#ai-village-capture-the-flag-defcon31

@gusty warren you encouraged me to implement the idea I had yesterday , now I have three challenges in the queue 😄

" you can easily catch up" this is by statistics.
p(num of trials to get correct | given easy task)

vs

p(num of people get correct | given difficult task)

no pls

...can you? won't any limitation that keeps the solution just reduce the search space and/or won't matter given the prior knowledge pre-buff?

kaggle has a CLI you can pip install, that’s actually how I’m submitting in my kernel

once you set it up with your API key it takes 2 secs

Yea, ususally they post the command in the competition page, so you don't need to guess the "competition name" for submission. I just didn't find it this time.

Havn't started granny (except uploaded an aplple and failed...), but from what I saw here, the brute-forcing one-pixcel attempt merely budged the probability. So what is the chance of there existing one magic pixel with the right number would change everything?... I mean, aren't there pooling layers in the CNN to exactly smooth the effect of one piexel?

did you solve 1 and 2?

no😂 ..hahahaha

I feel like granny 1 and 2 are those you can solve for sure, but just need some time. So trying other stuff so far

yay got sloth, cluster1 is next.

i'm getting shower curtain, instead of granny smith. 👍

i think i will give up on mnist

and just focus on the other flags

yesssss, so happy, got cluster3

silly quesiton, for granny. Do we have to save the img first and load from disk like the starter notebook. Or there is in-memory solution...

you would need to send bytes that decoded are png or jpg so it's easier to just write a function that saves it

disk io is usually pretty slow, but may doesn't matter that much in this case?

"How are you doing?" "Searching flag in the taskbar instead of paint level"

you can use io.BytesIO to create a stream and save to that, much easier than saving to an actual file

Thanks so much! Learning little things along the competition

thats a very cool idea

1.5 flags away from bronze, this is so exciting

mnist has set me back 1week+

and i still havnt made any progress 😂

daily mnist rant

what is the general consensus on granny1 vs mnist, regarding difficulty?

They're hard to compare, I found MNIST pretty easy but granny took me a while which doesn't seem like the consensus. The main difference is that granny gives you feedback on how well you're doing vs MNIST where you have to guess. Given that you prob will have to solve both for a medal I'd do whichever one you find more interesting

are we sure at least that granny uses MobileNetV2

and not like V1, V3 or ViT?

granny uses specsavers

Can't say, but moo mentioned that you don't actually have to match the model to solve. Probably why I found it much more difficult than others. I think it gives me an advantage in granny3 though.

sure but everyone who did claimed to have reproduced it

???

Not really, I'd say it's like 50-50. A lot of people brute-forced it

my wolf trying to pose as a granny and failed miserably, find it funny, lol....

wow

i got mnist

after all these years

I don't see how you can bruteforce it if it's not even clear what the task is. Clearly, it's not just submitting something that gets classified as an apple.

for any more sofisticated ranking of classes you might want to achieve you need to have a proper adverserial attack

i really dont understand the hint

on mnist, after solving it

Yeah I didn't either

really threw me off not gonna lie

oh, I was just having fun and tried to build a naive model before reading any paper, it is planned to fail. But it's FUN and may help me understand when I do read the paper later

Congrats! But do you understand the hint after you solve it? Like, for IP 1&2, I understand nothing even after solving it.

i kind of get it, but it threw me off more than it helped

I've been trying to understand it to see if figuring it out helps me think through CIFAR's hint but no luck

i think i might know how to solve cifar

should i mess up my sleep and try it now or do it tomorrow instead of working 🤔

nah I didn't reproduce it

just queried against the server

granny3 getting 'close'

hmm maybe i didnt know the answer

lol, i've been trying to manipulate that test_noise.wav this whole time. DOH

"h, I was just having fun and tried to build a naive model before reading any paper,"
the recommended steps are:

1. read last year compeition solution
2. ask google and github,kaggle
   3.read paper

being "simpler problem", it means that quite a number of people has the solution. then we ask, how did they get the solution?

either, it is simple and they can create it from their mind after a few trials, or they could have found the solution from somewhere.

when you face a problem not only think of the solution, also think of how others have found the solution, how likely is others already solved the solution ... ... look yourslves as part of the statistics (chatgpt also proved that "part of intelligent" is atcually memorization and probability)

"Can't say, but moo mentioned that you don't actually have to match the model to solve."
his exact words are "Some people did it this way - you don't need to do this. In our solution for testing, we don't use a surrogate model."

Exactly, granny 1 is not a trivial one, althoug it seems to be easy at first glance. My feeling is that, granny series seem to be challenging (especially if you aim for granny 3), even though there are a lot resources already. So maybe it helps to think of the problem before reading solutions, given the context that the whole competition wants you to think outside the box...

I was thinking of an unified approach to solve granny 123 together. I think it could work, but most likely can't be implemented within the competition time frame. So better to forget about it and start reading papers.

does the clue given by the organizers really helps us

Do we really need 1 in granny1?

hehe it remembers me last year on hotterdog 🙂

I learnt a lot, like that to fool a machine, one has to watch as a machine not a human !

Inversion still cryptic after many attempts ... either I'm totally on the wrong way or what the spirit returns is the input for another puzzle

I am at the same point ...

most of us (most likely) are at "the" same point :/

For the hush challenge, do we need sound processing knowledge to solve it?

probably, the aim of competition is to attract our attention to the new areas of knowledge

Hi, any hint on how to solve pixelated..

try harder

Last 5 days. Stuck.. With Jenny

Jenny is another joke to distract you

I am trying brute force, it is not working

You should try and try .... I stucked for a week 🙂

Mnist😭😭😭 wasting time with no solution...

cool, but don't share working approaches it is prohibited

You probably shouldn't say much about how you did it

ok sorry guys, I have deleted it

here we can share only pain

working on pixelated for many days too

Is pixelated harder than granny 1

depends for who

i didn't know posion AI can be put to good(?) use

this tool add some "hidden data" to your image, so that if people used it to train their model (like diffusion model), it will posion their training

so it is classified as generated by special model

watermarking of some kind

not watermark, it posion training

I think it is kind of attack, right ?

I mean data poisoning is kind of attack, but int this method, they use it to protect model

but what is its role in this competition 😄

oh yeah you are right, that should be poisoning of datasets by misslabeling them but " Nightshade changes the pixels of a digital image"

no role, just general knowledge related AI poisoning

will it have any impact if only 1 sample from million is poisoned?

"When they fed Stable Diffusion just 50 poisoned images of dogs and then prompted it to create images of dogs itself, the output started looking weird—creatures with too many limbs and cartoonish faces. With 300 poisoned samples, an attacker can manipulate Stable Diffusion to generate images of dogs to look like cats. "

300 images

the paper: https://arxiv.org/abs/2310.13828

maybe it will becoome next year kaggle CFT problem task

cool stuff because I thought big corpo would remove artists names from labels so there will be no way to associate generated images with artists

until next year researchers will find a way to deceted and clean poisoned images,!

good luck to detect a one pixel attack 😅

i don't think it will survive granny2 protection

i think 1px attack could be easily detected, because usually this pixel values should be very far from surrounding pixels and it's visible to human eye

agree, there are even studies around it: https://www.hindawi.com/journals/wcmc/2021/8891204/

yes but you might also induce a lot of false positive i guess if you try to simply look at distance between two pixels no ?

yeah, there's classic precision/recall tradeoff. but fgsm attack should be harder to detect because of very small differences

one has to note that one pixel attack is not always 100% possible. (It is unlike granny1, where is there is always a solution)

one can google for a benckmark/leadboard ranking that rank all papers for image attack . the sucess rate for imagenet is actually not very high

sigh rly close on pixelated but im having trouble with the last bit

from what i was reading, while 1px attack is not always possible, "few pixels" attack considerably increases the probability of success (3-5px). Also we don't necessarly need to poison a full dataset to protect it I guess, poisening 10-20% of the data might be largely enough

wish the ocr was better

"wish the ocr was better". There is a chinese saying 山不转路转，路不转人转，人不转心转: " If the mountain won't move, build a road around it. If the road won't turn, change your path."

carefully analyse the whole flow and system and see what/how/who/which/when can be changed and what cannot

yeah, success rates for 1px attack on imagenet are pretty far from 100% as I see from papers. targeted attack make things harder, and 768x768 image which is resized makes it even more harder. 🤔

if this helps me unblock I will cite this in my writeup lol

did you all managed to 100% match the server model locally? i've got only up to 4-5 digits and it seemed not enough

on granny*

tried 3 different model, even coulnd't find the match model, but as I heard moohax mention that one don't need to match model

@glass bay this message from moo might interest you

for granny 1-2 most definitely that's true, but for granny 3 idk tbh

due to amount of queries limitation ?

yes, and due to other attacks being simpler to perform in comparison to onepixel

but moo was referring to all granny levels or only granny 1 ?

it is unclear from the context it seems

question is: is granny 2 model the same as granny 3?

one confirmation do we get flag if we get 0.33333 for pos, neg and neutral right?

hehe you can test it simply 🙂

People posted their results getting all 0.3333 but no flag

true

also moo once said find out how passwords work i didnt find any relation between passwords and sentiment. any suggestions?

I remember seeing in this chat something about the 0.3333 differing in like the 6th/7th decimal case

I get the same score as the original sentence, but I don't get the flag, maybe there are more hidden decimal places in the system?

... or something entirely another you need to account for except scores

patiently waiting for workhours to end to try granny1

hush server is slow again ? anyone tried ?

@limber flower @olive ledge can you guys please check if the server is down or slow ?

server extremly slow for semantle2 as well

can we submit regex for inversion 🙂 ?

old competition for those who are interested

i got 0.995 in granny 1 and 2 with no model, though no flag 👀...

if you submit an apple obviously no flag for you

right now, all the sentences I submit to passphrase give the same score ...

Looking.

you are probably sending fixed benchmark string all the time

a yes indeed !

oh my god

I solved inversion

Spirits are with you, deamons with me. Congratulations

23 flags , I didn't catch gold yet :/

i share your pain

23 not enough for gold now?

Again same problem , I had the key .... I lost the door 😦 😦

wasted days daaaaays

How long to solve it?

wont you get gold when they remove the deleted account from LB?

Maybe it can t be revealed, but when you got the static flag, it was evident you had it or you did lot of try and retry ?

I can't say more :/

but its a good feeling I hope you guys feel ... when solving it i mean

No currently I am at top silver :/

The dopamine rush when solving a problem is what we're all addicted to 🙂

No, you are gold, you forgot the deleted account

I think the 4 guys who submitted within an hour of each other took the last golds yesterday

this was the answer I was searching, when I'm questionin myself, why I don't eat, sleep and just want to solve more questions

no problem, I will reformulate my question : "how great do you find the problem and the solution to solve it at end ?". Let's hope we get this feeling too :). I feel I am close but still can't interpret correctly the spirit message !

@brave briar stop trying to get people to tell hints

Hmm the deleted account doesn't count so .... I think I am last at gold currently

proud of you my NameMate 😉

my dopamine rush stopped on the 20-ish flag. The remaining tasks without a stated goal where you need just try and try make my crazy

same, and the inversion challenge kinda kill it for me, too much variables even with last year solution with emnist dataset

Guys one doubt in pass phrase my scores difference is 0.002 in negetive and hence the same in positive so anything is there a logical way to optimise it or have to check for a whole different method instead

Did you solve Semantle 1 & 2? I believe there are many (logical) ways to do these type of optimization

" I believe there are many (logical) ways to do these type of optimization"
ask google

brute force is logical
guess is also logical

Reading other people's logical ways after the competition will be fun

My granny is taking around 4s per request... anyone having same issue?

systematic guessing saves you time though

semantl2 at 0.95, still very far away

even Autonomous vehicles. can be attacked

i suddenly think athat all ML/AI are unsafe

electricity is unsafe

I think the spoofing lane-changing... it's not just an attack on AI, it's an plain attack...

you can do the same attack against human drivers... just pretend to be about to turn into them and they'll brake too

hmm

with masked pretraining becomming popular (like gpt and mae(masked auto encoder)), i think we are going to have a huge problem. basically, in generative pretraining, you are predicting the data itself. hence it is asy to do train data inversion. (e.g. https://gradvit.github.io/)
my friend once told me a joke: waht is the difference between software and ML enginner?
[daily work of software engineer]:

1. write code
2. make a bug
   3.debug
   4.repeat

[daily work of ML/AI engineer]:

1. make an new ai aglorithm
2. discover flaw
3. make another ai aglorithm to cover up the flaw
   4.repeat

I'm doing granny1
My score is almost 0.999 on local
But on api is hardly improved by 0.0001 why?

Any help?😅

Ok I have to follow the approach which we used in semantle2 after getting close to the score. Am I correct? @gusty warren @random minnow

I'm so done😭

@random minnow People have already told you but you're sharing way too much. Here you're spoon-feeding information - that is not in the spirit of the competition.

For people to actually learn from the competition they need to try to understand what is going on by themselves, not wait for someone to give them the answer...

i didn't given them the answer. i only tell him the direction to find their own answer

i think it is ok because tasks can be done without understanding underlying theory

++

I'm just asking for some direction
I have done this much work🥲

@random minnow apologies brother
I won't ask anything further

I think it's time to give up on inversion, gonna save it for last if I get that far

i decided to give it a break after i saw this board

My main issue with it is that it's just so subjective--I love the problem, it's extremely interesting in itself and I learned a ton about model inversion in general, but I'm just not able to find a solution from the 5/8 pieces of data that we have and trying to brute-force the last 3/8 hasn't been helpful. Just wasting a ton of time on my end trying to find a suitable word from the combinations of letters/numbers that are most likely to match at this point.

These days I frequently have this quote on my mind 🙂

Lol... so should we start trying French characters?.....

How does that board even work. At the bottom there is goodbye in french?

I havn't solved granny1, but it doesn't seem like the objective is to get a perfect 0.9999 score, that makes no sense as "adversial attack" (last year's hot dog was weird)

My issue is with being unable to increase any substantial value for api result

At long last got cluster3. Exhausted.

Maybe the API result doesn't really matter at all beyond beating out wolf?

Finally i'm dangerous

No flag though

We all get a teapot troll as reward of being dangerous..

😂😂😂

Did someone just stop spamming the server... my granny request is getting way more responsive

what if.... you reach a certain spot on the leaderboard and don't feel like solving more problems, and start to DDoS the server...

do I need to be more dangerous or what?

literally me solving CIFAR

I wish I know.... I keep looking at the example {"thing": [1, 2, "here"]} and think maybe there is a static flag hidden in some array, lol.....

cluster 3 was one of my favorites!

@ornate marsh I found it very demanding, and needing very precise work.

same sadly

granny slow :/

I was trying to match the model yday for hours without much success, now opened my notebook and did something turns out my model perfectly matches api oO

I’ve played around with pre/post processing, but sadly everything I have tried, while decreasing local/server error, does not get me anywhere close

Attacking a slow black box model without the gradient is, shall we say, painful

If I was rational I would throw in the towel and hope for bronze, but alas sunk cost

Probably something to do with not being able to judge how close I am to the remaining flags

real

I was hopping to solve as black-box, but today's response time.... kind of forcing us to match the model

timber wolf is watching

say one thing - is it non-Imagenet mean/std normalization that we'll have to grind up to 5th decimal place in hopes of perfect coincidence?

Well, you gave me some hope :).

ah yes, finally silver!

Solved my last cluster challenge, cluster1. Hardest part was reading the model correctly. Luckily I stumbled upon the Kaggle discussion board.

@gaunt anchor which one was your 23rd, if that's not a secret?

I already mentioned it ... inversion

sure but I can't seem to be able to search by name :/

now the big four players (granny4, CIFAR , passphrase and hush) , I already have plans to them ... but I think its going to be loong loong two weeks

do you think having 22 now will be enough for silver? I'm like 36th

You never know ... aim for gold so if you got silver you still be happy 🙂

ofc but I do have other stuff going on and don't wanna waste too much time on this 😄

I need atleast silver to push more to master ... anything more is welcomed 🙂

that's what I'm going for as well

solo gold is more great ! ... money is greater hhhhh

I have solo gold already so not a big deal for me

Ya , well I need it so this is my chance to catch it (I hope)

good luck 🤞

you too 🙂

Does pickle need in-depth knowledge of pickling and unpickling?

flag or not, we begin with no in-depth knowledge and end up with in-depth knowledge...

I heard somebody said that the prior knowledge of pickle set him back rather than help him. Don't know if that's individual case or general

Yeah I have been doing pickle since the ages and I don't think I am any where near the flag

Meanwhile I got sloth, semantic 2 and MNIST
But pickle is driving me crazy

I think I should move to the granny series

pickle is annoying because there is no feedback at all

the only feedback you get is a troll

Yes that's what's annoying me

Initially I didn't know that it was trolling me until I asked here

Do we need to know about DNS/IPv6 stuffs for IPs or they are just like witfs?

Go through the old messages
I remember someone has answered this

¯_(ツ)_/¯

Hehe missing this

I don’t know how others did pickle, but even after getting a flag I have no clue about the overall idea behind this challenge.

Has there been any clue regarding pickle
Like any?

I saw some people in this channel recommended to re-read the prompt, waiting for the end of this comp to see how it helps. May be there are several different solutions, mine was not related to the prompt text at all.

0.99 GRANNY2 NO FLAG

granny3 : 0.0006914532859809697 😔

just want to know

has granny 3 solved by anyone?

801-867-5309

as far as I know ... not yet ... but maybe the 24 guys did it !

Is it hard to solve pixelated without knowing jenny's joke

801-867-5309 : this is a real phone number. call to get the flag

Are you talking about granny 1 or 2? matching granny 1 seems quite straight forward

i dont even know who is jenny lol..

need cultural reference to solve a ML problem..

¯_(ツ)_/¯

I step away for 1 hr, get 2 flags, and im back in silver 🤦‍♂️

time for a break

overthinking is no joke

theres a life lesson in there…

Same here, I get the flag just by chance

sounds like an LLM?

You too stuck in pickle?

yea, I kind of give up on pickle. Switching to granny

I am not learning anything doing pickle, unlike granny. so much fun

So as MNIST

🤷‍♂️

trained with the granny 2 api, and validated with granny 1 api. And was wondering why the score not going up..... just funny bugs everywhere

I too ditched granny🥲

l look through previous competitions. actaully before last year DEF CON 30 at kaggle, there are also many previous task realted to image ML/AI. you can take a look at (past events DEFCON-26,27,28,...). many nice articles on their https://aivillage.org/blog/
https://aivillage.org/events

Saturday talks were good too smh

Granny3 I was able to reach 0.0006924299523234367 .... hmmm

your slides?

"Granny3 I was able to reach 0.0006924299523234367 " i have strong feeling that granny3 should be one of the unsolvable tasks at the end of this competition

i think we need at least 100 pixels. 1pixel seems mission impossible

I am now at 0.0006927x .... I will give my current strategy some time to see

Maybe a little less than 100 if something like p(c)=0.001(-epsilon) if c!=granny smith and p(c)=0.001+(epsilon) if c=granny smith is accepted

I got 0.0006927589 as well but then it didn't get better from there. I'm now re-evaluating my strategy.

0.0006927594658918679 the value I am stuck at hhhhhh

you just need to reach 0.00101 and reduce all the rest under it, 0.00069 is just 69% of the minimum score to have granny smith as the classified class. (the problem is reaching a condition where 0.001 is enough to make it be the winning class)

Could get 0.000749 locally. However achieving that score with the API is another thing ...

(hope what I wrote above is not treated as hint) I'm far from 0.000692 locally, let alone solving the problem

Not a hint but a boost for my motivation 🙂

I'm stuck at Granny1-2, and conversations are just around granny3, me like 👀

For granny2, I'm sending the edited timber wolf picture the api returns granny smith but doesn't give the flag

I'm glad, motivation is a great deal in these challenges.
Now probably I should go back into minimizing the top predicted class score, just to see what's my limit with one pixel

same

One last message before going.
Let's try the approach of Phoenix wright game in the first case, and rephrease it a bit.
"Don't try to understand if your assumption is right, go on thinking your assumption is right and try the exploits that your assumpion suggestes"
And always change your point of view if the problem as you frame it seems unsolvable, maybe that's not the real problem

i think i know exactly which pixel you are at :p

Pickle...

i am so sure it is very dangerous

A lot of teapots around...

Http status 418?

Yup

@lunar blaze asked it, but before getting any reply, he said he solved it ;-;

yeah, I tried so many things in pickle that in the last version of the notebook I saved I have an XSS embedded in the page and i alert(1) when opening the notebook.
Maybe I overdid something. For sure I'm overthinking

Why can't I just
"delete from BRAIN where topic='pickle'"
And start from 0?

I did pickle. Well I deleted enough from my brain

And here I'm
Still stuck

Endless loop on Inversion, I'm sure I've it but I don't have. Do we need to smoke cannabis to get it?

Yep at the same point, here. I am pretty sure I have all the puzzle pieces. But it does not match...

We are 3

Hehehehaw

waving keyboard for 2 hours already

no miracle

Inversion hint: it's trying to tell you something

it's telling me to give up

But 4,5,7 are not ready to tell anything

i got them telling me something, but something wrong obviously 😅

now i'm just trying about 1M400 comb and #yolo

ouch you are ambitious, I generally limit to some thousands 🙂

yeah well lets say i gave up for now so my stuff run and if my miracle i find something, good news, otherwise, too bad! :p

actually I just hope i'm far off the actual solution, because I will be kind of pissed at myself if I miss the answer by 1 character somewhere

maybe this will help

aaaaaa inversion finally!

only took two weeks

i remember seeing that one, not ringing any bell for now ! but thanks for reposting

do u like your solution?

a little

Yes, and I think I understand what but then I'm always wrong at the end

ehh I thought we can actually communicate with model by asking questions😅

But... It's a single model with 8 outputs...

Yep but don’t know if treshold is really low or if it’s just not the right way for 457

yep there are not that much reasons for that

Alright, I tried to nudge y'all in the right direction

maybe i am using wrong datasets as moo said or wrong dictionaries

Going mad with the IP ones ;-;

I need pickle to give me silver 😡
Won’t sleep until I get pickle

Dangerous pickle detected

give me the flag :))

"Maybe a little less than 100 if something like p(c)=0.001(-epsilon)"
by using local model, i can compute/probe the receptive field of one pixel. i also have the timber wolf image. i can compute the max chnage in feature value and logit due to the largest change in single pixel value .... conclusion .... maybe not possible?

https://tenor.com/view/timcook-chequered-flag-f1-apple-wave-gif-26980817

just a reminder that discussing the conclusions you've reached during your research, however obvious to you now, are shortcuts for many people

I can see that there is a dire (wolf 😆 ) need for a team competition of this kind 😄

what is this now, I'm getting granny as first prediction in Granny2, but no flag !!! 🥲

but did you get the flag for granny 1?

It also needs to be high probability it's not enough to be like 5% granny top pick

now 8th day in a row trying to solve granny 1

Oh, that's not what I was supposed to do :((

maybe you need .3333 .3333 .3333

i have few suggestions for next year kaggle CFT (after reading some interesing ml attack papers)
1: guess the prompt, given AI generated image (e.g. from stable diffisuion)
2. instead of the prompt above, guess the style or other attributes of some given prompt template.
3. uncover the reference given intput prompt and ouput generated results (e.g. if we have input prompt and ai generated summary, can you uncover the source documents where the summary is made from)

my god

i just spent 5 hours finding a mistake in cluster 3

sometimes sleeping truly is the best option

Found the only logical shape for MNIST

and you tell me its wrong?

FK

welcome to the club

I am starting to wonder whether granny 3 is easier than MNIST

at least its something u can optimise

i find a solution for mr wolf to hide himself: https://youtube.com/shorts/IAh_GoJL_GE?si=HTq6w-mj7aFbxQcQ

I got a feeling that quite a few people solved granny 3 already, just being silent about it. I mean, if the task is really just changing one pixel.

LOL

finally

this is the way

So what do we even count😂

wasted time

It's , for me, uncountable infinity

Is everyone collaborating in background or what
How are these scores moving together 😶

One reaches 21
And everyone reaches 20

@olive ledge About the Inversion prompt 'When you believe you have the static flag, submit it here', the static flag is not returned by the API correct?

yes

I hope next challenge involving letters will be using some rare language to remove a bias toward native english speakers

Nice got IP1 and IP2 in 5 minutes. Less luck with pickle so far.

are you comparing pickly with IP1-2, do you mean there is a LLM behind it ?

I don't know yet. At least I have a dangerous pickle but I'm still figuring out if that is the way to go.

Yes…
I don’t know anything about janny joke

I took a week off and worked on sloth again and solved it in 5 minutes!
Rest is important

Hints😭I need hints

Besides resting & not overthinking

The put MNIST and pickle to keep people away from medal

😭

google it

This IPs are killing meee

IP and Pickle may google. MNIST - I don't think so

"MNIST - I don't think so"
are you sure? don't assume. try google it

i think CIFAR is googlable

it is the prompt you enter in google that decide you get the answer or not

I did MNIST, i think it is most useless task in this challenge

inverse is the worst

maybe, I'm still trying to get flag from trash predictions))

Spark of Genius = adversial noise

google search can give you lots of noise

https://www.nationalgeographic.com/science/article/eureka-insight-newton-archimedes-genius-science

this is why newton "discover gravity when lying delow apple tree"

I think it's just he wasn't hungry that time. Otherwise, he would have eaten the apple and slept.

Has anyone been able to get good outputs for 4,5,7 in inversion?

for me a bigger problem the amount of different chars with pretty confident 0.999 predictions for each place, 10-15+ letters for each pos

thats the question that is haunting all of us still stuck on inversion

I even got totally different shapes and back grounds for the same positions with perfect 1.0 score

Hum oddly I am stuck elsewhere ...

pretty sure there was something on these sockets and they were massively unlearned to obfuscate whatever there is

Unlearned or never learned

they definitely dont want an ai to tell you what it wants

"dangerous pickle detected" is it just to troll me or what?

https://tenor.com/view/confused-pig-gif-8664053796761769219

Same with me. Dunno what this is

Me too, I don’t know if it’s a reminder or a confusion

IMO It means that you've been noticed by the police

I am in Jail only since I started pickle

First time doing a competition like this, I'm pretty lost I like it hahhaah

Kind of, FBI is in my door, but I'm continue trying pickle before to open

But I sent bs byte string that makes no sense to it and it still told me dangerous pickle detected...

granny=0.22, wolf=0.14, still no flag for granny 2..... wondering whether the granny prob is not big enough or the generated image is too deviated....

since you already pass granny1, why don't you test it with granny1 (lower garnny probability, deviation, etc)?

i think discussions like this about granny are very hint-ish 🙂 because figuring out what to do is a major part of a task too, I personally spent like 5 days digging the wrong way

Because I am not sure the different levels share the same threshold? but yes, I should test it anyway....

you should think of it as: if you don't know, then others would not know too. but others managed to do it. so it is a trial and errors. hacking itself is trial and error.

it would be faster if you try it yourself than asking here

usually you may think that people finished the task they may have discover secret you don't know. but in reality, maybe everyone is seeing the same thing. just that they try more and has less bug

yep, but with all that info you could try less with higher success rate 🙂

this is the reason why in the end, the lb score is the same (becuase everyone sees the same thing). just that some people achieve faster.

e.g. you can spend like week figuring out what to do in granny if you do it from the start, but in the middle of comp you can use all public info and spend like 1 day instead. and invest this spare time in other stuff

oh i got a 0.000693

I've the same score for granny on granny1

Samesies bro😂

might be due to rounding actually... I print with 6 digits... So it might still be the 0.0006927

Why is the OCR choking so hard on longer inputs ? It's driving me so mad 🥲

The probability of the OCR getting the string right: (acc% per char)^(len of string)...

imo it's worse than that because too frequently i've had my input's last character just forgotten

it definitely gets worse when its longer

it is interesing for ocr becuase this technology has been around for many many years.
even before deep learning or advanced computer vision.

e.g. to scan car license plate, to read bank check serial number

Like, the exact same input will be read perfectly when split but reading the whole thing is impossible... makes no sense to me

so people still manged to get it work desipte the flaw in technology

and that is the trick to make AI product. An sucessful AI/ML product(in which model is only one small part of it) is one that works even it the algorirthm has flaw

passpharase is driving me crazy. I'm about to draw a diagram with relationships between sauce, sentiment, model, chef and Bitville 😅

what's is even driving crazier about passphrase is that apparently taking a shower + 3hrs of work is enough to get it right :p

maybe 3hrs of shower will do? 😄

20+h of work on passphrase and I don't feel like I'm any closer to understanding what I have to do 🙃

I never shower maybe that's the issue

At least we could get differencedifferent responses from API, unlike CIFAR

you don't like this "try again!"

actually you can get also another message "wrong input shape etc..."

Simple "try again" challenge

inversion is only "try again!", that i saw almost 1 million time i think as of now

"I'm any closer to understanding what I have to do"
google can help

I've solved granny2 after 20min cycling

Tomorrow cycling again, I hope it will help for Inversion 🙂

CIFAR evertime I think I got a logical input ... it gives me the two words that everybody hates currently "try again" !

and thats the same for Passphrase

hush gives anything ! there is always numbers ....
granny smith , I add a note that once I am at the supermarket I will change it price to 0.000692

round your forecast, it will give you the feelink of having 0.000693, or even more rounded 0.0007. Or even more rounded 0..001

same but with MNIST 😄

you see many "advml" appearing in the submission url. i think i finally undersatnd what this is

hi- i just started this challenge. is there a particular format to submit the answer for cluster 1? the response i get is {s:#.####... }. but the submittal format is {cluster1:"empty", etc.}. i've submitted the test flag and the value for cluster1 response, but my public score is 0.

When you get teh correct answer, you will know it prior to submitting.

you should create a seperate notebook where you submit the flags .
https://www.kaggle.com/code/kononenko/ctf-submission

something like that

If you submit the Test flag correctly, you will get a point.

and just copy paste the correct flag when you get it into the dictionary

I was working on Hush for so long; I eventually got the 'I don't like the sound of that' message and thought I had made a breakthru...

I was working on it for 10 days so far …

Is there any tracker for which question have not been solved yet...i see 24 solved what are the remaining 3?

Most likely hush , granny3 , passphrase and CIFAR is what left for the guys with 23 flags .... (most likely)

CIFAR has been solved by decent amount of people as moo said 10 days ago

Its fine i get the idea 😅

if CIFAR has been solved that much then we have to hurry more to keep our ranks ! 😅

passphrase has been solved too

ya once as far as we know ! I think

either way i am noway near ...i am just trying to understand the riddles

but idk how cifar can be solved, because no one in this chat claimed this..

cifar is easy

all you have to do is send the entire cifar dataset to moo's address

printed or faxed

then wait for flag to appear in your mailbox

Preferable printed, the price of paper is insane these days

gotta use gloss paper too

otherwise you might only get half a flag

1 image per page

Finally solved MNIST after so long. Disgusting!!

Wasted yet another 3 hours on CIFAR 😭

3 hours? rookie numbers

Well for me, i wasted almost a week on pickle and pixelated. And finally I solved

.
.
Neither

I just have a lucky shot and solver MNIST in around 10 mins, but I'm crying with CIFAR, no clue at all

Finally got my email sent
Damn those IPs

Bah, so close to cluster 3

Same. Frustrating

Did you understand the 2nd part of the clue to solve it?

I am trying to make it like the sound of almost everything 😦

accidently delete all my file when doing pickle...

emotional damage

Finally got it lol

Can anyone give me direction to solve MNIST , I tried to use the frequencies of pixel values at the image index of 255,23435 but no flag,i'm banging my head for three whole days and also did a 3 hr shower but no luck so far 🥲

Is it due to wrong data set? 🤔

Hello everyone. In the "Pixelated" task, is it required to send an image with a special password/word, or should I modify the original image?

Whatever gives you admin privileges

brute forcing phone number

😤

😂😂😂

The most hint you'd get here is "count"

yet the only number I can count correctly is the hours wasted on MNIST

How do you express infinity in python?

something like np.inf?

Joke...ruined in an instant

Why are my local MobileNetV2 results inconsistent with the api results? Very strange

spent days to figure out why

is it possible to automate things in pixelated since the ocr is pretty bad?

I believe that's most time consumeing part of pixelated... lol

hmm i was hoping not to automate it at all and manually change stuff

but i dont seem to be getting anywhere

I mannually changed stuff to do proof of concept, to see whether it's worht the time to automate and tune the img

🛌

For granny I get 99% with my local model but the API still thinks it’s a wolf I hope I’m on the right track tho

I've been stuck here for a long time

I hope it's a joke...lol

For Granny, at least you have something to deduce and progress

for pickle and MNIST

just constant guessing

MNIST is real easy problem. Just think about what you can count

You should delete it

i thought that is very trivial ..

Did I miss some hint for MNIST?

I thought it's easy too and thought there is only one thing you can count, count it in ways and for different sources and all came back try again....

pay attention to input_data

I really hope that people here for fair competition. Some people write with a proposal to make a deal, and it upsets me.

Does the order of the input_data matter?

I didn’t check but probably

Unfortunately not

No joke. I respect the people that get 22+ flags. but the number of people that got 22+ surprised me

the ranking always goes up together

I want to share my journey so far to the 23 flags .... its been a very very exhausting 19 days ... lot of failure and sometimes I spent days walking around challenges that I just needed a tiny small edit to solve ... I learned much ... so the 23 flags for me were hard ! ... and I am still hoping to get more 🙂

its not in the interest of people with high scores to provide answers to other people with high scores in most of the case. And there is too much at stake to risk a ban

well, now i count it in days

Any advise?

Seems like I've got all the messages, still getting random strings

Seems like the blackhole people don't like me

Something trivial for you, might not be for others. Many people are stuck on MNIST for many days and that's not because it is hard, but they are not able to pin the correct solution.

Same as CIFAR most likely anyone pin the correct solution will get it ! .... its all about thinking ... and sleeping maybe !

I think most of the challenges here is to know what to do ! ... once you figure out, the coding part is not hard these days .. with GPT and other models around !

I had the same thing, it turned out that i incorrectly typed in the coordinates

Recheck everything

Yep, recheck everything lol. Little typos, fat fingers. They will get ya

Hi, Granny 3 is extremely slow. I made a requests and it takes many seconds and sometimes even I get 504 errors.

Is it a good idea to start working on this challenge with 12 days left?

most of us (in the 20-23 flag zone) got the flags in a week approx., so I'd say yes 12 days can be enough to go even beyond

Finally got MNIST after 5 days and much sacrifice... 🥹

nice, came back after a day's break to some memes

granny3 endpoint is super super slow, zZzZ

is it intented? anybody has any idea ?

lot of people trying to find the weak pixel

Not me😌

I haven't even solved granny1😌

you can just use the granny1 endpoint for granny3 testing

did you solve Granny3? I can't judge if this is a serious recommendation or just trolling 😄

it's not trolling, both endpoints return identical class predictions and since the prompt says that the objective is the same then a submission to granny1 that gets the flag can be submitted to granny3 (assuming the one-pixel rule is followed)

I'm assuming that doesn't count as a hint since it says it in the prompt lol

well it's not a hint but it's giving an advantage away...

inb4 "why granny1 slow" messages

true, rip my <2s granny1 queries...

was also on granny1 😅

For passphrase the same sentence gives different different scores. Anyone faced that?

which one i'll test

Got MNIST.

wow some characters are extremely stubborn for the ocr

yes, if you make little changes like mayusc or more spaces, you get different scores, that's part of adversarial machine learning

I become more sensitive with 23 flags 😅 I think you are saying more than needed

like semi-colon and colon?

I get how it could be difficult for ocr, but come on we are in 2023, computer vision is supposed to surpass human....

specifically i was talking about a different character

So one more character to worry about

After 2 week

Still 17flag

I should capitalize this CTF by competing in other comps while all the masters are trapped here

Nice strategy

Oh god!!! Finally.... After 10 days, i have solved mnist

wondering how do you edit the timber_wolf image provided by host?? when I open it with PIL, even I don’t change any pixel, I can’t get the same bytes as the sample code does. The host sample code reads the the jpg as bytes directly. so do you edit the bytes directly instead of using PIL?

open it with PIL, apply whatever changes, save it to an io.BytesIO stream and convert the stream's value to base64

Has passphrase been solved?

yeop

So only 2 solved them right?

I'm just trying to decide if I should even attempt or not😂😂😂

Inversion looks too unstable, yestderday AI wanted me to do playstation, today it's music. And I don't see any link with Ouija so far 😒

Pickle seems so frustrating. I got into a new world after understanding the not the execution you're looking for part but still no luck. Really wondering whether the waving keyboard part have anything to do with it or not. Stuck being dangerous

Hello ... Hush server is down ? @olive ledge @limber flower ?

hush hush hush .... it seems the server is sleeping so huuuuush

it's definitely unbealivable I can't solve granny 1 and 2

I've almost tried every single library out there

try something simpler like hush or passphrase

Agree 👍

LETS GO OCR

NOTHING CAN STOP ME

I don't think you need library for grannies

not even to perform attacks?

It's just identifying and changing pixels

you don't need a lot of lines of codes to do that

Of course you need library to read the img and modify the tensor. I assumed you were talking library specific for attacks, in that case, I don't think that's neccessary

There are some that can be used for granny 3

Tho they dont seem necessary for 1 and 2

Thanks. I did exactly the process you mentioned. Even without any change, I can't get the same bytes. I guess it's because host provided JPG has a compression level, so re-save will cause loss to every pixel. So I am curious how people can be sure the exact pixel value change they applied?

the images provided by the host should be png (are you sure you're using the latest notebook?) and you can save to the byte stream with format="PNG"

right, the name is png, but it's actually jpg, 'exiftool timber_wolf.png' can tell it's a jpg

Oh I see that yeah, regardless opening it with PIL, saving to a stream, etc and then submitting to granny3 doesn't trigger a "more than one pixel changed" error so the correct values are being received by the server

buffered = io.BytesIO()
img.save(buffered, format="PNG")
input_data = base64.b64encode(buffered.getvalue()).decode()

def query(input_data):
    response = requests.post('http://granny-pixel.advml.com/score', json={'data': input_data})
    return response.json()

query(input_data)
``` like this?  it returns {'message': 'I see more than one pixel difference.'}. 🥵

Which challenges are still unsolved?

Weird, that exact code works for me locally - if you're using a Kaggle notebook I don't think you need to call decode()

Maybe your timber_wolf.png was overwiritten at some point

Thanks @severe pasture @gusty warren ! I tried on kaggle, the code above works as expected.

Any advice on pickle? ☹

are you referring to granny 3 I think

They are more or less the same, with different rescritcion. granny 3 would be "It's just identifying and changing one pixel"

be more dangerous 😏

As for me it is a very bad promt for task. Cause I've done more dangerous stuff, than required, before I got the Flag.

Is the flag for inversion meaningful? Or just a string. Even more, Is it in English?

Banging my head with RCE

@olive ledge did you have the chance to check hush server ? its slow .

Is 457 still not triggered in inversion?

According to “wohooo I solved it in eternity” everyone is just bruteforcing?

Hush server is really slowwww .... 😦 😦 ... I am wasting time

read the hint and do some research

I am giving up on hush tonight… very slow … Going to sleep

Well did a PhD on pickling. Still no luck

Inversion slow and giving timeouts...

Tbh I should do a ranking of how “helpful” the hints were for each

Pickle is probably one of the worst offenders, but dont think it would be fair if they gave hints this late into the ctf

pickle hint was the most helpful tf

just pick up keyboard and wave it

like a flag

It's a race to the bottom.

thanks moo

https://tenor.com/view/wink-eye-wink-gif-12352742718877841322

hello ... can anyone confirm if hush is slow ? or it's something from my side :/

😫 😫 it takes around 40 sec per request

yep

Hush In a world full of clamor, where noise does abound, There's a challenge that waits, where silence is crowned. Not for those who roar, or shout out so grand, But for those who speak softly, and softly they stand.
In whispers and murmurs, the secrets lie deep, While the boisterous might struggle, the muted shall leap. Loudness won't aid, in this quest you partake, It's the soft-spoken riddles that keep you awake.

So tread without noise, make not even a peep, For it's not the loud mountains, but the quiet valleys so deep.

Hush is unsolved I guess

No Hints, and even if someone can speak loud his/her thoughts ... it may lead you to wrong directions .... its just what we have on the notebook

@olive ledge @limber flower I know I ask much about this 😅 please wake up hush server 😄

😂😂😂

I meant

It's so🥲
I meant to say were there any hints in the discord chat that I could hunt for

I've already lost 2 weeks to pickle😂😂😂

This worries me
Like that day a guy was bashed for it

I don't think there is anything here on discord that you can't find out your self while playing around with hush

but the server is really slow ... makes it hard to even experiment anything :/

For discussion about gradient descent

😂😂

Does pickle needs bruteforcing?

actually no, but approaches should be tested

in my experience, all challenges can be solved via bruteforcing, but in practice intuition played a role in most of my solutions

mmh i don't agree, there is a bunch of challenges that cannot be brutforce

given limited competition (and probably universe) lifetime - yes 🙂

For anyone who solved inversion did u brute force values of 4,5,7 index characters?

Why would anyone who solved inversion answer your question ? Giving hints is against the rules.

Hello

https://tenor.com/view/sad-cat-gif-26527456

That's fair. Was just frustrated. 😭

hmm, so it seems I'm quit on wrong direction, since I even can't get any high prediction on index 2, 4, 5, 7, or maybe not

are you sure that you right predict 6?)

Not 100% sure but surely more than 4,5,7

I hate MNIST, it's so guessy, in every other CTF I wouldn't waste my time with it.

Yeah, I hate it too even if I solved it

i found mnist more than ok

me too, but I think it depends on how much time you spend on it. i still hate CIFAR 😄

yeah cifar is another league :p

for multiple reasons actually that i cannot mention here unfortunately even if I really want to aha

next year: simple counting challenge for Imagenet

or The Pile

i suggest a counting challenge on the weights of a pretrained mobilenetv2

not if you forget for a second how easy it was to solve for you personally and think about the path towards the solution.

Sure, it's super easy if you have the right intuition. But there's nothing guiding you there.
There is no process of gathering bits of information and putting them together to solve a riddle.
You don't get feedback from the challenge so you cannot reason about how right/wrong your approach is.
There is no (meaningful) hint to start with (the only 'hint' didn't help me at all and other people complained on here that they found it misleading.). The right solution has no inherent meaningfulness, which could help in finding it by looking at the dataset itself.
The only question is, can you guess the arbitrary metric the challenge author thought of, or not, then try again. And even if you finally manage to guess the right thing, you haven't learned a thing. That's just lazy design.

I really like the comp as a whole, so no disrespect towards the authors at all, just thinking about CTF challenge design.

i think there is more than enough information for mnist and proof is: all the people who tryied to compete successfully got the right answer. With a good methodology on that one, the search space is not that big

a challenge like inversion might give a lot of info, but if you dont see the trick, you are doomed to fail as much as for mnist

that it's easy to guess is no proof that there is enough information^^

and i can speak about it as i'm hurting a solid wall on inversion while it seems like all my mates from the prev 22 clubs managed to solve it :p

the only argument I see here that I can accept is, if guessing the right metric until the outcome matches the expectations is data science, then this is a good data science challenge, yes 😄

I stuck at guess who's back since 3 days and people say an easy one 🥹

https://tenor.com/view/again-guess-whos-back-again-eminem-rapper-hip-hop-gif-6224057

what I mean is that a challenge can give you a lot of information, but if you don't see the right trick, you might have the best methodology and best models, you'll never get the right answer.
Mnist is a bit like this, but unlike other challenge where you need to 1. see the trick 2. build a model around, for mnist, you just need to "see the thing", so its somehow even more simple than other challenges that gives you information :p

the search space is big, there are infinite ways you can count in depending on how you interpret the hint

for me, I interpereted the hint "incorrectly" which made me waste days of work for nothing

nah, if the connection between initial information and solution is obvious in hindsight, it's good information. even if It is super cryptic at first and you need 50 hours to understand it or to get the right idea, that's more a 'you'-problem then :p
And in the aftermath, you probably learned some technique / way to look at data / whatever (at least a little bit about how the author makes up hints), assuming that the initial bit of info is vaguely pointing at some inherent characteristic (otherwise it's hard to provide any hint at all).

On the other hand, you've got NOTHING, your only tool is guessing in the dark.
Even if it's easier and you solve it in a fraction of time, that's not fun (to me at least, and most people in the security CTF scene agree I'd dare to say)

I think some feedback like number of correct entries in array would make these challenges way less frustrating, while keeping them almost as complex

More easy to brutforce also unfortunately

I'm still with you 🥲 . Honestly at this point I refuse to look at inversion, I figure unless I solve 1-2 others there's no point really since I'm already out of gold range

brute forcing 500 random numbers is not possible even with this kind of feedback 🙂 and you can always make 10sec response time to avoid it

how much time did u spend on cifar and have you learnt somethingusefull from that?

learning something is not necessarly the sign of a well made challenge :p
I did not learn a lot of stuff doing "guess who is back", but i had a lot of fun doing it :p

tbh, I did learn (or at least I did practice) something while solving MNIST

im now guru in manipulating multi-dimensional numpy arrays 😄

i think i spend ~5-10 hours actually trying something and coding

it'd be great if just the hint was a bit more transparent, like saying "here's a one row out 256/100 that are needed"

that I agree

because resources you spent is proper for the reward you get

other, more complex tasks can be more rewarding because you learn something on the way, so more rewards for more resources spent

not as detailed as your proposition, but more meaningfull (people who solved mnist know what i talk about)

like honestly that would be 100% enough for cifar to become solvable because you enter a loop of "what could have a form of 'x,y,z,w'" and at least have some gradients in your brain from how logical that seems

well i think for cifar this is more or less known for people that worked on it the "form x,y,z,w"

what is less is a clue that could definitly indicate you are going toward the right direction

hints are cryptic and lead to vast search space, but when you find solution you understand that hint was actually ok

oh, i think i have a way to make cifar solveable, explain the solution to GPT-1 like it's a 5-year-old and ask questions from it

so less reasons to hate it

search space can be greatly reduced with my example, allowing you to go 'aha, the sequence "2, 4, 8, 16" may mean that or that or that and i have at least something to search for'

I'm 99% confident about the logic behind the input sample for cifar
i am 75% confident about the data shape
but yet, there is one piece missing

i think it would be reduced too much with your example

i think its like mnist, if you give slighty more you make the problem trivial to solve

imo what would be fun without trivializing is to make an answer something like 'find labels of digits in mnist that have a hole in them(4 has a hole and 5 does not)' and form a hint around that. you'll be actually interacting with the data provided and will be forced to do something with the data that is more complex that counting something somewhere

further more, the concept of 'counting' is so vague, that its impossible to be made interesting and complicated

imo*

either it's one of the first 5 guesses you come up with, or one of the last 4

personally i found bruteforce to be very useful for some problems

it helped guide me in the right direction

combined with a few educated guesses it turned out to be very useful

Is the waves keyboard clue really helpful for pickle?
Wanna bang my head with keyboard 🥲

what's the sota for granny3? no flag at 0.000831, I feel empty

i think that 0.000831 is the sota :p

at least its the highest value I see here, we are many people "stuck" at 0.0006927

oh, thanks, I start to doubt if maximize score is the right direction...

apparently you already managed to figure out something that many of us don't have, so you are probably in the right track

hopefully, but I feel the seach space kind of exhausted, so maybe optimization goal is wrong

Has cifar been solved?

maybe, but not by me (hopefully .. yet)

yes

pick up your keyboard and wave it around

how do you do when you have a laptop?

well no flag for you then

unless your laptop is modular

then unscrew keyboard and wave

so does it mean it is not one pixel, but doing in a way to pretend it was 1 🤨

after reading about 50 to 60 papers, there is more than what you all think. ask google, search widely

I think hush hates me ! ..... slow slow slow .... more than 24 hours and I didn't progress 2% of what I wanted to do :/

going against the grain and will say that the more I thought about it, the more I liked the MNIST hint 🙂

Still didn't get it even after solving🤔

Congrats @craggy beacon 😉

@craggy beacon which one did you solve (or 🤐 )?

not granny3

Passphrase?

🕵️ from the chat messages i think the last one was inversion & cifar solved before 🙂

Semantle - Level 2 --> done

Hello guys
Just want to know, does the tensorflow/pytorch version affect the model predictions/weights somehow? I mean big differences, not 0.00001 ones.
I just have some hard time replicating granny model.

maybe
though I hate inversion and it is a bit easier for native speakers

big differences are expected

^

Just when I thought I had MNIST, "try again"

I saw the same question in another compettion. My answer is no, it is probably something that you didn't match (default parameters, processing pipeline)

nah the organizers specifically said to expect large differences

This is the right answer

the problem itself doesn't say it must be one pixel. and the server could return "'I see more than one pixel difference.'" and "flag: {}" at the same time🧐

after kind of exhausted the 1-pixel search space, I start to consider "I see more than one pixel difference" is just a troll

even with regular preproc the results will be different

The many people that matched the model wouldn't agree, unless you are talking about granny 2

my point is that there is additional preprocessing happening beyond the standard resizing arrays and scaling values that needs to be contended with - the question earlier was asking if, when using the model normally, they should expect such large differences, which they should

wow another 24!

That should not have sense in my opinion

curious why?

If I remember well the "'I see more than one pixel difference.'" has a 400 status code, which means that the client made an error

I don't see the point of trolling us with that, it is not the spirit of the challenge 🙂

" there is additional preprocessing happening beyond the standard resizing arrays and scaling values that needs to be contended with", that's a strange statement from my perspective. But I am afraid I would be giving away too much information if we continue discussing this.

Host said that the intended solution is done without model copying

what does it mean model copying?

As in use the return values from the api to try to approximate whatever they have going on to have stuff that api does not give

That's true. But at the same time, the host also specified the exact model used in the prompt (presumbly to lower the difficulty) and it would be 1000x time faster if you can match the model

...if the matching won't take 10000x longer in total and will be precise enough

True, depends on one's search method, it can be faster either way.

I intended to solve it as black-box, but the api response time kind of forced me to change strategy

Its not so bad the api response time atm. With the current response time and the right method, the task is achievable in a descent time

@olive ledge does inversion contain only letters or it includes special characters and numbers too??

if you are still stuck at pass-phrase

did u find something usefull on CIFAR or Hush in the chat?

i just kept entering manual prompts and got WTF 6. I have no idea what kind of prompt injection or anything 😄

I wonder if others had the same experience? Was it the same of the other WTFs as well?

I haven't gotten 3, 4, 5

wtf are quite random

Rather enjoying chatting to WTF5. No clue how to solve.

Same here. I got WTF4 randomly now as well. But, can't get past WTF3 "I know you are, but what am I?" and also WTF5

I am getting {'s': 0.0} on cluster 1 and no flag...I guess the target was {'s': 1.0} then?

I wonder if there are some systematic prompt injections we can use for WTF

i suppose after the competition, the server will be stop. any chance that the server setup/file (e.g. score.py ,wsgi.py, docker setup etc) will be made public and available after the competition (for post usbmission, practice, etc)?

Last year they left the server up for a few days after the competition

i would suggest to keep the server for at least few weeks for those who want to show more experiments results in solution writeup, etc

wondering 22-hackers, what are you stuck on?

Inversion

My experiments on Hush failed .... big time ! ... currently I am clueless ! 😑

I felt like a real hacker after writing the prompt for witf3 which got me the flag.

"wondering 22-hackers, what are you stuck on?"
actually they are not stuck. it just that the remaning like granny3, inversion, passphrase takes more time to crack as these involves building some model to solve them

the search space are also large

"My experiments on Hush failed" ... hush server is too slow. and many of use are not so failiar with sound processing. amybe other probalem is a better bet

it takes time to find "more information", e.g. from experiment observation, etc

got 20+ sentence about passphrase......

passphrase is good

now you have 21+

lol, but 20+ sentences for "where everything is equivalent"...QAQ

in case you missed this, @unique hedge

Oh, thank you. Now passphrase become a secret sauce...

Did you solve it?

When I though I had CIFAR ..... and the output ... try again .... I should accept my current position and accept silver

same for me with granny and pixelated...I feel dumb every time I read this chat

its because people assume everyone already knows everything

try passphrase, at least we know it's solvable 🙂
but I'm starting to have a headache reading this promt for 1000th time...

proof?

this

and some messages above

I am .... for 10 days so far and still can't get it right ... but atleast it server is faster than hush hhhhh

not really a proof since for organizers everything is solveable, just that passphrase was solved by someone in discord

Do u think cifar is not solved?

New plan, stop all colab notebooks ... once I reach the house sleeeeeeep then start from scratch with passphrase and CIFAR ....

we don't have strong proofs from non-ogrs about CIFAR 🙂

I think CIFAR is solvable once you see what to do .... it will not most likely take time if you have the right direction ... and most likely was solved

I say "most likely" much ... AI AI AI

actually, it's the same for passphrase. when you know, you know

Yes same for passphrase .... there still 10 days so maybe we will see more 24 and 25 I guess ....

assumed this was a joke

I think the concensus is cifar has been solved by a few, not sure about the other 3 "big ones"

@gusty warren has solved passphrase , he mention it earlier

any hint for semantle 2

it is Semantle basically, but with 5 words 🙂

"any hint for semantle 2" : check google/youtube on how people solve semantle

if you can't solve it yourself, search for more information

is inversion server down? every 100th i get timeout! Even with time.sleep

which one, ouija board endpoint? or flag endpoint?

Flag endpoint is soo slow

thanks god chatgpt, I finally understand the story of pass phrase. Instead of asking gpt to translate, I asked it to do reading comprehension like toefl test. now it's crystal clear

@exotic flame why did you share the code for granny?

@exotic flame thanks for removing. Keep on CTF’ing 🙂

Awesome notebook too. Looking forward to reading through all of them post competition.

stuck there for almost 10 days...missed my opportunity 😦

while others, apparently, got it

@olive ledge can you please tell the situation on inversion Flags' endpoint performance? Looks like it is dying rn!

Checking…

anyways, it remains a mistery to me why Kaggle can't disable the notebook section for specific competitions

i saw the notebook, its intersting, but if you documented yourself a bit, you probably bumped to the same kind of stuff already 🙂

I've documented myself a lot, for sure, obviously without success. The fact that others saw that notebook and probably solved Granny frustrates me a little

i just saw it very briefly, but to me it was more focusing on grany3, and definitly not usefull to solve grany1/2 (not even 3 i would assume - but again, i passed through it very quickly)