UPDATE:

For those people that missed the friday night the code and slides are here:

Slides: https://www.andrewmohawk.com/Badger Badger Badger.pptx
Code: https://github.com/AndrewMohawk/zaconv/

 

MAGICELECTRONICBADGES

Ever since I first saw something Joe Grand, Adam Laurie or the Ninja networks team built I have loved the idea of having hackable electronics. So much that every year before ZaCon I foam at the mouth, put on my prettiest big boy pants and get out my Arduino in a vain attempt to make an electronic badge.

…However every year all I end up with is a terrible video and a realization that electronics are not that cheap. Additionally I also find I have little to no knowledge on how to take anything off the Arduino dev board. This year however I finally built a badge. Its the first PCB I’ve ever made and its not on an Arduino dev board! I am generally surprised they boot up! The badges this year will look as follows:

zacon-v-badge-small

Overview:

Down to the nitty gritty I guess. The badges consist of the following:

* ATMEGA328 (aka, the chip in your Arduino) – in an IC socket
* 433Mhz RF receiver (yes, the same as cars/garages)
* 433Mhz RF transmitter
* Nokia 5110 LCD
* RGB LED
* ICSP headers
* 4x Push buttons

The badges work on the principle of hybrid-mesh-stuxnet-SCADA-badbios-in-the-cloud communication… no but really this is how it works:

1. Each badge has a particular number (organised by status)
2. At a random interval it will transmit its badge number
3. While NOT transmitting badges will ‘listen’ for any other message data
4. If message data is decoded to one of a few types the LED will flash (this may change depending on battery life). Primary types are relationships and badge number transmissions
5. If a badge ‘hears’ another badges number it means it must be close enough for you to be talking and adds it to your ‘friends’ list (EEPROM)
6. When a badge transmits its number it ALSO transmits 1 of the last 5 ‘friends’ that it has seen (a relationship)
7. If a badge ‘hears’ a relationship message it stores it in a 5 relationship wide array
8. When a badge transmits its number and a friends (see 6) it has it will ALSO transmit 1 of the last 5 relationships it has ‘heard’

What this basically means is that if Luke and Annie are talking in the corner too far away from a receiver, but Leia is standing in between them and the receiver. Leia’s badge can tell the receiver that Luke and Annie are talking :)

Hackability:

badgeSide1 badgeSide2

The badges should be relatively easy to hack and hopefully will be a nice opening for people who want to start. As the badges are based on the Arduino you can literally pull out the chip from the back of the badge, plug it into your Arduino and upload code to it. For those who want to get wirey, you can simply connect your Arduino directly up to the ICSP headers and upload your code to the badge.

ICSP pins are as follows (looking at the front of the badge – with the screen – and the ICSP pins on the right) from top to bottom:

1. Digital 12 ( MISO )
2. 5v
3. Digital 13 ( SCK )
4. GND
5. RST
6. Digital 11 ( MOSI )

Additionally at the top of the board there are also the digital pins 0,1,2 that can be used for doing anything arduino-y. The LCD uses digital pins 8,9,10,11,12. RF TX uses digital pin 7 and RF RX uses digital pin 6. The buttons use A1,A2,A3,A4. Digital Pins 3,4,5 are all used for the RGB LED. And thats the lot of them. Of course you can simply use these for other things, just remember what they are connected to.

Moneyshot:

Here is the very first speaker badge:

Speaker Badge 0001

Speaker Badge 0001

Video:

Here is a REALLY short video of 5 black badges ‘talking’ to each other (blue LEDs indicate messages received).

Release

Their arent enough badges for everyone, naturally speakers get for adding research and putting in the time and effort required for a great talk. Everyone one else should sign up to the mailing list as we will be announcing how you can get a badge (hint: http://zacon.org.za/mail.html).

There are 40 attendee badges and 20 build-your-own-boards for people who want to go the extra mile and solder their badge together (The badges are simple enough that even a first time solderererer should be able to do it! – and we will be there to help)

The badge talk will be on the Friday night before ZaCon (aka ZaCon Nights), so if you are interested in them keep the friday open!

Thanks

Honestly I can’t thank the people that supported this project enough, from giving money so we can have badges to suggestions and ideas. Special shouts go to Jameel Haffejee (@RC1140) and Roelof Temmingh!

(ASCII FLAMES HERE)
-AM

It has been absolutely ages since I have written a blog post – genuinely I really havent simply been slacking off, i’ve just been busy! Anyway, figured it was time to do a writeup on some stuff I have been working on. (Please note this is almost the exact same post from the Paterva blog).

Predominately I want to show you some of the work we had to do for Blackhat 2013 – my first BH talk ever! My section of the work was what we ended up calling ‘KingPhisher’ as well as the multi-threaded Python script to crawl websites for some parts of ‘Teeth’ (Roelof’s offensive Maltego transforms).

<TL;DR>
Video: [http://www.youtube.com/watch?v=QS5zgFKzLhs&feature=c4-overview&list=UUThOLpqhLFFQN0nStdkyGLg]
Download: [http://www.paterva.com/BlackhatUSA2013/]
</TL;DR>

A common Paterva office treat is that if you make a mistake or if the other person can catch you out at anything you have to make tea (the amount of times I make tea is inversely proportional to how long I have been at Paterva!). This included phishing. Many years ago we would try trick each other into clicking on links. Most security people will agree with us when we say that if you have enough context on a person you can craft an email and include a link on which they *will* click. Additionally we have used Maltego to gain context on people for a while, specifically using social networks (including transforms provided commercially via the SocialNet package). We also accept that there are certain types of mail we seldomly check (in terms of headers/other), we have been semi-programmed by automatic spam filtering and anti-virus to notify us if something is bad. Bottom line — we don’t inspect every link on every mail and we doubt if you do too.

So with this in mind we decided to integrate the two sides – 1) targeted phishing attacks and 2) information gathering in Maltego.

Read more »

I really should have written this after ZaCon (november last year), but I’m lazy. However I have been asked to give a brief overview of the same talk at ITWeb this year so I figure I may as well finish this article and get it out :P

Candy:

Write-up:

So in the first blog post I discussed the basics of Magnetic stripes and how the tech works. I like it because its fundamentally simple (perhaps like myself ;).

This entry is going to cover spoofing, from building a spoofer to having something read the entries. Ideally you want to have a magreader at this stage, either one of the nifty USB ones that act as an HID device or one that you built that can read the tracks you are interested in. Below is a cheap TTL reader I got (cost about R150, thats ~$20):

 

This is really just so that you can “listen” to what your spoofer can generate. Magnetic stripe spoofers have been done all over the place, so please don’t think I did this, you can see some great examples HERE and HERE. Essentially however the system is dead simple, you have the ‘sound’ that you wish to play (as discussed previously), an amplifier that can crank up the volume to the level that its going to get picked up and an electromagnet (it sounds fancy, its  just wire coiled around a piece of metal – more later).

Read more »

Its taken a lot of motivation to start writing this, and I hope its okay, I have a mental block that I need to write this and the second post about magstripes before moving on to some new things with my plants I want to try.

Eye Candy:

My friend Roelof Temmingh (@Roeloftemmingh) made this cool video for my talk, check it out below or at http://vimeo.com/51228567.  Please note we had permission to test out the door at Senseposts’ old office :)

 

Mission Plausible from RT on Vimeo.

:)

Read more »

Hi Guys,

I see I haven’t update this blog in ages, I’d love to say I didn’t have enough time, but it was mostly just me being.. well lazy.

Zacon IV was on the 27th of October ( http://www.zacon.org.za/about.html ) and was really great, had a super time and met some great people. My talk covered a bunch of the stuff I did on the blog and essentially these sections:

* Lockpicking (briefly)
* Magstripes (reading + spoofing)
* RTLSDR (listening to guards)
* RFID (proxmark – bypassing LF EM4x door locks)
* RFCat (spoofing remotes)

It went relatively well apart from a few small demo problems (such as not being able to spoof a magnetic stripe – turned the volume down by mistake when I tried to show it! *doh*). The video of the talk can be seen here:

ZaCon4 – Andrew MacPherson – 88MPH Digital tricks to bypass Physical security from ZaCon on Vimeo.

Read more »