For day two of DEF CON, I taken a look at tamper obvious devices, the contests area, and a few embedded talks. read all about it after the break.
Tamper obvious Village
This year was the first run of the Tamper obvious Village. The village has a variety of tamper obvious devices, including tapes, stickers, and seals. Volunteers supplied tools, solvents, and instructions on how to bypass the various devices without setting them off.
The tamper obvious challenge had teams trying to open a box secured with a variety of tamper-evident devices, then reassemble it. The judges examined the boxes on how well the safety devices had been bypassed.
The Tamper obvious challenge box, before being tampered with.
Contests
In the contests room, companies and volunteers ran all sorts of contests for people with various skills. The scavenger hunt list ranged from getting a mohawk to obtaining an aircraft exit slide. gamers teamed up with hackers in Hack Fortress, a game where team Fortress players get bonuses when the hackers on their team complete hacking challenges. crash and Compile is a coding-drinking game, where competitors try to fix a programming problem and have to drink whenever their code crashes.
Embedded Talks
[Todd Manning] and [Zach Lanier] presented their GoPro hacking in a talk called “GoPro or GTFO”. They managed to get a root shell on the cam and found that all of the services run as root. They also showed that the device could be used for surveillance proposes. They will be publishing source and information on their exploits on Github.
[Joe Grand] gave a talk on his new device: the JTAGulator. This open source hardware project helps with the automated discovery of debug interfaces. Target voltage selection and input protection is built in to stop you from frying your target board. ideal now, it can find JTAG and UART interfaces across 24 unknown channels. [Joe] demoed the device by discovering the UART and JTAG ports on a WRT54G wireless router.
The JTAGulator finding a WRT54G’s JTAG port.
DEF con 21 wraps up tomorrow, and I’ll be sharing a lot more cool stuff from the conference.