Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intro for new WCTFers. Reason behind the WCTF Use of RF technology has exploded RF used to require special and expensive equipment Safe Environment $20.

Published byProsper Hodges Modified over 8 years ago

Similar presentations

Presentation on theme: "Intro for new WCTFers. Reason behind the WCTF Use of RF technology has exploded RF used to require special and expensive equipment Safe Environment $20."— Presentation transcript:

1 Intro for new WCTFers

2 Reason behind the WCTF Use of RF technology has exploded RF used to require special and expensive equipment Safe Environment $20 gets most signals of interest

3 Legal issues to be aware of IANAL, neither are you Consult your local laws (fcc.gov) Restrictions for telco services (pagers and cell) Wiretap/Dual Party Consent

4 How we do this WiFi Flags –Crypto –Keys –Hashes –Communication interception SDR Flags –Protocol reversal –Demodulate files –Rx/Tx

5 Recon Know your wireless neighborhood WiFi –Kismet –Airodump-ng SDR –Freqwatch –gqrx

6 Exploitation Do your homework on the tools Practice in a safe environment Score the points!

7 Platform Selection Internet access A device with USB tether Laptop (PC or MAC) Multi core processor (high end for SDR) 16 GB ram or more (especially for VMs) Hard drive space for all the things Screen with space for multiple terminals External Radios/antennas Internal radios generally do not give the optimal capability Built in antennas rarely give flexibility needed Power-Supply Enough outlets to power all of your gear Possibly powered USB hubs

8 Operating Systems Pentoo GNU Radio Live Windows Kali

9 Software Tools Aircrack-ng Kismet-ng Airodump-ng Wireshark TCPDump Nmap PGP/GPG inssider Reaver Pyrit OCLHashcat Wifite Fern-wifi-cracker Airdrop gqrx dsd Channelizer multimon-ng smartnet-scanner GNUradio OsmoComSDR EyeP.A. SpecTools Baudline Gr-fosphor pixiedust Custom tools

10 Hardware Tools Metageek Wispy DBx Signal Hound BB60(x) GSG HackRF Nuand BladeRF Any RTL-SDR GSG Ubertooth zigbee radios Rosewill RNX-N600UBE Alfa AWUS036NHA Alfa AWUS051NH v2 Ubiquiti SR-71 Airpcap Nx TP-Link WN722N Globalsat BU-353 GPS Custom transmitters Rokland n3 Pwnie Express PWNPad Hak5 Wifi Pineapple Wired and wireless Tap USB hub USB power USB ethernet Headphones Antennas (assorted)

11 Helpful Radios Alfa radios (ABGN) Rokland N3 (BGN) Rosewill N600 UBE (ABGN) SR-71 (ABG) AirPcapNx (ABGN) WiSpy DBX (2.4 and 5Ghz) TP-Link TL-WN722N (BGN) Ubertooth One (many uses) HackRF One (SDR) RTL-SDR (SDR) Nuand BladeRF EnGenius EUB 1200AC (ABGNAC) Signal Hound B60

12 Headphones There are thousands of headphones Headphones are a very personal decision They range in price and quality Find a pair that are comfortable and clear Avoid ones with bass boost or other signal processing Reference type headphones tend to be cheap and well suited

13 Something to carry it in Pack Pelican case Vehicle (MRAP)

14 Antennas for WCTF Two relevant polarization types –Horizontal –Vertical Three basic radiation patterns –Omni-Directional Most common type Radiates “equally” in all directions (horizontal) –Semi-directional Radiates stronger signal in certain directions –Highly-Directional Radiates a much stronger signal in one direction

15 Omni Directional Radiates equally In all directions on the horizontal plane

16 Semi-Directional Radiates stronger signal in multiple directions

17 Highly Directional Radiates strong signal in a signal direction

18 Target Selection Look for “hot spots” Determine what the limits are that you are working within Look for beacons that are within your target set

19 Transmitters to be found

20 Putting it together In WCTF as in the real world: Right Tools for the Right Job Know your tools and limitations SDRs and GNURadio provides easy access to much of RF and rapid construction of custom tools! Now to put it into practice…

21 What am I seeing/hearing? http://www.sigidwiki.com/wiki/ Signal_Identification_Guide

22 Common problems in SDR labs Antennas Lightning Static Noise Clocks and Drift

23

24

25 Static protection is a must! The cheaper RTL’s do NOT have static protection Wind generates static Rubbing things… generates static

26

27 Noise Reduction Must Reads The-Mitigation-of-Radio-Noise-from- External-Sources-at-Radio-Receiving- Sites http://www.dtic.mil/cgi- bin/GetTRDoc?AD=ADA468464 Naval RFI Handbook http://www.arrl.org/files/file/Techn ology/RFI%20Main%20Page/Naval _RFI_Handbook.pdf

28 BFG

29 Clocks The cheaper SDR’s have a lot of noise in them Choke them out and isolate noise sources Use a unified PPM if you use more than one for IQ

30 Multichannel Receivers http://yo3iiu.ro/blog/?p=1450 A bit of fun - Hardware Mods

31

32 Wireless Capture the Flag WCTF Always new changes Typically between 12-25 challenges for different disciplines Challenges are all RF 30MHz – 5.9GHz

33 Challenges

34 Let’s get started Welcome to WCTF! This is your first challenge. Use the municipal Wi-Fi to confirm you can connect, then submit the flag to confirm you can use the scoring engine for +10 point.

35 Budget Your Time Challenges do not have to be solved in order Difficulty range easy-insane Pay attention to details Don’t dwell on the problem Ask questions Learn things HAVE FUN

36 The talk… Time to talk about the challenges

37 Welcome to Voltronville Zarkon Industries has the strongest wireless network in the galaxy. Attempts to hack this are futile. Seek life elsewhere. +500

38 It’s getting serious The dark underbelly of Zarkon's network has lots of delicious flags for your benefit, if you happen to ever gain access. Some are easy, some are insane puzzles that you could lose a day in. Budget your time wisely! Points vary: +20-50 each

39 Coffee time! Grap a cup at Lotor’s!

40 Pizza!

41 Swag Don’t forget to grab a souvenir at the gift shop!

42 Voltronville Bank Banking hours are limited, but even the CEO visits this vault. Know the key and learn all his secrets, just hurry! (points vary!)

43 Residential Area Not all residents of Voltronville use the municipal Wi-Fi; some are still so hopelessly broken. +300

44 Residential Area Sometimes people connect. Sometimes they don't. +150

45 Fox & Hound Fox & Hound: first team to capture gets 750pts! SSID: Allura_the_Fox MAC: D2:E4:0B:F6:66:B8

46 Fox & Hound Fox & Hound: first team to capture gets 750pts! SSID: Lamina_the_Fox MAC: D2:E4:0B:F9:E2:F5

47 Hide & Seek! Hide and Seek! These flags decay over time starting at +1000 so hurry!!! SSID: Voltronville_Hotel_1

48 Hide & Seek Hide and Seek! These flags decay over time starting at +1000, so hurry!!!! SSID: Voltronville_Hotel_2

49 Convention Center The local HAM Radio club is having a HAM Fest; find and capture their error prone signals. 50 to 100 points that can decay

50 Movie Theatre The local movie theatre is branching into digital movie broadcasts! Find their management system. 50 to 250 points that can decay

51 Convention Center There is an amateur radio SSTV broadcast; 75 points decaying

52 Who There are spies amongst us; find their transmissions, decode, demodulate, decrypt and analyze. 250 to 500 points decaying.

53 Water Control Plant The water station has misconfigured their SCADA controller. Find it and explore. 100 points decaying.

54 SDR Fox Frequency: 192 MHz

55 Duck Hunt Frequency: 172.75MHz Details: http://sdr.ninja/training-events/sdr-dunk-hunt/ How to shoot: #!/bin/sh while true ; do echo "bang" | minimodem --tx -f -8 1200 -f /home/pi/bang.wav && /home/pi/pifm /home/pi/sentence.wav 80.0 48000 ; sleep 4;done

56 Duck Pond Find the duck Shoot at the duck Receive the MD5 Flag Submit for points

57 SDR Roulette Receive the transmissions Analyze them Strap the toy to your leg Transmit to win –Beep, Shock, Flash or Vibrate

Download ppt "Intro for new WCTFers. Reason behind the WCTF Use of RF technology has exploded RF used to require special and expensive equipment Safe Environment $20."

Similar presentations

5-21-14 NEMA. 2 Utility Metering vs. Submetering 10/11/2014 New PowerPoint Template Utility Meter Meter provided by utility with the purpose of measuring.

NEMA. 2 Utility Metering vs. Submetering 10/11/2014 New PowerPoint Template Utility Meter Meter provided by utility with the purpose of measuring.
Dr Silvio Cesare Qualys. Introduction  Lots of electronic systems  Converging with computing  IT security techniques can be used.

Dr Silvio Cesare Qualys. Introduction  Lots of electronic systems  Converging with computing  IT security techniques can be used.
Tri-Band RF Transceivers for Dynamic Spectrum Access By Nishant Kumar and Yu-Dong Yao.

Tri-Band RF Transceivers for Dynamic Spectrum Access By Nishant Kumar and Yu-Dong Yao.
Wireless Penetration Testing and How to WCTF

Wireless Penetration Testing and How to WCTF
ST/PRM3-EU | | © Robert Bosch GmbH reserves all rights even in the event of industrial property rights. We reserve all rights of disposal such as copying.

ST/PRM3-EU | | © Robert Bosch GmbH reserves all rights even in the event of industrial property rights. We reserve all rights of disposal such as copying.
WiFi VS Cellular “Bringing Secure Payment to the Point Of Service”

WiFi VS Cellular “Bringing Secure Payment to the Point Of Service”
LANs and WANs. 2 Chapter Contents Section A: Network Building Blocks Section B: Wired Networks Section C: Wireless Networks Section D: Using LANs Section.

LANs and WANs. 2 Chapter Contents Section A: Network Building Blocks Section B: Wired Networks Section C: Wireless Networks Section D: Using LANs Section.
Unbounded media have network signals that are not bound by any type of fiber or cable; hence, they are also called wireless technologies Wireless LAN.

Unbounded media have network signals that are not bound by any type of fiber or cable; hence, they are also called wireless technologies Wireless LAN.
SDP 2011 Team Goeckel PDR Robert Gibb Dominic Emilian Patrick Coletti Seth Berggren teleCast.

SDP 2011 Team Goeckel PDR Robert Gibb Dominic Emilian Patrick Coletti Seth Berggren teleCast.
Copyright 2005 - 2009: Hi Tech Criminal Justice, Raymond E. Foster Police Technology Police Technology Chapter Three Police Technology Wireless Communications.

Copyright : Hi Tech Criminal Justice, Raymond E. Foster Police Technology Police Technology Chapter Three Police Technology Wireless Communications.
1 Part II: Data Transmission The basics of media, signals, bits, carriers, and modems Fall 2005 Qutaibah Malluhi Computer Science and Engineering Qatar.

1 Part II: Data Transmission The basics of media, signals, bits, carriers, and modems Fall 2005 Qutaibah Malluhi Computer Science and Engineering Qatar.
Visualization of Wireless Computer Networks Dunbar, Matt D., Kansas Applied Remote Sensing Program and University of Kansas Geography Department, and Becker,

Visualization of Wireless Computer Networks Dunbar, Matt D., Kansas Applied Remote Sensing Program and University of Kansas Geography Department, and Becker,
Short Distance Wireless Communication. Team 5 Thomas French Jordan Harris Mike Symanow Luseane Tangataevaha.

Short Distance Wireless Communication. Team 5 Thomas French Jordan Harris Mike Symanow Luseane Tangataevaha.
1 Wireless LANs. 2 Introduction Types of Communication Networks. LAN’s Configurations. Wireless Technology. –Definition. –Applications. –Example. Communications.

1 Wireless LANs. 2 Introduction Types of Communication Networks. LAN’s Configurations. Wireless Technology. –Definition. –Applications. –Example. Communications.
SAMEER NETAM RAHUL GUPTA PAWAN KUMAR SINGH ONKAR BAGHEL OM PANKAJ EKKA Submitted By:

SAMEER NETAM RAHUL GUPTA PAWAN KUMAR SINGH ONKAR BAGHEL OM PANKAJ EKKA Submitted By:
1 WiFi Network standards WiFi Network standards BASIC TELECOMMUNICATIONS.

1 WiFi Network standards WiFi Network standards BASIC TELECOMMUNICATIONS.
Welcome to Wifi. This morning You’ve gotten the grand tour About us Welcome, getting started, etc How wireless works.

Welcome to Wifi. This morning You’ve gotten the grand tour About us Welcome, getting started, etc How wireless works.
Introduction to WiFi Created by Bianca Alexander.

Introduction to WiFi Created by Bianca Alexander.
For more notes and topics visit: www.eITnotes.com eITnotes.com.

For more notes and topics visit: eITnotes.com.
Smart Grid Research Consortium Conference Communications: Technologies Systems Future Trends Dr Rick Russell.

Smart Grid Research Consortium Conference Communications: Technologies Systems Future Trends Dr Rick Russell.

Similar presentations

Ads by Google