The King is dead. Long live the King.
Today, the European commision has finally approved Oracle’s purchase of Sun. As a former Sun employee some years ago I feel kind of sad of seeing the end of one of my favourite companies, and one of the more innovative, just remember: NFS, Solaris, SPARC, Java, SunRays, E10K… cool, uh? Yeah, that was Sun.
As a techie, a Unix lover, a geek… I’m sad. I liked Sun, I worked for Sun and I loved the projects, how they embrace open source, their visionary spirit, just remember the famous motto “the network is the computer”…
Let’s see what happens now with MySQL, OpenSolaris or Java.
26C3 #1
Summary of Day#0
This year the CCC has started pretty chaotic, which isn’t strange because we’re in the Chaos Computer Congress ;)
I say that this year started chaotic, because the ticket selling desk was supposed to be up&running at 5 PM yesterday, but the opening was delayed until 10 PM. I was there at 5, it wasn’t ready, I went for a 2 hours talk, I was there at 7 again, but I saw that the place was open but the selling desks weren’t working yet, and finally after a long walk one more time through the nice xmas markets around the city (I had and overdose of curry bradwurst) I met with Luy, we had a couple of beers(yes, just a couple! ;)) and went to BCC at 10 PM, just to find a looooooong, loooooooong queue :( I haven’t seen anything like that the previous years, the line was all inside the ground floor in the BCC… luckily for LuY and I, JAG was already there, he has been in the line for about 15 minutes and we joined him. We were there, queueing, about 1 hour… the longest queueing time that I remember in a CCC Congress :( if the last year the congress was crowded, this year gonna be crowded++
Day#0 is almost finished, time for something to eat… we had a kebab in Alexanderplatz, some chatting to catchup in the everyday lives of all of us, and time to calling sleep() system function ;)
Day#1 of 26C3 has started.
We met at 10 in Alexanderplatz to have some breakfast. This year we started our personal schedule pretty late compared to other years as the opening lecture, the keynote, this year is in german instead of in english as opposed to previous years, so the first bunch of talks would be the lighting talks. Here we had a mix of german and english talks, I don’t speak a word of german so the talks in this language are totally encrypted for me, that’s a pity because some of them seem pretty interesting. Anyway, we had here a lot of short (4 minutes long) talks, most of them really interesting. People frequently use these lighting talks to briefly introduce the projects in which they’re working on. The talks that I found more interesting, and that I’ll try to know more deeply in the next few days are the following ones:
Sleephacking. If you’re like me, I guess that you have tried polyphasic sleep or at least you have read about it. This talk was a summary of what hacking-sleep-techniques are out there, and invite us all to the workshop about polyphasic sleep. I didn’t attend it, but I’d liked to.
Radio Broadcasting. Maybe you thing trhat radio broadcasting is completely dead. Who wants to FM or AM broadcast when you can broadcast whatever you want globally through the Internet. Take a look at the opendigitalradio project, it’s worth it, maybe you change your mind after know what you can do with a USRP and some radio oriented open software.
Sybil Attack & DDOS with BitTorrent DHT. The idea behind this was very interesting despite the guy giving the talk seemed really nervous… take it easy man, we’re all friends! :) OK, the idea was cool… a DDOS attack forced when you inject some fake DHT info to the torrent network, so you’re telling that some pieces of information are available in IP addresses that really don’t, forcing other people looking for these chunks to connect to the target, and doing that, you create a TCP connection storm against the target.
There were a cool talk about a guy who built a pong watch and asteroid watch, really funny… your binary led watch looks like crap compared with this pong watch. You have to watch it out! :)
More details about the lighting talks here, try to google to find more information about each subject.
After a couple of giant bratwurst for lunch I attended the talk Our darknet and bright spots about the VPN system created to link all the hackerspaces around the world. It was about ChaosVPN (network tha links EU hackerspaces, mainly the german ones) and Agora (network that links all US hackerspaces as noisebridge in SF or Resistor in NYC). Which network topology to use, why a centralized (star kind) topology doesn’t work for them, and why popular VPN software like OpenVPN doesn’t fit their needs. These intranets are based on the tinc and dn42 as the core software for linking all the nodes and a workshop was setup to teach how to get into the hackerspace mesh network. The idea of joining and sharing resources, or participate in the 24/7 CTF is really cool, and catch all my attention, so I’ll take a look at home again in a few days. If I finally get into, I’ll write a post of how to join the network, and what services are on it.
The next talk I’ve attended was Exposing Crypto Bugs through Reverse Engineering. It was a nice talk about how good crypto can be totally cracked if the implementation is bad. The first example was a crypto key, FIPS approved, that creates several encrypted file systems, with 4 different passwords, one for private data, another on for public data, a fake private password that you can use when someone asks you to give him/her your private key, so you can use this fake password that opens and decrypts a simulated real file system, and doing that you fool the guy in the border, for example. Well, the bug in this crypto key was that through reverse engineering was known the structure of the crypto file where the four blocks of data were stored. The structure keeps the passwords SHA hashed. By a brute force attack, or a rainbow table attack, you could crack one or more than one of the four passwords. And what was the funny trick that exposed the really bad implementation? Well, if you could find 1 of the 4 passwords, you could decrypt any of the four data blocks not only the data block associated with the password cracked. So, in the talk he cracked the panic password, which is the 4th password that you can define, the panic password is the one that you’d use to wipe out all the information in your private block, rebuilding the crypto file from scratch. As you can imagine the panic password should be short, so you can type it really fast if you’re on problems. So it’s the one easier to brute-force. So, if you have a weak password, the panic one, you crack it, and you can use it due to the bad implementation to decrypt the private and really secret data… then this system is completely useless.
Next GSM: SRSLY? talk. This kind of talks about GSM encryption aren’t new in CCC, the last couple of years had been talks to inform about the state of art of A5/1 cracking using pre-calculated tables. This time, the H4RDW4RE group has talked about the viability of the attack, which has been evolving from the last 12 years, being completely feasible for everyone with an USRP2 device, what permit you to make a MiTM attack to the GSM terminals, using OpenBTS and forwarding the calls through your own Asterisk PBX if needed. By the way, the USRP is a REALLY AMAZING device, I want one of those :-O it’s a really amazing device to play with radio networks, that’s BT, WiFi, GSM, and radio broadcasting… really cool, don’t you think?. If you’re interested in this subject, check the project page and don’t hesitate to colaborate with the calculation effort.
The last talk I attended today was the cat /proc/sys/net/ipv4/fuckups. Cool talk about how to bypass level 3/4 layer filters taking advance of a faulty Linux device driver of a Realtek giga network card, how to poison squid DNS cache, or how to execute arbitrary code on a remote IM client using the custom emoticons… nice talk, much in the style of “How to own…” book series, linking a bunch of isolated “epic fails” or misconfigurations to reveal a scenario in which taking advantage of all these bugs, one after the other, you can own the system. Nice talk, specially the explanation about the stupid and dangerous implementation of the MSN custom emoticons, so easy to own the remote IM client…
To end the night before going to the hostel, a late night Kebab at our usual place with Max, the guy from Austria that we met last year, and that we’ve met this year again in the CCC. Sai Emrys joined us in the Kebab place, and we had a cool talk about cryptography and the “free space filesystem” idea that he throw in his lightning talk of today, tomorrow he’ll talk about “how to create languages”.
Nice first day… I’m uploading this report while having the last beer in the hostel bar, goind to sleep() to have more hacker’s fun tomorrow morning… nice hacking!
Reto Hack-It de la Euskal Encounter 17
Dice el refrán popular que “más vale tarde que nunca” y en este caso particular más vale publicar la solución de este reto cinco meses después de la Euskal, que no hacerlo nunca :)
Este año, al igual que hice el año pasado, he realizado mi modesta aportación al Hack-It de la Euskal Encounter con una prueba para gozo y disfrute del personal que tuvo a bien participar en lo que, en mi opinión personal, es una de las mejores actividades que se realizan durante este evento y al que llevo acudiendo ya la friolera de 13 años si mi memoria no me falla. Agradecer a hey_neken el haber incorporado mi reto al Hack-It de este año.
Bien, basta de rollos, ¡pasemos a la acción! :)
El sufrido participante del Hack-It, una vez llega a mi prueba, se encuentra con que lo único que se le proporciona es una dirección IP, correspondiente al servidor del Hack-It en la LAN de la party, y un puerto TCP. Lógicamente, el primer paso es hacer uso de lo que nos dicen y conectar mediante un telnet a ver qué pasa. La conexión se establece sin problemas, apareciendo lo siguiente en el terminal desde el que realizamos el telnet:
# telnet 1.2.3.4 9999
Trying 1.2.3.4...
Connected to 1.2.3.4.
Escape character is '^]'.
CONNECTED
Enter received access code:
Nos pide que introduzcamos un código, pero no sabemos la longitud del mismo o incluso el juego de caracteres válido. De igual forma, en unos pocos segundos la conexión se corta, por lo que parece que hay un timeout definido, durante el cual es necesario que introduzcamos el código que nos pide. Ahora bien, ni en la página del reto se nos da pista alguna sobre este código, ni parece que haya información oculta de ningún tipo. Debe ser que hay que extraer algo más de información de esta conexión que establecemos, que parece que es lo único que tenemos en este momento para seguir investigando.
En retos de este tipo, siempre es buena idea tener un ojo en la red, ver qué se mueve por el cable (o las radiofrecuencias) más allá de lo que vemos, así que es buena idea repetir la conexión telnet pero con un sniffer capturando todo el diálogo, no sea que haya cosas que no vemos pero que nos pueden aportar información útil. Para ello, podemos usat tcpdump, snoop, wireshark o cualquier aplicación de captura de tráfico. Repetimos el telnet y veamos que se mueve por la red…
18:01:46.461990 IP 5.6.7.8.45385 > 1.2.3.4.55555: S 2307708527:2307708527(0) win 5840 <mss 1460,sackOK,timestamp 3301879450 0,nop,wscale 5>
18:01:46.650067 IP 1.2.3.4.55555 > 5.6.7.8.45385: S 2158051019:2158051019(0) ack 2307708528 win 5792 <mss 1460,sackOK,timestamp 1964456258 3301879450,nop,wscale 3>
18:01:46.650092 IP 5.6.7.8.45385 > 1.2.3.4.55555: . ack 1 win 183 <nop,nop,timestamp 3301879497 1964456258>
18:01:48.109403 IP 1.2.3.4.31337 > 5.6.7.8.31337: UDP, length 90
18:01:48.113211 IP 1.2.3.4.55555 > 5.6.7.8.45385: P 1:11(10) ack 1 win 724 <nop,nop,timestamp 1964456624 3301879497>
18:01:48.113228 IP 5.6.7.8.45385 > 1.2.3.4.55555: . ack 11 win 183 <nop,nop,timestamp 3301879862 1964456624>
18:01:48.306398 IP 1.2.3.4.55555 > 5.6.7.8.45385: P 11:39(28) ack 1 win 724 <nop,nop,timestamp 1964456673 3301879862>
18:01:48.306415 IP 5.6.7.8.45385 > 1.2.3.4.55555: . ack 39 win 183 <nop,nop,timestamp 3301879911 1964456673>
18:02:03.120239 IP 1.2.3.4.55555 > 5.6.7.8.45385: P 39:40(1) ack 1 win 724 <nop,nop,timestamp 1964460376 3301879911>
18:02:03.120293 IP 5.6.7.8.45385 > 1.2.3.4.55555: . ack 40 win 183 <nop,nop,timestamp 3301883614 1964460376>
18:02:03.124090 IP 1.2.3.4.55555 > 5.6.7.8.45385: FP 40:67(27) ack 1 win 724 <nop,nop,timestamp 1964460376 3301879911>
18:02:03.124220 IP 5.6.7.8.45385 > 1.2.3.4.55555: F 1:1(0) ack 68 win 183 <nop,nop,timestamp 3301883615 1964460376>
18:02:03.308138 IP 1.2.3.4.55555 > 5.6.7.8.45385: . ack 2 win 724 <nop,nop,timestamp 1964460423 3301883615>
Analicemos la captura, paso por paso:
- Los tres primeros paquetes intercambiados es el establecimiento de conexión TCP.
- Nada más establecerse la conexión con el servidor, éste nos envía un paquete UDP.
- Hay un intercambio de segmentos TCP, ya que el servidor también nos envía los datos correspondientes a lo que nos aparece en el terminal, la petición del código.
- Tras 15 segundos, durante los cuales nosotros no hacemos nada, el servidor finaliza la conexión.
¡Bingo!. ¿Qué es ese paquete UDP que nos envía el servidor cada vez que conectamos?. Si se hace un dump del contenido del paquete y se realizan varias conexiones para comparar varios paquetes UDP se advierte que:
- El juego de caracteres es limitado, aparece el espacio y los caracteres _ – |
- Siempre se devuelven 90 caracteres.
- Cada conexión devuelve una secuencia de caracteres distinta.
Por tanto, viendo esto, ¿estará el código codificado con esos caracteres?. Eso parece improbable, al igual que pensar que es algún tipo de cifrado, ya que la cadena que se devuelve en el paquete UDP desde el servidor únicamente hace uso de estos 4 caracteres (los tres tipos de barras y el espacio). Ahora bien, y si estos caracteres son una representación “gráfica” de algún tipo (ASCII art) del código. Eso podría ser… ;)
Si os digo “display de 7 segmentos”… ¿a que a muchos se os acaba de encender un LED de alta luminosidad sobre la cabeza? ;)
Pues efectivamente… lo que nos está llegando en el paquete UDP es la representación “7 segmentos” del código. Si intentamos “dibujar” un digito (suponemos inicialmente que el juego de caracteres del código es exclusivamente numérico) como lo hacen los displays de 7 segmentos en ASCII nos damos cuenta de que necesitamos 9 caracteres para “dibujar” el dígito. Por tanto, podemos suponer que nos están enviando una secuencia de 10 digitos.
Hagamos una prueba. Vamos a hacer el telnet, y en otro terminal, con un nc vamos a visualizar la secuencia de caracteres que nos llegan en el paquete UDP:
# nc -l -u -p 31337 > /tmp/datos.txt
# cat /tmp/datos.txt
_ _ _ _ _ _ _ _ |_ |_||_||_| | ||_| _|| ||_ |_||_| | | | ||_||_ |_||_|
Vamos a validar la teoría, reformateamos esta secuencia, insertando un CR/LF cada 30 caracteres y… ¡et voilà!
# cut -b1-30 </tmp/datos.txt; cut -b31-60 </tmp/datos.txt; cut -b61-90 </tmp/datos.txt
_ _ _ _ _ _ _ _ |_ |_||_||_| | ||_| _|| ||_ |_||_| | | | ||_||_ |_||_|
Ante nuestros ojos (para esto mejor tener una fuente de espaciado fijo) aparece la secuencia numérica, en este caso, 6894178206. Ahora bien, únicamente nos queda resolver un pequeño “problema”. La recepción del paquete UDP, decodificación de la secuencia y envío de la contestación debe, de alguna forma, automatizarse para poder realizar toda esta secuencia de pasos dentro del timeout que cierra la conexión, o bien ser muy rápidos cambiando de un terminal a otro y tecleando el código :)
Por cierto, recordad que cada vez que nos conectamos la secuencia numérica cambia, por lo que no vale eso de conectarse, capturar y decodificar, volver a conectarse y dar como respuesta el código enviado en la conexión anterior… el malvado diseñador del reto nos obliga a programar para automatizar la decodificación, jeje ;)
Hacemos el programa, se conecta, decodifica la secuencia, la devuelve y… ¡mierda! esto aún no ha terminado, obtenemos nueva información en nuestro terminal ;)
Access Granted!
Your code is correct, use it to select the right characters and get the passphrase ;)
0 1 2 3 4 5 6 7 8 9 0 M V U S H c C s L D 1 L T J r U X d P o p 2 m Y O o q t A N j d 3 A x h W e q A s k N 4 A O j J q F g V X i 5 O N K f D F c F S N 6 S U M B r g r t H f 7 J c e s l W B V t Y 8 L M n S r r Z V x u 9 k T Q w W L L P H L
NO CARRIER
La conexión se corta tras presentar esta matriz de caracteres. De nuevo, con cada conexión tanto el código numérico como la matriz de caracteres que se obtiene al devolver el código correctamente cambia. la passphrase del nivel está oculta dentro de esa matriz de caracteres, así que parece que hay que seleccionar la secuencia de caracteres correcta para obtener la passphrase alfanumérica del nivel, y así continuar con el siguiente reto.
¿Qué coordenadas elegir?, ¿qué fila y columna seleccionar y en qué orden?… Parece lógico pensar que el código numérico y la matrix están relacionados, además ambos cambian con cada conexión. La matriz de caracteres además viene indexada del 0 al 9 tanto para filas como para columnas… ¿y si el código numérico nos indica la fila y la columna de cada caracter de la passphrase que buscamos?
Siguiendo con el razonamiento anterior, y tras algunas pruebas fallidas hasta que damos con la lógica del maquiavélico diseñador del reto ;) damos con la solución. Cada digito del código indica la columna que se debe seleccionar en cada una de las filas, y esto nos permite extraer los caracteres de la matriz. En este ejemplo concreto, los caracteres correctos son los correspondientes a las posiciones:
Caracter 0 = Fila 0, Columna 6 => C
Caracter 1 = Fila 1, Columna 8 => o
Caracter 2 = Fila 2, Columna 9 => d
Caracter 3 = Fila 3, Columna 4 => e
Caracter 4 = Fila 4, Columna 1 => O
Caracter 5 = Fila 5, Columna 7 => F
Caracter 6 = Fila 6, Columna 8 => H
Caracter 7 = Fila 7, Columna 2 => e
Caracter 8 = Fila 8, Columna 0 => L
Caracter 9 = Fila 9, Columna 6 => L
La passphrase buscada en este caso concreto es… CodeOFHeLL
Espero que os haya gustado, y a los que la pasastéis en el Hack-It de la Euskal, espero que os divirtiese romper este reto :)
Transmisión #42 de El Geek Errante
El Geek Errante ha vuelto :)
Tras más de un año y medio en “animación suspendida”, los integrantes de El Geek Errante volvemos a la carga, en lo que se podría denominar el comienzo de la “segunda temporada” :)
Los motivos por los cuales se ha producido este corte en nuestras transmisiones han sido tanto de caracter profesional, como de caracter personal, en todos y cada uno de los integrantes de la tripulación. Al final se nos hacía muy complicado el poder preparar y grabar el podcast semana tras semana, con los contenidos y nivel de calidad que le queríamos dar, así que hemos tenido que esperar todo este tiempo hasta que el ordenador central de la nave ha visto que disponiamos de ciclos de CPU suficientes como para poder abordar de nuevo esta tarea con garantías y nos ha sacado de nuestro estado de ibernación :)
En esta segunda temporada, el formato se mantendrá casi sin variación respecto a nuestras transmisiones previas y la periodicidad es la que pasará a ser mensual en vez de anual. Lógicamente las noticias que demos no serán tanto de actualidad, como antes, y pasaremos a tratar temas más “atemporales” en lo relativo a noticias, y por supuesto mantendremos nuestro formato de monográficos-tecnológicos de las cosas que nos gustan y que sabemos que a vosotros también os interesan ;)
Pues nada… que aquí estamos de nuevo. Agradecer a todos los que durante todo este tiempo habéis insistido en que grabásemos de nuevo, nos habéis preguntado, animado… ¡muchas gracias!
[ ADVERTISEMENT MODE: ON ]
Disponible la transmisión #42 de tu podcast favorito: El Geek Errante.
[ ADVERTISEMENT MODE: OFF ]
Reuniones SYNACK en Medialab-Prado
Durante el pasado mes de diciembre, en el Chaos Computer Congress de Berlin, estuve tanteando, entre los madrileños que por allí nos juntamos, qué les parecería la posibilidad de que nos viésemos una vez al mes y organizásemos una reunión periódica, de caracter totalmente abierto, para tener un punto de contacto en donde conocer gente con intereses comunes, intercambiar ideas y aprender unos de otros.
Yo personalmente echo en falta en Madrid movimientos de hackspace serios, en locales multipropósito que permitan dar charlas o talleres en condiciones (con sus sillas, sus mesas, su proyector, sistema de audio, una pizarra, etc.) donde poder tener quedar periódicamente a charlar, y donde podamos dar rienda suelta a nuestra curiosidad e imaginación en proyectos comunes.
Con esta idea en mente me pongo a maquinar, junto con mis cómplices Jose Angel y Mario, la idea de las reuniones… las bautizamos como SYNACK Meetings, acordamos que tendrán lugar el último domingo de cada mes, y pensamos que un buen sitio para celebrarlas es el Medialab-Prado de Madrid, que ya conocemos de algún otro evento al que hemos asistido.
El pasado viernes nos acercamos por allí los tres a hablar con Marcos y Laura, responsables de planificación y contenidos de actividades del Medialab, y a quienes ya les habíamos pasado por mail nuestra propuesta hace un par de semanas. La idea parece que ha cuajado y ya es oficial, las reuniones SYNACK tendrán lugar cada último domingo de mes, de 11:00 a 15:00 en el Medialab-Prado. La primera reunión tendrá lugar el último domingo de abril, el día 29 :)
Todas las reuniones comenzarán con una o dos charlas, de entre 45 minutos y una hora de duración cada una. Después de las charlas, podremos conocernos, charlar e intercambiar ideas entre nosotros en el espacio abierto que se abrirá a continuación.
El objetivo es tener una agenda de charlas definida para cada una de las reuniones, y que la gente se anime a participar, a dar sus charlas y a ofrecer su conocimiento a los demás.
Ilusión no falta… y lo fácil ya está hecho, ahora biene lo dificil, que la gente se anime a participar, ya sea asisitiendo ya sea colaborando activamente… ¡animáos!
En breve pondré más detalles sobre el wiki donde tendréis toda la información de las reuniones, fechas, agenda, material de las charlas, etc.
Por cierto, gracias desde aquí a Julio, complice mio también de Geek Puzzle, por el logo que ha hecho para las reuniones… ¡eres un figura! :)
CACert Signing Party
En un par de días, el próximo miércoles 14 de enero, tendrá lugar en el Medialab-Prado de Madrid una signing party organizada por la comunidad CACert. El objetivo de este tipo de reuniones es certificar presencialmente la identiddad de los propietarios de claves para de esta forma ir aumentando la red de confianza.
Para los que no lo conozcan, CACert es una CA gratuita, gestionada por la comunidad en vez de por una entidad pública, como podria ser la FNMT o por una empresa privada, como podría ser Verisign.
Estas signing parties, como la que he comentado del próximo miércoles, tienen el objetivo de darle validez a tu clave, ya que la identidad del propietario es comprobada presencialmente, por los denominados “notarios” al tener que presentar un par de documentos de identidad (por ejemplo, DNI y pasaporte).
Una vez que tu identidad ha sido validada, te conviertes en un usuario “de confianza” de la red de confianza de CACert. De esta forma, con el tiempo, puedes actuar como “notario” validando la identidad de otros usuarios.
Desde luego, este mecanismo de validación de identidades tiene numerosas ventajas desde el punto de vista del usuario que va a hacer uso de la clave pública de alguien para enviarle información privada, ya que si confia en el anillo de confianza de CACert, podrá hacer uso de la clave confiando en que pertenece al legítimo propietario.
Por otro lado, un certificado SSL validado de esta forma siempre será mucho mejor que un certificado auto-firmado, donde no se ha pasado ningún mecanismo de validación. La única pega, en este aspecto, es que los certificados raíz de CACert no han sido incorporados aún a los navegadores de uso común, es decir, Firefox, Safari, Opera, etc. La inclusión del certificado raíz de CACert en Mozilla no parece tarea sencilla y el cumplir con los requisitos de Mozilla puede llevar varios años, aunque entiendo que terminará siendo incluido, con lo que desde ese momento un certificado de este tipo será perfectamente válido y mucho mejor que un certificado auto-firmado.
25th Chaos Communication Congress (25C3) #4
We had a hard time getting up on last day morning, too much fun the previous night :) I didn’t want to miss Luciano’s talk about the infamous OpenSSL bug in Debian. We got there early so we took this opportunity to buy this year’s hoodie, why the hell the larger size was an L I need XL :( Please, take note for the next year! Get XL, we’re usually big men!!! ;)
Well, let’s focus… :) Luciano’s talk was awesome! We had a lot of fun regardless of the fact that all of us knew the details of the bug. All the case of use were explained with a live demo, even with the hostels booking site www.hostelworld.com that is currently using a vulnerable certificate as were showed using the SSL blacklist Firefox add-on (based on the modulusblacklist.org DNS check or the 60MB locally installed database file).
We made the mistake of going to the “crafting and hacking” talk, it’s not because the talk wasn’t fun, it’s because when we tried to go to the SSL talk, we found around 20 people waiting in the entrance doors to enter the hall, after a while the organizers told us that it was packed and no more people were allowed inside :(
It’s worth to watch the video as those people has demonstrated how to exploit the collisions in the MD5 hash algorithm used in the SSL certs to generate a rogue intermediate CA certificate and sign other certificates that are took as valid by the web browsers. As a curiosity fact, all the CA exploited was rapidssl and all the computing power for the MD5-collision magic was performed using a cluster of 300 PS3 during 2 full days. Read about it, it’s a must.
25C3 was over, I can say that it was the best of all years, I had a lot of fun! and I met a lot of new people not only from Spain, but from Portugal, Germany and Austria too. These 4 days spent really fast, I went back to home with a new picklock set and a DECT card to play with ;) as well as a new project for this new year, to set up monthly meetings in Madrid, to give short talks, participate in nice projects, exchange useful information, open some locks :) or just meet and talk with all the fellow hackers out there that fancy come along.
I’m just looking forward to the next CCC, but until then… Happy Hacking! :)
25th Chaos Communication Congress (25C3) #3
3rd day in Hacker’s Valhalla :)
There’s no doubt about the first talk we’ll attend, “Running your own GSM Network” by Harald Welter and Dieter Spaar. I’ve seen other Harald’s talks, and I’ve to say that he’s a serious hacker, and all his talks are really interesting. This year wasn’t the exception, and the talk about how to build your own GSM network was really cool. They had bought a GSM base station in ebay and during several months of reverse engineering they got all the hardware stuff working. After that, they started coding their own software to run a mini-GSM network with that BTS. The results were amazing. During the talk they performed short demo where we saw their “10101″ network name in our cell phones :) meanwhile they were able to monitor all the GSM traffic from/to our phones, as voice calls, text messages… simply cool!
The chances are endless, if you have the 5k-6k euros that all the hardware stuff cost, you can setup your own network. Think about MiTM attacks where you impersonate another GSM network using your our BTS, or SMS spam attacks, or simply the monitoring of the radio network to collect IMEIs.
At the end of their talk they proposed to build a private GSM network for the next CCC, using a temporary demo license, our own 26C3 GSM Network, isn’t cool? :)
Next talk was about the crypto methods used in the eVoting systems, their leaks and the viability of use them in general elections. It was very interesting, and I was surprised how easy would be to fake a vote or the entire election result if some of that crypto methods are used by the public. The conclusion is that maybe we haven’t the right crypto tools to insure the reliability of an elections right now. The paper ballots in the transparent ballot vox, and the manual vote counting with the volunteer witnesses is the best way… will be able to perform that process in a secure way in the near future? Let’s see…
More crypto stuff in the “An introduction to new stream ciphers designs”. This talk was a review of cypher algorithms participating in the eSTREAM contest.
After a short break to have a couple of beers ;) I attended the full malware session with to great talks, first “Sqeezing attack traces” and afterwards “Stormfucker: Owning the Storm Botnet”. I freaked out with the stormfucker talk, what these guys have done is awesome. They’ve analyzed the storm botnet trojan, figuring out how it works, breaking the crypto as the communication channels with the C&C servers… and once they have “owned” the trojan ;) they have thought up a plan to shutdown all the botnet using the update feature of the trojan software. They can impersonate a C&C server as they know how the trojan search for some file hashes in the P2P network, those files contains the IP addresses of the C&C servers, therefore they can force the clients to connect to their server, sending to them the update command, and delivering an executable that cleans up the malware from the infected client. The demoed the procedure using the calc.exe executable as the payload for the update command, and it worked as a charm. Nice work! now it remains to be seen who dare to shutdown one of the biggest botnet networks used by the underground mafia for banking fraud and spam sending.
After that I jumped to the DECT talk that was almost finished, but I was there when they talked about the next Kismet version that apparently will have DECT support and about their software project and its support for the COM-ON-AIR PCMCIA card. It was for sale there for 20 euros, so I got one to play a bit with it and make a DECT-SIP gateway with my Asterisk PBX at home.
Next talk was about NFC (Near Field Communications) phones. Here in Spain NFC is not a very popular technology yet to perform micro-payments in transports (metro, bus, taxi) or to small purchases, some initiatives based on text messages, as mobipay, were totally unsuccessful. NFC is an interesting technology, and some case of use were shown with snack machines or train tickets.
I wanted to have something to drink before going to the Cisco IOS talk, so I missed talk about how to embed malicious payloads on office documents. I was talk that the talk was great but the tools used to embed the malware aren’t released yet. If you have more information on this topic, please leave me a note.
The talk about Cisco IOS rootkits and exploits was awesome. If you’re interested on this topic you’ve to take a look at their blog. A must of all the lazy Cisco network admins out there together with the Defcon slides of FX (Phenolit) on the same topic.
Third day was over… dinner and beers until 4 AM, a short sleep and get ready again for the last day.
25th Chaos Communication Congress (25C3) #2
Second day of congress, yesterday we stand until late and at 4 AM I didn’t feel like writing a long post on the blog about the day, so I’ve posted my first post this evening, sorry for the delay.
Wow! second day! it was cool! Unfortunately the Lightning Talks #1 agenda was empty! :( and I didn’t feel like going to the post-privacy talk, I am more a tech-talk than a social-talk guy :) so I skipped it and went a bit later to the full disk encryption crash course talk by Juergen Pabel. The talk was an introduction to full disk encryption tools as TrueCrypt, just a few ntes about the design of this kind of software but not much internals that was what I expected, so… just a review of products.
Next, attacking rich internet applications. A nice talk about google gears flaws, firefox extensions flaws and several XSS and JS injection tricks. This talk remembered me that I have to read more about all the current status of web development, mainly about all the firefox addons stuff since I’m not up to date of the latest attack techniques of web applications, and nowadays that’s the stuff that is everywhere, web, web, web… as Kaminsky said yesterday, there’s more applications that the web ones! there’s live beyond the web browser! :)
Short break for lunch, and we went straight to the talk about how to audit closed and encrypted PHP code. Stefan Esser talked about how to break encrypted bytecode, which techniques are used to ofuscate the bytecode and how can be reversed, how can this code be analyzed to find exploits without being able of reading the source code. Interesting talk for a person like me that isn’t a PHP coder but that it’s familiar with all that stuff, and it gave me some nice ideas for future challenges of our wargame Geek Puzzle :)
Now, the typical dilemma… which talk must I attend to when you have three interesting talks at the same time? I had to choose between smartphone hardware hacking, security of wireless sensor networks or TCP DoS vulnerabilities. OK, not so hard really… let’s go for the TCP one! :) as a network administrator, IP networks are “my world” so it’s worth to miss the other two, moreover I was really curious about the details of Outpost24 sockstress tool, the new devastating-low-band TCP DoS tactic, I already wrote about it, and it had been really interesting to attend a talk of Jack and/or Robert about their TCP stress tool so I attended the TCP DoS talk by Fabian Yamaguchi, but at the end the talk was a bit simplistic :(
I expected a high technical analysis of the last TCP DoS stuff half-disclosed by the Outpost24 guys but the talk was just a summary of old-school TCP DoS techniques (SYN flood, connect flood, rst attack, ACK messing to alter the RTT and the sending window…). Only one slide for the theoretical sockstress attack based on the size 0 sending window issue… well, I expected more :(
Despite I’m also interested in robotics, and the scalable swarm robotics talk sounds promising, I decided to attend the short attention span security, where Ben Kurtz talked about a lot of security issues that he finds working as a security consultant in Seattle. What a funny talk! He talked about an assorted set of subjects like WEP cracking with a small independent ITX board fully controlled through a web interface for the iPhone, FLEX code injection, EFI rootkits (nice topic this one, uh?)… check it out his site, lots of information about all thos subjects on his site.
Next, the talk banking malware by Thorsten Holz. It was a good summary of how a banking troyan works, which types are, which are the most common ones, and how the security researchers study those pieces of malware using sandboxes, to execute them without risks and know where they connect to and what protocols use to send the stolen data to the control servers. They got access to several central servers where the malware drops the stolen data, so they could generate some interesting statistics about which targets were more attacked, from which countries and how many users, passwords, credit cards numbers and that kind of private stuff were stored on those servers. He gave us some figures of how much money can a malware writer gain if they send all this information to mafias, a lot of money as you can imagine. Check it out the slides for the details, it’s worth it.
A new dilemma… funny pentesting techniques or Nintendo Wii hacking? My hacking side won again :) to finish the day, a funny talk by Francesco Ongaro, titled “tricks that makes you smile” :) well, a thing it’s true, that guy had make us smile :) the talk was funny despite of the Francesco’s “broken english” :) He revisited severa well known old-school tricks like icmp redirections and arp poisoning. Did a demo about extraction of a full database using sql injection tricks, some sudo tricks taking advantage of the password caching feature of sudo and a funny demo about how to hide information in html pages using silly tricks like foreground and background of the same color… it was funny, for sure :)
After that, we’ve dinner in our favorite italian restaurant, with a couple of new friends. Photos will be in flickr, be patient, I forgot my camera cable in $HOME :) We decided to create a mailing list to stay in contact after the con and maybe participate in some proyects.
By the way, I got a tool set from the people of lockpicking.org, more about this in future posts.
The second day is over :( the time here pass so fast, tomorrow is the third day of congress, and there’s a lot of interesting talks scheduled… more info tomorrow.
Happy Hacking!
25th Chaos Communication Congress (25C3) #1
First day in Hacker’s Paradise :)
This year CCC has just begun, a lot of people in the main conference room, John Gilmore on the stage. He talks about the title of the conference of this year… “nothing to hide”, well everyone has something to hide, he says that is just “bullshit” :)
He threw out some interesting questions to the people, what are you doing to be free? what are you doing to protect your privacy? what are you doing to prevent governments and big sites like google from spying you, from recollect all kind of information about you and track all our movements on the net and on the real world? some people types the URLs on the search box of google instead of using the url bar of the browser, is that the way? are you aware of the tracking techniques that telcos use on their customers? what about the RFID issue?
We know and understand the technology to protect ourselves, the tools to protect our privacy, but we don’t use it. Why the most of internet traffic is still in clear text? why crypto is not a well known subject and its use isn’t as widespread as it should be between all computer users? We’ve crypto that NSA can’t break, but we still send mails in cleartext… that’s the point.
It was a nice talk about privacy, cryptography and about what a single citizen has to do to remain anonymous, to remain unknown from the big brother eyes.
Next, jump to the PLC talk. It didn’t go as deeply as I had liked, it was a brief introduction to PLC technology, a review of available PLC hardware and their features, as to the FAIFA software. I expected a live demo of the tools, maybe some traffic sniffing and injecting, some hands-on demo about the crypto stuff, or a demo of how to use the tool for PLC security audit in the wild, but none of this happened, so I was a bit disappointed with this talk. Interesting, but not as technical as I expected, apart from that the vulnerabilities based on a unique “broadcast domain” of the electrical network in the houses, is not widely applicable because, at least in Spain, the power networks of the houses are isolated one each other, from the electricity meters located in the house basement, to the inner electrical installation in each apartment. Anyway, nice talk as an introduction to all the PLC stuff, maybe I’ll write a longer post about the FAIFA tool when I have the time to download and play a bit with it.
Here in Spain, where I live, the PLC was actively deployed and tested 2 or 3 years ago, but it never was a winner in the high competitive broadband Internet access market, DSL and cable were, and currently are, the mainly options, PLC died silently after several months of tests between selected groups of users.
The talk about the payment systems in UK using the pin&chip cards by Steven J. Murdoch was very interesting too. I attended last year talk about the relay attack, and this was a sort of continuation. This time the talk was focused on how to tamper with the PED (Pin Entry Devices) to record all the customer information. I recommend you to watch the BBC video… it’s really funny :)
I had liked to attend the hackerspaces talk, as I’m very interested in arrange a kind of geek meetings in Madrid, maybe in a cool place like the Medialab, and the feedback from the people of hackerspaces all around the world is very valuable.
After that, my first thought was to attend the wearable computing talk, but when I arrived there after lunch, it was jam-packed with people, and it was completely impossible to stand there and just hear the talk, so I decided to go to the fingerprinting of RFID talk. Well, I’m not a hardware guy, so I’ve to admit that this talk was a bit tough for me as it was focused in the techniques used to attack the RFID systems present in passports and driver licenses, but only at the physical level, ignoring all the cryptographic complexity built at higher levels. The work presented were focused on sniffing, cloning and emulation of RFID devices… well to much for me at this time :)
From there, we jumped to the talk of Gadi Evron, about the Estonia and Georgia security incidents, and other worm related incidents, as the facebook one. How a global incident has to be handled? are we ready to handle global attacks? are local CERTs really useful? Well, the talk was very informational, and Gadi made it very funny, regardless somehow he was a bit rude with some of the people that asked him questions :)
The chip reverse engineering talk was cool, the procedures to reverse engineer a chip from beginning to end were explained, and if you are not a hardware guy, talks like this one are pretty enlightening since the way these guys break the crypto algorithms are awesome. They begin polishing the chip from the outside to the inside, layer after layer, until they get all the logic in front of their eyes. With the help of microscopes, they take photos of all the components, and get the routes between them automagically with specialized software tools. With all this info they can get how the chip works and break the crypto algorithms that are implemented on it, seeing how they are built from the logic gates and basic electronic components. Those crypto algorithms, specially if they are private and non-standard obscurity-based crypto algoritms, are broken from this point, seeing the low-level implementation in the chip. The security by obscurity thing is not a good idea when you have these guys messing around with your chips, a great talk that had to last at least 2 more hours :)
Then a short break, and severals beers after, we attended three cool talks in a row. First the idev-team explained all the path that they follow since the release of the iPhone until they broke it completely. All the reverse engineering and analysis of the device is amazing, how they found all the design flaws that allowed them to own the iPhone ;) Hey! that guys are my heroes, thanks for the pwonage tool ;) Unfortunately I don’t have the superpower of ubiquity :) so I coudn’t atend the MSP430BSL cracking talk, the documentation about this talk looks very interesting, I’ve to watch the video, there’s no doubt about it.
Next, Jacob Appelbaum talked about the cold boot attacks. When they published their work some months ago, I tested it in several systems, and found all this stuff really interesting, mainly the possibility of force the reboot of a remote system using a malformed WoL frame, for example, then the system will boot using a minimal PXE image that you can provide from another system in the network, the target will dump the memory to the network, from where you can get it sniffing the broadcast frames, and after that it’s time to apply the crypto-key searching algorthms that they implemented too. The talk was all about that, not new info just the well known info that it’s published, but really cool and very funny as Jacob told the audience some really funny anecdotes. It’s worth to watch the video too :)
After that, the so expected talk of Dan Kaminsky, the showman of the security cons… all the DNS stuff on the very pure Kaminsky style :) the talk was not the same from the blackhat or the defcon, was about all the DNS bug thing and how an incident like this was coordinated and handled by Kaminsky, Vixie and all the ISPs and companies involved in this wide-scale patching effort. The talk was focused on the SSL X.509 certs problems and the Debian OpenSSL bug, the SNMPv3 bug and… wait for it… how to make a covert channel using the size parameter in the IMG HTML tag… Kaminsky, the covert-channel-man strikes again! :) Not more to say, a funny and tech talk to finish the day.
A fast dinner in the train station and back to the hostel, where I am now writing this post and having a beer… more in a few hors :)