BFS Ekoparty 2018 Exploitation Challenge: Stop the Capital Flight

Win entry tickets to Ekoparty as well as an invitation to the official speaker dinner by stopping capital flight and solving the Argentinean currency crisis!

Introduction

Ekoparty is here and we are back at it again! This year we will be giving out 5 entrance tickets to the conference as well as 7 invites to the speaker dinner but most importantly you get to solve the currency crisis in Argentina all by yourself!

The Scenario

After it became known that hackers at last years Ekoparty solved the country's voting machine problems, the president and his advisors decided after pretty much trying everything else, to solve the currency crisis by asking the Ekoparty community to intervine in BCRA and stop the capital flight. Some hackers have already extracted an important binary and posted it on twitter. Many believe, that exploiting this binary will stop the country from defaulting. However, you must act quickly, the reserves are running out!

BCRA reserves

The Rules

  1. Disable the money countdown to stop the collapse of the banking system. When this goal is reached, the string "The capital flight has stopped :)" should be automatically printed by the system.
  2. Pop calc.exe or notepad.exe in order to ensure the system is fully under your control. Be careful, process continuation is key to ensure all systems continue to function properly.
  3. Your exploit must work in the 64-bit version of Windows 7, 8 or 10. Bonus points and free whiskey will be provided if it works in all of them :-)
  4. Solutions will be accepted in Python (most recommendable), C or C++
  5. If you succeed in stopping the countdown you will get a free entry ticket to the Ekoparty conference.
  6. If you succeed in both stopping the countdown and popping calc.exe or notepad.exe, you will additionally get invites to the speakers dinner and an opportunity to join the BFS team!
  7. We can only give out a total of 5 tickets to the conference and 7 tickets to the speakers dinner so first come first serve.
  8. Solutions should be sent to research@bluefrostsecurity.de and your full name needs to be provided in order to claim a free ticket.

You can download the application here

May the force be with you and see you all at Ekoparty!