2014 Finals Scorebot SQL Dump

"I want to download and audit the Scorebot from DEF CON 22 CTF just like I did for DEF CON 21 CTF finals ."

Installation

  1. Have PostgreSQL 9.3 or newer installed. 9.2 may work but has not been tested.
  2. OPTIONAL: verify that you downloaded an official dump. More instructions below.
  3. Create a database named scorebot-2014. From the command line: createdb scorebot-2014
  4. Load the pgdump file into the database: pg_restore -d scorebot-2014 scorebot-2014.pgdump
  5. Query it:
    > psql scorebot-2014
    psql (9.4.3)
    Type "help" for help.
    
    scorebot-2014=# select id, name, dupe_ctr from teams order by name asc;
     id |             name              | dupe_ctr
    ----+-------------------------------+----------
     12 | (Mostly) Men in Black Hats    |       14
      2 | 9447                          |     1445
     19 | BalalaikaCr3w                 |        0
      8 | CodeRed                       |        2
     15 | Dragon Sector                 |    11880
     18 | Gallopsled                    |        0
      9 | HITCON                        |   112320
     11 | HackingForChiMac              |    40824
      6 | KAIST GoN                     |     5452
     21 | Legitimate Business Syndicate |        0
     14 | More Smoked Leet Chicken      |    39797
      1 | Plaid Parliament of Pwning    |   158842
      3 | Reckless Abandon              |        0
      4 | Routards                      |        0
     17 | Stratum Auhuur                |       10
     16 | [SEWorks]penthackon           |       29
     20 | binja                         |        0
     10 | blue-lotus                    |       10
      5 | raon_ASRT                     |     1096
      7 | shellphish                    |        0
     13 | w3stormz                      |      253
    (21 rows)
    

Analyses We've Seen Before and Analyses We'd Like To See

Willem Vandercat of ROPtimus Prime posted a great analysis of our 2013 data called A BS Analysis Based on Legit Data, and in our follow-up A Legit Analysis, we noted that we didn't store enough data for accurate replay both due to oversights and programming errors.

We hope that our 2014 data are more complete: this is one reason the dump is 84MB instead of 4.6MB. In particular, we've included a penalties table that connects failed availabilities to penalty flag transfers, and added a log of availability script output to the availabilities table. In particular, we've addressed the flaw about not storing enough data to accurately replay or rescore the game.

Validating and Verifying a Database Dump

Once you've downloaded the .pgdump file, you can check its signature against Vito's public GPG key.

  1. Obtain Vito's public key from this blog, Keybase.io, or the MIT Public Key Server .
  2. Install the key in your GPG keychain.
  3. Run gpg --verify scorebot-2014.pgdump.sig. You should see output similar to:
    > gpg --verify scorebot-2014.pgdump.sig
    gpg: Signature made Tue Jun 16 23:19:40 2015 EDT using RSA key ID C81CA674
    gpg: Good signature from "Vito Genovese <[email protected]>"
    gpg:                 aka "keybase.io/vito <[email protected]>"
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the owner.
    Primary key fingerprint: 3D67 0192 A797 5173 646C  79D3 B07D 6161 43CA A77B
         Subkey fingerprint: D586 0919 7A9F 6055 BF1D  F3E9 18A0 1190 C81C A674
    

If you just want to trust every ISP between us and you, you can also check the SHA-2/256 sums:

> shasum -a 256 scorebot-2014*
a49de19153bf78677d6c90f7ec1fea8ac2dc4f74b2d4cf1dc218dacc1f81b6a4  scorebot-2014.erd.pdf
9b6e90f2e52439ec9fc5a979c631b159f70b1fbd9371f40d6711526d2c002813  scorebot-2014.pgdump
854eb9250d0e8f083878871aebf154103e45cf3f01b339fe915efd32c1a75652  scorebot-2014.pgdump.sig

License

THIS SQL DUMP IS PROVIDED UNDER THE CREATIVE COMMONS CC0 LICENSE

To the extent possible under law, Legitimate Business Syndicate has waived all copyright and related or neighboring rights to the DEF CON 22 CTF SQL dump. This work is published from: United States.

http://creativecommons.org/publicdomain/zero/1.0/

Thanks

Thanks for your interest! DEF CON Capture the Flag only exists because of the CTF community around the world, and we hope these data are useful and interesting. Special thanks to Willem Vandercat of ROPtimus Prime for pushing us to store and release better data for 2014!

See you in Las Vegas!