Artificial truth

The more you see, the less you believe.

[archives] [latest] | [homepage] | [atom/rss/twitter]

Boston Key party 2015
Thu 05 March 2015 — download


Last week-end, I helped to host the Boston Key Party 2015 ctf! It was not only a Defcon CTF qualifier, but also a required participation for CMU SEC class!


  • 1402 teams registered
  • 828 ones scored at least 10 points
  • 13627 flag guesses, for 5022 flags found, making something like ⅓ of success
  • 31 challenges

The challenges board was also quite cool:


Points and solves

Since I wasn't really involved in the infrastructure, I'll focus on challenges instead.

Weight estimation

One of the main difficulty in organizing a ctf (beside infrastructure) is to write and estimate how much do challenges worth.

The more a challenge is difficult, the more value its is granted. In a perfect world, if we happen to multiply how many time a challenge was solved with how much points it weights, we should always obtain the same number, for every challenge.

Points time solves

As you can see, the main mistake was haymarkey, an orange challenge, that was worth to many points.

The average is around 10k with haymarket, and 9k without; while the standard deviation is 6k and a bit less than 5k without it.

Points time solves, without haymarket

So, it seems that there was a single big mistake for challenges ranking, it's not that bad.



  • blue (crypto): 214 solves
  • green (school bus): 4188
  • orange (reverse): 330
  • red (pwning): 290

The most solved category was, as expected, School Bus; the other ones were solved between 200 and 300 times each, which is great : It means that there wasn't a super-(easier|harder) category.

My challenges

Since this is my blog, I'll speak a bit about my challenges: Of the 31 one, I wrote 8.

While the 5 first ones of the list were in the School Bus category, Wellington was a 250pts orange (Reverse) and Bowdoin a 350 blue (Crypto). You can find them and their respective sources here

My major regret is that I should have been more careful when I generated the PDF for Bowdoin: It was really hard to distinguish 1, l, i and I. But when I saw that the Balalaika Crew posted its flag in less than 45 minutes, I stopped feeling guilty.

Many thanks to gsilvis for proofreading my crypto challenge, and to crowell for letting me give a hand: hosting a ctf is as fun as playing one, only with more stress ;)

See you next year?