At some time in the next 6 billion years I will complete the writeup for the badges about how they were put together. For now this is just how to get your badge working at home as well as how to unlock all the challenges now that BSides Cape Town is over.
For those of you that missed it here is a picture of em and a potatocam video of it:
As some of you may have noticed (and people have asked), your badges are simply not doing anything once you take them home. This is a quick writeup on how to get your badge going again as well as how to unlock all the challenges and their addons (pong / wifi scanner / etc).
First off, if you want to find out about the badges for now you can go to http://badge.bsidescapetown.co.za:8000/badge/about/ this will describe the screens / options as well as explain the game:
Why they dont start up at home
In case you missed the small segment we did at the end of the conference, the badges won’t start up again unless they can connect to a wifi network. You have three options for how to configure this:
Create a WiFi Network
The badges are looking for a WiFi network with and SSID of “Highway” and a password of “dangerzone” ( note those are CaSeSeNsiTiVe. If you create this network and reset your badge (there is a reset button on the back), it will simply work.
Connect via Serial to tell the badge what network to connect to
The badges initially will try connect to the default WiFi network, if that fails they will try reading from the EEPROM (non volatile memory) and if that fails they will drop to a prompt asking the user for their SSID and Password. To view this simply install the CH430 driver so your machine picks up the device. Then you can connect to it at a baud rate of 74880 (this is the baud of the ESP8266’s debug channel).
Personally I’m just using the Arduino application since it was easier to have it connect at the baud rate. Using it you should see the following screens and be able to input your SSID and Password:
In this case I used the SSID “ExampleNetwork” and password “ExamplePassword”, it connected and saved it to the EEPROM, for now on I can just wait for this badge to fail and if that network is available I will be connected.
Upload new firmware
If you don’t want to wait for it to timeout or run the Highway SSID you can also change the following line in the firmware and then re-upload it via esptool or Arduino
Unlocking all the extras
I have updated the page at http://badge.bsidescapetown.co.za:8000/badge/addhash/ that near the bottom you can simply put in your badge number and it will output a series of correct hashes that you can use to unlock all the challenges for your badge.
Keep it punk.
The ZaCon badges were a ton of work on the hardware side (see ZaCon V Badge [1/2]: Build Time), however they provided their own challenges on the software side as well.
Since my knowledge of chipsets only extended to the Arduino the badges are essentially a complete Arduino without the UBS->FTDI breakout. This means that each badge includes an Arduino bootloader which is _really_ nice if you are coming from an Arduino background or simply have an Arduino and want to play.
The idea behind the badges was that they would provide a means of tracking communication between individuals at the conference. Additionally I wanted this information transmitted to a central location so that it could be stored and visualised (yes yes, Maltego and all). Additionally because people would be moving around I needed to create a ‘mesh network’ of sorts so that anytime someone came into range of any other badges they would be automatically be part of the network. This blog entry is going to cover how the badges did this and the challenges faced, if you are not interested make like a heartbleed and go away.
Here is a video of a few of the black badges communicating to each and flashing for all the valid messages received:
I realise I should have done this entry a little sooner, but as everyone should be well aware of by now, I am lazy. Also I moved to Cape Town just after ZaCon V which proved rather time consuming! Please note this is gonna be a first of 2 big entries on them so if you don’t like reading, pull up now.
One of the highlights of the annual Las Vegas pilgrimage for me has always been the electronic badges, whether it’s for defcon, ninja networks or custom badges that people have built for their hackerspaces. I especially enjoy the ones that are a little more complex (more than just lights) and are hackable. I have always been in awe of security researchers such as Adam Laurie, Zak Franken, Michael Ossman, At1as and the other hardware hackers.
For ZaCon V ( www.zacon.org.za ) I built some electronic badges for the conference that are based on an Arduino framework (at least using an ATMega328 with an Arduino Bootloader) and communicate to each other via 433Mhz RF (the same that is used in remotes). The idea with the badges was to have a way to see who was interacting with whom and show it in a visual representation (Maltego — yes yes, man with a hammer etc). Additionally I needed the badges to be cheap as.. well… I am cheap :)
The badges took about 3 months to go from breadboard to finished and a large majority of that time was spent learning how electronics work (and don’t!). This however was not my first attempt at building badges, for the last 3 years I have built a design on a breadboard and then basically done nothing with it (apart from make a shakey cam video at 3am and suggest the idea).
A lot of the design actually came from me wondering around hobbyist electronic stores on the internet and coming across two really cool things namely, very cheap communication in the form of 433mhz RF chips and Nokia 5110 LCDs (also cheap :P ).
I ordered a few of the screens and RF kits and started tinkering- having a display connected to my Arduino brought all kinds of warm and fuzzy feelings. Next I started playing with the 433Mhz, originally thinking that the badges would only receive a simple message, something like who was currently speaking, from a PC near the stage. Roelof looked at it and suggested that this idea was boring and if I really wanted to do something cool I should make all the badges talk to each other. And so the tinkering began.
For those people that missed the friday night the code and slides are here:
Ever since I first saw something Joe Grand, Adam Laurie or the Ninja networks team built I have loved the idea of having hackable electronics. So much that every year before ZaCon I foam at the mouth, put on my prettiest big boy pants and get out my Arduino in a vain attempt to make an electronic badge.
…However every year all I end up with is a terrible video and a realization that electronics are not that cheap. Additionally I also find I have little to no knowledge on how to take anything off the Arduino dev board. This year however I finally built a badge. Its the first PCB I’ve ever made and its not on an Arduino dev board! I am generally surprised they boot up! The badges this year will look as follows:
Down to the nitty gritty I guess. The badges consist of the following:
* ATMEGA328 (aka, the chip in your Arduino) – in an IC socket
* 433Mhz RF receiver (yes, the same as cars/garages)
* 433Mhz RF transmitter
* Nokia 5110 LCD
* RGB LED
* ICSP headers
* 4x Push buttons
The badges work on the principle of hybrid-mesh-stuxnet-SCADA-badbios-in-the-cloud communication… no but really this is how it works:
1. Each badge has a particular number (organised by status)
2. At a random interval it will transmit its badge number
3. While NOT transmitting badges will ‘listen’ for any other message data
4. If message data is decoded to one of a few types the LED will flash (this may change depending on battery life). Primary types are relationships and badge number transmissions
5. If a badge ‘hears’ another badges number it means it must be close enough for you to be talking and adds it to your ‘friends’ list (EEPROM)
6. When a badge transmits its number it ALSO transmits 1 of the last 5 ‘friends’ that it has seen (a relationship)
7. If a badge ‘hears’ a relationship message it stores it in a 5 relationship wide array
8. When a badge transmits its number and a friends (see 6) it has it will ALSO transmit 1 of the last 5 relationships it has ‘heard’
What this basically means is that if Luke and Annie are talking in the corner too far away from a receiver, but Leia is standing in between them and the receiver. Leia’s badge can tell the receiver that Luke and Annie are talking :)
The badges should be relatively easy to hack and hopefully will be a nice opening for people who want to start. As the badges are based on the Arduino you can literally pull out the chip from the back of the badge, plug it into your Arduino and upload code to it. For those who want to get wirey, you can simply connect your Arduino directly up to the ICSP headers and upload your code to the badge.
ICSP pins are as follows (looking at the front of the badge – with the screen – and the ICSP pins on the right) from top to bottom:
1. Digital 12 ( MISO )
3. Digital 13 ( SCK )
6. Digital 11 ( MOSI )
Additionally at the top of the board there are also the digital pins 0,1,2 that can be used for doing anything arduino-y. The LCD uses digital pins 8,9,10,11,12. RF TX uses digital pin 7 and RF RX uses digital pin 6. The buttons use A1,A2,A3,A4. Digital Pins 3,4,5 are all used for the RGB LED. And thats the lot of them. Of course you can simply use these for other things, just remember what they are connected to.
Here is the very first speaker badge:
Here is a REALLY short video of 5 black badges ‘talking’ to each other (blue LEDs indicate messages received).
Their arent enough badges for everyone, naturally speakers get for adding research and putting in the time and effort required for a great talk. Everyone one else should sign up to the mailing list as we will be announcing how you can get a badge (hint: http://zacon.org.za/mail.html).
There are 40 attendee badges and 20 build-your-own-boards for people who want to go the extra mile and solder their badge together (The badges are simple enough that even a first time solderererer should be able to do it! – and we will be there to help)
The badge talk will be on the Friday night before ZaCon (aka ZaCon Nights), so if you are interested in them keep the friday open!
Honestly I can’t thank the people that supported this project enough, from giving money so we can have badges to suggestions and ideas. Special shouts go to Jameel Haffejee (@RC1140) and Roelof Temmingh!
(ASCII FLAMES HERE)
It has been absolutely ages since I have written a blog post – genuinely I really havent simply been slacking off, i’ve just been busy! Anyway, figured it was time to do a writeup on some stuff I have been working on. (Please note this is almost the exact same post from the Paterva blog).
Predominately I want to show you some of the work we had to do for Blackhat 2013 – my first BH talk ever! My section of the work was what we ended up calling ‘KingPhisher’ as well as the multi-threaded Python script to crawl websites for some parts of ‘Teeth’ (Roelof’s offensive Maltego transforms).
A common Paterva office treat is that if you make a mistake or if the other person can catch you out at anything you have to make tea (the amount of times I make tea is inversely proportional to how long I have been at Paterva!). This included phishing. Many years ago we would try trick each other into clicking on links. Most security people will agree with us when we say that if you have enough context on a person you can craft an email and include a link on which they *will* click. Additionally we have used Maltego to gain context on people for a while, specifically using social networks (including transforms provided commercially via the SocialNet package). We also accept that there are certain types of mail we seldomly check (in terms of headers/other), we have been semi-programmed by automatic spam filtering and anti-virus to notify us if something is bad. Bottom line — we don’t inspect every link on every mail and we doubt if you do too.
So with this in mind we decided to integrate the two sides – 1) targeted phishing attacks and 2) information gathering in Maltego.
- Remote jamming “detector” on the cheap
- BSides Badge Config
- HackFu 2016 Writeup
- Bypassing Rolling Code Systems
- Hacking fixed key remotes with (only) RFCat
Not the quickest of cats
on the best of days.
Magnetic Stripes (2)
- February 2017
- December 2016
- June 2016
- February 2016
- August 2015
- April 2014
- January 2014
- November 2013
- October 2013
- March 2013
- January 2013
- December 2012
- September 2012
- July 2012
- May 2012
- April 2012
- February 2012
- November 2011
- October 2011
- September 2011
- August 2011
- June 2011
- April 2011
- March 2011
- February 2011
- January 2011
- November 2010
- October 2010
- September 2010
- March 2010