• Solves: 3
  • I have a bingo.

    nc 136.243.194.45 1024
    
  • Solves: 7
  • Extract some flag from ssh://eve@136.243.194.40

    Password: nohaxplz

  • Solves: 372
  • Connect to 136.243.194.49:1024 and get a shell.

  • Solves: 16
  • Connect to 136.243.194.52 1024 and get a fresh instance spawned for you. You're gonna need this.

  • Solves: 31
  • Can you read the flag?

    nc 136.243.194.62 1024
    
  • Solves: 9
  • In case you want to test some shellcode you wrote, feel free to use this.

    nc 136.243.194.42 1024
    
  • Solves: 4
  • Manage your dom like data with this tool, unfortunately you can not currently export your data, feature will be added soon!

    nc 136.243.194.39 1024
    

  • Solves: 2
  • Here is the firmware of a smartcard for DVB-T decryption.

    Unfortunately the EEPROM data is missing, can you still decrypt the DVB-T stream?

    The flag begins with "32C3_" (uppercase).

  • Hints:
    • This could help: https://32c3ctf.ccc.ac/uploads/smartcard-075e52e6b925b3af7d78c781f2bd208384e26dbc.jpg

  • Solves: 49
  • This firmware image is secured against manipulation using RSA and MD5. Can you still get around that protection?

    The service is available here.

  • Solves: 17
  • Please install this on your new android phone, enter pass code and get the flag.

  • Hints:
    • Updated the libdroid.apk, this one is now also able to run on a device. No changes to internal logic.

  • Solves: 14
  • PICACHUUUUUUUUU!!!1!

    If you switch to VTY2, you can log in as root without a password.

    Note: Please use the supplied qemu. I'm not sure if everything works if you use a different version. The qemu was compiled under Ubuntu 14.04.


  • Solves: 40
  • The logic states of the GPIOs have been recorded Figure out the displayed message. You're gonna need this here

  • Solves: 5
  • I can't open my electronic vault anymore :( I reverse engineered a bit of the PCB and attached a JTAG debugger to it, but I can't seem to be able to dump the code and figure out how to reset the PIN. Could you help me out here?

    You can access the vault here: http://136.243.194.58:8080

    Some nice German music while you solve this challenge: https://www.youtube.com/watch?v=KfWyo2mqXnw

  • Solves: 17
  • Could you please decode this for me? KTHXBYE!


  • Solves: 11
  • Im Too Damn good at security. You can never beat me. Accept your fate. cross your fingers for this task to not collapse http://136.243.194.59/

  • Solves: 61
  • Our Admin is a little sad this time of the year. Maybe you can cheer him up at this site

    Please note: This challenge does not follow the flag format.

  • Hints:
    • To build the flag, concatenate both parts and omit '32C3_'

  • Solves: 26
  • A group of highly trained monkeys from outer space have been using earthlings technology to communicate ( over the web ). we want to know their secrets and intentions so we infiltrated them. Here's their platform of communication and an invite key:

    http://136.243.194.35/

    invite key: d991065ab84307e7904e2b9b515a2d69

  • Solves: 19
  • May we interest you in a little programming exercise?

    http://136.243.194.36:18888

  • Solves: 71
  • A new file hosting service for very small files. could you pwn it?

    http://136.243.194.53/


  • Solves: 27
  • We have obtained what we believe is a configuration backup of an embedded device. However, it seems to be encrypted. Maybe you can help us with decryption?

  • Solves: 8
  • There's some data exfiltration going on in this pcap. Can you figure you what happened?


  • Solves: 5
  • Today, everything needs crypto! We developed an AES encrypt module for your ARM chip!

    The module can be accessed via the address range 0x40048000..0x4004807f, see the example for details (binary is best documentation!)

    This demo device is only capable of encrypting 10 times, afterwards, the cpu has to be powercycled to encrypt anything else.

    Every module is preseeded with a random key and a serial number as input(Hint: this is the flag) the result can be found in the output buffer before anything else is encrypted.

  • Solves: 111
  • Non-standard gurke: https://32c3ctf.ccc.ac/uploads/gurke Talk to it via HTTP on http://136.243.194.43/.

  • Solves: 2
  • Get the flag ssh://eve@136.243.194.47

    Password: nohaxplz