New project - vcfCTF

Adam Michlin adam.michlin at vcfed.org
Thu Jan 7 22:48:01 UTC 2021


Hi Everyone,

Most of you know of my work as a classroom teacher both in terms of
teaching computer history and using vintage computer equipment to teach,
particularly 6502 assembly.

What you may not know is another of my specialties is teaching computer
security (I hate the term cybersecurity.. of course, *we* all know computer
security came long before all computers were internetworked! lol).

Within the computer security field, there is a thing called a Capture the
Flag (CTF) competition. I've been working with these since 2013 and am
finally starting my own. Well, actually a couple of my own, but my focus
for this message is vcfCTF.

I'd rather show than tell you what a CTF is so I'll show you with a cool
project. We all know BASIC and its origins at Dartmouth. Do we all know
that there was a programming language designed by the makers of BASIC that
predated BASIC called (unfortunately) DOPE - Dartmouth Oversimplified
Programming Experiment? And, yes, there's an emulator for that!

System Source (thanks Bob!) has been nice enough to host this customized
version that lets you put in this very specific program, run it, and get a
flag:

https://museum.syssrc.com/static/dope.html

1'Z'A'1'16
2'.'A'A'E[A]
3'P'A
4'P'E[A]
5'N
6'E
7'F

Customization and original code courtesy of Sean Haas at:

https://adventofcomputing.com/
<https://adventofcomputing.com/dope/test.html>

The BASIC (hah, see what I did there? I'll show myself out... ) idea is to
put obstacles in the way of students and they get points for finding a
flag. I decided to combine this with my love of vintage computers and am
working on creating vcfCTF.

How can you help?

Check out the warmup problems I have at my upcoming high school CTF (which
is going to let me test many of my problems for vcfCTF, but isn't only
vintage computer problems).

https://pgctf.portergaud.edu

Check out my growing list of emulated web vintage computers at:

http://ceos.io/emu

Suggest any missing ones and, once you understand the mechanisms, the key
is to find a way to hide a text flag that forces them to use a vintage
computer.

In the DOPE emulator, we had little choice but to customize the emulator
itself, but there can be many ways to hide a flag that forces students to
happily interact with vintage computers. A custom Atari 2600 ROM, for
example. I've already created a problem with a flag that prints out when
the .dsk is booted on a web based Apple IIe (or any Apple IIe). I'd love a
similar one for C64 and 8bit Atari emulators. Did I mention there is a
TRS-80 Model III emulator?

Vintage programming languages are especially fun, as long as you can figure
out a way to give the students raw code that hides the text flag and must
be run. There is, btw, an online APL compiler at:

https://repl.it/languages/apl

I'm just saying...

The problems don't have to be directly related to computer security, but
the best ones are computer security related *and* require a vintage
computer. The more programming, the better.

Best wishes,

    -Adam


More information about the vcf-midatlantic mailing list