DARPA’s Cyber Grand Challenge uses a new computing environment, the DARPA Experimental Cyber Research Evaluation Environment, or DECREE. While DECREE is designed to be less useful for general-purpose computing, it has some properties that make it excellent for binary reverse engineering, patching, and exploitation contests.
DECREE is built on i386 Linux, and ships with the clang compiler and support for special CGC Executable Format (CGCEF) binaries that support a much smaller set of system calls. In addition, DECREE comes with tools for validating functionality of binaries with XML-based pollers, proving vulnerabilities with XML- or C-based Proofs-of-Vulnerability (PoVs), and, of course, tools to help you debug and analyze binaries.
How do I install DECREE?
The current DECREE version is a small network of Vagrant boxes, available from the CGC repo. You'll need Vagrant and VirtualBox installed to get them running.
- Install VirtualBox from https://www.virtualbox.org
- Install Vagrant from https://www.vagrantup.com
- Download the Vagrantfile from http://repo.cybergrandchallenge.com/boxes/
Put the Vagrantfile in a parent directory to where you’ll be keeping your DECREE files. For example:
decree ├── Vagrantfile ├── example1 │ ├── Makefile │ ├── lib │ ├── pov │ └── src └── example2 ├── Makefile └── …
vagrant up crsto download, start, and set up the image for cyber reasoning systems. This may take a while, so read about Vagrant at https://www.vagrantup.com/docs/getting-started/up.html while it works.
vagrant ssh crsto ssh in to the image.
- The path with the Vagrantfile is at
maketo build and test your CGC binary.
What is a CGC binary and how do I get one?
crs Vagrant machine has challenge binaries in the
Outside of the
crs image, you can get samples at
The complete set of CGC Qualifying Event (CQE) challenge sets are there, as well as some example CGC Final Event (CFE) challenges in the “examples” directory.
What can I do and not do in a CGC binary?
CGC binaries are designed to be idempotent, like a pure mathematical function. Given the same initial conditions and inputs, the same binary should produce the same outputs, with the same instruction stream and same memory accesses every time. You can build analysis tools for CGC binaries; that’s what they're there for.
On the other hand, CGC binaries cannot manipulate, create, or even open files. Such is the price of idempotency.
CGC binaries can communicate over file descriptors, but depend on the CGC evaluation tooling to open them.
CGC binaries can be debugged with the version of gdb included in the DECREE VM.
Give it a shot!
We had two DECREE-based challenges in our 2015 qualifiers: cybergrandsandbox and patcher. As announced during the 2015 DEF CON closing ceremonies, the winning computer from CGC will be competing in our 2016 finals game. Knowing how to work with DECREE will probably be a valuable skill for quals and finals this year.