Posts

Posted on

Teaching Lockpicking in the Desert

I had a serendipitous experience last year. The wife and I decided to celebrate a big round anniversary and a big round birthday by embarking on a rather ambitious journey. We drove to St. Louis for the eclipse, then to Burning Man.  We got there a few days early to help out with “build week.” The Burning Man stories are for another time and place, but at some point after the event opened officially, I noticed that a camp schedule was posted (we camped in a village of several camps, with a large group of mostly DC area burners).  While perusing the schedule, I noticed that there was a lockpicking class on the schedule. I asked the leader of that camp about it, and he replied, “oh yeah, there was going to be a class, but the guy who teaches it couldn’t make the Burn this year.”  Excitedly, I asked if his equipment made it without him (it had) and volunteered to teach the class.

Fast forward to class time.  I figured one or two people would wander by, so I spread out the backpack full of labeled progressive lock cylinders (1-pin through 5-pin) and the other oddball cylinders and locks on a table with some chairs near the front of our camp and sat and started playing. One or two campmates came to keep me company and play along. It didn’t take long for people to start showing up, and soon the table was crowded. I’d like to say I gave them brilliant insights and harrowing demonstrations of technique, but all I really did was explain how pin tumblers work, and a general demonstration on how to use the tension wrench with just the right amount of pressure in hopefully the correct direction, and boy were they off!  The table was aflutter with people shuffling cylinders around, saying “I’m done with 1, is there another 2 free?”  “I’m up to 4 already!”  Fast forward an hour or three (burner time is a bit fuzzy) and some 20-30 people or so (counting burners is also a bit fuzzy) successfully passed their first lockpicking class. Nobody failed, nobody gave up.

I still haven’t had a chance to thank the guy who didn’t show up. I think he’s part of TOOOL DC, may have dated one of the burners in the camp at some point or something (yeah, facts are fuzzy out there too). I was hoping to track him down at Defcon this year and thank him, but I didn’t manage to get around to it.  Hell, there’s always next year.

Posted on

Certs and continuing education

Just a reminder that attending conferences, security group meetings, and similar activities can count toward continuing education credits for maintaining certifications.

I picked up CEH last April, and thanks in a large part to attending DEFCON twice and BSidesLV once, I’ve already got 89 credits toward the 120 required for maintaining my certification..

Over the winter, I intend to take on OSCP.  What certs to you folks have?

Here are the activities that qualify as continuing education credits for CEH:

  • Volunteering – 1 credit for each hour you will spend
  • Association/Organization Chapter Meeting (per Meeting) – 1 credit per hour
  • Author Article/Book Chapter/White Paper – You can contribute to authoring an IT security related book, chapter or paper and earn 20 ECE credits. Note that, if you write the whole book, you will earn 100 ECE credits.
  • Education Course – You can earn one ECE credit per hour for any IT security related course you will attend. 
  • Seminar/Conference/Event – You will earn one ECE credit for every hour of a seminar, conference or similar event you will attend.
  • Higher Education – If you are continuing to higher education in IT security (e.g. Masters or PhD) you can earn 15 credits per semester hour
  • Identify New Vulnerability – If you identify an IT security related vulnerability, you can earn up to 10 ECE credits
  • Presentation – You can share your IT security knowledge with your colleagues, in a chapter meeting or in a conference. You will earn three ECE credits per every hour you will present.
  • Reading an Information Security Resource – You can earn up to five credits by reading an IT security related book, article, review or case study.
  • Teach New – You can prepare a course or organize a workshop and teach people about IT security. You will earn 21 credits per day for teaching IT security. This is generally an eight hours per day course.


Posted on

Hackerboxes #0033

Better late than never.  I think this one was released in time for subscribers to assemble it before Defcon. I slapped this together over the weekend. About the simplest project you can imagine.  The switches turn the individual LEDs on, and the LEDs each have either a slow transition or fast transition IC built-in.  The resistors are purely for decoration.  It’s pretty and blinky, so I can’t complain.

The kit also came with a MicroPython PyBoard to experiment with. Going to have to steal some time to play with it, it really sounds like a lot of fun.

Posted on

Proxmark 3 RDV4

I was excited to pick up the new Proxmark 3 RDV4 from its Kickstarter, before the official, far more expensive release at Defcon 26.  I’d been playing with it since I got it, cloned my office entry HID card, and tried out a couple of the Android apps to run it.

There are two Android apps that I’m aware of. Walrus is the one that seems promising to me.  It leverages the ability to read, write and simulate (playback) RFID cards native to the Proxmark, and supposedly a feature under development is to brute force readers using bulk-collected tags.  Sounds like a fun tool for physical pentesters.  Collect cards in a crowded elevator, then try to get into offices using the cards you’ve collected.  I haven’t checked for an update since downloading the software, so I have no idea whether it’s been implemented yet.  The other one, AndProx, is a standard Proxmark CLI, and I’m not much for typing on phones.  It’ll work in a pinch, but I prefer my trusty Macbook for that. Also, it didn’t seem to recognize the Proxmark from my phone. Maybe I need an OTG cable.

I picked up some keyfob tags on Amazon, because I have this annoying habit of forgetting my work card every once in a while and having to borrow a temporary card from the receptionist, and I figure if I have one on the same ring as my car keys it’ll be far less likely that I’ll leave it at home (or in the car). However, my RFID tag knowledge isn’t super deep, and apparently just looking for T5577 cards isn’t good enough.  They read as “Indala” in the Proxmark, and I’m unable to clone my HID card to them as I could with the included Proxgrind card, or other random cards in my collection.

So I looked a little closer this time, and ordered another set of fobs that one reviewer claims he was able to clone HID with. Science is all trial and error, right?

If you’re considering getting a Proxmark, I’ll share a couple of experiences.  Trying to update the bootloader and firmware from a Linux VM was problematic. The update hung and bricked the Proxmark. This was easily fixed by holding down the button on the unit while powering it up, and while re-uploading the bootloader and firmware directly from MacOS.  If you get weird command errors, it’s because your client and firmware versions are out of sync. Once everything’s in sync, it’s like clockwork.

Side note: I’m getting to be known as “that guy” at work. A coworker asked me if I could pick tubular locks today.  Gotta dig out my tubular pick set to bring in tomorrow. He wants to replace a drive in a locked drive array and doesn’t know where the key is.

Indala Update 2018-09-09: I somehow managed to get the “Indala” card to work. Hints from iceman gave me confidence that the reader may have just been misreading the tags, so I played around with t55xx commands until I managed to get it right.  I will try to duplicate the process in my spare time so that I have a documented solution.  The good news is that it does work.  Now what to do with these 19 extra fobs.  🙂

DEF CON 202 Social

21+ only; this event is at a brewery. This is a mostly social event rather than purely technical. We’ll meet up, have drinks, and chat. Invites to our private Slack will be given out to those who show. There will be a brief live demo of the Tails OS and safely using public wifi for the darknet, starting at 8:30 and lasting maybe 15 minutes.

We politely request that photos not be taken.

Posted on

CHV Badge

Received the Car Hacking Village badge today. The fucker has a beautiful display, nice fluid LED transitions, and an OBD-II port.  Looking forward to seeing what its capabilities are. I know it has CAN and NFC capabilities from the website at http://www.specsolns.com/defcon…

Defcon DC540 Meeting – Stone Ridge

Bring yourself and your interests. If you have DEFCON indie badges (#badgelife) bring them. If you have something you want to demo or learn about, bring it.

Defcon DC540 Meeting – Stone Ridge

Bring yourself and your interests. If you have DEFCON indie badges (#badgelife) bring them. If you have something you want to demo or learn about, bring it.

Defcon DC540 Meeting – Stone Ridge

Bring yourself and your interests. If you have DEFCON indie badges (#badgelife) bring them. If you have something you want to demo or learn about, bring it.