Hardware CTF Challenge Page: https://hwctf.quarkslab.com

By popular demand, the Hardware CTF organized by Quarkslab team is back for a second edition!

Ever wondered how to break a smart lock? How to spy on embedded devices? How do car chips work? How to desolder and reball a flash chip? Then this CTF is for you!

We've got plenty of challenges related to various themes such as RFID, Bluetooth, Automotive, Side-Channel Analysis, (de)Soldering, Radio, and much more. We will provide the hardware hacking tools you might need (Soldering Iron, Logic Analyzer, etc.) as well as guidance on how to use them.

Just grab your PC and come try to solve our challenges. You'll have fun, learn new skills and who knows, maybe use these skills to break real embedded devices and propose a talk for next year!

Requirements: A PC with Linux is needed for some of the challenges, but we've also some other ones that can be done without PC.

How to Participate: Once the CTF is open, come to our booth, register a new team and start playing!

CTF Time: The CTF will be open from 13/09/2018 10:00:00 to 14/09/2018 16:45:00.

Position Prizes
1st Winner
  • $1000 Cash
  • hardwear.io 2019 Corporate Conference Pass
  • Hardware CTF T-Shirt
  • NoStarch Books & Vouchers
2nd Winner
  • $500 Cash
  • hardwear.io 2019 Corporate Conference Pass
  • Hardware CTF T-Shirt
  • NoStarch Books & Vouchers
3rd Winner
  • $250 Cash
  • hardwear.io 2019 Corporate Conference Pass
  • Hardware CTF T-Shirt
  • NoStarch Books & Vouchers

Organized by:


Interested in Industrial Control System Security? The Applied Risk team is back with another security challenge for you!

Visit our table at hardwear.io to talk ICS security with our consultants - or take a shot to be the first to disable our industrial device setup to take home an iPad mini!

Used in real life facilities across the world, our device challenge will give you a taste of what our team deals with on a regular basis. Come say hello, ask some questions and learn some new skills or put your skills to the test!

Requirements: You will need your own computer to be able to access the device.

How to Participate: Show up to the Applied Risk booth from 13/09/2018 10:00 to 14/09/2018 16:00 and take as much time as you need!

Prize: First person to hack and disable our ICS device will take home the iPad mini.

Organized by:
Applied Risk CTF

hardpwn logo

hardpwn - Hardware Hacking Contest @hardwear.io 2018 #HackFearlessly
12th - 14th September 2018

hardwear.io is coming up with new hardware hacking contest called hardpwn. First edition of hardpwn contest will be held during hardwear.io conference at The Hague, Netherlands. At hardpwn, you will be able to hack fearlessly (vendor is asking you to) and get rewarded. Companies might recruit you if they really like your skills & hacks.
So hackers, bring your hacking machines to hardwear.io and hack fearlessly.

What is the contest?
  • We provide hardware devices (target) to the security researchers who have expertise in Side-Channel attacks, RFID/NFC Hacking, Breaking Crypto, Reverse Engineering the Firmware, etc.
  • If they find an issue they will report the vulnerability to the OEM directly in a very controlled manner at the conference.
  • In return, OEM will reward the researcher with a prize depending on the severity of the finding.
  • There would be an NDA signed and the participants would not be allowed to disclose the finding in public till the issue is fixed by the vendor.
Target Devices:

We have:
(1) Google Titan Security Key
(2) Noke Smart Lock Device
(3) myStrom WiFi Switch
(4) Nuki Smart Lock Device
(5) Nest Hello
(6) 3rd gen Nest Learning Thermostat
(7) myStrom WiFi Button
(8) Google Home Mini
(9) Google WiFi
(10) Nest Secure
(11) Nest Protect
(12) Nest Cam IQ
as target.

Note: To make your hacking experience smoother, we have following hardware hacking tools available at the hardpwn booth (but in limited quantities):
JTAGulator, Chipwisperer, Expliot NANO, Hydra Bus, USB Microscope, Rework Station, USB- TTL, Proxmark3, Ubertooth, TNM5000, Jlink, Saleae logic


Step 1: Create zerocopter account: https://app.zerocopter.com/users/sign_up
Step 2: Ask for the device you are interested in.
Step 3: Show your conference registration at the HardPwn desk.
Step 4: Pickup the target device of your choice and identify the vulnerabilities.
Step 5: Add info to the Google VRP page (in case of Google devices) or the zerocopter portal for the device (in case of non Google devices). You can find the list of these URLs below.
Step 6: Return the device to a volunteer at the HardPwn desk.
Step 7: Get your prizes after day 2 of the conference.

Noke Smart Lock: https://app.zerocopter.com/en/rd/42e0cb59-ff5b-4c20-ba39-818d51093028
myStrom WiFi Switch: https://app.zerocopter.com/en/rd/f9db0119-77a2-4566-a6a1-f41ba4eb158b
Nuki Smart Lock: https://app.zerocopter.com/en/rd/15b7d03d-0ef9-4c0e-969b-48cbc70f57b0
Nest Devices: https://www.google.com/about/appsecurity/reward-program/
Nest Guard: https://www.google.com/about/appsecurity/reward-program/
Google Home Mini: https://www.google.com/about/appsecurity/reward-program/
Google Wifi: https://www.google.com/about/appsecurity/reward-program/
Google Titan Security Key (Both USB and BLE): https://www.google.com/about/appsecurity/reward-program/

Contest Prizes:

Researchers will be rewarded with a minimum cash prize of $500 & on-words depending on the severity of the bug finding.

Participating Companies:

Google at hardpwn
Nest at hardpwn
Nuki at hardpwn
Noke at hardpwn
myStrom at hardpwn