Hey @everyone! In two days, corCTF 2022 will begin!

The competition has a prize pool worth USD $20,000 and features challenges catered to all skill levels. Test your skills in pwn, rev, web, and crypto! Come see if our misc and forensics challenges are guessy... 👀

You can find some sneak peeks of our awesome challenges on Twitter (https://twitter.com/cor_ctf/); many of these are even written by DiceCTF authors. Don't miss out!

Interested? Join our discord for updates, and register soon!
https://discord.com/invite/4e8zemZe3y
https://ctf.cor.team/

🎲 DiceCTF 2023 begins <t:1675458000:R>! We have $5,000 in prizes and lots of great challenges. Register your team now: https://ctf.dicega.ng

our email provider is currently down (https://status.postmarkapp.com/notices/yv2pvsngp9ds5y8a-service-issue-outbound-sending-is-delayed). for now, please register with ctftime

update: we've migrated to a new email provider. email delivery should be back to normal!

Hi @everyone! DiceCTF 2023 has begun!

FAQ:

Will there be more challenges?
Most of our challenges are out now—or will come out in the coming minutes. We reserve the right to release more challenges at the 12 hour mark, but nothing new (except a survey) will come out later.

I need to speak to an organizer!
Like last year, we have a ticketing system. Head to #create-ticket!

Will there be prizes?
Thanks to our sponsor @osec_io, we have a generous prize pool of $5000 USD this year. Of this, $1000 will be reserved for writeup prizes. The exact details of prize distribution is to be decided.

What is the welcome flag?
dice{2023}

We hope you enjoy this year's challenges. Good luck!

The team Leeisateam found a small unintended solution in web/gift, but very kindly agreed to let us re-release the challenge given they were the only solver. Please redownload any files, and good luck on the updated version!

A note about how to connect has been added to the description of misc/Pike

we've just moved the solana challenges (pwn/Baby Solana and pwn/OtterWorld) to the instancer. check the challenge descriptions for links to start your own instance

Hi everyone! We're experiencing some technical difficulties while deploying an additional pwn challenge. If the challenge does come out, it will be released by the 24 hour mark.

If you have any progress on the 4 unsolved pwn challenges (chess.rs, sice supervisor, disc-pwn, and zelda), please make a ticket. We're looking to release hints soon

web/impossible-xss: the URL regex bug in adminbot.js is unintended, but shouldn't affect the intended solution so no patch is being released (I just suck at regex)

Our final pwn challenge has just been released pwn/dicer-visor. Come and test out DiceGang's newest hypervisor based security solution!

If you have made progress on crypto/inversion, please open a ticket. We will release a hint soon.

pwn/chess.rs: An admin bot test script was uploaded to help make testing your solve locally easier.

@everyone hope everyone is having a time playing DiceCTF! Only 12 hours left to go and still 4 unsolved challenges, please hack harder! Our survey challenge at misc/survey will be released shortly, we would greatly appreciate your feedback!

for inversion, you can optimize the cost of HE matrix multiplication down to a single level

@everyone DiceCTF 2023 has come to an end! We hope you enjoyed the challenges and contest as much as we enjoyed hosting it. 🎉

Congratulations to our top 10 finishers; each team will get a prize sponsored by OtterSec (https://osec.io)!

🥇 1st place ($1500): thehackerscrew
🥈 2nd place ($1000): r3kapig
🥉 3rd place ($500): WaterPaddler
🎉 4th place ($300): Super Guesser
🎉 5th place ($200): Katzebin
🎉 6th-10th place ($100): Straw Hat, organizers, idek, More Smoked Leet Chicken, Hot Ice Americano

If you won a placement prize, please make sure your email on rCTF is correct. We'll be sending you an email to coordinate money transfers.

Writeup Prizes

In addition to placement prizes, we are offering $100 for the 10 best writeups; please submit your writeups here: https://forms.gle/1d7rWahzE8qy2iE66

Please submit your writeups in the next 2 weeks (until Feb 19). We will announce writeup winners shortly afterwards.

To allow everyone to find writeups easily, please only post writeups in #writeups . You can discuss writeups in other channels.

Here are some of our author writeups; this will be updated as we have more: https://hackmd.io/@defund-dicegang/rk3RO56hi

Thank You!

We'd like to send a big thanks to everyone for participating and we hope to see you in future DiceCTFs. It would not have been the same without all of you 🙂

We've submitted the scoreboard to CTFtime! https://ctftime.org/event/1838/

We've publicly released all challenges at https://github.com/dicegang/dicectf-2023-challenges

Writeup prize submissions close <t:1676894400:R>. Make sure to submit your DiceCTF 2023 writeups before then. The 10 best writeups will each win a $100 prize! https://forms.gle/1d7rWahzE8qy2iE66

Apologies for the long wait; here are the writeup winners for DiceCTF 2023! Choosing the winners was difficult, and we could only give ten prizes. Each of these writeup authors wins US$100!

• crypto/Provably Secure, crypto/Provably Secure 2, crypto/rSabin, crypto/BBBB: https://soon.haari.me/entry/DiceCTF-2023-Write-Up
• pwn/zelda: https://jonathankeller.net/ctf/zelda/
• pwn/Baby Solana, pwn/OtterWorld: https://gss1.tistory.com/entry/DiceCTF-2023-pwnBaby-Solana-OtterWorld
• web/jwtjail: https://irissec.xyz/articles/categories/web/2023-02-06/jwtjail
• misc/mlog: https://github.com/nikosChalk/ctf-writeups/blob/master/diceCTF23/misc/mlog/README.md
• web/codebox: https://oliviais.red/writeups/2023/dice/codebox/
• web/gift: https://jontay999.com/posts/dicectf-2023-gift
• rev/raspberry: https://github.com/DarkInfern010/WU_DICECTF_2023/blob/main/[EN]_WriteUp_raspberry.md
• pwn/chess.rs: https://ctftime.org/writeup/36214
• pwn/Sice Supervisor: https://github.com/dfyz/ctf-writeups/tree/master/dice-2023/sice

Thank you to everyone who participated in DiceCTF and authored writeups. See you again next year!

@everyone DiceCTF Quals begins in less than three days! Register to play here: https://ctf.dicega.ng/

DiceCTF Quals Prizes

• The top 3 teams in Quals will win $2000, $1000, and $500 respectively.
• $1000 will be allocated to writeup prizes (distribution TBA).

DiceCTF Finals

• Finals will take place June 29-30 in NYC.
• Teams of 4, no remote help allowed.
• The top 8 teams from Quals will be invited to compete in the open division.
• The junior division will consist of 4 teams: the first place US high school teams from Quals and 3 other pre-qualifying events: AmateursCTF, ångstromCTF, vsCTF.
• We will be providing 3 nights of accommodation (June 28 through July 1) to all finalists.
• We will be providing partial travel reimbursement. Players from the US and Canada will receive up to $400 per person, and players from elsewhere will receive up to $800 per person. Pending sponsorships, we may raise the reimbursement cap.

For more details, see our info sheet: https://dicega.ng/dicectf2024.pdf

@everyone
DiceCTF 2024 Quals has started! Good luck everyone!

misc/welcome flag: dice{flag!}

we're fixing some missing attachments, descriptions, and sorting for some challenges, give us a bit!

Release schedule
We are not planning to release new challenges (except the survey). However, we reserve the right to do so at the 12 hour mark.

the dicedicegoose download is only relevant for solving dicediceotter. we've removed the attachment for clarity.

Ticketing
We have a ticketing system at #create-ticket

The points values of inversion and iinversion have been updated to reflect that they are a two-part challenge series.

The !flag command has been added to bargebot

@everyone a minor change has been made to misc/zshfuck and the handout

Added some small missing files in the handout for pwn/boogie-woogie

(these files are not relevant to the solution, but are provided so you can run the docker)

we have banned a few ip addresses for excessive brute forcing! if you were affected, please create a ticket to be unbanned

a minor change has been made to web/safestlist and the handout

The points values of inversion and iinversion should be decaying - we'll fix this fixed!

@everyone A new pwn challenge, C(OOOO)RCPU, has been added

hello fellows, updates on pwn/boogie-woogie:

• please don't hammer our servers. it has gone down twice. although bruteforce is permitted (if you'd like), you definitely don't need 12 bits of it. we have added a very short pow (1 second). my solution uses ~1/128
• i strongly suggest working in the docker. the memory layout is slightly different from ubuntu:22.04, but nothing too major that would brick your solve

@everyone web/calculator-2 has been released. no more challenges are coming (except for the survey)!

There seems to be some network issue with crypto/dicenet. We're looking at it fixed!

The description for rev/dicequest has been updated to clarify the flag format

Also, to clarify the goal for crypto/dicenet: There is a bug in the construction described in the papers, which is implemented by swanky. You do not need to comb through the library's code to find the bug. Read the papers!

The description for rev/scrambled-up has been updated:

Note: Run the challenge inside a ubuntu:22.04 docker container if you run into libc issues or crashes inside libc during startup.

We've updated the download for rev/three so it no longer requires patchelf/interpreter tricks to run

Announcement for floordrop: We've discovered that the open source Blockscout block explorer can sometimes display incorrect reasons for contract execution failure, which can cause frustration when debugging your contracts. The RPC should always be used as the source of truth; the block explorer is only provided for convenience.

If anyone is looking at dicenet please open a ticket or dm me. Just want to get an idea of what progress is like

If anyone is looking at dicediceotter please open a ticket or dm me. Just want to get an idea of what progress is like (and see if I need to release a hint)

@everyone the uploads for dicediceotter have been modified to include the original solana program (with symbols) corresponding to https://ddg.mc.ax/prog.js.

pwn/baby-talk timeout has been increased to 60 seconds

@everyone hint for dicenet: What happens when you use a composite modulus?

@everyone survey challenge is out! This challenge will not change tiebreakers, so there's no rush to solve it. Written feedback is very much appreciated

@everyone DiceCTF Quals 2024 has come to an end!

Top placements
Congratulations to the top three teams in the open division, who will each be receiving a cash prize!
🥇 Blue Water ($2000)
🥈 organizers ($1000)
🥉 P1G SEKAI ($500)
In addition to the top three, we will be inviting the next five teams to DiceCTF Finals!
🏅 idek
🏅 *0xA
🏅 thehackerscrew
🏅 Maple Bacon
🏅 BunkyoWesterns
Finally, congratulations to the first place team in the junior divison, who will also be invited to DiceCTF Finals!
🥇 View Source
We will be in touch with all of you soon!

Writeup prizes
We are pleased to offer $100 prizes for the ten best challenge writeups. Please submit your writeups here: https://forms.gle/NLW7hL4sCo3BftC69
You have two weeks (until Feb 19) to submit writeups, and we will announce the winners shortly afterwards. In the mean time, feel free to post writeups in #writeups. Please keep discussion in the other channels.

Thank you!
A big thanks to our sponsors: OtterSec, Trail of Bits, HackingForSoju, Cure53, Osmosis. It's thanks to them that we can offer prizes and organize DiceCTF Finals.

And finally, thank you for competing in DiceCTF Quals! We hope you had as much fun solving the challenges as we had writing them. See you in future DiceCTFs! 🎲

We have published the scoreboard on CTFtime! https://ctftime.org/event/2217/

We have released all challenges at https://github.com/dicegang/dicectf-quals-2024-challenges

The DiceCTF Quals 2024 writeup competition ends tomorrow! We will be awarding $100 prizes to the 10 best writeups. Make sure to submit your writeups at https://forms.gle/NLW7hL4sCo3BftC69

Here's the writeup winners for DiceCTF 2024 Quals! Each of the authors wins $100. Thank you to everyone for participating.

• https://surg.dev/dice24q/
• https://jacobnewman.ca/ctf/dice24/
• https://ur4ndom.dev/posts/2024-02-11-dicectf-quals-diligent-auditor/
• https://maplebacon.org/2024/02/dicectf2024-irs/
• https://hodl.page/entry/DiceCTF-2024-Quals-floordropblockchain
• https://blog.huli.tw/2024/02/12/en/dicectf-2024-writeup/
• https://7rocky.github.io/en/ctf/other/dicectf/
• https://heinen.dev/dicectf-quals-2024/boogie-woogie/
• https://gist.github.com/Fasnon/2dc75e531f20b2215ed7a29d67bd662c
• https://learn-cyber.net/writeup/Calculator

We will be emailing to each author to send prizes.

Hey @everyone! corCTF 2024 begins <t:1722038400:R>, with a prize pool worth US$4,000. First place is also prequalified to DiceCTF Finals 2025!

Register now and join our Discord for updates:
https://discord.com/invite/4e8zemZe3y
https://ctf.cor.team/

Hey @everyone! Looking for something to do the weekend before DiceCTF? LA CTF 2025 is happening <t:1738987251:R>, with over $1000 in prizes, and first place in the open division will be prequalified for DiceCTF Finals 2025!

Register now!
https://platform.lac.tf
https://discord.com/invite/uZM6vxqHDq

Hi @everyone, we're pushing DiceCTF 2025 Quals back to March 28-30: https://x.com/dicegangctf/status/1889180986694398209

@everyone DiceCTF Quals is this weekend: <t:1743195600:F>! Register to play here: https://ctf.dicega.ng/

Prizes

• $2000 will be allocated to writeup prizes (distribution TBA).

Qualification rules

• The top 5 open teams and the top 8 academic (U.S full-time undergraduate) teams will be joining the 3 prequalified teams (.;,;. , idek, and Squid Proxy Lovers) at DiceCTF Finals.
• As a reminder: if you have already played with a prequalified team, then you are ineligible to play for a team seeking to qualify in DiceCTF Quals. Whether or not you attend DiceCTF Finals does not matter.
  We will be announcing more information about DiceCTF Finals soon. Stay tuned!

@everyone DiceCTF Quals is just about to start! A big thanks to our sponsors: Margin Research, OtterSec, Zellic.

FAQ:

Will there be more challenges?
The vast majority of our challenges will be out at the start of the CTF. We reserve the right to release a few additional challenges up to the 12 hour mark, but nothing new will come out later. The one exception is the survey challenge, which will not affect tiebreakers.

How do I speak to an organizer?
Like last year, we have a ticketing system. Head to ⁠#create-ticket!

What is the welcome flag?
dice{2025}

@everyone Heya 👋 ! We hope you're enjoying DiceCTF so far. A quick announcement - if you are playing in a team consisting entirely of US undergraduate students, make sure to change your team's division to junior!

misc/diceon is not working right now, we're working on fixing it

misc/diceon should be back up, let us know if you have any issues!

for web/dicepass, both FLAG and FLAG_WEBSITE are meant to be secret.

@everyone we've released code formisc/diceon so you can test locally (will need an OPENAI_API_KEY):

• diceon.tar.gz: https://static.dicega.ng/uploads/7bbf79f368185715736cc481700f38920b31eb6bba57271936d2c6832793d730/diceon-dist.tar.gz

@everyone misc/diceon is now using an instancer model (https://instancer.dicec.tf/challenge/diceon) this should help clear up congestion

@everyone NEW CHALLENGE rev/nonograms

@everyone Wondering why all the pwn seems to be impossible today? That's because I overslept 💀

If you're ready to take a break from playing the oboe or debugalying locked rooms, then put on your snow shoes and take a relaxing trip to the slopes of Canada for the grand reopening of r2uwu2s-resort! (note: resort may be haunted)

@everyone new challenge: pwn/bassoon

web/bad-chess-challenge we increased the replica count, if your solution was previously too slow, consider trying again

@everyone web-src.zip in misc/convenience-store has been updated to remove some temporary directories (__pycache__ and instance/) which were never intended to be relevant to the challenge. No other files were changed. Please use the updated files going forward.

@everyone If you are working on an unsolved challenge (pwn/bassoon, misc/convenience-store, rev/bcu-translation), please open a ticket to tell us about your progress. We'll use this information to decide whether to release hints.

@everyone hint for pwn/bassoon: What is causing the noise in the thread heap? Are there any tcache entries that are consistently contiguous across runs?

@everyone survey challenge is out! This challenge will not affect tiebreaker scoring, so there's no rush to solve it. Written feedback is very much appreciated.

@everyone There's just under 1 hour left of DiceCTF! As a final reminder, if you are a US undergraduate team remember to update your division on the platform - as we're using this to contact teams for DiceCTF finals.

@everyone DiceCTF 2025 Quals are now over! Congratulations to the top teams in each division!

Open Division
🥇 justCatTheFish
🥈 bingus
🥉 Zer0RocketWrecks
US Undergraduate Division
🥇 b01lers
🥈 cts fan club
🥉 PBR | UCLA

We'll be in touch with the top 5 Open Division and top 8 US Undergraduate Division teams to give more details about DiceCTF Finals and verify academic eligibility for undergraduate teams.

Additionally, we're pleased to announce our writeup competition - where $200 prizes will be offered to each of the 10 best writeups. To enter, submit a link to your writeup on the form here: https://forms.gle/UfmMvhLiS7F8kyQ2A

Writeup submission is open until April 20th, and we'll announce winners shortly afterwards. In the mean time, you can post writeups in https://discord.com/channels/805956008665022475/808122408019165204

Next, a big thank you to our sponsors Margin Research, Zellic, and OtterSec. With their support, we're able to offer prizes and organize DiceCTF Finals.

Finally, thank you for taking part in DiceCTF! We hope you enjoyed competing and were able to learn a thing or two. See you next year! 🎲

An earlier version of the above announcement listed the top teams we are inviting to DiceCTF Finals. Since we are still in process of verifying eligibility, this is not confirmed and may be subject to change. Apologies for the confusion

We will be uploading the scoreboard to CTFtime 24 hours from now. Last chance to change your team name!

The scoreboard has been uploaded to CTFTime! https://ctftime.org/event/2617

Hey @everyone! For anyone who's made a DiceCTF writeup, remember to submit your writeup to the form here: https://forms.gle/UfmMvhLiS7F8kyQ2A to be in with a chance of winning 1 of 10 $200 prizes. If you haven't started a writeup yet - go for it, we'll be keeping the platform up until April 20th, when the writeup competition ends.

we've released all challenges at https://github.com/dicegang/dicectf-quals-2025-challenges

@everyone Here's the writeup winners for DiceCTF 2025 Quals! Each writeup author winner wins $200 - thank you to everyone who submitted a writeup.

• https://7rocky.github.io/en/ctf/other/dicectf/oboe/
• https://hxuu.github.io/blog/ctf/dice25/cookie-recipes-v3/
• https://adragos.ro/dice-ctf-2025-quals/#websafestnote
• https://sashactf.gitbook.io/pwn-notes/dicectf-2025/locked-room
• https://sashactf.gitbook.io/pwn-notes/dicectf-2025/r2uwu2s-resort
• https://pawnlord.github.io/Write-Ups/Dice CTF.html
• https://xia0.sh/blog/rokkenjima/last-note-of-the-golden-witch
• https://cyber-man.pl/DiceCTF-Quals-2025-diceon-misc
• https://eddwastaken.github.io/posts/dicectf-2025-quals-golden-bridge/

@everyone Registration is open!

https://ctf.dicega.ng/

As a reminder of category eligibility:

• Open is for anyone 😃
• US/Canada division is for teams where all players in qualifiers and finals are citizens of, permanent residents in, or students in the US or Canada

Hey @everyone , we've made a change to the wording of the eligibility of the US and Canada division.

Full details are in #rules , but teams eligible for the US and Canada division can now have permanent residents and students studying in the US or Canada, in addition to citizens of both of these countries.

@everyone DiceCTF 2026 Quals has started!

Thanks to our sponsors Margin Research, Zellic, and OtterSec!

FAQ

Will there be more challenges?
The vast majority of our challenges will be out at the start of the CTF. We reserve the right to release a few additional challenges up to the 6 hour mark (that's at <t:1772924413:t>), but nothing new will come out later. The one exception is the survey challenge (which will release at the 12 hour mark), which will not affect tiebreakers.

How do I speak to an organizer?
We have a ticket system in https://discord.com/channels/805956008665022475/936865676507889685

Finally, we're happy to announce pwn/cornelslop has a $150 bounty!

NOTE: DiceCTF is 24 hours this year

@everyone pwn/bytecrusher has been updated to fix a few weird i/o funnies and the handout has been corrected. Please download the new handout with the updated code and binary.

Good luck teams!

@everyone New challenge released: rev/another-onion. Happy peeling!

@everyone The handout and description for misc/good-vibes has been updated to fix a broken part of the challenge.

Also, new challenge released: web/mirror-temple , enjoy 🪞

We have updated most of our shared tcp challenges to serve pow because someone is actively hammering all of our instances

@everyone crypto/carry-the-flamehas been updated to reduce the number of rounds

@everyone oops i underslept 💤 web/mirror-temple-b-side is out and ready to play some jazz 🎷

@everyone for pwn/cornelslop, there was a hash mismatch between bzImage and the vmlinux, so we've updated the files to match the vmlinux. This should not affect the solve.

@everyone sanity/survey has been released

@everyone DiceCTF 2026 Quals are now over! Congratulations to the top teams in each division!

Open Division
🥇 BunkyoWesterns
🥈 bingus
🥉 TRX
US / Canada Division
🥇 .;,;.
🥈 b01lers
🥉 ,;,;,

We'll be in touch with the top 8 Open Division and top 4 US / Canada Division teams to give more details about DiceCTF Finals and verify eligibility for US / Canada Division teams.

Next, a big thank you to our sponsors Margin Research, Zellic, and OtterSec. With their support, we're able to offer prizes and organize DiceCTF Finals.

Finally, thank you for taking part in DiceCTF! We hope you enjoyed solving our challenges. We encourage you to post your writeups in https://discord.com/channels/805956008665022475/808122408019165204. See you around 🎲

We're keeping the CTF platform up for the next week. Once challenges go down, we'll release the challenges on GitHub 🫡

@everyone final ping (sorry!)

In the next 48 hours, please make sure that:

• Your team names are as you want them on CTFtime
• You have selected the correct division
• If you are in the top 8 open teams, or the top 4 US/Canada teams, that an email is linked to your account on https://ctf.dicega.ng/

There is a $50 prize for the best writeup on the crypto/plane-or-exchange challenge.

Rules: No AI usage in solving the challenge, nor in producing the writeup. 😃

The scoreboard for DiceCTF 2026 Quals has been uploaded to CTFtime - thanks for playing!

Congrats to @stuck iron from P1G SEKAI for winning the crypto/plane-or-exchange writeup bounty for the submission https://test.mard.kr/blog/dicegang/

@everyone
🎲 Welcome to DiceCTF 2021! 🎲

We hope you enjoy the challenges we've prepared for this competition! The contest will begin very soon and here are some important announcements.

Challenge release:
There will be challenge releases at +12 hours and +24 hours. We will not release any challenge that will impact scoring less than 24 hours before the end of the CTF. The only category that will be different is quantum. After each challenge is solved, we will release the next challenge in the series of 3.

Questions:
Each challenge will have the author listed. If you have a question, please DM the author of the challenge.

Discord flag:
dice{gang}

Less than 1 minute! 👀

Get ready to blood sanity check!

The CTF started gogogogogogo!

Also a reminder that challenges are not ordered by difficulty, so look at all the challenges before bashing your head against one, and you might just get a blood!

We are working on getting remote up and running for lost in your eyes

Clarification: no challenges will be released less than 24 hours before the end of the CTF, except for survey (which will not be used for tiebreaks)

Lost in Your Eyes now has a working remote at nc dicec.tf 31578!

Adult CSP has the mojo bindings uploaded now

Hashbrown has source code released to make the rev + exploitation process easier

If anyone has questions about how to get the TI-1337 Plus CE environment setup locally, ping or DM me.

It should be as simple as docker build . -t ti1337plusce and docker run -p 1337:1337 ti1337plusce, then nc localhost 1337 in another window

Reminder about rule 2:

Do not ask for help from competing teams.

TI-1337 Plus CE now has local run commands at the top of the Dockerfile since I got a couple more questions about it. Functionally, everything is the same.

Hint has been released for quantum 1

Just out of curiosity, for those who are working on hashbrown dm me with their progress so us organizers can decide about hints for later (if necessary)?

admins will be offline for approx. 1.5 hrs (until the next batch of challenges at 12:00 UTC) 💤

New challenges in 5 minutes 👀

The challenges should be up!

Get blooding! 🩸

4 challenges released: a crypto, a web, and 2 rev

As per the rules, Quantum 2 has been released

Updates for newcrypt v2: The previous challenge script did not properly represent the provided output. The script has been updated and the output has been freshly generated. Note that our reference solution works on both outputs. Apologies for the inconvenience

If your team has made progress on TI-1337 Plus CE, message me with what you have. Trying to figure out what hints to give, if any 🙂

The timeout for Sice Sice Baby has been increased (30 seconds -> 90 seconds)

Due to solve counts for Quantum 1 and 2, we've decided not to release Quantum 3 at this time

Congrats to Corrupted Pwnis for solving ti1337plusce!! 🎉

No hints then 🙂

also can you dm me your sol, im curious

Congrats once again to rpisec for blooding hashbrown 🙂 . Can you dm me your solver when you have time, interested in seeing your approach

Hey guys this is a reminder that, despite the word "guess" being in the name, you should not fuzz or perform any kind of automated scanning on the remote server of Guess the Vuln or any challenge 🙂

It won't help you and it makes us angery 😠

@everyone
We have reached the 24 hour mark! These challenges are being released:

Crypto: signature sheep scheming signature schemes
Pwn: sourceless rust wasm pwn
Rev: lambda
Web: Build a Better Panel, Watermark as a Service

This is the last batch of challenges (except for survey). Good luck everyone!

Looking forward to the sourceless rust wasm pwn blood

signature sheep scheming signature schemes was missing a remote; it is now accessible at nc dicec.tf 31614

Adult CSP now has a poc.html as an example for how to use the mojo bindings

We updated Watermark as a Service to improve stability. Challenge vulnerabilities should not be affected.

if someone on r00timentary reads this, i'd like to hear about your ti1337plusce solve 😄

(dm me) (nvm found your solve but feel free to still dm if you want)

@everyone
There are just four hours left!

We have just released a survey challenge, you can also find the survey at https://forms.gle/5NBtpPQHfzJrgyZT8 .

Every comment will be looked at and will help us improve future iterations of DiceCTF. We appreciate all the feedback and good luck in the final hours of CTF!

@everyone if you found a solution for rev/procedural that turns the dice green and has all the pips filled in but doesn't give you an ascii flag, pm me and I may give you credit for it

@everyone
DiceCTF 2021 has come to an end! We hope you enjoyed the challenges and contest as much as we enjoyed hosting it.

Congratulations to our top 3 finishers, each team will get a prize sponsored by TrailOfBits!

🥇 1st place ($250): More Smoked Leet Chicken
🥈 2nd place ($150): zer0pts
🥉 3rd place ($100): 0ops

A big thanks to everyone for participating and we hope to see you in future iterations of DiceCTF.

For teams in the top 3, we will be sending out an email with prize info so please make sure the email on the platform is correct.

There will be a writeups channel but we are requesting that you ONLY post writeups, to discuss or ask for writeups please use a different channel

https://twitter.com/dicegangctf/status/1358626895076544512

For anyone who still wants to try hashbrown, remote has moved to dicec.tf:31691. hashbrown.dicec.tf will soon stop working!

Our challenge repository has been published at https://github.com/dicegang/dicectf-2021-challs

From @crisp salmon:

ångstromCTF 2021 starts this Friday! There will be challenges for all skill levels, so you can have fun and learn something new whether you're a complete beginner or a CTF veteran. There are prizes for the top high school teams thanks to our generous sponsors, Trail of Bits and Amazon Web Services (and everyone gets plenty of CTFtime points, if that's your thing). The competition runs from April 2 to April 7 at 8 PM EDT. Sign up now at https://angstromctf.com/ and join our discord: https://discord.com/invite/Dduuscw

get ready for another mind bending pyjail 🙂

@everyone
🎲 **Welcome to DiceCTF 2022! **🎲

We have some awesome challenges lined up for this year and hope everyone has a great time solving them! The contest will begin very soon and here are some important announcements.

Challenge release:
There will be additional challenge releases at +6 hours, +12 hours and we may release more challenges at +24 hours but it is not guaranteed. The only challenge that will be released after this is the survey which will not affect scoring (even ties). As a reminder, the challenges are not ordered by difficulty initially so we recommend looking at all the challenges first, you might even get a fabled first blood!

Questions:
We have a new ticket system this year! If you have a question head over to #create-a-ticket, choose the appropriate category, and we will get back to you asap.

Prizes:
Thanks to our sponsor @dfsec_com, we have a generous prize pool of $5000 this year. The prize distribution will be as follows:
1st place: 1500
2nd place: 1000
3rd place: 500
$200 for remaining top 10
3 x $200 writeup prizes

Discord flag:
dice{sice}

misc/undefined is missing a netcat server in the description. will be updated shortly

rev/dicecraft and pwn/nightmare have been released, apologies for the delay

crypto/psych is temporarily disabled, no solves will count until it is patched

misc/undefined has been updated to have a remote

web/carrot - link to admin bot has been added and the instancer has been slightly modified, no source code was changed but you should redeploy any instances of the challenge

crypto/psych is re-enabled with a fresh flag, flag.enc, and pk.bin. sk.bin is no longer included :P

please do not dirbust the challenges, all of the challenges have all the source code that you need to solve them, it just ruins the experience for other players

web/knock-knock now provides a dockerfile for those struggling with node versions

pwn/nightmare contains the hash for the dockerfile in the readme

rev/dicecraft: fixed a UI bug with screen resizing on windows 10, (only the dicecraft_win10.exe binary is updated), old sha256: f60efb517891b067063e42d0125f1b9c4d787f8260c89d060c123e769f5238ec, new sha256: 19319c83ef89abe7ac6e3a9fd17d9eb1e465fec2ef4d403957824d86f51b0272

rev/taxes: IRS boomers don't understand fancy computers, logical AND should be bitwise AND

rev/taxes: IRS boomers strike again: DG7 line 1 should be "Field A" and line 2 should be "Field B" (this is updated now)

rev/taxes: updated DG4-C line 4: DG6 result should come from line 1931 not 80

rev/taxes: numbers have no bound with pen and paper 🙂

@everyone
Congrats on making it 6 hours in! We are releasing the following challenges:

Pwn: road-to-failure, containment
Rev: breach
Web: no-cookies, vm-calc

If you like road-to-failure be sure to check out @dfsec_com; they do some awesome work in the same genre of the challenge :) One fun fact: there are currently 395 solves!

rev/taxes: the challenge author is currently offline, so if you think there are typos we won't be able to immediately address it

pwn/containment: description updated to include netcat server

Unfortunately we will be delaying challenge release for 30 minutes. In the meantime here are some cool stats.

So far we have received:
5.65 million http requests
16 GB of network traffic
3,080 flag submissions attempted

Sorry about the delay, we are working on pushing challenges out asap

@everyone
Thanks everyone for your patience as we ironed out some infra difficulties! As we are now +12(+2) hours into the contest we are releasing the second set of challenges:

Crypto: commitment-issues
Rev: typed
Pwn: chutes-and-ladders, memory hole
Web: denoblog, dicevault
Misc: cache-on-the-side

web/no-cookies: challenge updated to include full source code, run it locally if you're having trouble launching an instance!

rev/taxes: DG4-C line 71 should be 65690080073678263635457643030517215415 (pdf update in progress), DG6 is correct

crypto/pysch: remote server should be significantly upgraded now. please dm if queries are taking you > 15 seconds. The reference solution (probabilistically) performs < 500 queries.

rev/taxes: updated DG4-D/DG7 (100% solvability guarantee this time, pinky promise)

pwn/nightmare: Hint! ||Partial RELRO? That sounds like a really complex surface...||

@everyone
We are already +24 (+1 sorry for delay 😭 ) hours into the contest! As promised here is our final set of challenges (besides the survey):

Crypto: correlated
Rev: cable-management
Web: flare
Misc: 5dfs, Vinegar 🥒

Good luck for the final stretch! There are still a lot of unsolved challenges and we are looking forward to seeing those first bloods. 🥳

web/shadow hint: || non-standard css properties might help you ||

pwn/nightmare: Hint 2! ||What happens if _Exit doesnt exit?||

rev/taxes: Half an hour ago, we released a new version of DG4-D which fixed a bug. Prior to this, teams that solved the challenge realized what the intended behavior was.

@everyone
We are now +36 hours into the contest! Only 12 hours left! misc/survey is now available to provide feedback on the CTF. There are also still 4 unblooded challenges. Good luck!

There looks to be some confusion about dynamic scoring so hopefully this can clear up how it works:

• challenges start at 500 points and can go down to 100 points depending on solve count
• the score is based on the number of teams that solve the challenge (more solves, lower score)
• no matter when a team solves the challenge, they will receive the same number of points as all others who solve the challenge
  • i.e you solved it when it said 430 and at ctf end it is 200 points then you would receive 200 points at the end
  • this explains why the graph has times where the line is downwards
• overall ties are broken by the team who submits their last flag earlier

@everyone A couple of updates:
pwn/memory hole: There was an issue with a patch file distributed. We've updated the download with the correct patch

pwn/chutes-and-ladders: We've increased the time out on the server to 3 minutes

web/shadow hint 2: || it sure would be nice if the user could modify stuff inside the shadow dom ||

@everyone Just under 1 hour left! Best of luck getting your exploits working and we are looking forward to watching the scoreboard shifts :)

@everyone
DiceCTF 2022 has come to an end! We hope you enjoyed the challenges and contest as much as we enjoyed hosting it. 🎉

Congratulations to our top 3 finishers, each team will get a prize sponsored by Dataflow Security (@dfsec_com)!

🥇 1st place ($1500): organizers
🥈 2nd place ($1000): Never Stop Exploiting
🥉 3rd place ($500): More Smoked Leet Chicken

Additional Prizes

All other teams in the top 10 will receive $200!

In addition to placement prizes, we are offering $200 for the 3 best writeups, be sure to submit your writeups here: https://forms.gle/xsa8WtYirVMqWc8M8

Unsolved Challenges

We also still have some unsolved but really awesome challenges, pwn/nightmare, pwn/road-to-failure, web/shadow. It would be awesome to see these challenges solved and to incentivize this we are offering $50 for the first solver of each challenge. Our current plan is to leave web/shadow running for 24 hours before releasing writeups and pwn/nightmare running for 1 week before releasing writeups. These timings are not finalized and may be changed. Additionally for pwn/nightmare we are offering a "really cool custom physical prize". If you believe you have solved the challenges, DM the chall author or create a ticket and we will get back to you!

Writeups

For writeups we are following a similar policy to the previous year and requesting that you only post your writeup in #writeups. Please discuss the writeups and challenges in other channels to keep the writeups channel clean.

Here are some of our author writeups, this will be updated as we have more: https://hackmd.io/fmdfFQ2iS6yoVpbR3KCiqQ

Thank You!

A big thanks to everyone for participating and we hope to see you in future iterations of DiceCTF. It would not have been the same without all of you :)

For all teams who will receive prizes, we will be sending out an email with prize info so please make sure the email on the platform is correct.

The bounty for web/shadow has been claimed!

The scoreboard has been submitted to CTFtime! https://ctftime.org/event/1541/

A reminder to submit writeups here: https://forms.gle/xsa8WtYirVMqWc8M8 to be considered for the writeup prizes

pwn/nightmare: hint 3 for the people who asked about stack pivoting and are doing the bounty setcontext

Writeup submission will be closed on 2/14 21:00 UTC (~23 hours from now).

Late update: the bounty for pwn/road-to-failure was claimed on 2/9 and the bounty for pwn/nightmare has expired. The author's writeup for pwn/nightmare is available here: https://hackmd.io/@pepsipu/ry-SK44pt

We've publicly released all challenges at https://github.com/dicegang/dicectf-2022-challenges

We've chosen the writeup prize winners! Each writeup author wins US$200.

• rev/breach by ReDucTor: https://github.com/ReDucTor/dice-ctf-2022-breach-writeup/
• pwn/memory-hole by kylebot: https://blog.kylebot.net/2022/02/06/DiceCTF-2022-memory-hole/
• crypto/commitment-issues by Jack: https://org.anize.rs/dicectf-2022/crypto/commitment_issues

Thank you to everyone who participated in DiceCTF and authored writeups. See you again next year!