The Castle Doctrine Forums

Discuss the massively-multiplayer home defense game.

You are not logged in.

#1 2014-10-01 10:49:09

jasonrohrer
Administrator
Registered: 2013-04-01
Posts: 1,231

Cordial Minuet hacking bounty

I just posted this today:

http://cordialminuet.com/hackingChallenge.php

If anyone can win this, I imagine that a Castle Doctrine player can.

Offline

#2 2014-10-01 17:37:05

AMWhy
Member
Registered: 2014-02-04
Posts: 432

Re: Cordial Minuet hacking bounty

I sure hope the CD players CAN'T solve this, or my paranoia levels in-game will rise ten-fold!

Offline

#3 2014-10-02 04:21:26

voxel
Member
Registered: 2014-08-05
Posts: 84

Re: Cordial Minuet hacking bounty

An enlightened approach! But it looks like you haven't advertised this much yet.

Having looked at the TCD code I've seen that you've got experience with crypto. Here's hoping you won't need to pay out, but I think that it's more likely you'll have to pay out the bounty and then apparently there's no bounty for the second security flaw lurking in the code?

I assume the bounty can't be earned by applying zerodays against the server infrastructure. Maybe you should explicitly state that.

Offline

#4 2014-10-02 04:38:03

eppfel
Member
From: Germany
Registered: 2014-02-01
Posts: 324
Website

Re: Cordial Minuet hacking bounty

voxel wrote:

I assume the bounty can't be earned by applying zerodays against the server infrastructure. Maybe you should explicitly state that.

I think 3000$ for revealing a zero day attack is quiet cheap, so Jason would be dumb to exclude it. smile

Offline

#5 2014-10-02 05:13:28

voxel
Member
Registered: 2014-08-05
Posts: 84

Re: Cordial Minuet hacking bounty

I mean after public release, and before the server is patched.

I take back what I said. Jason seems to have a heck of a lot of experience with crypto and networking. And there's almost no deadly C/C++ running on the server. Holy crap, he's even using a YubiKey!

EDIT: It's a pity there's no prize for finding bugs allowing cheating. That's a lot of attack surface that's excluded.

Last edited by voxel (2014-10-02 06:09:08)

Offline

#6 2014-11-03 03:54:37

voxel
Member
Registered: 2014-08-05
Posts: 84

Re: Cordial Minuet hacking bounty

Two weeks Jason fixed an SQL injection vulnerability. However the bounty page is still up, so I guess he got really lucky!

Offline

#7 2014-11-03 16:38:28

cullman
Member
Registered: 2014-03-21
Posts: 424

Re: Cordial Minuet hacking bounty

That bums me out cause I spent about 15 minutes looking for a SQL injection and I must have missed it.   He is smart (clearly) enough to use single quotes everywhere, and strip things down to the minimum before interpolation.  I am tempted to set up a fake a email address that has a domain with a unicode character and complain that I can't join his game with my unicoded email address.  But frankly, I think he is wise to only allow ascii email address usernames just for simplicity and security sake.

Offline

#8 2014-11-04 00:56:40

voxel
Member
Registered: 2014-08-05
Posts: 84

Re: Cordial Minuet hacking bounty

Yeah, I looked as well and the reason I missed it was that I was lazy (and busy) and did a simple grep, but the relevant function call was broken over multiple lines! And it was in the code since August.

Last edited by voxel (2014-11-04 00:57:11)

Offline

Board footer

Powered by FluxBB 1.5.8