Fear And Loathing At DEFCON 22

Nothing says “Welcome to Vegas” like a massive turbulence on a plane full of drunk people who, instead of holding on to their seats, frantically laugh and shout “we’re all going to die!” At 105 Fahrenheit outside, the heat was getting into everyone’s head. After a bumpy touchdown, the in-flight entertainment system rebooted, and a black terminal screen flashed onto everyone’s face:

RedBoot(tm) bootstrap and debug environment [RAM]
(MAS eFX) release, version ("540060-212" v "0.1.02") - built 12:00:35,
Nov 19 2004

Now, that was a beautiful sight – an IFE system that hadn’t been updated for almost a decade. For people who didn’t come here to participate in a big zero-sum game that is Vegas, this was a sign.

DEFCON was waiting for us right outside of that front cabin door.


It was Friday afternoon, and I was already late for the party. [Mike] and [Brian] had been on the ground for more than 24 hours and kept sending us messages on how awesome everything was. I was jealous and simply had to come. Our buddy [Chris Gammell] felt the same way and flew in all the way from Cleveland. The two of us met at Terminal 1 and hailed a taxi.

“You have to be careful at events like this,” [Chris] said as the driver lady was speeding through the desert. ” I heard that last year someone spoofed the cell tower and hijacked lots of passwords.” He offered me access to his OpenVPN instance somewhere in England as a way to protect myself.

“Sure,” I reasoned, “It’s fair to assume that all the traffic can be intercepted, but as long as you use SSL, you should be all right.” I felt good about the fact that only a couple of days ago, we had finally pushed HTTPS on Hackaday.io. Losing that one-password-to-rule-them-all would result in a world of pain for me.

“The real concern is keylogging,” I continued. “If someone was to capture your keystrokes, all that fancy transport-level security might not be of much help.” We pondered on this for a bit, and the driver finally pulled in front of the Palms lobby.

As she was opening the trunk, I saw her turn around and ask: “So how would you do keylogging on a voice-controlled smartphone?”

I guess everyone cares about computer security around here.


An hour later, we were standing on the floor of Palms, admiring the casino layout. A perfectly crafted maze, with no right angles, optimized to prevent the brain from making decisions, as [Chris] explained. Relatively new to Vegas, I found this fascinating. “So it’s like AB testing on the Web… but in real life?”

I guess once the whole “Internet of Things” goes mainstream, this is how the entire world is going to look — like a big fat Vegas casino.

Oh well, I better start getting used to it.

Before long, Hackaday’s finest have arrived. [Mike] was completely spaced out, with a blissful smile on his face, high on all the raving feedback his blinky hat got at the show that day.

[Brian] was in his usual mood.

“Bitcoin is broken,” that’s the first thing he said to me, “I met this guy, and there’s stuff…” His voice slowly faded out, and eyes began to wander in an indeterminate direction.

One thing to know about [Brian]; sometimes, he says crazy things, and when that happens, you don’t want to be the rational guy that tells him it’s not true. It would mean missing out on so much fun that goes inside that weird mind of his. And that night, I really wanted in.

“What happened? Something that would disincentivize the miners pehaps?” For entertainment sake, I assumed that, of course, there *is* a guy and that, Bitcoin *was* in fact “broken.” There’s proof, pictures I hear.

Sadly, he wasn’t in the mood and changed the subject. No apocalyptic visions for me this time.

Somewhere around 10PM we finally headed out to DEFCON central – Hotel Rio. We knew it was too late for us to pick up conference badges now, but figured out we’d still get in somehow.

First lesson you learn at DEFCON – knowing the right people helps. [Chris] called up his friend [dragorn] from KismetWireless, one of the nicest guys you’ll ever meet, and he pleaded for us in front of DEFCON’s puzzle master supreme – [LosT], aka [1o57]. Next thing you know, we were on the inside, sipping our drinks and talking shop with the hackers at the BlackPhone party.


“Have you heard about a guy walking around the floor all day today hacking Pineapples?” someone asked. The Hak5 guys have just released the Mark V version of their Pineapple WiFi network auditing tool at DEFCON, and everyone and their mother rushed to buy one. Completely sold out.

“Well, it turned out that there was a zero-day exploit in the latest firmware, and someone wanted to make a point by spending all day bricking these brand new devices that kept popping up on the network.”

I guess that lesson was worth $99.99 to all the proud new product owners out there. Pentest and be pentested. Fortunately, the Hak5 guys issued a firmware update that fixes this, so it was just a playful little annoyance altogether.

After a fantastic DJ set, the Blackphone party started to cool down, so we decided to move on. [Mike’s] blinky hat was a total attention grabber, and it quickly got us a lot of new friends in the DEFCON’s busy hallways. Finally, we ended up in the big hall where MC Frontalot was just finishing his show.

Not my thing, but I hear this “nerdcore” stuff is quite popular these days.

Then came something that only an 80’s kid can appreciate – Anamanaguchi, the chiptunes extravaganza. [Brian] started jumping all over the place, and it was infectious. Next thing you know, we were all doing it.

What better way to end your first night at a hacker conference than lamenting over a more elegant age, when 8 bits was enough and owning a computer still made you feel special.

Screen Shot 2014-08-21 at 2.21.39 AM

DEFCON waits for no one, hung over or not. Saturday is the busiest day, and we had to get up early if we were to hear some talks. Save all the sleeping for when we’re back home.

The first talk I went to had a title you simply couldn’t resist: “Hacking 911: Adventures in Disruption, Destruction, and Death.” Speakers gave a chilling inside view of 911’s archaic dispatch system and how easy it can be exploited to launch Swatting attacks and mischiefs alike. I always enjoy a good adversarial take on the world and was genuinely excited to hear what’s next.

However, for the next couple of hours, I simply couldn’t find a single talk I liked. Everything was either too trivial, self-promotional, or someone was trying to sell something.

I started to lose faith when I came into the Wireless Village where [Jared Boone] was giving a talk called “PortaPack: Is that a HackRF In your pocket?” and I loved it! It had everything – great product, things to learn about SDR, some old tricks for FPU approximation using integer arithmetics… It felt good. There are still talks worth listening to. (We did get the chance to interview [Jared] about the PortaPack)

As we were walking out of the room, we met [dragorn] again, and he seemed seriously bummed out.

“Some kid has been running around DEFCON saying he hacked the BlackPhone,” he said.

We had already seen it all over the news that morning. The real story, he told us, wasn’t as big of a deal as the media presented.

The guy claimed he found three security flaws: the first one was a vulnerability that has already been fixed in the latest firmware update, but his phone was still running an old version. The second one was an issue with core Android code and technically not a BlackPhone thing. The third one was just the ability to enable the Android Debug Bridge, which has been disabled by default. From what we can understand, this was left out as an actual “feature,” so also not really a bug.

Still, nobody cared to hear any of this. “Unhackable phone gets hacked at DEFCON” makes for a much better news story anyway, so it kept spreading all over the Interwebs.

It’s a shame, but it’s not like the BlackPhone expected applause from this crowd. After all, everyone needs their 15 minutes of fame.

[Brian] hacking on an SDR, [Mike] hacking on the conference badge, and [Eric Evenchick] talking to [Chris] and [Alek] (both out of frame)
We, on the other hand, couldn’t wait for [Mike’s] hat to be cracked, yet there were still no takers. Our biggest fear coming into DEFCON was that this little OpenWrt box sitting on top of [Mike’s] head would not survive for more than 10 minutes. Yet, there we were, two days in and still waiting. Most likely because not enough people cared, but also because the ones that did seemed to have been solving way too many of [LostBoY’s] puzzles and were overthinking the hat problem big time.

“I have indexed all the content on the Dune Wiki and am trying a dictionary attack against the hashes,” one of the guys said, assuming that usernames from Herbert’s masterpiece were somehow a clue.

“Just brute force it,” [Mike] had to give a hint, slightly embarrassed but happy that people were trying.


Later that day, we ended up in the Whiskey Pirates room. This one was #1031 in one of Rio’s towers, and it looked like everything you ever dreamed of as a teenager — a hotel room packed with weird looking people, arcade machines, phone booth and a big electronic microscope in the bathroom. Everyone was building something, sharing knowledge and simply being awesome. We’ll be giving this one it’s own post soon.

If this room were the only reason DEFCON existed, it would be totally worth it.

That night, The Orb played at the main stage, and the whole place had an irresistible school “reunion” feel to it.

I came to realize that, in a way, this is what DEFCON is all about – a big party, started 22 years ago, which has yet to end.

The next morning, [Mike’s] hat finally got hacked.


13 thoughts on “Fear And Loathing At DEFCON 22

  1. I actually enjoyed a lot of the talks, but missed some of the ones I wanted most because they were in the tiniest room…

    I was also at the Palms as well. I should have made more of an effort to find you guys.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.