How to Play
Capture the Signal is a challenge-based CTF that focuses exclusively on the reverse engineering of radio signals. This activity is also known as “blind signal analysis” as the specifications of the signal are not known to the attacker. This contest is organized by Trend Micro’s researchers for researchers, hackers, and practitioners in the field!
Contestants should use their RF-hacking kung-fu and tools like GNURadio, GQRX, URH, Python, C, anything, to examine a series of increasingly complex radio signals to extract key information leading them to the next signal.
The game is hosted on site. The radio signals will be distributed via RF, and “over IP” as an alternative. The use of IP eliminates the complexity of deploying actual radios and transmitting RF over the air.
GNURadio, for example, supports the tunneling of signals natively (ZeroMQ), so the entry barrier is fairly low and the players could focus on the real challenge. For the same reason, we may provide VMs to support the GNURadio toolchain, as setting it up can be a time consuming process and is not relevant to the core of the challenge. Of course, participants are welcome in using their own setup.
Participants are also welcome to use Software Defined Radio (SDR) equipment to interact directly with RF signals over the air.
The more challenges you solve, the more points you gain. Points for challenges are statically assigned and are proportional to the difficulty of the challenge. The first participants to solve a challenge will receive higher number of points.
We may also provide hints that you can “buy” with the points you have collected so far. “Price” of hints may vary.
At the end of the competition, the team with highest total points will be named the winner. In the case of two different teams having the same points, whichever team was quickest to reach this high score will be declared the champion.
Format of the Game
We will direct the contestants to an entry signal by supplying frequency, and IP:port they can connect to. The contestants would tune to this frequency, or connect to the server, and stream the RF data into their toolchain.
The first and second signal could be processed using basic signal analysis techniques. Hidden in the signal, the players will find the next hint (e.g., the “frequency” of the next signal to examine and/or other clues to the final flag).
The third signal will contain encoded data, likely with simple digital encodings, and the decoded digital data will contain the next hint.
The challenge will continue in this fashion with an increasingly difficult set of digital signals to demodulate and decode.
The final stage will require encoding the discovered flag with a specific modulation and transmitting it on the right exit frequency (or IP:port) eventually discovered in the previous steps.