Pwn2Win CTF 2018 NIZK (Non-Interactive Zero-Knowledge) Platform
Switch branches/tags
Nothing to show
Clone or download

Pwn2Win CTF 2018

About our NIZK (Non-Interactive Zero-Knowledge) Platform:


  1. All team members must have a GitHub account and configure a SSH key in their account settings.

    Important Note: If you are unable to follow the installation instructions below, or is simply too lazy to do all the steps, we made a LXD container preloaded with this platform. If you prefer Docker, we made a Dockerfile too. If you want to install directly in your machine (instead of containers), just ignore this note.

  2. All team members must clone the repository and install the dependencies:

    git clone
    cd 2018
    sudo apt-get install libsodium23
    curl | sudo -H python
    sudo -H python -m pip install -r pip-requirements.txt

    Note: Any libsodium version >= libsodium18 is supported. However, recent pysodium has a bug when used together with old libsodium. Therefore, if you use libsodium18, please change pip-requirements.txt second line to pysodium == in order to use exactly the pysodium version which works correctly with libsodium18.

  3. All team members must have the git client correctly set up. If you have never used git before, run:

    git config --global "John Doe"
    git config --global
  4. If dependencies are installed correctly (or if you used one of our preloaded containers), you should now see the help menu when calling:

    ./ctf -h
  5. The leader of the team must execute the following command and follow the instructions to register the team:

    ./ctf init
  6. The other members of the team must login to GitHub without registering a new team, by running:

    ./ctf login
  7. After that, the leader must share the team-secrets.json with the members of the team. The other members of the team must place the team-secrets.json file shared by the leader in their 2018 directory.


Challenges are available on

If you prefer to browse them locally, you may also run a local webserver by typing ./ctf serve, or list challenges through the command line interface:

./ctf challs

Flag submission

To submit a flag:

./ctf submit --chall chall-id 'CTF-BR{flag123}'

You may omit --chall chall-id from the command, however it will be slower to run this way. In this case, we will look for the flag in every challenge released until now.


To get the VPN credentials after your team has unlocked it (by solving at least 6 challenges - see the rules page for more details):

./ctf news --pull


You can see the scoreboard in the game link (, locally (if you ran the local webserver) or through the command line interface:

./ctf score --names --pull


You may reach us through #pwn2win at