Phantom Protocol

A phantom has hacked hackUMBC, threatening to shut down the event. Become a digital detective, find two secret flags hidden in our network, and restore the system. Can you save the hackathon?

Comment

Phantom Protocol

Inspiration

As newcomers to cybersecurity, our curiosity was sparked by the CTF (Capture The Flag) track at hackUMBC. We decided to try the famous "Bandit Over The Wire" CTF, a well-known starting point for beginners. The feeling of accomplishment after solving just the first challenge was incredible and lit a fire in us. As a team of software developers, we were inspired to dive deeper, learn more about this fascinating world, and build a captivating, challenging, and fun CTF of our own.

What it does

We all grew up with stories where heroes outsmart villains to save the day. We channeled that classic concept into our project. "Phantom Protocol" casts the participant as the hero in a digital detective story set during hackUMBC. A mysterious hacker, the "phantom," has compromised the event's check-in system, threatening to bring the entire hackathon to a halt. Participants are challenged to follow a trail of cryptic clues left by the phantom across different campus systems. Their mission is to uncover two hidden authentication flags, restore the security protocols, and ultimately save the event from collapse. It’s an interactive narrative that turns every player into a cybersecurity hero.

How we built it

Leveraging our web development skills, we built the project using HTML, CSS, and vanilla JavaScript to create a clean, interactive user interface. We were particularly impressed by the UI of a CTF organized by NightWing running during the hackathon, which inspired us to focus on a polished user experience. We designed a simple, thematic interface that guides the player through the story, presenting them with challenges in an immersive way without needing complex backend infrastructure.

Challenges we ran into

The biggest hurdle was designing the puzzles themselves. It was a delicate balance: we wanted to hide the flags in a way that was challenging and rewarding, but not so obscure that it became frustrating. We spent a lot of time brainstorming creative ways to conceal information, from embedding clues in source code to using simple ciphers. Ensuring the story remained consistent and engaging across all levels was another significant challenge, as each puzzle needed to feel like a natural step in the investigation of the phantom.

Accomplishments that we're proud of

We are incredibly proud of building a complete, multi-level CTF from scratch, especially as beginners in this domain. We successfully created a cohesive narrative that makes the challenges feel meaningful and engaging. More than just a series of puzzles, we built a story. We're also proud of the user interface we designed, which is both functional and aesthetically pleasing, enhancing the overall experience for the player. Ultimately, we created something we would genuinely enjoy playing ourselves.

What we learned

This project was a massive learning experience. We dove into the fundamentals of CTF design and learned about various puzzle categories like web exploitation, forensics, and cryptography. We explored techniques for hiding information, such as steganography, analyzing network requests, and inspecting web elements. On a creative level, we learned about narrative design and how to craft a story that pulls the player forward. Most importantly, we started to develop a "hacker mindset"—learning to think critically and unconventionally to uncover hidden solutions.

What's next for Phantom Protocol

We see a lot of potential for integrating AI to make "Phantom Protocol" even more dynamic and engaging. Future versions could include:

  • AI-Powered Dynamic Challenges: Using a generative AI model to create unique puzzles or code snippets with subtle vulnerabilities for each player, ensuring no two playthroughs are the same.
  • An AI Antagonist: Integrating an AI chatbot that acts as the "phantom." Players could interact with it, attempting to use social engineering to extract clues, adding a whole new layer to the investigation.
  • Intelligent Hint System: Developing a smart hint system powered by an LLM that provides contextual nudges based on a player's progress without giving away the solution.
  • Procedurally Generated Storylines: Using AI to generate new narratives, locations, and challenges, allowing us to endlessly expand the "Phantom Protocol" universe for future events.

Built With

Share this project:

Updates