A Wright State University team of computer engineering and cybersecurity students finished fifth in an all-virtual, two-day hackathon that involved 30 teams from around the country.
“Their knowledge and passion in the areas of cybersecurity and hardware helped them succeed, as well as their skills in teamwork and collaboration,” said coach Matt Kijowski, cyber systems program manager. “Being able to work on a single complex problem as a team is not a simple task when the code you are getting out is over a hundred thousand lines long.”
A capture-the-flag hackathon is a sprint-like competition in which computer programmers, computer engineers and cybersecurity experts collaborate to solve various problems. The goal is to create functioning software or hardware to retrieve virtual flags hidden in the system.
Hack INdiana 2020 was about hardware and how it interacts with software. The all-virtual competition, which was held Sept. 25–27, was designed and hosted by Booz Allen Hamilton. The students received game kits in the mail and competed with the other teams online.
The Wright State team was comprised of captain Ryan Slater, a computer engineering major; Owen O’Connor, a computer engineering major; Anthony Morell, an information technology and cybersecurity major; and Adam Mitchell, a computer science major.
Each team was provided with a custom keyboard-like hardware device and a virtual machine with which it interacts. The Wright State team had to reverse-engineering the hardware device and then determine what exactly the hardware was doing and how it interacted with a computer.
“This investigation led them to digging around the inner workings of the operating system looking for malicious files and software and inspecting how these files interacted with the hardware provided,” said Kijowski.
The students created several scripts to analyze the hardware device and developed automated tools to help them reconstruct code from various hardware and software packages.
Kijowski said the competition gave the students a knowledge of the complexities of hardware and reverse engineering, a respect for how even a simple keypad can have many thousands of lines of code, and how tricky it is to identify a malicious addition to that code.
Slater said the biggest challenge of the hackathon was learning new tools.
“We learned how to use many new programs such as Ghidra, which was developed by the NSA,” he said. “Many of these tools were very complex, but we only had a short amount of time to learn them.”
Slater said the competition also helped teach him how to efficiently communicate a problem to someone who had not looked at it yet.
“Many times, one of us would be working on a problem and get stuck after making decent progress,” he said. “We would then have to quickly explain the problem to someone else on the team so they could assist us with it.”