DEF CON CTF 2015 Score Data Releases

We're releasing several pieces of scoring data today, ready to download and analyze as you see fit.

Finals Visualizer

We've replayed all the redemption events from DEF CON CTF 2015 Finals into this YouTube video for your viewing pleasure.

Qualifiers Data Dump

Much like our 2014 data dump, this release includes JSON dumps of categories, challenges, notices, teams, and limited user information, and more importantly, offline-browsable HTML pages about teams, challenges, and more!

Download the DEF CON CTF 2015 Qualifiers data dump from https://files.legitbs.net/statdump_2015.tar.bz2, and verify its cryptographic signature using Vito's previously-published public key.

Finals SQL Dump

Want to get exhaustive detail about scoring in DEF CON CTF finals? This Postgres 9.4.1-compatible SQL dump file is what you want.

Installation

  1. Have PostgreSQL 9.4.1 or newer installed. 9.3 or older may work but has not been tested.
  2. OPTIONAL: verify that you downloaded an official dump. More instructions below.
  3. Create a database named scorebot-2015. From the command line: createdb scorebot-2015
  4. Load the pgdump file into the database: pg_restore -d scorebot-2015 scorebot-2015.pgdump
  5. Query it:
    > psql scorebot-2015
    psql (9.4.3)
    Type "help" for help.
    
    scorebot-2014=# select id, name, dupe_ctr from teams order by name asc;
     id |             name              | dupe_ctr
    ----+-------------------------------+----------
      9 | !SpamAndHex                   |        0
     12 | 0daysober                     |     2289
     11 | 0ops                          |        0
      6 | 9447                          |     1549
      2 | Bushwhackers                  |        0
     10 | CORNDUMP                      |        0
      5 | DEFKOR                        |       11
     13 | Dragon Sector                 |        4
      7 | Gallopsled                    |        0
      4 | HITCON                        |        0
     15 | LC↯BC                         |        1
     16 | Legitimate Business Syndicate |        0
      1 | Plaid Parliament of Pwning    |    18441
      3 | Samurai                       |        0
     14 | Shellphish                    |        0
      8 | blue-lotus                    |        0
    (16 rows)
    

Validating and Verifying These Dumps

Once you've downloaded the dump files, you can check its signature against Vito's public GPG key.

  1. Obtain Vito's public key from this blog, Keybase.io, or the MIT Public Key Server .
  2. Install the key in your GPG keychain.
  3. Run gpg --verify scorebot-2015.pgdump.sig. You should see output similar to:
    > gpg --verify scorebot-2015.pgdump.sig
    gpg: assuming signed data in 'scorebot-2015.pgdump'
    gpg: Signature made Fri Aug 28 20:04:57 2015 EDT using RSA key ID C81CA674
    gpg: Good signature from "Vito Genovese " [unknown]
    gpg:                 aka "keybase.io/vito " [unknown]
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the owner.
    Primary key fingerprint: 3D67 0192 A797 5173 646C  79D3 B07D 6161 43CA A77B
         Subkey fingerprint: D586 0919 7A9F 6055 BF1D  F3E9 18A0 1190 C81C A674
    

2015 DEF CON CTF Final Scores

We are pleased to announce the 2015 DEF CON Capture the Flag final scores.

Team NameFinal Score
DEFKOR23949
Plaid Parliament of Pwning19896
0daysober17943
HITCON13560
blue-lotus12442
0ops11306
Dragon Sector11288
Samurai10742
Shellphish10591
LC↯BC9941
!SpamAndHex9461
Gallopsled8608
94478410
CORNDUMP7508
Bushwhackers7447

How Scoring Worked

Before game start, we had a set of regular game services (that might or might not ever be enabled), and two LiveCTF services. Each team has an instance of a service (15+1 teams, 11 services, 176 instances), and every non-legitbs instance was given 1337 flags, for a total of 220,605 flags in the game. Ignoring the never-scored services and LiveCTF, (15 teams * 6 services * 1337 flags =) 120,330 flags were in play.

Similar to 2014, failing availability would cause a team to lose 14 flags divided evenly among their opponents. Getting owned (having a token stolen and redeemed) would also cause a team to lose 14 flags divided evenly among the teams that redeemed the token, with any remainders assigned to us until enough remainder existed to dole out to all the teams scoring that service.

LiveCTF was scored differently. The first team to finish LiveCTF qualifiers (DEFKOR) received 600 flags, and the next two teams (LC↯BC and PPP) received 300 and 200 flags, respectively. The other teams that finished (0daysober, Samurai, Shellphish, HITCON, and 9447) received 100 flags each. LiveCTF finals awarded 1000 points to the first team finishing, PPP.

Breakdown by Service

team \ servicerxcirkdtachikomaombdsuhackermudbadloggerlivectf_qualslivectf_finals
ppp3488117938592528136822632001000
bushwhackers0138900120384400
samurai012541129802127821681000
hitcon230413293871313386041000
defkor6746135926243731136835106000
team-94475514043871138310691000
gallopsled01359527559135379900
blue-lotus8761299146520781323139000
spamandhex013442861578136887400
corndump1129900133885900
0ops21701389110311383124900
0daysober2095128416056216133812941000
dragonsector219013891220461132369400
shellphish12814193792057133811591000
lcbc01359160039135312793000
legitbs2001001845519055

But Wait, There's More!

We have more releases planned in the coming days and months:

End of August, 2015
Supplemental scoreboard material: 2015 Quals data dump, 2015 Finals visualization, 2015 Finals SQL dump
End of November, 2015
2014 and 2015 Quals and Finals services

Thanks

Thanks to everyone who made DEF CON 23 CTF our best game yet: DEF CON goons, DEF CON staff, our fifteen finalist teams, the Capture the Flag community around the world, and everyone who came by our contest area to experience CTF first-hand! See you all in 2016!