Posted on August 19, 2013 by Shopify API
At Defcon 21 earlier this month ExploitHub and Rift Recon held #LOLBitcoin, a party at a two story Sky Villa in the Palms Hotel. In order to get in, guests had to solve a multi-phase crypto challenge (Walkthrough posted on the ExploitHub blog) or receive a VIP pass. Here Rift Recon engineer John Norman describes our setup utilized for the party.
With 10 days to go before Blackhat, and an epic party planned at the Palms Hotel, we had a problem. Some of the key sponsors were still on the fence about doing the RFID-based party access system we’d proposed earlier. With the deadline fast approaching, our fearless leader decided it was time to just “go all in” on the project and asked if it was too late to roll out something amazing.
Fortunately, I had just completed a redesign of Open Access, an open-source security and RFID research platform. The Open Access is a full-featured access control and security system, designed around a robust industrial controller project I had done earlier. The system features (2) standard RFID reader inputs, 4x5A relay outputs, 5x alarm zone inputs, a real-time clock, and optional direct-connection to a Raspberry Pi Linux PC.
My new intern Melissa Dunn had just finished building and programming the first two prototypes of this open-source security system, and I got to work building it out into an awesome party system.
First, I modified the Open Access for Arduino code (http://code.google.com/p/open-access-control) to work with the new on-board micro and peripherals. I added logic that would allow 2 different classes of users to be logged and identified by the Raspberry Pi, via it’s on-board 3.3V UART connection over serial.
Next, I wrote scripts for Raspberry Pi to do the following:
1. Automatically connect to the system and log to a file via minicom.
2. Display a “Welcome to the LOL Bitcoin” party logo when idle.
3. Tail the minicom log and search for successful access messages from either the “challenge” or “VIP” class of invites.
4. Display a graphics directly out the HDMI of the Raspberry Pi for the appropriate class of badge.
5. Display a “No bitcoin for you!” graphic for an unidentified/unknown badge attempt.
I programmed the card ranges for 500 EM-4102 class cards I had on hand. Since time was tight, I sent them directly to the Rift Recon team already in Vegas.
And finally, I packaged everything up into a bomb-proof Pelican 1050 case and made my way to Vegas.
End result: 400+ attendees, with zero failures. Regrettably, nobody tried to come in with a spoofed or cloned badge. I purposely chose an inexpensive, easy-to-clone badge for cost reasons, and to make it potentially hackable if someone put some effort into it.
What does it mean when a gathering of 10,000+ of the world’s best hackers aren’t immediately hacking this?
To me, it signals that while there is plenty of published research on-line with regards to 125Khz RFID hacking, there isn’t much out there in the way of a ready-made, “just works” solution. While it’s feasible to start a fire with a finely polished Coke can, many security researchers would rather buy an off-the-shelf Zippo lighter if they could.
Rift Recon tailors its clients from a suite of exclusive security service providers, in order to meet their specialized needs in software or hardware, utilities for cyber/physical security assessment, tool creation and team outfitting, as well as specialized trainings, and expert referrals.
Our team meets and verifies all equipment needs from solid standards to exotic tooling, and deftly handles client needs for cyber and physical security specialist placement.
Rift operates across a variety of security disciplines including product security, physical security, hardware/software research, and development (including middleware, electronic devices and kits). We also cater to professionals who are striving to meet their own clients’ various cyber and physical security needs.
Our client range spans independent trainers, corporations, to high net worth individuals. We consult red teams, independent cyber or physical security contractors, product security teams, and companies that require exacting, and/or executive-grade assessment reports.
Rift provides a suite of services.
Rift Recon excels at identifying and recruiting top-level talent, and holds a strong track record for meeting our clients’ unique physical security needs.
Discreet and methodical, Rift stands as the premiere company in the world positioned to expertly source, secure, or innovate and manufacture hardware to meet the exacting - often critical - software and hardware security needs of its clients.
Contact Rift Recon day or night for gear, consultations, to explore opportunities, or even just to find out more: [email protected]