Pwn2Own Tokyo (Live from Toronto) - Schedule and Live Results
November 05, 2020 | Dustin ChildsWelcome to Pwn2Own Tokyo! For 2020, we’re live from Toronto as the conference and the contest move into the virtual world. This year, ZDI vulnerability researchers in our Toronto office will be running the contest, with all competitors connecting remotely. In a first for us, we will be live streaming the entire contest on Vimeo, Twitch, and YouTube. In between the attempts, we’ll be running videos from previous Pwn2Owns, exploit demonstrations from previous contests, and interviews with the contestants and more. Be sure to check out streams throughout the day. We might not be in the same room, but we’re virtually together and ready for a fantastic contest.
The schedule for today is posted below, and we’ll be updating this blog throughout the day with results and updates. We’ll post a full summary of today’s events (including videos of the attempts) tomorrow morning.
As always, we started the contest with a random drawing to determine the order of attempts. We have a total of 19 attempts scheduled over the next three days. The full schedule for the contest is below (all times Eastern [UTC -4:00]). We will update this schedule with results as they become available.
Day One – November 5, 2020
1030 - STARLabs targeting the LAN interface on the NETGEAR Nighthawk R7800 router
SUCCESS - The team from STARLabs combined a pair of bugs to gain code execution on the LAN interface of the router. They earned $5,000 and 1 point towards Master of Pwn.
1200 - Trapa Security targeting the Western Digital My Cloud Pro Series PR4100
SUCCESS - The team combined an auth bypass bug and a command injection bug to gain root on the system. They win $20,000 and 2 points towards Master of Pwn.
1330 - Team Flashback targeting the WAN interface on the NETGEAR Nighthawk R7800 router
SUCCESS - The Flashback team used two separate bugs to get code execution through the WAN interface. They win $20,000 and 2 Master of Pwn points.
1430 - 84c0 targeting the Western Digital My Cloud Pro Series PR4100
PARTIAL - The 84c0 Team successfully demonstrated the RCE, but the bug used had been previously reported. This counts as a partial win, but receives no Master of Pwn points.
1530 - Team Black Coffee targeting the LAN interface on the NETGEAR Nighthawk R7800 router
FAIL - The Black Coffee team could not get their exploit to work within the allotted timeframe.
1630 - The Viettel Cyber Security team targeting the Samsung Q60T television
PARTIAL - The Viettel Team was able to get a reverse shell on a fully patched Samsung TV, but it was done using a known bug. This counts as a partial win, but it does net them 1 point towards Master of Pwn.
1730 - Trapa Security targeting the LAN interface on the NETGEAR Nighthawk R7800 router
SUCCESS - The team combined a command injection bug to exploit the router and take complete control of it. They win $5,000 and 1 more point towards Master of Pwn.
Day Two - November 6, 2020
1000 - Team Flashback targeting the WAN interface on the TP-Link AC1750 Smart WiFi router
SUCCESS - The Flashback team used a toal of three bugs to get code execution through the WAN interface. They win another $20,000 and 2 more Master of Pwn points.
1100 - Team Bugscale targeting the Western Digital My Cloud Pro Series PR4100
PARTIAL - The Bugscale Team successfully demonstrated the RCE, but one of the bugs they used had been previously submitted during the contest. This counts as a partial win, but receives no Master of Pwn points.
1200 - 84c0 targeting the LAN interface on the NETGEAR Nighthawk R7800 router
PARTIAL - The 84c0 Team successfully demonstrated the RCE using 3 different bugs. However, one bug used had been previously reported. This counts as a partial win, but 84c0 still earns $4,000 and .5 Master of Pwn points.
1300 - F-Secure Labs targeting the Samsung Q60T television
PARTIAL - The F-Secure Labs Team was able to get a reverse shell on a fully patched Samsung TV, but it was done using a known bug. This counts as a partial win and nets them 1 point towards Master of Pwn.
1400 - Sam Thomas of Pentest Ltd targeting the Western Digital My Cloud Pro Series PR4100
PARTIAL - Sam was able to get code execution on the Western Digital NAS using 2 bugs, but 1 of the bugs had previously been submitted. He still earns $10,000 and 1 point towards Master of Pwn.
1500 - Synacktiv targeting the LAN interface on the TP-Link AC1750 Smart WiFi router
SUCCESS - The Syacktiv team used a toal of three unique bugs to get code execution, and plenty of flashing lights, via the LAN interface of the TP-Link AC1750 router. They earn themselves $5,000 and 1 point towards Master of Pwn.
1600 - DEVCORE team targeting the Synology DiskStation DS418Play NAS
SUCCESS - The DEVCORE team used an elegant heap overflow to get arbitrary code execution on the Synology NAS. This earned him $20,000 and 2 points twowards Master of Pwn.
Day Three - November 7, 2020
1000 - DEVCORE team targeting the Western Digital My Cloud Pro Series PR4100
PARTIAL - The DEVCORE team had a successful demonstration for a partial win. They used a 6 bug chain to gain code execution, but 2 bugs had previously been reported. They still win $17,500 and 1.5 Master of Pwn points.
1100 - Team Bugscale targeting the LAN interface on the NETGEAR Nighthawk R7800 router
FAIL - The Bugscale team could not get their exploit to work within the allotted timeframe.
1200 - Gaurav Baruah targeting the Western Digital My Cloud Pro Series PR4100
PARTIAL - Guarav was able to successfully get a root shell on the device. However, the bug he used had been previously submitted. He still earns 1 point towards Master of Pwn.
1300 - The Viettel Cyber Security team targeting the Sony X800 television
PARTIAL - The Viettel Cyber Security Team gets a partial win. They were able to read sensitive files from a fully patched Sony X800 smart TV. However, the bug was publicly known. This partial win does get them 1 point towards Master of Pwn.
1400 - STARLabs targeting the Synology DiskStation DS418Play NAS
SUCCESS - The team from STARLabs used a race condition and an OOB Read to get a root shell on the device. They earned $20,000 and 2 points towards Master of Pwn.
As always, we’ll update this blog with results throughout the day and recap each day’s events in a separate post. Don’t forget to check out our streams for the latest action. You can also find the latest results by following our Twitter feed. Best of luck to all of our contestants!