HACK@DAC is a hardware security challenge contest, co-located with the Design and Automation Conference (DAC), for finding and exploiting security-critical vulnerabilities in hardware and firmware. In this competition, participants compete to identify the security vulnerabilities, implement the related exploits, propose mitigation techniques or patches, and report them. The participants are encouraged to use any tools and techniques with a focus on theory, tooling, and automation.

       The contest mimics real-world scenarios where security engineers have to find vulnerabilities in the given design. The vulnerabilities are diverse and range from data corruption to leaking sensitive information leading to compromise of the entire computing platform. The open-source SoC riddled with security vulnerabilities has been co-developed by Intel, the Technical University of Darmstadt, and Texas A&M University. HACK@DAC has been successfully running since 2018 with several hundred contestants from academia and industry.

       HACK@DAC is the first-of-its-kind security competition focusing on SoC Security first launched at the Design Automation Conference in 2018. Since then, it attracted massive interest and participations by teams across the globe and evolved into a franchise called HACK@EVENT with annual presence at top-tier industry and academic conferences.

       HACK@DAC 2023 consists of 2 phases, a Qualifying Round and a Live Round. The Qualifying Round was open to all participants and ended in mid-May. Top teams from the Qualifying Round were invited to participate in the Live Competition on July 9-10 at the Design Automation Conference (#DAC60) in San Francisco, CA. Teams had 48 hours to find and exploit as many security vulnerabilities in the “buggy SoC” provided by the competition organizers. Points were awarded to teams that correctly identified security vulnerabilities in the design. Bonus points were earned when teams demonstrated clever use of automation in vulnerability detection and/or exploitation. Teams with the highest scores win.

                     DAC Award Ceremony on July 13, 2023.

Not Your Typical Capture-the-Flag (CTF)

To deliver an immersive, hands-on pre-silicon hacking experience, we prepared a sophisticated “buggy SoC” that incorporated industry-scale security features along with common security vulnerabilities that were inspired by real-world product issues. In addition, we enabled each team with a set of powerful commercial-grade EDA tools in the cloud, while providing options for teams to deploy their own custom tools. Participants in all SoC hacking experience levels were covered.

Behind the Scenes

The HACK@DAC organizing team is made up of industry and academia experts. A big shout-out goes to the team for their flawless execution and outstanding collaboration, working tirelessly since the beginning of the year.

HACK@DAC 2023 Winners

1st: Team “Sycuricon”, Zhejiang University, China

  • Advisor: Yajin Zhoud
  • Members: Jinyan Xu, Yiyuan Liu, Xiaodi Zhao, Jiaxun Zhu

2nd: Team “Calgary ISH”, University of Calgary, Canada

3rd: Team “Bitwise Bandits”, University of Florida, United States and Indian Institute of Technology, Kharagpur, India

3rd: Team “NYU_bounty_hunters”, UNSW, Australia and New York University, United States

Congratulations to the winners of the 6th HACK@DAC Hardware Security Capture-the-Flag (CTF) Competition!