Announcement

Collapse
No announcement yet.

Wireless Contest Announcement

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Wireless Contest Announcement

    Announcing The DefCon 15 Wireless Contest
    (queue Thus Spake Zathrustra)

    Are you a freq-geek? Think your WiFiFu is hot? Get high from sniffing packets on the ether? Think you're a great lover? We can't help you with the last one, but get ready because here's your chance to prove the rest of those outlandish claims to the world.

    Compete in the Wireless Contest, and we can validate you self esteem, at least in the geeky stuff.

    The Wireless Contest, following the format for the past few years, will be a series of "Mini-Contests". You can compete in only a single mini-contest or all of them. We recommend that teams be formed to fill in different skill areas.

    We are allowing a unlimited number of Teams -subject to resources- limited to 3 people each.

    First Place winners of individual mini-contests events get prizes and with a top prize will be awarded for the best overall of the contests.

    A common problem with the Wireless Contest in the last few years, is that some potential competitors felt that they didn't have the skills to even try. As a result, fewer competitors kept signing up. To elevate this, the Wireless contest this year is tied in heavily with the Wireless Village. If you want to compete in the contest, but feel you don't have a needed skill, you can come to the Wireless Village before a mini-contest and learn the needed skill at the one of the Wireless Village's world-famous Breakout Sessions. You walk in having no skills but a willingness to learn, learn a skill in an exciting breakout session taught by an expert, then go out and compete and the beat the pants at those loudmouth teams who said they'd pwn you.

    Learn + Touch = DO!

    If you've been visiting relatives on Mars or otherwise occupied so that you're not reading through the DC Fora and don't know about the Wireless Village, you should look here:

    https://forum.defcon.org/forumdisplay.php?f=326

    The schedule for the Mini-Contests is still being worked out and will be posted here when finalized.

    Now, on to the Mini-Contests:

    WEP Cracking Breakout Session and Mini-Contest

    WEP cracking is so...2002...or is it? This breakout session and mini-contest is especially designed for the newbies whose wireless ability is limited to using your neighbor's open access point! Whether you have never used wireless before (there might be a few of you) or just want to brush up on your skills, if you're interested in WEP cracking, then this breakout session and mini-contest are for you.

    The fun begins in the Wireless Village with a breakout session entitled "WEP Cracking 101." Don't fear if you've never heard of Shamir; by the end of this breakout your Wi-Foo will include Fluhrer and Mantin, too!

    We'll start with a brief history of the 802.11x standards, including the development of WEP. We'll move on to its weaknesses and vulnerabilities, and discuss how to implement attacks. Finally, we'll demonstrate some basic WEP attacks.

    The mini-contest will follow in the Contest area, with a series of WEP cracking challenges. The ultimate goal, of course, will be to recover the WEP key for each challenge. The first challenge might be easy, however, expect a few roadblocks in your quest for succeeding keys.

    ================================================== ===================


    Tiered Wireless Challenge

    Are you prepared for the Tiered Wireless Challenge? After the practical wireless breakout you just might be. This breakout will give you the basic knowledge and tactics to gain a deeper understanding of Wireless 802.11 uses and misuse. The breakout will take you from hidden SSID through WPA2 cracking as well as the out of the box tactics that are necessary to survive.

    How fast can you break into all of our access points? Want to find out? Teams of up to 3 competing against each other to break everything from WEP to WPA2. Highest number with the fastest overall time wins. Do you have what it takes?

    Rules: No DDoS of the Access Points. this will cause a DOS on you and disqualify your team.

    Minimum Requirements: Computer with wireless 802.11 capabilities. Wireless scanning capabilities using Kismet or NetStumbler. Ability to run CoWPAtty and other Linux tools (Live CD acceptable).

    ================================================== ===================


    Direction Finding breakout and contest

    Can you find a needle in a hay stack blindfolded while locked in a trunk? Or can you literally not find your ass with both hands? Either way, the fundamental skill of finding rogue access points to apply the IT cluebat is direction finding.

    Even if you don't know anything about radio propagation or reflection, never fear. Things begin with a breakout session in the Wireless Village by Renderman, veteran of the Defcon wardriving contests, who will teach you everything you need to know or ever wanted to know (and some things you probably didn't want to know) about radio direction finding.

    Put your newly acquired skills to to the test. An hour after, the direction finding contest will pit teams against each other to locate a number of access points in the shortest time. Be prepared though, finding them is one thing, finding the next one will require some puzzling.

    Recommended minimum system: Laptop/PDA capable of running some wardriving app (NetStumbler, MiniStumbler, kismet, etc) and compatible card. Directional antenna not necessary.

    ================================================== ===================


    WPA breakout and contest

    WPA may have replaced the bug ridden WEP as the defacto 'secure' standard for wireless but that doesn't meant that it doesn't have it's own problems.

    There will be a breakout, run by RenderMan in the Wireless Village that will go over all you need to know. Even if you don't know what WPA stands for, by the end you'll know everything you need to audit WPA and WPA2 networks and recover weak passphrases with ease. Even if you know all about WPA, come by and bring a 40+GB USB hard drive and get a free copy of the Church of Wifi WPA hash tables and save yourself the download time.

    Afterwards, apply your new l33t skillz and join in the WPA cracking contest and take a whack at recovering passphrases 'in the wild'.

    Prizes to the first teams to recover passphrases and login get the glory.

    Recommended minimum system: Laptop with WPA2 cracking capable software (CoWPAtty 4.0) and compatible wireless card, Backtrack 2 Live CD recommended.

    ================================================== ===================


    RFID Mini-Contest
    Do you think you know your ID from your RF? This is your chance to search through the mere mortals of DefCon and figure out who are the cyborgs transmitting their ID numbers out into the void.

    The RFID mini-contest will require the contestants to track down DefCon attendees who have secreted an RFID tag someone on, about, or perhaps even in their person. The winner will be the first team to locate the all the correct tags and present a list of all those tag numbers and the names/nicknames of those carrying those tags to the organizers.

    Several special conditions will be announced at the start of the RFID mini-contest that are guaranteed to make it exciting.

    To compete in this contest, you will need a reader capable of reading low-frequency (125 kHz) passive RFID transponder tags and displaying the tag's number. You will also need some way to record those numbers. We don't care how you record the numbers, and we'll honor anything from a MySQL database to a pencil and paper as long as you can show us a list of the ID numbers. The tags used will be the Parallax 50 mm passive RFID Round World Tag or equivalent. We suggest using the Parallax RFID Reader Module. MAKE Magazine Issue 06 has a great article by Joe Grand on how to construct an easy-to-build RFID wand using the Parallax RFID and a minimum amount of other components.

    If you don't know about much about RFID technology but are excited about it, the Wireless Village will be hosting an RFID breakout session before this contest. Participants will be shown how to construct an RFID wand similar to the design in the MAKE article mentioned above. The session will be hosted by Thorn, who was the lead author of the book "RFID Security" by Syngress Publishing. Parallax, Inc. has generously provided RFID readers and LCD displays for the breakout session.

    Registered teams that have not been able to obtain their own RFID readers may be able to borrow an RFID breakout session kit from the contest organizers. This offer is limited to the first 8 teams that register. These kits must be returned intact to the contest organizers at the completion of the contest.

    In other words, you can come to the Wireless Village breakout session, learn about some RFID tools and techniques and then borrow everything you need to compete in and own the contest! Conceivably, the winning team could be comprised of people who knew nothing about RFID two hours before they started!


    50 mm passive RFID Round World Tag
    http://www.parallax.com/detail.asp?product_id=28142

    Parallax RFID Reader Module.
    http://www.parallax.com/detail.asp?product_id=28140

    MAKE Magazine
    www.makezine.com


    Rules:
    1) Contestants must be able to detect and read low-frequency (125 kHz) passive RFID transponder tags. These tags are the Parallax 50 mm passive RFID Round World Tag or equivalent.
    2) Contestants must stay within the DefCon convention area. Leaving the DefCon area is grounds for disqualification.
    3) There are a minimum 10 RFID tags scattered among the convention area.
    Some of those tags are red herrings. Other (non-contest) tags may be present. The contest organizers may not have any control over these tags.
    4) The winning team will be the first team to locate the all five (5) _correct_ tags and present a list of all those tag numbers and the names/nicknames of those carrying those tags to the contest organizers.
    5) The contest organizers may impose several special conditions to keep the contest interesting, challenging and fun. If used, these special conditions will be announced at just prior to the start of the RFID mini-contest.
    Thorn
    "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

  • #2
    Re: Wireless Contest Announcement

    Is this open to all when they arrive or is there somewhere we signup?

    Anyhow, I'll be back this year and ready to play!
    And to who ever it is that's making a box like mine, I look forward to seeing what it can do!!

    One thing I am worried about though. The inevitable DOSing.
    We did a unofficial "BlackBox" challenge at DC13, and sk3wl of r00t couldn't hack it, so they DOS'd it (and that's why they lost CTF that year...by 19 points...ouch)
    Then they proceeded to spoof our MAC and DOS the DefCon wireless, which resulted in pissed off people coming up to us telling us to stop the attack they were launching.

    So...here's my question.
    Do you have any way of tracking who is DOSing the WiFi, other than their MAC address? I can see someone who can't hack it try to frame someone else, as this already has happened in years past.
    If not, then we could help you with that.
    Because it happened once already, I would bet this is going to happen again when someone gets pissed.

    We found a way to locate the source within 10 feet, even if they are using a 1W amp. So if you guys need help with that, let me know; because it sucks when lam3rs can't hack it and ruin the fun for everyone...because I want to win some shit this year damn it! ;)

    Comment


    • #3
      Re: Wireless Contest Announcement

      Originally posted by goldy View Post
      Is this open to all when they arrive or is there somewhere we signup?

      Anyhow, I'll be back this year and ready to play!
      And to who ever it is that's making a box like mine, I look forward to seeing what it can do!!

      One thing I am worried about though. The inevitable DOSing.
      We did a unofficial "BlackBox" challenge at DC13, and sk3wl of r00t couldn't hack it, so they DOS'd it (and that's why they lost CTF that year...by 19 points...ouch)
      Then they proceeded to spoof our MAC and DOS the DefCon wireless, which resulted in pissed off people coming up to us telling us to stop the attack they were launching.

      So...here's my question.
      Do you have any way of tracking who is DOSing the WiFi, other than their MAC address? I can see someone who can't hack it try to frame someone else, as this already has happened in years past.
      If not, then we could help you with that.
      Because it happened once already, I would bet this is going to happen again when someone gets pissed.

      We found a way to locate the source within 10 feet, even if they are using a 1W amp. So if you guys need help with that, let me know; because it sucks when lam3rs can't hack it and ruin the fun for everyone...because I want to win some shit this year damn it! ;)
      As to the first question, we intend to have a signup page/email address, but it hasn't happened yet. Although we do expect to pick up some teams on-site.

      Regarding the DOSing, I'll pass that on to the guys running the different WiFi portions of the contest. I've been concentrating on the RFID section of the contest.
      Thorn
      "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

      Comment


      • #4
        Re: Wireless Contest Announcement

        OK, teams may now signup at this email address:

        signup_wireless [AT] blackthornsystems [DOT] com

        Please submit a Team Name and Handles of the members of the team.
        Thorn
        "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

        Comment


        • #5
          Re: Wireless Contest Announcement

          TEAM: Janus Wireless
          MEMBERS: Goldy & Coderman


          Goldy,
          Sorry about the delay. My laptop crashed and getting to that email account has been a problem.
          Thorn
          "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

          Comment


          • #6
            Re: Wireless Contest Announcement

            TEAM: <Overkill>
            MEMBERS: TurboPotato, Tottenkoph, PixelatedPanda
            Thorn
            "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

            Comment


            • #7
              Re: Wireless Contest Announcement

              Times for the wireless contests have been finalized. For descriptions of the individual contests, see here.

              Tower Challenge (tiered wireless challenge)
              - Friday 12:00 - 19:00
              - Saturday 12:00 - 19:00
              - Sunday 12:00 - 14:00

              WPA Cracking
              - Friday 14:00 - 16:00 Contest (Contest area)

              WEP Cracking
              - Saturday 12:00 - 14:00 Contest (Contest area)

              Direction Finding
              - Saturday 15:00 - 17:00 Contest (Contest area)

              RFID Locating
              - Sunday 13:00 - 14:00 Contest (Contest area)
              "*x74*x68*x65*x70*x72*x65*x7a*x39*x38";

              Comment


              • #8
                Re: Wireless Contest Announcement

                Are there established schedules for the breakout sessions?

                Comment


                • #9
                  Re: Wireless Contest Announcement

                  Originally posted by natronicus View Post
                  Are there established schedules for the breakout sessions?
                  Absolutely. See here. That thread has descriptions and is followed by a schedule of the breakouts.
                  "*x74*x68*x65*x70*x72*x65*x7a*x39*x38";

                  Comment


                  • #10
                    Re: Wireless Contest Announcement

                    Originally posted by Thorn View Post
                    OK, teams may now signup at this email address:

                    signup_wireless [AT] blackthornsystems [DOT] com

                    Please submit a Team Name and Handles of the members of the team.
                    The sign up mailbox is now closed while the Wireless Contest staff travels to DC.

                    Currently we have three teams signed up, and interest from a another dozen or so individuals who have not formed teams. These people will be directed toward others of a similar mind at DC to form taams. More teams are encouraged to form and sign up during DC.

                    New teams may sign up at the Wireless Village (Skybox 209) or ad-hoc teams may enter at the start of each mini-contest. Preference for loaner equipment will be given to teams that signed up before the start of each mini-contest!


                    Teams:
                    <Overkill>
                    Janus Wireless
                    (No name as yet)


                    We hope to see you at DefCon 15! Even if you're not planning on competing please stop by the Wireless Village and the Wireless Contest table in the Contest Area and say "Hi!"
                    Thorn
                    "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

                    Comment

                    Working...
                    X