"I want to download and audit the Scorebot from DEF CON 22 CTF just like I did for DEF CON 21 CTF finals ."
- Have PostgreSQL 9.3 or newer installed. 9.2 may work but has not been tested.
- OPTIONAL: verify that you downloaded an official dump. More instructions below.
Create a database named
scorebot-2014. From the command line:
Load the pgdump file into the database:
pg_restore -d scorebot-2014 scorebot-2014.pgdump
> psql scorebot-2014 psql (9.4.3) Type "help" for help. scorebot-2014=# select id, name, dupe_ctr from teams order by name asc; id | name | dupe_ctr ----+-------------------------------+---------- 12 | (Mostly) Men in Black Hats | 14 2 | 9447 | 1445 19 | BalalaikaCr3w | 0 8 | CodeRed | 2 15 | Dragon Sector | 11880 18 | Gallopsled | 0 9 | HITCON | 112320 11 | HackingForChiMac | 40824 6 | KAIST GoN | 5452 21 | Legitimate Business Syndicate | 0 14 | More Smoked Leet Chicken | 39797 1 | Plaid Parliament of Pwning | 158842 3 | Reckless Abandon | 0 4 | Routards | 0 17 | Stratum Auhuur | 10 16 | [SEWorks]penthackon | 29 20 | binja | 0 10 | blue-lotus | 10 5 | raon_ASRT | 1096 7 | shellphish | 0 13 | w3stormz | 253 (21 rows)
Analyses We've Seen Before and Analyses We'd Like To See
Willem Vandercat of ROPtimus Prime posted a great analysis of our 2013 data called A BS Analysis Based on Legit Data, and in our follow-up A Legit Analysis, we noted that we didn't store enough data for accurate replay both due to oversights and programming errors.
We hope that our 2014 data are more complete: this is one reason the dump is 84MB instead of 4.6MB. In particular, we've included a
penalties table that connects
failed availabilities to penalty flag transfers, and added a log of availability script
output to the
availabilities table. In particular, we've addressed the flaw
about not storing enough data to accurately replay or rescore the game.
Validating and Verifying a Database Dump
Once you've downloaded the
.pgdump file, you can check its signature
against Vito's public GPG key.
- Obtain Vito's public key from this blog, Keybase.io, or the MIT Public Key Server .
- Install the key in your GPG keychain.
gpg --verify scorebot-2014.pgdump.sig. You should see output similar to:
> gpg --verify scorebot-2014.pgdump.sig gpg: Signature made Tue Jun 16 23:19:40 2015 EDT using RSA key ID C81CA674 gpg: Good signature from "Vito Genovese <[email protected]>" gpg: aka "keybase.io/vito <[email protected]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 3D67 0192 A797 5173 646C 79D3 B07D 6161 43CA A77B Subkey fingerprint: D586 0919 7A9F 6055 BF1D F3E9 18A0 1190 C81C A674
If you just want to trust every ISP between us and you, you can also check the
> shasum -a 256 scorebot-2014*
THIS SQL DUMP IS PROVIDED UNDER THE CREATIVE COMMONS CC0 LICENSE
To the extent possible under law, Legitimate Business Syndicate has waived all copyright and related or neighboring rights to the DEF CON 22 CTF SQL dump. This work is published from: United States.
Thanks for your interest! DEF CON Capture the Flag only exists because of the CTF community around the world, and we hope these data are useful and interesting. Special thanks to Willem Vandercat of ROPtimus Prime for pushing us to store and release better data for 2014!
See you in Las Vegas!