Building a CTF in Minecraft

Some might say looking at the WHA blog, things are a little quiet at the minute; oh if only that were the case! I personally have been working on a mini-project related to the Cyber Security Challenge’s (CSC) new platform – Play on Demand (PoD). With graduation lined up for next week, and having spent the past few weeks preparing to start work in July, it’s been the perfect time to work on building a challenge of my own. But what exactly is this challenge?

So I found myself playing Minecraft reminiscing about a month ago following the completion of exams, and just felt that I was wasting time, even if I was fulfilling the need of my creative juices. But I thought to myself, “Surely I can do or make something worthwhile with Minecraft whilst also having fun?” Then it hit me; why not make a Minecraft Capture The Flag (CTF) challenge for PoD. I spent a few days thinking about what I could possibly do, seeking inspiration from the many CTFs I’ve participated in. The one thing that really stood out for me: it needed to be fun, interesting and different. If any of you have played Hacky Easter, the diverse range of challenges really makes it stand out. I’d highly recommend anyone to check out Hacky Easter 2016, and review the write-ups of Hacky Easter 2015 in preparation.

Where to begin?

Building the world from scratch was the first decision I made; from there I could build any buildings and paths that I wanted without worrying about trees and other natural Minecraft occurrences getting in the way. I quickly changed to peaceful mode too, I didn’t want any pesky creepers getting a peak at the challenges as they were being built. That being said, I couldn’t turn off animals and I quickly found the world turning into half challenge, half farm. Ah well, I suppose it adds to the atmosphere.

Animals taking a sneak peak at the challenge

Onto the challenges themselves, what exactly is included?

Well, if you haven’t played Minecraft you probably should. Check out the official trailer so see the true potential. The world is made up of square blocks, and everything in the world is made up of these blocks, from the ground you walk on, to the trees all around, to the buildings made up on anything from brick, wood, stone or anything else you decide. And so with this mass of blocks, we can design anything we want. The perfect candidate for the first challenge is a QR code. Both white and black wool can be used to create perfect looking QR codes that really stand out in game. But what exactly can you do with QR codes? Turns out quite a few things, and if you play the challenge you’ll find out for yourself. Jukeboxes were another interesting idea, the possibility of playing different notes, requiring the player to decode them and find the hidden message – you’ll find them in the challenge too. The most obvious choice for a challenge however – Redstone! Now I’ve played with Redstone in the past whilst exploring and building in Minecraft, but never really to build logic gates and extensive circuits. Needless to say, the countless online resources made it quite simple to pick up. You’ll notice a fair share of Redstone circuitry as you play through the game, with assorted buttons, hidden levers and entrances. It really helps to convert the map from a static world of blocks into a much more dynamic and engaging experience, which I hope will draw in players. I’ve tried to incorporate Redstone in different manors, but only really managed to scrape the surface of the potential that Redstone brings.

Redstone circuitry in Minecraft!

Everyone loves QR codes right?

Gotta' love a bit of a QR code

How is this all going to work then?

The premise, at the time of writing, will include the user downloading the game files which they can load into their game directory. For any users who haven’t purchased Minecraft, the trial can be downloaded from the Minecraft website allowing for around 100 minutes of gameplay, which should be a reasonable amount of time to complete the map. Upon loading the game, the player will face some instructions before being allowed to roam free throughout the mini-village. A gravel path and challenge numbers provides a flow of which to follow, however it’s entirely up to the user which route they take. Each challenge will provide one or two flags which can be entered online for points. The only Minecraft-specific tool required should be the game itself, although some players may decide to use plug-ins, mods or other tools to interact with the map. There is no restriction, although I’d be really keen to hear of how you solved a challenge using an intuitive alternative method. Each of the challenges range in difficulty, and many may require a pen and paper or your favourite scripting language to solve. (An image editor may be useful too.) There will be a time restriction of when you can submit answers, but this is yet to be finalised – I haven’t quite managed to finish the map yet.

Just because the path directs you one way, doesn't mean you have to take it!

It's not all fun and games though, one wrong move and you might find yourself fighting for your life. Then again... I wonder what's hidden down here?

I wonder what's lurking in the water

What next?

Not only is Minecraft a game, but it’s used for all kinds of other purposes too. Many teachers are resorting to teaching subjects using Minecraft, dubbed “Game Based Learning”. In a sense, this CTF is kind of the same principle, but more directed towards self-study. There may even be a gap to target this to school students through the CSC. This map really is only a beta version, with so much potential for more. Every block placed was done so by hand, and I thoroughly enjoyed doing so. That being said, there’s nothing stopping more efficient methods being used to create more and more challenges or maps. For now though, I’m keen to see how things go and would really appreciate any feedback from anyone who plays the game. Feel free to add a comment here, or message me via Twitter (@MattWhatkins)

Once the challenge is released on CSC PoD, I’ll place a link here.