Korelogic Logo
"Crack Me If You Can" - DEFCON 2012
  CMIYC 2012 has ended! Team Hashcat is the winner!  
Back to Top

Submitting results

Once you have cracked some passwords or encrypted files, submit them to us in a PGP signed & encrypted email. The payload varies a little depending on what you cracked.

Password hashes

Every time you submit cracked passwords, send us all the plaintexts you have cracked so far, each on one line by itself. Don't include anything else on the lines, such as 'username:plaintext' or 'hash:plaintext', just 'plaintext'. We will verify them, and update the stats page. If you send us junk that's not correct plaintexts, we will assume you are spewing /dev/random at us and shun all future mail from you.

File challenges

When you crack a challenge file, submit to us a line containing:

filename plaintext

Notice the space (' '), and there is no colon (':'). You can mix this in with a submission of password cracks. Unlike with password crack submissions, you do not need to send us all your challenge file cracks every time you crack a new challenge (although there is no problem doing so, either).

Submit often

Try not to go too long between submitting updates. One every two hours or so is preferred. We want the stats pages to accurately reflect the progress of the different teams. Besides, a big jump in cracks/points after a long silence could mean that a team has stolen cracks from another team. Of course if you sleep a few hours and miss a couple we will forgive you. But if you go more than 12 hours without an update, we will assume you gave up or died of alchohol poisoning.

But not too often

Do not flood us with submissions. We will assume you are trying to DoS us. We will ignore submissions from a team sent faster than once per five minutes. Sending us more than one per minute will disqualify your team. An exception is if you are the first to crack a challenge--send us that immediately, even if you just submitted. Even if we throttle you initially, we'll sort it out.

Example submission

Here is what a submission process might look like.

$ cat cracked
challengefile.zip password

$ gpg -a -o submission-email.pgp.asc -r sub-2012@contest.korelogic.com \
                                                             -se cracked
$ mail -s "cracked" sub-2012@contest.korelogic.com \
					< submission-email.pgp.asc
Or attach the file keysub-email.pgp.asc to an empty email to sub-2012@contest.korelogic.com, such as if you are using Gmail.

Don't forget to use --default-key 0xDEADBEEF if you created a dedicated PGP key just for this event.


Please contact us if you would like more information about our services, tools, or careers with us.
Privacy Policy : Copyright 2012. KoreLogic Security. All rights reserved