Last night after writing the blog post, I directly went to bed and started to watch the first episode of Mr. Robot. It had a strange feeling, and I had some strange thoughts. I felt like I’m treading a fine line. Most of my problems can lead to two very different outcomes. I’m excited and nervous about the final results.
Nevermind. I started to take part in CTFs. I did last weekend and this weekend. The previous one didn’t go well. We ranked 32nd among 465 (or 159?) teams and I couldn’t solve many challenges. But the one this week went pretty well. We ranked 19th out of ~300 teams, and I solved 6 challenges. Well… Most of them were pretty easy and didn’t demand deep knowledge. (TODO Write about this humble behavior later) But I managed to solve them anyway; Of course, with the help of my teammates. (TODO Same as previous one)
I solved a pwn challenge with beginner difficulty level. There was an “easy”-level pwn challenge that I couldn’t solve. I solved three Crypto challenges, one of them completely by myself, one of them just coded by me (but it was just bit arithmetic and I could do it by myself), and another one mostly by myself. I also solved a misc challenge, which was partially solved by two other teammates, but they couldn’t write an optimized solution for it. I also solved a reversing challenge completely by myself.
Now, I have some thoughts about this competition and CTFs in general. The first noticeable thing is that my algorithms knowledge and my implementation skills are helping me too much. Here’s a breakdown of the reasons I could solve each challenge:
- crypto1: I’d say I could solve it because of the competitive programming experience.
- crypto2: Just because my implementation is good, my friend asked me to implement the solution.
- misc: Because I could write an optimized code for it. My teammates would’ve finally solved it, but much later.
- crypto3: It was because of my number theory knowledge. I don’t know much about Cryptography, but most of the times I can see the flaws in RSA challenges.
- reversing: First, it was because I was familiar with reverse proxies and wasn’t afraid of the big config file. Second, it was because of my algorithm skills. The problem was finally solved by running DFS on a non-trivial graph. Very beautiful!
- pwn: Egal!
As you can see, the algorithm and implementation skills did most of the work. It’s good in a sense that I have this advantange to most of the people that have just done security in their life. I mean, there were some people in the team that had much more experience than me in CTFs, but they were stuck at different points and I could help them to solve the challenges eventually. Ans of course, it’s bad in a sense that I didn’t use almost any deep security knowledge. I will try harder in the next CTFs. At least, I have to master pwn.
The other thing that was different in this CTF was that I was a little more aggressive or arrogant. Previously, when people were working on a challenge, I didn’t interfere. Because if I’d done and solved the challenge instead of them, stealing the reputation, they would’ve felt bad. This time, I only cared about the challenges getting solved. People working on the misc challenge didn’t even ask me to help them. I joined them by myself and wrote the solution without asking for permission. I could definitely see that one of them was sad about herself. But the surprising fact is that at the end, they started to admire me. They felt good about me. The team leader even thanked me for making good contribution to the team and asked me to participate in other CTFs along with them.
To be honest, it’s surpring, disappointing, and paradoxical to me. By default, I don’t interefe in other people’s work to let them do something by themselves so they can be proud of themselves. I want them to make progress and learn something. I just don’t want to be a hero between many weak people, rather a strong person among many strong people. Now, I feel the right behavior is the way I behaved last time. If I’ve not already proven myself and other people look down on me, there’s no need to care about their feelings. I can first be more aggressive and prove myself, then care about them. What’s the point in caring for other people and having less for yourself so they can have more if it makes them look down on you? It’s a sad observation, but I definitely need to change my approach.
Maybe sometimes people need a hero that does the work for them, instead of hustling and becoming a hero, or at least a strong person, by themselves. Maybe they’re not ambitious enough. Maybe that’s why so many people get attracted to prophets and dictators.