#LOLBitcoin Party Access Control System Setup

Posted on August 19, 2013 by Shopify API


At Defcon 21 earlier this month ExploitHub and Rift Recon held #LOLBitcoin, a party at a two story Sky Villa in the Palms Hotel. In order to get in, guests had to solve a multi-phase crypto challenge (Walkthrough posted on the ExploitHub blog) or receive a VIP pass. Here Rift Recon engineer John Norman describes our setup utilized for the party.

With 10 days to go before Blackhat, and an epic party planned at the Palms Hotel, we had a problem. Some of the key sponsors were still on the fence about doing the RFID-based party access system we’d proposed earlier.  With the deadline fast approaching, our fearless leader decided it was time to just “go all in” on the project and asked if it was too late to roll out something amazing.

Fortunately, I had just completed a redesign of Open Access, an open-source security and RFID research platform. The Open Access is a full-featured access control and security system, designed around a robust industrial controller project I had done earlier. The system features (2) standard RFID reader inputs, 4x5A relay outputs, 5x alarm zone inputs, a real-time clock, and optional direct-connection to a Raspberry Pi Linux PC.

My new intern Melissa Dunn had just finished building and programming the first two prototypes of this open-source security system, and I got to work building it out into an awesome party system.

First, I modified the Open Access for Arduino code (http://code.google.com/p/open-access-control) to work with the new on-board micro and peripherals. I added logic that would allow 2 different classes of users to be logged and identified by the Raspberry Pi, via it’s on-board 3.3V UART connection over serial.

Next, I wrote scripts for Raspberry Pi to do the following:

1. Automatically connect to the system and log to a file via minicom.

2. Display a “Welcome to the LOL Bitcoin” party logo when idle.

3. Tail the minicom log and search for successful access messages from either the “challenge” or “VIP” class of invites.

4. Display a graphics directly out the HDMI of the Raspberry Pi for the appropriate class of badge.

5. Display a “No bitcoin for you!” graphic for an unidentified/unknown badge attempt.


I programmed the card ranges for 500 EM-4102 class cards I had on hand. Since time was tight, I sent them directly to the Rift Recon team already in Vegas.

And finally, I packaged everything up into a bomb-proof Pelican 1050 case and made my way to Vegas.

End result: 400+ attendees, with zero failures. Regrettably, nobody tried to come in with a spoofed or cloned badge. I purposely chose an inexpensive, easy-to-clone badge for cost reasons, and to make it potentially hackable if someone put some effort into it.

What does it mean when a gathering of 10,000+ of the world’s best hackers aren’t immediately hacking this?

To me, it signals that while there is plenty of published research on-line with regards to 125Khz RFID hacking, there isn’t much out there in the way of a ready-made, “just works” solution. While it’s feasible to start a fire with a finely polished Coke can, many security researchers would rather buy an off-the-shelf Zippo lighter if they could.

-John Norman

Posted in AccessControl, exploithub, LOLBitcoin, riftrecon

Black Hat USA 2013 and DEF CON 21 Recap

Posted on August 10, 2013 by Shopify API


Ten days in Las Vegas sounds like a lot of fun to some people, or a long time for other people. But for the Rift Recon team, the time flew by as we attended and demoed our new Red Team bag at Black Hat USA 2013, BSides Las Vegas and DEF CON 21.

These three hacking and security conferences span the high-end professional physical security sector to the independent, under-the-radar contractors. The Rift team had the pleasure of connecting and talking shop with everyone, with all levels of interest, experience and abilities.

At Black Hat, just as the keynotes and briefings shifted into gear, we announced our official partnership with Exploit Hub (the world’s first non-zero-day exploit marketplace) - and we’re thrilled to be extending Exploit Hub’s reach into the hardware and firmware market by leading and developing the ExploitHub Hardware Initiative.

A long time in the making and eagerly anticipated by both companies, we sealed the deal with a handshake under the Black Hat USA banners at Caesars Palace, and the press teams pulled the trigger on our joint press release. We had even more to celebrate when Pwnie Express joined in the launch, with a new Rift Recon partnership that will be bringing even more innovative pentest gear to market.

At all three conferences, Rift Recon launched our initial product offerings by announcing the Red Team Kit version 1 and one of the prototypes from the initial research of the MIMIC series. Our reps were busy nonstop with demos of the Red Team bag, from hallways and conference rooms to bars after hours - and our busy table in the DEF CON 21 Vendor area.

We couldn’t have a launch without a party, and we had a big one on the first day of DEF CON 21 - right after theSummit’s EFF fundraiser, so everyone could make it. The ExploitHub and Rift Recon launch party was called #LOLBitcoin party - a big nod to ExploitHub adding Bitcoin as a payment method, as well as the lulzy nature of Bitcoin’s stability. To get in, partygoers had to solve a crypto challenge - and we still had to turn people away!


Over 400 people came to our giant suite in the Palms between 11pm and 4am; partygoers got to enjoy a private performance of Dual Core in the living room, while a mermaid lounged and chatted with partygoers who joined her in the outdoor hot tub. Music and dancing went all night, thanks to Manilla Ice and Int Eighty of Dual Core (hiphop/nerdcore), Mauvehed (electro swing), Keith Myers (party rocking music the only way he knows how), Egeste (electro dance), and Inkrypto (deep tech/house).

Rift Recon and ExploitHub had a busy joint table in the DEF CON Vendor area, where we had the RTKv1 on display and ready for pre-order, and had nonstop discussions with attendees, other vendors, speakers and more about what Rift Recon is offering to the community. We didn’t get to take any breaks, as people were often three layers deep around our table asking questions and looking at tools they’ve never seen before. With 15,000 people at DEF CON this year, we feel like we got to hang out and talk shop with almost all of them! Rift sold our first bag and had nonstop offers on the demo kit. We ran out of patches, and brought 1,000 stickers and ran out of those too - next year, we’ll definitely be bringing more of everything.

Tabling in DEF CON’s vendor space is a fairly selective process; in addition to a fee, vendors undergo a review selection process. The space this year was bigger than it’s ever been, and many vendors have become larger companies. Tables sold electronics, lockpicks, all manner of hacker hardware, books and much more. Some of the vendors we joined this year included the EFF and Hackers For Charity, as well as our friends at SERE Pick, Pwnie Express, Hak5, Security Snobs and our new friends from Simple Wifi and Nuand w/ the BladeRF.

Being a first time vendor at DEF CON is a very different experience from simply attending, or speaking. Having something our staff has put many hours/days/weeks/months into and hoping that everyone likes is both exhilarating and scary. After experiencing the response we got, we know we hit the right notes and we’re in the right direction especially with our prototypes of the MIMIC hardware. The MIMIC Series is a class of devices which focus on cloning and spoofing. The first range of technology we are focusing on is RFID and RFID-based technologies. We demoed our first prototype system at DEF CON, which was a reprogrammable 125khz tag - we’ve got a forthcoming post on MIMIC coming soon, so stay tuned.

DEF CON was crowded, but having lines of people waiting to get into talks, and seriously interested crowds at vendor tables (like ours!) isn’t a bad problem to have. Of note at DEF CON were the many great talks but the amazing outpouring of people which showed up at the Tamper Evident Village and the Hardware Hacking Village - which a few of our staff were also involved in this year. We lost our voices, but came back to the labs with plenty of ideas, new clients, more partnerships, new contacts, and feeling completely energized.

-Eric Michaud

Posted in blackhat, defcon, ExploitHub, LOLBitcoin, Recap, riftrecon