DEF CON: The Proxy for ProxyHam

Two weeks ago, news broke of an incredible abuse of power from the National Security Agency. A DEF CON talk was cancelled, and speculation raged that information was not free. This was the ProxyHam, a device that puts you miles away from any agency hunting down your IP address.

Of course, as with just about every DEF CON talk picked up by the press, ProxyHam is an ill-conceived, terrible idea. You can replicate it with parts bought from newegg, and despite using a highly directional antenna the FCC – or any other government agency – can still track you down.

In lieu of a talk on using off-the-shelf networking hardware in the way it was intended, [Dave Maynor] and [Robert Graham] of Errata Security gave a talk at DEF CON that is the proxy to the ProxyHam. They completely debunked the outrageous speculation surrounding the cancellation of the DEF CON talk and managed to introduce a new version of Internet over radio that is actually useful for the security-minded individual.

The ‘debunking’ part of the Errata Security talk was exactly what anyone would expect; the talk was probably cancelled because the creator of ProxyHam exceeded radiated power limits, the FCC caught him, or simply because of ‘advice from counsel’. No big deal; someone was doing something illegal – encryption over ISM bands – and the things you would expect to happen in fact happened.

In the last two weeks, the guys replicated the ProxyHam build, but found a few major shortcomings. Even with a highly directional antenna, interested parties could still track you down. This led the guys at Errata Security to make this system better. They managed to do it in two weeks.

The Errata Security relies on JT65A – a radio mode made for very weak signals – to hide signals underneath the noise floor. By multiplexing data across multiple channels, this system has about the same bandwidth as a 56kbps modem from 1999. It’s not much, but it is possible to use this proxy for ProxyHam over 20 miles away from where you’re stealing WiFi from. That’s far better than ProxyHam could ever manage, and all the transmissions stay below the noise floor. The FCC and similarly equipped agencies might be able to find you, but no one with a $20 SDR dongle will.

There are no releases yet, but Errata Security plan to make the software that allows this multiplex transmissions available soon, and hope to have a Raspberry Pi-based hardware solution for this technique coming shortly. It’s a radio proxy solution that’s actually somewhat secure, and won’t immediately draw the ire of the FCC.

DEF CON Uber Badge so Hot It’s Radioactive

I went to the Opening Ceremonies of DEF CON 23 this morning to get more information on the badge challenge and I was not disappointed. The talk covered the Uber badge, which is hot in a literally radioactive sense. This badge, which is also known as the black badge, is reserved for people who are first to solve one of the official DEF CON challenges. It grants lifetime free admission and opens just about any door when listed on your resume.

Lichtenberg Figures

The triangle of acrylic itself is adorned with Lichtenberg Figures. This is a bolt of lightning on the badge. By building up extremely high voltages, the discharge leaves a unique pattern. In this case it was a 5 million volt, 150 kW particle accelerator that made the figures.

There is a medallion affixed to this triangular base-plate which is obviously part of the puzzle everyone is trying to solve this weekend. What is less clear is how the radioactive isotopes of this badge play into this challenge.

Whoa, oh, oh, oh, I’m Radioactive, Radioactive

Trinitie Photo by Shaddack -  CC BY 3.0
Trinitie Photo by Shaddack – CC BY 3.0

[LoST] took inspiration from [Richard Feynman] to a new level with this badge. [Feynman] was involved with “The Gadget” experiment which I know better as Trinity, the first detonation of a nuclear weapon. This badge contains isotopes from that detonation.

Trinitite (get it, from the Trinity explosion?) is a green glassy substance generated from a Plutonium-based bomb explosion. [LoST] made a point of explaining that the samples of Trinitite in this badge create a unique radioactive signature that not only traces back to this explosion, but actually indicates a precise distance form the epicenter of the explosion.

Also embedded in the badge are glass spheres doped with 3% Uranium 238. Tritium, used in exit signs, is a third source of radioactivity on the badge. This is joined by another marker that is a combination of Uraninite, Pitchblende, Carnotite, Gummit, and Yellowcake.

Interesting story, Tritium is highly regulated in this country but it is hypothetically possible to import it from Europe by a seller who ships it sealed inside packets of coffee. Hypothetically.

The opening ceremonies talk concluded with some inspirational remarks from [Dark Tangent]. Pictures of that as well as a few of [L0ST’s] slides are found below. If you’re working on the badge challenge, join in on the collaborative Badge deciphering we’ve started on If you’re at DEF CON, make sure to show up for breakfast with us on Sunday.

Continue reading “DEF CON Uber Badge so Hot It’s Radioactive”

Help Decipher the DEFCON Badge

The 23rd DEFCON — the Western Hemisphere’s largest hacker conference — doesn’t start until tomorrow but Thursday has become the de facto start for regulars. [Brian] and I rolled into town this afternoon and are working on gathering as much information as possible about the badge challenge.

This year the badge is a 7″ vinyl record. Traditionally the badge alternates years of electronic badges and ones that aren’t. Spend your weekend pulling your hair our trying to solve the puzzles. Check out all the pictures and information (updated as we gather it) and work together collaboratively for a solution by requesting to join the crew on the Badge Hacking page.

Hackaday Breakfast on Sunday

Iocn of Coffee CupIf you’re in town Sunday morning, come nurse your hangover with [Brian], [Eric], and me. We’re headed to Va Bene Caffè at 10:30am on 8/9/15. It’s just across the street in the Cosmopolitan. Request to join this event and I’ll send you a reminder so you don’t forget. You can also hit me up on Twitter for a reminder. See you then (and don’t forget to bring hardware to show off if you have some!).

PS- The Hackaday WiFi Hat is in play. Anyone have the chops to hack it this year?

The Right Way to Do A Hacker Conference

DEFCON is huge. Last year attendance tipped at about 16k, and we’d wager this year will be even bigger. [Brian] and I will both be among those attending (more on that below) but I wanted to take this time to show you the right way to do a Hacker Conference.

Build Your Own Badge

We met a ton of people at DEFCON 22 last year, but the Whiskey Pirates made a lasting impression. I first ran across two of their crew walking the hallways of the con with this awesome badge. How can you not stop and strike up a conversation about that? Turns out this group of friends have been meeting up here for years. This year they went all out, designing one badge to rule them all. And like any good hacker project, they weren’t able to finish it before getting to the hotel.

Set Up Your Electronics Lab

So, you didn’t stuff your boards before leaving home? For the Whiskey Pirates this is not even remotely a problem. They just brought the electronics lab to their suite in the Rio Hotel.

On the bathroom vanity you find the binocular microscope which was good for troubleshooting an LED swap on the official conference badge. An entire cart with hot-air, multiple solder stations, oscilloscopes, and more was on hand. I populated the surface mount LEDs on the badge the crew gave to me. When I was having trouble seeing my work they called the front desk for an additional lamp. You should have seen the look on the bellhop’s face when he walked in!

A bit of marathon assembly and everyone from the Whiskey Pirates (plus me) had a working badge, demonstrated in the video below. But this isn’t where the fun stops.

Continue reading “The Right Way to Do A Hacker Conference”

ProxyGambit Better Than ProxyHam; Takes Coffee Shop WiFi Global

Last weekend saw the announcement of ProxyHam, a device that anonymizes Internet activity by jumping on WiFi from public libraries and cafes over a 900MHz radio link. The project mysteriously disappeared and was stricken from the DEFCON schedule. No one knows why, but we spent some time speculating on that and on what hardware was actually used in the undisclosed build.

[Samy Kamkar] has just improved on the ProxyHam concept with ProxyGambit, a device that decouples your location from your IP address. But [Samy]’s build isn’t limited to ProxyHam’s claimed two-mile range. ProxyGambit can work anywhere on the planet over a 2G connection, or up to 10km (6 miles) away through a line-of-sight point to point wireless link.

The more GSM version of ProxyGambit uses two Adafruit FONA GSM breakout boards, two Arduinos, and two Raspberry Pis. The FONA board produces an outbound TCP connection over 2G. The Arduino serves as a serial connection over a reverse TCP tunnel and connects directly to the UART of a Raspberry Pi. The Pi is simply a network bridge at either end of the connection. By reverse tunneling a TCP connection through the ‘throwaway’ part of the build, [Samy] can get an Internet connection anywhere that has 2G service.

Although it’s just a proof of concept and should not be used by anyone who actually needs anonymity, the ProxyGambit does have a few advantages over the ProxyHam. It’s usable just about everywhere on the planet, and not just within two miles of the public WiFi access point. The source for ProxyGambit is also available, something that will never be said of the ProxyHam.

How To Build A ProxyHam Despite A Cancelled DEFCON Talk

A few days ago, [Ben Caudill] of Rhino Security was scheduled to give a talk at DEFCON. His project, ProxyHam, is designed for those seeking complete anonymity online. Because IP addresses can be tied to physical locations, any online activities can be tracked by oppressive regimes and three letter government agencies. Sometimes, this means doors are breached, and “seditious” journalists and activists are taken into custody.

With the ProxyHam, the link between IP addresses and physical locations is severed. ProxyHam uses a 900MHz radio link to bridge a WiFi network over miles. By hiding a ProxyHam base station in a space with public WiFi, anyone can have complete anonymity online; if the government comes to take you down, they’ll first have to stop at the local library, Starbucks, or wherever else has free WiFi.

[Ben Caudill] will not be giving a talk at DEFCON. It wasn’t the choice of DEFCON organizers to cancel the talk, and it wasn’t his employers – [Ben] founded and is principal consultant at Rhino Security. The talk has been killed, and no one knows why. Speculation ranges from National Security Letters to government gag orders to a far more pedestrian explanations like, “it doesn’t work as well as intended.” Nevertheless, the details of why the ProxyHam talk was cancelled will never be known. That doesn’t mean this knowledge is lost – you can build a ProxyHam with equipment purchased from Amazon, Newegg, or any one of a number of online retailers.

Continue reading “How To Build A ProxyHam Despite A Cancelled DEFCON Talk”

HamRadioTweets Gets the Word Out

In times of crisis, or extreme government control, it can be difficult to spread critical information to people who can help. A good example of this was during the Arab Spring in 2011. When your Internet connection is taken away, it can feel as though all is lost. Unless you have a ham radio, that is.

For many people the thought of ham radio conjures up images of old guys twisting knobs listening to static, but it’s actually come a long way in our modern digital age. For example, you can now send tweets via ham radio. This project was actually started in 2011 by [Bruce Sutherland]. The Egyptian government had shut down the country’s Internet access after citizens were posting information about the extreme violence they were facing. [Bruce] wanted a way to help  others get the word out, and he came up with HamRadioTweets. This system allows a user to send tweets via ham radio.

The system actually piggybacks off of a ham radio service called APRS. This service is most often associated with GPS tracking systems, such as those found in nearspace balloons, but it can also be used to send simple text messages over the air. APRS works thanks to the vast network of receiving stations setup all around the world. These stations can receive messages and then re-transmit them, greatly extending the reach of the original transmitter. Some of them are even hooked up to the Internet to get the messages to go distances that would be extremely difficult and unreliable by traditional means.

[Bruce’s] system hooked into the Internet component and watched for messages being sent specifically to “TWITR”. The Python based system would then read these messages and re-transmit them over Twitter. The project died out a while back after Twitter updated their API. Now, it’s been rebuilt on Ruby by [Harold Giddings]. The project website was handed over to [Harold] and he is currently maintaining it. Hopefully you’ll never need to use this software, but if the time comes you will be glad it’s available. You can watch [Harold] bounce an APRS message off of the International Space Station and on to Twitter in the video below. Continue reading “HamRadioTweets Gets the Word Out”