Challenge Description

Big Bang Theory was the final challenge in a set of three challenges (the first two being the hardware challenge by Justin and the snake game challenge by Aaron (@mcdulltii) respectively) used in Cyber League Finals (run during STANDCON 2025). The theme was “Defuse The Device”, where two teams of three had two hours to complete as many of the three challenges as possible before we all 💥 explode 💥

Here’s the challenge description:

To uncover the secrets of the bomb device (and prevent everyone from going out in a fiery mess!), you will need to read secrets from the kernel with the help of your trusty debugger and qemu.

Challenge files can be obtained here: https://github.com/KaligulaArmblessed/CTF-Challenges/tree/main/Big_Bang_Theory

Note that the files distributed to the participants (dist) and the files hosted on the server (service) are different – this is because the goal of the challenge is just to leak the secret message (obtaining root is not required). The secret message is actually a simple Chemistry riddle, which when solved will tell the participants which wire to cut to defuse the, ahem, device. ❌💣 ✅🖥️

Fun Facts and Spoilers

Fun fact 1: I was made to hide underneath a table for ✨ dramatic effect ✨, and pop out only when the kernel challenge was revealed. I was underneath the table in the middle:

If you have ever wondered what the view from underneath a table is like, here you go:

Fun fact 2: I was kicked once when I was underneath the table 😭

If you were able to leak the secret message, this is what you would have got:

5TANDing here I realize
The elements
can be my guide 
My atomic weight
Is twice my number
Bonded with 6 hydrogens
We form a hexagon
My number is
the secret key
To stopping this bomb
From combusting you see

This is a Chemistry riddle. There are a few elements with an atomic weight that is twice their atomic number – carbon, nitrogen and oxygen to name a few. The riddle then states that when bonded with 6 hydrogens, they will form a hexagon – this is a reference to benzene (C6H6), which comprises of 6 carbons and 6 hydrogens. Here is the aromatic representation of benzene: ⏣, and here is the Kekule representation ⌬ (this is totally not an excuse for me to put cute Chemistry symbols onto my blog). The riddle finally states that the “number” (referring to the atomic number) is the secret key to stopping the bomb from combusting, meaning that the participants have to cut the 6th wire (since carbon’s atomic number is 6)!

There are also other references in this riddle – “5TANDing here” is a reference to both “5TANDCON” (since this is the fifth iteration of STANDCON) and the song “It Has To Be This Way” from Metal Gear Rising: Revengeance (which is the awesomest stupid thing to exist and the stupidest awesome thing to exist according to a YouTuber, and I agree with this judgement wholeheartedly). If you haven’t noticed from other posts on this blog, MGR is one of my favourite games, and many of my CTF challenges have silly MGR references in them (one of them being Dead Pwners’ Society’s supposedly “F**king Invincible Kernel” with all its protections). Also, during Cyber League Finals, two songs were played: the instrumental of MGR’s It Has To Be This Way (this links to the vocal version though, because it is simply an iconic meme) when the kernel challenge was revealed, and Hacknet OS’s Panic Track by The Algorithm (an awesome band) for the last two minutes or so of the CTF.

Challenge design wise, I’ve always wanted to turn the silly anon_vma_name technique into a CTF challenge because I thought it would be funny so here it is!

Now, for the solution:

1. Exploit double fetch by quickly flipping a variable
2. Turn double fetch into heap overflow, then do a one byte overwrite to corrupt a pointer so you have two pointers pointing at the same object
3. Trigger free to get UAF
4. Spray anon_vma_name over the victim object
5. Trigger the ticker write function to write the secret to the anon_vma_name object
6. Leak the riddle about which wire to cut by reading /proc/pid/maps

The full exploit can be obtained here: https://github.com/KaligulaArmblessed/CTF-Challenges/blob/main/Big_Bang_Theory/solution/exploit.c

One of my other favourite things that happened in Cyber League Finals was the hand-drawn hardware diagram by Justin given to the participants:

The other thing that happened in STANDCON that I found incredibly funny was this:

Yes, this is totally not a silly reference…

Back to Home