Do you have what it takes to hack WiFi, Bluetooth, and Software Defined Radio (SDR)?

RF Hackers Sanctuary (the group formerly known as Wireless Village) is once again holding the Radio Frequency Capture the Flag (RFCTF) at ShmooCon 2022.  RFHS runs this game to teach security concepts and to give people a safe and legal way to practice attacks against new and old wireless technologies.

We cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester’s determination, and $0 to $$$$$ worth of special equipment.  Our new virtual RFCTF can be played completely remotely without needing any specialized equipment at all, just using your web browser!  The key is to read the clues, determine the goal of each challenge, and have fun learning.

There will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what’s happening at the RFCTF desk, #rfctf on our discord, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question – ASK! We may or may not answer, at our discretion.

FOR THE NEW FOLKS

Our virtual RFCTF environment is played remotely over ssh or through a web browser.  It may help to have additional tools installed on your local machine, but it isn’t required.

Read the presentations at: https://rfhackers.com/resources
Check out the resources at: http://sdr.ninja/training-events/sdr-wctf/

HYBRID FUN

For ShmooCon 2022 we will be running in “Hybrid” mode.  That means we will have both a physical presence AND the virtual game.  All of the challenges we have perfected in the last 2 years in our virtual game will be up and running, available to anyone all over the world (including at the conference), free of charge.  In addition to the virtual challenges, we will also have a large number of “in person” only challenges.  These “in-person” only challenges will include our traditional fox hunts, hide and seeks, and king of the hill challenges.  Additionally, we will have many challenges which we simply haven’t had time or ability to virtualize.  It should be clear that playing only the virtual game will put you in a severe available point disadvantage.  

Please don’t expect to place if you play virtual only, consider the game an opportunity to learn, practice, hone your skills, and still get on the scoreboard.  The virtual challenges which are available will have the same flags as the in-person challenges, allowing physical attendees the choice of hacking those challenges using either (or both) methods of access.

THE GAME

To score you will need to submit flags which will range from decoding transmissions in the spectrum, passphrases used to gain access to wireless access points, or even files located on servers. Once you capture the flag, submit it to the scoreboard right away, if you are confident it is worth *positive* points.  Some flags will be worth more points the earlier they are submitted, and others will be negative. Offense and defense are fully in play by the participants, the RFCTF organizers, and the Conference itself. Play nice, and we might also play nice.

To play our game at ShmooCon 2022:

  • SSID: RFCTF_Contestant
  • Password: iluvpentoo

Getting started guide: https://github.com/rfhs/rfhs-wiki/wiki

Helpful files (in-brief, wordlist, resources) can be found on the game web server at http://172.16.100.1 or
https://github.com/rfhs/wctf-files

Support tickets may be opened at https://github.com/rfhs/wctf-support/issues

TL;DR

Twitter: @rf_ctf and @rfhackers
Discord: https://discordapp.com/invite/JjPQhKy
Websites http://rfhackers.com and http://sdr.ninja – play with us
Github: https://github.com/rfhs

Official Support Ticketing System: https://github.com/rfhs/rfctf-support/issues