The Dark Tangents Tamper Evident Contest

Re: The Dark Tangents Tamper Evident Contest

We have to figure out who's tampering with Dark Tangent?

Re: The Dark Tangents Tamper Evident Contest

I hear he's going to be wrapped up naked in tamper evident tape, and whomever can unwrap him without leaving tape residue gets a prize.

I believe it may involve using chemicals.

Re: The Dark Tangents Tamper Evident Contest

So we get to have a contest to see who wins the right to acid etch DT?

Re: The Dark Tangents Tamper Evident Contest

I'm out! <slaps hand on table>

Re: The Dark Tangents Tamper Evident Contest

I heard it was the president

Re: The Dark Tangents Tamper Evident Contest

If you were on-line when this thread was first created, you would have seen information about this contest, but if you were not, then you totally missed out. Of course, the mods can go back and see what was posted because they have super-powers and can travel backwards in time.

The description of this contest made it sound like it would be really fun to join. Even if you did not succeed in defeating many of these, it would be fun to try. Also, it looked like it might have been a contest that would not dominate your whole time at Defcon, so you could do other things in addition to doing this. This would be especially great if you could pick up your package before Defcon begins, so you can work on it and maybe finish your submission before con. :-)

Re: The Dark Tangents Tamper Evident Contest

i dont understand. i want more info. i want to use harsh chemicals on DT. i have the perfect stuff. its been in my closet for 17 years now. it has changed colors like 3 times. and man it could knock a whole cruise ship on its butt.!

Re: The Dark Tangents Tamper Evident Contest

Here are the first pass at the contest rules!

https://forum.defcon.org/showthread.php?p=114061

Re: The Dark Tangents Tamper Evident Contest

Nice job on this one. This was one of the coolest contests I have ever seen. Very interesting, and a little scary at the same time.

Re: The Dark Tangents Tamper Evident Contest

Glad you enjoyed it. :)

This year was all the easy/medium-difficulty stuff. We can't wait until DC19 to show you what we have up our sleeves. ;)

-kive

Re: The Dark Tangents Tamper Evident Contest

Here's my first wrap-up thread of the contest, repeated for you folks:

Hi folks,

First of all, I want to thank all of you for competing in the first Tamper-Evident Contest. We had an astoundingly diverse crowd competing, and I think we all had a stellar time -- judges and contestants both. Not to step on his toes, but The Dark Tangent and I were very pleased to see the results, and we're really looking forward to next year! You folks were really incredible, and I'm just happy as hell to have such an awesome group of participants and crew for a first-year contest.

Secondly, I think we all "discovered" that the tamper-evident/tamper-proof industry might have some weaknesses. I'm looking forward to when The Dark Tangent calls our suppliers and relays our results, just as I'm looking forward to talking to my day-job's physical security folks about the same things. Kinda neat when your work actually results in changing an industry, I hope.

Next, I want to say that I absolutely could -not- have done this without:

- Dark Tangent
- Nikita
- Stits
- Thorn

You folks were pure awesomeness. Just sayin.

I also appreciated all of the work that Tiphareth (Tip), Pi, and the UAT students put in in terms of manning the table. Every one of you rocks, and I -really- appreciate you being there.

Here are the final standings (points then team):

51: Motherfucking Professionals
47: Team Obsinisize
42: Team Hactar
29: Have you seen my Box?
24: aurora/expo/facon12
20: WTF_Team 2
1: I-Hacked Crew

Everyone else scored negative, mostly from not turning everything back in, from not documenting what they did (that's the real goal here, aside from having fun, right?), or from not attempting things (you lose more points by not trying than failing). L0st gets out of a hazing since his box was stolen as some team of his thought it was part of the Mystery Challenge.

We'll be posting more up about specific defeats and the general insecurity of tamper-evident and tamper-proof devices in the near future, but...

Team Hactar: For the record, you guys did the hard drive magnet defeat -- and you did excellently with that. I actually thought I mentioned you twice in the closing ceremony -- and your astounding success was why Dark Tangent actually asked for me to play that video. It's possible me being the deer in headlights caused me to not mention you, and while I find it unlikely, if that was the case, I sincerely and wholeheartedly apologize -- seriously; you guys deserve credit for that one.

[IF that turns out to be the case, I will allow you, as a team, to find two times throughout DC weekend in which I will proclaim my wish for forgiveness from Team Hactar (at any place on the strip at which I don't plan on playing poker. ;) )]

I also want to call out props to two teams:

- Motherfucking Professionals: If you guys were boy scouts, you would have won a merit badge. That or stolen the entire case with an Arduino-powered acid-solution of some sort.

- Have You Seen My Box?: You guys get points for limiting yourselves to the tools you can find in a hotel room or get the housekeeper to bring to you. Stealthy ninjas you may become. I give you personal kudos points for restricting yourselves.

Here's the actual slides from my "Notable Hacks" slide:

Team Hactar vs. S-15562 Colored Cable Seals
Repurposing hard drive magnets to reuse tamper-resistant locks

Motherfucking Professionals vs. Padlock Seals
Arduino providing power to cut wire in HcL/salt water solution

Here's some tips, since I skipped the slide on "Tricks":

Watch the Forums - Many Components Announced Months Early
Document Early - Lots of Teams Lost Points for Poor Documentation
Be Ready for Variety
Team Up - Individuals Didn’t Turn In

We're already talking about next year, but here's what I can tell you right now:

- Next year, it will be tougher.
- Next year, there will most likely be varying difficulties.
- This year was easy-medium stuff. I would suggest that you be prepared for what you saw, but I wouldn't count on seeing the same thing twice.

I welcome comments from all teams and contestants and onlookers -- e-mail me at my username @ that same username dot me.

Thanks again for a great time,

-Kive

Re: The Dark Tangents Tamper Evident Contest

Great contest everyone!

It went better than I could have hoped, and has inspired me to take this contest to other cons and involve more people. Awesome!

Also I plan to launch a site to focus on defeating tamper evident devices. A question to you guys: What format do you think would work best? A forum? A wiki? Wordpress? I want to get something up soon so we can all collaborate there.

I will be posting a complete write up with pictures and videos from teams, and working with Kive to create a lessons learned section. A compilation of all the defeat paperwork will be entered (Thanks Nikita!) and posted on the new site and will act as the beginning ofnour database of defeat knowedge.

-----

Yes we will be back next year. Yes it will be a bit more difficult, held in two phases. Easy/Intermediate and advanced. If you can't complete the easy intermediate then you won't advance. The reason for this is the cost of the more advanced tags and products.

Team sizes, rule refinements, and categories (unlimited, individual, limited resources) will be refined and posted in a month or so.


I want to thank Kive for helping out and making the on site operations for this contest work. He really stepped up and took control when I was too busy. Thanks man!

Re: The Dark Tangents Tamper Evident Contest

I would think either a drupal or wiki based

wiki would probably be the easiest to label each type of device under a catagory of defeated and not defeated

Then you can add the documentation for each of the defeats that have been done so far.

A wiki could also include any advancements over the year edited by the people doing the exploit.

Perhaps a picture / video database with a link into the article

I can see this growing into a major industry site due to the fact that I cannot find any other information on the subject.

Just ideas, If you need help setting it up let me know in a PM.. I'll add it to the list of projects that I'm working on.

Re: The Dark Tangents Tamper Evident Contest

Derp. [edited]

dg