Intro

Solve puzzles and hacking challenges to find the keys and escape the simulated universe and listen to some cool music at the same time!

Contest

The Mammoth mini-CTF is a music themed mini-CTF that is mostly self-contained in an .mp3 file which will be posted in the github repository when the contest starts. To listen to the song check it out on soundcloud.

This mini-CTF is jeopardy style with 10 challenges. The challenges are puzzle based and generally involve music related themes. They involve a wide variety of things like steganography and hiding/encoding data in various music/audio formats, a basic encryption challenge, a couple networking related challenges and even a challenge involving chatting with an AI over the phone to convince it to give you the key! No software or binary exploitation skills are required, but some challenges are significantly easier to solve with coding/scripting.

The contest will start at 2023-08-05 00:00 UTC (2023-08-04 17:00 PT) run for just over a week until 2023-08-14 00:00 UTC (2023-08-13 17:00 PT).

To register a user click here!!

Background

Help us escape this simulated universe!! We’ve just discovered that our Project Mammoth counterparts from an adjacent universe have found a way to break out of their universe and they’ve provided us with some clues to help us escape ours as well! You can help by solving these challenges to find the keys to escape.

Key Formats and submitting results

• Keys are in the format of {MammothCTF}<16 hex nibbles> (e.g. {MammothCTF}ab12cd34ef56gh78) and are case insensitive.
• Almost all keys will have the {MammothCTF} prefix when found in game, but any that do not will be clearly marked in the challenge description.
• Keys should be submissible with or without the '{MammothCTF}' prefix
• If you have some kind of code that does not fit this format (hint: Universe Traveller), then it must be used for something else in the challenge.
• Key submission will be done via the CTF contest page and requires creating an account for the site (details to follow shortly).
• Teams can share an account if desired.
• Winners with correct answers will be chosen with the earliest submission time (although the scoreboard only be tracking the highest scores).

Prizes and Such

• The first 5 winners of the competition version will be announced on twitter.
• A live scoreboard will be posted when the contest starts.
• Prizes include a Mammoth CTF T-shirt and bragging rights! :)
• Please don’t release keys publically, at least until the contest is over.
• After the CTF is over, write-ups are very welcome!

Help

If you’re stuck on a challenge and would like a hint, there are hints listed with each challenge on the scoreboard site. If you're still really stuck, tag us or DM @prjctmammoth on Twitter, or alternatively email us at prjctmammoth [at] gmail.com -- We want everyone with an interest at all skill levels to have fun, so we're happy to help! Responses are best effort since we’ll also be attending Defcon :).

About the song

This year's theme for the song is "The sound of an exploit". It is our take on the sound of a software exploit with sounds generated by tracing vulnerable software as it is exploited by a buffer overflow.

The official contest version of the song file can be found in the github repository after the contest starts. You can also listen to the song on soundcloud, but note that only the official .mp3 has the CTF contest data encoded in it.

Note: The contest mp3 file is benign and does not contain any exploits or malicious payloads. Other than having some extra metadata embedded in it, it's a normal mp3 file and safe to open. We'll update here with a VirusTotal Scan link for reference when the contest starts.

Notes

• The hints are not in the .mp3 file and are only available on contest page with a registered user.
• The video links in the notes sections of the challenges are sometimes hints, but sometimes just for fun :).
• Keep an eye on the notifications on https://mammoth.ctfd.io/ and our twitter https://twitter.com/prjctmammoth for updates.

Requirements

• Two of the challenges are played over a phone line and currently require the player to be able to call a US telephone number. We are working on getting some kind of SIP connection or other free access to it but unfortunately may not have that ready by game time (sorry about that!).
• One challenge requires a NES emulator with "mapper 30" support and there are some open source and/or free options that will be posted in the notes for the challenge.

File Hashes

SHA1 hashes:

• Version 0.1 TBD