How do I create a question?
All CodeCup questions are ultimately just JSON which complies with the following spec:
Challenge JSON
That said, there are two ways to author that JSON:
- You can write a .json file, or...
- You can write a program which generates JSON, and outputs it to
stdout
Option (2) is preferred, because it means we can repeat questions without worrying about the answers being available by a clever Google search. Most CodeCup questions are now using option (2).
Have a look at all the CodeCup Questions (if you're on the CodeCup team), or take a look at some example questions (if you're not on the CodeCup team).
What types of questions do people usually write?
- Quiz: Answer a question. Answers should be short and unambiguous because we don't support multiple choice. These are almost always quick, low-point-value, so we don't like to have more than 10-20 per CodeCup.
(e.g. "This three-letter acronym is an asymmetric encryption algorithm invented before 2000.")
- Non-Technical: These are designed so that people who attend CodeDay with absolutely no technical experience can still contribute (which increases the chance they learn about cyber security to help more next time).
These are usually IRL tasks, and can range from short to extensive tasks. Usually, to get the flag, people need to email a submission to codecup@srnd.org and we'll reply with the flag.
(e.g. "Write and record a 30-second song about CodeDay, and email it to codecup@srnd.org")
- Code: Questions with an algorithmically defined answer, but which can't be computed by hand: participants need to write some code to get the answer.
Note that we don't support running code to test for a correct output, like many traditional programming competitions. There has to be a defined output which participants cannot arrive at by hand.
(e.g. any question on Project Euler)
- Cryptography: Questions which require knowledge of RSA/ECC, or symmetric encryption algorithms. Often this involves reverse engineering some encryption code, discovering a vulnerability, and decoding cyphertext without knowing the key.
Sometimes this might also involve cracking a message encyphered with an ancient cypher, or a trivially small RSA key. (This also includes cracking a hash, but we usually only have one of those questions each time for obvious reasons.)
(e.g. "My message is [...], and here is the code I used to encrypt it. What is the flag?")
- Steganography: These involve hiding data inside an innocuous looking file, like adding a ZIP file to the end of a JPEG etc. We usually include one or two, but they're not very real-world so we usually avoid them.
- Forensics: These require looking through logs or other data from a compromised computer, and finding information about the attack: who it was, what user was the source, what systems were compromised, what data was stolen, etc. These questions often use Splunk, the CodeCup sponsor, because it's a real-world tool for this sort of discovery.