This year’s RHme Capture The Flag (CTF) competition will feature several automotive-themed challenges developed by the Argus research team in addition to the hardware and software challenges the RHme CTF has become known for over the last two years. These challenges will run on a custom printed circuit board developed by Riscure specifically for the competition.
Last year’s competition consisted of five different sections: some of the challenges required primarily software reverse engineering skills, where you had to recover the secret flag through binary analysis techniques. Other challenges had the researchers attempt to exploit vulnerabilities in software, often with difficult constraints such as a very limited ability to observe (let alone debug) the vulnerable code. Still others required an understanding of cryptography and its mathematical underpinnings in order to find and exploit the weaknesses intentionally left behind in the challenges.
The last two sets of challenges RHme is known for, side channel analysis and fault injection, are two families of hardware exploitation techniques that require an understanding of the connection between the lowest layer of hardware and high-level concepts like code flow and cryptographic operations. Since these techniques require challenge participants to operate directly on hardware, last year Riscure provided a competition board, an Arduino with a unique bootloader, to each participant in the competition. This year, to support the automotive focus of some of the challenges, Riscure developed a custom board that they will send to every registered participant.
This year’s automotive challenges will feature hardware and software challenges that simulate the (better parts of) systems and protocols prominent in the automotive industry. We’ve put a lot of effort into designing challenges that are both interesting and similar to real-life systems and scenarios, drawing from our experience and imagination. Although automotive cyber security has been a trending topic lately, with few notable exceptions, information on the subject is still scarce and involves technologies that are not widely known . We hope these challenges will serve as a fun way for engineers to develop knowledge and interest in the industry.
We’ve known and respected Riscure for a long while: we took part in last year’s RHme competition and some of us even flew to The Netherlands to receive specialized hardware training at Riscure headquarters. As Riscure is a global leader in the field of hardware security, this joint project is very exciting for us.
Participating in the planning and development of the challenges for the CTF alongside Riscure has allowed Argus to reach a large target audience and increase awareness of cyber-security issues as they relate to the automotive industry. We hope our collaboration will succeed just as previous iterations of RHme served to educate researchers about hardware security.
A prototype competition board
For the last few months we’ve been hard at work devising and testing the challenges on the custom boards developed by Riscure. The competition itself will start on November 1st, but registration opened on August 7 so don’t miss your chance to learn about automotive cyber security and hone your hacking skills!