Update for Hack The Vote 2024

Author: Lense

2024/README.md

@@ -0,0 +1,43 @@
+# Hack The Vote 2024
+
+Hack The Vote 2024 was run by [RPISEC](https://rpis.ec) from November 1st to 3rd, 2024 (2024-11-01T23:00Z/2024-11-03T23:00Z).
+
+Congratulations to the top 3 teams:
+
+1st place: Maple Bacon (solved all challenges)  
+2nd place: tohru  
+3rd place: Shellphish  
+
+This was the last edition of HTV. There may be future RPISEC CTFs, but we are retiring the Hack The Vote series.
+
+![challenges](challenges.png)
+
+## Theme
+
+This year we simulated a presidential election between Wilfred J. Lewis and Jeanette D. Westcott, two cats. After every solve, teams redirected hacked votes to one of the candidates. Westcott had a narrow lead through most of the competition with a few brief takeovers, but was ultimately hacked the winner at 157 votes, with Lewis trailing at 152.
+
+![bios](index.png)
+
+## Statistics
+
+![scoreboard](scoreboard.png)
+
+![solves](solves.png)
+
+|  |  |
+| --- | --- |
+| Teams registered | 1177 |
+| Teams scored: | 758 |
+| Sanity solves | 734 |
+| Insanity solves | 235 |
+| Correct flags | 1357 |
+| Incorrect flags | 714 |
+| Points available | 4153 |
+| Number of challenges | 12 |
+| 1st place challenges solved | 12 |
+
+For the first time in HTV history, there were no unsolved challenges.
+
+## Organizers
+
+Andrew Fasano, Josh Ferrell, Michael Jones, Michael Krasnitski, Andrew Marumoto, Austin Ralls, Max Shavrick, Glenn Smith, and Avi Weinstock

2024/base-image/Dockerfile

@@ -0,0 +1,56 @@
+ARG UBUNTU_DIGEST=sha256:aa772c98400ef833586d1d517d3e8de670f7e712bf581ce6053165081773259d
+
+FROM --platform=linux/amd64 ubuntu@${UBUNTU_DIGEST} as base
+
+ARG DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && \
+    apt-get install -y ca-certificates wget
+
+RUN useradd challenge_user
+
+WORKDIR /
+
+FROM --platform=linux/amd64 ubuntu@${UBUNTU_DIGEST} as build_nsjail
+
+ARG DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    autoconf \
+    bison \
+    ca-certificates \
+    flex \
+    g++ \
+    gcc \
+    git \
+    libnl-route-3-dev \
+    libprotobuf-dev \
+    libtool \
+    make \
+    pkg-config \
+    curl \
+    protobuf-compiler \
+    libssl-dev && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN git clone https://github.com/google/nsjail.git && make -C /nsjail
+
+FROM base as htv2024_pwn
+
+ARG DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    libprotobuf23 \
+    libnl-3-200 \
+    libnl-route-3-200 && \
+    rm -rf /var/lib/apt/lists/*
+
+COPY --from=build_nsjail /nsjail/nsjail /usr/bin/nsjail
+RUN chmod 755 /usr/bin/nsjail
+
+COPY --chown=root:root nsjail.conf /home/challenge_user/nsjail.conf
+RUN chmod 400 /home/challenge_user/nsjail.conf
+
+COPY entrypoint.sh /home/challenge_user/entrypoint.sh
+RUN chmod 755 /home/challenge_user/entrypoint.sh
+
+WORKDIR /home/challenge_user/
+
+ENTRYPOINT ["./entrypoint.sh"]

2024/base-image/entrypoint.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+set -e
+
+sed -i "s/PLACEHOLDER_FLAG/$FLAG/" nsjail.conf
+unset FLAG
+
+exec nsjail --config nsjail.conf "$@"

2024/base-image/nsjail.conf

@@ -0,0 +1,131 @@
+# Base config for pwnable challenge
+
+name: "htv2024-pwn"
+
+description: "Base configuration for HackTheVote 2024 pwnable"
+
+mode: LISTEN
+port: 31337
+
+exec_bin {
+	path: "/challenge/challenge"
+}
+
+cwd: "/"
+
+# Timeout
+time_limit: 120
+
+# Resource limits
+rlimit_as: 2048
+rlimit_cpu: 1000
+rlimit_fsize: 1024
+rlimit_nofile: 64
+
+
+keep_env: false
+envar: "TERM=linux"
+envar: "PS1=$ "
+
+skip_setsid: true
+
+clone_newcgroup: true
+
+uidmap {
+	inside_id: "1000"
+	outside_id: "1000"
+	count: 1
+}
+
+gidmap {
+	inside_id: "1000"
+	outside_id: "1000"
+	count: 1
+}
+
+
+# Env vars
+envar: "TERM=linux"
+
+# Mount shenanigans
+mount_proc: false
+
+mount {
+	src: "/lib"
+	dst: "/lib"
+	is_bind: true
+	rw: false
+}
+
+mount {
+	src: "/bin"
+	dst: "/bin"
+	is_bind: true
+	rw: false
+}
+
+mount {
+	src: "/sbin"
+	dst: "/sbin"
+	is_bind: true
+	rw: false
+}
+
+mount {
+	src: "/usr"
+	dst: "/usr"
+	is_bind: true
+	rw: false
+}
+
+mount {
+	src: "/lib64"
+	dst: "/lib64"
+	is_bind: true
+	rw: false
+	mandatory: false
+}
+
+mount {
+	src: "/lib32"
+	dst: "/lib32"
+	is_bind: true
+	rw: false
+	mandatory: false
+}
+
+mount {
+	dst: "/tmp"
+	fstype: "tmpfs"
+	rw: true
+	is_bind: false
+	noexec: true
+	nodev: true
+	nosuid: true
+}
+
+mount {
+	src: "/dev/null"
+	dst: "/dev/null"
+	rw: true
+	is_bind: true
+}
+
+mount {
+	dst: "/proc"
+	fstype: "proc"
+	rw: false
+}
+
+mount {
+    dst: "/flag"
+    src_content: "PLACEHOLDER_FLAG"
+    rw: false
+}
+
+mount {
+	dst: "/challenge"
+	src: "/home/challenge_user/deploy"
+	is_dir: true
+	is_bind: true
+}

2024/challenges.png

@@ -0,0 +1,23 @@
+FROM htv2024:pwn_base as base
+
+FROM base as build
+# Space-separated list of required packages
+ARG REQUIRED_PACKAGES="build-essential cargo"
+
+ARG DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends ${REQUIRED_PACKAGES} && \
+    rm -rf /var/lib/apt/lists/*
+
+COPY build.sh /build.sh
+COPY src/ /src/
+RUN cd / && chmod +x /build.sh && /build.sh
+
+COPY Dockerfile /handout/Dockerfile
+RUN tar -czf /handout.tar.gz /handout
+
+FROM base as run
+COPY --from=build /deploy /home/challenge_user/deploy
+
+COPY make_handout.sh /make_handout.sh
+RUN cd / && chmod +x /make_handout.sh && /make_handout.sh

2024/crypto/zerovote/Dockerfile

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -e
+
+mkdir -p build
+mkdir -p deploy
+mkdir -p deploy/src/src
+
+# Build binaries
+cargo build --release --manifest-path=src/Cargo.toml
+
+# Copy required files to deploy
+cp ./src/target/release/zerovote deploy/challenge
+cp ./src/src/main.rs deploy/src/src/main.rs
+cp ./src/Cargo.toml deploy/src/Cargo.toml
+

2024/crypto/zerovote/build.sh

@@ -0,0 +1,15 @@
+[package]
+name = "zerovote"
+version = "0.1.0"
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+curve25519-dalek = { version = "4.1.3", features = ["digest", "group", "rand_core", "serde"] }
+group = "0.13.0"
+lazy_static = "1.5.0"
+rand_core = { version = "0.6.4", features = ["getrandom"] }
+serde = { version = "1.0", features = ["derive"] }
+serde_json = "1.0"
+sha2 = "0.10.8"