This year's contest consists of 8 events. Two events will run simultaneously, one easy, one more difficult. Each team will have to choose to participate in the easy event, or the hard event. Easy events are worth 300 pts each. Hard Events are worth 1000. In some cases points are awarded only to the event winner. In others, points will be awarded (on a downward sliding scale) to first, second, and third places or partial points may be awarded.

Teams must choose which contest they will participate in at a given time (the easy one or the harder one). Teams may not split up and participate in both. In the even that teams submit results/participate in both games, they will not receive points for either. Teams may consist of 1 to 4 players.

Each contestant on each team must register on the DEF CON Forums. Registration opens 1 June 2005. A limited number of registrations may be accepted on site at DEF CON 13. Each registered contestant must also check in with the WarDriving contest staff in the contest area at DEF CON 13. Each event will run for a maximum of three hours. Some of the easier games will run for less (in some cases only one hour).

The times for specific contests will be announced on June 1st, however, as a guide, one easy game and one hard game will run from 11 AM - 2 PM on Saturday and Sunday and the remaining games will run from 5-8 PM on Friday and Saturday.

Once you arrive at Def Con, you will need to check in at the Def Con 13 WarDriving contest sign in area located in the Def Con Contest Area.

The "Running Man" is a person on foot, walking in, around and near the grounds of the Alexis Park, enjoying all the DEF CON atmosphere. Now all you have to do is figure out who she/he/it is...

The Running Man is carrying some WiFi equipment that is transmitting an SSID: RunningMan, and is running a Web server. The IP address is 10.10.10.10.

The equipment is mobile, but may not be apparent. It could be a laptop, it could be a PDA, or it could be some weird WiFi device concealed on the Running Man's person.

Players should set their own WiFi devices to the same SSID, and attempt to open the Running Man's Web page. You know you've got the right one, when you see the web page graphic of the "Running Man" movie poster, with the scowling visage of Gov. Arnold Schwarzenegger. Players may check that this is the actual Running Man by verifying signatures on the files. All of the mini games should be carrying a file/files PGP signed by Chris.

The device is transmitting on very low power, and may take some radio directional equipment to locate.

The web server will have additional clues to the identity of the person.

Using those radio directional finding and puzzle solving skills, try to locate the Running Man. Once you think you have the Running Man located, simply walk up to the 'suspect' and ask them "Are you the Running Man?"
If they are the actual Running Man, they will answer "Yes" and you win! They will confirm this by showing you the items hinted at in the clues.

The Running Man will alert the contest organizers that they have been located.

Note: If the person you ask is not the Running Man, expect at least a strange look in response to your challenge. If you really annoyed them, they might also punch you.

Players should realize that this is DEF CON, and than means within 5 minutes of the contest's start approximately 972 spoofed RunningMan web servers will exist. The organizers cannot control this, so don't even bother to ask. Besides, it will add to the challenge. You don't want it to be TOO easy, did you?

Time limit of 1 hour

1) The "Fox" is an Access Point. It is located someplace in the Las Vegas city limits. Now all you have to do is find it (It will NOT be as close as it was last year Renderman!! Or will it? muhahahaha).

2) That AP is sending out an infrastructure SSID: Fox & Hound.

3) Unfortunately for the players, the AP is transmitting on low power, and will take some radio directional equipment to locate.

4) Even more unfortunate is the fact that it is also only transmitting for 15 seconds out of every minute.

5) Using those radio directional finding skills, try to locate the Fox. Players may check that this is the actual Fox by verifying the signature of a file located on the AP server. It will be carrying a file PGP signed by Chris (roamer).

6) You must physically locate the Fox. Once you think you have it located, a contest organizer staff member should be there to confirm it. That person will alert the other contest organizers that they have been located.

7) In the event that the Fox is not located, the team that comes up with the closest LOGGED Longitude and Latitude wins. (*.ns1 format.)

Time limit of 3 hours

No multiple vehicle teams

1) Locate the Tag server. It is on the grounds of the AP.

2) The Tag server the only machine on a infrastructure mode WLAN. SSID: TAGME

3) Unfortunately for the players, the AP is transmitting on low power and has directional antennae/shaped reflectors to limit the signal direction. It will take some radio directional equipment and skills to locate.

4) Using your radio directional finding skills, try to the AP.

5) You will need some skillz to access the AP and server.

6) At the start of the contest an association will take place with the AP. It will then stop and reassociate every 10 minutes for 3 hours.

7) Once having accessed the WLAN, the players must access the shared folder to place the TAG.TXT file. Players may check that this is the actual Tag server by verifying the signatures of a file located on the server. It will be carrying a file GPG signed by Chris.

8) First Person/Team to place the TAG.TXT wins.

Time limit of 3 hours.

The name and public PGP key of each team/player must be submitted before the start of the contest.

Once again, players should realize that this is DEF CON, and than means within 5 minutes of the contest's start approximately 8.6 million spoofed TAG servers will exist. The organizers cannot control this, so don't even bother to ask. Once again, it will add to the challenge.

TAG.TXT format:

Name: YourScreenNameHere
Contest: TAG DC13 MiniWD Contest
Email: YourAccount [AT] YourISP [DOT] domain (This can be a throw away account. It is just for game verification purposes ONLY.)
Password: (Not really. Just seeing if you're paying attention.)

The Last Crusade is a multi-level game which tests your skills in compromising a Wireless Access Point in different secure and insecure configurations.

There are 5 levels in this game. The first level is the easiest access point to compromise and also worth the least ammount of points. Once you compromise an access point you will need to ftp your pgp signed file to the scoring server and download a clue which will help you get to the next level. The next 4 access points gradually increase in the level of difficulty also increasing the number of points earned. The person with the most points at the end of the compitition will be declared the winner and get the 1000 points to use for the overall War Drive contest standings. 

Note: If you do not upload your pgp signed key to the scoring server in each level you will not get points for that level.

Scoring Servers
Level 1: 192.168.1.10
Level 2: 192.168.2.10
Level 3: 192.168.3.10
Level 4: 192.168.4.10
Level 5: 192.168.5.10

Just like when you were a kid, the goal of "King of the Hill" is to get on top and stay on top.

A server will be behind a WPA Access Point. To win the contest, you will have to compromise the AP, then the server, then keep control of both while the other contestants try to kick you out and take control. The winner will be the person with the longest time controlling the server.

The general idea is to incorporate attack and defend methods. The WPA AP will have an initial passphrase of 13 characters. Once the server is compromised and your pgp signed key is uploaded to the server, you must protect your assets (AP and server) from the other contestants. Each time the AP and server are compromised, you must place a text document in the root directory of the server with the passphrase of the AP. We will have an account on the server that must not be deleted. If we cannot check the status of the AP and the server, you will not get credit for the time. How you protect your assets is up to you as long as you follow two simple rules: The passphrase for the AP must not be more than 13 characters and the server must stay on-line.

This is not an "all-or-nothing" contest. The percentage of time the server is protected by any given contestant will be the percentage of 1000 points awarded to that contestant. In other words, if contestant A compromises and protects the assets for 33% of the total time of the contest, then contestant A will be awarded 333 points. If only one contestant holds control of the assets the whole time, that contestant will receive all 1000 points. The total time for this contest is 3 hours.

1) An access point is transmitting the SSID "LPCON" from inside a locked container somewhere on the grounds of the Alexis Park.

2) Teams must utilize DF skills to physically locate the container with the AP inside.

3) Once the container has been located, players must pick the lock of the container and take physical possession of the access point.

4) The first team to locate the access point has until 5 minutes after the next team arrives to successfully pick the lock.

5) As additional teams locate the container, a line will form. While there is anyone behind the working team in line, that team has 5 minutes to complete the task before yielding to the next team. Any team that must yield, may return to the end of the line for another attempt.

6) Once physical access to the AP has been obtained, simply unplug it to end the contest and win.

Time limit: 3 hours

At least one team member must be registered for both the LP Contest and the WarDriving contest.

There will be two different AP connected networks in fixed locations, the Lady and the Tramp.

In order to compromise the Lady, the contestants must first locate and own the Tramp.

Contestants will be provided the SSID and MAC of the Tramp to keep people from attacking other non-game APs.

No information will be given about the Lady, just the Tramp. In order to own the Lady in a timely manner, contestants need information gained from the Tramp.

Tramp:
In the administrator/root account's home directory will be a lady.txt file signed by Chris. This text file will contain information about the Lady that will greatly reduce the amount of time needed to locate and compromise the Lady. Once root access has been gained to the Tramp, contestants must place a flag.txt file in the same directory as the
lady.txt file.

Modifying existing flag.txt files, lady.txt or intentionally interfering with any other contestants in any way will be grounds for disqualification. Competition staff will be monitoring the servers, so don't try it.

Scoring will be done based on the time taken to plant flags on the Tramp and Lady. A faster time on the Lady will be scored more than a fast time on the Tramp, however, shorter time is always better.