🕵️‍♂️ Building a Cybersecurity CTF Game with Amazon Q Developer CLI

🌟 Why I Built a Terminal-Based Digital Forensics Game

I wanted to build more than just a puzzle. My goal was to create an immersive simulation that helps players develop real cybersecurity skills through hands-on interaction — under pressure.

The mission:

• Simulate a real-world incident response scenario
• Create a UNIX-style terminal interface
• Teach players digital forensics and debugging
• Increase challenge over time with progressive corruption

The result? BlackDOS Terminal — a Pygame-powered game that drops players into a retro terminal interface, giving them 15 minutes to extract evidence before the system collapses.

View the Full Walkthrough Video here: https://www.youtube.com/watch?v=8VvDf0qFb7k
View Github Repo here: https://github.com/Vivek0712/ctfgame-amazonq

---

🤖 How Amazon Q Developer CLI Helped Me Build This Game

✅ My Prompting Strategy

Rather than asking for everything upfront, I used a layered prompting approach:

First prompt:

You have received a suspicious file named `shadow_terminal.py`, and your job is to investigate it. When executed, it opens a Pygame-rendered fake terminal environment simulating an old-school UNIX-like system called BlackDOS. The interface mimics a real terminal with a blinking cursor, command input, and text-based output, but something feels off. You are tasked with uncovering the backdoor left by an insider and capturing the hidden flag. The fake terminal accepts commands like `ls`, `cat`, `ps`, `whoami`, `history`, `strings`, `ssh`, `debug`, and `dump`, some of which behave normally while others are glitched, non-functional, or reveal misleading information. The filesystem lists files such as `note.txt`, `.hidden_log`, `blacknet_config.sys`, and `shadow_engine.bin`. Hidden files are not visible unless the player uses `ls -a`. Viewing `.hidden_log` reveals a cryptic hint about corrupted memory regions. Using `history` shows previously typed commands, but one line appears obfuscated using XOR, which must be decoded with a custom command `decode -x`. Running `debug shadow_engine.bin` opens a fake debugger UI inside the same Pygame interface with commands like `break 0x0040`, `dump mem 0x0030:0x0050`, and `strings shadow_engine.bin`. These expose low-level clues including a base64-encoded message `U0hBRE9Xf0JBU0VMTElORV9FTUlMRU9SRV9URU1Q`. The player must decode this to continue. Additionally, reading `blacknet_config.sys` reveals image-like ASCII content mimicking PNG headers, indicating hidden steganographic data. A fake `decode_image` command reveals characters embedded in a pixel-art grid which, when combined with memory dumps and debugger output, reveal the full flag: SHADOW{BASELLINE\_EMILIORE\_TEMP}. Throughout the game, the terminal occasionally flickers or simulates a ghost user typing commands, adding to the immersion. The entire game is keyboard-only with mouse disabled, and the screen includes simulated glitches, corrupted text, and a fake RAM dump view. The challenge tests the player's knowledge of file hiding, XOR decoding, base64, fake debugger interaction, command-line forensics, and basic steganography, all within a convincingly disguised Pygame terminal.

Then:

Add system corruption that makes commands glitch as time progresses. Add visual effects and fake system crashes.

Finally:

Add tab completion, command history, contextual hints, and better error messages.

💡 Prompting Techniques That Worked

• Give context and goals, not just features
• Explain why the feature matters (e.g., urgency, realism, learning value)
• Ask for implementation options and rationale
• Build iteratively: core → corruption → polish

---

🧠 How Amazon Q Developer CLI Solved Key Challenges

🧵 1. Managing Game State

Amazon Q CLI generated a TerminalState class that tracked progress, system health, and file visibility:

class TerminalState:
    def __init__(self):
        self.investigation_progress = {
            'read_note': False,
            'found_hidden_files': False,
            'decoded_xor': False,
            'used_debugger': False,
            'extracted_memory': False,
            'decoded_image': False
        }
        self.corruption_level = 0
        self.hints_given = 0
        self.files = {...}

🎨 2. Real-Time Visual Corruption

It applied glitch effects probabilistically so gameplay remained smooth:

def apply_corruption(self, text):
    if not text or random.random() < 0.3:
        return text
    effects = [...]
    return random.choice(effects)(text)

🧰 3. Realistic Command Simulation

It created GDB-style debugger output to teach real forensics flow:

def cmd_debug(self, args):
    self.add_line("Loading GNU gdb (BlackDOS) 8.1...")
    self.add_line("Reading symbols from shadow_engine.bin...")
    self.add_line("Available commands: dump mem, break, run, read")

---

⏰ Game Systems & Mechanics

🗂️ Filesystem & Terminal UI

Players interact using ls, cat, debug, strings, history, decode, etc.

Files include:

• note.txt
• .hidden_log
• blacknet_config.sys
• shadow_engine.bin

Using ls -a reveals hidden files, and viewing history uncovers a corrupted command line that must be XOR-decoded.

🔍 Memory Dump Example

Inside debug mode:

dump mem 0x0030:0x0048

Sample output:

0x0030: 53 48 41 44 4f 57 7b 42   |SHADOW{B|
0x0038: 41 53 45 4c 4c 49 4e 45   |ASELINE|
0x0040: 5f 45 4d 49 4c 49 4f 52   |_EMILIOR|
0x0048: 45 5f 54 45 4d 50 7d 00   |E_TEMP}|

🧠 Adaptive Hint System

Hints are based on your investigation progress:

def cmd_hint(self):
    if not progress['read_note']:
        hint = "Start with: cat note.txt"
    elif not progress['found_hidden_files']:
        hint = "Try: ls -a"

🛠️ System Corruption

The game gets harder as time runs out:

def update_corruption_level(self):
    elapsed = time.time() - self.start_time
    level = min(5, int((elapsed - 600) / 120))
    self.corruption_level = level

Stages:

1. Normal
2. Minor glitches
3. Terminal flickers and delays
4. Command failures
5. System crashes

🧭 Tab Completion & Command History

You can press Tab to autocomplete commands and filenames, just like a real terminal:

def get_completions(self, partial):
    # Suggest commands or file names

---

⚙️ Time-Saving Features Built by Amazon Q Developer CLI

• ✅ Testing scripts to validate syntax and dependencies
• 🔧 Helpful error handling with try-except blocks
• 📄 Auto-generated README and in-game command help
• 🧠 Smart command dispatcher using getattr()
• 📁 Fake forensic files built into the narrative

---

🎯 What Players Learn

Technical Skills

• Linux terminal navigation
• XOR and Base64 decoding
• Binary memory analysis
• GDB-style debugging
• File system investigation

Soft Skills

• Working under pressure
• Pattern recognition
• Logical investigation
• Digital patience

---

📊 Dev Metrics

• Total time: 8 hours
• Lines of code: ~1,200
• Amazon Q Developer CLI generated ~70%
• Manual polish: ~30%
• Time saved: 15–20 hours

---

🧪 Future Features

• Multiplayer cooperative mode
• Procedurally generated evidence
• Network and registry forensics
• Scoring system for competitions
• In-game certifications and achievements

---

🎉 Final Thoughts

BlackDOS Terminal is more than a game — it's an immersive learning experience powered by Amazon Q Developer CLI.

With the right prompts and a clear educational goal, I was able to:

• Build realistic systems quickly
• Automate boilerplate tasks
• Keep the game engaging and informative

Want to try it?

Run python shadow_terminal.py and see if you can extract the flag before the system collapses.

If you're building developer tools, simulations, or training platforms, consider using Amazon Q Developer CLI as your secret weapon.

Happy hacking! 🔍💻🧠