Ph0wn CTF

A Capture The Flag for Smart Devices
November 24-25, 2023

Find Out More

Ph0wn is a Capture The Flag (CTF) and Workshops dedicated to smart devices

Come and challenge yourself on IoT, embedded systems, smart phones, drones, IP web cameras, console games, smart toothbrushes and many other devices!

Ph0wn 2023 is over! It was great thanks to all of you! There were 4 workshops and 182 participants. More on this fabulous edition! which featured a satellite, again!

Download Ph0wn eZine Issue #01 and enjoy writeups!
Subscribe to our Ph0wn Newsletter


Venue Address

For workshops, EURECOM
450 route des Colles
06903 Sophia Antipolis
Alpes Maritimes, France
Website
GPS: latitude 43.614376, longitude 7.070450

For the CTF, Learning Centre SophiaTech
Batiment G,
450 route des Colles
06903 Sophia Antipolis
Alpes Maritimes, France
Website
GPS: latitude: 43.61479, longitude: 7.07164

The map below points on the Learning Center (CTF). The building of Eurecom (workshops) is the next one (West).


View Larger Map















Badge Contest


Bring your favorite badge at Ph0wn CTF: one you built yourself or simply a badge you got at a former conference.
The owner of the badge with most votes gets a Digital Microscope (Andonstar AD106S)!

See Details

Free Workshops


We are happy to present a great lineup of workshops for Ph0wn! Those workshops will take place on Friday November 24, 2023. Please be there on time, as we will yield any vacant seat at the beginning of the workshop. All our workshops are free and we warmly thank our awesome speakers for taking time to prepare them. All workshops require that you come with an operational laptop, with WiFi and some disk space. Specific requirements for your workshop is listed below.

Software reverse engineering for beginners with Ghidra applied to a drone's firmware (ARM architecture) - Maximilien Bouchez


icon made by www.freepik.com   in French (possible support in English), 14:00 - 18:00, 20 seats, Room 101

Have you ever dreamed of accessing the source code of an application to gain a deeper understanding of its inner workings? To uncover hidden secrets or search for vulnerabilities? Perhaps even to modify its behavior? Software reverse-engineering is the key to realizing these dreams.
This workshop explains major principles of software reverse-engineering step by step. At each step you will practice on a real production software which is the embedded software of a popular drone. That will be the opportunity to get familiar with microcontroller programming and ARM instruction set. You will also learn to use the well-known software reverse-engineering tool: Ghidra.
At the end of this workshop, you will have identified an unsafe communication protocol and an unexpected way to control the drone.
Pre-requisites:
  • Basic knowledge of C programming language is recommended
  • Ghidra installed and ready to run on your laptops
  • Download Archive file for the workshop before the workshop. More details to come.

3D Printing - Sébastien et Tom Andrivet - 4 hours

icon made by www.freepik.com   in French, 14:00 - 18:00, 15 seats, Room 102

Vous etes intéressés par l'impression 3D mais vous ne savez pas par ou commencer, quoi acheter ou utiliser ? Cette formation est faite pour vous. Nous vous guiderons étape par étape. Pendant la formation, vous concevrez et imprimerez votre propre modèle 3D (simple) sur une véritable imprimante 3D.
Cette formation s'adresse ଆ tout le monde, en particulier aux personnes qui n'ont pas encore acquis d'expérience en impression 3D. Prenez votre ordinateur portable, votre créativité et votre désir d'apprendre de nouvelles choses.
Conditions préalables : Un ordinateur portable fonctionnant sous Windows, macOS ou Linux et doté du Wi-Fi

Hands-on hardware security key - Sylvain Pelissier and Nils Amiet - 2 hours

icon made by www.freepik.com in English (possible support in French too), 15:30 - 17:30, 25 seats, Room 151
Looking at the specifications of that brand new Yubikey 5, with a puzzled look on your face, due to the unfathomable amount of supported features listed on that Yubico website page. Wondering if I should buy a security key and which one. Does this scenario sound familiar ? You're not alone. In this workshop, we'll make a deep dive into the world of security keys. We'll cover what they can be used for (for example Web authentication with FIDO2, PGP, OTP, etc.), talk about the various features these keys support, as well as their limitations. We'll compare the products on the market and help you decide which one is best for you. We'll cover security considerations and disaster recovery best practices as well.
Pre-requisites:
  • Linux (preferred) laptop, or Windows with WSL, or a Linux VM
  • A security key (preferably a Yubikey, but other brands are also fine). If you don't have one, don't worry, we will help you chose one during the workshop, and you will still be able to participate.

Hacking d'architectures rétro - Fabrice Francès

icon made by www.freepik.com   in French, 15:00 - 18:00 - 8 seats - Room 155
Hacking old consoles or arcade boards might be seen as a useless activity, nonetheless it is not only fun but very educational indeed as a first step on the path of understanding both low-level architectures and retro-engineering techniques that are useful when tackling more modern technologies such as embedded systems. This workshop will give a practical insight in the hacking of old architectures: understanding dedicated video-games architectures will be illustrated with a real Q*bert arcade board, ROM hacking will be practiced both on arcade ROMs emulated with MAME, and real cartridges for the SNES.
Pre-requisites:
  • basic knowledge of an old 8-bit or 16-bit processor (e.g. 6502, Z80, 8086, 65816)
  • good knowledge of one's own laptop, in order to compile/install tools such as hex editors, disassemblers and emulators.

What to bring, how to compete...

How to participate the CTF

Team

Team size is limited to 5

Laptop

Bring your own laptop! We also recommend you come with a smartphone, multi-sockets, a multimeter, a soldering iron, a variety of USB cables (micro USB, USB-C...), dongles, sniffers, UART to USB and any of your favorite hardware gear

Software

Bring your favorite software (disassemblers, development tools, hexadecimal viewers, virtual machines, kali etc)

Wifi

Challenges will be accessible via wifi. Make sure you can access wifi on your laptop.



See Participation Details


Sponsors for 2023

                                               
                                                       
                                                                                                 

Want to sponsor Ph0wn 2024? Send us an email on contact (at) ph0wn (dot) org

Partner events

             

Steering committee

Axelle Apvrille "@cryptax" - Fortinet
Ludovic Apvrille - Telecom Paris
Sandro Barbero - Fortinet
Romain Cayre - Eurecom
Savino Dambra - Norton Research Group
Fabien Ferrero - Université de Nice
Alain Forcioli - Fortinet
Romain Malmain - Eurecom
Philippe Paget "@Phil242" - GreHack
Bastien Sultan - Telecom Paris

Portfolio

Previous editions






Directions

Car

A8 motorway: Exit 44, Antibes, Sophia Antipolis. At roundabout "Carrefour SophiaTech" located on "route des Chappes", follow signs for "Campus SophiaTech".
Recommended parking: P3
. Signs will guide you from there to Ph0wn rooms.
The workshop is in EURECOM building. The CTF is in the Learning Center. The buildings are next to each other on the Campus.

Airport

From Nice or the airport of Nice: line 630 or 632 will take you to Sophia Antipolis in approximately 40 minutes for 2.50 euros. This bus does not run on week-ends. Ask to stop in Sophia Antipolis at St Philippe. During week-ends, consider using bus 637.

Train

Stop at Antibes. Then use bus A, taxis, Uber or car sharing up to Sophia Antipolis (approx 20 mins).

Bus

Get off the bus stop "St Philippe" or "Templiers".
From the neighboring towns of Sophia Antipolis : check Envibus.
From Grasse and its surroundings: check Sillages.