Scrimmage details

10/12: Scrimmage


MIT/LL CTF Scrimmage is aimed at giving players an opportunity to familiarize themselves with the MIT/LL CTF environment, as well as help us test our infrastructure. Remote participation is possible for this event; please let us know if your team expects to participate remotely.

Participation in the scrimmage is optional; no prizes or points will be awarded during this event.


MIT campus, room 26-152


  • 10:00am Setup network access, get credentials
  • 10:30am Intro to MIT/LL CTF, Q&A
  • 11:00am Scrimmage starts
  • 6:00pm Scrimmage complete

Game Details

You are a company in charge of an Android App. The app is called SecretShare and it allows the mobile user to save secrets to the cloud. Your job is to end the game with the most secrets. Your app will be given flags periodically, but you or your app can also steal flags from other teams. Once you have a flag, submit it to the black market and, in the next round, it will be deposited in your service.

Note: If your service is down, you cannot receive the flags you steal.

Note: The version of SecretShare in your area of the MIT/LL CTF AppStore will get automatically installed and run on a fake Android phone somewhere along with other teams' versions of SecretShare. If you find a vulnerability in the app, fix it and then make sure to upload it back to your area of the MIT/LL CTF AppStore so the graders can install it.


Every round we add (the number of flags you hold in total) * (the number of availability checks you passed this round) * (the number of integrity checks that passed this round) to your score. You can look under the "Messages" and maybe get a hint from the grader as to why it's failing.

What every player should bring to CTF

Please bring a laptop and power adapter. You will use this machine to

  • Defend your team's server.
  • Download your team's and other teams' Android apps from the MIT/LL CTF AppStore.
  • Upload new versions of your team's Android apps to the MIT/LL CTF AppStore.
  • Attack servers owned by other teams, their Android apps, and the fake phones running your apps.

DO NOT ATTACK ANYTHING ELSE! Please leave the rest of our infrastructure and the Internet alone!

Hosts and Credentials

Log in to

Your team server and MIT/LL AppStore DNS names will be available under the "Map" tab.

Team server. Look in /home/ctfuser/secretshare. The code for the server for the SecretShare challenge lives there, so does the code for the app. The "" script installs the server. The "" script runs the server. Run both with "sudo".

MIT/LL CTF AppStore. This is at Your app has been uploaded to the store and users are downloading and using it now. If you make any changes to your app, upload them there.