PACTF 2016 - Reflections

4 minute read

By the time anybody is reading this, we should have finalized both DQs and prizes for PACTF 2016. If I said I thought everything went 100% as I wanted it to, I’d be lying, but I’m overall pretty happy with how things went.

The first thing I have to mention is how amazing it is to open the admin panel and see 1600 registered users and 1000 registered teams. When we gave our speech to the gathered members of the Abbot Academy Association (AAA), we mentioned that similar competitions had numbers close to this, but only after a year or two of running with a reputation built up. “We’d be thrilled to get half that many,” we said, predicting about 500 teams and 1000 users. By our guess (after filtering out the various dummy accounts we found and extrapolating a few more), we still got about 50% more participation than I’d ever dreamed of.

CTFery

Writing the problems for this competition was by far the most fun part of this process, at least for me. Cryptography especially - you’d be surprised how much people were overthinking some of the problems (the square problem especially). The binary round was a little weirder; as a procrastinating high school student I predictably had not finished writing the code for the majority of my problems until the Saturday before Round 2 launched. That and I still had no idea how nc worked on the server-side (I ultimately ended up writing a python script to serve it on the port for me) so that was a fun last 3/4 hour rush to launch. I was almost completely uninvolved with the web round (I wrote the SQL problems but they were pretty much copy-pasted from other CTFs and the internet), but Tony was a real workhorse and pulled it together.

I’m with several of the competitors in that having themed rounds really doesn’t work that well. Regex fits with “binary” just as well as everyone thinks - it doesn’t. When we first came up with the round format, the idea was that every round would have a hodgepodge of problems, and that they would each be a smaller version of what a larger CTF “sprint” would look like. At the same time, though, themed rounds meant that I could push off all my work until immediately before the round itself went live, so that’s that I suppose.

I’m honestly surprised the framework held together as well as it did. We had some issues with the scoreboard being recalculated every time someone loaded it (leading to the weird issue where we’d cache the entire page including the navbar with the “your team” etc stuff in the top right corner), but that fixed itself when we got the server to thread properly. Writing CTFlex was a super educational experience that I haven’t really had before so I’m grateful for that.

Communication

If you ask me, our biggest mistake (specifically my downfall) was our lack of communication, especially during the last round. This should come as a surprise to almost nobody who was in IRC at any point during that last week when I would show up solely to mention “yeah there are no hints this round” and then again to mention “yeah well rip the flagdump”. The first round was, in my mind, actually went pretty well (all things considered) beyond the whole Got Bits fiasco, but things sort of snowballed on my end. Specifically, I had two tests and an essay during Round 2 keeping me away from IRC, which led to the short-lived reign of “Camdar_mobile” and my personal annoyance at having to deal with things during my trip to PAX East that weekend.

In hindsight, volunteering myself to be the “public face” of PACTF wasn’t as good an idea as I thought. As much as I enjoy hanging out on IRC and meeting cool people (to all of you who stuck around to chat for more than the forty-five seconds it took to ask me a question, this one goes out to you), it was kind of shitty mentally to deal with the constant complaints and insults (particularly about Got Bits round 1). As time went on, I had less and less motivation to sit on the channel and deal with the (at times) thirty different people begging me for hints (which, in turn, led to more people angrily emailing us for clarifications). I like to think I have pretty thick skin, but I’m really not suited for playing the part of the “front man” who has to wade through the accusations of cheating and bullshit problems.

Well…

Overall, though, I don’t think our first try could have gone much better. There were definitely some people who would disagree (the zodiac killer even took some time out of their busy schedule to kill the last six hours of our competition!), but I’m honestly okay with it. Thanks to everyone for their participation and feedback and we hope to see you again next year!

Updated: