Last weekend saw the announcement of ProxyHam, a device that anonymizes Internet activity by jumping on WiFi from public libraries and cafes over a 900MHz radio link. The project mysteriously disappeared and was stricken from the DEFCON schedule. No one knows why, but we spent some time speculating on that and on what hardware was actually used in the undisclosed build.
[Samy Kamkar] has just improved on the ProxyHam concept with ProxyGambit, a device that decouples your location from your IP address. But [Samy]’s build isn’t limited to ProxyHam’s claimed two-mile range. ProxyGambit can work anywhere on the planet over a 2G connection, or up to 10km (6 miles) away through a line-of-sight point to point wireless link.
The more GSM version of ProxyGambit uses two Adafruit FONA GSM breakout boards, two Arduinos, and two Raspberry Pis. The FONA board produces an outbound TCP connection over 2G. The Arduino serves as a serial connection over a reverse TCP tunnel and connects directly to the UART of a Raspberry Pi. The Pi is simply a network bridge at either end of the connection. By reverse tunneling a TCP connection through the ‘throwaway’ part of the build, [Samy] can get an Internet connection anywhere that has 2G service.
Although it’s just a proof of concept and should not be used by anyone who actually needs anonymity, the ProxyGambit does have a few advantages over the ProxyHam. It’s usable just about everywhere on the planet, and not just within two miles of the public WiFi access point. The source for ProxyGambit is also available, something that will never be said of the ProxyHam.
A few days ago, [Ben Caudill] of Rhino Security was scheduled to give a talk at DEFCON. His project, ProxyHam, is designed for those seeking complete anonymity online. Because IP addresses can be tied to physical locations, any online activities can be tracked by oppressive regimes and three letter government agencies. Sometimes, this means doors are breached, and “seditious” journalists and activists are taken into custody.
With the ProxyHam, the link between IP addresses and physical locations is severed. ProxyHam uses a 900MHz radio link to bridge a WiFi network over miles. By hiding a ProxyHam base station in a space with public WiFi, anyone can have complete anonymity online; if the government comes to take you down, they’ll first have to stop at the local library, Starbucks, or wherever else has free WiFi.
[Ben Caudill] will not be giving a talk at DEFCON. It wasn’t the choice of DEFCON organizers to cancel the talk, and it wasn’t his employers – [Ben] founded and is principal consultant at Rhino Security. The talk has been killed, and no one knows why. Speculation ranges from National Security Letters to government gag orders to a far more pedestrian explanations like, “it doesn’t work as well as intended.” Nevertheless, the details of why the ProxyHam talk was cancelled will never be known. That doesn’t mean this knowledge is lost – you can build a ProxyHam with equipment purchased from Amazon, Newegg, or any one of a number of online retailers.
In times of crisis, or extreme government control, it can be difficult to spread critical information to people who can help. A good example of this was during the Arab Spring in 2011. When your Internet connection is taken away, it can feel as though all is lost. Unless you have a ham radio, that is.
For many people the thought of ham radio conjures up images of old guys twisting knobs listening to static, but it’s actually come a long way in our modern digital age. For example, you can now send tweets via ham radio. This project was actually started in 2011 by [Bruce Sutherland]. The Egyptian government had shut down the country’s Internet access after citizens were posting information about the extreme violence they were facing. [Bruce] wanted a way to help others get the word out, and he came up with HamRadioTweets. This system allows a user to send tweets via ham radio.
The system actually piggybacks off of a ham radio service called APRS. This service is most often associated with GPS tracking systems, such as those found in nearspace balloons, but it can also be used to send simple text messages over the air. APRS works thanks to the vast network of receiving stations setup all around the world. These stations can receive messages and then re-transmit them, greatly extending the reach of the original transmitter. Some of them are even hooked up to the Internet to get the messages to go distances that would be extremely difficult and unreliable by traditional means.
[Bruce’s] system hooked into the Internet component and watched for messages being sent specifically to “TWITR”. The Python based system would then read these messages and re-transmit them over Twitter. The project died out a while back after Twitter updated their API. Now, it’s been rebuilt on Ruby by [Harold Giddings]. The project website was handed over to [Harold] and he is currently maintaining it. Hopefully you’ll never need to use this software, but if the time comes you will be glad it’s available. You can watch [Harold] bounce an APRS message off of the International Space Station and on to Twitter in the video below. Continue reading “HamRadioTweets Gets the Word Out”→
The DEFCON badge this year was an impressive piece of hardware, complete with mind-bending puzzles, cap sense buttons, LEDs, and of course a Parallax Propeller. [mike] thought a chip as cool as the Propeller should be put to better use than just sitting around until next year so he turned it into a Bitcoin miner, netting him an astonishing 40 hashes per second.
Mining Bitcoins on hardware that doesn’t have much processing power to begin with (at least compared to the FPGAs and ASIC miners commonly used) meant [mike] would have to find some interesting ways to compute the SHA256 hashes that mining requires. He turned to RetroMiner, the Bitcoin miner made for an original Nintendo. Like the NES miner, [mike] is offloading the communication with the Bitcoin network to a host computer, but all of the actual math is handled by a single core on the Propeller.
Saving one core for communication with the host computer, a DEFCON badge could conceivably manage 280 hashes/second, meaning the processing power of all the badges made for DEFCON is about equal to a seven-year-old graphics card.
[Ryan] a.k.a. [1o57] comes from an age before anyone could ask a question, pull out their smartphone, and instantly receive an answer from the great Google mind. He thinks there’s something we have lost with our new portable cybernetic brains – the opportunity to ask a question, think about it, review what we already know, and reason out a solution. There’s a lot to be said about solving a problem all by yourself, and there’s nothing to compare to the ‘ah-ha’ moment that comes with it.
[1o57] started his Mystery Challenges at DEFCON purely by accident; he had won the TCP/IP embedded device competition one year, and the next year was looking to claim his title again. The head of the TCP/IP embedded competition had resigned from his role, and through a few emails, [1o57] took on the role himself. There was a miscommunication, though, and [1o57] was scheduled to run the TCP/IP drinking competition. This eventually morphed into a not-totally-official ‘Mystery Challenge’ that caught fire in email threads and IRC channels. Everyone wanted to beat the mystery challenge, and it was up to [1o57] to pull something out of his bag of tricks.
The first Mystery Challenge was a mechanical device with three locks ready to be picked (one was already unlocked), magnets to grab ferrous picks, and only slightly bomb-like in appearance. The next few years featured similar devices with more locks, better puzzles, and were heavy enough to make a few security officials believe [1o57] was going to blow up the Hoover dam.
With a few years of practice, [1o57] is turning crypto puzzles into an art. His DEFCON 22 badge had different lanyards that needed to be arranged to spell out a code. To solve the puzzle, you’ll need to talk to other people, a great way to meet one of [1o57]’s goals of getting all the natural introverts working together.
Oh. This talk has its own crypto challenge, something [1o57] just can’t get out of his blood:
So far nobody has solved the @hackaday 10 year anniversary in-talk-mini-crypto-puzzle-of-doom…("it's only a model")
DEFCON is known for its unique badge designs, which have featured displays, radios, and tons of LEDs in the past. This year, there was another digital badge at DEFCON. The Queercon 11 badge featured an MSP430, a LED display, an IR interface, and an ISM band radio.
Queercon started off as a DEFCON party for LGBT hackers. Over the past eleven years they’ve run events at DEFCON including parties, mixers, and networking events. Over time the group has grown, become a non-profit, and provided a social network for LGBT people in tech. We must admit that they throw quite a good pool party.
This badge gave you points for meeting other people. When held near another QC11 badge, the IR link sends the identifier for each person. Both badges light up and display the other person’s name, and store the event. This process became known by a variety of colloquialisms, and “badginal intercourse” was a common occurrence at events.
The RF radio, implemented using a HopeRF RF69 module, shows how many people with QC11 badges are near you. A base station at events sends out data to give badges points for attendance. As points are accumulated, the rainbow LEDs on either side of the display light up.
At Queercon parties, a reader connected to a dumb terminal read data off the badges. It then shows who the badge has paired with, and what events its been to.
The hardware design and source code have all been released on the Queercon website. The full functionality is discussed in the README.
You probably remember that for DEFCON I built a hat that was turned into a game. In addition to scrolling messages on an LED marquee there was a WiFi router hidden inside the hat. Get on the AP, load any webpage, and you would be confronted with a scoreboard, as well as a list of usernames and their accompanying password hashes. Crack a hash and you can put yourself on the scoreboard as well as push custom messages to the hat itself.
Choosing the complexity of these password hashes was quite a challenge. How do you make them hackable without being so simple that they would be immediately cracked? I suppose I did okay with this because one hacker (who prefers not to be named) caught me literally on my way out of the conference for the last time. He had snagged the hashes earlier in the weekend and worked feverishly to crack the code. More details on the process are available after the jump.