Puzzle Creation for Vendors

Vendor Puzzles in Cyber Fire

Cyber Fire has been running continuously since 2009, with a suite of roughly 300 home-grown puzzles. Puzzles are arranged by category, with each category attempting to teach a set of related skills, in a gentle progression that tries to teach new skills as people play.

In 2011, we began inviting vendors to contribute puzzles that demonstrate the value of their product, in exchange for hosting events. Vendor Puzzles are your opportunity to show off your product or service with the technical workers who would be using it.

How it Works

Foundry events from Foundry 16 forward will feature a single vendor category for all vendor puzzles. Each vendor is invited to contribute two (2) puzzles for inclusion within the category. Your puzzles will be labelled with the name of your company, so that participants will know who to come and ask for help. While we cannot guarantee every puzzle will be unlocked by participants, we will try our best to order things so that every vendor gets at least one puzzle unlocked within the event.

Deadlines

These are our usual deadlines. Dates may vary for specific events: read your emails!

Deadlines are firm: we work on a tight timeline!

Rough Draft

Typically due 8 weeks before start of event

The rough draft should be a writeup of what you intend to run. We’ll help you to make sure your work doesn’t overlap too much with anything else, and that it fits into the event.

Initial Working Draft

Typically due 6 weeks before start of event

Your Initial Working Draft will be in the MOTH format, and allows us a week to help you make sure it actually runs in our contest without causing problems.

Final Submission

Typically due 3 weeks before start of event

Final Submission is in the MOTH format. We may still ask you to make a few minor changes, but your puzzles need to be in good shape and ready to ship by this deadline.

Cyber Fire Puzzle Principles

You can’t require your product

Your puzzles should point out what your company does that is unique, without requiring your product. Rather, craft puzzles that illustrate how much time and effort people would save if they were using it instead of the “old way”. Try to imagine a task that would take dozens of hours of work without your product, but is a simple task when using your product

It’s fine to provide a demonstration instance of your product

As long as it’s not mandatory to interact with your product, you should feel encouraged to provide a cloud instance of your server that participants can use to work on your puzzle.

Be aware that participants are going to try to create mayhem; they will change passwords, delete accounts, instruct services to restart or terminate, or anything else they are given permission to do. These chaotic acts are more likely if they will prevent other teams from using your service.

Please plan for creative mayhem.

Everything must be defanged

If you have anything in your puzzle which could hurt a participant’s computer, we need you to bring as much attention to this fact as possible. This is a learning event, and our learners are going to make mistakes along the way. We want to make sure that any mistakes they make don’t cause permanent or serious damage.

Usually this means you wrap the badness in a password-protected zip file, or include it in a disk image. We’re trying to avoid one-click pwnage.

Example Puzzle: The Frobozz Magic Checksum Company

As an example, let’s consider the Frobozz Magic Checksum Company, who sells a product that reports on the MD5 checksum of every file in a file system.

First Puzzle: find a file by checksum

A good first puzzle for the Frobozz product would be to provide participants with a hard drive image, and ask them to track down the file with checksum d3b07384d113edec49eaa6238ad5ff00. This can be done by hand, but all the participant has to do with the Frobozz product is upload the image and enter the checksum, and they’re done. The answer is the full path to the file, which is conveniently provided by the product.

Second Puzzle: Count matches from a list

The second puzzle provides a list of checksums, and asks the player to find all files on the previous image that match any of the checksums. Easy with the Frobozz product, just drop the list into a text box and click “Go”.

The answer requested is the 42nd match of the sorted list of matching files. Just click the “path” column to sort, and go down the the 42nd entry, and paste it in.

Third Puzzle: Track changes over time

The file system has checkpointing capabilities (like btrfs). Players are now asked to look up a file by checksum, and paste in checksum of the the 5th checkpoint revision of that file. This is just a few clicks in the Frobozz system, but it could be an hour of work or more by hand.