HACK@DAC 2022

San Francisco, CA July 10 - July 12, 2022

It's Time to Start Your Adventure

WHAT IS HACK@DAC?​

HACK@DAC is a competition, coincides with the DAC conference, for penetration testing of the hardware and firmware. In this competition, participants compete to identify the security vulnerabilities, implement the related exploit, propose a mitigation technique or a patch, and report them. The participants are encouraged to use any tools and techniques with a focus on theory, tooling, and automation.

This year, yet another RISC-V soc with security vulnerabilities ready to be exploited

WHAT ARE WE FOCUSING ON THIS YEAR?

This year, we together develop practical and effective solutions and computer-aided tools to identify the vulnerabilities more efficiently in buggy SoC, with a special focus on theory, tooling, and automation

The competition is held in two phase

WHAT HAPPENS IN PHASE I?

In phase I, participating teams will be provided with a “buggy” SoC, including a diverse set of bugs akin to real-world Common Vulnerabilities and Exposures. The participants are required to identify and exploit as many security vulnerabilities as possible. The detailed specification, the required security properties, and the threat model will be also provided. To minimize the barrier of entry for teams, the participants are free to use any tools and techniques needed.

After Phase I, the qualified teams will compete in phase II
Live!

WHAT HAPPENS IN PHASE II?

In phase II, the teams will be provided an SoC including a new set of more bugs. The finalists will compete in a live capture-the-flag competition. They will need to apply their techniques and developed tools to detect and exploit as many vulnerabilities in a limited time-frame.

Bugs and exploits submitted will be evaluated live and winners will be announced in DAC conference.

WHO CAN PARTICIPATE?

In phase II, the teams will be provided an SoC including a new set of more bugs. The finalists will compete in a live capture-the-flag competition. They will need to apply their techniques and developed tools to detect and exploit as many vulnerabilities in a limited time-frame.

THe registration is open
now!

DEADLINES?

  • Phase I registration starts: 3rd March 2022
  • Phase I starts: 30th March 2022
  • Phase I ends: 5th June 2022
  • Phase I results announced: 26th June 2022
  • Phase II starts: 10th July 2022

should you have any questions, feel free to contact us!