On the last day of DEF CON, I talked to some charity hackers, checked out the lockpicking village, and learned how insecure my router is in the wireless village.
Hackers for Charity
Hackers for Charity helps link charities and hacker volunteers to provide services that they could not normally afford. They act as a type of matchmaking program, linking people with specific skills to charities in need. It also provides hacker-types with opportunities to hone their skills and build their resumes. You can find out how to sign up as a volunteer, charity, or donor here.
[Sam] from Hackers for Charity showed me his project: the School in a Box. It’s a Pelican case stuffed with a Raspberry Pi, LiPo battery, solar charge controller, and power mode controller. The RPi has a WiFi card and runs as an access point, allowing students to connect. It then serves up a wealth of content that would not normally be available in areas with limited internet connectivity. This includes Khan Academy videos, Project Gutenberg books, a subset of Wikipedia, and much more. The project is going out into the field in the next couple of months.
Lockpicking Village
The lockpicking village was a packed this year, with The Open Organization Of Lockpickers (TOOOL) running training every hour and providing practice locks to pick. TOOOL publishes their slides for the village on their website, and they’re a great resource if you’re interested in learning the basics of lockpicking.
Wireless Village
The wireless village was home of the Wireless Pentathlon. This competition had participants working through a variety of WiFi challenges. There was a range challenge, a WPA cracking challenge, and finally some general attacks on a WiFi network.
This village ran its own track of talks on all types of wireless topics. One that stood out for me was on vulnerabilities in Small Office / Home Office (SOHO) network devices by ISE. The talk showed that there are cross site request forgery, directory traversal, command injection, and buffer overflow exploits for just about every consumer grade WiFi router out there, including the one I have at home (no, I’m not telling you which one it is). The talk went over the process of scanning ports with Nmap, identifying services with netcat, and building exploits. An explanation of one exploit for TP-Link routers that was demoed is available here.
Goodbye DEF CON
The closing ceremonies marked the end of the conference. The organizers announced that the con had raised a total of nearly $100,000 for the Electronic Frontier Foundation, and there was much rejoicing.
The con was a great time, and I’d like to thank all the Speakers, Goons, and Humans that made the past couple of days a blast. We’ll be following up on some of the stories from the con, and hopefully be providing more con coverage in the future.
Jeez another year I missed it. I really want to go back!
Welp…Thanks for the err coverage…..ya did good kid. lol!
Any contact info for someone working on School in a Box? It’s very similar to my LibraryBox project (http://librarybox.us) and I’d love to compare notes…
The wireless village buffer overflow demo never took place :-P the router was already pwnt by the time the demo took place. Actually, I upgraded the firmware on the router to DD-WRT because I didn’t want it to get pwnt by someone else.
Sorry to presenter :-\ wasn’t meant to break demo. Also, if you didn’t factory reset, router pw = defcon21
Now that makes sense. I didn’t realize the WiFi was open on the ASUS…That exploit is VERY reliable and I was baffled when it didn’t work in the Wireless Village. At least some people saw it during the Wall of Sheep SOHO talk! Live and learn I guess!!!
I will be posting a video of the ASUS RT-AC66U ACSD exploit soon for those who are interested.
It will be added to http://infosec42.blogspot.com/2013/07/exploit-asus-rt-ac66u-remote-root.html by the end of the weekend.