Hacker News new | past | comments | ask | show | jobs | submit login
Hack a satellite (hackasat.com)
124 points by mooreds on May 30, 2022 | hide | past | favorite | 25 comments



Here’s a link to the “rules” document, which is basically all you need to understand the (3rd) satellite hacking CTF hosted by the US military:

https://hackasat.com/wp-content/uploads/2022/04/HAS3_Rules_V...

Prior HN comments on a prior event:

https://news.ycombinator.com/item?id=22991947

Related HN post, “A crash course on hacking satellites”

https://news.ycombinator.com/item?id=24072829


Per the rules PDF linked to above: “Registration Closes: May 22, 2022”

** This currently appears to be an annual event though, so if you’re interested, there will likely be an event next year.


The website/game appears functional, from a few minutes of experimenting, with the main LCD starting a puzzle. What's the split between the hard-registration, and playing the game?

edit: After you complete the "first challenge", you you told to provide your email and wait. Not sure if the intent is to bypass this or something, and what's a game vs what's not?


Do I understand it correct, that all the CTFs are basically puzzles with planted cues and weakened parts, since if there was no such a preparation, almost noone could score a flag, plus the orgs could not know in advance how their system is crackable, which would result in a competition being in essence "find a zeroday"?


Correct, IMHO these competitions are mostly setup in search of talented people and (maybe) catch the attention of general public on certain security fields


Yes that’s correct. Typically there’s is a “flag” or a string of text that the hackers attempt to find.

Good companies have a bug bounty program where people can submit 0-days.


Our team has qualified for the Hack-a-Sat finals three years in a row. I wasn't a part of the first year but was a part of last year and this year. Last year's finals didn't go super well for us, but we're hoping to do better this year.


Is this still part of defcon? Or is it just it's own thing now


I think it's its own thing now. Last year the organizers were at DEF CON and showed off the satellite for the finals and had a few talks, but the actual competition was in December. I assume the same thing will happen at this year's DEF CON.


What sort of time commitment does this require?

I’d be thrilled to join a team; I work as a senior developer (web and mobile apps) but unfortunately have no CTF or “real” cybersecurity experience. I have a deep interest in space and relevant technologies. Would such a skillset be useful?


You could probably train yourself pretty easily. Give some of these a go. https://overthewire.org/wargames/


> What sort of time commitment does this require?

A full weekend around May, per year.

Of course if you really want to make sure your team can go to the final event you may want to practice on past challenges, which could be done at your own pace (or just don't, you may still make meaningful contributions to a team as long as you can learn new shit really fast).


some of our best peeps are devs, and not cyber security for their profession. they just like good puzzle games.

the comp is only one weekend, but most people participate in a few smaller ctfs throughout the year to stay sharp.

there are hundreds of ctfs that are always up that you can use to practice. one evening a week is more than enough to become and stay a serious ctf'r. it's a whole sport where people are constantly playing throughout the year. we have plenty of people on our team who put in both more and less time than that too.


Related:

US Air Force Space Security Challenge 2020: Hack-a-Sat - https://news.ycombinator.com/item?id=22991947 - April 2020 (86 comments)


A few notes about this special event.

A. Hack a sat requires a team work. It is humanly impossible for a single individual to get to the finals.

B. It takes more than just hacking skills, team must have geometry wizards and astronomy buffs to tackle challenges related to calculating orbiting locations and such.

C. Teams I am familiar with are obviously super strong in their professional life, and I am honored to work with some for over a decade in my day to day.


My team and I had a blast the first year this came out. Definitely recommend participating in this, even if you’re not familiar with more traditional security CTF challenges. These challenges tend to draw from the broad set of engineering skills needed for space-faring technology, not just your traditional vulnerable service or configuration.


What if I’m not an established team, but just some bozo with interest in security research and hacking stuff?


Register as a one-man team and play. Just don't expect that you may qualify for the finals (unless you are geohot). Remember to read all challenges and feel free to skip a challenge if you get stuck.

Though the news got posted a week later (this year's quals ended a week ago) and you have to wait one year if you want to play this specific event.


spend some time going over the previous years challenges as well as other non time based ctfs available out there. at the turn of the new year, you can pop into some ctf slack and discord groups and hunt for a team to join. a lot of teams are very friendly and welcoming to new peeps.


It would be interesting to join a team which uses a series of data diodes to harden satellites against attack. Reifying a physical, instead of logical, separation of command and data flows could go a long way to reducing vulnerabilities for systems built in the future.

Perhaps a project to create low cost data diodes, and a set of best practices for their use, could be helpful.


https://www.airforcemag.com/article/hackers-balk-at-rules-ch...

Seems like there was a lot of criticism

>Even those who performed well were frustrated. “We had really high hopes … for the contest, but at the end the disappointment and frustration completely took over, even after finishing second and winning a big cash prize,” wrote Michał Kowalczyk on CTFTime.org, a blog where contestants rate and review different capture-the-flag (CTF) competitions. Kowalczyk, whose hacker handle is Redford, is a co-founder for the team “Poland Can Into Space,” which was the runner-up both this year and last. “I wish it was different, but I have to say that this was a pretty bad CTF.”

>Tyler Nighswander of Plaid Parliament of Pwning, a storied team connected with Carnegie Mellon University, complained that “lots of things regarding how the game operated were not explained clearly.”

>He suggested that expectations for Hack-A-Sat were high. “I think all of the participating teams have played in CTFs which were run worse than this contest was,” he said. But given that Hack-A-Sat was backed by the resources of the U.S. military, competitors expected a flawless execution. “There was an expectation level that I don’t think was cleared,” he said.


note that this was issues with hack a sat 2 finals, and not hack a sat 3 qualifiers which just finished. I'm not aware of any major issues with quals this year. overall I thought it was very well run, and fairly smooth. only a couple minor hiccups that I don't think affected the outcome in anyways


Having previously done both satellite development and (legal) satellite hacking, I participated in both the 2020 and 2021 qualifiers, but sat it out this year. It was a lot of fun and our team did well, but we did not make the finals. (We scored 19th in 2020 and 27th in 2021.)


I love working on these. I'm not really into CTFs but I learn quite a bit each time I participate in Hack-a-Sat. The astrodynamics questions in CTF1 were quite hard, such as make a star tracker and find your position.


[2020] ?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: