CTF 2006 Prequal Walkthrough: Trivia
The Trivia category was mostly a challenge for exercising your Google-foo if you didn't immediately know the answer out-right.
100: "Hack the ______"
Either you immediately recognize this quote and can't stop yourself from shouting "Hack the planet!!", or you have no idea in the world what this could be. This is a quote from the uber-leet movie "Hackers". Google wasn't much help unless you fed it every 6-letter noun in the dictionary, and found that the correct phrase had about 250k search hits more than the others.
200: What was the final launch code at the end of CTF 2005?
If you were present at DefCon 2005 and stuck around until the end of CTF, you saw the launch code from "War Games". There were a few pictures of the scoreboard online, and Google could have helped a little in finding it.
300: A giant vat of chemicals is about to drain into the water supply. You have only a bar of chocolate, a piece of gum, and a spring to fix it with. But that's OK, because your name is...
Like 100, either you immediately knew the answer to this from spending too much time watching geeky TV like "MacGyver", or you had no clue on earth what was going on.
400: What is the only OS ever to receive an Orange Book A1 evaluation?
Google quickly recovered which kernel had received A1, but it took a bit more digging to find a good Orange Book OS list. Of course, it was the last one on the list.
A "more correct" answer would have been all of the following: Boeing MLS LAN, Gemini Trusted Network Processor, Honeywell SCOMP. We tried several combinations.
500: \xEB\xFE is to x86 as _____ is to PowerPPC (answer is 4 bytes)
This jumped out as an op-code comparison. First step was to figure out which assembly instruction it was: 
$ echo -ne "\xEB\xFE" | ndisasm -
00000000  EBFE              jmp short 0x0
To compare this to another architecture, we needed to have a good description of specifically what this instruction does. The clearest description was "unconditional jump to relative offset returning to current instruction". Basically, loop forever.
PPC doesn't use "jmp" instructions; it uses "branch" instructions instead. While digging out the PPC assembly references, we generated a few branch instructions in assembly and fed them to a PPC compiler and stared at them in gdb. Soon we found "unconditional branch to relative address 0": "b $+0". Dumping the bytes, this was \x48\x00\x00\x00.
ctf 2006 prequals