 Okay, presented to the wireless village CFP panel. Kintaro is the guy who builds funky Wi-Fi gadgets for fun. Kintaro is known as that guy in Tokyo who build crazy hacker gadgets. Creations include the HackChip Kismet mobile dashboard Wi-Fi centipede. Somehow as the secondary presenter biography, we have Ardvark has a personal connection with his Wi-Fi adapters. He names every single one of them and refers to them as humans. Dark Matter has a very mobile capturing rig, known as the Wi-Fi Backache. Presentation title, War Driver's Anonymous. 100 minutes was the requested amount of time, we're just going to do this until the next presenter says get off the stage. And the description of the presentation for some of us, War Driving is a way of life. That's what we do for fun and sometimes for work and do you even wiggle, bro? I think that's Japanese. I can't even read half of this, but we like these guys. Whoever wrote that synapse is a fucking lyrical gangster man. He seriously is that I couldn't translate most of it in Google's Translate, so I had to just take his word for it that this is going to be a good talk. So for those of you who don't know, I am A-Rick and this is A-Rick and we run the wireless village. Most people call me zero just so we don't both have to look every time and some of you, yeah, are jerks. There's Kentaro, we'll start at the other end because he actually submitted this talk. El Kentaro has been making all kinds of fun toys for quite some time and they're awesome. I actually don't know what Ardvark does. He keeps showing up around Pineapple Boy and he just kind of follows him around. So I think when Dark Matter is tired of carrying the cactus, Ardvark's there with a strong back. Man-servant, man-servant. Yeah, that's what I'm thinking. You have Ardvark and Pineapple Boy? Yeah. And then of course you all know Dark Matter who's spent his day whoring around Black Hat but not making any money despite attracting a huge amount of booth traffic to wherever he was standing. We taught him better though so next year he's going to charge and I'm assuming Cisco's... $2,000 to $3,000 like every 15 minutes. You're interested. Come back to me if I've got you. So you're paying for your batteries. I will guarantee you ROI on your investment. So we're mostly just here to... We were going to sit at this table anyway and just drink so we thought some people might like to, I don't know, heckle or something. So welcome. We're going to talk a little bit, very unstructured about things depending on if anyone feels like moderating or not. but we'll see how it goes. So I think Kentaro wanted to talk originally about war driving or something, so somebody get the mic all the way over there. I'd bring it, but then he'd take another picture of me for serving him to send to his mama. I got a picture of a white guy serving me, so. No, Rick, not zero, but Rick, ask me to put a talk in and be like, I ain't got time for this, but I'll do a panel. I do a panel with the two craziest people I know, and then Rick was gone more, so we have four of us. Yeah, like war driving is a noob thing, right? Like when you say, I go do war driving, it's like, oh, noob. I'm like, well, yeah, but some of us have been doing this for ages, and it's getting, you know, different. But like now suddenly with like IOT and everything is like, everything like, oh, detect your wireless things, like, yeah, war driving, right? Like, well, however you market it, it's still war driving. So I figured it would be kind of fun to see some of the craziest war drivers I know on one board, and that's this thing, so. So you brought along Dark Matter because his cactus rig is just so low on the windshield. Alright, so from now on, every time you see him, he's no longer Dark Matter. Dark Matter is such a like, it's like such an like, oh, evil name. It's a pineapple boy, all right? And if you don't know why that origin is, there's a video clip on YouTube, and I tweeted once in a while, every time somebody says, hey, Dark, hey, Dark Matter, hey Dark, she's in this room, I'm not going to point her out, but. I will. I don't think it is, but it's her initials in the close-up. No, because she saw Dark Matter walking with the Wi-Fi cactus around, he said, I love when you refer him to as pineapple boy, which I thought was awesome. And every time somebody says, hey, Dark Matter, I'm like, no, no, pineapple boy. Yeah, so yeah, that's his thing, right? That's how he got hooked up with Hack 5. Okay, real quick. Basically, this is the Wi-Fi cactus. It's 50 radios, and it's 25 Hack 5 pineapple tetras. And so. It's very light. It's super light. Actually, it's non-ionizing. That'll be of great comfort with your prostate cancer. And so basically, it's passively listening on 2.4 and 5 GHz, 50 channels at the same time. So since there's a lot of you, there's a lot of Wi-Fi, there's a lot of things, we've got to soak that all up because there's going to be a drought. We've got to save it, store it so we can reuse it in the future. But it's been a really interesting project. It's been an iterative one. I've done a lot of upgrades for this year to remove a lot of bottlenecks from last year. And added lights. You've got to add more lights, right? It's all about the Blinky Blinky. Shout out to Mike and Wes in for hooking it up on some of that action. But yeah, I mean, it's just been a fun project. It's like, it started out literally as like a little war walking box that I brought with me to DEF CON some odd years ago. And it just blew up into what it is now. So like, get out there, build stuff and just be involved in stuff and crazy stuff will happen. Speaking of building stuff, I think the first question for the moderators, how long are you going to coast on your fame? What's what's next year's project look like? I'm sorry, I mentioned this is a hard hitting panel. He's going to coast as long as he can next year. There's 256 colors instead of eight. Or what are we looking at? And we're going to like add maybe a few more strands. Oh, brighter, brighter. That's good. Maybe it might bounce to music. Wait, do you want the LEDs? You guys like the LEDs, right? Yeah, see LEDs. That was that was good. We want blinky lights on radio stark matter. They want the LEDs, but they want them on radios. So next year, I expect to see a string of ESPs with blinky lights. That would be amazing. You can do it. Yeah, you can do it. Well, one thing that's been awesome about this is there's been kind of some spiral out projects. There's this one called the Wi Fi satellite now, which they took to Chaos Communication Congress, which was ESP. I don't remember, but they were rad and they had a bunch of OLED screens. There was somebody I saw in the in Caesars that had a backpack on that had some crazy looking radio stuff on it. I don't know, I just think it's awesome. I think everybody should like build something, bring it with them, because like this stuff, there's a lot of cool shit in the air, right? We should be capturing it. We should be understanding it. So I have to agree. One of the things that we've seen over the years, as we've been doing more and more fox hunting is custom rigs, mostly based on Raspberry Pi's little screens to do fox hunting to chase things around bigger batteries, better antennas and things like that. And I mean, I think that, you know, really moving to wearable computing is where it's at. So I want to want to see more of this guy. Yeah, wearable computing like his D off necklace. Only three people have been arrested in the casino so far for de-offing the slot machines. Cantaro's going to make four in about an hour when this talks done. Every time somebody got arrested, every time somebody got arrested, somebody runs up to me, it's like, what's it you? What's it you? I'm like, that's not me this time. So the real key to this is this isn't anything new, but it's something that if you're getting into wireless RF in general, if you can't find an access point, you don't know how to do wireless properly. You need to have that capability. If you're doing this professionally, rogue access point hunting, i.e., war walking, war driving is the core of what you need to learn how to do. Get a bad guy in your network, or if you're the bad guy in your network, you want to not be caught, but you need to know how to catch before you can know how to not be caught. So what we're going to try and talk about, I think when we finally get to it after being complete and utter assholes, is to a point where we can actually help you guys to learn a little bit about how to do this, but some of the tech that's involved in this, we keep going back to that. This is an amazing view of a rerun of what we did 17 years ago that started the wireless village. We had a stack of Linksys boxes about this high, and it was 2007, so it was 11 years ago. 2007, we pulled a terabyte of data out of DEF CON. So anybody that was alive in 2007, do you know how much a terabyte of data cost? Thank God we were sponsored that year. It was ridiculous. It was like 17 hard drives worth the data that we pulled out. But that was then, we've gotten to this now, and as Rick was saying, we've also got people running around with raspberry pies. Being slightly covert is important because if you're tracking something, you don't want them to see you coming. So if Dark Matter can do this, imagine what he's got in his pocket. Not in his pants, but in his pocket, because we don't really care what's in his pants right now. Is it going to add onto that? The Bluetooth device, wearable? There's another piece that, following up with that, is like 17 years ago, it was basically access points. Access points and laptops, that's all you saw out there. Now you got smart grids, you got dash cams, you got cars, you got all sorts of shit. I noticed somebody's bought Nexar dash cams, and they're using hundreds of them near my hotel. There's buses, just notice. The NHP has got wireless access points with the car number as the SSID. There's just all sorts of crazy stuff out there, and that's why I got back into it after I got out, because there's just so much cool stuff out there, so much weird stuff that's connecting, weird clients. I've got like probably 40 wireless devices connected all the time in my house, and I'm not even trying. And so there's just so much weird stuff out there that's not just Belkin and Linksys now. It's also, I think, like the tools have changed significantly, like it used to be only like the air crack stuff, and then the rest you had to like build it, or you had to buy, go full commercial, but now there's so much more, there's different scripts, there's the new Kismet is awesome, go support them on Patreon. But seriously, I mean, you used to have like multiple tools for different things, now it's getting into a framework level, so it's truly like there's more shit to see, we got better tools, computers are cheaper, so with decent power, so I think we're in an election of renaissance for war driving, so I don't care if you think it's a new thing, I think it's actually a cool thing to do, and we also seeing actual, there was that rogue AP in Atlanta City Hall or something a couple months back, so we're starting to see like wireless attack in Dark Hotel, wireless attacks used in a non-fun and games heck kind of way, right? It's becoming a serious problem. Who in the room remembers Net Stumbler? Okay, keep your hands up. Who in the room had an IPAC with a prox card and a backpack on it? Who still has it? Pulled it out yesterday, and you know what? It fucking still works. Old is new again, guys, you know, we were walking around with little handhelds back then, now we're walking around with raspberry pies that are quad-core with a gig of RAM, we've got so many more capabilities now, but it all started with the exact same way that we used to do stuff. Go around, walk around, drive around, and get as much data as you can, and look at it and find the holes. How do you think WPA was cracked? How do you think WEP was cracked? People got enough data and started messing with it. Guess what? WPA 3 is going to hit the stores really, really soon. There's our next venture. If you're talking without a mic, could you talk a little quieter? I can turn this thing up higher. I really can. No one wants to hear that. These ones do go to 11, and then they start to feedback, and then it feels like we're at Balanced Talk again. Siren Jack, or feedback, one of those too. The goons will know soon, and all the cats. Yeah, tell us about how you pick gear. I know you're a lot closer to China, so you just buy everything from there, and it chips you faster? Yeah, I call it the Wifi Express. They kind of ship me. I want my rigs to look like they're out of a movie. As much as AdVar, you know, he names his dongles, and he has them all sticking to the laptop. You know, I understand. I used to think adapters on the back of my laptops were cool, until I had like seven of them, and my screen starts to kind of tilt backwards, and it's getting ridiculous, and then I started laying them out. I had cables everywhere, so I started to put them in cases, but then I started to... I like movies, I like... Shut up for a reason! I did on the mic, and I'm going to do that again if you all need to make a noise. Hey, good morning, hi everybody. This one has a wire, hack me now, bitches. I want to be Q in the 007 series, you know, or Warlock in Die Hard 4. I don't care how much you think it's a shitty movie, I think it's a great hacker movie. So it's Swordfish. Swordfish fucking rules. But no, I wanted to be the guy where the hero comes for gadgets, so I started building my rigs in a way that they kind of look like they're out of a movie that still function. So I spent 12 years working in an ad agency designing stuff for my clients, so looks is really important for me, you know, stunningly good and so, but... So when I build my rigs, I don't want to... And I travel, I travel a lot, so they have to be... They have to be TSA agent friendly. I'm trying to find the right word for it, like... If it happened like a bunch of antennas, like the first... I tell you the first one I built had this massive anchor battery. It had two Raspberry Pi's without a case on it and three Alpha cards where I popped the case off. And I had these little SMA piglets running it. On the fucking x-ray it looks like a fucking bonkers. It's a massive lit thing and wires coming through. And the TSA agent is like, what's that? And it's like, is my mobile Wi-Fi spot? And I'm like, what? It's like, I have shitty Wi-Fi. So ever since then I've gone through this process of how can I make it more... Like, traveling, like, advert has a whole car decked out for war-driving, which is fine, but if you travel like me, wherever you go from hotel to hotel to country to country, you know, there's... Every country has a different state and some countries, they really don't want you to war-drive. So I have to be able to take everything apart and put it in separate bags and reassemble it once I land so I can do it. Or smaller ones, right? So like the Raspberry Pi smaller ones that I built, those are the ones I can throw in my bag in my pocket. And, you know, TSA doesn't know what a fucking war-driving Raspberry Pi looks like. Or you bedazzle them? Yeah, or bedazzle them. Like, somebody came up to me, asked me if it was a real stone, the real diamonds. I'm like, you know, this is fucking DefCon, right? I'm not going to wear fucking diamonds on my neck. No, but so I have different challenges than, you know, I can't... I mean, he travels internationally, but I'm not traveling to hostile network environment countries with that. So you turn off the lights and dark matters completely incognito. Well, and on that note, I did actually take it to China, not like fake China, Hong Kong, real China Beijing, so... But before that, he's like, hey, Kintaro, have you ever traveled with your I-vigated Beijing? Do you know anything? Do you think I'm going to get arrested? He's like, I don't know. If you do, that's going to suck, but hey. We help each other a lot. So the secret I found for traveling with gear is try to break it down into as many small packages as possible. And since most of this, I would say 80% of it is retail stuff that you can buy off the shelf. You know, it's not so scary if it's something that's in a case and it looks professional. It's like when you have the wires hanging out and the wires are all like connected to weird things and then they can see the ball. I mean, because on the X-ray they're seeing through stuff, right? They're seeing the boards. They're seeing everything. But like when they open the bag, because they're going to get you for a secondary check, that's the point when you got to put on your A-game. Well, it certainly isn't a bomb. And according to what I told Chinese customs is this is telecom Wi-Fi equipment, so. And they believe that? Also, if you do international traveling and break it up, TSA is really going to get on you if you don't have an answer for the questions they have. Like I travel with my hack chip and I knew they want to question it because that thing has like wires and there's a Proxmark on the back and it looks like a bomb detonator. But I had the other one, the retro gaming platform version plugged in and the hack chip version had firmware I had in my backpack. So the guy is like, hey, what's that? And it's like, oh, it's a gaming platform? Did you make it? I'm like, yeah, it's like a cool retro gaming thing. I turned it on. It's like, what are the antennas for? It's like, oh, they had these little cards that have. So if you do a simulation of what kind of questions you expect and if you don't have, if you don't have, there's no lag between their question and your answer, they don't care. I mean, if you see this at the airport all the time, like if people get stopped and they ask and they go like, oh, then they're like, yes, secondary. But if you have an answer for, if you do a simulation, you have the answer. And like I said, they have shitty Wi-Fi. They're like, all right, whatever. And now a lot of this equipment, I mean, it's small, it's nice, it's condensed, it looks really clean. And so, I mean, there's not a problem really traveling with it. I mean, if you have a ton of it, it can kind of be sketchy. But I mean, I haven't had any problems really traveling with my equipment. So, yeah, it's on that front. You know, we're in a golden age of equipment, I would say. Yeah, and I work in mobile forensics. So I sometimes travel with like dozens of phones. Okay. And by dozens, I mean 140. So as they're saying, little packets, because I have to kind of take them in a pelican case. So it's a big brick of electronics. So I know, so what I do is I've been really good. I've become really good at engaging the TSA agent. And I tell them what I'm doing. Oh, well, I take these so I can do chip off forensic blah, blah, blah, and deleted data. And then the TSA agent gets really interested about that. And so I become really good at diverting them from that because I'm not doing anything illegal, but they kind of freak out about 120, 40 phones. 120. Man, I've had too much. I've had too much alcohol. Anyway, so I engaged them on that. And I, you know, I have a big bag of dongles, Mike and Stephen and Rhonda and little Joe. He's not kidding. They're all labeled up here. No, they are. We'll talk about that later. Colcheck and Bridget. Each one is special to me. Right. So it's it's the point is I'm not. Wait, what's the point? Yeah, I travel with a lot of stuff. I mean, my last trip, I traveled with three laptops, two, two tablets, 67 phones, a bunch of antennas and dongles and things. And I'm gonna get stopped. I just, I just talked to him about, yeah, you know what I do? I do wireless security. I help agencies work out, blah, blah, blah, mobile forensics, blah, blah, blah. Oh, really? That's cool. Hey, what kind of phone do you have? Oh, I have a, I have a Galaxy S6. Oh, cool. Do you ever sell phones on eBay? You know, oh, yeah, we do a class that teaches you how to delete, you know, get deleted data off those really deleted data. And from the look on her face, it's like, I just sold my phone on eBay, right? You know that look, right? So you're gonna take stuff with you. But I kind of echo what they say is, you know, keep things organized and in little packs so that they don't freak out about it because they're gonna see everything anyway. Whether you check it or you take it with you, they're gonna check it, period. Yeah, I mean, I, I do a lot of wireless pen testing and I do it across country, international at occasions. But everything I use and everybody laughs at me, I use these little Eagle Creek bags that zip up and every single bag has something very specific in it. Having those stories pre-planned for TSA is amazing. But once you start talking about what you're doing, they're people too, believe it or not, as they're groping you, just remember they're people and they actually want to hear shit that you have to talk about. They care about that. So it's cool if you have that stuff kind of organized and neat. And then when you get to where you're going, put it all together and, you know, hack the planet. But that being said, the other thing that you can do, and this is, you know, funny ha ha gimmicks, it works amazing at DEF CON, especially at about 12 o'clock at night when people are, you know, half lit. Walk up to somebody with an antenna and a radio and go, you have an iPhone, don't you? And I'm like, oh my god, how'd you know? You know, you're good. Uh, nope, not anymore. You should probably reflash that. Sadly, at DEF CON parties in the past, I've actually had people come back to me. I reflashed my phone. Is it okay now? It's like, wow, okay. But the key to this one is, if you need to get upward buy-in to things that you're doing somehow, somehow having some good tricks up your sleeve work really well. DEF CON's amazing for testing out those tricks. You know, who knew that walking around with a backpack or building something that you put online, you know, Wired Magazine I think wrote you up, right? Uh, one of them did. Somebody did. I don't know who. That's huge and cool. But it also gives you guys the power to go back and say, hey, you know what? Your wireless sucks here and here's how I want to help you fix it. And they're going to start to listen. So I'm not, I hate FUD, fear and unnecessary doubt. But sometimes it's helpful if you need to get your point across if somebody's already paved the way for you and you can use that. So I work with a lot of some lawyers back in Japan because they have no idea what hacking is. And the easiest way to convince a lawyer how frightening this can be is to scan for the Wi-Fi or like do a man attack and then see the list come up and say like, oh, you were in Chicago last month, weren't you? Or like so and so like, how did you know? Like, well, your Wi-Fi is there and they're like, oh, now we find and see it, right? So it's a simple tool to get your message across. And so yeah, I mean, it's a good education tool. I mean, it's, I think it's way easier to convince something is wrong with what they have by using Wi-Fi than like reverse engineering and binary in front of them, you know? Yeah, I'm going to call back just a little bit something Rick said a second ago, which was Defconn is a great place to test your stuff. I'd like to exclude the casino floor and Imzi catchers. This is not a great place to test your Imzi catchers, seriously. And also, according to Luxor security, it's not good to do it in the hotel area either. Yeah, may or may not have had that contact. Yeah. Like to kind of direct us back to, I don't know, not TSA. My balls have been funneled too many times and it's just not fun anymore. So it's true. Yeah, six times every time I go through, it's weird, like it's not big, it's not small as average, I think. Yeah, well, always. Oh, I paid for the service may as well enjoy it. Anyway, we've got all these fun things to collect. And really this is a golden age. Kismet's new release beta just came out, which we're running over here on the wall and Alex is running in the back on a 32 box monster. And the pineapple is running it. So Kismet, again, they said it quietly. I'm going to say it for the third time. They have a Patreon account. They do. I have the cards up here for the Patreon. We've made nothing off of that. But Dragoon. Yeah, the more we pay him the more he cares about the project. I'm just saying it's good. And not only does Kismet support Wi-Fi, Kismet's now starting to support Bluetooth and broken bottles. What's going on over there? Jesus. Excellent. Excellent. Pass us around. Make it rain. Kismet, Patreon. Yes, Rick, Rick, seriously, Dragoon is kicking ass on this release. Yes, he is. Good. Yeah, just as a side note. Yeah, I talk to the growing all the time and quite often I have some thing that I want. And, you know, one particular day I was like, Hey, you know what would be cool if you could just show the number of clients that each access point has. And he's like, Oh, that'll be probably kind of hard. And then he's like, Oh, hold on just a sec. 10 minutes later. Oh, wait, that's going to be easy. Hold on 20 minutes later, he had a he had a commit. And he's like, go ahead and do a get pull. It's done. Right. It turned out it was eight lines of code, right? So now I can see how many clients then 10 minutes later it crashed. Yeah. It didn't that time. But the point is the point is the guy does it not because he makes money. He does it because he loves doing it. And he he's very responsive. But if he had money, he wouldn't need to have another job. If you support him on Patreon, you can actually do this more. Yeah. Because I had one time I was like, Hey, Dragan, it'll be kind of cool if there was an API that I can hook in some more offensive tools. Fucking like, I was like, Oh, that's going to take a while. A week later, it's like, Yeah, I decided to rewrite the whole framework so that you can actually plug in Python APIs. I'm like, Oh, I'm at lunch hour. Yeah, I'm like, I didn't mean it to be like a completely rewrite of the source code base for like, it was just an idea, right? So seriously, you know, and then if you think that the old Kismet, like the 2.4 Kismet, it's not even more. It supports a shit lot of different protocols, Bluetooth L.E. Zigbee. Yeah, and and for those that have been doing this at for any length of time, if you do remember, Kismet used to come up and beep and squirrel and squack and you had to do all kinds of shit to make it work. It doesn't do that anymore. So feel free to just load it and start going with it. I mean, you can be covert as well as being loud as hell if you want to be. And it's it does. It does an amazing job. It really, really, really does. You got to turn it on. There is a discord group for Kismet. Just and you can jump on there and ask questions about things that there's a load of people using it. Don't get on and say, okay, probably four months ago, somebody got on and said, dude, your database is shit. It's shit. You're keeping track of shit stuff. I don't know what the fuck's wrong with me. Help me get this working. Yeah, go away, please. Get on. You can ask for help. Even if you're brand new at this, people will help you out. Yeah, so it's a great it's a great group. It's on discord. You can you can get with me. I'll hook you up on it. But if you if you participate in Patreon, then it's one of the perks on Patreon as well. Yep. So again, Kismet good. Really why we do this is because we just we know that there's shit flying through the air that we cannot perceive with our eyes and we want to know what it is. I've got a radio that is connected to my radio phone with another radio Bluetooth just because like that's the kind of losers we all are. So building something like this and then putting ZigBee radios on it and Bluetooth radios on it. And I don't know we could probably like you you are at a mesh device onto it to and just start sniffing all the things because I don't know just communication passing right through my head and I can't hear it. I want to hear it right. So we said all these things up. Not just because we're curious but because we're nosy. Isn't that what most hams are right like you just sit there with your scanner and just nosy. Anybody else remember the 90s where you just listen to everybody's cordless phones. Yeah. You remember like Jason Scott a couple months said said I found a like camera in my air B and B and it's like that. Then I said OK let me go around. I walked around my neighborhood and I found like 12 different network cameras online and I'm like there's no way there's like 12 next camps just here you know in residential areas. These IRBBs that are rigged right. So so we all talk about you know war driving and it's cool and everything else. There's so many practical uses of this just as a real quick poll. How many people are staying in a hotel this week. How many people are staying at not their house. OK. How many of you swept your rooms. Right. So the rest of you have the cameras running in your rooms. If you get good at war driving and you get good at multiple protocols in RF you can find wireless transmitters. You can find RF transmitters. You can find ham transmitters. Guess what low hanging fruit is easy shit to find. All you need to do is look and most of the time you're going to find stuff. What I find is when I find stuff that's when my ass comes out a lot because you know they want to see my ass. I was going to say Rick the reason why it's low hanging fruit is because those are low into on the adversary side. Absolutely right. Absolutely. So if it's low entry for them it's low entry for us to find. So we're on this low level fighting plane right. I mean last night I mean we were on the capture the flag and there was a team which will not be mentioned that decide they were going to be cool and they were going to leave something in the room overnight. Four and a half minutes we looked around we found it. We happened to maybe pull the SD card out while it was running. Hope that didn't mess it up too bad. But learn to plant things when you learn to plant things you learn how to find things and you can be safer. Do you really want your pictures on the internet of you and your hotel room? Everybody take that 30 seconds to think of anything you've ever done in a hotel room because I've used a black light in a hotel room and you guys are some sick fucks. Also one more thing that I hear a lot is that a lot of people come to me because I build this stuff too. Yeah. Yeah that guy that guy yeah. Wait wait. Did you print that case? Did you print that case or is that a he's Fox hunting the stage. He's checking to see if any of you are the Fox. Okay. So yeah everybody like comes up to me and says hey I think I'm going to do this or like they're like you know I'm going to build a backpack with four raspberry pies and I don't know 50 dongles and I'm like that's not going to work because the heat is going to kill you and the raspberry pies and the battery is going to be dead in seconds. I have melted plastic cases on our pies. The point I was trying to make is that I will help you out if you come and say hey I have this idea do you think it's going to work but I rather than you try it out and come to me and say look I have this issue because that helps me and this is the thing that comes up on the discord or any other online channel. People are critics and like thinkers before they actually do something about it right. So if you go out and try it and you like it good you go out and try it and you don't like it better if you go out and try it you have a problem and you come to me I will help you to try to solve that problem but don't be there like don't be there going like well like I had a guy that said I build one of the cases and he goes oh your case is unpractical because it only has three dongles it should have more. I'm like I want you to go build it. I'm like go build it although although I heard there's a French company that sells a million dollar backpack for a wireless man in the middle attack. If there's anybody from that company I will work for you. So that was a backpack I would I I think I'm going to file a cease and desist against them but it's 250,000 for the backpack but the car they have a like full wireless hack you car that's a million dollar car. Yeah. I guess they have like seven zero days too and it's like seven we have seven zero days. Seven. So yeah. I only got an eighth one. Oh good for them. Yeah I want to reiterate what Kentaro said we're kind of having a lot of fun with Pineapple Boy because his brilliant idea was to take 25 pineapples and notice that the top is flat so you could stack them up. Well it's not perfectly flat though. And then he put them on a backpack but honest to God this thing is cool and nobody else did it like I wrote a tool that pings a bluetooth MAC address and tells you the signal strength so that you can track the guy. It's not like rocket science here it's just that we did something and we tried and it happened to look really cool when we were done I didn't add any lights to mine but there's still time. You can always improve things that's the thing it's an iterative process too. You can learn from your failures of lack of lights and add no. Right right or car batteries being much heavier than lipo. Yeah yeah yeah lipo's are incredible. If you got the money always go lipo. If you saw him last year he was sweating and angry and this year he's smiling the whole time to things like 15 lbs lighter. And a huge shout out to at glitch tech that kid he's going to be in the vendor area around the VAC five booth he's like a mad scientist he's got a YouTube channel like he's like 20 some odd years old but he made the batteries for me for this year and they're incredible I got three and a half hours of battery life out of it last night and he says I can even run them lower than I did. So go check him out he's got a patreon too YouTube he makes some really neat stuff like his drone that does de-aw thing he made a cannon the other day and it like drives and like shoots so if you want some fun YouTube time go check out Glitch Tech. Yeah so I think I think the other thing that this is like the wifi especially I think more wifi than anything else it's really a it's like a it's like a group effort right so everybody hey Hi Jason Hi Jason three hugs in the back anybody want a hug? yeah so now I'm saying like Glitch did your batteries you know zeroes tool I do some other stuff I think wifi is a unique environment where there's a lot of collaboration on different aspects that are targeting a single technology specification kind of thing right yeah it is a very very small community even though you guys are all here and we you know we have room for 500 people we used to have room for 30 people and we thought it was a small community now we have room for 500 and we think it's a small community next year it might be 4,000 and we're going to think it's a small community because everybody ends up knowing each other one way or another when we go out and send foxes out we're doing that so you guys can learn how to do this shit we're setting out you know setting up this kind of stuff so you guys can play with this all of these war driving techniques Russ said no pictures welcome to DEF CON so use this stuff that we're giving you guys to train and practice and try your stuff build a new tool come to DEF CON and try it this is a phenomenal place to try this kind of stuff not an emcee catcher do not use an emcee catcher at DEF CON wait what yeah I'm going to follow up on that a lot of people feel you know about imposter syndrome where I don't know anything like Elkintaro he builds shit right he builds a lot of stuff he builds a I don't know it's useless but anyway no and I it's got blinking lights me I care about different things I care about I don't care about what the packets are doing I just care that they're there so there's different areas of expertise in all this and building teams and asking questions like me in dark matter he'll ask me a question I'm like dude that's fucking simple what the hell's wrong with you and then he'll ask and then I'll ask him a question he's like dude that's fucking simple what's wrong with you because because we we know different things so don't feel like an idiot because you don't know something you maybe know how to analyze you maybe know how to program you know how you know about dongles and giving them proper human names but or or you know how to 3D print who taught you how to 3D print glitched it glitched it glitched it go check out glitch seriously glitched it go ahead seriously like I I don't care about the the the completeness of my packet I just I I want to hit that number how many numbers I can hit with one device so it's more like fishing for me like like not like fishing what he's saying is he wants to throw the sniffer out there and drink beer and wait until nothing comes back that's if you suck at it but hey, hey, hey, hey, so support oh yeah, shit I have no, but like so so Dragorn Dragorn and Mike will be like I was like hey Kintaro can you fire up your big rig and see what is and like I give him back the data and it's like man, you got shitty janky packets and I said well, it's not that's not the goal I'm trying to reach I'm trying to see how much can I put in one case or how small can I build it or how many ridiculous antennas I could put on one thing and I do a lot of materials like if you do one thing if you do gonna build pelican cases use ABS and keep the drill burst because you can remelt them and hide your crimes and shit like that so so I help I'll help these guys out on the manufacturing side they help me out on the software side you know and then I also you know 12 years in ad vacancies I have some design I so that's an artwork will come up like hey, can I I got this I'm like well, that's really cool but maybe you want to move that DOS everything around you but then a little bit more to the right so you don't accidentally click to close you know so there's a there's a whole bunch of different people doing different things and it's really cool to the way that everybody can contribute on a different level right when we build out the CTF and I typically build out the boxes Rick does all the testing on the antennas if you look at our blog he's got phenomenal and you care about things that actually work and you care about drivers that work use Pentu not Cali but that being said once you get everything working the fidelity of it for some of us is super important I want to know not how many things are there but I want to know what exactly is in every packet I get so the radios I use versus the radios Ardvark uses versus dark matter using the Kismet drones gonna be completely different so make sure you getting the right tool for the right job my father-in-law is a contractor and he can build a house with you know a hammer and a nail I get a hammer I have a broken thumb two holes in my finger and I don't know what the fuck I'm doing but you give me a radio and I have really really good capabilities with it but you need to know what your tools do one of the biggest things we tell people before they come out here is test your shit before you get out here if you didn't test your shit before you got out here use Friday to test your shit because if you don't know how far something is away how close it is where you need to be to D off you don't know what you're doing in terms of getting that data everything about is black magic no matter what physics tells you your stuff reacts differently than my stuff does even though we've got the same chip the same USB in the same laptop the oscillators are all different they're all Chineseium I mean if you don't know what Chineseium is you know it's it's that stuff that they tell you that comes into Amazon at 17 dB on an alpha on an alpha that's you know 320 milliwatts yeah because they put a really big antenna on it well test that stuff because it doesn't work the way that you think it does very good yeah nothing nothing works the way you think it does until you test it how many of you tested all of your equipment at home before say coming to the capture the flag and then how many of you updated right after that yeah I did that's why the capture the flag broke yeah as it turns out testing really really matters I mean we've talked about what to tell the TSA and you know which tools we each like to name and that's not me that's a sandwich who's got a sandwich who's eating yeah somebody's got why is that alcohol and no food I want that pretzels thanks so testing your equipment is really important and depending on what you have testing can be very difficult so the blog post that I most recently put up was we were trying really hard to upgrade our capability to do 802 11 AC stuff and well while I love Linux being new is not the best on Linux so things that came out you know just a few years ago still don't have great support in Linux so I've been testing things really a lot and some things are annoying kind of like you pull out the dongle while it's running and the whole kernel crashes so don't do that ever yeah just don't ever disconnect them just turn off the computer first or something I don't know but yeah I bought like every 802 11 AC adapter on Amazon because I was bored I had spare time and then I connected them all to a box you can talk to Alex about how only 32 of them work thanks Intel yeah so if you have an Intel USB 3 you can connect a max of about 32 devices 32 no 96 USB endpoints of which the Wi-Fi cards have approximately 3 so yeah these are little things that you don't figure out until you start testing things you want to build an all channel Wi-Fi sniffer you're going to need like six nucks to do it right and that's completely ridiculous but that is reality unfortunately and you don't know that until you test it and plug it all in now one year we built the whole CTF on an Apple server and it turns out it's got two USB ports and it supports yeah one bus and it supports a max of four devices so if you plug five devices in not only would it not work it would crash testing is really really really really important so I'm going to share just a little good yeah I was going to say testing is really important but also understanding what it is trying to do is even more important and you'd be surprised how many DMs I get saying I bought the Wi-Fi pineapple and I can't hack my girlfriend's Facebook and I'm like I'm like that's or like I built one of your cases and but I have to authenticate to every Wi-Fi access point to hack the package I'm like yeah it's still kind of the point you know it's like I mean you have to kind of like a basic understanding of what it is that you're trying to get to right and remember a lot of us started before YouTube we actually had to read the IEEE spec on how things are supposed to work the easy button that is now called YouTube didn't always exist and honestly don't always trust what you see on the internet I know shocking the internet talks about my shit works I don't know why your shit doesn't work well if you don't test your stuff you don't know that your shit doesn't work and that's really a key to this we all want to hack the planet but if you can't hack the planet because your shit doesn't work because you didn't test it don't even start because you're going to get caught really really really fast yeah and expending what Kentaro said and Rick know what you're looking for you know my purposes are different you know with the Wifi Cactus Dark Matter wanted to catch all of the things so he's got a a radio parked on every channel so he can catch everything that happens I just can't me I just care about what's that you are a wireless Pokemon yeah exactly he's Ash Ketchum I just care about the presence of a particular device I want to track and monitor the position and geolocation all that things so really think about what you want to do with it and so maybe injection may not matter to you but monitor mode may matter it doesn't matter holy shit yeah I've had a lot of this whisky you can talk you want to talk together mine all right I'm going I'm going to segue a second here I kind of on this discussion of like geolocation and trying to find that some stuff depending on what you're looking for some of the tools how many of you guys have heard of wiggle before anyone wiggle wiggle wiggle Andy have you met Andy will you all stand up Bob Andy anyways these are these guys behind wiggle so these guys created yeah I'm going to go with plus for them yeah they in my opinion they've done like an amazing service for this community like being able to provide visibility into wireless networks how many times have you taken a MAC address or excuse me an SSID and then tried to go search that someplace to try to see whose house that MAC address or that SSID came from anybody I definitely have done that it's who's ever done east coast to west coast or west coast to east coast for connoisse before you left your house how many want to do that wiggle is amazing for that here's the secret all right I'm going to give you like the super basic secret right now go on eBay get a Samsung S5 they're like 45 50 bucks or a note three rather there were not but now they're going to be like yeah I know now they're 150 a zillion dollars I'm going to make so much money and then install wiggle on it and put it in your pocket and take it everywhere you go and you'll be you'll leave it in a cab you'll then join the multi-phone club with us oh yeah yeah so check this out so we're lat what was it last def con we're driving in an uber and I'm like hey no I wasn't driving I was riding in an uber rather thank you making a little extra money riding in this uber and that he has the he has his phone on the dash right and it's right there and I see it he's got directions on it I'm like hey do you have by chance want to just start participating in like wireless network war driving with us he's like I don't know what that is here's my phone so I downloaded wiggle on his phone and I put my api key in there so that I get all the problems crypto jacking is shit man wiggle jacking is the thing so that's why Vegas is just a little bit more dense now you're welcome yeah so that goes back to knowing your equipment knowing your technology knowing what you're trying to do as we said you know Rick and I are trying to get like the best fidelity get every packet get every bit no corruptions and you know I test all the cards competitively with a tool called kismet shootout which is part of the older version of kismet because the new one just came out and then and then we test with 4,000 of you beating our shit up for the last 11 years yeah yeah the people attacking the network do help a little bit sometimes they crash not in my testing but here which is always fun for us yeah knowing what you're looking for and then trying to build a test plan accordingly all I did was I said to drag one like you know be great is if I can have like a packet count from every radio and which everyone has the most packets that one's at 100% and then scale everything else accordingly and I get these pretty little things to say like oh this guy found 100% of the packets and this one found 93 and it gets a general relative idea of you know which cards see things which cards don't and yes I do have matched antennas for everything because don't we all have 43 of the same antenna as it turns out if you buy a lot of alpha equipment they all have the same antenna which is just really helpful yeah you gotta ring it out a little bit gonna ring it out a little bit all right since you brought up antennas do not buy like a 12 dbi monster antenna plug it into an alpha card and complain I can't see shit because can I talk about especially if you wiggle okay I gotta talk about antennas um the and let me let me tell you so each one of us probably has a gross of antennas and I think we all know what they do but see this little guy this little one db antenna 2.4 gigahertz amazing for finding things when you get close you know why because it's a fairly shitty antenna you know what shitty antennas do they tell you what's close this is bluetooth no antennas are that's a Wi-Fi antenna but important thing to note about antennas people always want to say you know I gotta buy an an an an an an an when he started drinking I gotta buy a corner reflector I gotta do this I gotta do that best antenna ever made antennas are very much use case specific so if I want to pick up somebody from a half mile away I'm gonna want a corner reflector or maybe this yaggy that was bought from is that a hack 5 yeah no that is a simple Wi-Fi but this is good for war driving that is an 18 dbi yaggy antenna a fully directional for war driving and everybody goes crazy about this I want a yaggy it's 25 dollars it's 29 55 but the problem with this one is that I'm picking up stuff from like a mile away and you're picking it up at a 3 degree angle which means the guy in the back rub the room with the glasses on we're looking at his left eye only if there's an AP on the guy to your left not not saying it so when I'm scanning and I want to geolocate Wi-Fi's I don't want yaggies because I'm pulling in stuff from hundreds of meters away do you guys know that when you're driving with the GPS you guys know you you are picking up the signal where you are not where the AP is yeah so one of the big issues with wiggle isn't that they're doing it wrong because they're doing it absolutely right wrong you're doing it wrong when you're driving down the road with a 9 dbi ground plane roof mounted antenna you're picking up seven blocks in each direction yeah okay yeah would I give me the give me the mic give me the mic who's ever driven on I-80 through Nevada raise your hand seriously okay I as you go into each valley you're picking up stuff from 2.7358 miles away right okay you don't want that shit you don't want to pick up stuff from a long distance away if you're trying to map stuff you need to use very low let's go get artwork water bleeding yeah the point is depending not what you want if I want to capture every packet from a source yes I want a yaggy to be able to pick up that that source for one source I want to have a yaggy or a corner reflector or something like that to pick them up from a long distance away but if I want to map things you want to actually I love my MacBook Air with Kismet because it picks up very slow very short distance away I was going to talk now man I've been wanting this for so long you're so rude okay okay listen but now I have a counter argument counter argument I want the mic says the guy with the flashy box I want to win all the points on wiggle counter argument okay then you're an asshole we're all assholes it goes back to the basics right understand what an antenna does how it works what's the pattern right because I get like I get like email saying well I want to use a Yagi to snoop this wi-fi that's across three buildings 200 yards down the street I'm like yeah you're gonna get good luck it's like and then it's like well how would you do this like I would move in underneath and you know I'll get closer I would get closer right yeah yeah it matters greatly one of the things we see all the time is people with like nine dbi antennas and they're angled like this and they're pointed towards us with the tip of the antenna and the yeah the plane is like a frigging pancake around the antenna and you're pointing it at us so you're literally looking at everything but us right understanding what like a polar chart looks like so these things are they're showing signal out almost straight as you get higher gain so omnidirectional literally means every direction but only in one plane so the higher the gain of the antenna say the name say the name Frankie with a five dbi it's a little bit more doughnut shape than baseball and when you start getting into a nine you know Frankie had a little bit larger of an antenna then it would be more like a pancake little Joe so little Joe here has a two dbi antenna which is actually about as close to as an ideal omni as you're going to get this is if you want to see above you below you next to you and a nice high signal strength when you're say war driving of five maybe on up to a seven or an eight is good because it pushes farther to the sides and especially in a residential area most things are going to be you know a floor two floors not very big but if you start war driving downtown with even a five dbi antenna you're going to miss everything above like floor five or six now we're just reading coal check the night stalker this isn't an internal radio it has a usb chip on it so you can have an integral antenna like this which is a completely unknown chinese e-mantana it might be printed on the circuit board it might be a bare length of wire it could be a cute little spring that tsa thinks is part of a gun or something and yeah I you wouldn't believe how often we get stuck at the airport thank you for all of those named devices but yet knowing how these things work is very important you're throwing all of his it all coal checks gone forever little joe has been donated who wants to adopt little joe yeah so a lot of times um if I go into a starbucks and I want to see what everybody's doing I don't want a long distance antenna I want a short distance antenna I don't want high gain I want short gain and so like hello render do you know anything about work driving yeah uh kismet runs fine hey render come on up there's an empty seat murdoch needs a place to sit shout out yeah everybody say hi to render man yeah he doesn't need a lot of room he doesn't he's little he's really little he's skinny and then can I be last though? yes there's sit so it's important to know what do I want to capture what do I want to see to see if I'm just sitting in a little push-ups ten years ago he'd be dead right now yes alcohol to the stage this shit show just hard work may not have Wi-Fi royalty if dakuna dakahuna was here we'd have most of the church of wi-fi here that's true yeah yeah the white dude doesn't get any yeah that's right that's right all right so for those of you don't know an extra introduction render man founder of the church of wi-fi am I getting this right? the pope the pope of the reform church of wi-fi the pope of the reform church of wi-fi his second iteration of so if you google and you have some decent skills although he's tried to erase this from the internet you can find him wearing a backpack frame just like this 15 years ago that did not have so many antennas and the angle of his body is like this because the thing was so heavy and he's was not was so yeah well the the backpack was heavy and you're oh yeah it was a pretty ups battery on the dapp of the thing so yeah so walking around doing the fox hunting challenge wasn't it they were wearing the amazing backpack for because back in the day we used to you know have to use a real computer and by the way the reason we say stay out of the casinos during the fox hunt is a hundred percent render man's fault I was next to him when it happened I laughed my ass off and they said Def Con will be shut down if he does this again this is a true story I just wanted to win it wasn't me I wanted to win yep there you go okay and that's why we have rules now like stay out of the casino all right so since we're just inviting random people to take the stage because we like them who has questions in the audience to ask a panel of idiots don't ask about five gigahertz adapters is there a sore spot for you Kintaro I have a lot of five gigahertz adapters about the five gigahertz yeah what's what's the story with the five gigahertz adapters I can't inject on five gigahertz is it my fault or is it Kali Kali is a generic hacking OS Pentu is just a really fucked up specific one yeah Pentu is shit but Kali is shit too so people ask me what I use I don't use Kali that often because I don't need half of the crap that's on it you know I rather start with this plane install and work off of that use the mic talk it in the mic works best when it's close honestly I don't know what we're talking about anymore so tell us about Pentu yeah I don't think anybody came here to talk about Pentu so Pentu is this amazing Linux distribution you should all install it's got the new kismet and apparently almost all the tools you need for the CTF because one of them got wiped off the CD it's got the new PMKID attack and things like that okay let's talk about some fun things we've got a whole group of people on stage who here is terrified about the new PMKID attack from the hashtag forums because we're all going to get owned immediately okay so one person doesn't know what they're doing two three four okay so four people don't know what they're doing the rest of you already understood that this is almost the exact same thing as we've been doing before it is really cool it is a new level of reliability that we may or may not have had before because now you only need to successfully capture one packet and hope that the one thing you need is in there and if it is you can very reliably crack the key well and then the other thing too with it I mean you read the hashtag forums and you learn about it and it's like you need a tool to do the attack well guess what it's not it's it's protocol level stuff like that's leaked information so like I was a black hat earlier this week and I was scanning and they have Ruckus wireless there and they're like we're so worried that we're leaking and I'm like well I'm not seeing any because you don't have that in your packets so I didn't try to actively try to get anything out of it of course not but I was doing the passive listening and so I would be able to see it so I was able to set up an AP and demonstrate one that does have it and use it as kind of a baseline against it so you can see it in the environment completely passively hey really noisy folks over there we're the ones being noisy could you calm down just a tiny bit thank you thank you I will do that thing with the speaker again I will I will so that's one thing about like knowing your tools because it's like it's a brand new vulnerability and I'm surprised somebody hasn't made a website and in a branding and there is in pictures of it already but and a logo of course because you got to do that but the thing about it though is we already have tools that can identify vulnerable hosts it's Kizmen I mean you could start doing that I mean even TCP dump like open up freaking TCP dump on a wireless monitor mode interface and you can start doing it today so you know and again it's just a matter of understanding protocols and then understanding the tools that you have and I think the largest thing is you know build something have something running that and start getting used to that being in that environment right so again it is a cool new technique that may or may not be enabled on the access points and if it is it's leaking some valuable data that you get for free when a client connects because it's part of the first packet for the EAP exchange on a legitimate client the cool thing the part that's actually new is that you can force it because the first packet comes from the access point to the client you don't have to answer any kind of challenge they're sending you what you need to crack the key and that is legitimately new and that is legitimately cool but you're still running a dictionary attack or a brute force or a mask attack or whatever you're still cracking the bloody password so a strong password is actually going to make this very resistant and again it's cool but the sky isn't falling but if the sky were to be falling there's this thing called WPA3 right who here knows what WPA3 is okay so you all know that it's just like a bunch of standards that were not even standards they were informational RFCs that have been randomly implemented for the last couple of years and then they're just kind of okay now this is WPA3 these four standards so yeah different people wrote up a couple of cool RFCs for simultaneous authentication of equals opportunistic wireless encryption I think both of those were Dan Harkins and they were informational RFCs which aren't even like standards and then that people just kind of started implementing them HostAPD implemented it WPA supplicant implemented it and these were specifically to get around some of the weaknesses of WPA and WPA2 where you can offline dictionary attack or you know the weakness of open networks where there's no good way to provide network access to a whole bunch of people and you know not tell everyone the password so things like opportunistic wireless encryption are actually really cool because it's a way to create a secure connection without sharing a key with anybody what does the fox say hey wasabi wasabi what does the fox say hey cool there's a fox hey it's the fox oh my god oh my god the fox is oh it's an akita oh I'm sorry I didn't know you were a doggy I didn't mean to be rude come back here can we is there a sign that says no petting yes no heavy petting but I mean no heavy petting okay so the WPA3 stuff is actually kind of interesting the whole reason the PMKID bug was found is because they were going through trying to find a bug in WPA3 that one wasn't it mind you that was just a bug in WPA and WPA2 but they were looking for attacks on WPA3 so people are starting to look at this stuff now people that are good at crypto people that aren't up here and drunk and that's a great thing right but it's a very interesting standard because it takes most of the fun stuff off the table the most important thing that it almost takes off the table is management frame protection 802.11 W which is encrypted and or signed deauthenticate frames so cool things like Kintaro's necklace would theoretically be useful if the WPA3 standard you're good required 802.11 W fortunately for Kintaro though I think it requires it to be optionally supported which means like nobody's gonna freaking implement it still and then we're just going to toss everything and well Black Friday at Best Buy is still going to be funny how many things supported 802.11 W well after making an exhaustive search of every device I own which is 200-ish Wi-Fi cards about 15 or so different drivers so it's basically bullshit yeah the ones that presently work in Linux apparently can be counted on zero hands yeah it's there it's totally supported by nothing yeah but Zira that brings up another thing it's like people are like well why are you only doing 2.4 euros it's like because that's where all the cheap smashing grab vendors are bring out this like you know dash cam or home security crime all they care is like dump a product into a market get the fuck out with the money right so 2.4 chips are cheap so they'll put it on and then launch it and be gone and customers stuck with a device that doesn't get updated so you know I mean understanding what your targets are and again let's let's take out the fact this is defcon and let's talk about actual Wi-Fi security because it's hard Wi-Fi is never implemented properly if you're doing enough data collection you can pick up the data that matters and you can start to exploit that now again we're on camera so from a security perspective we want to make sure that wow here comes wasabi with a friend hi friend anakita hi akita yes it's a wireless akita yes oh yeah that that was live you just saw that you're not hallucinating you saw that security is really really important with this stuff war driving pulling data building teddy bears with Wi-Fi cameras in them hi hi all of this stuff is really important because it gives us the ability to really interrogate the data that's going on and to tell people what's important about what we're doing go ahead go ahead murdoch no i was wanting me to bring up dongs uh-oh yeah that's more bluetooth though so oh no no please you can talk about your project we love we love the iod tell us about your new kismet plugin what was it called yeah so my my new projects that have been working for the last two years basically is the internet of dongs so i'm also the dawn of dongs yeah what yeah shut up yeah so there are internet connected sex toys out there i have a very large suitcase full of them and yeah you can actually go war driving for these bluetooth devices i believe with russ's assistants there will be a contest in that shortly actually we'll actually find out in situ can you actually do this in a crowd so here's the deal those of you that are playing the wc tf this is the part you want to listen to hi guys wave hi yeah so render man has asked us to in the good spirit of war driving because war driving is not just wi-fi anymore war driving is bluetooth it's zig b it's basically any signals that you can pick up while you're driving we've now incorporated a software-defined radios sdrs into war driving we've incorporated the freak labs 2.4 and 900 megahertz zig b drivers we've incorporated bluetooth 2.4 and 5 gigahertz that being said render once he gives us the mac addresses with some of the tools that we have we are going to have an i o d fox that should be a fox tail that would be an i o d fox tail and you can all imagine what an i o d fox tail might be it can be interrogated with the tools that we have and potentially manipulated with the tools we have i i don't know what the rules of engagement are for penetration testing i o d devices yeah we will so please elaborate render um need to talk to ross about it we're gonna set some you know oh you so let's go well give me a minute you know i need to lube up but yeah so there there will be somebody with a bluetooth-enabled vibrating butt plug watering around a defined space that we need to set up your objective will be to identify this person and set it off one of which might make the other one easier i think if you constantly set it off you'll find that person pretty quickly i don't know in defense of your catch by surprise or you know oh god this but uh yeah it's over there are you a fox well i mean this is a whole new you know what does the fox say how the hell did i get associated with you all right i think you baptized half of us by the way well thanks for coming thank you wiggle thank you wiggle wiggle it just a little bit but yeah actually that that issue has come up because there is actually at least one wi-fi-enabled vibrator that's also an endoscopic camera internet of dawn dot gs is the website pentess partners did a report on it i took exception to a few of the their findings and you know corrected them but basically it was that the thing became an access point itself you connected your phone to it streamed the the video off of it to your phone it never touched on a real wireless network but because this was you know Chinese chop chop stuff it was basically the web streaming webcam off of a drone repackaged you could get root on this thing it's running busybox and throw it into client mode and connect it to a network so it also has a web server on it so it literally is the internet on it all so we call this war driving I'm not sure what we call war sexing but I think it may become a thing rule 34 but the the uh the whole idea is that the stuff exists a lot of the security on it sucks so I'm doing on a can to fix this there are people that enjoy wearing these things out in public and you know there's some debate about the the effective range of them I contend that it's going to be so short that you know if it does suddenly go off you're going to know who did it because they're going to be laughing really hard and you can just go over and punch them and also the kind of people who typically like wearing these devices will also be at events that are generally populated with people who are very well equipped and well versed in beating a little bit crap out of each other and would enjoy beating the crap out of you if you pull any crap so just saying yeah but yes on Internet of Dong's Github there's a couple of projects I'm working on one is the a Kismet plugin the IOD screwdriver because pentest partners came up with the term screw driving looking for for wireless sex toys I wrote a plugin that basically takes the you know does regex for the the default names on these devices and yeah highlights them within Kismet so you know exactly what you found a dog so Kismet can now find Wi-Fi Bluetooth ZigBee and vibrators thanks drag on I mean talk about a really open platform you know you could build off of like that's great he really fulfills all our needs free internet and sex toys I mean the guy is amazing free internet on a sex toy free internet on a sex toy excellent and you can stream it all right we actually do have another speaker coming in so we can't do this all day so I'm going to moderate slightly we have 15 minutes we're going to talk about something fun amateur radio not only do we pick up all of these signals but you wouldn't believe what the police say when they pull over a car with this thing mounted on top first they say sir that's unsafe then they say what the hell are you doing and as it turns out I have seen this done we're doing a radiological survey of the 2.4 and 5 gigahertz spectrums officer does not work they don't like that but you know what really works great I'm an amateur radio operator and they say huh your your gray beard isn't long enough but okay and then they leave you alone being an amateur radio operator especially in the U.S. has some magic perks for war drivers you are driving around with stuff like able to pick up police frequencies or maybe modified to public safety bands in the 4.9 gigahertz because who isn't war-driving those sweet cameras they have everywhere right didn't someone give a talk about modifying kernel to have 4.9 on 5 gigahertz radios no he got it down to 4.8 and that was a few years ago it definitely not like from 2192 to 2732 yeah wide band wide band I mean before software defined radio was cool retuning Wi-Fi just fun I think like if you if I start to think about it before I start a war-driving like data pack of war-driving in high school which will be 30 years so I'm pretty much statue of limitation behind it I used to have a I have a wide band scanner with like a big disco antenna and I live in Tokyo 30 years ago only gangsters and celebrities had car phones so I just had to sit there at night listening into conversations and I might or might not have caused a couple celebrity divorces by selling the recordings I taped off the waves was I shouldn't say that on video wasabi to the stage wasabi to the stage welcome to defcon welcome to defcon thanks for coming defcon has a code of conduct that is explained in the rule book and on literally every sign you walk by in the hallway so while it looks like we are a bunch of dicks and we are people here don't like their picture taken if they're on stage it's fine but like the contestants really hate it so just so that all of you know while we've got this yeah so anyway ham radio is a lot of fun there's a whole lot of people that are my grandfather's age who love ham radio and then there's a whole lot of people my age who like ham radio there's not a lot in between and the hacker community is slowly kind of bringing this back by getting people tested at these events and walking around with walkie talkies I can't count the number of tweets I saw from various villages saying getting ready for defcon here's my kids and they had like cheap little 30 dollar walkie talkies as part of the yeah barfings or pukings or whatever the latest Chinese crap is so who in the room's a ham who in the room has an FCC ID okay that was a much smaller group of people that being said go take the test please go take the test be legal do it right because we're sniffing all your shit we are listening to everything you say unless you're on dmr encrypted or p25 and he's gonna tell your mom I I know your mom oh I know your mom that's different anyway nope don't do not give that to our father do not no no here look good good give it to him he has a wireless mic now all right all right let our advert talk you gotta plug it back in yeah you put the one end into the other end hey there's seats up front I'm just saying you don't have to wait in the back all right all right all right so for those of you who don't believe the church Wi-Fi is actually a religion I do Shonda right there I performed his wedding as the pope of the church Wi-Fi yay so yes yep 2013 yep so you can write it off on your taxes now donations to render man still married yep so I'm just waiting because considering the way I've seen some of you drink I might be doing a few rolls weekend too so you know to drink minimum there but I just wanted to say like congratulations brother happy birthday and uh yeah all right you've been cut off this one's been cut off okay he off from the mic so again amateur radio is fun there's been a thing at Defcon for quite a number of years they're across the hallway and they call it the uh what is it the wall of sheep the wall of sheep which used to be a projector that gave you the username password and the website they were lugging into and it was all up on the screen and now they like put a bunch of stars there and like we know your password but they're not going to tell anybody which makes it way less fun why isn't there a radio wall of sheep yet why back in the old days we had passwords on the screen yeah why isn't anybody recording all of this and playing it back the goons have encrypted p25 radios but did you know there's a little switch on the top that turns them to unencrypted and did you know that the symbol for being encrypted is a universal no sign so like it's a little confusing or or sometimes you just kind of get one on your way by in the hallway a couple of these guys are walking around unencrypted and it's funny so um just quick shout out there's a conference in romania called defcamp they actually do the wi-fi essentially a wi-fi wall of sheep they called the pwn board and um yeah that was pretty cool so i was able to integrate with them and uh i was accessing their api and like dumping live stats of what's going on like crazy ssidies i was able to dump uh you know if people were doing attacks like de-authentication attacks and that type of stuff in real time and i mean these guys are talking about a different level of like devices and data radios which i'm not capturing but that's this that's the level i want to get to i want to be next year there will be an sdr pineapple boy yeah that would be sick so we can make that accept sponsorships so next year we'll dance for money at defcon and if anybody's east coast most of the east coast besides we'll have a software defined radio wall of sheep he just good catch dude stand up you are not a hacker you are athletic i need to have everyone clap for that man right now he just caught a sticker that was epic you sir are the true ninja among us but can i say that with you here it is coming it attempted to happen at derbycon and there were some minor issues i got banned from twitter rick got banned from twitter but there will be a radio wall of sheep what that means is all of your barfings which are awesome and all of your yasus which are awesome super awesome will soon be publicized up on screen sorry go dmr go p25 go mototarbo or go home yesu is so awesome i would like to point out you're not actually allowed to encrypt the radios unless you're one of those four peoples that thinks you're allowed to encrypt the radios and you have to make that with god and your lawyer not with us the FCC kind of says you're not allowed to encrypt but they don't use those words and it's weird but more importantly if anybody can help me with speech to text for my twitter engine that would be great i had a great thing going back and forth with every radio communication at derby con things like dave kennedy addressed his team for 23 seconds snooze rudely cut dave off for 12 seconds and things like that but i couldn't actually get the text the words so if anyone can help me with speech to text that'd be great by the way free jericho free jericho wait wait wait wait we have an update we have an official update no no we're saying don't pay for jericho oh yeah we know he's free free jericho yeah everyone so there's this twitter address at jericho right attrition what do they say jericho on attrition.org yeah hey balin how much more time do we have to waste for you dude you want to come up and start getting set up five more minutes okay this show is gonna last five more minutes because balin is the one who actually has talent and he's gonna be talking then so maybe we could take a couple questions does anyone have any questions out there questions questions questions questions lots oh my god lots it's a labor of love i actually got a chat from rick and then a phone call that said hey i just spent five hundred dollars on amazon on wireless radios do you want to get them too hey hey have you guys heard of this thing called aliexpress you got to get close this one doesn't ever want to dude seriously like i so if you get on the kids and on aliexpress last month if you get on the kids met discord it gets even worse because somebody will post hey check out i found this and the next minute like everybody's like oh shit i just pushed by now oh shit it's sold out on amazon now i bought when we built our house i put a 20 by 20 shed underneath of my deck it's all totes of all the shit that doesn't work yeah one other note on aliexpress the awesome thing about it is that you can type in the chipset and find crazy stuff so like rtl88128821 and some other fun ones exactly and you can get like four dollar dongles no i was like i go to wikidev look up the chipset i want go back to aliexpress punch it in and then order like 20 of them you know but they're next but aren't they next door all right here's the here's a key to aliexpress ordering though order twice you need because you'll get half yeah half to half of what they ship is only working and getting another half working is really gonna take like i ordered like 10 adapters 10 showed up five of them worked so i went like oh i'm gonna buy 13 more i buy 13 more sure enough half of them worked but didn't let the second lot of 13 took like five months to arrive so order way more than you need by the way that's the closest i've been to elkintar's left hand that's a lot of fucking rings ring life any other question i think we have time for one more question yeah you he's given jason street a run for his money are we going to be a def camp i submitted a paper so if you notice someone on the CFP board hook it up i know that conference in romania nope yeah we're on a really awesome conference it's like a really great western european country you have been this is what he's like after one period he's such a lightweight all right are we got three minutes left give it to ardvark this is gonna be funny it's gonna be funny no the important thing i have these things katie hi john i was important thing with the wireless scanning it's important to say no one else drink these bottles except for me give it to render please give it to render no but in def camp dark render went to def camp important thing about that here you have that one time had def camp it's one of those there's no way that this ends well yeah just no i think what we started that yeah i just wanted to say bringing people on stage it's just not gonna end well i just wanted to say to all of you guys all the organizers all the staff here and everything because uh i started this thing back in the day yep yep and i suck at organizing so so these guys stepped up and it like to see everybody in here like this is my expectations of anything i could have ever thought to accomplish um in fact you've now got this thing down to like you know a pelkin case road show you know is amazing yeah you're keeping the whole thing going keeping it alive and this is still i mean there hasn't been a lot going on eight or two eleven lately but it's still really important stuff that gets forgotten and this is what gets you you know uh compromised so it matters and yeah thank you thank you bless you fuck you too raise your antenna to the sky