You can imagine how stressful life is for high-power CEOs of billion-dollar companies in these trying times; one is tempted to shed a tear for them as they jet around the world and plan their next big move. But now someone has gone and upset the applecart by coming up with a way to track executive private jets as they travel across North America. This may sound trivial, but then you realize that hedge fund managers pay big money for the exact same data in order to get an idea of who is meeting with whom and possibly get an idea of upcoming mergers and acquisitions. It’s also not easy, as the elites go to great lengths to guard their privacy. Luckily, the OpenSky Network lists all ADS-B traffic its web of ground stations receives, unlike other flight monitoring sites which weed out “sensitive” traffic. Python programs scrape the OpenSky API and cross-reference plane registrations with the FAA database to see which company jets are doing what. There are plenty of trips to Aspen and Jackson Hole to filter out, but with everyone and his little brother fancying themselves a day trader lately, it’s another tool in the toolbox.
We got a nice note from Michelle Thompson this week thanking us for mentioning the GNU Radio Conference in last week’s Links article, and in particular for mentioning the virtual CTF challenge that they’re planning. It turns out that Michelle is deeply involved in designing the virtual CTF challenge, after having worked on the IRL challenges at previous conferences. She shared a few details of how the conference team made the decision to go forward with the virtual challenge, inspired in part by the success of the Hack-A-Sat qualifying rounds, which were also held remotely. It sounds like the GNU Radio CTF challenge will be pretty amazing, with IQ files being distributed to participants in lieu of actually setting up receivers. We wish Michelle and the other challenge coordinators the best of luck with the virtual con, and we really hope a Hackaday reader wins.
Amateur radio is often derided as a hobby, earning the epithet “Discord for Boomers” according to my son. There’s more than a grain of truth to that, but there are actually plenty of examples where a ham radio operator has been able to make a big difference in an emergency. Case in point is this story from the Western Massachusetts ARRL. Alden Jones (KC1JWR) was hiking along a section of the Appalachian Trail in southern Vermont last week when he suddenly got light-headed and collapsed. A passing hiker who happened to be an emergency medical technician rendered aid and attempt to contact 911 on his cell phone, but coverage was spotty and the dispatcher couldn’t hear him. So Alden, by this point feeling a little better, pulled out his handy talkie and made an emergency call to the local repeater. Luckily the Western Massachusetts Traffic Net was just about to start, so they went into emergency mode and coordinated the response. One of the hams even went to the rescue staging area and rigged up a quick antenna to improve the signal so that rescuers could finally get a helicopter to give Alden a ride to the hospital. He’s fine now, and hats off to everyone who pitched in on the eight-hour rescue effort.
And finally, there are obviously a lot of details to be worked out before anyone is going to set foot on the Moon again. We’ve got Top People™ working on all the big questions, of course, but apparently NASA needs a little help figuring out how and where the next men and first women on the Moon are going to do their business. The Lunar Loo Challenge seeks innovative designs for toilets that can be used in both microgravity and on the lunar surface. There is $35,000 in prize money for entrants in the Technical division; NASA is also accepting entries in a Junior division, which could prove to be highly entertaining.
Over the year or two since the SAO connector specification was published, otherwise known as the Shitty Addon, we’ve seen a huge variety of these daughter boards for our favourite electronic badges. Many of them are works of art, but there’s another subset that’s far less about show and more about clever functionality. [Uri Shaked]’s little SAO is rather unprepossessing to look at, being a small round PCB with only an ATtiny microcontroller, reset button, and solitary LED, but its interest lies not in its looks but its software. It contains a series of CTF puzzles within, and despite its apparent simplicity should contain enough to detain even the hardiest puzzle-solving hackers.
It’s a puzzle of three parts, at the simplest level merely flashing the LED is enough, while the next level involves retrieving a buried string from the firmware and the last requires replacing the string with one of your own. You are only allowed to do so through the SAO connector, but fortunately you do have the benefit of access to the source code to trawl for vulnerabilities. There is a hefty hint that the data sheet for the microcontroller might also be useful.
[Uri] has appeared many times on these pages, most recently when he added a microscope to his 3D printer.
Cyphercon is not particularly large, or in a glamorous part of the world — in fact most people who came in from out of town had to fight snow to make it. Yet when I stepped into the con last Thursday there was no doubt something awesome was in progress. People were camped out in small groups, working furiously on their computers, talks were packed with people who came alive in the Q&A, and everywhere you looked you found people deep in conversation with friends old and new. If you missed out on Cyphercon 4.0, you need to make an effort to be here for 5.0.
Join me after the break for the highlights of this two-day security conference nestled in the heart of Milwaukee.
Continue reading “What’s The Secret Of Cyphercon?”
A great place to get your feet wet with the data-network-wonderland that is modern-day automobiles is the Car Hacking Village at DEF CON. I stopped by on Saturday afternoon to see what it was all about and the place was packed. From Ducati motorcycles to junkyard instrument clusters, and from mobility scooters to autonomous RC test tracks, this feels like one of the most interactive villages in the whole con.
Continue reading “Car Hacking At DEF CON 26”
Nothing says friendship like a reverse engineering challenge on unknown terrain as a birthday present. When [Rikaard] turned 25 earlier this year, his friend [Veydh] put together a Capture the Flag challenge on an ESP8266 for him. As a software guy with no electronics background, [Rikaard] had no idea what he was presented with, but was eager to find out and to document his journey.
Left without guidance or instructions, [Rikaard] went on to learn more about the ESP8266, with the goal to dump its flash content, hoping to find some clues in it. Discovering the board is running NodeMCU and contains some compiled Lua files, he stepped foot in yet another unknown territory that led him down the Lua bytecode rabbit hole. After a detour describing his adjustments for the ESP’s eLua implementation to the decompiler he uses, his quest to capture the flag began for real.
While this wasn’t [Rikaard]’s first reverse engineering challenge, it was his first in an completely unknown environment outside his comfort zone — the endurance he demonstrated is admirable. There is of course still a long way down the road before one opens up chips or counts transistors in a slightly more complex system.
[q3k] got tipped off to a very cool problem in the ongoing Pwn2Win capture-the-flag, and he blew it out of the water by decoding the metal interconnect layers that encode a password in a VLSI IC. And not one to rent someone else’s netlist extraction code, he did it by writing his own.
The problem in the Pwn2Win CTF came in the form of the design files for a hypothetical rocket launch code. The custom IC takes an ASCII string as input, and flips a pin high if it matches. Probably the simplest way to do this in logic is to implement a shift register that’s long enough for the code string’s bits, and then hard-wire some combinatorial logic that only reads true when all of the individual bits are correct.
(No, you don’t want to implement a password-checker this way — it means that you could simply brute-force the password far too easily — but such implementations have been seen in the wild.)
Anyway, back to our story. After reversing the netlist, [q3k] located 320 flip-flops in a chain, suggesting a 40-byte ASCII code string. Working backward in the circuit from the “unlocked” pin to the flip-flops, he found a network of NOR and NAND gates, which were converted into a logic notation and then tossed into Z3 to solve. Some cycles later, he had pulled the password straight out of the silicon!
This looks like a really fun challenge if you’re into logic design or hardware reverse engineering. You don’t have to write your own tools to do this, of course, but [q3k] would say that it was worth it.
Thanks [Victor] for the great tip!
Featured image by David Carron, via Wikipedia.
If you want to learn how to defeat computer security, nothing beats hands-on experience. Of course, if you get your hands on someone’s system without their permission, you may end up having a very short training that ends with a jail term. And that’s where capture-the-flag (CTF) events come in.
A CTF is a system of increasingly-difficult challenges that can’t be too easy or too hard. A well-designed CTF teaches all of the participants stuff that they didn’t know, no matter how far they get and what skills they came in with. Designing a good CTF is difficult.
But since it’s also a competition, running one also involves a lot of horrible bookkeeping for the folks running it. Registering teams and providing login pages is the dirty work that you have to do in the background, that takes away time from building the systems which others are going to take apart.
Which is why it’s great that Facebook is opening up their CTF-hosting platform, along with a few starter challenges, for us all to play along. We love CTFs and related hacking challenges. If this spurs the creation of more, we’re all for it. You can find the whole setup on GitHub.
If you’re new to CTFs, here’s an awesome collection of CTF-related material on GitHub to get you started. And if your tastes run more toward hardware hacking, we’ve covered previous firmware CTFs, but frankly there’s a lot more material out there. We feel a feature post coming on…
Thanks [ag4ve] for the unintentional tip!