For Def Con 22 the DC801 group with help from The Transistor created an epic badge for the annual party. Some commented that it looked like a Pip-boy while others thought it looked like some amazing future tech that must hold the keys to the universe. I fell in love with it once I first saw it and couldn’t wait to get my hands on it. It had a Cortex M3 which I had never written code for so I wasn’t able to make it do much more than print some words on the screen. During the week leading up to Def Con 22, I started to loose my voice and got sick enough to leave the Con early. Needless to say that ended up being one of the worst years in history.
Since my DC22 was such a failure, I began planning and scheming for Def Con 23 very early. This year I wanted to take the same idea of the DC801 badge, but make some minor improvements that would allow it to be the keystone of my War Walker project I was going to debut at Def Con.
I built a prototype on some modified perf board. I wanted to keep the hardware as modular and simple as possible so that I could get deep into the software side of it. I used a TFT 340 x 280 display and Teensy 3.1 from PJRC. I also used an RN-XV WiFly from Sparkfun. This initially was going to be an Xbee/ZigBee but then saw this presentation by Sergey Bratus, Javier Vazquez, and Ryan Speers which made me dump 802.15.4. The RN-XV does have some limitations, like depending on the layer 2 encryption and not having support for hosting higher layer encryption such as SSH. Instead you get telnet, so make sure this network segment is locked down or build encryption over telnet.
The next phase of this project was to get my War Walker hardware ready. For this I used a Beaglebone Black, a powered USB hub, and 2 Alfa USB adapters. One of the Alfa was running the Realtek chipset and was what I used to communicate to the RN-XV on the WristHUD. The other was the Atheros chipset which is used for all the magic. Then I powered this setup with a 7200 mAmp hour USB battery.
I initially had some issues when I was using a non-powered USB hub. I measured my current draw to be around 300 mA with both radios, but the BBB would freeze after a few seconds even though I wasn’t maxing out the capability of the USB port. I changed to a powered hub and it fixed everything. Also USB hubs are not all equal and I discovered that some do not work at all with ARM linux. Thanks to some help from the Raspberry Pi community, I discovered that the Amazon 7 port USB hub works awesome.
I started writing some bash scripts to start monitor mode and to make the war walking process much easier. The goal was to have a script running that would communicate with the WristHUD to get interactions and then execute the scripts I selected. The primary software feature I got working for DefCon was to start the Alfa in monitor mode, configure a dump directory, and then run airodump-ng.
At this point Def Con 23 was about 1 week away and I wasn’t sure if I was going to be able to get all my tech fully functional to show off at the Con. I decided to order some PCB’s from Pentalogix based on my prototype and went all in. Once I had assembled my PCB and components I had no clue how to make it wearable. The DC801 badge had a custom made leather strap that was fitted to hold a LiPo as well as the electronics. I have (+0) on my leather working skills and so I started asking for help. My friend Jeff came through for me and machined some plastic that would mount my hardware. I used some zip-ties to attach it to my wrist.
The zip-ties didn’t bother me because everything else seemed to be working great! I had the software communicating to the base station in my backpack. At the Con I met @ who helped me change the zip-ties out for some sick velcro!
I was able to collect data on Thursday from Blackhat 2015 and through the weekend collected roughly 15 hours a day around Paris and Balleys (Def Con). I have already started doing some data analysis and have found some very interesting things. I will be speaking at Saintcon on October 27th about my findings and maybe I’ll submit to Def Con 24.
I can’t wait for next year. I’m going to build on this platform and perhaps share. No promises though.
Here’s some more pics