Rules

How to Play

A Capture The Flag (CTF) is a cybersecurity competition where participants solve challenges to find hidden pieces of data called "flags". These flags prove you’ve completed the challenge successfully and follows a specific format. For this CTF the flag format is CRYPTO25{example_flag}. In this course, the CTF is divided into two main parts:

Part 1: C Programming Challenges

• Write a C program that generates the required output (i.e., prints the flag).
• You will find more accurate description on how to construct the flag in each challenge description.

Part 2: Attacks (Implemented in Python)

• Implement various attacks against symmetric and asymmetric cryptography.
• If you manage to successfully mount the attack, you’ll get the flag.

Deadlines

The deadlines to submit the solutions are:

• Part 1 challenges (C and OpenSSL): 28/03/2025

Score

Incentives for participating in the CTF:

• 3 points if you complete all the intended challenges before the deadline:
  • 1 point for C programming challenges.
  • 1 point for symmetric crypto attacks.
  • 1 point for asymmetric crypto attacks.
• 2 points bonus for students who solve the final challenges and complete the majority of exercises (based on the CTF scoreboard).

The exercise grade will be computed as:

(exam score + bonus) mod 12

CryptoCTF is OPTIONAL

• You can pass the exam by studying as usual, without playing the CTF.
• It’s still possible to achieve the maximum grade (30 e lode).
• Playing the CTF may require more time than typically associated with the CFUs.

Anti-Cheating Measures

Unfortunately, in the previous year, a significant number of students cheated. To address this:

• We know it’s easy to ask your friends to share flags, but the goal is to learn, not just to collect points.
• Collaboration is encouraged, especially with more experienced peers, but you must understand the solution.
• Students will be randomly selected for quick verifications:
  • A brief discussion with the instructor (e.g., via video call).

⚠️ Important: If you don’t understand the attack, don’t submit the flag.

If it becomes clear during verification that you didn’t understand the solution:

• Your final score will be -5 points.
• You will be disqualified from continuing the CTF.
• The instructor may report cheating students to the Commissione Disciplinare.

This year, more students will be checked to ensure fair play.

If you've understand the rules, go submit your first flag for the warmup challenge! CRYPTO25{MyFirstFlag}