OpenInfreno An Open Source RootWars Platform Dennis W. “LittleW0lf” Mattison

Talk Contents ● OpenInfreno Background and Design Goals ● Toorcon RootWars 2003 ● Toorcon RootWars 2004 ● The Future ● Open Source

OpenInfreno Background and Design Goals ● What is OpenInfreno? – A Toolkit for RootWars style games ● Why OpenInfreno? – All other models proprietary... RootFU, etc. – Open game design under BSD/GPL Licenses ● Why Open Source? – Allows programmers from many walks of life – Allows me to work from home!

OpenInfreno Background and Design Goals ● Background – Originally a “proprietary” program developed for Toorcon RootWars 2003, but “opened” afterward – Version 2.0 used at Toorcon RootWars ● Design Goals – Modular design, everything revolving around a database. – Simple but secure ● We have a long way to go here!

Toorcon RootWars 2003 ● Written by two people: LittleW0lf and Insane. – John C. Hummel wrote the “scoreboard” ● Proprietary code, SAIC sponsored ● Most of code written in PHP, rest was written using Shell-scripting – Non-proprietary version of this system is available at openinfreno.sf.net as version – code only available via the BSD License.

Toorcon RootWars 2003 ● Backend used modified OpenSSH Daemon on TCP/3128 – Keys were compared using OpenSSL – Traffic penalty generated using ALTQ-PF on Firewall – PHP code was broken into three parts: ● Scorebot – Workhorse, responsible for accessing the SSH daemon and checking for services ● Display-Manager – Gives the points for the roots ● Traffic Manager – Generates penalty points for traffic usage

Toorcon RootWars 2003 ● Software performed relatively well, minor bugs: – Some of the “score” fields weren't displayed correctly, despite the fact that the engine properly counted them – No working Windows TM functionality (boo-hoo) – SNMP didn't work as advertised – Several of the targets (Cisco, You Own It...) could not be modified to work with the code because OpenSSH wasn't entirely portable – Other really minor issues that nobody even caught until after game was finished

Toorcon RootWars 2003 ● Lessons Learned – Code worked well, with minor issues – Realtime scoring is an absolute necessity! – Giving teams an idea about how the system works and the system scores the teams is really important. – Having the server do all the work caused too much complexity which caused its own problems. An agent version of the engine will probably work better because the server isn't doing everything. – The code must be opened!

Toorcon RootWars 2004 ● Written by LittleW0lf as OpenInfreno 2.0 ● Completely Open-Source, GPL and BSD Licensed, and available on openinfreno.sf.net ● Agent based – Agent sends traffic out from target to server using ICMP ECHO-REPLY messages – Agent-server collects the messages, verifies that they are valid packets, and records the results

Toorcon RootWars 2004 ● Code is written in both C and PHP – Agent and agent-server are in C – Scorebot, display-manager, and traffic manager are still written in PHP, but scorebot is now just a middle-man ● So, how did it work out?

Toorcon RootWars 2004 ● Lessons Learned – OpenSSL ● Poor Documentation ● Code examples of what we wanted to do were non- existant ● 3 rd Party Books are buggy – Linux to BSD Porting ● No standard base-class: u_int32_t vs uint32_t – Windows Agents ● Code needs some serious work, compiles correctly, but doesn't send icmp messages

The Future ● Next year, plan is to build score-server and images to be installed on the team's own hardware – Teams become the attackers and defenders – Unfortunately, this is the same thing that Ghetto Hackers do, (we don't want to step on their toes, or make Rootwars like Toorcon Rootfu.) However, we know why Ghetto went to this model (it is far easier on the developer and implementer)

The Future ● Need developers... ● Taking agent to the next level – OOB & Subversion – Covert channels – Smarter agents ● Clean-up of code ● Documentation, Documentation, Documentation

Isn't Releasing the Code Dangerous? ● We've fought with this for a while: – Releasing the code could allow for cheating – Releasing the code could allow for attacking of the score system – Releasing the code could allow others to take over RootWars and force us out – Releasing the code could just allow folks to create endless forks in the code...which won't help us much

Isn't Releasing the Code Dangerous? ● Is it really dangerous? – Openinfreno code was up on cvs.sf.net – Benefits of open source far outweigh potential risks – If someone can take over our job, doing it for free, and can do a better job, they are free to do so – Code forks are a risk, but keeping the code proprietary doesn't prevent code forks either

Joining the OpenInfreno Team ● Developers – Development is being done on sourceforge at the moment – Developers are welcome to join...however, folks interested in playing should not join, but can submit code changes to us ● Implementers – Folks interested in running rootwars like games using our code are welcome to do so...please let us know how it works for you, and how we can change it for the better