Rules
The main rule is: Have fun, and play nice ❤️
You agree:
- For the duration of the challenge you will not disclose any hints or solutions with other participants.
- This CTF is centered around mobile app security. If its need to interact with a server, you won't use brute-force attacks.
- You will not disrupt the challenge infrastructure (e.g. registration page) on purpose.
- This challenge is for educational purposes only and not meant to be used for anything else.
- Neither the Insomni'hack conference, nor Redguard AG guarantee your access to the challenge. If either party deems you unfit for the challenge, you might be excluded from it.
- The competition is limited to the time form March 13th until 16th, and it may be taken offline afterwards without warning.
- The challenge is provided as is and that there is no guarantee that everything will work as expected.
- You must provide a valid email address to participate in the challenge.
The challenge
The CTF is embedded in our MAS Reference App. The app is used to teach security testers and developers about mobile security but also as a practice target for security tool.
That part of the app is not the target of this CTF but could be very useful for you to learn how to solve the challenges.
The CTF starts in the "CTF Game" side menu as seen on the picture on the right.
Important tips
- All flags are hidden in the Memory Game
- Brute-Force attacks are not needed to solve the callenges
- You don't need to change change the control flow of the app (statically or dynamically) most of the times. That does not mean you should not.
- The flags are in the format of a UUID
- The flags are case insensitive
- Example:
32BF095C-323B-457B-8746-6049FB8F3F54 - If you see a flag in the GUI, tap it to copy to clipboard
- We recommend using an emulator
Help is on the way
During the conference, we will help you with challenges by providing tips.
So if you are stuck, enjoy the conference and come back later.
We have heard that there are some mobile security related talks.
The app is based on the MAS Reference App. If you want to find out more, you are welcome to download the source code.
Good luck! 🍀