HACKvent 2022 Write-up

Featured

Posted on by
Reply

Welcome to my HACKvent CTF competition write-up! I was fortunate enough to participate in this annual event for the seventh year. Each day in the lead-up to Christmas, a new cybersecurity challenge was released, testing my technical skills, problem-solving abilities, and time management as the challenges got progressively harder. Total points were only awarded to those who could solve the challenges within 24 hours – the last three challenges in the category “leet” within 48 hours.

I am thrilled to share that I solved 24 of the 25 challenges and 23 within the requested time frame this year, earning most of the points available. I completely skipped the challenge on day 24, as after 30 hours, nobody solved it, and I had yet to start with it. It was too much effort to tackle during the busy holiday season.

I want to extend a big thank you to all of the challenge authors, Compass Security, and especially Kuyaya, for his hard work in organizing this event and involving the participants in the decision-making process. I also want to thank my family and friends for their patience and understanding during the competition. I am excited to share my journey through this year’s competition with you, and I hope you enjoy reading my write-ups and learning from my experience.

When writing this blog post, I was first in the ranking as I was the only one who had solved the surprise challenge of day 25 till then.

Ranking, the 25th of December 20:00

Of course, this changed until the end of the competition, as other participants solved all the challenges in time. In the final ranking on the 31st of December 2022, I ended up in place #14.

Ranking, the 31st of December 23:59
Continue reading

HACKvent 2021 Write-up

Posted on by
Reply

Hackvent 2021 is over!
Once again, this year’s Hackvent was terrific – even though it was uncertain until the start whether it would take place at all. Eventually, the event was a traditional, full-blown Hackvent! Thanks to all challenge contributors who made this possible. I especially loved both Blockchain challenges, the binary exploitation on day 14, and the reverse engineering challenge on day 22. Less pleasant was the fact that some challenges were very resource-intensive this year. Some challenges took several hours of computing time on my laptop.
This year I did manage to complete all the challenges. Unfortunately, not all of them within 24 hours to get the total score. I submitted the flag for three challenges late (day 10, 17, and 19). And like every year, I liked the discussions around the CTF very much. Shouts to ice, jokker, ludus, DrSchottky, and all other participants.

https://ranking.competition.hacking-lab.com/
Continue reading

HACKvent 2020 write-up

Posted on by
Reply

What a blast!

I couldn’t wait for HACKvent to happen. The closer December came, the more excited I became. This year, HACKvent was the only CTF I participated in. There were so many things going on that I didn’t have the time and energy to participate in other CTFs in 2020.

All the sleepless nights were worth it. I managed to solve all challenges in time and finish HACKvent the third time in a row as one of the event’s perfect scorers. I ended up in 10th place in the official ranking, whereas the first 27th hackers got a perfect score. After participating at HACKvent for 5 years, I still don’t understand how the official ranking works, though. 😀

https://ranking.competition.hacking-lab.com/

According to an unofficial ranking, which sorts by the accumulated time of all submitted solutions I am on the 14th place among all perfect scorers. With more than 12 days delay to the fastest hacker.

https://hackvent-stats.herokuapp.com/

Thanks to my family for being able to handle my insomnia and my stress-level during this month. Thanks to ludus, jokker, multifred, marsh, veganjay, DrSchottky, explo1t, mtdcr, darkstar, and atwolf0, for all the good discussions. And thanks to Compass Security and all contributors for making HACKvent possible again.

Continue reading

HACKvent 2019 write-up

Posted on by
Reply

HACKvent… Initially, I didn’t want to participate at all – or at least not go all in and solve every challenge in time. I started solving the first ones and as the challenges became harder and of course more interesting I got more and more hooked. In the end I did solve them all, and in time.

A big part of the CTF are interactions and discussions with other participants. Thanks and shouts to ludus, jokker, 0xI, multifred, veganjay and others for the good discussions, support and motivation!

This year the event ran on the brand new Hacking Lab 2.0. There are still some minor issues, like the responsive design which can be optimized. The session timeout was a bit short for my taste, but hey Security! 😄 Issues which occurred with some challenges were not Hacking Lab 2.0 related. All in all I got a very good impression of the new HL.

I will never understand how the ranking works in Hacking-Lab. There were three different rankings (the one in the registered event, a public one and a statistics page) and all three seemed to have a different ordering. 😅 Two of the rankings are shown in the print-screens below. The black & green statistics page is probably the most accurate one. At least with the diff in minutes to the fastest perfect scorer the ranking looks about right.

I am very happy to have finished HACKvent as perfect scorer!

https://ranking.academy.hacking-lab.com/
Continue reading

HACKvent 2018 write-up

Posted on by
18

Like every year, Christmas time means hacking time! I started the HACKvent journey in 2016 and it already became some sort of tradition. As usual I invested a lot and it was a very stressful time. I would like to thank my family and friends for the patience and the support they brought up. Especially to my wife! 🙂

I also want to thank all of you who participated in discussions and helped finding solutions. It is always a great pleasure to talk to you guys! Big shouts to
otaku, pjslf, veganjay, ludus, rfz, jokker, 0xI, 0x90v1! I hope I didn’t forget anyone!!7

HACKvent was great like every year and I would also like to thank Compass Security for organizing it! There were some hick-ups this year and I preferred the 2017 edition most so far. The difficulty was not as hard as last year and the variety and content of the challenges was better in 2017. I also think ten teaser challenges, some of them really hard, which counted to the main score was too much.

And then there was muffinCTF! I love the idea behind it and when it was finally working it was definitely an amazing part of HACKvent. The implementation was not very stable and it didn’t seem finished when it was launched though. MuffinCTF got postponed from day 16 to day 22 and then still buggy. I (We?) lost a lot of time because of this. I understand providing challenges for HACKvent is voluntary and takes a lot of time, probably next to another day job. Thanks for all the effort muffinx! The attack-defense CTF was great but with a bit more testing and maybe support from others, this challenge could have been so much more. Maybe this should be a new, separate hacking-lab event? Yearly summer Attack-Defense CTF FTW!

Lets get to the scoreboard: With all the support I mentioned in the beginning I managed to finish this year as perfect solver! 🙂

Continue reading

HACKvent 2017 write-up

Posted on by
31

Like every year before Christmas the HACKvent is on! It is a Jeopardy CTF competition in the style of an advent calendar. Every day at 00:00 a new challenge is released. It starts with easy ones and then becomes harder and harder. If you solve a challenge before the next one is released, you’ll get full points. Oh boy, the last couple of days were stressful…
Unfortunately I lost 1 point because I wasn’t able to submit the tamagotchi challenge on time. It was even more frustrating when I’ve found out, that it didn’t work because of a copy/paste error.
Nevertheless, I am very happy with the result as I still managed to finish on the 8th place! 🙂
Continue reading

HackyEaster 2017 write-up

Posted on by
Reply

Easter 2017 – means new HackyEaster challenges are online. The challenges were easier than the ones on Hackvent 2016. For HackyEaster all challenges are released at once and it does not matter in what time-frame the challenges are solved, this makes the CTF much less stressful than Hackvent. I solved my last challenge on April 16th at 01:24 AM and completed the CTF after eleven others did before me. Here is a screenshot of the ranking at the time I finished the last challenge.

After the competition ended in total 53 hackers solved all challenges and got the full points.
Continue reading

HACKvent 2016 write-up

Posted on by
4

Update 06.01.2017: Added the challenge descriptions. Thanks to khr0x40sh!
HACKvent is a CTF competition provided by Hacking-Lab.com. During advent time every day a new challenge is released. The challenges get harder every day and full points are only given if they get solved within the same day.
I solved all challenges except the last one, but not always the same day though. I had no more time and strength to solve the last one on Christmas. The CTF was a lot of fun but very stressful next to my job.
I ended on rank #23.
Ranking CTF Hackvent Continue reading

Auto brightness on stock Android (ICS or earlier)

Posted on by
9

Recently I stumbled across Androids auto brightness feature/bug. On all Android phones I ever possessed, the auto brightness was working as expected. When you enter a brighter area the display gets brighter. Returning back to a darker zone the display gets dimmed. On my own AOSP(Android Open Source Project)-build my phone display never got dimmed. When a certain brightness level was reached the display stayed on this level, even if I covered the light sensor. The brightness remained so until the phone got locked and/or the phone display went off. I tested this behavior on three Google phones: Nexus One, Nexus S and on the Galaxy Nexus. On other phones I could not reproduce this. All phones I’ve tested were on their original software. The fact detecting this on Google phones (AOSP builds) but not on others tells me that many phone providers (e.g. Samsung) are not happy with it and changed this behavior by themselves. Continue reading