by RSS Axelle Apvrille  |  Oct 14, 2015  |  Filed in: Security Research

I'm back from Hacktivity 2015, a big hacking and industrial event in Budapest (Hungary), where I was presenting an update of my research on the Fitbit Flex tracker (slides). It seems several people in the audience were wearing a sports wristband ;)

Fitness Trackers at my talk at Hacktivity

For your information, I will be presenting on the same topic at Hack.lu next week, but let's say 70% of the presentation will be *different* as I am not focusing on the same aspects.

Tamas Szakaly - Shall we play a game?

Tamas gave an interesting and original talk on the eventuality of being hacked while playing an online game. Indeed, several games provide mods (mostly for cheating), but those mods also come with dangers because they may provide access to your host (weak sandboxing, read/write to filesystem etc).

Tamas Szakaly at Hacktivity 2015

It looks like Tamas gave a similar talk at DEFCON this year. His slides are available here.

Zsombor Kovacs -  Semi-automated mapping of iOS binaries

I enjoyed this talk very much and will be looking forward to the slides.
Zsombor provided reverse engineering tips for iOS applications. What if the application detects jailbreaking and we want to patch it so that it works on a jailbroken device?
The solution relies on a creating a mobile substrate extension that hooks all the apps jailbreaking detection spots.

Zsombor Kovacs at Hacktivity 2015

Zsombor masters iOS development and analysis. I found an earlier talk of his at Hacktivity 2012.

Other talks

Attila Marosi gave a well-received talk on Hacking Team malware. Unfortunately, the talk was in hungarian. Though it was live translated to English, I was more difficult to follow, but I'm happy to see I'll meet him again at Hack.lu

Gabor Szappanos discussed "AV" testing. Except this time, it wasn't about testing AV products, but testing skills of malware authors! I like the idea. He detailed the skills of authors using the CVE-2014-1761 vulnerability. I hope the slides will be available soon.

Omer Coskun talked about the impact of Regin in a telco network. I had to fly back before the end, but the talk seemed to have content, especially on how to dissect SS7 network packet captures.


Links

Leisure

As many other hacking conference, Hacktivity offered a hardware hacking and a lockpicking space. On Saturday, there were also several activities for kids. In particular, the school-age kids were having fun trying to launch a rocket using scratch. I also noticed an intriguing title on one host "The Revenge of the Kid" (or something like that). Other kids were playing with NXT robots.

Meanwhile, teenagers or adults were certainly having fun at Fortinet's booth with 4 arcade flippers. It was so much fun :)

Fortinet's booth featuring 4 arcade flippers :)

Wargame

There were 2 wargames at hacktivity. A so-called beginner's one, and an advanced one.  I started with the beginner wargame, where I managed to rank correctly although only working at it occasionally. To speak my mind, I found the challenges a bit strange and did not very much appreciate the references to sex. Also, a couple of challenges probably required some basic understanding of hungarian. The advanced game looked more fun, and I should have shifted earlier.

Here are a few spoilers for the beginner wargame.

We were given a MP3. The Unix 'file' command declared it as a MP3, and 'strings' did not find anything interesting. However a simple hex dump revealed an important information:

00000010  00 40 00 00 01 00 00 00  ff fe 00 00 ff fe 52 00  |.@............R.|
00000020  4f 00 54 00 31 00 33 00  3a 00 75 00 72 00 68 00  |O.T.1.3.:.u.r.h.|
00000030  65 00 72 00 78 00 6e 00  75 00 72 00 68 00 65 00  |e.r.x.n.u.r.h.e.|
00000040  72 00 78 00 6e 00 75 00  72 00 68 00 65 00 72 00  |r.x.n.u.r.h.e.r.|
00000050  78 00 6e 00 54 50 45 32  00 00 00 17 00 00 01 ff  |x.n.TPE2........|

So, we simply applied rot13 on the text 'urherxnurherxnurherxn'.

Another one provided a long latin text:

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Nunc varius urna sed pede. Suspendisse sit amet lacus. Vivamus consectetuer fringilla ligula. Nunc metus lorem, pretium adipiscing, sollicitudin nec, ultrices quis, nulla. Phasellus nec nulla a eros adipiscing ultrices.

And the challenge consisted in find "the" word that singled out from this text. So, I counted word occurrences in the text with this shell one-liner:

$ cat onlyone.txt |  tr [:space:] '\n' | grep -v "^\s*$" | sort | uniq -c | sort -bnr

     1 vehicula.
      1 ultrices,
      1 suscipit.
      1 scatterbrained
      1 odio,
      1 fermentum.
      1 blandit.
      1 auctor.

I didn't have much doubt the word would be 'scatterbrained'.

-- the Crypto Girl

 

by RSS Axelle Apvrille  |  Oct 14, 2015  |  Filed in: Security Research