Toyota's Hack Festa

Toyota Motor Corporation

Bringing Challenge Variety and Flexibility to Toyota's Hack Festa

In 2022, Toyota organized a two-day CTF event ("Hack Festa") to promote education in automotive security among university students.

Toyota implemented various automotive challenges on top of their two hardware testbeds that simulate automotive networks: PASTA and RAMN.

These testbeds reproduce the typical communications of modern vehicles without requiring an actual vehicle and consist of several Electronic Control Units (ECUs) connected to a Controller Area Network (CAN bus).

Automotive CTFs, and hardware CTFs in general, are often constrained by the fact that the hardware has a single firmware, limiting the number and type of challenges that can be implemented.

For Hack Festa, we supported Toyota with multiple CTFd customizations to get a unique aesthetic and also enable a multi-firmware hardware CTF platform.

Custom CTFd Integrations Took Hack Festa to the Next Level

During planning, we scoped out two primary areas of CTFd customization:

  1. A custom theme to align with the Toyota brand
  2. Custom integrations between CTFd and the RAMN boards provided to each participating team

A Custom Theme Highlighted the Toyota Brand and Customized the CTFd Aesthetic

To begin, we worked with a designer to come up with an aesthetic inspired by the HUDs and touch screens of modern cars.

After the rough design and inspiration was approved, it was converted into a fully functional CTFd theme.

Different Firmware For Different Challenges

To address the single firmware limitation, Toyota specified that challenges in the CTFd portal should be tied to different RAMN firmwares. Essentially, during the setup of the CTF, competition organizers needed to be able to specify that a challenge required a specific firmware.

In addition, participants needed to be able to request a firmware from the CTFd portal, then bring their RAMN to the organizers to reprogram it at a "firmware flashing station."

To achieve these goals, two CTFd plugins were developed.

Custom CTFd Integration With a Firmware Flashing Station

One plugin integrated with a firmware flashing station that would handle the firmware flashing process and report the flashing status to CTFd via a webhook. Upon a successful flash, CTFd would update the status of the board.

Built on this feature, the plugin also added a page where users could request firmware flashes and admins could manually specify the firmware that was on a user's board.

For situations where manual flashing was preferred, the plugin could also be configured to report firmware requests over to Slack so that admins could manually flash the boards and verify that they were in a valid state.

Custom CTFd Challenge Type to Require a RAMN Firmware

Building on top of the firmware flashing plugin, a custom challenge type plugin was developed so that a competition admin could specify a required firmware and users would be prompted to use that firmware.

This prevented participants from attempting to solve a challenge that was not available on their current firmware.

Multi-Firmware Results

Separating challenges into different firmwares had two key benefits:

  1. It enabled challenge difficulty to ramp up, depending on experience level. Toyota was able to include beginner-friendly firmwares with simple traffic and debugging information, as well as realistic firmwares with complex traffic and security countermeasures.
  2. It allowed for challenge variety. Challenges involving memory leaks typically risk compromising all flags in the firmware, which limits the kinds of challenges that can be offered. However, this is not an issue if there is only one flag per firmware, making it possible to offer a variety of independent exploitation challenges.

[Left: RAMN with a beginner-friendly tutorial firmware. Right: RAMN with an alternative firmware for an advanced exploitation challenge).]

After the event, participants reported that the ramping difficulty made it possible for them to progressively tackle advanced challenges. Toyota's feedback also indicated that the challenges ranked as "most enjoyed" would not have been possible if they were implemented in the same firmware.

Toyota Hack Festa Saw Engaged Participants Across the World

Ultimately, the Hack Festa portal was hosted on the CTFd Cloud with CTFd Enterprise, with participants in Japan and the US participating simultaneously.

The Hack Festa 2022 event went well, with great feedback from event participants and organizers. Information about Hack Festa is available here.

Want our help organizing your company event? Reach out to us here!