For day two of DEF CON, I checked out tamper evident devices, the contests area, and a few embedded talks. Read all about it after the break.
Tamper Evident Village
This year was the first run of the Tamper Evident Village. The village has a variety of tamper evident devices, including tapes, stickers, and seals. Volunteers provided tools, solvents, and instructions on how to bypass the various devices without setting them off.
The tamper evident challenge had teams trying to open a box secured with a variety of tamper-evident devices, then reassemble it. The judges evaluated the boxes on how well the security devices had been bypassed.
In the contests room, companies and volunteers ran all sorts of contests for people with various skills. The scavenger hunt list ranged from getting a mohawk to obtaining an aircraft exit slide. Gamers teamed up with hackers in Hack Fortress, a game where Team Fortress players get bonuses when the hackers on their team complete hacking challenges. Crash and Compile is a coding-drinking game, where competitors try to solve a programming problem and have to drink every time their code crashes.
[Todd Manning] and [Zach Lanier] presented their GoPro hacking in a talk called “GoPro or GTFO”. They managed to get a root shell on the camera and found that all of the services run as root. They also showed that the device could be used for surveillance proposes. They will be publishing source and information on their exploits on Github.
[Joe Grand] gave a talk on his new device: the JTAGulator. This open source hardware project helps with the automated discovery of debug interfaces. Target voltage selection and input protection is built in to prevent you from frying your target board. Right now, it can find JTAG and UART interfaces across 24 unknown channels. [Joe] demoed the device by discovering the UART and JTAG ports on a WRT54G wireless router.
DEF CON 21 wraps up tomorrow, and I’ll be sharing more cool stuff from the conference.