Skip to content
Deep Thought

Exercise REST Attack and Defense

ClientCommunication.excalidraw.svg

Create a C# program that competes in a game where we try to hack other computers in the local network.

Your program consists of the following parts:

  • REST API
    • Other clients can query your status and try to attack
  • REST Client
    • Access other computers in the network and try to attack them.
  • Blazor Status Page
    • Shows the current status of your program

Status values

Your program has to keep track of these status values:

  • Points: You start with 20 points. When you reach zero points you lost the game and your client must stop participating. The state of your program switches from “running” to “stopped” and you no longer react to any hacking attempts.
  • Attack: Value that indicates your attack power and thus your chance of succeeding in a hack. Initial value: 10
  • Defense: Value that indicates your defense power and thus your chance of withstanding an attack. Initial value: 10
  • NumberOfAttacks: Counts all of YOUR own attempts to hack someone else’s computer.
  • NumberOfSuccessfulAttacks: Counts successful hacking attempts.
  • NumberOfDefenses: Counts all the attempts of other clients trying to hack your computer.
  • NumberOfSuccessfulDefenses: Counts successful defense attempts.

REST API

Your API will listen on the 1337 port and offers the following endpoints:

Status

GET /status

Returns the status of your program in the following format:

{
  "Points": 20,
  "Attack": 10.0,
  "Defense": 10.0,
  "State": "running" | "stopped" | "disabled"
}

Hacking Attempt

POST /hacking-attempt

The client sends the following body with a hacking attempt request of the following format:

{
  "Attack": 10.0 // the current attack value of the client
}

Your API responds with the message of the following format:

{
  "HackingResult": "Hacked" | "Defended"
}

Determining the outcome of a hack attempt

When the client tries to attack another API, the attack value will be calculated by using the current attack value and adding/removing up to 10% randomly. This randomly changed value will be sent to the API in the body of the HTTP request. When the API receives a hacking attempt request, it will calculate its defense value by using its own current defense value and adding/removing up to 10% randomly. It then compares this value to the attack value of the request. If the attack value is greater than the defense value, the hack was successful, otherwise the hacking attempt was defended.

Service unavailable

Whenever your program is in either the stopped or disabled state, you respond with a 503 - Service unavailable response to any requests to the hacking attempt endpoint and don’t process the request.

Changing your stats

When you successfully hack another API, you will gain one attack value and receive a point. When you fail to hack another API, you will lose one attack value and lose one point. When you successfully defend a hacking attempt you will gain one defense value and receive a point. When you fail to defend a hacking attempt you will lose one defense value and lose one point. When you got hacked you enter the disabled state for 5 seconds. You will gain back one defense value for every 5 successfully performed hacking-attempts. Any requests that don’t receive a valid response, or receive a 503 status code will be ignored and don’t lead to any change of your stats.

Client

Your client will get a list of IP addresses that can be configured before start. Each IP address potentially hosts an API as described above, listening on port 1337. It is up to you how you implement your client. As long as you are not in the stopped or disabled state, you can perform any request, trying to get the status of other APIs, or try to attack them, by sending hacking-attempt requests. Whenever you are in the stopped or disabled state you must not start any new requests. Requests that are still running can be continued until they finished processing. All your requests must include the header:

Attacker: FirstName LastName

Blazor Status Page

Build a simple status page, that displays your current status and all your status values in real time. As long as you are in the running state, show a bright green background color. When your program is in the disabled state, show a bright red background and prominently display the message: “Got hacked by {attackers_name}”. When your program is in the stopped state, show a gray background color and prominently display the message: “DEFEATED”

Configuration

Design your application, so that you can easily configure all values in one central place, so that you can tweak your program and restart it quickly with new values if needed:

Configuration values with their initial default values:

  • StartingPoints - 20
  • StartingAttackValue - 10
  • StartingDevenseValue - 10
  • PointsGainedForSuccessfulHack - 1
  • PointsLostForUnsuccessfulHack - 1
  • AttackValueGainedForSuccessfulHack - 1
  • AttackValueLostForUnsuccessfulHack - 1
  • PointsGainedForSuccessfulDefense - 1
  • PointsLostForUnsuccessfulDefense - 1
  • DefenseValueGainedForSuccessfulDefense - 1
  • DefenseValueLostForUnsucessfulDefense - 1
  • NumberOfSuccessfulHacksForExtraDefense - 5
  • NumberOfDefensePointsGainedForExtraDefense - 1
  • DisabledStateDurationSeconds - 5