Capture The Flag

Capture The Flag

A Square/Matasano firmware challenge.

Written by Sam Quigley.

I’m very happy to announce the launch of the Matasano/Square Capture the Flag Challenge.

The challenge is based around finding vulnerabilities in some firmware running on an MSP430 chip. The CTF gives you a debugging interface to the system, and each level has a new vulnerability that you’ll have to find and exploit in order to get to the next stage. You’ll learn assembly, overflow buffers, and crack DRM as you advance through the ranks.

If all that sounds like fun to you, you’re right: it is. But if you’ve never heard of the MSP430 before, or if you don’t know the first thing about finding and exploiting vulnerabilities, don’t let that stop you. We hope that the challenge is straightforward enough for anyone with a programming background to get started. Thanks to our friends at Matasano, the CTF interface is easy to use and there are links and hints at each stage that will point you in the right direction. The only thing you’ll need is curiosity and time — it’s a ton of fun.

To give it a shot, just visit And if you’re interested in working on this kind of thing for real, we’d love to hear from you! Sam Quigley - Profile Head of Information Security at