RiscureWelcome to RHme3, the world’s first automotive CTF

RHme3 Main Challenge is on!

The Riscure Hack Me 3 challenge has officially started. You can view the challenges here. Please note that some challenges are disabled. We're still optimizing these to make sure they are not too easy or too hard to solve. Once we figure this out, we will let you know.

Important! For those who downloaded personalization binaries from the website before 3PM CET Jan 15. Please re-download the binary from the website, to make sure you have the correct one. Instructions here.

Full-size printable challenge map is available here.

The main phase of RHme3 concludes April 15. We are aware that some of you have not received their boards yet. We expect that next week almost everyone should have a board. But in case there are any extra issues with snail mail, we may consider extending the ending date. We decided to go ahead and open the challenges for everyone for two reasons. First, we are confident that three months is enough to solve all the challenges, maybe even twice. Second, we don't award extra points for those who are the first to submit a flag. So take your time and have fun.

Please feel free to discuss the challenges in the IRC channel (#rhme on the Freenode) and Telegram (https://t.me/rhmectf). These two channels are actually connected to each other and some of our team members may (or may not) be there to help. If private information needs to be shared to solve a problem, please use rhme@riscure.com.

Teams! There is one extra step you need to do to solve challenges together. Remember, we asked you to pass the qualifiers individually. Now it's time to pick one account as a team account. You have to personalize your boards using this team account. You need to submit flags using this team account as well. More details on board personalization available here.

RHme3 is developed by Riscure and Argus Cyber Security

15 Jan 2018

RHME3 main challenge postponed till January 15

Yes, this is true. We were expecting some extra challenges due to the complexity of our new CAN-enabled target, but in reality we had to spend hundreds of extra hours to develop and test the boards to make sure they are reliable and fun to crack.

Now here's the latest update. The boards are currently in production and should arrive in our office soon. We will start sending them in late November. The tricky part is the delivery time: some of you will get your board in just a few days after we send it, for others it may take up to a month. To make sure no one gets an unfair advantage of accessing the challenges earlier than the rest, we decided to delay the launch for everyone. One more reason for the extra time is that we will have to manually test each board to make sure you get a working one. We will let everyone know when we start deliveries.

Facts: RHME3 main challenge opens January 15. The closing date now extends to April 15. We are also finalizing the challenges themselves, to make sure you still have a lot of fun, but at a later time. Stay tuned for updates!

20 Oct 2017

RHME3 board giveaway at RADARE2, Barcelona

If you are attending RADARE2 #r2con conference in Barcelona on September 6-9, you have a chance to get an RHME3 board and participate in the main challenge. In total there will be five boards available, and in order to get them, you will have to win at a competition. Details will be shared during a presentation by Eduardo Novella and Dana Geist from Riscure, scheduled at 10am Friday, September 8. More details and conference agenda can be found at RADARE2 website.

To keep things fair, winners of this competition will not get extra points obtained by those who passed the official welcome challenge.

06 Sep 2017

The registration is now closed

Thank you all who registered and participated in the RHME3 qualifications. The registration is now closed, unfortunately you will not be able to submit flags for the three welcome challenges anymore. Please stay tuned for updates here and in our Twitter account. The real fun starts on November 1. Before that we will to contact all winners and send the boards needed to run the main challenge.

Thanks to @HexDump for posting the first, and very detailed, write-up: https://github.com/ResultsMayVary/ctf/tree/master/RHME3

28 Aug 2017

RHME3 registration is open. Welcome challenges posted!

The registration for RHME3 is now open! Click here to register and access challenges.

Join the discussion at the IRC channel #rhme on the Freenode server.

We would like to welcome teams and individuals to register and try their skills at solving the welcome challenge for RHME3. This year it’s not one but three challenges in total.

Here’s how RHME3 registration works:
• The registration is open from August 7 12:00 CET.
• The registration closes on August 28 at 12:00 CET.
• We only need your [nick]name and e-mail.
• Feel free to register, download and solve challenges in any order.
• Submit flags when you capture them. Do not share the flags with others, don’t spoil the fun.
• After August 28 we will announce the winners and contact them to ask for a physical address to ship the board.
• Every welcome challenge gives you one point. The score counts towards your overall RHME3 progress.
• Even if you plan to participate in the main challenge as a team, please solve the welcome challenges individually.
• We rank the results based on the number of challenges solved and dates of flags submission:
o Those who solved all three challenges and were the first to submit the flags.
o (If boards are still available) Those who solved at least two challenges and were the first to submit the flags.
o (Very unlikely to get a free board, but who knows) Those who solved at least one challenge and were the first to submit.

• In total there will be 500 participants with the best results to get the RHME3 board for free. You will need the board to solve the main challenges starting from November 1.

Register and view the challenges.

07 Aug 2017

RHme is back!

Riscure and Argus Cyber Security are happy to announce the third episode of Riscure Hack Me CTF, now with an automotive flavor. Read our official announcement here.

Registration for RHme3 opens on August 7th at 12:00 Central European Time. At that time the welcome challenge will be posted on this website. Once you get the flag of the initial challenge, you may be able to register. Please provide your physical address – we will need it to send out the board. The first 500 registered participants will get the board for free. The main RHme3 challenge starts November 1.

RHME3 highlights:
• Embedded systems CTF created by Riscure in partnership with Argus Cyber Security.
• Allows participants and interested parties to enhance their knowledge of embedded systems security in general, and hardware security in particular.
• For the first time participants are provided with challenges that simulate real-life scenarios relevant to automotive cybersecurity: a group of challenges co-developed by Argus and Riscure utilizes CAN protocol commonly used in modern cars.
• A special Arduino-compatible custom board has been developed for the RHme3 challenge.
• The core of the board is an Atmel XMEGA that has four times the more memory and is twice as fast than the previous RHme boards.
• The RHme3 board also has a crypto-hardware accelerator and two CAN controllers, which allow a whole new range of challenges.

The RHme3 team
Riscure and Argus

17 Jul 2017

Follow @Riscure
Follow @ArgusSec