)
[04:58:26] *** Quits: shivanshu (~admin@202.3.77.204) (Ping timeout: 252 seconds)
[05:02:00] <WebIRC22159> nooooo binja
[05:05:20] *** Joins: rffdtdtdtrdtrrth (~56068d05@cpc2-lewi16-2-0-cust260.2-4.cable.virginm.net)
[05:06:00] <Kokjo> gynophage: Do you have any hints for kiss?
[05:07:24] *** Quits: andy (~andy@server.galauner.de) (Ping timeout: 240 seconds)
[05:07:49] <WebIRC98736> anyone who can talk about crippled
[05:09:31] *** Joins: ManyAAsForFun (~126f47c6@dhcp-18-111-71-198.dyn.MIT.EDU)
[05:09:48] *** Quits: mgaya (~MShing0x@i114-190-231-87.s41.a014.ap.plala.or.jp) (Ping timeout: 252 seconds)
[05:10:05] <rok__> any one here to help me on feedme
[05:10:21] <rok__> challenge
[05:10:44] <ManyAAsForFun> any chance the libc has been dropped for kiss?
[05:15:02] *** Joins: andy (~andy@server.galauner.de)
[05:15:58] *** Joins: ling (~ling@li763-200.members.linode.com)
[05:17:16] *** Quits: lenerd_ (~lenerd@p5DC6D46B.dip0.t-ipconnect.de) (Read error: Connection reset by peer)
[05:17:39] *** Joins: lenerd (~lenerd@p5DC6D46B.dip0.t-ipconnect.de)
[05:22:54] *** Joins: t1deman (~t1deman@173-21-155-204.client.mchsi.com)
[05:23:51] <amadan> is there an admin available for b3s23?
[05:26:52] *** Quits: ling (~ling@li763-200.members.linode.com) (Remote host closed the connection)
[05:27:08] *** Quits: WebIRC70842 (~d5909513@213.144.149.19) (Client Quit)
[05:27:19] *** Quits: t1deman (~t1deman@173-21-155-204.client.mchsi.com) (Ping timeout: 252 seconds)
[05:27:24] <meumeu> is there any problem with cgc probs?
[05:27:40] <meumeu> server cannot connect itself
[05:28:40] *** Quits: autolycos (~6f570996@111.87.9.150) (Client Quit)
[05:29:53] <ricky> Aw, we don't get to choose what to open next? :-(
[05:30:58] <meumeu> Is PoV servers running properly?
[05:32:55] <amadan> is the b3s23 service running correctly? i've set it up on another machine and tested it successfully, but it doesn't for for the official one
[05:33:04] <sewilton> ricky: you should pick "There I Fixed It"
[05:34:07] <WebIRC22159> amadan: read topic
[05:34:58] *** Joins: shivanshu (~admin@202.3.77.204)
[05:35:48] <amadan> myeah but b3s23 is in the coding category; still applicable i guess
[05:36:37] *** Quits: insaida (~c4dc8009@196.220.128.9) (Client Quit)
[05:39:48] *** Quits: WebIRC98736 (~7d83e0b2@125.131.224.178) (Excess Flood)
[05:40:10] *** Joins: WebIRC79009 (~7d83e0b2@125.131.224.178)
[05:40:11] <bool101> not wanting to open another one?
[05:40:46] *** sewilton is now known as [ppp]tylerni
[05:40:55] <[ppp]tylerni> hj: we decided to open a new fix it problem
[05:41:17] <WebIRC22159> if ppp doesn't pick a category soon I'm going to pick for them
[05:41:47] <ricky> What should we pick?
[05:41:49] <mserrano> lol
[05:41:53] <mserrano> we pick forensics
[05:41:57] <mserrano> where are the forensics
[05:41:58] *** Joins: c21 (d4101c82@ircip2.mibbit.com)
[05:42:35] <WebIRC22159> web 436
[05:43:26] <mserrano> actually scratch that
[05:43:28] <mserrano> we pick ucucuga
[05:43:48] <WebIRC22159> potent potables
[05:44:07] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[05:44:23] <bool101> I really like the scoring for quals
[05:44:32] <WebIRC22159> the part where you're near the top?
[05:44:58] <bool101> very elegant way to discourage flag sharing and remove bias from difficulty assessments
[05:45:05] *** [ppp]tylerni is now known as sewilton
[05:46:38] *** Joins: nerder (~c2dcb87b@194.220.184.123)
[05:47:34] *** Quits: FADEC0D3 (~FADEC0D3@f-69-281-253-0.hsd3.ca.comcast.net) (Ping timeout: 252 seconds)
[05:47:55] <WebIRC79009> !p
[05:48:03] *** Quits: nerder (~c2dcb87b@194.220.184.123) (Client Quit)
[05:48:29] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[05:53:05] *** Quits: WebIRC87800 (~7748c320@em119-72-195-32.pool.e-mobile.ne.jp) (Client Quit)
[06:00:10] *** Quits: ManyAAsForFun (~126f47c6@dhcp-18-111-71-198.dyn.MIT.EDU) (Client Quit)
[06:00:24] *** Joins: WebIRC25980 (~75374486@em117-55-68-134.emobile.ad.jp)
[06:02:02] *** Quits: johnnyjoe (~45b5eb70@c-69-181-235-112.hsd1.ca.comcast.net) (Client Quit)
[06:02:55] *** Joins: mandlebro (~ben@2001:690:2100:1b:51f9:7e18:fd52:732)
[06:03:56] *** Joins: dmz (~02@2a04:5c87:300:1134:290:f5ff:feed:d83e)
[06:04:06] <dmz> hi, admin here for easy-pranky ?
[06:05:32] <dmz> why I keep getting this trying to debug in gdb : Program terminated with signal SIGCHLD, Child status changed.
[06:06:12] <WebIRC22159> handle SIGCHLD nostop
[06:07:47] <dmz> yup but even with that I cant step
[06:08:11] <dmz> when the breakpoint is hit, trying "si" and bim get this fuckig sicgchld in the face
[06:08:23] <dmz> so annoying to use those pesky decree shitz
[06:08:30] <dmz> never works
[06:09:49] *** Joins: WebIRC11307 (~9f959425@r00ta.laser.di.unimi.it)
[06:11:37] <WebIRC79009> anyone who can talk about crippled?
[06:15:07] *** Joins: rhydis (~rhydis@anon-37-177.vpn.ipredator.se)
[06:16:46] *** Quits: WebIRC22159 (~49e7555b@c-73-231-85-91.hsd1.ca.comcast.net) (Client Quit)
[06:18:04] *** Quits: hexife (~dc751451@220.117.20.81) (Client Quit)
[06:25:02] *** Joins: t1deman (~t1deman@173-21-155-204.client.mchsi.com)
[06:26:12] *** Joins: WebIRC35378 (~9a05ae4f@d154-5-174-79.bchsia.telus.net)
[06:27:14] <dino> any admins online i can talk to about easier?
[06:27:47] *** Quits: WebIRC35378 (~9a05ae4f@d154-5-174-79.bchsia.telus.net) (Client Quit)
[06:29:18] <dmz> admin ?$
[06:29:20] <dmz> ffs
[06:29:24] *** Quits: t1deman (~t1deman@173-21-155-204.client.mchsi.com) (Ping timeout: 240 seconds)
[06:30:15] <c3> anyone to talk about kiss?
[06:39:40] *** Joins: hexife (~dc751451@220.117.20.81)
[06:39:47] *** Joins: daniel-wer (~8d594bb5@75-181.wlan.rz.uni-potsdam.de)
[06:42:19] *** Joins: WebIRC56235 (~caa61d11@202.166.29.17)
[06:43:40] *** Joins: FADEC0D3 (~FADEC0D3@f-69-281-253-0.hsd3.ca.comcast.net)
[06:46:53] *** Quits: WebIRC56235 (~caa61d11@202.166.29.17) (Client Quit)
[06:47:04] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[06:48:21] *** Quits: FADEC0D3 (~FADEC0D3@f-69-281-253-0.hsd3.ca.comcast.net) (Ping timeout: 252 seconds)
[06:49:09] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[06:49:35] *** Joins: war3tease (~5f4c8127@95.76.129.39)
[06:52:40] *** Joins: nerder (~c2dcb87b@194.220.184.123)
[06:54:18] *** Quits: nerder (~c2dcb87b@194.220.184.123) (Client Quit)
[07:00:17] *** Joins: WebIRC61265 (~2d4e39af@45.78.57.175.16clouds.com)
[07:00:25] *** Joins: nerder (~c2dcb87b@194.220.184.123)
[07:05:46] <dmz> worst ctf ever
[07:05:47] <dmz> gg
[07:05:52] *** Quits: dmz (~02@2a04:5c87:300:1134:290:f5ff:feed:d83e) (Client Quit)
[07:06:19] <stypr> his mom is worst, too bad
[07:11:44] <gynophage> What's up?
[07:12:44] *** Quits: nerder (~c2dcb87b@194.220.184.123) (Client Quit)
[07:12:45] <mserrano> gynophage: needs more wub
[07:12:57] <dino> gynophage: can you tell me what the windows version is for easier?
[07:13:50] <gynophage> https://usercontent.irccloud-cdn.com/file/uR7Z8Eee/Screen%20Shot%202016-05-21%20at%2011.59.33%20AM.png
[07:14:06] <gynophage> dino ^^
[07:14:43] <gynophage> mserrano: Did music stop?
[07:14:59] <dino> gynophage: ty
[07:16:25] *** Quits: rad (~c38eb20c@195.142.178.12) (Client Quit)
[07:18:58] *** Joins: nerder (~c2dcb87b@194.220.184.123)
[07:20:21] <mserrano> gynophage: I have no clue
[07:20:49] <mserrano> https://www.youtube.com/watch?v=rY8DSFZ08JQ\
[07:20:56] <mserrano> er https://www.youtube.com/watch?v=rY8DSFZ08JQ
[07:21:45] *** Quits: nerder (~c2dcb87b@194.220.184.123) (Client Quit)
[07:22:28] *** Joins: XMPPwocky (~wocky@xmppwocky.net)
[07:25:16] *** Quits: cybint1122 (~cybint112@192.117.175.226) (Remote host closed the connection)
[07:25:31] *** Joins: cybint1122 (~cybint112@192.117.175.226)
[07:26:32] *** Joins: tuxcoder_ (~tuxcoder@o-g.at)
[07:27:07] *** Joins: AlissonB (~alb@hackint/user/AlissonB)
[07:28:09] *** Quits: aradia (~aradia@cblmdm170-253-150-190.maxxsouthbb.net) (Remote host closed the connection)
[07:29:26] *** Joins: touff (~touf@asc59-2-78-226-21-116.fbx.proxad.net)
[07:29:28] <gynophage> 2 challenges remain!
[07:32:26] *** Quits: TouF (~touf@asc59-2-78-226-21-116.fbx.proxad.net) (Ping timeout: 252 seconds)
[07:32:27] *** Joins: nerder (~c2dcb87b@194.220.184.123)
[07:36:29] *** Quits: spaghetti (~pasta@152.179.157.250) (Remote host closed the connection)
[07:40:35] *** Joins: touf__ (~touf@asc59-2-78-226-21-116.fbx.proxad.net)
[07:41:21] *** Joins: lefu (~55da5fd6@85.218.95.214)
[07:42:14] <gynophage> c3: What's up?
[07:42:44] <gynophage> Oh, lol, j/k, you're the same one who was asking about kiss yesterday.
[07:43:26] *** Quits: touff (~touf@asc59-2-78-226-21-116.fbx.proxad.net) (Ping timeout: 252 seconds)
[07:44:45] <dino> is justintime down ?
[07:46:10] <gynophage> dino: Checking.
[07:47:38] <gynophage> dino: It's up in europe and asia pacific.
[07:47:49] <gynophage> us-east is giving me some problems.
[07:47:53] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[07:49:23] <gynophage> ANNNNND I can't even ssh in.
[07:49:55] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[07:49:55] <mserrano> rip
[07:57:41] <ar1s> once you've understood how to write the gcg xmls, it's serial pwnage
[07:59:05] <gynophage> Yeah.
[07:59:09] <gynophage> Glad you seem to have finally got it. :)
[07:59:35] *** Joins: RoMaNSoFt (~roman@23.red-81-34-135.dynamicip.rima-tde.net)
[08:02:43] <gynophage> dino: Rebooting justintime (us-east) now-isa.
[08:02:49] <gynophage> now-ish*
[08:04:32] <anotherctfer> any hints on how to make time sink sink less time?
[08:04:47] <gynophage> anotherctfer: Why would you do that?
[08:04:57] <gynophage> Lightning put all that work into pretty visuals.
[08:05:11] <anotherctfer> and they are pretty
[08:05:14] *** Quits: WebIRC11307 (~9f959425@r00ta.laser.di.unimi.it) (Client Quit)
[08:05:25] <gynophage> It's not about the destination, it's about the journey.
[08:05:28] <gynophage> Sit back.
[08:05:29] <gynophage> Relax.
[08:05:32] <gynophage> Watch it.
[08:05:34] <gynophage> Enjoy it.
[08:05:38] <gynophage> Kids these days.
[08:05:45] <gynophage> With their instant gratification.
[08:05:46] <anotherctfer> i'm up to over 9000 flying toasters
[08:05:46] <anotherctfer> :D
[08:07:14] <anotherctfer> could you tell me how long it took from opening to the first solve on it?
[08:07:17] <gynophage> dino: Still looking at justintime1-east
[08:07:35] <gynophage> AWS console isn't really letting us reboot it. :\
[08:07:39] <gynophage> anotherctfer:
[08:08:31] <gynophage> 2016-05-21 16:24:00 UTC
[08:08:33] <gynophage> Was first solve.
[08:09:14] <gynophage> dino: 54.171.71.172 (the european one) should let you in while we get us-east up.
[08:09:37] <riatre> Good job crashing my IDA with "Binary data is incorrect, maximum possible value is 261."
[08:10:00] <riatre> Now am I supposed to debug IDA? :p
[08:10:49] *** Joins: WebIRC90506 (~02@2a02:1205:34db:7ab0:d4c1:1f90:bb92:be32)
[08:10:49] *** Quits: nerder (~c2dcb87b@194.220.184.123) (Client Quit)
[08:10:54] <anotherctfer> thanks @gynophage!
[08:11:15] <gynophage> And, justintime is back up in US-east.
[08:12:11] <jvoisin> riatre: try radare2 :D
[08:18:38] <ar1s> https://twitter.com/agixid/status/734134069160742914/photo/1 ROFL
[08:20:21] *** Quits: solidsnake (solidsnake@61.253.80.196) (Remote host closed the connection)
[08:25:26] *** Joins: cx (~Adium@189.217.214.103)
[08:26:09] <ccm> who is author of badger? got a question
[08:26:22] *** Quits: WebIRC25980 (~75374486@em117-55-68-134.emobile.ad.jp) (Client Quit)
[08:26:57] *** Joins: t1deman (~t1deman@173-21-155-204.client.mchsi.com)
[08:28:36] *** Parts: marble (Vos4wFyTXt@2a00:d0c0:200:0:b9:1a:9c0f:340) ()
[08:31:28] *** Quits: t1deman (~t1deman@173-21-155-204.client.mchsi.com) (Ping timeout: 252 seconds)
[08:32:28] *** Quits: WebIRC95558 (~8ff8ebd3@143.248.235.211) (Client Quit)
[08:34:31] *** Joins: WebIRC97892 (~8d594bb5@75-181.wlan.rz.uni-potsdam.de)
[08:37:00] <whatitdo> 9gag memes increase hacking proficiency
[08:37:05] <gynophage> sirgoon is.
[08:37:09] <ccm> thx
[08:37:26] <gynophage> I love people who only barely read the documentation.
[08:38:06] <gynophage> <ipmask>0x41414141</ipmask> shows they didn't RTFM.
[08:41:15] <mourn> we ain't no time for that
[08:41:20] *** Joins: tyson (tyson@shellhost/fnordserver)
[08:41:34] <tyson> hi
[08:41:46] <tyson> if i have -$2000 on a $1000 limit credit card
[08:41:50] <tyson> does that mean i have $3000 to spend?
[08:45:43] *** Joins: a (~6ea1d420@u1012032.xgsnun001.imtp.tachikawa.mopera.net)
[08:48:39] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[08:50:16] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[08:51:11] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[08:55:51] *** Joins: grrrr (~4e083720@dynamic-78-8-55-32.ssp.dialog.net.pl)
[08:56:09] <grrrr> hey, could you show any example PoV for example vulnerability?
[08:56:56] <gynophage> https://github.com/CyberGrandChallenge/samples/tree/master/templates/service-template
[08:58:39] <grrrr> hmm
[08:58:41] <grrrr> thx
[09:00:39] <gynophage> grrrr: You'll have to go from xml to c to a binary pov.
[09:01:05] <grrrr> so my PoV should be sent in a binary format?
[09:03:59] <gynophage> Yeah.
[09:04:07] <gynophage> A DECREE executable.
[09:04:23] <gynophage> https://github.com/CyberGrandChallenge/cb-testing/blob/master/cgc-cb.mk
[09:04:40] <gynophage> More specifically: https://github.com/CyberGrandChallenge/cb-testing/blob/master/cgc-cb.mk#L163
[09:04:59] <gynophage> Unwinding all the cruft to find out what to run and whatnot is an exercise left to the reader.
[09:05:07] <grrrr> what about *patch levels? Just sending patched cgc binary?
[09:05:23] *** Joins: stick__ (~stick@208.102.174.148)
[09:05:29] <gynophage> Yes.
[09:05:53] <grrrr> btw, why there is so many CGC this year?
[09:05:55] *** Joins: WebIRC41899 (~4a657c5c@pool-74-101-124-92.nycmny.fios.verizon.net)
[09:07:39] <err0r> who can ask about 334 cuts ?
[09:10:24] <hj> vito
[09:10:40] <grrrr> gynophage: patched cgc binaries should be sent in raw-format, or base64-encode/whatever-encode them ?
[09:12:18] <whatitdo> =D
[09:13:21] *** dino is now known as dino_pizza
[09:14:14] *** Quits: S00NN (~S00NN@hackint/user/S00ND43) (Remote host closed the connection)
[09:14:19] *** Joins: its_a_feature (~ad45af21@pool-173-69-175-33.bltmmd.fios.verizon.net)
[09:14:22] *** Quits: its_a_feature (~ad45af21@pool-173-69-175-33.bltmmd.fios.verizon.net) (Client Quit)
[09:15:43] *** Joins: WebIRC64217 (~9f959425@r00ta.laser.di.unimi.it)
[09:15:57] <WebIRC64217> hi, is kiss challenge down?????
[09:16:39] *** Joins: S00NN (~S00NN@ec2-52-76-15-136.ap-southeast-1.compute.amazonaws.com)
[09:16:39] *** Quits: S00NN (~S00NN@ec2-52-76-15-136.ap-southeast-1.compute.amazonaws.com) (Changing host)
[09:16:39] *** Joins: S00NN (~S00NN@hackint/user/S00ND43)
[09:16:41] <gynophage> WebIRC64217: I don't know I'll check!!!!!!!!
[09:17:57] <gynophage> WebIRC64217: No, I just pwned it in all regions!!!!!!
[09:18:03] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[09:18:08] *** Joins: ravencoding (~1b5d5115@KD027093081021.ppp-bb.dion.ne.jp)
[09:19:33] *** Quits: ravencoding (~1b5d5115@KD027093081021.ppp-bb.dion.ne.jp) (Client Quit)
[09:20:22] <WebIRC64217> $ nc kiss_88581d4e20dc97355f1d86b6905f6103.quals.shallweplayaga.me 3155
[09:20:22] <WebIRC64217> kiss_88581d4e20dc97355f1d86b6905f6103.quals.shallweplayaga.me [54.171.115.187] 3155 (?) : No route to host
[09:22:43] <hj> problem is on your end
[09:22:47] <hj> works for me
[09:23:01] <grrrr> also works from here
[09:23:07] <grrrr> (the kiss chall)
[09:23:26] <hj> I get a different ip
[09:23:31] *** Quits: WebIRC15744 (~daa4b892@218-164-184-146.dynamic.hinet.net) (Client Quit)
[09:23:39] <hj> flush dns cache
[09:24:24] <gynophage> @hj - stahp
[09:24:40] *** Joins: WebIRC75360 (~daa4b892@218-164-184-146.dynamic.hinet.net)
[09:25:05] <gynophage> hj: That's the europe endpoint.
[09:25:12] *** Quits: WebIRC28460 (~0e34601a@14.52.96.26) (Client Quit)
[09:25:13] <hj> rgr oops
[09:26:30] *** Quits: cx (~Adium@189.217.214.103) (Client Quit)
[09:26:47] <gynophage> /tmp ❯❯❯ nc 54.171.115.187 3155
[09:26:47] <gynophage> KISS - Keep It Simple Stupid
[09:26:51] <gynophage> Works for me.
[09:27:27] <gynophage> WebIRC64217: Are you at a school or something?
[09:27:49] <gynophage> 3155 is (seemingly) a Rainbow 6 multiplayer port.
[09:27:54] <gynophage> Maybe firewall blocking it?
[09:28:17] <WebIRC64217> ok i'll check
[09:28:25] *** Quits: Dor1s (~Dor1s@p4FD62138.dip0.t-ipconnect.de) (Read error: Connection reset by peer)
[09:29:38] *** Joins: Dor1s (~Dor1s@p4FD62138.dip0.t-ipconnect.de)
[09:29:54] *** Joins: nebel (~nicolai@130.225.98.192)
[09:30:54] *** Quits: giosch (~83af1cc5@global-deiInsideNECST.dei.polimi.it) (Client Quit)
[09:31:29] <fester> tyson: yes
[09:31:51] <tyson> thanks fester
[09:31:58] <tyson> what's a good $3000 laptop for grad school?
[09:32:22] *** Joins: cx (~Adium@189.217.214.103)
[09:32:30] <ccm> microsoft surface
[09:32:44] <gynophage> Macbook pro after June refresh.
[09:32:49] <rffdtdtdtrdtrrth> dell alienware
[09:32:56] <dino_pizza> ^
[09:33:08] <tyson> okay ty.
[09:33:22] <ccm> surface is smaller and has enough for keys for doing sql injection
[09:33:30] <tyson> i think i'll go for a mac since they're harder to hack
[09:33:58] <gynophage> lol, macs are easy mode.
[09:34:04] <gynophage> To pwn.
[09:34:14] <gynophage> But their hardware is better than most.
[09:34:30] *** Joins: attila (~attila@97-86-129-45.dhcp.stls.mo.charter.com)
[09:34:42] <gynophage> Most of LBS is MacBooks. Selir and Sirgoon are HP/Dell users.
[09:35:05] <tyson> my friend from phrack says macbooks are hard to hack if u know how to configure them
[09:35:08] <tyson> maybe he is wrong though
[09:35:37] *** Quits: WebIRC64217 (~9f959425@r00ta.laser.di.unimi.it) (Client Quit)
[09:36:11] <gynophage> He is.
[09:36:32] <gynophage> Well, for as valid as that statement is, I guess.
[09:36:45] <gynophage> There haven't been many (public) pure remotes against it, I guess.
[09:37:10] <gynophage> But, "if you know how to configure them", all computers are secure. For certain values of "configure" and "secure"
[09:39:07] <gynophage> WOOOOT!
[09:39:11] *** Joins: ravencoding (~1b5d5115@KD027093081021.ppp-bb.dion.ne.jp)
[09:39:24] <gynophage> Last challenge unlocked. Sirgoon and secrf get to have their revenge!
[09:40:52] <cai> \o/
[09:41:01] <ricky> Come on... open
[09:41:05] <sirgoon> oh ya
[09:41:05] <ricky> Then sleeeeep
[09:41:32] <ricky> is there a choice here? I recommend There I Fixed It
[09:41:37] <ricky> I hear that category has good challenges
[09:41:52] <mserrano> gynophage: did you unlock it? it's still showing as locked
[09:42:02] <ricky> WE currently have nothing to solve.
[09:42:25] <ricky> gynophage: Hm, don't see it on the scoreboard either
[09:42:31] *** Quits: Guest92 (~textual@211.170.156.176) (Ping timeout: 252 seconds)
[09:42:34] <cai> chal plz
[09:42:59] <gynophage> ...hmm?
[09:43:20] <gynophage> Ohh.
[09:43:21] <sirgoon> DEFKOR hasn't unlocked it yet
[09:43:26] *** Joins: FADEC0D3 (~FADEC0D3@f-69-281-253-0.hsd3.ca.comcast.net)
[09:43:31] <mserrano> which means we're just sittin' here with nothing to do :P
[09:43:51] <gynophage> DEFKOR - quit trying to catch up.
[09:44:12] <gynophage> Fuck it.
[09:44:28] <gynophage> ADMINISTRATIVELY UNLOCKED
[09:44:30] <gynophage> GOGOGOGO
[09:44:35] <cai> lol
[09:44:38] <mserrano> thanks lol
[09:46:13] *** Quits: rffdtdtdtrdtrrth (~56068d05@cpc2-lewi16-2-0-cust260.2-4.cable.virginm.net) (Client Quit)
[09:46:18] <riatre> lol secrf
[09:46:39] <gynophage> sirgoon was mad there wasn't a solve for it last year.
[09:47:02] *** a is now known as ak
[09:47:44] <riatre> It was unlocked 1 or 2 hours before contest end iirc
[09:47:54] <sirgoon> 3.5 hours I believe
[09:47:54] <gynophage> Like 4 or 5 hours I thought.
[09:47:56] <gynophage> Whatever.
[09:48:06] *** Quits: FADEC0D3 (~FADEC0D3@f-69-281-253-0.hsd3.ca.comcast.net) (Ping timeout: 252 seconds)
[09:48:10] <gynophage> We were gonna admin unlock it in 12 minutes anyway.
[09:48:49] <gynophage> He wanted people to...experience...it.
[09:48:52] <ar1s> 10 hours left and all challenges unlocked, I think that's good
[09:49:22] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[09:49:33] *** Quits: stick__ (~stick@208.102.174.148) (Client Quit)
[09:50:07] *** Joins: nerder (~c2dcb87b@194.220.184.123)
[09:50:08] <ebeip90> Pretty sure I just conjured up *the most convoluted* solution to GladOS
[09:50:13] <ebeip90> But fuck it, it works.
[09:51:30] *** Quits: nerder (~c2dcb87b@194.220.184.123) (Client Quit)
[09:51:41] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[09:52:09] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[09:53:35] <bool101> n33d m04r flags
[09:53:42] *** Joins: Lightning (~Lightning@50-89-219-191.res.bhn.net)
[09:54:08] *** Quits: Lightning (~Lightning@50-89-219-191.res.bhn.net) (Changing host)
[09:54:09] *** Joins: Lightning (~Lightning@legitbs.net)
[09:54:09] *** ChanServ sets mode: +o Lightning
[09:54:13] <Lightning> morning
[09:55:48] <dino_pizza> gynophage: may i ask the name of the flag file on easier ?
[09:59:47] <gynophage> key.txt
[10:00:10] <gynophage> Err, at least, AppJailLauncher is launched with /key:key.txt
[10:02:12] *** Quits: Dor1s (~Dor1s@p4FD62138.dip0.t-ipconnect.de) (Client Quit)
[10:02:31] <dino_pizza> thanks
[10:02:45] *** Joins: Dor1s (~Dor1s@p4FD62138.dip0.t-ipconnect.de)
[10:02:52] <Lightning> down to < 10 hours, seems you guys fully opened the board
[10:04:15] *** Joins: digitalseraphim (~digitalse@cpe-74-78-215-239.twcny.res.rr.com)
[10:05:29] <psifertex> *yawn* just waking up. binary ninja in the scrollback, I see.
[10:06:10] <psifertex> vito: 'cause we haven't implemented the OS X scroll stuff. You can hold control and two finger swipe up and down to zoom.
[10:06:16] <psifertex> dave0x6d: Figure out your problem?
[10:06:36] <gynophage> psifertex: Where's your points? :-p
[10:07:04] <psifertex> gynophage: I got one yesterday, just not on a team you'd expect. :-)
[10:07:18] <psifertex> Working on badger now.
[10:07:21] <gynophage> Not Lonliest?
[10:07:24] <psifertex> Excited to do it again.
[10:07:28] <gynophage> Are you helping DERPA or something?
[10:08:39] *** Quits: SandwichMan (~adfaeec9@D-173-250-238-201.dhcp4.washington.edu) (Client Quit)
[10:09:53] <dino_pizza> gynophage: come on the windows one is down :(
[10:10:09] <gynophage> dino_pizza: Fucking manners.
[10:10:16] <dino_pizza> gynophage: please.......
[10:10:42] *** Joins: SandwichMan (~adfaeec9@D-173-250-238-201.dhcp4.washington.edu)
[10:10:45] *** Quits: Dor1s (~Dor1s@p4FD62138.dip0.t-ipconnect.de) (Ping timeout: 252 seconds)
[10:10:55] <dino_pizza> thanks
[10:12:10] <gynophage> No prob.
[10:12:41] <dino_pizza> but still... no luck over here.
[10:13:05] *** Joins: Admir4l (~IceChat78@105.158.135.13)
[10:13:39] <niklasb> https://releases.hashicorp.com/vagrant/1.8.1/vagrant_1.8.1_x86_64.deb
[10:13:44] <niklasb> nvm
[10:14:17] <Ymgve> cgc is much easier to exploit when you actually send cgc binaries instead of what you thought was the input to the program
[10:14:30] <Ymgve> makes me wonder what the hell the verifier actually _did_ with my old input
[10:16:20] *** Quits: attila (~attila@97-86-129-45.dhcp.stls.mo.charter.com) (Ping timeout: 252 seconds)
[10:17:24] <gynophage> easier just went down in US-east. Fixing.
[10:17:37] <gynophage> Fix'd.
[10:18:09] <dino_pizza> thanks
[10:18:39] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[10:24:46] *** Quits: SandwichMan (~adfaeec9@D-173-250-238-201.dhcp4.washington.edu) (Client Quit)
[10:28:28] *** Quits: WebIRC97892 (~8d594bb5@75-181.wlan.rz.uni-potsdam.de) (Client Quit)
[10:28:41] *** Joins: t1deman (~t1deman@173-21-155-204.client.mchsi.com)
[10:29:44] *** Joins: WebIRC83603 (~75374486@em117-55-68-134.emobile.ad.jp)
[10:31:05] <gynophage> SHELLPHISH - CALM THE FUCK DOWN ON EASIER
[10:31:45] <gynophage> zardus: ^
[10:32:53] <gynophage> Thanks.
[10:33:03] <gynophage> You're allowed to hit it. Just not as hard.
[10:33:14] <gynophage> You keep bouncing it and making me do stuff.
[10:34:18] *** Quits: t1deman (~t1deman@173-21-155-204.client.mchsi.com) (Ping timeout: 252 seconds)
[10:39:44] *** Joins: selir (~selir@50-89-219-191.res.bhn.net)
[10:39:44] *** ChanServ sets mode: +o selir
[10:41:26] *** Quits: WebIRC79009 (~7d83e0b2@125.131.224.178) (Excess Flood)
[10:42:35] *** Joins: rabidwh0re (~Lucas@c-76-31-77-249.hsd1.tx.comcast.net)
[10:42:46] *** Joins: heapfun (~7d83e0b2@125.131.224.178)
[10:43:22] *** Joins: t1deman (~t1deman@173-21-155-204.client.mchsi.com)
[10:45:17] <rabidwh0re> lessons learned so far: 1) angr isnt magic, 2) vuln discovery is harder than exploit dev, 3) Im pretty shit at hacking
[10:45:19] *** Joins: nerder (~c2dcb87b@194.220.184.123)
[10:46:08] <rabidwh0re> gonna spend these last hours figuring out this CGC shit
[10:47:47] <grrrr> definitely too much CGC this year
[10:48:10] <grrrr> wish there were more cool pwning, like year ago
[10:48:20] <gynophage> grrrr: Did you pop all the owning we had?
[10:48:55] <grrrr> of course I haven't, some of them are too hard for me :) But still, getting higher variety is better
[10:49:02] <Lightning> 12 of 31 were CGC, rest were not cgc related
[10:49:05] <Lightning> by my count
[10:49:18] <grrrr> that's still a lot, why so many cgc this year?
[10:49:32] <Lightning> guess 19 non-cgc wasn’t good enough then :P
[10:49:40] <gynophage> grrrr: Finals is CGC against DARPA's winning super computer.
[10:49:43] <Lightning> oh, i dunno, cgc winning computer competing in finals?
[10:49:45] <grrrr> btw, is there any syscall documentation for cgc?
[10:49:53] <gynophage> grrrr: http://cgc-docs.legitbs.net
[10:50:01] <grrrr> gynophage: ahh, ok, that's reasonable then
[10:50:18] <gynophage> grrrr: Also, half the CGC category is patching the original bug.
[10:50:28] <grrrr> gynophage: doesn't see syscall there
[10:50:29] <gynophage> The solve times for the _patched services is on the order of 2 minutes.
[10:50:43] *** Quits: nerder (~c2dcb87b@194.220.184.123) (Client Quit)
[10:50:47] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[10:50:55] <gynophage> grrrr: http://cgc-docs.legitbs.net/libcgc/cgcabi/
[10:51:13] <grrrr> thx
[10:51:28] <gynophage> <3
[10:53:02] *** Joins: sudhackar (~sudhackar@42.104.127.5)
[10:54:32] <niklasb> who can I talk to about LEGIT_00004_patch?
[10:56:01] <gynophage> Me.
[10:56:22] *** Quits: grrrr (~4e083720@dynamic-78-8-55-32.ssp.dialog.net.pl) (Client Quit)
[10:56:38] *** Joins: WebIRC67671 (~9f959462@159.149.148.98)
[10:56:56] *** Joins: xan (~ad4e0db4@173.78.13.180)
[10:57:29] *** Joins: WebIRC24417 (~56068d05@cpc2-lewi16-2-0-cust260.2-4.cable.virginm.net)
[10:59:12] *** Quits: WebIRC83603 (~75374486@em117-55-68-134.emobile.ad.jp) (Client Quit)
[10:59:40] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[11:00:25] *** Joins: Ninn (~rekt@85.204.132.144.ip4.gigabit.dk)
[11:00:46] <wyatt_earp> i find it very clever to crowd source solving the CGC with defcon quals; boss move
[11:01:22] <vito> wyatt_earp: it's not as much that as finals is going to be cgc-based
[11:01:32] <vito> so we need to train all you dopes to beat computers at their own game
[11:01:45] <vito> also FUCK this is great coffee
[11:01:50] <vito> just noticed a really nice berry undertone
[11:02:19] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[11:02:50] *** Quits: Hankein (~de800f6a@222.128.15.106) (Client Quit)
[11:02:54] <wyatt_earp> the cgc platform has been intesting, first i've ever had the chance to actually look at it
[11:03:57] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[11:04:13] <Lightning> wyatt_earp: the knowledge coming out of it could change bug hunting and defense in the industry over the years. It has introduced new ways to analyze and think about things
[11:07:01] *** Joins: WebIRC28460 (~7c333b7a@124.51.59.122)
[11:07:39] <wyatt_earp> definitely, i was reading the reddit ama from a couple of years ago and it's definitely something i'm going to have to spend more time reading on
[11:07:44] *** Joins: Dor1s (~Dor1s@p4FD62138.dip0.t-ipconnect.de)
[11:08:14] *** Joins: aradia (~aradia@cblmdm170-253-150-190.maxxsouthbb.net)
[11:10:08] *** Joins: SandwichMan (~adfaeec9@D-173-250-238-201.dhcp4.washington.edu)
[11:11:47] *** Joins: saa (~saa@41.202.78.112)
[11:11:59] *** Joins: heapheapheap (uid164996@tooting.irccloud.com)
[11:15:01] <WebIdodo> does kiss problem need gadgets in libc ?
[11:15:10] *** Joins: wh (~8a80ccdf@138.128.204.223.16clouds.com)
[11:15:42] *** Joins: WebIRC22159 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net)
[11:15:44] <Lightning> kiss wants an answer :)
[11:16:01] *** Quits: Dor1s (~Dor1s@p4FD62138.dip0.t-ipconnect.de) (Ping timeout: 252 seconds)
[11:16:40] *** Quits: WebIRC61265 (~2d4e39af@45.78.57.175.16clouds.com) (Client Quit)
[11:16:41] <wh> Hi I'am a newbie to cgc. I want to know how to compile c source file which is produced by xml-2cgc?
[11:16:59] <Lightning> i’ll have gyno poke you once he sits back down
[11:17:07] *** Quits: WebIRC22159 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net) (Client Quit)
[11:17:50] <wh> I use this command "gcc output1.c -o op -lpov" but things go wrong
[11:17:59] *** Parts: saa (~saa@41.202.78.112) ()
[11:18:45] <wh> things like "/lib/libpov.a: could not read symbols: File format not recognized"
[11:18:54] <gynophage> wh: lol.
[11:19:33] <gynophage> wh: https://github.com/CyberGrandChallenge/cb-testing/blob/master/cgc-cb.mk#L163
[11:20:00] <wh> gynophage, thanks
[11:20:18] *** Quits: kkk (~kkkk@202.120.39.99) (Client Quit)
[11:21:18] *** Quits: SandwichMan (~adfaeec9@D-173-250-238-201.dhcp4.washington.edu) (Client Quit)
[11:23:32] *** Quits: WebIRC28460 (~7c333b7a@124.51.59.122) (Client Quit)
[11:23:45] <Lightning> either everyone is sleeping or working
[11:23:47] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[11:24:47] *** Quits: WebIRC67671 (~9f959462@159.149.148.98) (Client Quit)
[11:24:47] *** Quits: Admir4l (~IceChat78@105.158.135.13) (Read error: Connection reset by peer)
[11:25:02] <Lightning> http://i.imgur.com/RtORygd.png
[11:25:51] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[11:26:14] *** Joins: SandwichMan (~adfaeec9@D-173-250-238-201.dhcp4.washington.edu)
[11:26:36] *** Quits: xan (~ad4e0db4@173.78.13.180) (Client Quit)
[11:28:35] *** Quits: wh (~8a80ccdf@138.128.204.223.16clouds.com) (Client Quit)
[11:28:39] *** Joins: wh (~8a80ccdf@138.128.204.223.16clouds.com)
[11:29:40] *** Joins: Guest92 (~textual@211.170.156.176)
[11:29:50] <gynophage> https://pbs.twimg.com/media/CZNJmkPWwAAsCyN.jpg
[11:30:53] *** Quits: wh (~8a80ccdf@138.128.204.223.16clouds.com) (Client Quit)
[11:30:58] <heapfun> is there anyone who still can't solve heapfun4u
[11:30:59] *** Joins: wh (~8a80ccdf@138.128.204.223.16clouds.com)
[11:31:03] <heapfun> maybe only me
[11:31:28] <gnomus> heapfun: we don't have it too
[11:32:03] <whatitdo> secx*
[11:34:09] *** Quits: wh (~8a80ccdf@138.128.204.223.16clouds.com) (Client Quit)
[11:34:14] *** Joins: WebIRC35378 (~9a05ae4f@d154-5-174-79.bchsia.telus.net)
[11:36:25] <vito> https://pbs.twimg.com/media/Ch1ZZRDUoAUZRwp.jpg:large
[11:36:54] <vito> https://i.warosu.org/data/tg/img/0355/87/1413646602252.jpg
[11:37:00] *** Joins: FADEC0D3_ (~FADEC0D3@c-98-210-237-5.hsd1.ca.comcast.net)
[11:37:43] *** Quits: SandwichMan (~adfaeec9@D-173-250-238-201.dhcp4.washington.edu) (Client Quit)
[11:39:33] *** Joins: WebIRC72005 (~626d2047@pool-98-109-32-71.nwrknj.fios.verizon.net)
[11:41:02] *** Joins: nerder (~c2dcb87b@194.220.184.123)
[11:41:15] *** Joins: Hankein (~72f661ad@114.246.97.173)
[11:42:43] <Lightning> oh god, gynophage is torturing us with his youtube findings… enjoy what i have on until then
[11:42:52] *** Quits: WebIRC72005 (~626d2047@pool-98-109-32-71.nwrknj.fios.verizon.net) (Client Quit)
[11:42:58] *** Joins: kkk (~kkkk@101.87.235.99)
[11:43:20] <gynophage> WAKE THE FUCK UP YALL
[11:43:22] <gynophage> ITS QUALS TIME
[11:43:57] *** Quits: nerder (~c2dcb87b@194.220.184.123) (Client Quit)
[11:47:09] <unused> is anyone aware of people livestreaming the last hours of the event? would love to watch
[11:48:31] <Lightning> you mean quals or finals?
[11:49:13] <Lightning> for quals there it is already all online, for finals we don’t like cameras in the area and in the past we hid scores on the last day to avoid knowing ranks
[11:52:17] *** Parts: FADEC0D3_ (~FADEC0D3@c-98-210-237-5.hsd1.ca.comcast.net) ()
[11:52:28] *** Joins: wmliang (wmliang@alumni.cs.nctu.edu.tw)
[11:52:45] *** Joins: WebIRC87800 (~7748c31f@em119-72-195-31.pool.e-mobile.ne.jp)
[11:53:10] *** Quits: t1deman (~t1deman@173-21-155-204.client.mchsi.com) (Remote host closed the connection)
[11:53:58] <Lightning> What’s going on?!?
[11:54:02] *** Joins: gbb (~ubuntu@ec2-54-149-226-98.us-west-2.compute.amazonaws.com)
[11:54:08] <Lightning> YEAAA YEAAA YEAA YEAHEE HAA
[11:54:24] *** Quits: shivanshu (~admin@202.3.77.204) (Ping timeout: 240 seconds)
[11:54:31] <gbb> Hey guys, what do you expect to prove for the cgc PoV? seems more than just a segfault?
[11:55:07] <vito> gbb: which one?
[11:55:12] <vito> the cuts just need a segfault
[11:55:15] <gbb> 01 or 03
[11:55:23] <vito> LEGIT_0000? needs https://cgc-docs.legitbs.net/cgc-release-documentation/walk-throughs/understanding-cfe-povs/
[11:55:31] <unused> yeah just the quals Lightning, could you direct me towards some links? can't find anything on the twitterz
[11:55:58] <gbb> ty vito
[11:56:27] <Lightning> unused: 2016.legitbs.net, https://twitter.com/LegitBS_CTF/
[11:57:44] <heapfun> in this ctf
[11:57:56] <heapfun> why there are many CGC stuffs ?
[11:58:10] <vito> if you think quals has lots of cgc, wait until you see finals
[11:58:34] <Lightning> heapfun: finals will just have the winning cgc computer competing, we thought it would be fair for the players to know how to use the stuff :)
[11:58:56] <heapfun> CGC is made by you guys?
[11:59:00] <gynophage> Nope.
[11:59:05] <heapfun> anyway
[11:59:10] <heapfun> i'm not good at enlgish
[11:59:19] <heapfun> it very burden to me read lots of cgc docs
[11:59:26] <heapfun> so can't try CGC stuff
[11:59:29] <heapfun> so sad
[11:59:54] <heapfun> can't understand why cgc is used ..
[11:59:55] <vito> it'll still be there tomorrow morning
[12:00:17] <vito> and in the future cgc technology won't be restricted to cgc binaries either so you'll have to learn it sooner or later
[12:00:45] <heapfun> is it important in security?
[12:00:54] <Lightning> heapfun: CGC was put together by DARPA, automatic bug hunting and patching
[12:00:55] *** Joins: ucq (~ucq@20290213171.warabi.ne.jp)
[12:01:05] <heapfun> hm..
[12:01:08] <Lightning> the winning setup is competing against humans this year
[12:01:13] <Lightning> in our game at least
[12:01:15] <vito> and for your job next year ha ha ha
[12:01:20] <heapfun> i spent lots of time executing legit0003
[12:01:31] <heapfun> but now i dont know how to submit answer to server
[12:01:41] <heapfun> again, i should read docs!
[12:01:49] <heapfun> but i dont know what doc should i read
[12:01:52] <heapfun> it's chaos..
[12:02:05] <heapfun> so complicate
[12:03:21] <gbb> heapfun: it's really not
[12:03:24] *** Quits: Ninn (~rekt@85.204.132.144.ip4.gigabit.dk) (Ping timeout: 240 seconds)
[12:03:25] <Lightning> i thought gyno put up a link yesterday on that stuff
[12:03:34] <gbb> it's a binary that supports a contrained number of syscalls
[12:03:51] <gynophage> http://cgc-docs.legitbs.net/
[12:03:54] <gbb> can't open fds
[12:03:55] <heapfun> ok but it takes so many time
[12:03:58] <heapfun> to execute it
[12:04:00] <gynophage> Specifically: http://cgc-docs.legitbs.net/libcgc/cgcabi/
[12:04:08] <heapfun> i should read those docs
[12:04:21] <heapfun> it's not simple things to someone who not good at eng
[12:04:29] <heapfun> it takes so many times
[12:04:36] <heapfun> i thinks it's not fair..
[12:05:04] <heapfun> i hardly make environment for executing legit0003
[12:05:06] <Lightning> we are only a small team running ctf, we didn’t create CGC
[12:05:09] <heapfun> but now i have to learn
[12:05:13] <heapfun> how to submit answer!
[12:05:22] <heapfun> pov? xml? what the
[12:05:23] <kriztw> It's also unfair to people who don't know assembly
[12:05:31] <kriztw> Which might even be a larger group!
[12:05:36] *** Joins: Ninn (~rekt@85.204.132.144.ip4.gigabit.dk)
[12:05:48] <heapfun> u compare asm and cgc ?
[12:05:57] <gynophage> heapfun: pov.
[12:05:59] <gbb> heapfun: pov https://cgc-docs.legitbs.net/cgc-release-documentation/walk-throughs/understanding-cfe-povs/
[12:06:04] <heapfun> i know that docs
[12:06:10] <gynophage> heapfun: https://github.com/CyberGrandChallenge/cb-testing/blob/master/cgc-cb.mk#L163
[12:06:24] <heapfun> i said reading is too hard
[12:06:24] <vito> one of the reasons we're hosting qualifiers this weekend is to determine who is qualified for finals
[12:06:34] *** Quits: WebIdodo (~24ea89f2@36-234-137-242.dynamic-ip.hinet.net) (Client Quit)
[12:07:03] *** Joins: shivanshu (~admin@202.3.77.208)
[12:07:16] <heapfun> is it announced before start the quals that cgc will be used?
[12:07:29] <vito> "heavily foreshadowed"
[12:07:33] <gbb> vito: doing this based on merit doesn't seem fair
[12:07:41] <gbb> /s
[12:07:41] <vito> 2015 quals had some cgc
[12:07:50] <vito> we've had blog posts about cgc for the last month
[12:08:04] <heapfun> ok..
[12:08:06] <vito> and a few hours before qualifiers we aggregated all the cgc docs in one place
[12:08:07] <heapfun> that's good..
[12:09:02] <heapfun> sorry for whining
[12:09:07] <heapfun> just whining
[12:09:23] <vito> and going by how quick the cgc category burned down, it's obvious that many teams are qualified for it
[12:09:38] <vito> sorry you're not one of them i guess ¯\_(ツ)_/¯
[12:09:42] <gbb> I regret not looking at it until now
[12:09:45] <Lightning> we also announced cgc at finals during closing ceremonies at defcon and it was repeated in a few places if i recall correctly
[12:09:58] <gynophage> heapfun: https://twitter.com/LegitBS_CTF/status/733729805674373120
[12:10:08] <gynophage> heapfun: https://twitter.com/LegitBS_CTF/status/731131033626628096
[12:10:19] <gynophage> heapfun: https://twitter.com/LegitBS_CTF/status/731131033626628096
[12:11:01] <vito> https://twitter.com/LegitBS_CTF/status/630537981166620672
[12:11:08] <vito> check the date on that one ^^
[12:11:18] <heapfun> @vito dont sarcastic
[12:11:36] <gynophage> Facts have a sarcastic bias?
[12:11:48] <heapfun> not u
[12:12:16] *** Quits: WebIRC75360 (~daa4b892@218-164-184-146.dynamic.hinet.net) (Client Quit)
[12:12:45] *** Joins: Dor1s (~Dor1s@p4FD62138.dip0.t-ipconnect.de)
[12:13:49] <Lightning> https://twitter.com/defcon/status/727960402651455489
[12:14:09] <gynophage> Meh, we've made our point. And he's made his. Those all are English.
[12:15:50] <gbb> What are all the different VMs that come with the decree vagrant file?
[12:16:40] <vito> gbb: https://cgc-docs.legitbs.net/cgc-release-documentation/walk-throughs/virtual-competiton/
[12:16:59] <gynophage> gbb: For quals, mostly a rounding error?
[12:17:20] <gynophage> But, yeah, for finals, or general CGC knowledge, that virtual-competition document is probably pretty good to read.
[12:19:14] <gbb> thanks wish i read up more before this started
[12:19:23] <vito> while i was putting those docs together i read them all, and it was the kind of thing i'd wished i'd read a year ago
[12:20:44] <gbb> yeah they seem awesome
[12:20:54] *** Quits: Dor1s (~Dor1s@p4FD62138.dip0.t-ipconnect.de) (Ping timeout: 240 seconds)
[12:21:07] <gbb> I hadn't heard about cgc until thursday. Thanks so much for making it an easy set up
[12:21:45] <gynophage> gbb: I'm glad the docs have been helpful. It's mostly a reformatting of the official CGC docs.
[12:21:53] <gynophage> And pulling them all in to one place.
[12:21:57] <gbb> that can make a big difference
[12:21:59] *** Quits: ak (~6ea1d420@u1012032.xgsnun001.imtp.tachikawa.mopera.net) (Client Quit)
[12:23:18] *** Joins: nerder (~c2dcb87b@194.220.184.123)
[12:24:33] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[12:26:08] *** Joins: ak (~6ea1d420@u1012032.xgsnun001.imtp.tachikawa.mopera.net)
[12:26:37] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[12:27:02] *** Joins: anon2121 (~anon2121@107.191.103.139)
[12:28:17] *** Quits: ak (~6ea1d420@u1012032.xgsnun001.imtp.tachikawa.mopera.net) (Client Quit)
[12:34:24] *** Joins: ak (~6ea1d420@u1012032.xgsnun001.imtp.tachikawa.mopera.net)
[12:36:15] * nwx can't wait for writeups
[12:36:59] *** Joins: t1deman (~t1deman@173-21-155-204.client.mchsi.com)
[12:37:33] *** Quits: ak (~6ea1d420@u1012032.xgsnun001.imtp.tachikawa.mopera.net) (Client Quit)
[12:38:24] *** Quits: Hankein (~72f661ad@114.246.97.173) (Client Quit)
[12:38:34] *** Joins: WebIRC63991 (~72f661ad@114.246.97.173)
[12:38:38] <WebIRC63991> legitBS like "moha" too?
[12:38:43] <WebIRC63991> exciting!
[12:41:15] <Lightning> nwx: neither can we
[12:42:16] *** Quits: Ninn (~rekt@85.204.132.144.ip4.gigabit.dk) (Ping timeout: 252 seconds)
[12:42:16] <nwx> well i haven't done a single problem...
[12:43:17] <e^ipi> vito: a pointer to the cgc IDA plugins would've been nice but other than that *shrug*
[12:43:38] <e^ipi> i found them anyway
[12:43:44] *** Quits: tyh (~tyh@71-46-77-212.res.bhn.net) (Ping timeout: 252 seconds)
[12:43:56] <[w33]Luwenth> omg, what an infomercial!
[12:44:28] *** Quits: TheVamp_ (~TheVamp@p579606D5.dip0.t-ipconnect.de) (Ping timeout: 252 seconds)
[12:44:52] <Lightning> i think im going to go find the vr system
[12:44:58] *** Quits: heapfun (~7d83e0b2@125.131.224.178) (Client Quit)
[12:45:00] *** Joins: ak (~6ea1d420@u1012032.xgsnun001.imtp.tachikawa.mopera.net)
[12:45:02] <Lightning> enjoy the next 7ish hours
[12:45:17] *** Joins: Ninn (~rekt@85.204.132.144.ip4.gigabit.dk)
[12:46:48] <Lightning> :D
[12:47:04] *** Joins: tyh (~tyh@71-46-77-212.res.bhn.net)
[12:47:44] <vito> e^ipi: adding that to my list for stuff that could be added to the docs
[12:48:24] *** Quits: sudhackar (~sudhackar@42.104.127.5) (Ping timeout: 240 seconds)
[12:53:58] *** Quits: ak (~6ea1d420@u1012032.xgsnun001.imtp.tachikawa.mopera.net) (Client Quit)
[12:54:06] <e^ipi> "How to run it" was trivial... there's a vagrant file...
[12:54:40] <e^ipi> anyway... this noob thinks it was fine, so anyone that had problems is too dumb for computers.
[12:54:47] <gynophage> e^ipi: cgc2elf is better. I hate eagle's IDA plugin.
[12:55:01] <gynophage> Last time I used it, it didn't decode string xrefs right.
[12:56:32] <e^ipi> it was like, kinda janky, but it was alright
[12:58:51] <Ymgve> gynophage: how will the finals be organized btw? boxes teams can log in on, or is everything just submitting povs and patched binaries?
[12:59:17] <gynophage> We're working on the exact implementation. But it'll more or less "rhyme" with virtual-competition.
[12:59:28] <vito> very closely
[12:59:48] <vito> we basically have to match DARPA's API if their winning CRS is going to function
[13:00:02] <gynophage> Human can adapt. Machines are kinda shitty at that. :\
[13:00:21] <vito> we've adapted most of virtual-competition's acceptance tests
[13:00:24] *** Quits: AlissonB (~alb@hackint/user/AlissonB) (Ping timeout: 240 seconds)
[13:00:33] *** Joins: hihi_em_la_ml_ne (~cb71aea5@203.113.174.165)
[13:00:38] <vito> past tense, because it's been under development for a while
[13:00:50] <hihi_em_la_ml_ne> qwer
[13:00:55] <gynophage> tyuiop
[13:00:56] <vito> tyuiop
[13:00:56] <hihi_em_la_ml_ne> ml :)
[13:01:00] <vito> gods damn you
[13:01:12] <hihi_em_la_ml_ne> dm rd hihi dm k9.clgt
[13:01:21] *** Joins: sdb (~9f959427@159.149.148.39)
[13:01:24] <gynophage> ddv,mgsnm, gsjksg8xc8 7w3 ykjhs kjhw kjrhefs
[13:01:28] *** Joins: SandwichMan (~adfaeec9@D-173-250-238-201.dhcp4.washington.edu)
[13:01:32] <hihi_em_la_ml_ne> dm hphan
[13:01:37] <hihi_em_la_ml_ne> dm rd
[13:01:59] *** Joins: whoisj0hngalt (~46b82536@wsip-70-184-37-54.tu.ok.cox.net)
[13:02:19] <Ymgve> La-li-lu-le-lo?
[13:02:33] <vito> http://www.kanyezone.com/
[13:03:21] <gynophage> Į̭̲t̨ͬ҉͚͙ ̛͚t̐ͧa̸͔ķ̓͌eͬ̽҉̶̨ ̨̨ǎ̼̘ ̸̂҉̛͎l͍̰ǫ̸̪t̙͓ ̨̧t̶͚ö̷̺ ̽͋҉̡̖m̵̵a̵̡k̸̵e̵̸ ̧̛a̶̛ ̸̛s͛ͤ҉̸̹t̶̵e̓ͫ҉̶́w͓̱
[13:03:47] *** Quits: hihi_em_la_ml_ne (~cb71aea5@203.113.174.165) (Client Quit)
[13:03:58] <gbb> anyone have a good sane doc on how to write POVs?
[13:04:10] <vito> other than the one we've linked a half dozen times?
[13:04:11] <gbb> i spent too much time trynig to exploit before realizing we didn't need to
[13:04:24] <gynophage> gdb: http://cgc-docs.legitbs.net
[13:04:26] <gynophage> Specifically...
[13:04:41] <gynophage> http://cgc-docs.legitbs.net/cgc-release-documentation/walk-throughs/understanding-cfe-povs/
[13:04:54] *** Joins: AlissonB (~alb@187.23.118.195)
[13:04:59] <gynophage> https://github.com/CyberGrandChallenge/samples/tree/master/templates/service-template
[13:05:03] <gynophage> Is good (pop folder)
[13:05:05] <vito> i'd strongly recommend starting from https://github.com/CyberGrandChallenge/samples/blob/master/templates/service-template/pov_0/pov.c or https://github.com/CyberGrandChallenge/samples/blob/master/templates/service-template/pov_1/pov.c
[13:05:07] <gynophage> pov*
[13:05:13] <vito> xml ones are garbo
[13:05:16] <vito> there i said it
[13:05:35] <gynophage> https://github.com/CyberGrandChallenge/cb-testing/blob/master/cgc-cb.mk#L163
[13:05:40] *** Quits: Guest92 (~textual@211.170.156.176) (Client Quit)
[13:05:46] <Ymgve> xml ones are OK to start with
[13:06:02] <gynophage> If you want to make an xml one, that's how you go from xml to c to binary. If you're in the CGC environment.
[13:06:11] <gbb> does the server expect a bin or xml?
[13:06:16] <vito> bin
[13:07:18] <gbb> ok
[13:10:26] *** Quits: nebel (~nicolai@130.225.98.192) (Client Quit)
[13:12:30] *** Quits: WebIRC49603 (~6f5dda04@111.93.218.4) (Client Quit)
[13:13:00] *** Quits: SandwichMan (~adfaeec9@D-173-250-238-201.dhcp4.washington.edu) (Client Quit)
[13:14:23] *** Joins: WebIRC49603 (~6f5dda04@111.93.218.4)
[13:15:39] <q3k> vito: ,3
[13:15:40] <q3k> *<3
[13:16:10] <vito> q3k: we can't get over that you put us in the same list as fail 0verflow :3
[13:16:16] <vito> feels goodman
[13:16:41] *** Joins: Dor1s (~Dor1s@p4FD62138.dip0.t-ipconnect.de)
[13:17:45] *** Quits: WebIRC49603 (~6f5dda04@111.93.218.4) (Client Quit)
[13:19:16] *** Joins: WebIRC49603 (~6f5dda04@111.93.218.4)
[13:19:17] *** Joins: soul8 (62d2ed05@m-b.clients.kiwiirc.com)
[13:21:27] <soul8> hi
[13:21:40] *** Quits: kkk (~kkkk@101.87.235.99) (Client Quit)
[13:21:41] *** Quits: twizzR (~7d1@2001:700:300:1430:dcb5:e442:6aa8:19ef) (Client Quit)
[13:21:57] <gynophage> hi
[13:22:27] *** Quits: WebIRC63991 (~72f661ad@114.246.97.173) (Client Quit)
[13:23:49] <gynophage> Vito just solved baby-re!
[13:24:05] <gynophage> They grow up so fast...
[13:25:17] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[13:26:16] *** Joins: WebIRC3633 (~49e5a8e2@c-73-229-168-226.hsd1.co.comcast.net)
[13:26:28] <gnomus> lol
[13:26:46] *** Quits: dapan (~77ca50cb@119.202.80.203) (Client Quit)
[13:26:54] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[13:26:58] *** Joins: dapan (~77ca50cb@119.202.80.203)
[13:28:15] * vito celebrates with a beer
[13:29:20] *** Quits: WebIRC49603 (~6f5dda04@111.93.218.4) (Client Quit)
[13:29:53] <ar1s> yeah done with CGC. I'm both happy and disgusted at the same time
[13:31:20] <gynophage> https://usercontent.irccloud-cdn.com/file/QueLlpLK/IMG_6261.JPG
[13:31:24] <gynophage> ROOSTER BREWSTER
[13:31:26] *** Joins: WebIRC22159 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net)
[13:32:32] <vito> once i finish this brewdog punk ipa
[13:32:35] <vito> hecho en scotland
[13:32:54] <robbje> glados was nuts. kudos
[13:33:05] <gynophage> All Lightning.
[13:36:44] *** Parts: orbit (~orbit@71-212-171-14.hlrn.qwest.net) ()
[13:37:34] *** Joins: WebIRC49603 (~6f5dda04@111.93.218.4)
[13:41:41] <[w33]Luwenth> w33 - struggling to get some points at the last hours :(
[13:41:53] <[SaH]NGG> Hi! I have another problem with cgc problem. For legit_00004 if I send a pov even with an empty main function, it says timeout. It looks like the code inside main doesn't even start.
[13:42:05] <Lightning> glad you liked it robbje
[13:42:13] <[w33]Luwenth> You'd think we'd get better at this, we just get older and feel more stupid each year. Maybe this will be the year we'll find time to practice ...
[13:42:38] <Lightning> we try to not just create challenges from research papers :)
[13:42:43] <wyatt_earp> have a kid, it helps i hear
[13:42:55] <[SaH]NGG> If I tried to debug the pov with cb-replay-pov's --attach_port then gdb shows it's somewhere trying to do some regex magic, but we do not even call regex functions
[13:43:37] <cai> so tired :/
[13:43:43] <Lightning> gotta love twitter things, people complaining about the ctf just being cgc and binaries and no forensics. i don’t recall last time we had forensics :P
[13:43:54] <vito> i've had four cups of coffee and got up pretty late, all good here cai
[13:43:57] <gynophage> Lightning: "We"? Never.
[13:44:52] <cai> vito: haha, yeah, i don't drink coffee normally but i needed some caffeine this morning.
[13:45:06] <gynophage> cai: Having fun?
[13:45:08] <vito> this coffee was soooo fucking great
[13:45:20] <[w33]Luwenth> It's been a few years, w33t34m misses them. I think there are reasonable forensic challenges to be made, but I figure I shouldn't bitch until I can have a few examples :)
[13:45:23] <vito> roasted it tuesday, did a drip brew with it for the first time today
[13:45:25] <cai> gynophage: yep.
[13:45:25] <j00ru> eu easier down?
[13:45:31] <gynophage> cai: Glad.
[13:45:34] <vito> some really great flavor notes came up
[13:45:37] <vito> almost cried
[13:45:45] <vito> like i almost cry every time i watch frozen
[13:45:47] <gynophage> j00ru: I'll take a look. We've got nagios watching it now, but it only tells me every 5 minutes.
[13:45:54] <cai> not a fan of this intense race tho
[13:45:58] <j00ru> thx
[13:45:59] <[w33]Luwenth> vito: I've only watched it once, I almost cried that I had to watch the whole thing.
[13:46:01] <sirgoon> you can't sleep now gotta get that last challenge!
[13:46:02] *** Quits: daniel-wer (~8d594bb5@75-181.wlan.rz.uni-potsdam.de) (Client Quit)
[13:46:07] <gynophage> j00ru: Try now?
[13:46:10] <j00ru> works thx
[13:46:12] <gynophage> <3
[13:46:12] <Lightning> wyatt_earp: my kids got me up at 6:30 after getting to bed at 1am, they don’t help :P
[13:46:13] <cai> sirgoon: we will
[13:46:14] <vito> [w33]Luwenth: yeah i've only watched it once
[13:46:18] <vito> it's no "fury road"
[13:46:28] <[w33]Luwenth> WHICH I STILL HAVEN'T SEEN!
[13:46:31] <gynophage> Bouncing the other instances because reasons.
[13:46:45] <[w33]Luwenth> I may have to go buy a couple movies and let my brain solidify later
[13:47:05] <vito> watched it for the fifth time on the way to cccamp after def con last year
[13:47:07] <vito> so great
[13:47:11] <gynophage> Bounced them all.
[13:47:23] <Lightning> [w33]Luwenth: got get a vive, it’s a blast to play with
[13:47:46] <gynophage> Whenever somebody picks up the vive, we lose them for at least an hour.
[13:47:53] <gynophage> Duchess was gone for like 3 yesterday.
[13:48:14] *** Quits: WebIRC49603 (~6f5dda04@111.93.218.4) (Client Quit)
[13:48:27] *** Joins: WebIRC49603 (~6f5dda04@111.93.218.4)
[13:48:30] <wyatt_earp> Lightning: true story. it was 3am for me ... glad i was still up doing ctf?
[13:48:56] <Lightning> are you glad you were? I got some rest, been relaxing today :)
[13:49:01] <Lightning> you relaxed?
[13:49:03] *** Quits: sdb (~9f959427@159.149.148.39) (Client Quit)
[13:50:04] *** Quits: WebIRC49603 (~6f5dda04@111.93.218.4) (Client Quit)
[13:50:48] <wyatt_earp> open('relax.txt', 'r'); raise file not found
[13:52:22] *** Joins: WebIRC49603 (~6f5dda04@111.93.218.4)
[13:52:43] *** Joins: andrei (xed@hackint/user/xed)
[13:52:58] <[w33]Luwenth> a vibe?
[13:53:53] <vito> pontiac
[13:54:13] <vito> https://upload.wikimedia.org/wikipedia/commons/5/53/2007_Pontiac_Vibe_--_NHTSA.jpg
[13:54:16] <gnomus> have you tried VR pr0n?
[13:54:34] *** Quits: soul8 (62d2ed05@m-b.clients.kiwiirc.com) (Client Quit)
[13:54:36] <[w33]Luwenth> You should throw the vive video into this mix :)
[13:54:44] *** Quits: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net) (Client Quit)
[13:55:00] *** Parts: andrei (xed@hackint/user/xed) ()
[13:55:01] <gynophage> [w33]Luwenth: I wonder if this supports live streaming...
[13:55:38] *** Joins: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net)
[13:55:46] <gynophage> bool101: !
[13:55:51] <bool101> !
[13:56:29] <[w33]Luwenth> gynophage: The vive itself? That'd be a bad combo with the vr pr0n
[13:56:40] <bool101> enjoyed crunchtme nice one lightning
[13:56:42] *** Quits: tyegas (~caef44e3@st0035.nas811.p-kyoto.nttpc.ne.jp) (Client Quit)
[13:56:47] <vito> unironically love how DARPA funds /r/shittyrobots with the robotics grand challenge
[13:56:49] <vito> yeah
[13:56:53] <vito> if you thought cgc shit was finicky
[13:56:57] <vito> try irl
[13:57:05] <Lightning> you guys should be happy, i spent 6 months on 6 challenges instead of 6 months on 1 :)
[13:57:19] <Lightning> bool101: glad you enjoyed it :)
[13:57:22] <bool101> very happy! which were your other 5?
[13:57:26] <[w33]Luwenth> Lightning: Does that mean you've gotten better at creating challenges?
[13:58:06] <[w33]Luwenth> Re: vive - For $1600 ... I can spend my money on other things.
[13:58:21] <Lightning> no, it means i didnt take the time to top dosfun4u or byte sexual (GiTS) type things
[13:58:53] <[w33]Luwenth> Is the vive good for games like Civ? :)
[13:59:04] <bool101> it's goof for VR pr0n
[13:59:05] <gynophage> [w33]Luwenth: No Civ like games yet.
[13:59:13] <bool101> *good
[13:59:15] <vito> is the vive good for stephen's sausage roll
[13:59:25] <gynophage> I'm actually really excited about dota2 spectator mode.
[13:59:50] <gynophage> https://www.youtube.com/watch?v=009z6g1D6Dw
[13:59:58] <[w33]Luwenth> Lightning: I don't remember those, but I'll assume they were problems that would be hard to beat
[14:00:01] <gnomus> HotS > dota2
[14:00:17] <vito> Hoverboarding on the Sauce
[14:00:20] <bool101> every link from gynophage feels like a risky click
[14:00:22] <gynophage> gnomus: I agree, but HotS doesn't have a good VR spectator mode.
[14:00:25] <Lightning> bool101: were they hard? i suspect you know
[14:00:35] <Lightning> as a 3rd party
[14:00:40] <gynophage> bool101: To be fair, you've been clicking my links all weekend (who do you think controls the scoreboard...)
[14:00:41] <gnomus> gynophage: VR play would be cool
[14:00:45] <[w33]Luwenth> gynophage: That looks like an interesting way to play dota
[14:00:50] <vito> it's me
[14:00:52] <gynophage> gnomus: Not as cool as you think.
[14:00:54] <vito> i control the scoreboard
[14:00:54] <bool101> lol
[14:01:01] <bool101> they were medium difficulty
[14:01:15] <vito> https://usercontent.irccloud-cdn.com/file/9NutJPay/DEF%20CON%20CTF%202016%202016-05-22%2014-01-08.png
[14:01:17] <vito> totally control that scoreboard
[14:01:17] <gynophage> gnomus: If your body thinks you move, but you don't move, headache city.
[14:01:20] <[w33]Luwenth> if I ever break the scoreboard, I am going to rickroll the entire contest :)
[14:01:21] <bool101> not defcon finals hard
[14:01:38] <[w33]Luwenth> (likelyhood of this happening, probably about 10 minutes after I win the lottery)
[14:01:42] <gynophage> Makes FPS games, and (I imagine) RTS kinda rough.
[14:01:56] <gnomus> propably
[14:02:08] <gnomus> they'll find solutions to sell to us
[14:02:19] <Lightning> [w33]Luwenth: byte sexual would show up as a 32bit binary but at the block layer (everytime it branched) it would alter between 32 and 64bit code execution. dosfun4u was 16bit dos protected mode with a key in memory and a key on the harddrive. for every team that got code exec and read the key from memory, it would take them another 4 hours for the harddrive due to how bad it was to write shellcode for.
[14:02:48] <gynophage> [w33]Luwenth: dosfun: https://github.com/legitbs/quals-2014/tree/master/dosfun4u
[14:02:54] <bool101> anyone ever seen a SMM CTF problem?
[14:02:57] *** Joins: WebIRC68682 (~caef44e3@st0035.nas811.p-kyoto.nttpc.ne.jp)
[14:03:16] <gynophage> bool101: Kinda hard to do online and trust all the teams to not fuck everything up. :\
[14:03:53] <[w33]Luwenth> 2 keys, one with a built-in 4 hour delay to be able to access?
[14:04:10] <Lightning> nope
[14:04:34] <Lightning> rewriting execing shellcode on it took a minimum 4 hours due to how hard it was to write shellcode due to the bug
[14:04:39] *** Joins: bono (~caf7591d@FL1-202-247-89-29.gif.mesh.ad.jp)
[14:04:51] <bool101> back to hacking ttyl
[14:06:00] *** Joins: soul8 (62d2ed05@m-b.clients.kiwiirc.com)
[14:06:39] <gynophage> soul8: vito is in VR right now.
[14:08:15] *** Joins: Guest92 (~textual@211.170.156.176)
[14:08:18] *** Quits: cx (~Adium@189.217.214.103) (Client Quit)
[14:08:47] *** Parts: bono (~caf7591d@FL1-202-247-89-29.gif.mesh.ad.jp) ()
[14:10:19] *** Joins: cx (~Adium@189.217.214.103)
[14:10:40] *** Quits: Guest92 (~textual@211.170.156.176) (Client Quit)
[14:11:20] <cai> yo
[14:11:21] <cai> gynophage:
[14:11:26] <cai> why is your submission saying 500
[14:11:28] <tylerni7> ^
[14:11:55] *** Joins: bono (~caf7591d@FL1-202-247-89-29.gif.mesh.ad.jp)
[14:12:07] <b2xiao> yeah
[14:12:14] <b2xiao> your submissions are teh broken
[14:12:28] <cai> it's probably because it doesn't know how to handle burning challenge when there's none to open
[14:13:07] <cai> vito:
[14:13:09] <b2xiao> lolol
[14:14:17] *** Joins: attila (~attila@75-128-10-12.dhcp.snlo.ca.charter.com)
[14:14:23] <vito> lol shit
[14:14:25] <Lightning> he went to get Vito to look
[14:14:30] <gbb> for cripple, is it expected that it will actually mangle a hardcoded string I enter?
[14:14:45] *** Quits: WebIRC49603 (~6f5dda04@111.93.218.4) (Client Quit)
[14:14:52] <Lightning> does the example work?
[14:15:53] <gynophage> Try now?
[14:16:11] <cai> worked
[14:16:16] <b2xiao> yaaaay
[14:16:16] <cai> Cool
[14:16:18] <cai> Thanks!
[14:16:19] <sirgoon> congrats!
[14:16:28] <hj> nice
[14:16:43] <robbje> congrats, PPP
[14:16:54] <cai> ty
[14:17:30] <gynophage> After all those prequals I was worried you guys wouldn't get in. :-p
[14:17:39] <b2xiao> D:
[14:17:45] <gynophage> <3
[14:18:04] <Lightning> congrats
[14:18:16] <gbb> Lightning:Yeah i guess it just looks mangled because it's not sending back my non ascii
[14:18:22] <tylerni7> gynophage: I mean, you made the second place in one of the CTFs not count...
[14:18:39] <tylerni7> :P
[14:18:40] <Lightning> it’s not gcc or llvm on the back end
[14:18:41] <b2xiao> and codegate wasn't a qualifier :P
[14:18:56] <gynophage> I hear we didn't miss much by doing that.
[14:19:04] *** Quits: q1a1 (~Thunderbi@111.93.218.4) (Ping timeout: 252 seconds)
[14:19:05] <tylerni7> and we can't play in our own ctf..
[14:19:06] *** Quits: ravencoding (~1b5d5115@KD027093081021.ppp-bb.dion.ne.jp) (Client Quit)
[14:19:18] <b2xiao> yeah haha, hosting a qualifier doesn't count for qualification
[14:19:25] <tylerni7> (not that it should)
[14:19:39] <robbje> all these excuses...
[14:19:41] <robbje> ;)
[14:19:45] *** Quits: WebIRC3633 (~49e5a8e2@c-73-229-168-226.hsd1.co.comcast.net) (Client Quit)
[14:19:50] <gynophage> For those who don't know, the game is *still* running.
[14:19:58] <gynophage> For another ~6 hours.
[14:20:05] <b2xiao> so yeah, don't say nothing about any of the challenges
[14:20:05] <gynophage> So, get qualified.
[14:20:36] <gynophage> And, yeah, this isn't time to show all the cards.
[14:20:43] <gynophage> Post game shit talk in 6 hours. :)
[14:20:46] <WebIRC22159> now's the time to drop a web chal
[14:20:49] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[14:20:53] <ReidB> Unless your cards are sweet gen 1 magic cards.
[14:20:56] <ReidB> Then show them all.
[14:21:06] <gynophage> WebIRC22159: PPP found the web chal. Vito has to solve the 500 error. :-p
[14:21:37] <cai> ;)
[14:21:46] <cai> Was my guess correct?
[14:21:47] <wyatt_earp> i was so excited
[14:21:56] <gynophage> cai: We'll let you know?
[14:22:08] <cai> cool
[14:22:08] <vito> i don't believe it is
[14:22:15] <cai> huh interesting.
[14:22:17] <stypr> grats ppp
[14:22:19] <Rex> congratulation PPP!
[14:22:25] <vito> figuring out which hot challenges are left is done somewhere other than in the solve challenges screen
[14:22:32] <Rex> always impressive :p
[14:24:34] <vito> of course urgent web shit happens /after/ i've started drinking
[14:24:35] <vito> :P
[14:24:38] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[14:24:41] <cai> heh
[14:24:54] <WebIRC22159> just need to revert that sql change
[14:24:58] <WebIRC22159> and we'll have a chance
[14:25:07] <vito> downloading the database to run locally
[14:25:14] *** Joins: exploit7002 (~test@121.65.54.156)
[14:25:27] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[14:27:10] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[14:28:10] *** Quits: anotherctfer (~d8a94d9c@216.169.77.156) (Client Quit)
[14:28:54] *** Quits: WebIRC63556 (~c6e9cca6@198.233.204.166) (Client Quit)
[14:29:00] <vito> just joined ppp
[14:29:03] <niklasb> hi who can I ask about legit_00004? gynophage can I pm?
[14:29:14] <b2xiao> vito: welcome!
[14:29:18] <vito> thanks!
[14:29:20] <Lightning> remember when keygens use to be interesting?
[14:29:35] <Lightning> niklasb: wait a few minutes, he stepped away to talk to one of the guys
[14:29:45] <Lightning> unless vito jumps in but he’s tracking down a web issue
[14:29:58] <vito> i don't know shit 'bout legit 4
[14:30:34] <e^ipi> vito: just never stop drinking, then you're functional even when you're drunk
[14:30:41] <vito> yeah i watch archer too
[14:32:26] <vito> goddamn it
[14:32:33] <vito> it's just some cheevo code i forgot to take out /cc cai
[14:32:46] <vito> cheevo code that literally never got called since nobody won the year we had cheevos
[14:32:53] <b2xiao> cheevo meaning
[14:33:01] <cai> haha
[14:33:04] <cai> achievement?
[14:33:06] <gynophage> achievement
[14:33:09] <[w33]Luwenth> They're like cheetos, but green
[14:33:11] <[w33]Luwenth> Never sold well.
[14:33:12] <vito> b2xiao: https://legitbs.net/statdump_2014/achievements.html
[14:33:32] <cai> vito: could not have guessed that one ;)
[14:34:00] <vito> neither could i, heh
[14:34:05] * vito reënters the matrix
[14:34:47] *** Quits: arbiter_ (uid60882@2001:67c:2f08:6::edd2) (Client Quit)
[14:36:10] <b2xiao> huh
[14:36:16] <b2xiao> well, I saw mention of achievements
[14:36:17] <cai> time to sleeeep
[14:36:19] *** Quits: cx (~Adium@189.217.214.103) (Client Quit)
[14:36:20] <b2xiao> but no actual...achievements
[14:36:26] *** Joins: SandwichMan (~adfaeec9@D-173-250-238-201.dhcp4.washington.edu)
[14:37:35] *** Quits: meumeu (~a3981417@163.152.20.23) (Client Quit)
[14:38:01] *** Quits: WebIRC90506 (~02@2a02:1205:34db:7ab0:d4c1:1f90:bb92:be32) (Client Quit)
[14:38:08] *** Quits: attila (~attila@75-128-10-12.dhcp.snlo.ca.charter.com) (Ping timeout: 252 seconds)
[14:39:53] *** Joins: tyh_ (~tyh@71-46-77-212.res.bhn.net)
[14:42:32] *** Quits: tyh (~tyh@71-46-77-212.res.bhn.net) (Ping timeout: 252 seconds)
[14:45:48] <uri> is int3rupt working well on eu?
[14:47:29] <Lightning> checking
[14:47:57] <Lightning> works for me
[14:48:03] <Lightning> threw the exploit at it
[14:49:54] <uri> thanks for checking, it started behaving different all of a sudden
[14:51:50] *** Joins: WebIRC13502 (~c6e9cca6@198.233.204.166)
[14:51:52] <Lightning> i didn’t do anything, just threw the exploit
[14:54:20] *** Quits: SandwichMan (~adfaeec9@D-173-250-238-201.dhcp4.washington.edu) (Client Quit)
[14:54:24] *** Quits: rabidwh0re (~Lucas@c-76-31-77-249.hsd1.tx.comcast.net) (Ping timeout: 240 seconds)
[14:56:54] *** Quits: exploit7002 (~test@121.65.54.156) (Ping timeout: 240 seconds)
[14:57:33] *** Quits: rok__ (uid35317@id-35317.tooting.irccloud.com) (Client Quit)
[14:57:40] <[w33]Luwenth> Now do you open up the "super-easy" category to give PPP something to do with the rest of their weekend? :)
[14:58:29] *** Quits: gael (~gael@2a01:e35:2425:a090:28e2:832:1c59:5d70) (Client Quit)
[14:58:42] <Lightning> i’m sure they already closed up shop and are off drinking
[14:59:59] <Lightning> tick tock tick tock, 5 hours left to get your slot for finals!
[15:00:04] *** Quits: WebIRC24417 (~56068d05@cpc2-lewi16-2-0-cust260.2-4.cable.virginm.net) (Client Quit)
[15:01:58] *** Quits: digitalseraphim (~digitalse@cpe-74-78-215-239.twcny.res.rr.com) (Ping timeout: 252 seconds)
[15:02:58] *** Joins: rabidwh0re (~Lucas@c-76-31-77-249.hsd1.tx.comcast.net)
[15:04:10] <mandlebro> is 666 cuts ok?
[15:06:20] <zozo> 666 is ok
[15:06:54] <ccm> uri it is working
[15:07:06] <mandlebro> sry being nab
[15:09:35] *** Quits: rabidwh0re (~Lucas@c-76-31-77-249.hsd1.tx.comcast.net) (Ping timeout: 252 seconds)
[15:12:01] *** Quits: whoisj0hngalt (~46b82536@wsip-70-184-37-54.tu.ok.cox.net) (Client Quit)
[15:13:09] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[15:14:51] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[15:15:48] *** Joins: rabidwh0re (~Lucas@c-76-31-77-249.hsd1.tx.comcast.net)
[15:16:00] *** Joins: ssq (~02@2a02:a317:c940:2b00:4cac:f85a:c0d0:e100)
[15:16:02] <ssq> hey
[15:16:06] <Lightning> hi
[15:16:21] <ssq> how to compile/transform/whtever my xml PoV into binary format? (I guess, I have to send it in raw-binary?)
[15:16:48] *** Joins: offw0rld (~offw0rld@178.73.197.119)
[15:16:55] <offw0rld> hi
[15:17:06] <Lightning> gynophage *poke*
[15:17:10] <offw0rld> hi, i have a good Key1 for step, but in local, do not prompt key2, only exit1, it's normal ?
[15:18:08] <gynophage> ssq: https://github.com/CyberGrandChallenge/cb-testing/blob/master/cgc-cb.mk#L163
[15:19:13] <soul8> strange, cores with xml but not povxml
[15:21:31] <[w33]Luwenth> Is *that* what a vive looks like? :)
[15:21:41] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[15:21:46] <vito> big ass goggles?
[15:21:47] <gynophage> [w33]Luwenth: https://youtu.be/Xn5fZcS_EjM YUUUUUP
[15:21:47] <vito> yeah
[15:22:23] *** Joins: WebIRC63991 (~72f661ad@114.246.97.173)
[15:22:48] <Lightning> the aperature lab area is fun and looks better imo
[15:23:21] <[w33]Luwenth> I am kind of disturbed, you painted your living room one of the colors that I painted my bedroom.
[15:23:31] <gbb> http://cgc-docs.legitbs.net/cgc-release-documentation/walk-throughs/understanding-cfe-povs/ first link is broken
[15:23:46] <vito> the one to darpa's documents page?
[15:24:18] <gbb> Yes
[15:24:31] <nwx> lol https://www.youtube.com/watch?v=UW8sQmBzgOM @gynophage
[15:24:43] *** Joins: sudhackar (~sudhackar@42.104.127.5)
[15:24:57] <vito> gbb: i'd claim that it's obsoleted by the doc you're reading :P but i'll see what i can do
[15:24:59] <vito> later tho
[15:25:00] <gynophage> nwx: LBS built a CRS. What of it?
[15:25:12] <nwx> ?
[15:25:19] <gbb> just fyi yeah your docs are fine
[15:25:27] *** Quits: rabidwh0re (~Lucas@c-76-31-77-249.hsd1.tx.comcast.net) (Client Quit)
[15:26:03] *** Joins: breadsticks (~breadstic@64.184.102.169)
[15:27:32] *** Joins: JoyRe (anon1@gateway/tor-unverified)
[15:29:41] <soul8> anyone know why an xml pov would segfault but the built binary pov would not? (same instructions except negotiation details)
[15:32:44] <gynophage> soul8: It wouldn't.
[15:32:54] *** Quits: poizan42 (~poizan@130.225.98.192) (Ping timeout: 240 seconds)
[15:34:30] *** Joins: q1a1 (~Thunderbi@111.93.218.4)
[15:37:07] *** Quits: bburky (~bburky@ip68-12-139-147.ok.ok.cox.net) (Client Quit)
[15:37:58] *** Quits: oszi (~oszi@hackint/user/oszi) (Quit: Input/output error)
[15:38:41] <Lightning> i loved that game
[15:38:53] *** Quits: WebIRC63991 (~72f661ad@114.246.97.173) (Client Quit)
[15:39:29] *** Quits: ssq (~02@2a02:a317:c940:2b00:4cac:f85a:c0d0:e100) (Client Quit)
[15:39:32] *** Joins: oszi (~oszi@hackint/user/oszi)
[15:39:46] *** Joins: fff (~02@2a02:a317:c940:2b00:4cac:f85a:c0d0:e100)
[15:39:57] <fff> hey, who is responsible for CGC and who may I PM ?
[15:40:46] <Lightning> bug gynophage
[15:41:12] *** Quits: at1as (~at1as@kurios.r4780y.com) (Ping timeout: 252 seconds)
[15:45:23] *** Quits: war3tease (~5f4c8127@95.76.129.39) (Client Quit)
[15:48:23] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[15:48:32] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[15:50:03] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[15:50:04] <soul8> PoV stands for proof of virility right
[15:50:16] <Lightning> proof of virgin
[15:50:26] <soul8> oh much more sense
[15:50:47] *** Quits: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net) (Client Quit)
[15:51:01] <nwx> lol
[15:51:56] <soul8> was looking up "dtd pov" on google, needed the keyword "format" in there
[15:52:31] *** Joins: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net)
[15:58:04] *** Quits: rhydis (~rhydis@anon-37-177.vpn.ipredator.se) (Ping timeout: 252 seconds)
[15:58:37] *** Joins: attila (~attila@75-128-10-12.dhcp.snlo.ca.charter.com)
[16:00:52] <Lightning> 4 hours to go :)
[16:01:55] <nwx> :(
[16:06:49] <spq> who can we ask something about badger?
[16:08:33] <gynophage> Me or sirgoon.
[16:12:00] *** Quits: rg (~rg@S010600fc8da50eb3.cg.shawcable.net) (Ping timeout: 252 seconds)
[16:12:20] *** Joins: bic (~d1939028@209-147-144-40.nat.asu.edu)
[16:12:48] *** Joins: dinggul (~dinggul@143.248.249.74)
[16:12:49] *** Quits: bic (~d1939028@209-147-144-40.nat.asu.edu) (Client Quit)
[16:15:19] *** Joins: cx (~Adium@189.217.214.103)
[16:15:57] *** Quits: shivanshu (~admin@202.3.77.208) (Ping timeout: 252 seconds)
[16:16:20] *** Joins: shivanshu (~admin@202.3.77.208)
[16:18:10] <hoju> this guy inspired me as a teenager to get into Maya 3D
[16:18:46] <jiggajuice> well, the maya were wrong
[16:19:58] <[w33]deorth> I have a friend who was a huge maya person, trained folks in it. Works at Autodesk now
[16:20:31] <hoju> is his desk automatic?
[16:20:53] <[w33]deorth> autodesk make maya :P
[16:20:58] <[w33]deorth> but her desk may well be automatic
[16:21:57] <hoju> good
[16:22:06] <[w33]deorth> I know mine is :)
[16:23:23] *** Joins: structure (~440eaa68@ip68-14-170-104.ok.ok.cox.net)
[16:27:39] *** Quits: cd80 (~7941369c@121.65.54.156) (Client Quit)
[16:32:21] <ar1s> how many teams from the top score will go to vegas ?
[16:32:28] *** Quits: nerder (~c2dcb87b@194.220.184.123) (Client Quit)
[16:32:31] <[w33]deorth> 9 I think
[16:32:42] <[w33]deorth> or maybe 8 plus 1 alt
[16:33:00] <[w33]deorth> then theres the prequalified folks from 5 other ctfs
[16:33:02] <Lightning> 8
[16:33:06] <[w33]deorth> and the CGC computer
[16:33:32] <Lightning> 15 total teams, cgc is the 15th. so 14 humans. there are 6 qualified
[16:33:41] <[w33]deorth> what he said :)
[16:33:54] <ar1s> hmm k
[16:34:01] <[w33]deorth> +-1 makes little difference to those of us with zero points ;)
[16:34:02] <Lightning> so top 8, skipping any that already qualified (DEFKOR for instance)
[16:34:21] <ar1s> so we better go back to #8 :)
[16:35:06] <Lightning> just make sure you stay high enough :)
[16:35:14] <[w33]deorth> "win the game"
[16:35:20] <[w33]deorth> easy goal
[16:35:31] <[w33]deorth> :)
[16:37:35] <Lightning> PPP already did that, at this point you just need to be in the top :)
[16:38:08] *** Joins: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968)
[16:38:13] *** Quits: lurcifer (~a29@2601:143:4202:ba5c:a8d0:d4ca:365e:2968) (Client Quit)
[16:38:58] *** Joins: WebIRC63991 (~72f661ad@114.246.97.173)
[16:40:11] <withzombies> did ppp solve everything?
[16:40:17] <fff> yup
[16:41:03] <ar1s> https://blog.legitbs.net/2016/05/quick-quals-qupdate.html " Online Jeopardy style, qualifying eight teams"
[16:41:16] *** Joins: dvx (~dvx@dyn.144-85-230-014.dsl.vtx.ch)
[16:41:56] *** Parts: mattypiper (~mattypipe@216.68.89.100) ()
[16:47:05] *** Joins: gael (~gael@37.163.131.174)
[16:50:08] *** Quits: shivanshu (~admin@202.3.77.208) (Ping timeout: 252 seconds)
[16:50:40] <fff> btw, will Defcon2017 also be full of CGC?
[16:51:02] *** Joins: shivanshu (~admin@202.3.77.208)
[16:51:20] <Lightning> other than this year we’ve never announced what the next year will contain
[16:51:38] <gnomus> DEFCON 2017 will be web only
[16:51:52] <fff> ok :)
[16:51:56] <johncool> gnomus: don't forget stega
[16:52:00] <gnomus> yeh
[16:52:03] *** Quits: WebIRC63991 (~72f661ad@114.246.97.173) (Client Quit)
[16:52:20] <Lightning> stego with the rare option that has to be compiled into a tool no one uses? :)
[16:52:23] <gynophage> gnomus: Not if we're still running it.
[16:52:38] <gynophage> If we host next year, we should run all quals challenges on port 80.
[16:52:59] <fff> and the harder ones on 443 ;]
[16:53:00] <gnomus> you shall upload your POVs over http
[16:53:00] <Lightning> or 443
[16:54:12] *** Joins: mallle (~mallle@2a03:f80:ed15:37:235:60:56:1)
[16:54:15] *** Joins: Pyxel (~446564bd@ip68-101-100-189.oc.oc.cox.net)
[16:55:20] *** Parts: Pyxel (~446564bd@ip68-101-100-189.oc.oc.cox.net) ()
[16:56:04] <gynophage> gnomus: If we host next year, we will *NOT* be doing CGC.
[16:57:42] <fff> why not?
[16:58:04] *** Joins: jawaharlal (uid120577@2604:8300:100:200b:6667:5:1:d701)
[16:58:42] *** Joins: WebIRC83603 (~7748c747@em119-72-199-71.pool.e-mobile.ne.jp)
[16:59:02] <Lightning> at that point it’s been done?
[16:59:56] <fff> thought your goal was to make cgc be more popular, so more and more ctfs will be in that form
[17:00:20] <Lightning> isn’t that we are doing this year? Bringing even more attention to CGC?
[17:01:13] <fff> bringing attention should have any goal. The only goal I see could be "yay, cgc is so awesome, it should be in every ctf'
[17:01:24] <fff> what's your other goal in bringing attention then?
[17:01:58] <gynophage> fff: You seem to have misunderstood.
[17:02:12] <gynophage> My goal is to qualify people to play finals.
[17:02:12] <Lightning> The work done to compete in CGC is changing the types of tools and thoughts that can change bug hunting and auto patching of systems. That is a game changer itself in the security world.
[17:02:15] <gynophage> That's what a qualifier does.
[17:02:32] <nwx> https://goo.gl/aMN2Aj
[17:02:33] <gynophage> If that weren't my goal, the qualifying criteria would be "who buys gynophage the nicest thing"
[17:02:36] <Lightning> But the qualifier for this year puts humans vs computer, see how things go
[17:03:19] <gynophage> This year, finals is CGC. To play against the CGC computer.
[17:03:21] <fff> ok, so if finals wasn't be human vs computer, then there woudn't be so many cgcs, right?
[17:03:28] <fff> ok, got ya ;]
[17:03:30] <gynophage> fff: Yes.
[17:03:44] <gynophage> There's no CGC game next year.
[17:03:54] <gynophage> So, fuck it. Spectacle over.
[17:04:49] <robbje> computer wins DEF CON CTF, humans give up, end of story
[17:05:30] <gynophage> lol
[17:06:44] <ar1s> computers better than humans, humans ruled obsolete
[17:07:09] *** Joins: SandwichMan (~adfaeec9@D-173-250-238-201.dhcp4.washington.edu)
[17:07:15] <ar1s> at least it didn't stop humans from playing chess, but it introduced many opportinities for cheating
[17:07:37] *** Joins: nerder (~c2dcb87b@194.220.184.123)
[17:07:44] <gynophage> ar1s: I mean, that's more or less what's going to happen with CGC.
[17:08:01] *** Quits: criple_ripper (~criple_ri@ppp141237133222.access.hol.gr) (Client Quit)
[17:08:04] <gynophage> These CRS's exist in different forms of completion, for "Linux" with a different sys call table.
[17:08:18] <gynophage> How long is it going to take to port them to the 50 sys calls Linux CTFs use?
[17:09:19] <ar1s> I think the computer will pwn everyone and get the best score the first day
[17:09:35] <ar1s> then more and more subtle bugs will be solved by humans
[17:09:55] <ar1s> it all depends on the score system to see who will win
[17:09:56] <gynophage> Probably. But there's only one way to find out. :)
[17:10:31] <ar1s> btw if there's a machine that could solve Legit_00004 automatically, I want to see it
[17:10:38] <gynophage> Me too.
[17:12:03] *** Quits: nerder (~c2dcb87b@194.220.184.123) (Client Quit)
[17:13:01] <gynophage> I'm really curious how humans and computers will stand against each other.
[17:13:16] <gynophage> And I'm in the perfect position to ask the question.
[17:14:01] <ar1s> do we know already whose research team will have the gcg computer ?
[17:14:29] <stach> my guess is the computer rack will stand taller than most humans :P
[17:14:56] <gynophage> ar1s: http://cybergrandchallenge.com/site/index.html#teams
[17:15:15] <gynophage> We won't know who qualifies until the day before DEF CON CTF Finals.
[17:15:55] <ar1s> nice
[17:16:59] *** Quits: cx (~Adium@189.217.214.103) (Client Quit)
[17:17:24] *** Quits: breadsticks (~breadstic@64.184.102.169) (Ping timeout: 240 seconds)
[17:18:46] *** Joins: v1d (~32faca52@50.250.202.82)
[17:18:51] *** Joins: WebIRC3633 (~49e5a8e2@c-73-229-168-226.hsd1.co.comcast.net)
[17:18:55] <Lightning> i’m to help you guys not have to hear gyno’s selections :P
[17:19:40] <Lightning> less than 3 hours, come on guys, losing time to get your slots :)
[17:20:06] <[w33]Luwenth> Oh wait, I have this pile of answers to submit!
[17:20:08] <[w33]Luwenth> (not)
[17:20:28] *** Quits: WebIRC3633 (~49e5a8e2@c-73-229-168-226.hsd1.co.comcast.net) (Client Quit)
[17:20:48] <wyatt_earp> The key is: <** stack smashing detected **>
[17:21:36] *** Joins: anotherctfer (~d8a94d9c@216.169.77.156)
[17:21:46] <ar1s> prepare it in a <data> tag
[17:22:26] <likestoplay> gynophage: Lightning: what happens if a cgc team and human team both qual
[17:22:32] <likestoplay> ala Shellphish or FaS/PPP
[17:22:55] <gynophage> Mike Walker, the DARPA PM in charge of CGC has asked that if that happens, the humans don't participate.
[17:23:15] <gynophage> I imagine we'll just have 1 fewer slot at finals.
[17:23:33] <gynophage> I don't want to spin a team out there hoping they might maybe get in.
[17:23:47] <likestoplay> no alternates?
[17:23:59] <gynophage> alternates would favor US based teams.
[17:24:09] <Lightning> a lot of teams are international, a cost issue for them to come to not play. don’t want to favor last minute US teams
[17:24:11] <likestoplay> not if theyd be at defcon already anyway
[17:24:26] <gynophage> LBS hasn't really talked about it.
[17:24:37] *** Joins: breadsticks (~breadstic@64.184.102.169)
[17:24:47] *** Quits: tomandjerry (~77ca5504@119.202.85.4) (Client Quit)
[17:25:03] *** Quits: breadsticks (~breadstic@64.184.102.169) (Client Quit)
[17:25:08] <vito> we'll worry when we know who the qualifiers and alternates from this game are
[17:25:19] <vito> and there's still 2.5 hours left
[17:25:21] *** Joins: breadsticks (~breadstic@64.184.102.169)
[17:25:42] <gynophage> I guess the sarcastic answer is "don't be the alternate"
[17:25:48] <likestoplay> i wont be, dont worry
[17:25:50] <gynophage> Then you have nothing to worry about.
[17:26:03] <likestoplay> but i like knowing rules ahead of time ;)
[17:26:16] <likestoplay> because y'know, transparency and stuff
[17:26:19] <gynophage> The problem with the humans and computer playing is we have no way of knowing if they're feeding info to their CRS so they get the press about designing the CRS which beat all the humans.
[17:26:31] <gynophage> That is, the CRS + its author.
[17:26:33] <likestoplay> ah, ethics, yeah
[17:27:15] <gynophage> They would both know best what data their CRS would find useful, and may also be able to infer information about exploits based on their CRS's submitted patches and whatnot.
[17:27:34] <gynophage> Ohh yeah, that's the other *huge* thing.
[17:27:50] <gynophage> Consensus evaluation.
[17:27:57] <gynophage> All patches are made available to every player.
[17:28:00] <vito> we'll be bloggin' about that soon
[17:28:20] <gynophage> It's a way to prove that the patches are sound, and not a bunch of "lol, make the sub esp bigger" bullshit.
[17:28:29] <vito> heh
[17:28:34] <vito> are we saving _patched submissions?
[17:28:41] <gynophage> Nope. :(
[17:28:48] <gynophage> That would have been cool information to look through.
[17:30:56] *** Joins: nathan (~amoslv8@dynamic-adsl-78-12-139-90.clienti.tiscali.it)
[17:31:00] <nathan> ciaoo
[17:31:04] <nathan> !list
[17:31:17] <gynophage> easier
[17:31:19] <gynophage> flag
[17:31:32] <Lightning> 2.5 hours left, no pressure
[17:32:01] <anotherctfer> @gynophage you told me to sit back and watch time_sink, its now been 8 hours but what I got isn't working can I dm some questions?
[17:32:08] *** Quits: nathan (~amoslv8@dynamic-adsl-78-12-139-90.clienti.tiscali.it) (Client Quit)
[17:33:40] <gynophage> anotherctfer: You probably missed the middle letter. Better double check.
[17:34:00] <anotherctfer> lol
[17:34:14] *** Joins: WebIRC44242 (~02@2a02:a317:c940:2b00:4cac:f85a:c0d0:e100)
[17:34:17] <anotherctfer> can I buy a vowel?
[17:34:26] <Lightning> Z
[17:35:10] *** Joins: WebIRC58849 (~4fb6d8f9@bzq-79-182-216-249.red.bezeqint.net)
[17:35:33] <[w33]Luwenth> oh look, aquaman only less cool.
[17:35:50] <anotherctfer> I also have a bug report for time_sink, kind of a funny one actually, where can I submit that?
[17:36:04] *** Parts: tyson (tyson@shellhost/fnordserver) ()
[17:36:19] <Lightning> you can PM me but i doubt you’ll get anything as it is probably what everyone else has told me :)
[17:36:26] *** Quits: gael (~gael@37.163.131.174) (Client Quit)
[17:36:56] <withzombies> ugggggghhhhhh vagrant
[17:37:04] <withzombies> it kept launching my crs vm from last june
[17:37:17] <withzombies> no wonder none of the tools were installed (and there's no random page)
[17:37:26] <vito> use the vagrant administration tool
[17:37:31] <withzombies> rm -rf
[17:37:36] <vito> `rm -rf ~/.vagrant`
[17:37:43] <withzombies> yeah, that's what i did
[17:37:47] <withzombies> but I didn't notice
[17:37:53] <withzombies> I solved 9 cgc challenges before noticing
[17:37:55] <withzombies> lol
[17:37:59] <vito> lag
[17:38:44] <withzombies> I did wonder why my secret data was always "000000"
[17:38:47] <withzombies> but meh
[17:41:25] *** Joins: rg (~rg@S010600fc8da50eb3.cg.shawcable.net)
[17:41:36] <stach> didn't run the ToB CRS?
[17:41:58] <vito> they didn't want to not qualify dohohohoho
[17:42:06] * vito makes swish motion
[17:42:47] <gynophage> didn't they not? Or didn't they not not?
[17:42:59] <withzombies> its expensive to run that thing
[17:43:01] <withzombies> :P
[17:44:40] *** Joins: gael (~gael@2a01:e34:ec02:c450:c549:5f31:7810:8596)
[17:44:56] *** Quits: SandwichMan (~adfaeec9@D-173-250-238-201.dhcp4.washington.edu) (Client Quit)
[17:45:14] *** Quits: WebIRC58849 (~4fb6d8f9@bzq-79-182-216-249.red.bezeqint.net) (Client Quit)
[17:45:23] *** Quits: attila (~attila@75-128-10-12.dhcp.snlo.ca.charter.com) (Remote host closed the connection)
[17:47:31] <gynophage> us-east easier went down. Just bounced it.
[17:47:42] *** Quits: wahrwolf (~wahrwolf@p5DC6D46B.dip0.t-ipconnect.de) (Ping timeout: 252 seconds)
[17:47:52] *** Quits: fff (~02@2a02:a317:c940:2b00:4cac:f85a:c0d0:e100) (Client Quit)
[17:48:20] <anotherctfer> lmao friday dubstep!!!
[17:48:21] *** Quits: zzoru (~zzoru@143.248.230.88) (Ping timeout: 252 seconds)
[17:49:26] *** Quits: soul8 (62d2ed05@m-b.clients.kiwiirc.com) (Client Quit)
[17:49:35] *** Joins: WebIRC84753 (~0149a9f5@u669245.xgsnuf104.imtp.tachikawa.mopera.net)
[17:52:04] *** Joins: WebIRC63991 (~72f661ad@114.246.97.173)
[17:52:42] *** Joins: WebIRC1712 (~a0104f3b@tk2-215-17305.vs.sakura.ne.jp)
[17:52:42] *** Joins: rhydis (~rhydis@anon-41-146.vpn.ipredator.se)
[17:53:28] *** Quits: WebIRC87800 (~7748c31f@em119-72-195-31.pool.e-mobile.ne.jp) (Client Quit)
[17:54:05] <WebIRC1712> Hello? I'd like to ask about badger privately. Who should I ask to?
[17:54:45] *** Joins: stuart091 (~user@208.167.254.89)
[17:55:12] *** Joins: n00000b (~3f9b2425@63.155.36.37)
[17:56:48] *** Joins: zzoru (~zzoru@143.248.198.18)
[17:57:57] <gynophage> WebIRC1712: You can ask me.
[18:00:23] *** Quits: WebIRC83603 (~7748c747@em119-72-199-71.pool.e-mobile.ne.jp) (Client Quit)
[18:00:28] *** Quits: WebIRC84753 (~0149a9f5@u669245.xgsnuf104.imtp.tachikawa.mopera.net) (Client Quit)
[18:01:05] <vito> just about food time at legitbs hq
[18:01:07] <vito> https://pbs.twimg.com/media/CjFcx34VEAAz1An.jpg:large
[18:01:24] *** Quits: breadsticks (~breadstic@64.184.102.169) (Ping timeout: 240 seconds)
[18:01:46] <n00000b> having troubles with easy-prasky. can't figure out how to segfault, but not destroy the canary
[18:01:51] <vito> ok
[18:02:16] <vito> are you using a debugger with it?
[18:02:19] <vito> if not… you should, heh
[18:02:20] * [w33]Luwenth sites with n00000b.
[18:02:36] <[w33]Luwenth> gdb and r2 to look at it :)
[18:02:42] <salls> vito: easier is down, we're kinda close but I think we keep knocking it offline :/
[18:03:00] <vito> que region?
[18:03:11] <salls> US
[18:03:19] <laxa> vito: you are french ? :D
[18:03:23] *** Joins: WebIRC84753 (~0149a9f5@u669245.xgsnuf104.imtp.tachikawa.mopera.net)
[18:04:03] <jvoisin> "que region" produces a parsing error in French
[18:04:10] *** Parts: nwx (~nwx@159.203.213.221) ()
[18:04:11] *** Joins: nwx (~nwx@159.203.213.221)
[18:04:12] <vito> http://67.media.tumblr.com/965848047ff984dd97bdfc9c043a9c7b/tumblr_inline_o6tw0dieqY1ryl9fq_500.jpg
[18:04:19] <laxa> if you had the 'l', then it works, I know you are french jvoisin
[18:04:24] <laxa> -had+add
[18:04:51] *** Quits: WebIRC63991 (~72f661ad@114.246.97.173) (Client Quit)
[18:05:19] *** Quits: WebIRC84753 (~0149a9f5@u669245.xgsnuf104.imtp.tachikawa.mopera.net) (Client Quit)
[18:05:51] <[w33]Luwenth> vito: I kinda like that ida...
[18:05:55] <[w33]Luwenth> (idea)
[18:10:40] *** Joins: breadsticks (~breadstic@64.184.102.169)
[18:10:51] <Lightning> we now give a 3d rainbow dickbutt homer combo in the VR drawing area
[18:14:19] *** Joins: cx (~Adium@189.217.214.103)
[18:17:21] *** Joins: WebIRC42855 (~7748c747@em119-72-199-71.pool.e-mobile.ne.jp)
[18:18:00] <nwx> ^_^
[18:20:11] <Lightning> food is here, we might become unavailable :P
[18:20:39] *** Joins: Admir4l (~IceChat78@105.158.135.13)
[18:26:01] *** Quits: bono (~caf7591d@FL1-202-247-89-29.gif.mesh.ad.jp) (Client Quit)
[18:28:33] *** Joins: exploit7002 (~test@121.65.54.156)
[18:29:33] *** Quits: v1d (~32faca52@50.250.202.82) (Client Quit)
[18:31:27] <Lightning> 1.5 hours, just a reminder :)
[18:31:49] * nwx notices ubuntor is here
[18:35:38] *** Quits: Ninn (~rekt@85.204.132.144.ip4.gigabit.dk) (Client Quit)
[18:37:22] *** Joins: Lightning_ (~Lightning@legitbs.net)
[18:37:22] *** ChanServ sets mode: +o Lightning_
[18:38:53] <[w33]Luwenth> Love Galdys!
[18:39:06] <[w33]Luwenth> I wondered if glados was a reference to the insane robot overlordess :)
[18:39:12] <Lightning_> oooo, i know what i’m adding to the play list
[18:39:20] <Lightning_> [w33]Luwenth: ever compete in GiTS?
[18:39:28] <[w33]Luwenth> Not that I recall...
[18:39:32] *** Joins: immerse (~u@ec2-52-24-152-211.us-west-2.compute.amazonaws.com)
[18:39:49] <Lightning_> then you’ll enjoy a variation of this in a few
[18:40:00] <Lightning_> i did a forensics challenge on this song
[18:40:01] * nwx wonders if i could get at least 1 point before the end :(
[18:40:05] <[w33]Luwenth> I think the team has decided this will be the year where we'll be practicing a bit more. Get used to the tools and techniques, walk in with much better 'prep'
[18:40:24] *** Quits: Lightning (~Lightning@legitbs.net) (Ping timeout: 240 seconds)
[18:40:24] *** Lightning_ is now known as Lightning
[18:40:25] <Lightning> a wise thing to do
[18:40:38] <gynophage> [w33]Luwenth: Then you'll kick ass in 2017, the year of the Linux desktop.
[18:40:52] <[w33]Luwenth> gynophage: That might put me to sleep...
[18:41:03] <[w33]Luwenth> nwx: The min points you can earn right now is kxcd @ 21.
[18:41:08] *** Quits: WebIRC44242 (~02@2a02:a317:c940:2b00:4cac:f85a:c0d0:e100) (Client Quit)
[18:41:08] <[w33]Luwenth> But if you solve it then it will be worth less.
[18:41:24] <nwx> yeah :/
[18:42:12] <gynophage> But that does qualify as "at least 1"
[18:43:10] <Lightning> [w33]Luwenth: try this on, should go watch :)
[18:43:53] <Lightning> i had to hand type all of those symbols in the corner then time them properly
[18:45:12] *** Joins: FADEC0D3 (~FADEC0D3@c-98-210-237-5.hsd1.ca.comcast.net)
[18:45:12] <[w33]Luwenth> Lightning: I should try to get some point or my team in thel last 1:15 ... I'm actually feeling like I'm close for the first time this weekend
[18:45:31] <Lightning> then go work and just listen :)
[18:45:36] * nwx is totally lost
[18:46:02] <Lightning> nwx: the song playing was a challenge in GiTS a few years ago
[18:46:05] <[w33]Luwenth> Lightning: Just peeked. You rat bastard :)
[18:46:07] <Lightning> that i created
[18:46:26] <Lightning> Portal 2 for GiTS up next
[18:47:54] *** Quits: rg (~rg@S010600fc8da50eb3.cg.shawcable.net) (Ping timeout: 240 seconds)
[18:47:55] *** Quits: AlissonB (~alb@187.23.118.195) (Read error: Connection reset by peer)
[18:48:00] <ar1s> for DC, is it the plan that there will only be CGC binaries, or usual stuff too ?
[18:49:38] <gynophage> Only CGC.
[18:49:39] *** Joins: rg (~rg@104.200.154.4)
[18:49:53] <ar1s> yeaah
[18:50:02] <gynophage> If there's others, it would be disingenuous to say "humans won" or "computers won"
[18:50:22] <gynophage> The others could have distracted the humans. Or would have added points that were impossible for the computers to get.
[18:50:36] <mserrano> even within just CGC depending on the design of the game it seems like it could be weighted in either direction
[18:50:42] <mserrano> (fwiw I know very little about CGC but)
[18:50:50] <mserrano> like if you had a million trivial binaries the computers would probably win
[18:50:55] <gynophage> We've always had the option to "throw" the game.
[18:51:04] <gynophage> Even in human vs human games.
[18:51:19] <gynophage> Want HatesIrony to win? Bunch of Windows challenges.
[18:51:48] <mserrano> right
[18:51:59] *** Joins: timpwn (anon1@gateway/tor-unverified)
[18:52:01] *** Joins: dqi (~dqi@165-218-045-062.dynamic.caiway.nl)
[18:52:01] <vito> That's why we have a zillion CGC challenges this year, to get y'all to prepare for it
[18:52:07] <mserrano> want DEFKOR to win again? every problem is a browser :P
[18:52:26] <gynophage> I'm not really interested in throwing the game. I spend too much time on this shit.
[18:52:29] *** Joins: b3h3m0th (uid26288@id-26288.ealing.irccloud.com)
[18:52:39] <b3h3m0th> hello
[18:52:53] <gynophage> Or, just throw the game to some team in exchange for a black badge.
[18:52:55] <b3h3m0th> whom can I contact for issues regarding feedme ?
[18:53:02] <mserrano> don't you already have like 3
[18:53:15] <gynophage> Fine. A jacket.
[18:53:17] <gynophage> Mine's ripped. ;(
[18:53:20] *** Quits: stuart091 (~user@208.167.254.89) (Ping timeout: 252 seconds)
[18:53:30] <mserrano> so's mine sadly
[18:53:44] <gynophage> Or ${other thing}
[18:53:51] <[w33]Luwenth> gynophage: went hulk-tastic while wearing his fav. jacket
[18:54:08] <gynophage> I went bulktastic. Food is delicious.
[18:54:17] <gynophage> :\
[18:54:30] <Lightning> We have all types of ties in various groups due to years of playing and now running, we want to put on a good game and get people thinking. This is why we try to do unique things each year. First arm, then arm + physical hardware badge created by us (FPGA with MSP430), then 5 architectures, and now CGC.
[18:54:50] <Lightning> we don’t want to favor anyone
[18:55:16] <gynophage> We'll very likely do what we do every year.
[18:55:20] *** Quits: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net) (Client Quit)
[18:55:34] <gynophage> Make interesting challenges inspired by stupid shit we've seen in our adventures in IDA.
[18:57:22] *** Quits: rg (~rg@104.200.154.4) (Ping timeout: 252 seconds)
[18:57:25] *** Joins: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net)
[18:58:39] <nwx> http://www.ytcracker.com/music/spamtec%20-%20delilah.mp3
[18:59:12] *** Quits: rhydis (~rhydis@anon-41-146.vpn.ipredator.se) (Ping timeout: 252 seconds)
[18:59:12] *** Joins: rg (~rg@S010600fc8da50eb3.cg.shawcable.net)
[18:59:34] <gynophage> bool101: An hour left. You gonna pop something out?
[19:00:03] <Lightning> Friendly reminder, 1 hour left. No pressure, just fighting for a slot into finals :)
[19:00:22] <[w33]Luwenth> Or a spot on the board itself!
[19:00:30] <nwx> ^
[19:02:54] *** Quits: dinggul (~dinggul@143.248.249.74) (Client Quit)
[19:02:54] <anotherctfer> or a score
[19:02:56] <anotherctfer> :D
[19:03:23] <gynophage> I get to sleep soon.
[19:03:25] <gynophage> :)
[19:03:42] *** Quits: jawaharlal (uid120577@2604:8300:100:200b:6667:5:1:d701) (Client Quit)
[19:05:02] *** Joins: WebIRC63991 (~72f661ad@114.246.97.173)
[19:05:28] <Gynvael> easier up?
[19:05:47] <Gynvael> gynophage: ^ :)
[19:06:03] <Gynvael> EU
[19:06:09] *** Parts: offline (~mark@ec2-52-10-49-99.us-west-2.compute.amazonaws.com) ()
[19:06:21] *** Joins: stuart091 (~user@107.191.32.205)
[19:06:26] <gynophage> Gynvael: Fire.
[19:06:29] <Gynvael> thanks!
[19:07:38] *** Joins: patcdr (~Patrick@96.93.120.250)
[19:08:20] *** Quits: unused (~unusedb@199.30.199.146.dyn.plus.net) (Remote host closed the connection)
[19:10:06] <Lightning> 50
[19:10:45] <[w33]deorth> I fucking hate stack math
[19:11:46] <ar1s> stack math > stock meth
[19:13:04] *** Quits: rrddd (~b764d5a3@183.100.213.163) (Client Quit)
[19:13:17] <salls> gynophage: easier in US seems down again
[19:13:30] *** Joins: WebIRC66557 (~d25e2959@210.94.41.89)
[19:14:15] *** likestoplay is now known as borski
[19:14:24] <gynophage> salls: Back up.
[19:14:33] <salls> thanks
[19:14:42] <salls> sorry for always knocking it down :p
[19:14:49] <WebIRC66557> i wonder heapfun4u~~
[19:14:58] <Lightning> it’s fun :)
[19:16:33] *** Quits: WebIRC63991 (~72f661ad@114.246.97.173) (Client Quit)
[19:17:05] <ccm> so, where is web challenges?
[19:17:21] <ccm> sqlmap didn't work on other challenges
[19:17:32] <WebIRC66557> is there web challenges ?
[19:17:39] <ccm> yeah admins keep hiding them
[19:17:41] <vito> haha good one
[19:17:46] <ccm> you need sqlmap with xss support for it
[19:17:56] <ccm> ;)
[19:17:58] <WebIRC66557> which one
[19:18:05] <ccm> WebIRC66557: secret as i said
[19:18:10] <ccm> you need sqlmap
[19:18:17] <WebIRC66557> i only found lots of cgc
[19:18:19] <ccm> but add support for XSS via beef framework for auto exploiting
[19:18:29] <ccm> yeah you can solve cgc with xss but don't tell anyone
[19:18:37] *** Joins: WebIRC76167 (~cb68807b@203.104.128.123)
[19:22:57] *** Quits: zzoru (~zzoru@143.248.198.18) (Ping timeout: 252 seconds)
[19:24:07] <Lightning> tick tock
[19:24:19] <gynophage> justintime, DERPA got...justintime
[19:24:29] <gynophage> That'd be a terrible name for a human.
[19:24:35] <gynophage> "Hi, I'm Justin Time"
[19:26:06] <ReidB> I've gotta admit, seeing DERPA vs DARPA in finals would be entertaining...
[19:26:23] <gynophage> I guess.
[19:27:40] <[w33]Luwenth> gynophage: I think I met someone with that name a long long time ago.
[19:27:52] <[w33]Luwenth> And the typo wins!
[19:29:18] *** Quits: structure (~440eaa68@ip68-14-170-104.ok.ok.cox.net) (Client Quit)
[19:29:27] <vito> Lightning: https://www.doomworld.com/vb/post/1586811
[19:31:10] <Lightning> 30 minutes!
[19:31:24] *** Quits: t1deman (~t1deman@173-21-155-204.client.mchsi.com) (Ping timeout: 240 seconds)
[19:31:40] <WebIRC22159> any hints for secrf so we can make defkor look bad
[19:31:50] <borski> any hints for defcon?
[19:31:53] <borski> how do i win?
[19:31:58] <gynophage> WebIRC22159: Yes, the flag is in a file named "flag"
[19:32:15] <WebIRC22159> gynophage: right! that's probably what they're missing. thanks!
[19:33:27] <withzombies> i liked 'key'
[19:33:30] <withzombies> because keys are secret
[19:33:32] <withzombies> and they unlock things
[19:33:38] <withzombies> they're definitely more valuable than flags
[19:33:51] <gynophage> But it's not a key party.
[19:33:52] <[w33]Luwenth> anyone can make a flag
[19:33:53] <gynophage> It's a capture the flag.
[19:33:53] <WebIRC22159> ppp's secret revealed
[19:34:00] <withzombies> when the real cyber starts, we don't be stealing flags
[19:34:12] <WebIRC22159> capture the pov
[19:34:13] <ar1s> we'll be writing xml's
[19:34:33] <ar1s> "Defcon's Write-the-xml challenge"
[19:34:40] <vito> so write c instead
[19:34:46] <WebIRC22159> xxe in the scoring server
[19:34:47] <sewilton> vito: Can you revert your tie breaking fix from Friday? I want to see ricky's face when he wakes up to second place
[19:34:54] <wyatt_earp> ​( ಠ益ಠ)=ε/̵͇̿̿/’̿’̿ ̿ ̿̿ ̿̿ ̿̿ -= ⊏cyber⊃
[19:34:57] <WebIRC22159> real web chal
[19:34:59] <vito> sewilton: can, yes. will? no
[19:35:09] <gynophage> When's he going to wake up?
[19:35:10] <vito> wizard bullets
[19:35:18] <vito> when september ends
[19:35:37] <WebIRC22159> vito: that would also swap samurai and defkor!
[19:35:45] <WebIRC22159> it's all roses
[19:35:48] *** Joins: t1deman (~t1deman@173-21-155-204.client.mchsi.com)
[19:36:09] *** Quits: lenerd (~lenerd@p5DC6D46B.dip0.t-ipconnect.de) (Ping timeout: 252 seconds)
[19:36:26] <Lightning> vito: https://www.youtube.com/watch?v=kpk2tdsPh0A
[19:37:15] <sewilton> Did we just become defkor
[19:37:46] <Gynvael> so many defkors...
[19:38:09] <sewilton> Pretty sure defkor has 6228 points and should be in first
[19:38:11] <WebIRC22159> 9447 might shoot up still
[19:38:12] <sewilton> I think your scoring is broken
[19:38:16] <mserrano> all the defkors
[19:38:39] <WebIRC22159> when is livectf
[19:39:09] *** Quits: Dor1s (~Dor1s@p4FD62138.dip0.t-ipconnect.de) (Client Quit)
[19:39:23] <[w33]Luwenth> And at the wire, w33t34m puts points on the board! :)
[19:39:30] <jsc> Lightning: that guy is far too leet
[19:39:32] <[w33]Luwenth> God I should have figured that out hours ago :(
[19:39:47] <Lightning> that is the type of things i enjoy toying with
[19:39:53] <vito> [w33]Luwenth: dangit you're beating me
[19:39:56] <Lightning> and you wonder where my ideas come from at times :P
[19:39:59] <WebIRC22159> lol vito
[19:40:01] <jsc> I spent a whole day watching his videos. He's too hardcore
[19:40:21] <[w33]Luwenth> You did babys-re? I looked at that one, but got lost in the mangled mess I saw there.
[19:40:33] <sewilton> Looks like ppp isn't going to qual this year
[19:40:44] <vito> but gynophage is!
[19:40:51] *** Quits: exploit7002 (~test@121.65.54.156) (Client Quit)
[19:41:04] <stypr> ppp disappeared
[19:41:16] <Ymgve> rippp
[19:41:17] <dropkick> were they ever really here?
[19:41:20] <nwx> ??
[19:41:27] <[w33]deorth> we are redeemed!
[19:41:38] *** Joins: kkk (~kkkk@101.87.235.99)
[19:41:43] *** Joins: P1kachu (~stan@lse.epita.fr)
[19:41:45] <stypr> all of a sudden, samurai is higher than defkor. maybe the scoreboard is drunk
[19:41:47] <WebIRC22159> vito: does this mean we have to sit by ppp
[19:42:04] <stypr> omg
[19:42:09] <WebIRC22159> vito is drunk
[19:42:10] <stypr> no drug on scoreboard please
[19:42:15] <WebIRC22159> WHO WINS
[19:42:19] <Lightning> HAHAHA
[19:42:19] <mserrano> oh man rip us
[19:42:25] <mserrano> lol everyone is vito
[19:42:26] <ar1s> is that the blind last 20 minutes ?
[19:42:27] <sewilton> i think the scoreboard is bugged
[19:42:30] <[w33]deorth> so.. baby-re
[19:42:31] <WebIRC22159> vito has 100k points
[19:42:34] <[w33]deorth> fuck that shit
[19:42:42] <[SaH]NGG> i'm vito yeah
[19:42:43] <WebIRC22159> vito is the final boss
[19:42:43] <gynophage> Scoreboard looks good to us.
[19:42:45] <dropkick> nobody qualified
[19:42:56] <WebIRC22159> gynophage: any tips for vito 436
[19:42:59] <jsc> vito seems to be doing pretty well this year
[19:43:00] *** Joins: mak (~mak@user-31-174-111-84.play-internet.pl)
[19:43:03] <gynophage> Now vito finally knows what it's like to be on top of a CTF scoreboard.
[19:43:04] <crowell> dang gj vito
[19:43:05] <mak> ohai!
[19:43:06] <stypr> vito, vito, vito, vito, vito, vito, vito, ... got qualified
[19:43:08] <sewilton> WebIRC22159: try running sqlvito on it
[19:43:08] <[SaH]NGG> :)
[19:43:08] <[w33]deorth> seems legit
[19:43:14] <WebIRC22159> vito makes a last minute solve
[19:43:15] <gynophage> https://i.ytimg.com/vi/LiAaAhlmM8o/maxresdefault.jpg
[19:43:15] <stypr> qualified: ['vito']*15
[19:43:22] <WebIRC22159> you should post an announcement
[19:43:32] <WebIRC22159> vito solved <chal that doesn't exist>
[19:43:42] *** Joins: jinmo123 (~31a5cb56@49.165.203.86)
[19:43:57] <[SaH]NGG> inferior human team 22 ftw
[19:43:58] <[w33]Luwenth> Hey, it looks good to me. It's all vito and then w33t34m is the 2nd name, so we qualified!!!!
[19:44:05] <WebIRC22159> how do you pick the numbers
[19:44:08] <[w33]deorth> totes legit
[19:44:13] *** Joins: jinblack (~jinblack@host110-149-dynamic.50-79-r.retail.telecomitalia.it)
[19:44:14] *** Quits: add1ct (~add1ct@203.208.200.206) (Read error: Connection reset by peer)
[19:44:19] <WebIRC22159> ppp is actually already robots
[19:44:27] <jinmo123> aww
[19:44:36] <WebIRC22159> and bloop took 97 seconds for a cgc solve
[19:44:39] *** Joins: rhydis (~rhydis@anon-32-57.vpn.ipredator.se)
[19:44:40] <jinmo123> why RF prob is almost everywhere nowadays
[19:44:41] <[w33]Luwenth> only cgc competitors are qualified this year
[19:44:43] <dropkick> We made the difficult decision to not accept any qualifying teams from DEFCON quals. While the contest went spectacularly well, there was never any real intention of qualifying anybody else. Legitimate Business Syndicate has nothing but the complete and utmost respect for the DEFCON quals and we hope to promote and work with them again in the future.
[19:44:43] <vito> i solved the sql injection challenge
[19:45:14] <[w33]Luwenth> waitwut, there was an SQLI?
[19:45:18] <[w33]Luwenth> Bring back web!!!! :)
[19:45:23] *** Joins: bic (~d1939027@209-147-144-39.nat.asu.edu)
[19:45:24] *** Quits: stuart091 (~user@107.191.32.205) (Ping timeout: 240 seconds)
[19:45:29] <WebIRC22159> social engineering challenge
[19:45:35] <vito> used the `psql` tool to find a sql injection vuln
[19:45:36] <gynophage> vito found a box he could type sql in to and fuck up the scoreboard.
[19:45:41] *** Quits: eegeek (~eegeek@hackint/user/eegeek) (Remote host closed the connection)
[19:45:44] <[w33]deorth> :)
[19:45:50] <WebIRC22159> execve('/bin/psql', null, null)
[19:46:30] <Ymgve> ohhey, it seems like this is actually happening https://www.coursera.org/course/crypto2
[19:46:31] <WebIRC22159> is the scoreboard a cgc cb
[19:46:36] <cao> WebIRC22159: that won't work on busybox
[19:46:41] <vito> Ymgve: lol good one
[19:46:41] *** Joins: add1ct (~add1ct@203.208.200.206)
[19:46:52] <WebIRC22159> cao busybox doesn't have psql
[19:47:00] <cao> yours might not
[19:47:24] <jinmo123> in fact, busybox has psql!
[19:47:38] <sewilton> It's /bin/pgsh
[19:48:17] <[w33]deorth> @gynophage: how many teams actually got points ?
[19:48:29] <withzombies> at least 25
[19:48:30] <gynophage> http://2016.legitbs.net/scoreboard/complete
[19:48:32] <sewilton> [w33]deorth: https://2016.legitbs.net/scoreboard/complete
[19:48:34] <[w33]deorth> aha.. thanks!
[19:48:52] <WebIRC22159> defkor is asleep?
[19:49:24] *** Quits: WebIRC13502 (~c6e9cca6@198.233.204.166) (Client Quit)
[19:49:44] <vito> yeah it's like 9am there
[19:49:57] <[SaH]NGG> 276 teams
[19:49:57] *** Joins: WebIRC76102 (~c6e9cca6@198.233.204.166)
[19:50:20] <_2can> [SaH]NGG: dickwad
[19:50:28] <[w33]deorth> how many registered ?
[19:50:46] <jinmo123> I hate RF
[19:51:08] <Lightning> 10 MINUTES!
[19:51:10] <WebIRC22159> quick devalue secrfrevenge so it's worth negative points
[19:51:16] <jinmo123> aww, for real, RF EVERYWHWEREDSFSDFSDF!
[19:51:40] *** Quits: offw0rld (~offw0rld@178.73.197.119) (Client Quit)
[19:51:59] *** Joins: [SaH]vasporig (~c338a952@195.56.169.82)
[19:52:09] <jinmo123> @WebIRC22159 charming idea
[19:52:22] <WebIRC22159> just needs 1000 submits
[19:53:04] *** Quits: hexife (~dc751451@220.117.20.81) (Client Quit)
[19:53:08] <WebIRC22159> 9447 has five minutes to come in second
[19:55:06] <b2xiao> 5 minutes
[19:55:07] *** _2can is now known as [SpamAndSex]_2can
[19:55:17] <jinmo123> the final countdown
[19:55:19] <[w33]deorth> there it is :)
[19:55:28] <vito> http://music.legitbs.net/
[19:55:36] <Ymgve> I got hit buy ctf fatigue at the end
[19:55:40] <jinmo123> It's the final countdown!!!!!!!!!!!!
[19:55:45] <[SaH]NGG> his site can’t be reached
[19:55:45] <[SaH]NGG> music.legitbs.net refused to connect. :(
[19:55:48] <[SaH]NGG> oops
[19:55:53] <WebIRC22159> stop solving chals you're increasing ppp's lead by diluting everyone
[19:55:53] <vito> llmmmaaaaooo
[19:55:53] <Ymgve> "what's the use starting a new challenge, I won't finish it in time"
[19:55:54] <jinmo123> me too :(
[19:55:56] <Lightning> stupid music site!
[19:56:03] <hoju> but but its the final countdown
[19:56:12] *** Joins: whoisj0hngalt (~46b82536@wsip-70-184-37-54.tu.ok.cox.net)
[19:56:13] <Lightning> at least we got it started before :)
[19:56:19] *** Joins: digitalseraphim (~digitalse@cpe-74-78-215-239.twcny.res.rr.com)
[19:56:22] <gynophage> lol, musiqpad ate a dick.
[19:56:24] <[w33]Luwenth> premature countdown?
[19:56:30] <[w33]deorth> hate it when that happens
[19:56:31] <gynophage> Nope.
[19:56:40] *** Quits: repnzscasb (~repnzscas@ns3002224.ip-37-59-58.eu) (Quit: bye)
[19:56:41] <[w33]deorth> they played the rock bar in san jose a while back
[19:56:47] <[w33]deorth> I was so tempted to go but I only know one song
[19:57:03] <ReidB> they have more then one song?
[19:57:12] <[w33]Luwenth> Well, they have one final song :)
[19:57:13] <Lightning> i think we overloaded the music site :p
[19:57:19] <[w33]deorth> plus it was $90 for the reserved seats, and only *$70* to meet and greet the band
[19:57:23] <[w33]deorth> which is.. amusing ;)
[19:57:51] <[w33]deorth> they had two songs that were big IIRC
[19:58:00] <dave0x6d> almost over eh?
[19:58:13] <Lightning> lesson learned, don’t ever use nodejs/musicpad
[19:58:30] <[w33]Luwenth> It survived most of the weekend... why are you dissing on it now?
[19:58:35] <jinmo123> woah, score is changing fastly
[19:58:41] <Lightning> you didn’t see the number of times we had to restart it
[19:58:59] *** Joins: WebIRC63991 (~72f661ad@114.246.97.173)
[19:59:09] *** Joins: WebIRC66970 (~7748c355@em119-72-195-85.pool.e-mobile.ne.jp)
[19:59:37] <WebIRC22159> will you release web chal now
[19:59:51] <Lightning> 9
[19:59:52] <Lightning> 8
[19:59:53] <Lightning> 7
[19:59:54] <Lightning> 6
[19:59:54] <Lightning> 5
[19:59:55] <Lightning> 4
[19:59:55] <[w33]Luwenth> There's a node app that will monitor your service and restart it... maybe it's called: forever
[19:59:56] <sirgoon> 4
[19:59:56] <Lightning> 3
[19:59:56] <sirgoon> 3
[19:59:57] <Ymgve> yes, a web chal and you have to solve it in 5 secs
[19:59:57] <sirgoon> 2
[19:59:57] <Lightning> 2
[19:59:58] <Lightning> 1
[19:59:58] <sirgoon> 1
[20:00:00] <sirgoon> !!!!!!!!!!!
[20:00:01] <Lightning> GAME OVER!
[20:00:02] <WebIRC22159> PPP WINS
[20:00:03] <rhydis> gg everyone
[20:00:04] <spq> ty for the ctf!
[20:00:05] <hj> woohoo
[20:00:08] <mserrano> gg all
[20:00:08] <sirgoon> gg
[20:00:09] <Ymgve> gg
[20:00:11] <[w33]deorth> thanks guys.. awesome contest once again
[20:00:19] <esanfelix> nice, gg everyone :)
[20:00:20] <ccm> where is web challenge?
[20:00:24] <sirgoon> lol
[20:00:27] <esanfelix> www.google.com
[20:00:28] <ar1s> :(
[20:00:28] <ricky> Woo, good game
[20:00:29] <zardus> holy shit
[20:00:31] <ccm> ah thx :D
[20:00:31] <[SaH]NGG> congratz for the last minute solves :P
[20:00:34] <zardus> submission with *3* seconds left
[20:00:37] <ltfish> OMG
[20:00:38] <Lightning> Anyone that has questions about b3s23, crippled, glados, time sink, kiss, or crunchtime PM me as i will probably miss it here
[20:00:41] <sirgoon> for what?
[20:00:41] <soen> gg
[20:00:43] <WebIRC66970> ooooh!
[20:00:50] <zardus> sirgoon: crunchtime
[20:00:51] <ltfish> got the flag at 17 secs
[20:00:51] <b2xiao> gg everyone
[20:00:51] <ltfish> ...
[20:00:52] <cao> last flag :D
[20:00:54] <sirgoon> nice!
[20:00:56] <esanfelix> can someone share what was the vuln in glados ?
[20:00:58] <Ymgve> Lightning: what was the _best_ way to solve time sink?
[20:00:58] <sewilton> Good game! Nice job with running it this year
[20:01:00] <ltfish> thanks to all organizers
[20:01:00] <Gynvael> gg :)
[20:01:01] <cao> that was absurd here
[20:01:02] <dave0x6d> write up for baby-re. https://twitter.com/DaveManouchehri/status/734534485576974340
[20:01:05] <esanfelix> well, whatever they exploited :)
[20:01:06] <ltfish> good game
[20:01:07] <[SaH]vasporig> what about easier?
[20:01:07] <[w33]deorth> ok, what was the secret with baby-re ?
[20:01:08] <jason_____> how you guys solved time_sink?
[20:01:10] *** Joins: WebIRC52470 (~316dd1d5@u1009213.xgsnun301.imtp.tachikawa.mopera.net)
[20:01:10] <ltfish> qualified!
[20:01:12] <zardus> sirgoon: it was really racing against the clock with bandwidth
[20:01:16] <WebIRC41899> gg
[20:01:18] <Murmus> wtb kiss answer
[20:01:18] <b2xiao> glados: raw data core doesn't initialize data
[20:01:19] <jinmo123> angr rules
[20:01:19] <cao> thanks @legitbs
[20:01:21] <[w33]deorth> no way I was going to plow thru all that math in CheckSolution
[20:01:22] <Ymgve> jason_____: found the speed factor and watched it at 100x speed
[20:01:25] <mandlebro> crippled any1?
[20:01:26] <vito> dave0x6d: nice
[20:01:27] <Murmus> Lightning: are you the one responsible for glados?
[20:01:28] <[SaH]NGG> gg
[20:01:29] <Lightning> Ymgve: unpack it, speed up the time in the loop to watch it on fast as each frame was based on time
[20:01:32] <jsc> oh whoa, there was a ctf going on?!
[20:01:32] <Lightning> Murmus: yes
[20:01:37] <[SaH]vasporig> easier, someone ?
[20:01:38] <ricky> So pillpusher... was there an unintended bug?
[20:01:45] <sewilton> Ymgve: We watched it at 100x speed and recorded to Fraps so we could seek back and forth
[20:01:46] <hj> must have been
[20:01:52] <hj> how did you solve it?
[20:01:56] <WebIRC66970> teach easy-prasky,plz
[20:01:56] <Ymgve> Lightning: heh, I thought it might be possible to decompile scripts or something
[20:01:56] <[SaH]NGG> did you know that for legit0004_patch you could send the original binary?
[20:01:59] <ricky> Because DEFKOR beat us to that by a lot!
[20:01:59] <[SaH]NGG> and you got the flag
[20:02:01] <Gynvael> easier <--- wow ;)
[20:02:06] *** Joins: WebIRC42810 (~7748c2c5@em119-72-194-197.pool.e-mobile.ne.jp)
[20:02:07] <esanfelix> Lightning: what was the intended solution for glados? I was trying to do a double free due to uninitialized mem after delete - add - delete...
[20:02:10] <ricky> We overwrite DF, write zero over pill list capacity
[20:02:12] <Gynvael> thanks for the awesome ctf guys :)
[20:02:12] <Ymgve> [SaH]NGG: haha, lol
[20:02:14] <hj> yeah I was surprised they finished in an hour
[20:02:16] <ricky> Er, set DF
[20:02:16] <[SaH]NGG> i don't think it was intended :D
[20:02:17] <[w33]Luwenth> btw, radare2 lost iz again :(
[20:02:18] <Ymgve> [SaH]NGG: should have tried that
[20:02:31] <Ymgve> what _was_ the bug in legit00004 btw?
[20:02:31] <Admir4l> in last Minute
[20:02:31] <ricky> So I'm dying to know if they either figured that out so fast, or if there was an easy bug we missed
[20:02:34] <Admir4l> found baby-re
[20:02:37] <Admir4l> flag :'(
[20:02:40] <Admir4l> but not solved !!
[20:02:41] <[w33]deorth> tell me how you got baby-re
[20:02:43] <[w33]Luwenth> Awwww...
[20:02:43] <ar1s> we were at 10' close from having glados :(
[20:02:43] <sewilton> Congrats ricky tylerni7 and co. You guys killed it :)
[20:02:43] <Admir4l> :(
[20:02:44] <gynophage> Baby-RE secret: https://github.com/legitbs/quals-2016/tree/master/baby-re
[20:02:46] <mserrano> esanfelix: I think that'show we did it
[20:02:47] *** Joins: WebIRC40217 (~d537b08d@213.55.176.141)
[20:02:47] <[w33]deorth> thanks :)
[20:02:48] <Admir4l> w3333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333
[20:02:50] <[SpamAndSex]_2can> [SaH]NGG: no way dude
[20:02:51] <ltfish> angr got first blood on two re challenges :-)
[20:02:53] <b2xiao> sewilton: thanks
[20:02:53] <Admir4l> NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO
[20:02:54] <Admir4l> :(
[20:02:56] *** Quits: vhost- (~vhost@c-98-232-200-4.hsd1.or.comcast.net) (Remote host closed the connection)
[20:02:57] <Admir4l> i lost
[20:02:59] <Admir4l> :-(
[20:03:00] <Admir4l> :'(
[20:03:01] <Admir4l> :'(
[20:03:02] <Admir4l> :'(
[20:03:02] <Admir4l> :'(
[20:03:03] <Admir4l> :'(
[20:03:04] <Admir4l> :'(
[20:03:05] *** anotherctfer was kicked by gynophage (anotherctfer)
[20:03:06] <esanfelix> mserrano: i couldn't get past the ABORTs ... stupid me
[20:03:07] <gynophage> Err.
[20:03:09] *** Joins: vhost- (~vhost@c-98-232-200-4.hsd1.or.comcast.net)
[20:03:13] <Lightning> esanfelix: use the data array negative read to read memory, allocate buffers and release them then allocate another module (think the raw buffer one) that would free the pointer if it was assigned although i never set the pointer on load of hte module so a controlled pointer to free
[20:03:14] <Ymgve> my pretty b3s23 solution http://pastebin.com/pDvDLxw5
[20:03:14] <mserrano> rip anotherctfer
[20:03:17] <Admir4l> baby-re :'(
[20:03:20] *** Quits: WebIRC42810 (~7748c2c5@em119-72-194-197.pool.e-mobile.ne.jp) (Client Quit)
[20:03:33] <spq> how to actually run time_sink? we were unable to run it under various windows versions in vms and on physical pcs
[20:03:39] <nwx> gynophage: kicked the wrong person?
[20:03:43] <esanfelix> Lightning: ok i was trying to do that
[20:03:44] <soen> thanks for opensourcing everything
[20:03:47] <gynophage> Tab happy.
[20:03:48] <esanfelix> didn't finish it though
[20:03:49] <b2xiao> Ymgve: fancy
[20:03:50] <dave0x6d> gynophage: huh, what anti reversing things were in it? I didn't run across any.
[20:03:57] <Gynvael> spq: some version of windows 7 with full updates did work and was enough to get it unpacked
[20:04:04] <Gynvael> spq: unpacked worked everywhere basically
[20:04:11] <Lightning> btw: Time sink was suppose to be 48.5 hours long, i missed a letter and didn’t catch it hence the 21 hour run
[20:04:13] <gynophage> dave0x6d: If you used binary ninja you didn't see them.
[20:04:21] <dave0x6d> ahh
[20:04:22] <Ymgve> spq: did you place the required dll in the directory of the binary?
[20:04:24] <Lightning> esanfelix: check our repo, my exploit is there. we put everything up :)
[20:04:26] <WebIRC22159> lol
[20:04:34] <spq> damn, we dont work with windows very often so have no up to date machines :D
[20:04:36] <esanfelix> ricky: i used a stack buffer overflow when constructing scrip for pillpusher
[20:04:38] <Lightning> nevermind, gyno took the exploits out
[20:04:48] <hj> in case you didn't see the twitters https://github.com/legitbs/quals-2016
[20:04:51] <wyatt_earp> imma fork that repo, repos love forks
[20:04:56] <borski> what was the solution for secrfrevenge??
[20:04:58] <ricky> esanfelix: Yeah, but then the only thing you can easily overwrite is overwriting DF right? (or did we screw up our math?)
[20:05:03] <hj> how big of an overflow did you get esanfelix
[20:05:04] *** Quits: bic (~d1939027@209-147-144-39.nat.asu.edu) (Client Quit)
[20:05:07] <ricky> Rather, overwriting eflags to set df
[20:05:08] <Gynvael> Lightning: btw, top8 qualify, or 8 unqualified-yet teams?
[20:05:14] <esanfelix> ricky: yeah eflags, yeah
[20:05:15] <esanfelix> indeed
[20:05:21] <Gynvael> Lightning: wondering if we should celebrate or be sad ;)
[20:05:21] <vito> Gynvael: the latter
[20:05:26] <Gynvael> vito: thanks :)
[20:05:27] <esanfelix> so overwrite eflags to prevent the trapping
[20:05:29] <vito> i'll be punching up the spreadsheet on that… later this week
[20:05:33] <ricky> OK, so the two solutions we know of used DF - super curious whether there was another bug.
[20:05:37] <Lightning> esanfelix: my exploit didn’t double free, it created fake allocated blocks to give me 4 byte writes anywhere
[20:05:42] <[SpamAndHex]KT> @vito: and b1o0p is blue-lotus or not? :P
[20:05:45] <Lightning> i used that to rewrite the stack
[20:05:45] <Ymgve> anyone solve b3s23 with a pattern that was _not_ stable?
[20:05:51] <esanfelix> Lightning: i see, that should be easier
[20:05:52] <Admir4l> just 10 teams qualified to DEFCON or what ?
[20:06:02] *** Quits: RoMaNSoFt (~roman@23.red-81-34-135.dynamicip.rima-tde.net) (Remote host closed the connection)
[20:06:02] <esanfelix> add_pill(mypills[1], 1, 1, ['constipation'])
[20:06:03] <esanfelix> OFF = 0x2f0
[20:06:03] <esanfelix> eflags = 0x0101010101010246
[20:06:04] <esanfelix> mypills.append("A"*2 + p64(eflags) +p64(leak - OFF))
[20:06:08] <ricky> esanfelix: Wait, did you use DF or not? We didn't do anything other than not setting the trap flag
[20:06:09] <esanfelix> ricky: that's what i did
[20:06:20] <WebIRC22159> if shellphish wins cgc does a new team qual
[20:06:22] <Murmus> Admir4l: possibly slightly more
[20:06:22] *** Quits: lefu (~55da5fd6@85.218.95.214) (Client Quit)
[20:06:23] <WebIRC66557> heapfun4u is 'use after free bug'?
[20:06:24] <esanfelix> so eflags and return to the heap directly
[20:06:29] <Admir4l> what ?
[20:06:31] <ricky> Whaaaaa
[20:06:34] <esanfelix> to another chunk
[20:06:34] <ricky> We screwed up math
[20:06:35] <ltfish> b1o0p = blue-lotus + 0ops
[20:06:36] <ricky> Noooo
[20:06:37] <esanfelix> so probably way easier
[20:06:40] <[SaH]NGG> will we be qualified for the finals with 10th place? :)
[20:06:44] <esanfelix> than what you guys did?
[20:06:46] <jinmo123> I used jmp rsp gadget
[20:06:50] <jinmo123> it was fun
[20:06:52] <computerality> thanks for the challenges
[20:06:55] <ricky> Sigh
[20:07:07] <[SaH]NGG> does bloop count towards the 8 qualified teams?
[20:07:14] *** Quits: mandlebro (~ben@2001:690:2100:1b:51f9:7e18:fd52:732) (Client Quit)
[20:07:18] <jinmo123> 'cause we could modify values around [esp]
[20:07:25] <jinmo123> from input directly
[20:07:30] <Admir4l> wish spam&hex qualifief :D
[20:07:34] <Admir4l> qualified ;)
[20:07:44] <Admir4l> i want SMAPANDHEX to qualif to DEFCON 24
[20:07:45] <Admir4l> :D
[20:07:48] <dave0x6d> hey, so for step, what was the "correct" way of solving it?
[20:07:49] <wyatt_earp> the music.legitbs.net site was pretty awesome as well, kudos on that
[20:07:50] <Admir4l> they will !!
[20:07:53] <[SaH]NGG> thx :)
[20:08:01] <dave0x6d> I got stuck at a ton of 'add byte ptr [rax], al'
[20:08:06] *** Joins: WebIRC37424 (~a0104f3b@tk2-215-17305.vs.sakura.ne.jp)
[20:08:08] <Admir4l> are you spamandhex member NGG
[20:08:11] <gynophage> music.legitbs.net ate my final countdown.
[20:08:13] <gynophage> It is dead to me.
[20:08:15] *** Quits: patcdr (~Patrick@96.93.120.250) (Client Quit)
[20:08:21] <WebIRC37424> How many teams go to the final?
[20:08:21] <Ymgve> crippled solution: http://pastebin.com/WFtQf59B
[20:08:31] <[SaH]NGG> yes
[20:08:35] <timpwn> what was the vulnerability in kiss?
[20:08:40] <dave0x6d> managed to get it to segfault it with 2eea b330, 1b80 0853 and 25b7 7d08.
[20:08:40] *** [SaH]NGG is now known as [SpamAndHex]NGG
[20:09:10] *** Joins: repnzscasb (~repnzscas@ns3002224.ip-37-59-58.eu)
[20:09:16] <ar1s> what are the teams already qualified? PPP, Defktor and that's all ?
[20:09:18] *** Quits: WebIRC63991 (~72f661ad@114.246.97.173) (Client Quit)
[20:09:27] <csec> heap
[20:09:29] <[SpamAndHex]KT> ar1s: PPP not
[20:09:31] *** Quits: WebIRC40217 (~d537b08d@213.55.176.141) (Client Quit)
[20:09:31] <[SpamAndHex]AKG> PPP was not
[20:09:33] <WebIRC66557> is there write up of heapfun4u?
[20:09:33] <vito> ar1s: https://legitbs.net/
[20:09:34] <[SpamAndHex]NGG> half of bloop
[20:09:35] <mak> exploit for glados anyone?
[20:09:42] <zardus> thank you, legitbs, as always. see you in vegas!
[20:10:05] <gynophage> zardus: We'll see you from the stage as we announce the winner.
[20:10:08] <mserrano> mak: you can use the fact that it will sometimes call `free` on an uninitialized pointer to create an arbitrary write primitive
[20:10:09] <[SpamAndHex]AKG> mak, we found out the real vuln 35 minutes ago
[20:10:23] <zardus> :-)
[20:10:27] <ar1s> we're #11 :( good luck at vegas guys
[20:10:35] <mak> heh we have a bug, but i wasn't sure i can exploit it
[20:10:40] <b2xiao> Ymgve: Huh, I didn't realize the cap structure could be stabilized
[20:10:48] <mak> mserrano: wasn't free protected?
[20:10:54] *** Quits: FADEC0D3 (~FADEC0D3@c-98-210-237-5.hsd1.ca.comcast.net) (Ping timeout: 240 seconds)
[20:10:58] <[SpamAndHex]KT> <gynophage> do you know whether b1o0p is prequalified as blue-lotus or not? (b1o0p = blue-lotus + 0ops)
[20:10:58] <mserrano> protected how?
[20:11:11] *** Joins: at1as (~at1as@kurios.r4780y.com)
[20:11:12] <at1as> great game, all!
[20:11:12] <vito> they are prequalified
[20:11:19] <mserrano> b2xiao actually wrote the exploit iirc so he probably has the real answers :P
[20:11:29] <mak> normal libc checks?
[20:11:32] <[SpamAndHex]AKG> vito, cool then it means we are qualified as well?
[20:11:35] <b2xiao> Ymgve: we ended up doing b3s23 using only still lifes
[20:11:37] <gynophage> [SpamAndHex]KT: All those details will shake out soon.
[20:11:37] <[SpamAndHex]AKG> (#10)
[20:11:39] <b2xiao> http://pastebin.com/kfvGZykb
[20:11:42] <spq> mak: core #7 didnt init its data ptr and free'd it on destroy even when len was 0 (all other positions checked for len != 0)
[20:11:45] <Ymgve> b2xiao: what cap structure?
[20:11:52] *** Quits: WebIRC76102 (~c6e9cca6@198.233.204.166) (Client Quit)
[20:11:53] <gynophage> I don't want to go promising anybody any spots until after we've slept and looked over the database.
[20:11:53] <vito> [SpamAndHex]AKG: don't want to commit until i've looked at my spreadsheet and not in the mood rn
[20:11:59] <jinmo123> woah,
[20:12:16] <[SpamAndHex]AKG> vito, okay
[20:12:37] <hbw> so for crunchtime, once you set the direction flag... then what?
[20:12:40] <mak> spq: can you share exploit?
[20:12:44] <b2xiao> .XX. X..X XXXX
[20:12:46] <b2xiao> you used the inverse
[20:12:52] <b2xiao> but that's apparently called "cap"
[20:12:54] *** Quits: sirgoon (~root@legitbs.net) (Ping timeout: 240 seconds)
[20:13:18] *** Joins: jordan (~jordan@mx.grusko.fr)
[20:13:45] <jordan> any hint for easier to deal with the uninitialized stack variable ?
[20:13:45] *** Joins: sirgoon (~root@legitbs.net)
[20:13:45] *** ChanServ sets mode: +o sirgoon
[20:13:51] <Ymgve> b2xiao: stable because it's on the edge
[20:13:56] <uri> was there a simple solution for kiss? our solution was rather messy
[20:13:59] <spq> mak: nope, only found the vuln - after i slept it was solved :>
[20:14:01] <ricky> hbw: was that the crc one? You make generate crc go backwards and overwrite pc
[20:14:03] <Ymgve> I had to use the "H" structure later
[20:14:16] <P1kachu> https://twitter.com/0xP1kachu/status/734537663387205632 #baby re writeup :)
[20:14:18] *** Joins: WebIRC71010 (~7748c747@em119-72-199-71.pool.e-mobile.ne.jp)
[20:14:25] <hbw> ricky: whoaaaaa, that's neat! hahaha
[20:14:25] <b2xiao> Ymgve: yeah, I see that. neat
[20:14:32] <jinmo123> @b2xiao cool
[20:14:39] <spq> mak: robbje should have the exploit if you cant find one
[20:14:43] *** Quits: ReidB (~ReidB@198.233.204.166) (Read error: Connection reset by peer)
[20:14:55] <niklasb> so how did y'all solve kiss?
[20:15:03] <b2xiao> so I don't know what to think about using old challenges
[20:15:09] <vito> P1kachu: haha wow
[20:15:19] <Lightning> rop via ld and libc after getting known control of the deref
[20:15:22] <WebIRC22159> gynophage: legit04_patch was broken?
[20:15:31] <Lightning> mine stack pivot’d to system()
[20:15:39] <b2xiao> on the one hand it's a cute idea, on the other it feels weird seeing previously-solved challenges
[20:15:41] *** Joins: lefu (~55da5fd6@85.218.95.214)
[20:15:42] <b2xiao> oh well
[20:15:50] <Murmus> Lightning: how do you get something into rsp?
[20:15:53] <Lightning> b2xiao: they all had bugs that were removed as the original bugs hadn’t been used
[20:16:04] <vito> https://www.irccloud.com/pastebin/RSZNNPsU/baby_re_vito.py
[20:16:04] <spq> how did crunchtime work?
[20:16:05] <Lightning> murmus: mov rsp, rbx in ld
[20:16:05] *** Quits: WebIRC71010 (~7748c747@em119-72-199-71.pool.e-mobile.ne.jp) (Client Quit)
[20:16:06] <[SpamAndHex]AKG> Murmus, which challange?
[20:16:07] <b2xiao> Lightning: I reused my bug from DC2015
[20:16:15] <b2xiao> so that bug wasn't removed
[20:16:22] <niklasb> Lightning: rop with esp=0??
[20:16:26] <vito> P1kachu: i used binary ninja to find the avoid addresses which was 2ez
[20:16:30] <Lightning> spq: flip direction bit in flags so the crc writing will write the wrong direction on the stack giving control of eip
[20:16:32] <vito> but yeah it took me like a day of looking at it on and off
[20:16:38] <b2xiao> err, for secrfrevenge
[20:16:48] <niklasb> Lightning: what is the gadget? and did we need to guess libc?
[20:16:49] <Murmus> mak: I've got an example to trigger the bug, but wasn't able to turn it into a full exploit before hands
[20:16:53] <Ymgve> how did you identify the version of ld and libc for kiss? just assumed it was the same as in other pwns?
[20:16:55] <Lightning> i removed the single eip overwrite that most (all?) used on crunchtime the first time aroun
[20:17:06] <P1kachu> vito: Ahah ! I didn't have much time to solve this year sadly
[20:17:07] *** Joins: Sceptic (~Sceptic@dsl106-194.pool.bitel.net)
[20:17:09] <mak> Murmus: kinda similar as i
[20:17:10] *** Joins: FADEC0D3 (~FADEC0D3@c-98-210-237-5.hsd1.ca.comcast.net)
[20:17:13] <Lightning> niklasb: both libc and ld are at a known offset from the binary, per linux library load design
[20:17:14] <spq> Lightning: hm, ok - thought about that but only tried to overwrite heap structures
[20:17:20] <b2xiao> Lightning: yeah we saw that, actually the df-based exploit is much cuted
[20:17:22] <mak> but i give up, sice i started looking at it 1h ago
[20:17:23] <b2xiao> cuter
[20:17:23] <Lightning> so if you know where the binary is you know where they are without any extra leaks
[20:17:26] <b2xiao> so I liked that one
[20:17:28] <P1kachu> vito: so angr was really helpful
[20:17:33] <niklasb> Lightning: but it depends on libc and OS version...
[20:17:41] <jinmo123> and CRC table was slightly modified right?
[20:17:51] <niklasb> also, how to get the stack pivot? we didn't find any gadgets in the binary or heapfun's libc
[20:17:52] <Murmus> yeah. I see how to do it, and have a whiteboard drawing of turning it something useful, but couldn't quite get everything lined up
[20:17:53] <b2xiao> jinmo123: I think the CRC table was standard but the constant was different
[20:17:57] <ar1s> Lightning: we observed that it was only true on a few distributions, including ubuntu 14.04
[20:17:58] *** Quits: whoisj0hngalt (~46b82536@wsip-70-184-37-54.tu.ok.cox.net) (Client Quit)
[20:17:59] <hj> i am curious about their traffic analysis for this weekend
[20:18:05] <b2xiao> usually it starts with 0xffffffff
[20:18:09] <Lightning> niklasb: libc offset is purely from size, unlike some competitions we try to keep our OS’s stable and common across all
[20:18:13] <hj> heapfun didn not need a stack pivot
[20:18:14] <b2xiao> also: where's my pretty graphs of scores over time
[20:18:15] <jinmo123> @b2xiao ah then my mistake
[20:18:19] <hj> the heap was executable
[20:18:19] *** Quits: WebIRC37424 (~a0104f3b@tk2-215-17305.vs.sakura.ne.jp) (Client Quit)
[20:18:23] <b2xiao> I want to see the scores going down towards the end :P
[20:18:24] *** Quits: ltfish (~fish__@li521-79.members.linode.com) (Ping timeout: 240 seconds)
[20:18:28] <Lightning> so it is easy enough to know, and if not know at least guess as amazon has only certain things that are quick to spin
[20:18:29] <ar1s> niklasb: r_movrsp = 0x001698B
[20:18:47] <jinmo123> it felt really cool when I could use jmp rsp for pwning chall
[20:18:55] <jordan> any hints for easier :'( ?
[20:19:06] <jordan> what was the deal with the uninit stack variables
[20:19:08] *** Quits: shivanshu (~admin@202.3.77.208) (Ping timeout: 252 seconds)
[20:19:09] <jordan> ?
[20:19:10] <mak> btw, was it only me or there was something wrong with /bin/sh on most pwns?
[20:19:19] <WebIRC22159> mak: see topic. it's busybox
[20:19:36] <niklasb> ar1s: could you tell me which libc that was?
[20:19:39] <jinmo123> ah
[20:19:42] <gynophage> execve with a NULL 2nd argument in busy box is bad.
[20:19:44] <jinmo123> argv[0] was important so..
[20:19:45] <ar1s> niklasb: eglibc from ubuntu 14.04
[20:19:47] <soen> what were people's approaches to solving easier? I was using z3 for enc /dec , was there a way to reduce the math?
[20:19:56] <niklasb> ar1s: and you guessed which libc it was?
[20:19:56] <sigtrap_> I'm curious how many teams had a crs for the cgc challenges, and how many challenges were solved automatically
[20:20:05] <niklasb> because other libc's didn't have that gadget I think
[20:20:06] <b2xiao> soen: it's just XTEA with modified constant
[20:20:06] <gynophage> sigtrap_: You did.
[20:20:07] <gynophage> :-p
[20:20:12] <gynophage> How did that work out for you?
[20:20:13] <WebIRC22159> samurai solved all the cgc without a crs
[20:20:15] <Lightning> busybox uses the argument to know what to do, a null argument to the 2nd param of execve results in busybox not knowing what program you are trying to run
[20:20:21] <sigtrap_> lol I didn't, I was the crs
[20:20:27] <ar1s> niklasb: from another vuln in a different service,+ historically legitbs uses ubuntu LTS & same distro everywhere
[20:20:29] <mak> WebIRC22159: was it available during ctf?
[20:20:30] <Lightning> so execve(“/bin/sh”, {“/bin/sh”, 0}, 0); is proper
[20:20:41] <gynophage> Lightning: It's worse than that.
[20:20:45] <soen> b2xiao: oh! thanks...I didn't recognize that when reversing
[20:20:47] <mak> yeah but execve("/bin/sh",0,0) isn't
[20:20:49] <niklasb> ar1s: ok thanks
[20:20:53] <gynophage> busybox actually derefs NULL
[20:20:54] <[SpamAndHex]NGG> we solved all cgcs without crs as well
[20:20:58] <b2xiao> yeah they deliberately made it hard to google by changing const
[20:21:14] *** Quits: L0rdComm4ander (~Adium@2001:690:2100:1b:f031:ba59:a048:5920) (Client Quit)
[20:21:17] <jinmo123> what's crs?
[20:21:20] *** Quits: digitalseraphim (~digitalse@cpe-74-78-215-239.twcny.res.rr.com) (Ping timeout: 252 seconds)
[20:21:39] <sigtrap_> buzzword reasoning system
[20:21:48] <[SpamAndHex]NGG> cyber reasoning system (what they have to make for the darpa challenge)
[20:21:55] <Ymgve> wizard reasoning system
[20:22:03] <jinmo123> ah
[20:22:04] <vito> https://blog.legitbs.net/p/cgc-glossary.html
[20:22:10] <[SpamAndHex]AKG> actually we installed the vm with vagrant 2 days ago
[20:22:23] <WebIRC22159> didn't use the vm :)
[20:22:24] *** Quits: FADEC0D3 (~FADEC0D3@c-98-210-237-5.hsd1.ca.comcast.net) (Ping timeout: 240 seconds)
[20:22:31] <jinmo123> thanks
[20:22:39] <vito> [SpamAndHex]AKG: unless you solved all 1000 cuts by hand, you have a baby crs
[20:22:40] <sigtrap_> yeah I installed vagrant and the decree vm around 4pm yesterday lol
[20:22:42] <ar1s> btw the patched version of Legit_00004 that I submited failed tests, so I submited the unpatched one. It scored :)
[20:22:42] <b2xiao> haha
[20:22:43] <Lightning> more questions?
[20:22:45] *** Quits: selir (~selir@50-89-219-191.res.bhn.net) (Client Quit)
[20:22:53] <riatre> haha yes
[20:22:53] <mak> ar1s: same here;]
[20:22:54] <WebIRC22159> vito: someone fuzzed it and used strings I think
[20:23:00] <WebIRC22159> so...
[20:23:05] <b2xiao> WebIRC22159: pretty much what ours does
[20:23:09] <jinmo123> I'm really curious about secrfrevenge
[20:23:14] <WebIRC22159> I wrote a real solver but they were faster
[20:23:14] <riatre> Submitting the original LEGIT_00004 binary scored.
[20:23:19] <b2xiao> jinmo123: it's nastay
[20:23:19] <WebIRC22159> yep ^^^^
[20:23:21] <Ymgve> was there a way to solve legit_2 with pure XML?
[20:23:28] <jinmo123> wrote exploit for packet but couldn't write encoder
[20:23:34] <jinmo123> I hate it
[20:23:34] <[SpamAndHex]NGG> we used strings and bruteforced the offsets for 1000cuts
[20:23:37] <sigtrap_> did everyone go for a type2 POV on legit2?
[20:23:39] <[SpamAndHex]AKG> vito, thats right, a few lines of python :)
[20:23:46] <ar1s> Ymgve: I think I did
[20:23:50] <Ymgve> sigtrap_: was there any other way
[20:24:06] <niklasb> ar1s:
[20:24:10] <niklasb> sorry
[20:24:15] *** Quits: aradia (~aradia@cblmdm170-253-150-190.maxxsouthbb.net) (Remote host closed the connection)
[20:24:15] <b2xiao> [SpamAndHex]NGG: yep, best way
[20:24:22] <sigtrap_> that's what I'm curious about Ymgve
[20:24:31] <WebIRC41899> Is it top 10 for finals?
[20:24:39] <b2xiao> top 8 who haven't already qualed
[20:24:46] <jinmo123> I couldn't the RF protocol for secrf
[20:24:48] <WebIRC22159> and bloop qual'd
[20:24:51] <timpwn> The solver I wrote for 334 cuts also worked unmodified on 666 and 1000
[20:24:58] <timpwn> Binary analysis
[20:25:05] <niklasb> timpwn: yep same. I don't know what progression they had in mind
[20:25:08] <Admir4l> :'(
[20:25:10] <Admir4l> fuck
[20:25:15] <Lightning> top 8 that qualified that aren’t already pre-qualified
[20:25:18] <Ymgve> I had to modify the .c program to do a negation so you could have TYPE2_ADDR ^ 0xffffffff and then TYPE2_ADDR
[20:25:19] <Admir4l> i'm tired
[20:25:22] <b2xiao> jinmo123: it's FSK, 40 cycles per bit, 1300Hz for a 1 and 2100Hz for a 0
[20:25:22] <Admir4l> with 0 pts
[20:25:25] <sigtrap_> and I didn't use XML b/c I had no idea how to do arithmetic expressions in the xml
[20:25:30] <Lightning> we have to contact the teams, etc
[20:25:33] <jinmo123> aww, meh, rar...
[20:25:34] <Admir4l> i found baby-re in the last minute
[20:25:34] <niklasb> timpwn: was it any smart? because mine was just dumbest possible fuzzing with a hook in strcmp
[20:25:39] <Admir4l> but not solved
[20:25:40] <Admir4l> :'(
[20:25:42] <johncool> actually what are the differences between 334/666/1000 ?
[20:25:43] <ar1s> Ymgve: I paste my xml if you want
[20:25:56] <sigtrap_> ar1s: I'd also be interested
[20:25:58] <niklasb> johncool: 334 hat strcmp at a constant address, 666 vs 1000 I have no idea
[20:26:01] <Ymgve> ar1s: well not in the channel :)
[20:26:05] <b2xiao> to get I plotted the freq response of the two IIR filters
[20:26:13] <Ymgve> pastebin it
[20:26:13] <b2xiao> *to get that
[20:26:17] <ar1s> Ymgve: http://pastebin.com/gM2SJRhu despite the name it's for legit00002
[20:26:28] <b2xiao> and then just did the sin generator with the right frequencies
[20:26:31] <timpwn> niklasb: moderately smart - followed calls from start to vulnerable func, parsed out the buffer and canary offsets (and canary), made crash string - 100% accuracy
[20:26:41] <timpwn> niklasb: this was all static analysis, no need to run the binary
[20:27:01] <niklasb> ok nice
[20:27:06] <Ymgve> ar1s: what is that address at the end?
[20:27:07] <niklasb> did you use angr or something?
[20:27:08] <sigtrap_> ar1s: so you don't use a TYPE2_ADDR?
[20:27:10] <b2xiao> johncool: IIRC between 334 and 666 they added a bunch of random crap that made your exploit fail if you only overwrote LSB of PC
[20:27:11] <riatre> Are there automatical solutions to b3/s23?
[20:27:12] *** Quits: WebIRC1712 (~a0104f3b@tk2-215-17305.vs.sakura.ne.jp) (Client Quit)
[20:27:25] <riatre> Or everyone solved it by hand..
[20:27:31] <ar1s> I hardcoded TYPE2_ADDR
[20:27:32] <Lightning> riatre: i did still life by hand for my solution
[20:27:34] <timpwn> niklasb: just pwnlib. i wouldn't want to use it for anything more complex!
[20:27:39] <withzombies> i scripted my 2000 cuts solution wth binary ninja
[20:27:42] <b2xiao> riatre: we did still life by hand
[20:27:44] <withzombies> and it worked across all the challenges
[20:27:51] <Ymgve> ar1s: how did you get TYPE2_ADDR out of the verifier?
[20:27:51] <jinmo123> me too
[20:27:52] <Lightning> my still life setup called read() into the buffer that is executing
[20:27:54] <withzombies> i was sad when the 1000 cuts challenge only asked for 2 strings
[20:28:00] <withzombies> 10*
[20:28:01] <b2xiao> Lightning: ours too
[20:28:08] <jinmo123> but didn't expected it for 101 pattern
[20:28:11] <WebIRC22159> solved *cuts using ida batch mode and string manipulation
[20:28:18] <Ymgve> Lightning: same way I did it
[20:28:25] <sigtrap_> withzombies: my 334 solution was a bit naieve, assumed a static addr for a func, but once I fixed it to be based off xrefs to the hacker detected string, it worked across all 3 as well
[20:28:33] <ar1s> oh ok. I exported the xml to a .c with pov-xml2c then compiled and submited the bin
[20:28:44] *** Joins: structure (~440eaa68@ip68-14-170-104.ok.ok.cox.net)
[20:28:45] <sigtrap_> naive* even
[20:28:46] <ar1s> I didn't think submitting xml only would work
[20:28:52] *** Quits: gym (~S_a_H]GyM@195.56.169.82) (Client Quit)
[20:28:58] <niklasb> wow Ymgve you're clearly better in shellcoding than I am if you fit getpc + read in there
[20:28:59] <dvx> b2xiao: you just switched between the 2 oscillators? of same amplitude?
[20:29:01] <Lightning> the state space blows up otherwise. the original design was 3x as large screen area until i recompiled the binary with various optimizations and shuffled things resulting in more usable values in the registers
[20:29:01] <sigtrap_> withzombies: did you just scan for the first 3 lea's?
[20:29:01] <niklasb> how much bytes is it?
[20:29:06] <b2xiao> dvx: yes
[20:29:08] <withzombies> sigtrap_: no
[20:29:13] <Lightning> that let me shrink the space and wrap it a bit to avoid the 8 byte alignment for the fun
[20:29:16] <Admir4l> who can help me for understand baby-re good ?
[20:29:19] <Admir4l> :-D
[20:29:20] <b2xiao> here's my secrf exploit
[20:29:21] <b2xiao> https://www.dropbox.com/s/ucdscd4ag97jppz/exploit.wav?dl=0
[20:29:23] <b2xiao> :P
[20:29:24] <Admir4l> :-)
[20:29:25] <Ymgve> niklasb: why getpc? it's already in rbx (last pixel you wrote to)
[20:29:27] <dave0x6d> Admir4l: I posted mine.
[20:29:30] <withzombies> I did it on stack frame sizes and number of calls (to see if the string was inlined)
[20:29:37] <niklasb> Ymgve: hm ok I missed that I guess
[20:29:38] <niklasb> thanks
[20:29:46] <dvx> damn... didn't get the 0 freq right
[20:29:46] <niklasb> goddamit
[20:29:46] *** Quits: jordan (~jordan@mx.grusko.fr) (Client Quit)
[20:29:50] <sigtrap_> I was way too lazy for that
[20:29:58] <jinmo123> wrote ROP payload for that but couldn't exploit
[20:30:04] <dave0x6d> ^ my life.
[20:30:19] <c3> any libc only solution for kiss?
[20:30:20] <b2xiao> jinmo123: which team are you on, out of curiousity
[20:30:26] <Ymgve> how did people solve crippled btw?
[20:30:26] <jinmo123> I dont know!!
[20:30:39] <borski> b2xiao: what was the script you used to solve it?
[20:30:39] <jinmo123> joke
[20:31:26] *** Joins: WebIRC63991 (~72f661ad@114.246.97.173)
[20:32:08] *** Quits: structure (~440eaa68@ip68-14-170-104.ok.ok.cox.net) (Client Quit)
[20:32:17] <Lightning> Ymgve: writing small test apps
[20:32:30] <Lightning> i took a simple compiler and stripped a few things out then shuffled all the math ops
[20:32:58] <Lightning> but the write() function was valid (per the example given to show that existed), that way you could write the binary back to yourself to find that i was mucking with your math ops
[20:33:18] <spq> Ymgve: well, rop into write with a return_read_syscall_nr function before that
[20:33:26] *** Quits: WebIRC63991 (~72f661ad@114.246.97.173) (Client Quit)
[20:33:29] <Ymgve> was there some way to do pure asm or overwrite main()?
[20:33:31] <Lightning> spq: yep
[20:33:43] <Lightning> Ymgve: nope, no pure asm, no #define, no #include, i stripped all that
[20:33:43] <Ymgve> when I overwrote things in global scope it just seemed to hang
[20:34:05] <Lightning> the compiler is very simple. it isn’t gcc or llvm so any of the more complex things can hang the compiler
[20:34:07] <spq> Lightning: i only found + and - being switched ^^
[20:34:14] <Ymgve> spq: you actually messed with the stack?
[20:34:19] <withzombies> sigtrap_: really? binja just lets me query them and i knew the next reference over 21 (the size of the buffer for the canary string) was the size of the buffer you overflowed
[20:34:31] <Lightning> Ymgve: could you message me a simple example of that? I was seeing an odd pointer inf loop during compiling but never had traffic to find what did it
[20:34:39] <wyatt_earp> Lightning: one of our guys was super disappointed when using write to overwrite 1 byte in write() via assignment didn't work
[20:34:41] <Lightning> and being we ran everything in memory there was no file to pull
[20:34:43] <withzombies> then reading out the string was easy on the memcmp
[20:34:53] *** Joins: WebIRC71010 (~b74ac5c0@s997192.xgsspn.imtp.tachikawa.spmode.ne.jp)
[20:35:19] <spq> Ymgve: well, int a;int *b = &a;b[-2] = ret_gadget; or something like that returned into the parent function which had a int rop[32]; array
[20:36:03] <spq> most probably an array alone was enough but that worked and i didnt touch it again :>
[20:36:11] <Lightning> spq: depended on the setup. the actual assembly was randomized when interacting with things but fixed were not swapped as much due to multi-level function parsing for math operation order
[20:36:17] <Ymgve> Lightning: don't have it saved, but it was basically doing int foo(){} then char* foo = "dsadsdas";
[20:36:36] <Ymgve> spq: I did http://pastebin.com/WFtQf59B
[20:36:39] <Lightning> ok, gives me an idea of how to cause trouble as i’d like to fix it :)
[20:36:57] <johncool> ok guys time to sleep here, thanks for the ctf ! See you next year
[20:37:09] *** Quits: WebIRC41899 (~4a657c5c@pool-74-101-124-92.nycmny.fios.verizon.net) (Client Quit)
[20:37:12] <Ymgve> dummy function to set up stack, return value from dummy goes into eax, then call write+5 to skip the eax setup
[20:37:17] *** Quits: SallyCroak (3f9d0d83@m-c.clients.kiwiirc.com) (Client Quit)
[20:37:24] *** Quits: csec (~csec@84-73-203-60.dclient.hispeed.ch) (Ping timeout: 240 seconds)
[20:37:38] <Lightning> cya johncool
[20:37:47] *** Quits: WebIRC66970 (~7748c355@em119-72-195-85.pool.e-mobile.ne.jp) (Client Quit)
[20:37:55] <Lightning> Ymgve: that is similar to what i did
[20:38:12] *** Joins: digitalseraphim (~digitalse@cpe-74-78-215-239.twcny.res.rr.com)
[20:38:15] <sigtrap_> withzombies: I was just so lazy that I did NextHead until GetDisasm contained a lea, first was offset of the oflow buf, 2nd was the canary string, 3rd was offset of canary buff
[20:38:27] *** Quits: [SaH]vasporig (~c338a952@195.56.169.82) (Client Quit)
[20:38:37] *** Quits: add1ct (~add1ct@203.208.200.206) (Read error: Connection reset by peer)
[20:38:41] <spq> Ymgve: http://sprunge.us/TWiC
[20:38:52] <spq> very dirty, didnt clean up after i got the flag :>
[20:39:10] <b2xiao> hehe
[20:39:14] <b2xiao> we just called write+5
[20:39:24] <b2xiao> which because of silly operator crap we wrote as write-7
[20:39:38] <Lightning> :D
[20:39:44] <Lightning> it was crippled/broken
[20:40:05] <Ymgve> look at this garbage https://github.com/legitbs/quals-2016/blob/master/crippled/neatcc.patch
[20:40:08] <withzombies> sigtrap_: i called .stack_layout on my function object ;)
[20:40:24] <Lightning> :)
[20:40:27] <Lightning> look at neatld
[20:40:33] <Lightning> i added in randomizing of the static base
[20:40:34] <sigtrap_> that must've been nice to have :x
[20:41:01] *** Joins: add1ct (~add1ct@203.208.200.206)
[20:41:19] <spq> i expected the compiler to be much more broken so did not try to call write+5 (or -7) so tried the rop directly :>
[20:41:33] *** Quits: gael (~gael@2a01:e34:ec02:c450:c549:5f31:7810:8596) (Client Quit)
[20:41:46] <Lightning> ok, unless you guys have anything else for me i think i’ll start winding down
[20:42:06] *** Quits: uri (~uri@248.red-213-96-13.staticip.rima-tde.net) (Client Quit)
[20:42:36] *** Quits: [SpamAndHex]AKG (~akg@195.56.169.82) (Ping timeout: 252 seconds)
[20:42:55] <Ymgve> I also learned to use capstone in this ctf!
[20:43:16] <Ymgve> did it to easily find instruction length in stage 2 of "step"
[20:43:45] *** Quits: WebIRC71010 (~b74ac5c0@s997192.xgsspn.imtp.tachikawa.spmode.ne.jp) (Client Quit)
[20:43:56] *** Joins: WebIRC71010 (~b74ac5c0@s997192.xgsspn.imtp.tachikawa.spmode.ne.jp)
[20:44:25] *** Quits: WebIRC71010 (~b74ac5c0@s997192.xgsspn.imtp.tachikawa.spmode.ne.jp) (Client Quit)
[20:44:29] <b2xiao> Lightning: so much swapping
[20:44:53] <Lightning> would you have preferred i put 6 months of effort into 1 thing instead of 6? :)
[20:45:01] *** Joins: WebIRC63991 (~de800f6a@222.128.15.106)
[20:45:10] *** Joins: WebIRC71010 (~7748c747@em119-72-199-71.pool.e-mobile.ne.jp)
[20:45:39] *** Quits: WebIRC71010 (~7748c747@em119-72-199-71.pool.e-mobile.ne.jp) (Client Quit)
[20:45:59] <b2xiao> Ymgve: IDA: "ItemSize" + patchbytes in a loop
[20:46:11] *** Quits: rhydis (~rhydis@anon-32-57.vpn.ipredator.se) (Ping timeout: 252 seconds)
[20:46:19] <Ymgve> b2xiao: some day, I'll learn to use IDA scripting
[20:46:41] <Admir4l> me too :'(
[20:46:56] <spq> Ymgve: i wrote a sigaction ld preload .so
[20:47:14] <Lightning> i’m off, if you guys have questions then read a writeup or go look at github source
[20:47:24] <spq> which intercepted the signal handler and dumped the rip
[20:47:27] *** Quits: dvx (~dvx@dyn.144-85-230-014.dsl.vtx.ch) (Remote host closed the connection)
[20:47:32] *** Joins: fish__ (~fish__@li521-79.members.linode.com)
[20:47:43] <b2xiao> spq: haha nice
[20:47:46] <b2xiao> that's a cute solution
[20:47:47] *** Quits: Lightning (~Lightning@legitbs.net) (Client Quit)
[20:48:24] <sigtrap_> gg guys, thanks legitbs ppl, wish I could've played the whole time
[20:48:33] <b2xiao> IDA scripting is so easy though
[20:48:37] <b2xiao> if you know Python
[20:48:38] <b2xiao> http://pastebin.com/akk42scf
[20:48:39] <fish__> guys, is there a solution to easier?
[20:48:46] <b2xiao> that's pretty much all we had
[20:49:29] <fish__> b2xiao: I manually fixed all those xor'ed bytes
[20:49:46] <Ymgve> fish__: I started doing that for one function but then I saw there were lots more
[20:49:58] <q3k> here's my super advanced cyber security autosploiter for [0-9]{1,3} cuts: https://paste.q3k.org/paste/6Q6nXGB6#a48pToKHkSf7b6+9gq1bxHa4nWjN7WBJCaPX6NaoFOP
[20:50:05] <Ymgve> for everyone who liked time_waster https://www.youtube.com/watch?v=2Vguvli1Y0k
[20:50:05] <q3k> ida pro automation is best automation
[20:50:20] <vito> YES thanks Ymgve
[20:50:55] <q3k> can I haz DERPA monies now????
[20:50:56] <Ymgve> I spent _hours_ trying to get a glimpse of those purple letters
[20:50:59] <b2xiao> nice
[20:51:03] <aterribleloss> anyone have a drver for feedme I seem to be missing a something in mine, just stuck cheacking for canaries
[20:51:08] <b2xiao> q3k: that's a very nice script
[20:51:50] *** Joins: ltfish (~fish__@166.170.47.160)
[20:52:36] <gynophage> aterribleloss: I do.
[20:52:57] <gynophage> Did we miss something in the github publish?
[20:53:19] <niklasb> heh that demo is from my town :( but still I wasn't able to run it
[20:53:54] *** Quits: fish__ (~fish__@li521-79.members.linode.com) (Ping timeout: 240 seconds)
[20:53:58] <aterribleloss> ill check
[20:55:01] <[w33]Luwenth> I can't be
[20:55:18] <b2xiao> secrf exploit: https://www.dropbox.com/sh/occqsi0krd2pv3i/AADR4FWuj34wqIDMPE4NIXk2a?dl=0
[20:55:36] <[w33]Luwenth> be-lieve that it took me that long of looking at that problem to get the solution. :( I so totally need to practice more so I don't get this rusty year-over-year
[20:57:53] *** Quits: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net) (Client Quit)
[20:58:31] *** Joins: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net)
[20:58:50] <spq> aterribleloss: http://sprunge.us/hcFJ
[20:59:39] <WebIRC66557> https://2016.legitbs.net/scoreboard/complete is down?
[20:59:46] <q3k> b2xiao: I got stuck trying to understand the DSP functions :<
[20:59:47] <Admir4l> yes
[20:59:53] <gynophage> Yes.
[20:59:59] <WebIRC66557> it will be comeback?
[21:00:03] <gynophage> No.
[21:00:08] <WebIRC66557> :(
[21:00:16] <WebIRC66557> i want to check my rank
[21:00:21] <spq> again, not very clean - tried the autogenerated ropchain (with /bin/sh argv[0] = 0) which didnt work remotely so thought stack would be too short - so i used a stack pivot and 2 stages
[21:00:21] <q3k> b2xiao: I got to some sort of FSM, but couldn't understand the magic between samples -> input to FSM
[21:00:29] <spq> aterribleloss: ^
[21:00:38] <WebIRC66557> is there any plan to announce entire rank?
[21:00:43] <WebIRC22159> no
[21:00:53] *** Quits: c21 (d4101c82@ircip2.mibbit.com) (Client Quit)
[21:01:24] <[SpamAndHex]KT> http://pastebin.com/kHvEqqRa
[21:01:36] <[SpamAndHex]KT> @<WebIRC66557> ^^
[21:01:51] <WebIRC66557> thank you!
[21:02:29] <b2xiao> q3k: so the pipeline is samples -> noise added -> IIR filters for frequencies -> bits -> bit periods -> FSM input
[21:02:52] <q3k> b2xiao: okay, so these were IIR filters
[21:02:53] <b2xiao> where the data is encoded FSK (1300Hz=1, 2100Hz=0), with 40 samples per bit
[21:03:06] *** Joins: fish (~fish@2600:3c01::f03c:91ff:fe73:12d0)
[21:03:08] <b2xiao> yeah the pair of functions that shift a bunch of BSS vars around
[21:03:15] <b2xiao> and then multiply by a bunch of constants
[21:03:21] <q3k> b2xiao: I got that it moved shit around wiht constan...
[21:03:23] <q3k> yeah.
[21:03:31] <q3k> but I couldn't know what it was, not enough math/DSP background :<
[21:03:39] <q3k> b2xiao: nice exploit.
[21:03:56] <aterribleloss> spq: thanks for the info
[21:04:53] *** Quits: dqi (~dqi@165-218-045-062.dynamic.caiway.nl) (Ping timeout: 252 seconds)
[21:07:52] <spq> was there an easier writeup posted?
[21:08:41] <spq> it was intentionally full of useless bugs, right?
[21:09:55] *** Quits: Sceptic (~Sceptic@dsl106-194.pool.bitel.net) (Client Quit)
[21:10:01] <spq> was the diffie hellman code in the beginning actually usefull? i couldnt see where the session secret was used afterwards...
[21:11:02] *** Quits: jinmo123 (~31a5cb56@49.165.203.86) (Client Quit)
[21:11:06] <b2xiao> spq: it wasn't
[21:11:10] <b2xiao> key = {1,2,3,4}
[21:11:18] <b2xiao> DH stuff appears to have been red herring
[21:11:38] <fish> there's DH and TEA
[21:11:51] <fish> just to make reversing people happy I guess?
[21:11:52] * gynophage twiddles thumbs
[21:15:01] *** Quits: n00000b (~3f9b2425@63.155.36.37) (Client Quit)
[21:15:27] *** Quits: lolz (~7cf8ddba@124.248.221.186) (Client Quit)
[21:15:34] * b2xiao goes back to reviewing papers
[21:15:48] * zardus gets back to writing papers
[21:15:51] *** Joins: n00000b (~3f9b2425@63.155.36.37)
[21:17:10] *** Quits: dapan (~77ca50cb@119.202.80.203) (Client Quit)
[21:18:58] *** Quits: Gorge0us (~0eca931d@14-202-147-29.tpgi.com.au) (Quit: Hackint WebIRC - http://hackint.org/)
[21:20:36] *** Joins: Gorge0us (~dab93709@218.185.55.9)
[21:24:43] *** Quits: bigred (~474f28be@cpe-71-79-40-190.cinci.res.rr.com) (Client Quit)
[21:25:16] *** Quits: n00000b (~3f9b2425@63.155.36.37) (Client Quit)
[21:25:36] *** Joins: wh (~960@2400:dd01:1001:112:9c76:4b4d:c5f5:ac2d)
[21:26:09] *** Quits: WebIRC42855 (~7748c747@em119-72-199-71.pool.e-mobile.ne.jp) (Client Quit)
[21:26:20] *** Joins: n00000b (~3f9b2425@63.155.36.37)
[21:27:51] *** Quits: n00000b (~3f9b2425@63.155.36.37) (Client Quit)
[21:29:53] *** Quits: WebIRC52470 (~316dd1d5@u1009213.xgsnun301.imtp.tachikawa.mopera.net) (Client Quit)
[21:32:20] *** Joins: WebIRC25733 (~d0573b63@208.87.59.99)
[21:33:15] *** Quits: b2xiao (~b2xiao@c-71-227-234-234.hsd1.wa.comcast.net) (Client Quit)
[21:33:30] *** Joins: lolz (~7cf8ddba@124.248.221.186)
[21:33:35] *** Joins: tyega (~tyega@www19456ue.sakura.ne.jp)
[21:35:19] *** Quits: ltfish (~fish__@166.170.47.160) (Ping timeout: 252 seconds)
[21:36:34] *** Quits: WebIRC66557 (~d25e2959@210.94.41.89) (Client Quit)
[21:36:50] *** Joins: WebIRC76102 (~43a157db@c-67-161-87-219.hsd1.wa.comcast.net)
[21:39:20] <vito> gets back to toilet paper
[21:39:48] <Admir4l> by�
[21:39:50] <Admir4l> all
[21:39:53] <Admir4l> good night :)
[21:40:38] *** Quits: WebIRC76167 (~cb68807b@203.104.128.123) (Client Quit)
[21:40:40] <gynophage> One more thing:
[21:40:41] <gynophage> https://hub.docker.com/r/legitbs/
[21:40:42] <gynophage> <3
[21:41:15] <Admir4l> <3
[21:43:23] *** Quits: cybint1122 (~cybint112@192.117.175.226) (Ping timeout: 252 seconds)
[21:45:07] *** Quits: WebIRC25733 (~d0573b63@208.87.59.99) (Client Quit)
[21:47:04] *** Joins: WebIRC61265 (~318c5522@49.140.85.34)
[21:47:36] *** Joins: WebIRC71010 (~b74ac5c0@s997192.xgsspn.imtp.tachikawa.spmode.ne.jp)
[21:49:48] *** Quits: WebIRC71010 (~b74ac5c0@s997192.xgsspn.imtp.tachikawa.spmode.ne.jp) (Client Quit)
[21:50:00] *** Quits: WebIRC22159 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net) (Client Quit)
[21:58:13] <[w33]Luwenth> gynophage: Docker images?? <3!!!!
[21:59:12] <e^ipi> that's pretty super
[21:59:29] <gynophage> Those are as we ran them (I'm pretty sure)
[21:59:50] <gynophage> If you find that to be untrue, please let me know and I'll update it.
[22:00:19] <gynophage> I THINK most entrypoints got updated. But our services were generated into runc containers for speed reasons.
[22:01:06] <gynophage> So, there may be some disconnect. I spot tested a few. And obviously the cgc ones need a cgc kernel to run.
[22:01:29] *** Quits: jinblack (~jinblack@host110-149-dynamic.50-79-r.retail.telecomitalia.it) (Remote host closed the connection)
[22:03:16] *** Quits: digitalseraphim (~digitalse@cpe-74-78-215-239.twcny.res.rr.com) (Ping timeout: 252 seconds)
[22:03:38] *** Quits: rg (~rg@S010600fc8da50eb3.cg.shawcable.net) (Ping timeout: 252 seconds)
[22:05:27] <tylerni7> super awesome to release that :) thanks legitbs crew <3
[22:05:39] *** Joins: WebIRC71010 (~b74ac5c0@s997192.xgsspn.imtp.tachikawa.spmode.ne.jp)
[22:05:41] <Admir4l> tylerni7 good job brother ^^
[22:06:05] <Admir4l> @tylerni7 really your are great hacker in the earth :D
[22:06:31] <tylerni7> lolol, I solved like nothing on PPP, I kept getting sniped by b2xiao who solved everything faster
[22:06:42] <Admir4l> wow :D
[22:06:43] <Admir4l> xD
[22:06:46] <Admir4l> good
[22:06:54] <Admir4l> i want to talking with b2xiao :D
[22:07:04] <Admir4l> i want to learn somethings ^^
[22:08:01] *** Quits: WebIRC71010 (~b74ac5c0@s997192.xgsspn.imtp.tachikawa.spmode.ne.jp) (Client Quit)
[22:09:35] *** Joins: WebIRC71010 (~b74ac5c0@s997192.xgsspn.imtp.tachikawa.spmode.ne.jp)
[22:11:12] <q3k> gynophage: that's a pretty sweet setup
[22:11:34] <q3k> gynophage: I'm thinking of doing similar for the dragonsector ctf - currently we just have tarballs extracted into ubuntu chroots running under nsjail
[22:11:37] *** Joins: WebIRC30394 (~7ecca453@om126204164083.6.openmobile.ne.jp)
[22:11:43] *** Joins: spk (~6c1c097f@pool-108-28-9-127.washdc.fios.verizon.net)
[22:11:52] <q3k> gynophage: letting task authors develop on docker and then running on nsjail would probably be better
[22:12:00] <q3k> *and then run
[22:12:13] *** Quits: WebIRC71010 (~b74ac5c0@s997192.xgsspn.imtp.tachikawa.spmode.ne.jp) (Client Quit)
[22:12:31] *** Quits: halb (~1817b6be@c-24-23-182-190.hsd1.ca.comcast.net) (Client Quit)
[22:12:55] <gynophage> q3k - you probably want runc
[22:13:13] <gynophage> It injests a docker export.
[22:13:20] <gynophage> And it supports seccomp natively.
[22:13:29] *** Joins: WebIRC71010 (~b74ac5c0@s997192.xgsspn.imtp.tachikawa.spmode.ne.jp)
[22:13:32] <gynophage> That's what we did.
[22:13:42] <gynophage> We didn't use seccomp.
[22:14:08] <gynophage> But, docker takes too long to spin a container on each connection.
[22:14:19] <gynophage> I may be working on something less hacky.
[22:14:24] <gynophage> Now that I have free time.
[22:14:26] *** Quits: b3h3m0th (uid26288@id-26288.ealing.irccloud.com) (Client Quit)
[22:15:36] <q3k> gynophage: I'll look into runc, never seen it before. nsjail is nice because it kind of knows it'll be running malicious code
[22:15:50] <q3k> gynophage: and has a builtin xinetd-like sever with rlimits per connections
[22:16:03] <q3k> gynophage: (so no need to have alarm()'s in tasks, etc)
[22:16:13] <gynophage> Ohh. That's nice.
[22:16:46] <gynophage> I prefer posix timers.
[22:17:27] <gynophage> You set them, they live across a fork, and then you seccomp the posix timers API.
[22:18:05] <gynophage> rlimits always bothered me because they don't count time unless the process is doing work.
[22:18:06] <e^ipi> q3k: i use solaris branded zones for that. if your code tries to do anything janky, it's not supported by the kernel anyway
[22:18:09] <memed4> gynophage: could I ask about problem easier?
[22:18:13] <gynophage> alarm is too easy to undo.
[22:18:15] *** Quits: WebIRC71010 (~b74ac5c0@s997192.xgsspn.imtp.tachikawa.spmode.ne.jp) (Client Quit)
[22:19:08] <Ymgve> in-program alarm is so annoying
[22:19:20] <Ymgve> "why did gdb just say my program finished?"
[22:19:33] <q3k> gynophage: nsjail just polls running jails to see if they're over their limit, heh
[22:19:50] <tylerni7> yeah.. like obviously it's not hard to patch out, but it is slightly annoying to not just be able to run something and interact with it while testing...
[22:19:53] <q3k> gynophage: web scale programming
[22:20:11] <q3k> e^ipi: well, if you want every CTF task to be a solaris task...
[22:20:11] <gynophage> We have a watcher that does that too.
[22:20:39] *** Parts: Antisocial_Engineering (~nodebot@pool-173-69-152-69.bltmmd.fios.verizon.net) ()
[22:20:40] <gynophage> I don't like any extra code in process.
[22:20:45] *** Quits: Admir4l (~IceChat78@105.158.135.13) (Client Quit)
[22:20:46] <q3k> yeah
[22:20:48] <gynophage> I HATED ddtek backdoored.
[22:21:06] <q3k> ...the badger task had an alarm :/
[22:21:19] *** Joins: WebIRC71010 (~b74ac5c0@s997192.xgsspn.imtp.tachikawa.spmode.ne.jp)
[22:22:39] *** Quits: WebIRC71010 (~b74ac5c0@s997192.xgsspn.imtp.tachikawa.spmode.ne.jp) (Client Quit)
[22:22:45] <gynophage> Badger was quickly ported from the msp430.
[22:23:09] <q3k> ...badger had an alarm on the msp430? :V
[22:23:26] *** Quits: WebIRC30394 (~7ecca453@om126204164083.6.openmobile.ne.jp) (Client Quit)
[22:23:37] <[w33]Luwenth> I think I'm missing something simple here. Got docker installed, ran through their short tutorial and docker/whalesay works fine. I created the updated image and ran that fine. When I do a 'docker run easy-prasky' I get: docker: Error response from daemon: Container command '/home/${service}/runner.py' not found or does not exist..
[22:23:56] <sirgoon> no it did not =p
[22:23:56] <q3k> [w33]Luwenth: ENTRYPOINT broken..?
[22:24:04] <[w33]Luwenth> Debugging, I used: docker run -it legitbs/easy-prasky bash --- logged in, $service is set, and the path is there.
[22:24:16] <[w33]Luwenth> q3k: Is that what docker pays attention to?
[22:24:30] <q3k> sirgoon: you were supposed to release some docs on the origin badger, yo
[22:24:30] <sirgoon> it also had the flag file memory mapped since I wrote the verilog code for the FPGA to map it in
[22:24:33] <q3k> sirgoon: I still have mine
[22:24:38] <q3k> sirgoon: battery puffed and all
[22:24:44] <sirgoon> cheap batteries
[22:24:49] <sirgoon> we tried to cover them in silicone
[22:24:51] <q3k> sirgoon: waiting for a pin UCF so I can reflash it with something fun
[22:25:24] <q3k> i dunno, that spartan should be enough to host some NES reimplementation
[22:25:32] <sirgoon> it might
[22:25:40] <Ymgve> for next defcon quals, please have a web challenge: https://www.w3.org/Daemon/
[22:25:42] <sirgoon> screen resolution is sufficient?
[22:25:56] <q3k> sirgoon: good question, no idea
[22:26:04] <sirgoon> Spartan-6 LX-9 had enough BRAM for 64K of RAM/ROM
[22:26:14] <q3k> sirgoon: I know GB is pretty low res, a bit more than 128x128
[22:26:21] <sirgoon> plus you have a very capable RF chipset too
[22:26:24] <q3k> (GB=the gameboy)
[22:26:33] <sirgoon> could get about a mile or two of range out of it at a lower bit rate
[22:27:11] <sirgoon> it also had 1MBit of SPI SRAM
[22:27:38] <[w33]Luwenth> q3k: Is there a way to view the Dockerfile for an docker image I've pulled?
[22:27:48] <[w33]Luwenth> Here, let me google that for myself :)
[22:28:05] <q3k> [w33]Luwenth: depends whether the docker image tasks uploaded it to the docker hub, or just pushed the images
[22:28:12] <q3k> [w33]Luwenth: you can do some inspection of an image
[22:28:28] <q3k> [w33]Luwenth: that gives you a JSON with stuff like the default entrypoint and cmdline
[22:28:54] <sirgoon> did b2xiao share the wav file of their sploit for secrf?
[22:29:28] <tylerni7> sirgoon: he uploaded his script, and posted a dropbox link on here just a bit ago
[22:29:31] <q3k> yeah, it's somewhere there ^
[22:29:41] <sirgoon> awesome :)
[22:29:47] *** Joins: WebIRC30394 (~7ecca453@om126204164083.6.openmobile.ne.jp)
[22:29:51] <q3k> b2xiao | here's my secrf exploit
[22:29:53] <q3k> b2xiao | https://www.dropbox.com/s/ucdscd4ag97jppz/exploit.wav?dl=0
[22:29:55] <q3k> b2xiao | :P
[22:30:19] <[w33]Luwenth> q3k: Thanks, I did find the json blob that described the image, and the command is there. But it's acting like it doesn't know how to set $service when I just do a run. I have a feeling I need to feed a setting somehow so hunting how that works.
[22:30:38] <q3k> not sure how variable interpolation in the entrypoint works tbh
[22:30:43] <sirgoon> the FSK receiver was tuned to 1200 Hz and 2200Hz, (Dell 303 Modem)
[22:30:46] <q3k> I didn't even know you could do that
[22:30:53] *** Joins: structure (~440eaa68@ip68-14-170-104.ok.ok.cox.net)
[22:30:53] <sirgoon> *Bell 202 modem
[22:31:14] <e^ipi> q3k: actually a retro CTF would be kinda neat
[22:31:17] <sirgoon> tho the bit rate was much lower
[22:31:24] <e^ipi> "here's some IRIX, here's some Solaris, here's VMS... have at it"
[22:31:31] <e^ipi> here's that connor kids mainframe, good luck.
[22:31:39] <q3k> e^ipi: well, there was Itanium at the CONFidence CTF we organized two days ago
[22:31:46] <e^ipi> ... what?
[22:31:46] <q3k> e^ipi: I wanted to get HPUX on it
[22:31:47] <[w33]Luwenth> God, I've managed 2 out of 3 of those, and used all 3 of them
[22:31:56] <q3k> e^ipi: next up is SPARC... maybe? :3
[22:32:06] <[w33]Luwenth> But really, can we have SunOS 4.1.6u3 (I think I have the versioning correct)
[22:32:07] *** Quits: tyega (~tyega@www19456ue.sakura.ne.jp) (Remote host closed the connection)
[22:32:10] <sirgoon> sparc... you can buy old servers on ebay pretty cheap
[22:32:14] *** Joins: WebIRC71010 (~b74ac5c0@s997192.xgsspn.imtp.tachikawa.spmode.ne.jp)
[22:32:16] <sirgoon> they just weigh a ton
[22:32:17] <q3k> sirgoon: ...I know, right.
[22:32:19] <[w33]Luwenth> I have a U60 in my garage...
[22:32:22] <e^ipi> yeah you can pull them out of the trash too...
[22:32:28] <sirgoon> don't ask me how I know about that...
[22:32:30] <q3k> https://twitter.com/q3k/status/733029665959464960
[22:32:36] <e^ipi> i've got a blade1000 in my mom's garage
[22:32:41] *** Quits: structure (~440eaa68@ip68-14-170-104.ok.ok.cox.net) (Client Quit)
[22:32:59] <e^ipi> best workstation sun ever built. previous to that, U2.
[22:33:04] <sirgoon> those sparcs use a lot of power too
[22:33:17] <e^ipi> anyway. Goog's CTF used POWER
[22:33:17] *** Quits: WebIRC71010 (~b74ac5c0@s997192.xgsspn.imtp.tachikawa.spmode.ne.jp) (Client Quit)
[22:33:24] <e^ipi> so, it's not unprecedented
[22:33:32] <q3k> e^ipi: we had a POWER task, too
[22:33:33] <[w33]Luwenth> Ugh, I see the Env settings, I see the Cmd uses the $service that is set in Env.
[22:33:41] <q3k> e^ipi: nobody solved either the POWER or Itanium task :<<<
[22:33:45] <[w33]Luwenth> It all looks good so far.
[22:33:47] <e^ipi> q3k: what CTF was this?
[22:33:55] <e^ipi> it sounds like I wish I were in it
[22:34:03] <e^ipi> i have... a weird thing with Itanic. I think it's super.
[22:34:05] <q3k> e^ipi: https://ctftime.org/event/308
[22:34:13] <sirgoon> ctf on xbox360?
[22:34:22] <sirgoon> lol
[22:34:23] <q3k> e^ipi: we would've also had a task for the online teaser, but we couldn't get it colocated up until then
[22:34:49] <e^ipi> oh it was in poland, no wonder i couldn't be there
[22:35:00] <q3k> yeah.
[22:35:11] <q3k> we're really thinking of making a serious online CTF soon
[22:35:16] <q3k> but -ENOTIME
[22:35:22] *** Joins: tyega (~tyega@www19456ue.sakura.ne.jp)
[22:35:27] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[22:35:34] <e^ipi> ain't that always the case...
[22:35:43] <q3k> yeah.
[22:35:50] <sirgoon> I remember life before running DEFCON
[22:35:53] <sirgoon> sooo much free time
[22:35:56] <q3k> lol
[22:36:03] *** Quits: cx (~Adium@189.217.214.103) (Client Quit)
[22:36:54] <memed4> anyone here could I ask for easier...
[22:37:18] *** Quits: WebIRC30394 (~7ecca453@om126204164083.6.openmobile.ne.jp) (Client Quit)
[22:37:42] <[w33]Luwenth> Ahh... found it. runner.py's first line is borked. It should be /usr/bin/env not /bin/env
[22:38:01] *** Joins: WebIRC71010 (~b74ac5c0@s997192.xgsspn.imtp.tachikawa.spmode.ne.jp)
[22:39:22] *** Quits: WebIRC71010 (~b74ac5c0@s997192.xgsspn.imtp.tachikawa.spmode.ne.jp) (Client Quit)
[22:40:17] *** Joins: WebIRC30394 (~7ecca453@om126204164083.6.openmobile.ne.jp)
[22:41:25] <zozo> i see g, nice cgc, :))
[22:41:36] <zozo> great ctf
[22:41:44] <vito> [w33]Luwenth: oops
[22:46:37] *** Quits: Gorge0us (~dab93709@218.185.55.9) (Client Quit)
[22:47:16] *** Joins: WebIRC71010 (~b74ac5c0@s997192.xgsspn.imtp.tachikawa.spmode.ne.jp)
[22:47:26] *** Quits: WebIRC71010 (~b74ac5c0@s997192.xgsspn.imtp.tachikawa.spmode.ne.jp) (Client Quit)
[22:48:54] *** Quits: tyega (~tyega@www19456ue.sakura.ne.jp) (Remote host closed the connection)
[22:49:13] *** Parts: xyz (sid126543@2604:8300:100:200b:6667:5:1:ee4f) ()
[22:51:35] <zozo> how can you handle signal in step?
[22:52:52] <Ymgve> you don't
[22:53:10] <Ymgve> you statically RE what the handler does :)
[22:53:21] <zozo> 'timeskip' also interesting, waiting for solution...
[22:55:16] *** Quits: WebIRC75432 (~6e4c6541@110.76.101.65) (Client Quit)
[22:55:30] *** Quits: WebIRC30394 (~7ecca453@om126204164083.6.openmobile.ne.jp) (Client Quit)
[22:56:19] *** Joins: cgg (~734a51f1@115.74.81.241)
[22:56:39] *** Joins: WebIRC30394 (~7ecca453@om126204164083.6.openmobile.ne.jp)
[22:57:17] <vito> timeskip is great
[22:57:18] <vito> https://pbs.twimg.com/media/CjGLu8sWYAUdaQh.png:large
[22:57:28] <vito> h/t to lightning for that one
[22:58:04] *** Quits: WebIRC30394 (~7ecca453@om126204164083.6.openmobile.ne.jp) (Client Quit)
[22:58:28] <cgg> vito: how do you debug the LEGIT_00002?
[22:58:37] <vito> gdb in a cgc vm
[22:58:42] <vito> and other acronyms
[22:58:54] <vito> http://cgc-docs.legitbs.net/cgc-release-documentation/walk-throughs/debugging-a-cb/
[22:59:08] <cgg> it's ok to debug the other chals, not LEGIT_00002
[22:59:12] *** Joins: tyega (~tyega@www19456ue.sakura.ne.jp)
[22:59:24] *** Joins: WebIRC30394 (~7ecca453@om126204164083.6.openmobile.ne.jp)
[22:59:38] <vito> vºv i didn't actually look at that one myself
[22:59:52] <cgg> transmit(0, "Enter the length: ", 18, [0]) = -1 EBADF (Operation not permitted)
[22:59:54] *** Quits: WebIRC30394 (~7ecca453@om126204164083.6.openmobile.ne.jp) (Client Quit)
[22:59:56] <Ymgve> oh right, legit_00002 tries to write to fp 0
[23:00:02] <Ymgve> I patched the binary
[23:00:27] <cgg> yes, because of the mmap
[23:00:53] <[w33]Luwenth> vito: Any chance you can get a corrected version up? (I expect you guys wrote a new runner.py)
[23:01:04] <vito> [w33]Luwenth: for which one?
[23:01:22] <cgg> but i don't know why the LEGIT_00002 behave differently
[23:01:43] <[w33]Luwenth> easy-prasky
[23:02:02] <vito> https://gist.github.com/vito-lbs/124f7b33bc148d3a06ab7e0dcd9f2a7c
[23:02:04] <cgg> eg: if you run ./LEGIT_00002, it works, but if you run ./LEGIT_00002 < input, it fails to run
[23:02:06] <vito> afaik this is correct to production
[23:02:15] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[23:02:28] <vito> but that /bin/env thing would explain why the runc file has to run `python` that
[23:02:32] * vito checks runc
[23:02:34] <Ymgve> cgg: the other binaries use 1 for transmit
[23:02:52] <[w33]Luwenth> the docker image legitbs/easy-prasky has the same script. /bin/env doesn't exist.
[23:03:14] <vito> "python", "-u", "runner.py"
[23:03:18] <vito> heh welf
[23:03:19] *** Joins: WebIRC30394 (~7eed74b1@om126237116177.9.openmobile.ne.jp)
[23:03:23] <vito> python -u runner.py then
[23:03:25] *** Quits: tyega (~tyega@www19456ue.sakura.ne.jp) (Remote host closed the connection)
[23:03:37] <[w33]Luwenth> heh, okay then :)
[23:04:26] <[w33]Luwenth> That's not the Cmd that shows up in docker inspect :)
[23:04:35] <vito> yeah, we used runc in prod, not docker
[23:04:50] <[w33]Luwenth> Oh.
[23:04:58] <[w33]Luwenth> *laugh* Okay then
[23:05:03] <vito> good to know, but have to defer to gynophage for docker stuff, and he's indisposed for a while vºv
[23:05:34] <vito> depending on that docker in a dockerfile and then CMD python -u runner.py should work
[23:05:45] <vito> but i don't have a cgc kernel with docker enabled handy
[23:06:02] <[w33]Luwenth> No worries, I figured i'd have to figure that part of it out
[23:06:36] *** Quits: cgg (~734a51f1@115.74.81.241) (Client Quit)
[23:07:03] <[w33]Luwenth> that seems to work, except for the acting as a service part. Will struggle with it later, food now.
[23:07:52] *** Joins: tyega (~tyega@www19456ue.sakura.ne.jp)
[23:08:14] *** Quits: mak (~mak@user-31-174-111-84.play-internet.pl) (Remote host closed the connection)
[23:11:21] *** Quits: WebIRC30394 (~7eed74b1@om126237116177.9.openmobile.ne.jp) (Client Quit)
[23:12:40] *** Quits: tyega (~tyega@www19456ue.sakura.ne.jp) (Remote host closed the connection)
[23:13:28] *** Joins: fish__ (~fish__@166.170.47.160)
[23:13:55] <vito> 👍🏻
[23:19:45] *** Joins: structure (~440eaa68@ip68-14-170-104.ok.ok.cox.net)
[23:21:17] *** Joins: anotherctfer (~d8a94d9c@216.169.77.156)
[23:21:36] *** Joins: tyega (~tyega@www19456ue.sakura.ne.jp)
[23:21:57] *** Joins: [SpamAndHex]AKG (~akg@acskurucz.sch.bme.hu)
[23:24:16] *** Quits: tyega (~tyega@www19456ue.sakura.ne.jp) (Remote host closed the connection)
[23:24:51] *** Quits: fish__ (~fish__@166.170.47.160) (Remote host closed the connection)
[23:25:26] *** Quits: structure (~440eaa68@ip68-14-170-104.ok.ok.cox.net) (Client Quit)
[23:25:30] *** Joins: tyega (~tyega@www19456ue.sakura.ne.jp)
[23:34:29] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[23:40:36] *** Joins: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net)
[23:40:51] *** Quits: tyega (~tyega@www19456ue.sakura.ne.jp) (Remote host closed the connection)
[23:41:24] <WebIRC47048> gynophage: can you say whether performance will affect points during finals?
[23:43:31] *** Quits: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net) (Client Quit)
[23:43:37] *** Joins: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net)
[23:48:08] *** Quits: lolz (~7cf8ddba@124.248.221.186) (Client Quit)
[23:49:01] <zardus> if it doesn't, it'll really throw our crs for a loop
[23:49:02] <zardus> ;-)
[23:51:33] <vito> WebIRC35378: it absolutely will
[23:52:11] <vito> have to incentivize you bastards to use less cluster time
[23:53:20] *** Joins: WebIRC25733 (~d0573b63@208.87.59.99)
[23:55:51] *** Joins: cx (~Adium@189.217.214.103)
[23:57:03] <WebIRC47048> vito: isn't that a perverse incentive to optimize random parts of our services?
[23:57:15] <vito> optimize all the parts
[23:57:37] <WebIRC47048> weird.
[23:58:17] *** Quits: kkk (~kkkk@101.87.235.99) (Client Quit)
[23:58:57] <vito> multiple dimensions of perf too: binary size, maxrss, time
[00:01:11] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[00:01:48] * vito sleeps
[00:01:54] *** Joins: tyega (~tyega@www19456ue.sakura.ne.jp)
[00:02:05] *** Quits: WebIRC61265 (~318c5522@49.140.85.34) (Client Quit)
[00:03:06] *** Joins: FinishOption (~43eed4e4@nc-67-238-212-228.dhcp.embarqhsd.net)
[00:04:15] *** Quits: FinishOption (~43eed4e4@nc-67-238-212-228.dhcp.embarqhsd.net) (Client Quit)
[00:05:15] *** Quits: WebIRC25733 (~d0573b63@208.87.59.99) (Client Quit)
[00:05:22] *** Joins: WebIRC25733 (~d0573b63@208.87.59.99)
[00:06:50] *** Quits: q1a1 (~Thunderbi@111.93.218.4) (Ping timeout: 252 seconds)
[00:14:28] *** Quits: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net) (Client Quit)
[00:14:28] *** Joins: kkk (~kkkk@202.120.39.99)
[00:14:53] *** Joins: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net)
[00:17:53] *** Parts: attobit (~grumpy@cpe-172-74-75-231.nc.res.rr.com) ()
[00:38:22] *** Quits: t1deman (~t1deman@173-21-155-204.client.mchsi.com) (Ping timeout: 252 seconds)
[00:40:15] <WebIRC47048> vito: so this sounds way different from previous defcon scoring
[00:48:26] <WebIRC47048> vito: does the same apply to povs or just services?
[00:52:47] <gynophage> I'll fix the /bin/env thing.
[00:53:26] <gynophage> Sorry. Like Vito said - it was lost in translation. runc spec doesn't parse entrypoint.
[00:55:58] <gynophage> Also, the cgc images have the huge "must have cgc kernel" caveat.
[00:56:20] <gynophage> I dunno if I'm gonna get the images updated tonight. I just drove 180 miles.
[01:04:55] <WebIRC47048> any idea how much perf/footprint will affect scoring, and whether it will be just services or also povs?
[01:05:40] *** Parts: hugsy (~hugsy@blah.cat) (Connection reset by beer)
[01:06:26] <[w33]Luwenth> gynophage: When you get a chance is fine, thanks :)
[01:06:43] <[w33]Luwenth> we're going to keep bashing on them and having the real puzzle to bash will be nice :)
[01:06:44] <zardus> WebIRC47048: welcome to our hell: https://github.com/CyberGrandChallenge/cgc-release-documentation/blob/master/walk-throughs/scoring-cbs.md, https://cgc.darpa.mil/CGC_FAQ.pdf
[01:08:34] <WebIRC47048> thanks!
[01:09:29] <WebIRC47048> so that indicates just challenge binaries are scored and pov efficiency doesn't matter as much
[01:10:15] <WebIRC47048> still bugs me that tis-100-cheating-style cycle hacks could help my defcon finals score
[01:13:36] <WebIRC47048> also what about round times?
[01:15:51] *** Quits: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net) (Client Quit)
[01:16:21] *** Joins: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net)
[01:24:07] *** Quits: tyega (~tyega@www19456ue.sakura.ne.jp) (Ping timeout: 252 seconds)
[01:26:23] *** Joins: tyega (~tyega@www19456ue.sakura.ne.jp)
[01:27:42] *** Quits: sudhackar (~sudhackar@42.104.127.5) (Client Quit)
[01:33:17] *** Quits: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net) (Client Quit)
[01:33:23] *** Joins: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net)
[01:34:23] *** Quits: WebIRC25733 (~d0573b63@208.87.59.99) (Client Quit)
[01:34:31] *** Joins: WebIRC25733 (~d0573b63@208.87.59.99)
[01:43:40] *** Quits: tyega (~tyega@www19456ue.sakura.ne.jp) (Remote host closed the connection)
[01:44:03] *** Joins: tyega (~tyega@www19456ue.sakura.ne.jp)
[01:45:03] *** Quits: WebIRC25733 (~d0573b63@208.87.59.99) (Client Quit)
[01:45:10] *** Joins: WebIRC25733 (~d0573b63@208.87.59.99)
[01:50:22] <zardus> WebIRC47048: err, sorry. the POVs matter a ton. Check out: https://cgc.darpa.mil/CGC_Rules_18_Nov_14_Version_3.pdf
[01:50:53] <zardus> gdi, so many docs
[01:51:21] <zardus> check out the scoring in the FAQ :-)
[01:51:21] *** Quits: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net) (Client Quit)
[01:52:21] *** Quits: WebIRC25733 (~d0573b63@208.87.59.99) (Client Quit)
[01:52:27] *** Joins: WebIRC25733 (~d0573b63@208.87.59.99)
[01:53:41] *** Joins: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net)
[01:57:31] *** Quits: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net) (Client Quit)
[01:58:56] *** Quits: WebIRC25733 (~d0573b63@208.87.59.99) (Client Quit)
[01:59:46] *** Quits: dt (~dt@107.170.206.167) (Client Quit)
[02:02:27] *** Joins: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net)
[02:04:41] *** Quits: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net) (Client Quit)
[02:04:55] *** Joins: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net)
[02:07:21] *** Quits: visi_is_jizi (~visi_is_j@c-50-131-48-109.hsd1.ca.comcast.net) (Quit: leaving)
[02:08:17] *** Quits: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net) (Client Quit)
[02:09:35] *** Joins: jinmo123 (~31a5cb56@49.165.203.86)
[02:10:15] *** Parts: mx_ (~maxi@53.45.196.104.bc.googleusercontent.com) ()
[02:10:57] *** Joins: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net)
[02:12:23] *** Quits: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net) (Client Quit)
[02:16:10] *** Quits: cx (~Adium@189.217.214.103) (Client Quit)
[02:17:10] *** Quits: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net) (Client Quit)
[02:17:45] *** Joins: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net)
[02:20:29] *** Quits: jinmo123 (~31a5cb56@49.165.203.86) (Client Quit)
[02:23:28] *** Quits: lefu (~55da5fd6@85.218.95.214) (Client Quit)
[02:23:36] *** Parts: dahlukeh (~luke@user-31-175-40-2.play-internet.pl) ()
[02:26:07] *** Quits: add1ct (~add1ct@203.208.200.206) (Read error: Connection reset by peer)
[02:28:26] *** Joins: add1ct (~add1ct@203.208.200.206)
[02:30:40] *** Joins: t1deman (~t1deman@173-21-155-204.client.mchsi.com)
[02:35:15] *** Quits: t1deman (~t1deman@173-21-155-204.client.mchsi.com) (Ping timeout: 252 seconds)
[02:37:17] *** Quits: WebIRC76102 (~43a157db@c-67-161-87-219.hsd1.wa.comcast.net) (Client Quit)
[02:39:00] *** Joins: Ninn (~rekt@85.204.132.144.ip4.gigabit.dk)
[02:46:32] *** Joins: jinmo123 (~a3980337@163.152.3.55)
[02:49:21] *** Joins: dqi (~dqi@165-218-045-062.dynamic.caiway.nl)
[02:53:32] *** Quits: wmliang (wmliang@alumni.cs.nctu.edu.tw) (Client Quit)
[03:02:45] *** Quits: jinmo123 (~a3980337@163.152.3.55) (Client Quit)
[03:03:35] *** Joins: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net)
[03:06:02] *** Parts: xiao (~xiao@0408ds4-soeb.0.fullrate.ninja) ()
[03:06:50] *** Joins: WebIRC76102 (~43a157db@c-67-161-87-219.hsd1.wa.comcast.net)
[03:07:24] *** Joins: jinmo123x (~a3980337@163.152.3.55)
[03:11:51] *** Joins: n2n (~6f5d97d2@111.93.151.210)
[03:17:21] <e^ipi> in re CGC, has anyone actually published a cgc engine as a sort of idea of where to start?
[03:17:28] *** Joins: lefu (~2e8c48ca@46.140.72.202)
[03:18:03] <zardus> like, a CRS?
[03:19:29] *** Quits: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net) (Client Quit)
[03:19:41] *** Joins: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net)
[03:21:27] <e^ipi> uhh
[03:21:32] <e^ipi> okay?
[03:21:44] <WebIRC47048> you mean the automated solving and patching code?
[03:21:52] <e^ipi> yah
[03:21:55] <e^ipi> that's what i mean :)
[03:21:55] <WebIRC47048> yeah that's a CRS
[03:21:57] <zardus> not that i'm aware of. anyone that's building a CRS for the finals is in competition for the prize moneys, so i guess most are hoarding their secrets
[03:22:26] <WebIRC47048> kinda makes me want to build shittyCRS that has everything but reasonable algorithms
[03:22:33] <zardus> the closest that i can think of is angr (https://github.com/angr/angr), which is one of the building blocks of our (Shellphish's) CRS
[03:22:34] <WebIRC47048> will help for finals anyway
[03:22:46] <e^ipi> WebIRC47048: that'd be super awesome.
[03:22:53] <e^ipi> I learned operating systems that way...
[03:22:57] <zardus> but angr is really a program analysis building block. there's a lot of other stuff that needs to go into a CRS
[03:23:28] <WebIRC47048> otoh I have other things on my list to build for finals
[03:23:31] <WebIRC47048> e^ipi: which team are you on?
[03:24:56] <ar1s> zardus: did you CRS find/solve Legit00004 ?
[03:25:07] <ar1s> *your
[03:25:08] <WebIRC47048> ar1s: you kidding?
[03:25:17] <e^ipi> WebIRC47048: one of the crappy ones. :P
[03:25:23] <WebIRC47048> I guess you could fuzz and find a correlation?
[03:25:29] <e^ipi> I was just more curious how it's done
[03:25:33] <zardus> ar1s: that'd be a trade secret right there ;-)
[03:25:39] <WebIRC47048> actually...
[03:25:41] <ar1s> zardus: :)
[03:26:04] <WebIRC47048> ar1s: after the fact I can definitely think of ways a CRS can solve that kind of leak
[03:26:28] <ar1s> being able to infer that the secret page is leaking into code paths would be very hard to do
[03:26:38] <ar1s> especially since I think that violates CGC rules
[03:27:33] <WebIRC47048> well...
[03:27:45] <WebIRC47048> I have a thing that would find that correlation
[03:28:05] <WebIRC47048> the problem I had with 00004 was you can't patch that reasonably
[03:28:15] <WebIRC47048> unless cgc rules are broken
[03:28:50] <ar1s> my patch would have been to change the adresses from secret page back to rodata
[03:28:55] <ar1s> and read pdf's instead
[03:29:30] <WebIRC47048> my theoretical patch was to change +1 to +8 or sth
[03:29:35] <WebIRC47048> so you don't get adjacent bytes
[03:29:42] <ar1s> but that's not a decision a machine could take
[03:30:11] <ar1s> hmm yes changing the +2 to +5 or so
[03:30:11] <WebIRC47048> honestly patching this would be harder than finding it with a machine
[03:30:34] <WebIRC47048> but yeah I think this still violates rules
[03:32:00] <jinmo123x> if binary can be completely analyzed than is it can be reconstructed?
[03:32:35] <ar1s> I haven't read a rule specifying secret page shouldn't been accessed by legit CB, but a rule specifying control flow can't depend on random values
[03:36:10] *** Quits: n2n (~6f5d97d2@111.93.151.210) (Client Quit)
[03:36:13] *** Joins: n2n (~6f5d97d2@111.93.151.210)
[03:41:07] *** Quits: n2n (~6f5d97d2@111.93.151.210) (Client Quit)
[03:43:54] *** Quits: dqi (~dqi@165-218-045-062.dynamic.caiway.nl) (Ping timeout: 252 seconds)
[03:44:37] *** Quits: jinmo123x (~a3980337@163.152.3.55) (Client Quit)
[03:50:33] *** Quits: tyega (~tyega@www19456ue.sakura.ne.jp) (Remote host closed the connection)
[03:52:44] *** Joins: tyega (~tyega@qf.net.ist.i.kyoto-u.ac.jp)
[03:52:45] *** Quits: tyega (~tyega@qf.net.ist.i.kyoto-u.ac.jp) (Remote host closed the connection)
[03:52:47] *** Joins: tyega (~tyega@qf.net.ist.i.kyoto-u.ac.jp)
[03:55:09] *** Joins: tyega_ (~tyega@www19456ue.sakura.ne.jp)
[03:55:37] *** Joins: b3h3m0th (uid26288@2604:8300:100:200b:6667:2:0:66b0)
[03:55:56] <b3h3m0th> When can we expect scoreboard to be up ?
[03:56:52] *** Joins: Dor1s (~Dor1s@66.102.14.132)
[03:57:06] *** Quits: tyega (~tyega@qf.net.ist.i.kyoto-u.ac.jp) (Ping timeout: 252 seconds)
[04:01:25] *** Quits: Dor1s (~Dor1s@66.102.14.132) (Ping timeout: 252 seconds)
[04:02:03] <espes__> time sink was such a time sink
[04:02:31] <espes__> didn't really have a dx11 computer so spent most of the contest doing it statically -_-
[04:03:35] <espes__> https://gist.github.com/espes/7477523e65b0f2619620d7f2c2fd4fbc/
[04:04:41] <factoreal> hi all
[04:04:48] <factoreal> where I can see full scoreboard?
[04:05:13] <factoreal> it seems that site id down, right?
[04:11:18] <b3h3m0th> factoreal: yeah, it's been down since a few minutes after contest ended.
[04:16:30] *** Quits: lefu (~2e8c48ca@46.140.72.202) (Client Quit)
[04:16:50] *** Joins: Dor1s (~Dor1s@66.102.14.132)
[04:18:42] *** Joins: lefu (~2e8c48ca@46.140.72.202)
[04:20:41] *** Quits: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net) (Client Quit)
[04:21:13] *** Quits: Dor1s (~Dor1s@66.102.14.132) (Ping timeout: 252 seconds)
[04:21:24] *** Joins: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net)
[04:32:44] *** Joins: t1deman (~t1deman@173-21-155-204.client.mchsi.com)
[04:36:02] <b3h3m0th> ops around ?
[04:36:19] *** Joins: Jetski (~3ed4498d@62.212.73.141)
[04:36:34] <Jetski> yo
[04:37:04] *** Quits: t1deman (~t1deman@173-21-155-204.client.mchsi.com) (Ping timeout: 252 seconds)
[04:37:04] <b3h3m0th> are you op ?
[04:37:18] <Jetski> na
[04:39:49] *** Quits: warl0ck (~640f0822@pool-100-15-8-34.washdc.fios.verizon.net) (Quit: Hackint WebIRC - http://hackint.org/)
[04:41:05] <b3h3m0th> http://webcache.googleusercontent.com/search?q=cache:2016.legitbs.net/scoreboard/complete
[04:41:13] <b3h3m0th> factoreal: ^
[04:43:12] *** Quits: Ninn (~rekt@85.204.132.144.ip4.gigabit.dk) (Client Quit)
[04:44:12] *** Quits: Jetski (~3ed4498d@62.212.73.141) (Client Quit)
[04:51:57] <laxa> vito, hoju, Gynvael: there is a typo in your blog wrapup
[04:52:04] <laxa> gh link is broken
[04:52:28] *** Quits: tyega_ (~tyega@www19456ue.sakura.ne.jp) (Ping timeout: 252 seconds)
[05:01:26] *** Joins: shivanshu (~admin@202.3.77.204)
[05:04:52] *** Quits: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net) (Client Quit)
[05:09:42] *** Joins: lenerd_ (~lenerd@port-8828.pppoe.wtnet.de)
[05:15:54] *** Quits: win (~win@warriorhouse.net) (Ping timeout: 240 seconds)
[05:20:37] *** Quits: lenerd_ (~lenerd@port-8828.pppoe.wtnet.de) (Ping timeout: 252 seconds)
[05:21:30] *** Joins: csec (~csec@84-73-203-60.dclient.hispeed.ch)
[05:24:19] *** Quits: kkk (~kkkk@202.120.39.99) (Client Quit)
[05:25:46] *** Quits: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net) (Client Quit)
[05:25:49] *** Joins: Ninn (~rekt@130.225.98.198)
[05:25:52] *** Quits: csec (~csec@84-73-203-60.dclient.hispeed.ch) (Client Quit)
[05:26:21] *** Joins: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net)
[05:34:38] *** Parts: dtouch3d (~dtouch3d@snf-655592.vm.okeanos.grnet.gr) ()
[05:35:31] *** Joins: tyega (~tyega@qf.net.ist.i.kyoto-u.ac.jp)
[05:35:49] *** Joins: lenerd (~lenerd@port-8828.pppoe.wtnet.de)
[05:40:30] *** Quits: lenerd (~lenerd@port-8828.pppoe.wtnet.de) (Ping timeout: 252 seconds)
[05:43:04] *** Quits: tyega (~tyega@qf.net.ist.i.kyoto-u.ac.jp) (Ping timeout: 252 seconds)
[05:43:21] *** Quits: RJHacker18134 (~Oshino@ns3019004.ip-91-121-64.eu) ()
[05:44:23] *** Joins: Oshino (~Oshino@ns3019004.ip-91-121-64.eu)
[05:44:33] *** Oshino is now known as RJHacker77684
[05:47:59] *** Parts: mourn (~johndoe@62-210-69-147.rev.poneytelecom.eu) ()
[06:04:14] *** Joins: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net)
[06:05:39] *** Quits: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net) (Client Quit)
[06:05:43] *** Joins: Dor1s (~Dor1s@66.102.14.132)
[06:10:52] *** Quits: Dor1s (~Dor1s@66.102.14.132) (Client Quit)
[06:16:56] *** Quits: WebIRC35378 (~9a05ae4f@d154-5-174-79.bchsia.telus.net) (Client Quit)
[06:27:58] *** Quits: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net) (Client Quit)
[06:28:20] *** Joins: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net)
[06:29:27] *** Joins: lenerd_ (~lenerd@uhh-wlan-fo-134-100-17-115.rrz.uni-hamburg.de)
[06:32:34] *** Quits: [SpamAndHex]AKG (~akg@acskurucz.sch.bme.hu) (Ping timeout: 252 seconds)
[06:33:47] *** Joins: zzoru (~zzoru@110.35.38.115)
[06:34:38] *** Joins: t1deman (~t1deman@173-21-155-204.client.mchsi.com)
[06:37:48] *** Joins: mourn (~johndoe@62-210-69-147.rev.poneytelecom.eu)
[06:38:07] <mourn> https://github.com/legitbs/quals-2016/blob/master/badger/lzssvw.c#L28
[06:38:18] <mourn> how is this a fix when it still overflows by 800 bytes
[06:38:21] <mourn> ?
[06:39:24] *** Quits: zzoru (~zzoru@110.35.38.115) (Ping timeout: 240 seconds)
[06:39:54] *** Quits: t1deman (~t1deman@173-21-155-204.client.mchsi.com) (Ping timeout: 240 seconds)
[06:42:12] *** Parts: frienz (~illblew@2001:19f0:300:602c:5400:ff:fe1c:280) (WeeChat 1.3)
[06:46:49] *** Quits: JoyRe (anon1@gateway/tor-unverified) (Ping timeout: 134 seconds)
[06:47:35] *** Joins: win (~win@warriorhouse.net)
[06:52:35] *** Joins: yanewbie (~31a5cb56@49.165.203.86)
[06:52:35] <gynophage> ar1s: if the magic page is accessible by the CB under benign code paths, it makes it impossible to patch (assuming the poller depends on this - CGC pollers have access to magic page data). And that makes for lame stuff.
[06:52:51] <ar1s> https://github.com/legitbs/quals-2016/blob/master/legit_00004/poller/for-release/machine.py#L51 we were lucky that legitbs' exploit wasn't working and the patch was automatically accepted
[06:53:38] <ar1s> gynophage: funny I was right browsing that code
[06:53:48] <ar1s> *currently
[06:54:10] <ar1s> sorry not exploit, "pov"
[06:54:25] <gynophage> Whatever. Exploit.
[06:54:33] <gynophage> I'm not DARPA. I do what I want.
[06:55:42] <gynophage> I don't have to pretend any of this is defensive. Title authority and all that shit aren't in play. And some neckbeard from the ACLU isn't going to cry about my game.
[06:56:10] <ar1s> the solution would be to randomly change the behavior of the CG (bitflips ?) while hopping it would pass test but stop the pov from working
[06:56:48] <gynophage> "Hope" makes for a shitty and subjective game.
[06:57:33] <gynophage> We shouldn't have anything unpatchable in finals.
[06:58:11] <ar1s> French people call that the "Jean-Claude Dusse method" in reference to a famous French movie. "Forget it's hopeless and go ahead, it might work on a misunderstanding"
[06:58:25] <gynophage> Well, patching makes you lose SLA.
[06:58:58] <ar1s> yes, not familiar with the undisclosed DCCTF rules yet :)
[06:59:27] *** Joins: lolz (~7cf8ddba@124.248.221.186)
[06:59:44] <yanewbie> how the time_sink chal was come? it just has a single patch file
[07:00:46] <gynophage> We'll make it clear. It makes sense. There's no ASLR in DECREE. The "downtime on patch" rules keeps teams from releasing a new path every round with a different base address, and then suddenly ASLR.
[07:02:19] <ar1s> I had some thoughts about how to restrict the kind of patches teams could use, an idea I had was to restrict w/ a maximum hamming weight between orig & patched
[07:02:40] <ar1s> so rebasing and weird sandboxing tricks are out of the question
[07:03:20] <mourn> dc ctf will be exclusively cgc then ?
[07:03:27] <ar1s> mourn: yes
[07:03:41] <yanewbie> all chall for decree vm??
[07:04:16] <yanewbie> ah, so cgc finalists will compete together?
[07:05:04] *** Joins: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net)
[07:06:16] <[SpamAndHex]NGG> will it be attack-defense style cgc, so everyone has to patch the binaries on their own vm and get the flags from others every few minutes? or will it be like cgc pov tasks in this qual?
[07:07:01] *** Quits: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net) (Client Quit)
[07:07:31] <gynophage> ar1s: that seems to be the case. CGC is diminished a bit in what you can do, but that theoretically keeps voodoo super man defenses out.
[07:08:37] <gynophage> [SpamAndHex]NGG: somewhere between the two. You'll submit RBs, and POVs. But you won't have a box to be a janitor of.
[07:08:56] *** Joins: zirolkisho (node1@hackint/user/zirolkisho)
[07:10:23] <gynophage> And you'll get all other teams RBs. So if they patch in a shitty way, you'll still be able to provide a pov.
[07:11:20] *** Joins: Dor1s (~Dor1s@66.102.14.132)
[07:11:30] *** [SpamAndSex]_2can is now known as _2can
[07:11:33] <[SpamAndHex]NGG> so if i upload a new RB all existing POVs will be tested against it? and vice-versa?
[07:11:47] <gynophage> I think?
[07:12:10] <gynophage> I forget if teams say who they want to throw their pov against. I think they do?
[07:12:11] <ar1s> and you get a tweet when your pov aren't working anymore
[07:12:39] <[SpamAndHex]NGG> If I receive other teams' RBs then why can't I simply submit it as well?
[07:14:14] *** Joins: [SpamAndHex]AKG (~akg@catv-80-98-110-63.catv.broadband.hu)
[07:14:15] <mourn> i think you apply patch to you vm and attack others
[07:14:48] <gynophage> I really like the sharing of patches. If LBS hosts another year, we'll probably include that into our normal style game.
[07:15:26] <mourn> you plan on continuing with cgc for next year ?
[07:15:59] <[SpamAndHex]NGG> But then if the first team patches his binary then all the other teams will just copy that patch, won't they?
[07:17:24] *** Quits: Dor1s (~Dor1s@66.102.14.132) (Ping timeout: 240 seconds)
[07:17:36] *** Joins: tyega (~tyega@219-75-140-18f2.kns1.eonet.ne.jp)
[07:17:46] <[SpamAndHex]NGG> Assuming I have an exploit then I should not patch my own vm because then my exploit will be worthless. I don't really understand how can it work
[07:18:29] <gynophage> [SpamAndHex]NGG: nothing mechanically prevents what you've suggested. I can think of many reasons why doing so wouldn't be wise. This is left as an exercise to the reader.
[07:18:31] <mourn> the only winning move is not to play
[07:19:14] <[SpamAndHex]NGG> ok, thx for the info
[07:19:16] *** Joins: dqi (~dqi@176-187.wlan-int.ru.nl)
[07:29:02] <[SpamAndHex]NGG> There will be packed, obfuscated patches with hidden backdoors :) I love it already :)
[07:32:24] *** Quits: dqi (~dqi@176-187.wlan-int.ru.nl) (Ping timeout: 240 seconds)
[07:32:43] <ar1s> change all instructions with synonyms to increase the binary difference ratio
[07:47:49] <Kokjo> Does anyone have a writeup of kiss?
[07:52:03] <ar1s> haven't seen one
[07:52:31] <ar1s> there were two tricks after you get control of rip
[07:53:09] <ar1s> notice that binbase ld.so base and libc.so base delta are constant on ubuntu 14.04
[07:54:19] <ar1s> there's a useful mov rsp, xxx gadget in ldsobase + 0x1698B, from there it's a simple rop
[08:01:41] *** Quits: yanewbie (~31a5cb56@49.165.203.86) (Client Quit)
[08:03:02] *** Joins: tyega_ (~tyega@www19456ue.sakura.ne.jp)
[08:04:01] <c3> ar1s: i wonder if anyone solved it without ld.so
[08:04:53] *** Quits: tyega (~tyega@219-75-140-18f2.kns1.eonet.ne.jp) (Ping timeout: 252 seconds)
[08:05:29] <ar1s> at some point we contemplated trying every accessible .text address and watch for interesting results, but no tool for it (and dirty!)
[08:05:53] *** Joins: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net)
[08:07:00] <c3> i was thinking about using JOP, and i had a few good gadgets for setting rdi, but always dependet on rax (which i couldn't set)
[08:07:49] *** Quits: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net) (Client Quit)
[08:16:51] *** Joins: dqi (~dqi@176-187.wlan-int.ru.nl)
[08:20:18] <Ymgve> gynophage: won't sharing patched binaries mean everyone just copies the first patch they find?
[08:21:27] <gynophage> Ymgve: lol
[08:21:50] <gynophage> Totally_patched_binary.exe
[08:23:07] <ar1s> emmawatsonnude.jgp.exe
[08:23:30] <Ymgve> how will attack discovery work btw? do we get logs of the "network traffic" or access to other teams POVs?
[08:23:44] <Ymgve> or will it just be "your shit's pwned. fix it."
[08:24:43] *** Quits: tyega_ (~tyega@www19456ue.sakura.ne.jp) (Remote host closed the connection)
[08:27:12] *** Joins: Dor1s (~Dor1s@66.102.14.132)
[08:29:28] <ar1s> I looked for a way for cb-test, cb-server and others to generate a traffic trace, didn't find anything
[08:30:56] *** Quits: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net) (Client Quit)
[08:31:14] *** Joins: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net)
[08:31:24] *** Quits: Dor1s (~Dor1s@66.102.14.132) (Ping timeout: 240 seconds)
[08:35:19] *** Quits: dqi (~dqi@176-187.wlan-int.ru.nl) (Ping timeout: 252 seconds)
[08:37:27] *** Joins: t1deman (~t1deman@173-21-155-204.client.mchsi.com)
[08:40:18] <gynophage> ar1s --pcap option exists on one of those tools
[08:41:03] <ar1s> should have searched better. I rolled back to printf debugging
[08:41:08] <gynophage> There's some network trace made available that's not exactly pcap. I have a feeling we'll throw that data into a pcap with faked source/dest info
[08:41:48] <gynophage> While also providing the same data stream from CFE (we have to do that second part or the machine will be blind)
[08:41:55] *** Quits: t1deman (~t1deman@173-21-155-204.client.mchsi.com) (Ping timeout: 252 seconds)
[08:43:30] *** Joins: L0rdComm4ander (~Adium@2001:690:2100:1b:2978:ae6e:bef5:27b7)
[08:47:09] *** Joins: tyega (~tyega@www19456ue.sakura.ne.jp)
[08:48:43] *** Quits: whatitdo (~whatitdo@bzq-21-168-31-5.red.bezeqint.net) (Client Quit)
[08:50:14] <Ymgve> I guess we'll just steal the unobfuscated patches
[08:52:14] *** Quits: tyega (~tyega@www19456ue.sakura.ne.jp) (Remote host closed the connection)
[08:53:26] *** Joins: tyega (~tyega@www19456ue.sakura.ne.jp)
[08:53:44] *** Quits: lenerd_ (~lenerd@uhh-wlan-fo-134-100-17-115.rrz.uni-hamburg.de) (Ping timeout: 252 seconds)
[08:55:34] *** Quits: tyega (~tyega@www19456ue.sakura.ne.jp) (Remote host closed the connection)
[08:56:46] *** Joins: tyega (~tyega@www19456ue.sakura.ne.jp)
[09:01:38] <bmc> gynophage: you can read it with wireshark!
[09:01:49] *** Quits: lcwntq (~lcwntq@192.95.u.lmu) (Remote host closed the connection)
[09:01:50] *** Joins: dqi (~dqi@176-187.wlan-int.ru.nl)
[09:01:57] <bmc> There is a released wireshark plugin, as the protocol is pretty trivial
[09:03:38] *** Quits: [SpamAndHex]AKG (~akg@catv-80-98-110-63.catv.broadband.hu) (Ping timeout: 252 seconds)
[09:06:29] *** Joins: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net)
[09:07:08] *** Quits: [SpamAndHex]NGG (~c338a952@195.56.169.82) (Client Quit)
[09:07:33] *** Joins: [SpamAndHex]NGG (~c338a952@195.56.169.82)
[09:08:20] <[SpamAndHex]NGG> obfuscated patches can have backdoors in them, the author of the patch will still be able to exploit if you steal that
[09:08:24] *** Quits: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net) (Client Quit)
[09:09:49] *** Joins: err0r_ (~err0r@dyn.83-228-236-240.dsl.vtx.ch)
[09:09:59] <ar1s> they'll also be very easy to spot, but I want to see someone falling for it
[09:10:17] <Ymgve> the backdoor or the obfuscation?
[09:10:38] <[SpamAndHex]NGG> the backdoor won't be easily spottable if the whole binary is packed and obfuscated
[09:11:54] *** Quits: err0r (~err0r@dyn.144-85-128-217.dsl.vtx.ch) (Ping timeout: 240 seconds)
[09:12:50] *** Quits: tyega (~tyega@www19456ue.sakura.ne.jp) (Remote host closed the connection)
[09:21:09] *** Joins: tyega (~tyega@www19456ue.sakura.ne.jp)
[09:24:55] *** Quits: uafio (~asd@99-135-24-215.lightspeed.miamfl.sbcglobal.net) (Quit: Leaving.)
[09:25:58] *** Quits: tyega (~tyega@www19456ue.sakura.ne.jp) (Remote host closed the connection)
[09:29:10] *** Joins: WebIRC87118 (~439e2ac1@67.158.42.193)
[09:32:10] *** Quits: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net) (Client Quit)
[09:32:40] *** Joins: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net)
[09:33:24] *** Quits: Ninn (~rekt@130.225.98.198) (Ping timeout: 240 seconds)
[09:35:02] *** Joins: Ninn (~rekt@213.83.153.57)
[09:38:26] *** Quits: WebIRC87118 (~439e2ac1@67.158.42.193) (Client Quit)
[09:45:54] *** Quits: jay (~d1425044@209.66.80.68) (Quit: Hackint WebIRC - http://hackint.org/)
[09:49:06] *** Quits: dqi (~dqi@176-187.wlan-int.ru.nl) (Ping timeout: 252 seconds)
[09:50:02] *** Quits: breadsticks (~breadstic@64.184.102.169) (Client Quit)
[09:56:26] *** Quits: win (~win@warriorhouse.net) (Ping timeout: 252 seconds)
[10:07:18] *** Joins: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net)
[10:07:39] *** Joins: tyega (~tyega@219-75-140-18f2.kns1.eonet.ne.jp)
[10:08:52] *** Quits: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net) (Client Quit)
[10:10:22] *** Joins: qwe0asd (~asd@23.79.237.14)
[10:12:07] *** Quits: tyega (~tyega@219-75-140-18f2.kns1.eonet.ne.jp) (Ping timeout: 252 seconds)
[10:15:17] *** Joins: Dor1s (~Dor1s@66.102.14.132)
[10:15:29] *** Quits: Ninn (~rekt@213.83.153.57) (Read error: Connection reset by peer)
[10:18:50] *** Joins: Ninn (~rekt@213.83.153.57)
[10:19:24] *** Quits: Dor1s (~Dor1s@66.102.14.132) (Ping timeout: 240 seconds)
[10:24:28] *** Joins: [SpamAndHex]AKG (~akg@acskurucz.sch.bme.hu)
[10:29:52] *** Joins: dqi (~dqi@176-187.wlan-int.ru.nl)
[10:32:44] *** Quits: Ninn (~rekt@213.83.153.57) (Read error: Connection reset by peer)
[10:33:54] *** Quits: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net) (Client Quit)
[10:34:08] *** Joins: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net)
[10:35:18] *** Quits: dqi (~dqi@176-187.wlan-int.ru.nl) (Ping timeout: 252 seconds)
[10:39:17] *** Joins: t1deman (~t1deman@173-21-155-204.client.mchsi.com)
[10:39:28] *** Joins: Ninn (~rekt@130.225.98.198)
[10:42:24] *** Joins: JoyRe (anon1@gateway/tor-unverified)
[10:43:44] *** Quits: Ninn (~rekt@130.225.98.198) (Ping timeout: 252 seconds)
[10:43:44] *** Quits: t1deman (~t1deman@173-21-155-204.client.mchsi.com) (Ping timeout: 252 seconds)
[10:44:26] *** Quits: b3h3m0th (uid26288@2604:8300:100:200b:6667:2:0:66b0) (Client Quit)
[10:46:05] *** Quits: WebIRC68682 (~caef44e3@st0035.nas811.p-kyoto.nttpc.ne.jp) (Client Quit)
[10:48:40] *** Joins: dvx (~dvx@dyn.144-85-230-014.dsl.vtx.ch)
[10:53:02] <qwe0asd> any writeups for kiss ?
[10:53:07] *** qwe0asd is now known as uafio
[10:57:14] *** Quits: zirolkisho (node1@hackint/user/zirolkisho) (Remote host closed the connection)
[10:57:52] *** Joins: lenerd (~lenerd@uhh-wlan-fo-134-100-17-115.rrz.uni-hamburg.de)
[11:06:04] *** Joins: win (~win@warriorhouse.net)
[11:07:59] *** Joins: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net)
[11:11:33] *** Quits: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net) (Client Quit)
[11:21:11] *** Joins: Dor1s (~Dor1s@66.102.14.132)
[11:24:35] <[SpamAndHex]AKG> any news when to expect the list of qualified teams?
[11:32:53] *** Quits: Dor1s (~Dor1s@66.102.14.132) (Client Quit)
[11:34:46] *** Joins: dqi (~dqi@176-187.wlan-int.ru.nl)
[11:35:21] *** Quits: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net) (Client Quit)
[11:35:35] *** Joins: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net)
[11:38:38] *** Joins: aradia (~aradia@ws161-104.wireless.dynamic.msstate.edu)
[11:39:01] *** Quits: dqi (~dqi@176-187.wlan-int.ru.nl) (Ping timeout: 252 seconds)
[11:40:15] *** Joins: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net)
[11:43:51] <P1kachu> They tweeted something about this (some wrapup post)
[11:50:00] *** Quits: dvx (~dvx@dyn.144-85-230-014.dsl.vtx.ch) (Client Quit)
[11:52:51] *** Joins: WebIRC35378 (~9a05ae4f@d154-5-174-79.bchsia.telus.net)
[11:56:57] <fester> https://blog.legitbs.net/
[12:03:35] <gynophage> bmc - didn't know about the wire shark plugin. Thanks.
[12:03:40] *** Quits: lenerd (~lenerd@uhh-wlan-fo-134-100-17-115.rrz.uni-hamburg.de) (Ping timeout: 252 seconds)
[12:04:40] *** Quits: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net) (Client Quit)
[12:04:40] *** Quits: lefu (~2e8c48ca@46.140.72.202) (Client Quit)
[12:16:05] *** Quits: L0rdComm4ander (~Adium@2001:690:2100:1b:2978:ae6e:bef5:27b7) (Client Quit)
[12:20:05] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[12:21:46] <bmc> https://github.com/CyberGrandChallenge/network-appliance/blob/master/extra/cgc.lua
[12:29:31] *** Joins: zzoru (~zzoru@110.35.38.115)
[12:33:56] *** Quits: aradia (~aradia@ws161-104.wireless.dynamic.msstate.edu) (Remote host closed the connection)
[12:36:33] *** Quits: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net) (Client Quit)
[12:37:12] *** Joins: bool101 (~47c20173@c-71-194-1-115.hsd1.in.comcast.net)
[12:37:50] *** Joins: aradia (~aradia@ws161-104.wireless.dynamic.msstate.edu)
[12:41:07] *** Joins: t1deman (~t1deman@173-21-155-204.client.mchsi.com)
[12:43:11] *** Quits: zzoru (~zzoru@110.35.38.115) (Ping timeout: 252 seconds)
[12:44:02] *** Joins: lefu (~55da5fd6@85.218.95.214)
[12:46:34] *** Quits: t1deman (~t1deman@173-21-155-204.client.mchsi.com) (Ping timeout: 252 seconds)
[12:46:57] *** Joins: c3 (~c3@2a03:ff40:dcbe:ab11::6)
[12:52:17] *** Quits: lefu (~55da5fd6@85.218.95.214) (Client Quit)
[12:55:01] *** Joins: rjenish (rjenish@bitcoinshell.mooo.com)
[13:03:44] *** Joins: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net)
[13:05:21] *** Quits: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net) (Client Quit)
[13:06:05] <gynophage> If only there were a centralized dump of all this info...
[13:07:18] *** Quits: timpwn (anon1@gateway/tor-unverified) (Ping timeout: 134 seconds)
[13:08:51] *** Joins: timpwn (anon1@gateway/tor-unverified)
[13:09:52] *** Quits: WebIRC76102 (~43a157db@c-67-161-87-219.hsd1.wa.comcast.net) (Client Quit)
[13:22:51] *** Joins: L0rdComm4ander (~Adium@2001:690:2100:19:d9ff:1c64:5cd3:c67e)
[13:23:22] *** Joins: ripr4p (sid156184@hackint/user/ripr4p)
[13:23:30] *** Joins: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net)
[13:24:54] *** Quits: WebIRC47048 (~18823cdb@c-24-130-60-219.hsd1.ca.comcast.net) (Client Quit)
[13:26:03] *** Joins: nnqufq (~nnqufq@192.95.8.162)
[13:27:10] *** Joins: Dor1s (~Dor1s@p4FD62138.dip0.t-ipconnect.de)
[13:28:33] <WebIRC35378> Is there a chat log archive for this channel?
[13:31:35] *** Quits: Dor1s (~Dor1s@p4FD62138.dip0.t-ipconnect.de) (Ping timeout: 252 seconds)
[13:32:46] *** Quits: shivanshu (~admin@202.3.77.204) (Ping timeout: 252 seconds)
[13:37:27] *** Quits: c3 (~c3@2a03:ff40:dcbe:ab11::6) (Ping timeout: 252 seconds)
[13:37:40] <[SpamAndHex]AKG> P1kachu, nothing about the qulified team's list
[13:40:41] <P1kachu> Oh my bad
[13:40:54] <P1kachu> Wait, may have something else
[13:43:04] <P1kachu> [SpamAndHex]AKG: https://twitter.com/_antonio_bc_/status/734550540965707776
[13:43:11] <P1kachu> Not official but quite accurate
[13:46:31] *** Joins: Ninn (~rekt@85.204.132.144.ip4.gigabit.dk)
[13:48:40] <[SpamAndHex]AKG> we know the results, but we still remain a question
[13:50:32] <[SpamAndHex]AKG> PPP is prequalified, and blue-lotus is prequalified (who played in blo0p = blue-lotus + 0ops) but regarding this we don't know wether we should count with blo0p or not
[13:50:39] <[SpamAndHex]AKG> P1kachu, ^
[13:50:39] *** Quits: aradia (~aradia@ws161-104.wireless.dynamic.msstate.edu) (Remote host closed the connection)
[13:51:31] <mserrano> we're not prequalified
[13:51:34] <mserrano> we qualified through these quals
[13:53:21] *** Joins: lenerd (~lenerd@rzrobo2.informatik.uni-hamburg.de)
[13:53:44] <ar1s> Defktor was prequalified
[13:54:22] <[SpamAndHex]AKG> mserrano, are you in blo0p?
[13:55:57] <[SpamAndHex]AKG> mserrano, sorry i fucked up DEFKOR instead of PP
[13:55:59] <[SpamAndHex]AKG> *PPP
[13:59:42] <nwx> WebIRC35378: did you want logs?
[14:01:12] <WebIRC35378> Yeah :)
[14:01:17] <nwx> 1 sec
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment