Ph0wn CTF

A Capture The Flag for Smart Devices
November 24-25, 2023

Find Out More

Ph0wn is a Capture The Flag (CTF) and Workshops dedicated to smart devices

Come and challenge yourself on IoT, embedded systems, smart phones, drones, IP web cameras, console games, smart toothbrushes and many other devices!

NEW: Bye bye Dark Mode, welcome to Light Mode!
The CTF will take place during the day !

Important Dates

October 20, 2023: Registration for CTF and Workshops opens
November 19, 2023: Registration for CTF and Workshops closes

Friday November 24, 2023: Workshops from 14.00 to 18.00.
Saturday November 25, 2023: CTF
10.00 (am): Welcome, we open the gates!
11.00 (am): The CTF and the Badge Contest begin
19.00: End and Prize Ceremony

  • Due to high demand compared to actual seat availability, registration for Workshops is mandatory. We will handle a waiting list + on the day of the workshops, you may come and fill in remaining seats if any. All workshops are free.
  • Registration for the CTF is optional. It helps us count the number of meals we need to order. The seats will be filled on a first arrived - first in basis. For teams traveling to ph0wn from far away, we can book a few seats upon requests, but be aware you lose you reservation at 11.00 am if you haven't arrived. The CTF is free for all, including the meal. Remote participation is not possible as you physically play with several smart devices.


Venue Address

Learning Centre SophiaTech
Batiment G,
930 route des Colles
06903 Sophia Antipolis
Alpes Maritimes, France
Website
GPS: latitude: 43.61479, longitude: 7.07164


View Larger Map










Badge Contest


Bring your favorite badge at Ph0wn CTF: one you built yourself or simply a badge you got at a former conference.
The owner of the badge with most votes gets a Digital Microscope (Andonstar AD106S)!

See Details

Free Workshops


We are happy to present a great lineup of workshops for Ph0wn! Those workshops will take place on Friday November 24, 2023 at 14:00. All our workshops are free and we warmly thank our awesome speakers for taking time to prepare them. All workshops require that you come with an operational laptop, with WiFi and some disk space. Specific requirements for your workshop is listed below.

Software reverse engineering for beginners with Ghidra applied to a drone's firmware (ARM architecture) - Maximilien Bouchez


Have you ever dreamed of accessing the source code of an application to gain a deeper understanding of its inner workings? To uncover hidden secrets or search for vulnerabilities? Perhaps even to modify its behavior? Software reverse-engineering is the key to realizing these dreams.
This workshop explains major principles of software reverse-engineering step by step. At each step you will practice on a real production software which is the embedded software of a popular drone. That will be the opportunity to get familiar with microcontroller programming and ARM instruction set. You will also learn to use the well-known software reverse-engineering tool: Ghidra.
At the end of this workshop, you will have identified an unsafe communication protocol and an unexpected way to control the drone.
Pre-requisites:
  • Basic knowledge of C programming language is recommended
  • Ghidra installed and ready to run on your laptops
  • Download Archive file for the workshop before the workshop. More details to come.

3D Printing - Sébastien et Tom Andrivet - 4 hours

icon made by www.freepik.com   in French

You are interested in 3D printing but need to know how to start, what to buy or use? This training is for you. We will guide you step by step. During the training, you will design and print your own (simple) 3D model on an actual 3D printer.
This training is for everyone, especially people who have yet to gain experience in 3D printing. Take your laptop, creativity, and eagerness to learn new things.
Pre-requisites:
  • A laptop running Windows, macOS or Linux and with Wi-Fi capability

Hands-on hardware security key - Sylvain Pelissier et Nils Amiet

icon made by www.freepik.com in English (possible support in French too)

Looking at the specifications of that brand new Yubikey 5, with a puzzled look on your face, due to the unfathomable amount of supported features listed on that Yubico website page. Wondering if I should buy a security key and which one. Does this scenario sound familiar ? You're not alone. In this workshop, we'll make a deep dive into the world of security keys. We'll cover what they can be used for (for example Web authentication with FIDO2, PGP, OTP, etc.), talk about the various features these keys support, as well as their limitations. We'll compare the products on the market and help you decide which one is best for you. We'll cover security considerations and disaster recovery best practices as well.
Pre-requisites:
  • Linux (preferred) laptop, or Windows with WSL, or a Linux VM
  • A security key (preferably a Yubikey, but other brands are also fine). If you don't have one, don't worry, we will help you chose one during the workshop, and you will still be able to participate.

Hacking retro architectures - Fabrice Francès

icon made by www.freepik.com   in French

Hacking old consoles or arcade boards might be seen as a useless activity, nonetheless it is not only fun but very educational indeed as a first step on the path of understanding both low-level architectures and retro-engineering techniques that are useful when tackling more modern technologies such as embedded systems. This workshop will give a practical insight in the hacking of old architectures: understanding dedicated video-games architectures will be illustrated with a real Q*bert arcade board, ROM hacking will be practiced both on arcade ROMs emulated with MAME, and real cartridges for the SNES.
Pre-requisites:
  • basic knowledge of an old 8-bit or 16-bit processor (e.g. 6502, Z80, 8086, 65816)
  • good knowledge of one's own laptop, in order to compile/install tools such as hex editors, disassemblers and emulators.

What to bring, how to compete...

How to participate

Team

Team size is limited to 5

Laptop

Bring your own laptop! We also recommend you come with a smartphone, multi-sockets, a variety of USB cables, dongles, sniffers and any of your favorite hardware gear

Software

Bring your favorite software (disassemblers, development tools, hexadecimal viewers, virtual machines, kali etc)

Wifi

Challenges will be accessible via wifi. Make sure you can access wifi on your laptop.



See Participation Details


Sponsors for 2023

                                               
                                                                                   

Want to sponsor Ph0wn 2023? Send us an email on contact (at) ph0wn (dot) org

Partner events

             

Steering committee

Axelle Apvrille "@cryptax" - Fortinet
Ludovic Apvrille - Telecom Paris
Sandro Barbero - Fortinet
Savino Dambra - Norton Research Group
Fabien Ferrero - Université de Nice
Alain Forcioli - Fortinet
Maxime Jerome "@boguette" - Orange Business Services
Philippe Paget "@Phil242" - GreHack
Bastien Sultan - Telecom Paris

Portfolio

Previous editions






Directions

Car

A8 motorway: Exit 44, Antibes, Sophia Antipolis. At roundabout "Carrefour SophiaTech" located on "route des Chappes", follow signs for "Campus SophiaTech". Recommend parking: P3. Signs will guide you from there to Ph0wn rooms.

Airport

From the airport of Nice: line 630 will take you to Sophia Antipolis in approximately 40 minutes for 2.50 euros. This bus does not run on week-ends. Ask to stop in Sophia Antipolis at St Philippe. During week-ends, use bus 620 and get off at "Pole d'echange" in Antibes. Then, use bus A or 1 to go to "St Philippe" in Sophia Antipolis.

Train

Stop at Antibes. Then use bus A, taxis, Uber or car sharing up to Sophia Antipolis (approx 20 mins).

Bus

Get off the bus stop "St Philippe" or "Templiers".
From the neighboring towns of Sophia Antipolis : check Envibus.
From Grasse and its surroundings: check Sillages.