The Schemaverse Championships - DEF CON 21 in Las Vegas

<ExecutiveSummary> Holy crap, that went well. Thnx! </ExecutiveSummary>





Did I mention how well this contest went this year? I’m still kind of in awe to be honest. I don’t even know where to start.



To truly describe how well this year went, I need to admit that last year was pretty much an absolute failure. My write-up last year may have slightly glazed over this fact but I think now is a good time to go into it. Anybody who runs a contest at DEF CON knows just how much work goes into it; months of planning, stupid amounts of money, pride-crushing emails to potential sponsors, and all-nighters of caffeine fuelled preparation for nights leading up to the conference - all while doing your best not to get fired from other grown-up responsibilities. We do it because we love DEF CON and we believe in our event, we know people will have an awesome time competing if they just give it a try.



Last year nobody tried. The only player was the same winner as the year before.

I had to illicit friends remotely so it would at least look some some sort of competition was happening.



It was painful to be involved in and, as confirmed by friends, painful to watch. But the response by people at the booth was completely positive! People absolutely loved the idea, they just didn’t have time to play. There was too much to do at DEF CON. I can’t blame them really, DEF CON has so much to offer, not everybody wants to get down and dirty in a SQL/AI competition.



So what the #$%@ was I to do? Honestly, the option of folding the contest and just going back to a happy drunk stumbling around for DEF CON 21 never even came to mind. I HAD to fix it. This contest is just as weird as the folks in attendance and I was determined to find that niche of players.



If time was the main complaint, I hoped to remove that hurdle.



And so, The Schemaverse Tournament became The Schemaverse Championships and the Qualifying Rounds were added leading up to DC21. My hope is that this would force a few people to learn to play and prepare their AI scripts and infrastructure, long before their first drink in Las Vegas. I even bought Human badges for the winners to help get them there if they won the qualifier.



We ended up running three qualifiers leading up to the conference and another on the first day of DC21:

The First Qualifier - PGCon in Ottawa, ON

The Second Qualifier - Open, Internet Land

The Third Qualifier - Open, Internet Land

The Fourth Qualifier - DEF CON 21



The qualifiers ended up being fairly dominated by people I had met at the previous year who didn’t have time to play there but had since really gotten into the game.



Running qualifiers also had another benefit of getting our name out there a lot more. With retweets from @TCMBC, @_DEFCON_ and @thedarktangent helping announce our results, it certainly helped legitimize the entire endeavour.



In the true sprit of DEF CON, we even had somebody find an absolutely disastrous vulnerability at our PGCon qualifier, allowing them to DROP DATABASE Schemaverse if they had wanted to. This made them the second person in our four year history to award themselves the SQL Injection Trophy.



Alright, enough blabbering about how we got here, on to the Championships!



The championship round started with 69 registered users and about 20 who were actively ready to participate. This even included players who had never touched Schemaverse before who spent all night Friday getting ready until 4am, followed by large chunks of time at our booth stealing Internet and knowledge to assure they had a chance.



AND….The round started with Shepherd taking over the entire map within three minutes, pretty much putting an end to the game.



Rule Change!

I absolutely love a good hack but I wasn’t having a repeat of last year where nobody could play, so a change was made to allow ships to spawn anywhere, rather than only on top of planets they own.



Once the new rule was put into place, we had ourselves a battle.





Cisphyx was quick to add a little happiness and joy to the battle, making friends - not war. He decided to only conquer planets within this happy face shape:





Impressively enough, he even managed to hold the happy face throughout the entire battle.





The Results



Another success! I was able to give out every single prize :D



First Place: Shepherd

Shepherds early hack no doubt gave him a huge advantage but the rule change still made it a close battle. Shepherd won with a final score of 300 points, and next to players had 100 (Yen) and 0 (Cisphyx). Negative points are extremely common in the Schemaverse.



Prizes:

The Schemaverse Championship Mug

Keyport Slide 2.0

Human Badge for DEF CON 22 (Thanks DT for this donation!)





Holding Bitcoinopolis: RoboG

This outcome was actually pretty funny, Yen almost took it home but due to a flaw in a hack he was performing, the Schemaverse player (user 0) was actually the real last player holding this planet. We decided to look at the player who was holding it before Schemaverse took it over and that player was RoboG.



Prize:

0.5 Bitcoin Casascius coin (A physical bitcoin :D )





Most Money: Yen

Yen had a LOT of money at the end of the game was definitely deserving of the award… How he acquired his wealth was a tad suspicious though ;) [See Best Hack #2]



Prize:

1 Bitcoin Casascius coin (A physical bitcoin :D )





Best Hack #1: Shepherd

Shepherd has been playing the game a couples months now but I have no idea how long he has been holding onto this hack. We knew something was up when he took over the entire map in three minutes, but we were left guessing about the hack until the end. Once the game was over, he was nice enough to let us in on the method.



I check for everything else during ship creation but apparently I forgot to make sure Range wasn’t being overridden. Whoops. This allowed him to build ships that could perform actions on any ships and planets he wished, regardless of where they were.



It was as simple as: INSERT INTO my_ships(name,range) VALUES(‘Omnipotent’,2147483648);



Prize:

$160 - Half the $300 jackpot







Best Hack #2: Yen

Given Yen’s impressive ability to acquire wealth, it was clear something was up here too. Luckily, for a chance at the best hack pot, he was happy to describe his methods.



Yen, who had never even played The Schemaverse before coming to DC21, ended up spending a huge amount of time reading through the source and came across a real nice little vulnerability. He figured out how to confirm both sides of a trade. This let him add other player’s money to a trade and then confirm it over to his own player. He could also trade fuel and even ships to himself.



Prize:

$140 - Half the $300 jackpot









Other Stats

I always like to give some other random stats about what took place in the game. It certainly shows how much the game as grown over the years.



Total active players: 20 (!) - Out of 69 who signed up



Total actions that took place: 3,600,000+



Total Tuples Returned (for you database nerds): 160,000,000,000+



Time it took for the SQL scrolling across the screen to finish after the database was shut down: 25 Minutes





Sponsors



As always, I must offer a huge thanks to all of our sponsors:

Keyport ( www.mykeyport.com ) - Prize Donation. Screw keychains, these things are great

Navicat ( www.navicat.com ) - Prize Donations for our Qualifiers. Awesome database administration software

PGExperts - Prize Donations for our Qualifiers - These folks Eat, Sleep and Drink PostgreSQL

PGCon Committee - Totally made the first (and only) on-location qualifier happen

DEF CON - Entry for the contest staff, the booth, the Internet and the spotlight







Final Thanks



The fine folks at SauceTel including: appl, rick, Candy, Cloin & tigereye.

They help me run the contest, man the booth to the point of losing their voices and made sure there is a constant supply of booze. DEF CON is what it is to me because of these jerks\b\b\b\b friends.



PostgreSQL - Another year and no direct attacks on PostgreSQL itself! Thanks to all the core devs who somehow manage to keep making a stable product that happens to also be constantly rocking new features.



Pyr0 and his lovely band of misfits.

You guys gave me an incredible piece of real estate on the con floor and have done so for three years now. You put blind faith into something (and somebody) you know nothing about and hope that it fills a niche people are looking for. I hope we do not disappoint.



Finally, thank you to absolutely everyone that walked by the booth and said Hi. I will not lie, having a booth where people come to YOU is a definite perk of running a contest. Thank you for the wonderful conversation and constant laughs.







See you at DEF CON 22. I promise you The Schemaverse will return bigger and better than before. Don’t forget to go to our home page and play on the public server throughout the year to get ready!

-Abstrct



www.schemaverse.com

josh [ at ] schemaverse [ dot ] com

@Abstr_ct