- Added a link to FX and Greg’s “Hacking [Redacted] Routers” to the day 3, part 2 post. (By the way, the messages on those fortune cookies? Real Huawei router messages.)
- Added a link to a blog post by Moxie Marlinspike summarizing the presentation he gave with David Hulton (Pico Computing) on “Defeating PPTP VPNs and WPA2 Enterprise with MS-CHAPv2“. Moxie’s post includes the sexy, sexy diagrams of MS-CHAPv2 handshaking and does a better job than I did of explaining how the problem reduces to attacking 256 DES keys.
- Added a link to Philip Polstra’s blog entry on his “Bypassing Endpoint Security for $20 or Less” which includes links to the slides and his code.
- Here’s a link to the “Hacking the Google TV” presentation, which I missed. There’s also a GTV Hacker blog, and a GTV Hacker wiki.
- Here’s a link to Anarch and Omega’s “The Darknet of Things, Building Sensor Networks That Do Your Bidding” presentation. I was curious about this one, but it was opposite “Busting the BARR”. I note, however: “NO ARDUINO!”
- Link to Ryan Reynolds and Jonathan Claudius’ presentation, “Stamp Out Hash Corruption! Crack All The Things!“, another one I missed due to a schedule conflict.
DEFCON 20 updates.
August 1st, 2012Yes, we have more bananas.
August 1st, 2012…
Obstruction? “deliberate failure to produce documents”? “…callous disregard for her staff and the resources entrusted to her by the American people”? And she gets a reprimand?
You’re doing it WRONG!
August 1st, 2012(Video of the “high-speed chase” at the link.)
Banana republicans watch: August 1, 2012.
August 1st, 2012Tyrone Freeman used to be the president of Local 6434 of the Service Employees Industrial Union (SEIU).
Then things started happening. The LAT did a series of reports on Freeman’s spending as head of the local. The federal Department of Labor, the FBI, and the IRS started investigating.
And now Freeman has been indicted on 15 counts:
Oddly enough, I see no mention of strippers. Freeman was apparently big on cigars and cognac.
Yeah, Hawaii is nice and all. But, dude, the Pro Bowl? Seriously?
Quote of the day.
August 1st, 2012Noted for the record.
August 1st, 2012The two NSA pamphlets I mentioned previously, “Solving the Enigma – History of the Cryptanalytic Bombe” and “The Cryptographic Mathematics of Enigma” are available from the NSA website as free downloads, along with quite a few other publications related to WWII cryptography. There are also publications available on cryptography in other eras: Korea, Vietnam, Cold War, etc.
I personally like having the printed versions to have and to hold (and you can request them by email), but this is a gold mine for the impatient person who really wants to know the “History of the Cryptographic Branch of the People’s Army of Vietnam 1945-1975“.
Bring the NYT the brown trousers (and other random notes for August 1, 2012).
August 1st, 2012Last year, NYC sold 28,000 pounds of spent brass to Georgia Arms, which reloaded the casings and sold re-manufactured ammunition.
Not surprisingly, the NYT has issues with this.
Meanwhile:
More:
“It’s not working! Do it harder!”
Interesting:
This appears to be a breaking story:
Obit watch: August 1, 2012.
August 1st, 2012Noted author and William F. Buckley foe Gore Vidal. (NYT. LAT. WP. No A/V Club yet: when they post it, I’ll add it here.)
After action report: Las Vegas, NV 2012.
July 31st, 2012I don’t have much new to report as far as equipment, but I do have a couple of notes on existing stuff. DEFCON for the past few years has run a “secure” network using MSCHAPv2 authentication.
- This worked fine on the Kindle Fire. I was able to log in and browse whenever the network was working. However, there seems to be some sort of bug in the Kindle Fire: after a certain amount of time, the wifi setting on the Fire would either stop responding completely (on/off switch wouldn’t do anything) or would immediately crash (with an error message) as soon as I tried to open the setting.
- The default Network Manager on Ubuntu 12.04 would not connect to the “secure” network at all, but just constantly brought up the authentication prompt. Google turned up more than a few reports of Ubuntu issues with Network Manager and MS-CHAPv2 authenticated networks, so it seems this is a known issue. I worked around this by downloading and installing wicd, which was able to connect. However, wicd does not appear to save network settings, so every time I wanted to connect to the network, I had to re-enter the configuration.
(In general, I’m seeing more and more problems with project e and Ubuntu 12.04. I suspect some of these may be issues caused by doing several upgrade installs in succession, so I may try doing a backup of /home, reformatting project e, and doing a scratch install and restore of 12.04.)
Food: I had excellent meals at Lotus of Siam (the sea bass drunken noodles) and at Piero’s Italian Cuisine, which is a very old-school Italian restaurant near the convention center.
That was some swell osso bucco. And I don’t think I paid much more for it than I paid for osso bucco at Ciola’s when they were still open.
I also broke with one of my rules and went back to Shabu Shabu Paradise again. In my defense:
- I really like these people and want them to be enormously successful.
- I haven’t been there since my last trip with Andrew and Mike the Musicologist.
- I kind of have a tiny little crush on the waitress. Who, by the way, recognized me from my previous visits, even though I was clean-shaven last time. (I think she’s married to the chef, so nothing’s going to come of that.)
I also had a good meal at Mint Indian Bistro, and very good breakfasts at Blueberry Hill on Flamingo and The Egg and I on Sahara. (The rule doesn’t apply to breakfast, as it is very very hard to find good breakfast places that aren’t casino buffets, Denny’s, or IHOPs in Vegas. If anybody does have a recommendation for a good breakfast place in Las Vegas, please feel free to drop it into the comments.)
I’ve been driving past Hofbräuhaus Las Vegas for years now, considering giving them a try and then not going after all. This time, thanks to Tam inspiring a German food craving in me, I thought I’d give it a shot. The verdict: meh. It wasn’t a horrible meal. The service was pleasant and efficient. But it seemed like I paid a fair amount of money for pretty average food. Walburg is better and cheaper and really not that bad a drive if I go there from work. (You’d be hard-pressed to spend $50+ at Walburg without either being too full to move or too drunk to drive.)
I drove past Flavor Flav’s House of Flavor several times (it is very close to my preferred ATM in Las Vegas, which, in turn, is far enough away from DEFCON that I’m not any more paranoid than usual about using that ATM), and I regret not getting a photo.
I did get some photos (but they didn’t come out well) of “Lynyrd Skynyrd BBQ & Beer“. BBQ and beer? I can haz both?
(By the way, I was never offered a full can of soda on any of my Southwest flights. But I did get a full can of drinking water between PHX and AUS.)
Thanks to: Everyone at DEFCON 20 (staff, goons, presenters, and attendees), the folks at Shabu Shabu Paradise, Lotus of Siam, the Egg and I, Blueberry Hill, and Mint Indian Bistro, the Mob Museum, Amber Unicorn Books, Greyhound’s Books, Borepatch for linky-love, and anyone else I missed.
Banana republicans watch: July 31, 2012.
July 31st, 2012I apologize: things were so hectic while I was away that I kind of let the banana republicans slip. I don’t think there was much that went on while I was in Las Vegas, anyway. But now that I’m back…
…this LAT story is kind of confusingly written, but it looks like Angel Perales of Cudahy, the “former head of code enforcement”, has pled guilty. Osvaldo “Bimbo and the Badge” Conde and former mayor David Silva are pleading Thursday.
Perales could receive a maximum sentence of 30 years in prison and a $500,000 fine.
And Louis Byrd and Fernando Pedroza, former council members in the city of Lynwood…
According to the LAT, this was the first test of this argument, but the LA County DAs office is expected to use this same approach against the city officials in Bell. Also:
Strippers. Always with the strippers.
Quote of the day.
July 31st, 2012“I am a martini man, myself. Over six weeks we used up forty-six bottles of gin and a little less than half a bottle of vermouth. I like martinis dry.”
—Robert Ruark, Horn of the Hunter
(In case you were wondering, 46 bottles over six weeks works out to seven and 2/3rds bottles a week, or a little over a bottle of gin a day. That’s split three ways, though: Ruark, his wife, and their guide. Figuring 750 ml bottles, that’s close to 9.2 ounces of gin a day each. Ruark mentions at one point that they kill the bottle with three drinks each, so that’s something like three ounces of gin per drink. Plus unknown amounts of beer and brandy.)
(I enjoy reading Ruark. I wish more of his work were still in print; I found Horn at one of those used bookstores in Vegas, and spent downtime during the trip reading it.
But I get a funny feeling whenever Ruark talks about drinking, like in the last two chapters of The Old Man and the Boy, or as he does a few paragraphs later in Horn: “I can drink two bottles of wine at lunch in Rome or Paris or Madrid, top it off with three brandies, and feel marvelous all day. A glass of wine at lunch, two glasses at dinner, in New York, would keep me in bed with the miseries for half a week.”)
(This is, of course, a man who would die at 49 of “complications of cirrhosis of the liver”.)
Obit watch: July 31, 2012.
July 31st, 2012Chris Marker, filmmaker perhaps best known for his short “La Jetée”.
DEFCON 20 notes: day 3, part 2.
July 30th, 2012Where were we? Oh, yes: The Day of the Router.
(That’d be a good title for a movie. Maybe one about penetration testers. Hmmmm…a pen tester accidentally finds a vulnerability in the wrong system, and the bad guys want to shut him up?)
But I digress.
First in our router trilogy is Michael Coppola‘s “Owning the Network: Adventures in Router Rootkits“. (First link goes to his blog, second link goes to the presentation.)
Coppola has been working on altered versions of firmware for popular routers: “altered” in the sense that the firmware contains useful exploits. (‘But how do you get the firmware on the router?” Well, there are well known cross-site scripting attacks on router configuration pages: as I recall, that was the subject of a DEFCON presentation, but I don’t have time to dig out which one right now. When I get back, I’ll add a link. In addition, how many people leave their router login/password set to defaults? Too many.)
Coppola specifically attacked these routers:
- Netgear WNR1000v3.
- Netgear WGR614v9.
- Belkin FD57230
- Trendnet TEW652BRP 3.2r
And there’s a simple five-step process:
- Profile the firmware image (basically, that means breaking it apart and figuring out what goes where) using a tool such as binwalk from devttys0.
- Extracting out the individual parts (like the router file system: Coppola has a good story about getting unsquash.fs out of Netgear)
- Deploy your exploit payload.
- Repack everything.
- Update the firmware metadata.
How much would you pay for all this? But wait, there’s more! The end result of Coppola’s work is rpef, a framework that automates much of this process. You point it at a firmware image, tell it what exploit you want to use and where to save the modified image…and it generates a new firmware binary for you, ready to upload to your favorite router. Isn’t that a clever cleaver?
(At the moment, rpef only supports a limited number of routers. I suspect if this takes off, the number of supported routers in rpef will expand dramatically.)
Second up on the router hit parade was FX with “Hacking [redacted] Routers“. The [redacted] in this case is Huawei, a large Chinese manufacturer of routers, and the short version of this talk is that their routers are crap. They have no known product security group, they do not issue security advisories, the quality of their code is poor, important ports (SSH, FTP, HTTP) are open by default (and you can access the flash file system by FTP), their OpenSSH implementation is a rewrite from scratch and is broken…
…and it is possible with a simple script to hijack a remote session to the router, there are built-in functions that allow execution of commands from the command line interface with no privilege checks…
….and there’s a heap overflow bug (which the presenters spent a great deal of time explaining) that allows you root on the router. Whew. I think that just about covers it. Luckily, in my opinion, Huawei routers are mostly used in other countries, and I can’t get very upset about those countries having their routers hacked. (What’s the worst case scenario? Less Chinese spam?)
(I can’t find FX’s presentation, and it isn’t on the DEFCON DVD. I’ll link to it when I can find it. Link added 8/1/2012.)
(Interestingly, these first two router panels were so popular, they had to move FX’s panel to a larger room to accommodate the people who wanted to see it. And I think there were still people who didn’t get in.)
Finally, we have “SQL Injection to MIPS Overflows: Rooting SOHO Routers” by Zachary Cutlip. (Link goes to a version of this talk he gave at Black Hat.)
The short summary here is that Cutlip attacked a specific router, the Netgear WNDR3700 v3. This is a highly popular router: as a matter of fact, WCD uses the v2 version of this router (reflashed with DD-WRT firmware) in our home office. One of the interesting aspects of this router is that it has DLNA support, so you can use it to serve things like music and movies. (It has an external USB port for connecting drives.)
As it turns out:
- As part of the DLNA setup, the router runs SQLite. (Apparently, it keeps a database of album art for DLNA device display purposes.)
- You probably already guessed this, but the implementation on the router is vulnerable to SQL injection attacks.
- You can leverage SQL injection and grab the router’s password file, or other arbitrary files from the running router.
- You can also leverage this to force a buffer overflow and run arbitrary code on the device.
Cutlip’s paper contains example Python code for implementing these attacks.
I totally spaced on the “Hacking the GoogleTV” panel and spent the last few hours trolling the dealer’s room for bargains. I did pick up a few things which I may discuss in more detail later. Or maybe not. It depends.
I don’t have a lot to say about the closing ceremonies, with one exception. DEFCON admission this year was $200: during the ceremonies, Dark Tangent stated that they had intended to raise the cost for this year only, to cover all the awesome stuff they wanted to do for DEFCON 20. Their plan was to roll the price back next year, but Dark Tangent found people were asking them how they were going to top this year…
…and he polled the audience to find out if they thought the $200 was a good value for the money. Overwhelming audience sentiment seemed to be that the $200 price tag was not too high, considering what folks got out of DEFCON. And Dark Tangent seems to be serious about getting Kraftwerk to do a concert next year.
I’m going to wrap things here. In the next day or two, I will probably be doing an after-action report, covering Vegas in general and some additional DEFCON odds and ends. I also will be posting updates as I find people’s presentations online, and as folks put them up.
As always, I welcome comments from presenters. I want to say that this year, I did not see a single panel that disappointed me; I liked every single panel I was able to get into.
Also, I want to make note of a thought from dinner tonight with some friends of mine. This may very well be a research idea for next year’s DEFCON.
So we all know how flash memory works, and that if you do repeated write/erase cycles, you’ll wear out your flash. We also know that manufacturers have implemented wear leveling to get around this.
Questions.
- Is it possible to bypass wear leveling on flash devices? Can you write software that does write/erase operations to specific flash memory locations?
- Can you write software that will do repeated write/erase cycles on flash memory devices and make those devices forensically useless? Similar to the old “three pass overwrite” for hard drives?
I don’t know the answers (as I said, this came up at dinner literally two hours after my plane got in) but it seems like a possible area for exploration. I need to go back through my DEFCON archives, as I have a vague memory of someone doing a presentation on flash memory forensics.
(Also, I’m sorry it took so long to get this post up. I finished about 2/3rds of it in the Las Vegas airport, had a very tight connection in Phoenix (literally running to the plane and arriving just seconds before boarding started), got in, wrote most of the last third, and am now going to have a cold beverage and (I hope) about eight hours of sleep.)
DEFCON 20 notes: day 3, part 1.
July 30th, 2012The secret word for the day, boys and girls, is “routers”.
But first, a couple of pictures for my great and good friend Borepatch:
The Matt Blaze Security Bingo Card. (I hope folks can read it: I took that with a cell phone camera from the front row, so I didn’t have a great angle on it.)
And:
A gentleman in the hallway was kind enough to let me take a photo of his DEFCON Shoot shirt.
Speaking of Matt Blaze…
“SIGINT and Traffic Analysis for the Rest of Us” presented by Matt Blaze and Sandy Clark, and crediting a host of other folks.
For the past few years, Blaze and company have been working on APCO Project 25, or P25 for short. P25 is planned to be the next generation of public safety radio, and is intended to be a “drop-in” replacement for analog FM systems. Cryptographic security is built into P25: it uses symmetric algorithms and supports standard cryptographic protocols. All of this sounds great.
But there are a whole bunch of problems with this.
Encryption in P25 doesn’t work very well a significant portion of the time. There are user interface issues; on some radios, the “crypto” switch is in an obscure location, and the display doesn’t make it clear if encryption is on or off. Keys can’t be changed in the field; changing keys requires loading the radio in advance using a special device, or sending keys over the air (“Over The Air Rekeying”, or “OTAR”, which sometimes doesn’t work).
One important point is that the “sender” makes all the decisions: whether the traffic is encrypted, what encryption mode is used, what key is used, etc. The “receiver” doesn’t get to decide anything. If the “sender” sends in cleartext, either deliberately or by mistake, the “receiver” decodes it, automatically and transparently to the user. If the “sender” sends an encrypted message, the “receiver” first checks to make sure it has the proper key, then either decrypts the message or ignores it (if the “receiver” doesn’t have the key).
I feel like I am cheating a little here, but even Matt Blaze at this point in his talk recommended going and reading the group’s paper from last year, “Why (Special Agent) Johnny (Still) Can’t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System” for additional background.
But wait, there’s more! We have encryption, but do we have authentication? Do we know that the radios on our network are actually valid radios? Heck no! The radios transmit a “Unit ID” which is not authenticated, and which is never encrypted, even if the radio has encryption turned on. Just knowing the unit IDs lets you do some interesting stuff: you could, for example, set up two radios, do some direction finding on the received signals with the user IDs, and build a map of where the users are.
Even better: if you send a malformed OTAR request, the radios treat it like a UNIX “ping” and respond back with their Unit ID, even if they’re idle, and without the user ever knowing.
More: P25 uses aggressive error correction. But there’s a hole in the scheme; you can jam what’s called the “NID”, which is part of the P25 transmission, and render the transmissions unreadable. The Blaze group actually built a working jammer by flashing custom firmware onto the “GirlTech IM-Me”. (That was the cheapest way to get the TI radio chip they wanted to use.) You could use this to jam the NID in encrypted P25 traffic only, thus forcing cleartext on the users…
And even more: the basic problem with P25 and cryptographic security is usability. Every time an agency rekeys, someone is without keys for a period of time. Blaze mentioned the classic paper, ““Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0” and pointed out that many of the mistakes mentioned in that paper were repeated in designing P25.
How bad is the keying problem? Bad enough that agencies frequently transmit in cleartext, due to key management issues. (“NSA Rule Number 1: Look for cleartext.”) How frequently? Blaze and his group, for the past several years, have been running a monitoring network in several (unnamed) cites, recording cleartext P25 traffic and measuring how often this happens. About 20-30 minutes per day, by their estimate, of radio traffic is transmitted in unintended cleartext. And that traffic can contain sensitive information, like the names of informants.
Even if most of the traffic is encrypted, remember that the Unit IDs aren’t. So you’re getting some clear metadata traffic, which at the very least is useful for making inferences about what might be going on. (Zendian Problem, anyone?)
(If you’re monitoring P25 traffic, according to Blaze, the phrase you want to look for is “Okay, everyone, here’s the plan.”)
And what is the P25 community response to this? According to Blaze, the Feds have been very responsive and appreciate him pointing out the problem. The P25 standards people, on the other hand, claim Blaze is totally wrong, and that the problem is with the stupid users who can’t work crypto properly.
(This entry on Matt Blaze’s blog covers, as best I can tell, almost everything that was in his presentation. I haven’t found a copy of the actual presentation yet, but this should do to ride the river with.)
So it is getting late here, and I have to catch a plane early-ish in the morning. I think what I’m going to do is stop here for now, and try to get summaries of the three router panels up tomorrow while I’m waiting for my flight.


