Welcome To HackFesta 2025

Winning is not the sole aim of HackFesta. We hope that all participants will gain new knowledge, enhance their skills, and enjoy networking with one another. So, please take this opportunity to dive into this new world through the challenges and have a great time.

Unless specified otherwise explicitly in a challenge, flag format this year is flag{EXAMPLE_FLAG}. While doing some challenges, you may find flags for other challenges. If you input a flag in the portal and it gets denied, ask organizers where/how you should input it.

There are three types of challenges: PASTA challenges using PASTA hardware, RAMN challenges using RAMN hardware, and SERVER challenges entirely online.

Qualifierss PASTA challenges are worth a total of 3445 points, RAMN challenges 3930 points, and SERVER challenges 3850 points.

For PASTA and RAMN challenges, you can get generous help, so do persevere on hard challenges and ask organizers for help if you ran out of ideas or need technical guidance. For SERVER challenges, you are on your own.

PASTA and RAMN feature "tutorials" to make sure that you have the basic knowledge required to progress. If you answered wrong, no problem! go talk to an organizer and discuss your mistake - we'll give you their points once we make sure you understand.

RAMN Challenges

There are four categories for RAMN challenges:

• USB: Explore an unknown command line interface and find ways to bypass password checks to unlock secret features.
• CAN: Reverse engineer RAMN's CAN bus and find ways to take over controls to achieve the physically impossible.
• UDS: Explore diagnostics services (ISO 14229) and write jailbreak commands.
• Hardware: Oh no! The dreaded check engine light is on! Find ways to diagnostic hardware problems.

We recommend that you start with the first challenges of the USB and CAN categories, then move on to your preferred type of challenges.

RAMN categories are independent and can be done simulatenously by different participants. Some challenges are easier if you leverage both CAN and USB simultaneously, so always share your progress with your teammates! You will observe CAN errors if you leave the engine key on ignition (IGN) - always leave it on accessory (ACC) unless the challenge tells you otherwise.

SERVER challenges

Server challenges are traditional CTF challenges (web, reversing, forensics, crypto, and misc). Try them out if you are already familiar with this type of challenges. You will need to use tools that were not covered by our workshops, such as CyberChef.

Server challenges are worth fewer points than PASTA and RAMN challenges, so make sure you focus on PASTA and RAMN challenges first.

PASTA Challenges

The challenges utilizing PASTA for Education focus on testing a variety of basic knowledge and skills related to automotive security. These challenges might not fit the conventional, cleverly crafted CTF mold you’re used to. Within these challenges, you’ll find tasks that require you to read circuit diagrams, consult manuals, and even inspect circuit boards. At first glance, these elements may seem daunting. The circuit diagrams may look like a perplexing puzzle, the manuals might feel tedious, and getting hands-on with circuit boards could feel a little intimidating. These could be areas you’ve previously shied away from or haven’t felt confident in tackling. However, once you immerse yourself in this world, you’ll realize that these tasks are filled with valuable information and can be quite enjoyable.

Rules and Remarks

• The source code of PASTA and RAMN is available on github, but we made many changes for this event. Do not assume that everything you read on github applies to your device.
• The JTAG interface of ECUs is locked - do not attempt to connect a JTAG debugger (if you brought one), as you may end up bricking ECUs.