 Good morning. Can you hear me? Yeah, okay. Good morning. I'm Thorne. This is the church of the Wi-Fi wireless extravaganza. I want to welcome you all here. It's great to be back at DEFCON. Thank you for being relatively sober. Yeah, we're not going to do any jokes this morning, because we figure having you guys here for the first talk early in the morning is a bad enough joke as it is. But we're all happy to see you here. I'm going to start off a little bit about the church. We're going to talk about some of our current projects. We hope it's going to be informative and entertaining for you. The panel today is myself. I'm Thorne, as I said. We also have the Prez 98 and the infamous Canadian hacker render man. Thank you. So a kind of a question that I asked a lot is who are the church of the Wi-Fi and what are we? Are we pirates? Are we pirates or ninjas? Are we pirates with stealthy ninja skills? Are we ninjas that go arg? So one answer is really that we're kind of a collective, a church, if you will, of where we do some wireless and Wi-Fi voodoo. The other answer is, of course, that we're a bunch of code monkeys that wear pulp hats. Kind of like that. Any resemblance, by the way, to the panel this morning to that picture, is purely coincidental. So the church as a group has a website that basically this is what we really do. We do projects mainly around wireless stuff. If you're here, I assume you've probably heard a little bit about some of our projects in the past. We're going to talk a little bit about those today. We're also going to talk about some of the newer ones. But if you go to the main site, there's currently over 50 projects that are all wireless. They're all in varying amounts of detail. They all kind of depend on what your skill level is, how well you might do with them. But they range from beginner to really hardcore stuff on there. And this is just kind of a real brief overview of what it was as of about a week and a half, two weeks ago, what the site looked like. It's probably changed since then because there's new ones going on all the time. Also regarding your skill level, if you're going to tackle some of these things, some of them are really, really simple and some of them you have to have two propellers on your beanie. It gets pretty bad. But they are all over the place and anybody is welcome to come in there and take a look around. Absolutely. The first thing I want to talk about is our big project for this year. But I've got to take a step back before I talk about that. And I got to talk about last year's DEF CON. Last year at DEF CON, I was putting on the wireless contest and I had a little bit of a problem. And this is the problem. This is actually this year's contest, or one portion of it. But this is the problem. People would look at this kind of thing and they would go, oh my God, I don't have the skills. So we only had like two teams competing last year. So they'd say, I don't have any skills. And we'd say, why don't you compete? I don't have any skills. They'd get the Napoleon Dynamite answer. No skills. I don't have any computer skills. And girls only want guys with skills. So we said, how are we going to get people to come out here and have skills? So we took our look around and we talked amongst ourselves. And this guy, Converge, are you here? Are you still in the PDs? I guess he's hiding. I think the PD still hasn't from the cookout last night. The talk to the barbecue. But Converge kind of summed it up very nicely. He said, I care about demonstrating and inciting a hacker attitude towards my fellow of 10Ds. And we came up with the concept of learning and touching equals doing this stuff. Not touching each other. Yeah, touching the equipment, not each other. So we're going to, this year, in looking around, we said, what can we do to teach this stuff and to get people the skills that they need? So we took a look around and we said our friend lost, had run a really exciting hardware session last year, some nice breakout sessions on robotics and stuff. We took a look at what was going on with the lockpick village. So we said, what we want to do is we want to provide an area to do those kinds of things for wireless skills. And so we want to provide breakout sessions, we want to have some tutorials, all that kind of stuff. Again, the whole concept of learn plus touching equals doing it. So what we came up with is this year's big project. And that is the DEF CON 15 wireless village. And we hope it's going to be up in Skybox 209. We are hoping that every one of you will at least come in and say hello and stop by and hopefully learn some stuff. We've got a whole bunch of subjects that are going to be covered. This is just a couple of them. I'm going to be doing some stuff on RFID. Squidley 1 is going to be doing some stuff on wireless hacking for PlayStation portables. Render is going to be doing some stuff on talking about direction finding. We've just got a whole bunch of stuff that's going to be covered. And we really hope that you'll come by and learn something, or at least if you've got someone that's here that's in a different talk and they don't know about some of this stuff, they're talking about perhaps competing in the wireless contest, that we would send them over, learn something. Hopefully we'll get some more people competing this year. So it's just, yeah, again, some more stuff on regarding what we're going to be teaching up there, the wireless technology is doing the breakout sessions. Again, that's where we're going to be up in Skybox 209. And we've even got a limited, a very limited amount of those really cool stickers that look just like that. So if you're not cool and you don't have one of these on your laptop, you should definitely come up and at least try and own a sticker. Now, because of this, we're integrating the wireless contest this year with the wireless village. And so, again, the whole idea of learning plus teaching equals doing this stuff, that you can come upstairs, learn a skill in a session, and then go out and actually compete. All right, enough about that. Some of the other projects. This is kind of one of an infamous one that we came up with last year. And this is the WPA rainbow tables. I think probably some of you have heard about these. They've been talked about a little bit nationally. We came up with a concept last year of this is actually, he and I talking. He and I talking on the phone is like a really bad idea, because we think about these things. And we say, what if we did, hmm, and all of a sudden something starts rolling. So we were talking about a year ago, a little, actually a little over a year ago, and we said, if we put together some sort of rainbow table, would that work? And at first we said, no, it won't work, because there's a couple of different things. And then we talked to some friends who said, yeah, it would definitely work if you did A, B, and C. So after a lot of futzing around, a lot of trial and error, a lot of error on error, we finally produced the first rainbow table for WPA. And it was 172,000 passwords that were in a dictionary. They were run against the 1,000 most common SSIDs. That resulted in a 7 gigabyte rainbow table. And it was kind of popular. We've had a lot of downloads. The Shmoo has been very kind in hosting it for us. So we said, well, can we top that this year? So render a track down some more passwords. Quite a few more. This year we have run 1 million of the most common passwords against, again, the most common SSIDs, 1,000 of those. And we have yielded a table of 35 gigabytes. You're going to have to use BitTorrent to download this sucker. Or come to the village. Or come to the village. Yeah, come up to the village. We will have them available. But it takes a while to get them. Even on BitTorrent, this will run you about a week and a half to download on a continuous download. But we are able to now use these tables to crack an amazing amount of passwords. And on average, you can run these about a minute to two to three minutes and crack most passwords on common SSIDs. This is a real good tool if you're doing any kind of wireless security work and people say, oh, I've got the best password in the world that's locking down my thing using WPA. You can walk in and probably break it if it's any kind of dictionary word. And even some of the more common ones where they stick a 1 in the middle of the word. Those kinds of things. Very easy to break it now with a password. Again, the idea behind this is to get people to use secure passwords with secure passwords. You can use up to 64 letters on WPA and most people are using, you know, their first name or something. So we're getting bigger and better, folks. By the way, one comment about this, a lot of people have asked, well, what if they've got something that's really uncommon and they want to check and see how long it can break it? There is a package out there that you can generate your own rainbow, your own table for a single SSID using the standard million passwords. And it's called Gen, yeah, G-E-N-P-M-K. It's included in the package for Cow Patty. And it takes about 30 minutes on average to generate your own table for a given SSID against those million passwords. That is roughly a two-to-one trade-off on any SSID or the more common ones, because it will usually take about 60 minutes using just Cow Patty in the native format to break it. So you can usually do it block quicker using the rainbow. The question was about 30 minutes on what kind of processor, and that's what, a 1.5, 2 gig? Yeah. 1.8. To 2 gig machine, you'll run about 30 minutes. Okay, the other big project that has garnered some attention already is our own distro. Now right off the bat, I want to tell you people this is not our own in the normal sense that we built this thing from the ground up. We did not. This is based on Backtrack 2. We have permission from the kind folks at Backtrack. We told them what we want to do. He said run with it. So what we did was we have come up with a way to produce a bootable USB disk that you can plug into any bootable computer, USB bootable computer, and you can boot it into a Backtrack mode and it will come up with its own tables ready for cracking against Cow Patty. This is just an excellent tool. If you don't want to install Backtrack on your own PC, you don't want to necessarily carry around the separate CD and then try and bring it in the tables in a drive, which can get a little unwieldy. This will actually allow you to plug it into any laptop, boot it up, and away you go. And you can be doing wireless checks inside of, well, two minutes for the boot. We're advocating using a 100 gig table or 100 gig drive so you can get 35 megabyte tables on there and that will allow you to then have plenty of other room if you want to put standard rainbow tables on there or whatever you're going to be doing. But this is it right here. This is model number one or model number two depending on how you look at it. I got to tell you two folks, we had asked this back in January that we were going to be doing this and we started creating the first ones back in February and we couldn't do it. We ran into an enormous amount of problems getting this sucker to work so much so that model two and model one were produced last weekend finally. But we do have it now. We know all the secrets to getting it to work properly and we will have it written up and on the site. I'm hoping within about two weeks, three weeks, something like that. The steps are complicated. They're not particularly hard to do and you can do it in about a half hour or so to an hour. It's just that you have to do the steps in the right order and you have to do it properly or the thing won't work. And I got to hand out mad props to the guys down at the backtrack forums because some of them figured out exactly where we were going wrong and said, oh yeah, you just got to flip this switch or put this bit in the spot and get it to work. But it finally did work and we're happy to announce that it is working. We were afraid we were going to get up here today and say, well, it's not quite there. But it does work and if you want to see it working, we're going to have it up in the village. I'm just going to talk about a couple other projects that I was involved in and then Mike and Render are going to talk about their stuff, too. The first smaller project that I personally worked on was called the unconventional LAN. This one is up in fact on the website. I got it up a couple of weeks ago. What this is, it allows us to set up a functioning wireless LAN at any convention. I've done it now at three or four different cons. It's kind of a great tool for distributing software. I kind of came up with this idea because of the original 7-gig tables, I got tired of carrying around empty CDs and DVDs, and it was just not working. So that's what it looks like right there. It's a WRT-54, a Linksys NSLU unit, and a hard drive. You can have a functioning wireless LAN anywhere. It's packageable in a nice little pelican case. It actually makes it through the TSA without any problems. Yeah, it's a nice feature, and it only weighs about 18 pounds. Another project that we've been working on, this one has been somewhat successful. It's called Project Mutton, and this is a wireless setup and run box of shame, or allows you to have your own wall of shame. We found out that Linksys had produced a unit called a WPG12, and it's kind of an odd ball in the Linksys world because it was actually an I386 processor single board computer, as opposed to most of their other ones, which are specialized microcomputers. It looks like a WAP series unit, but it's not. It was actually designed to be a presentation unit. It runs Linux. It runs anything that will run on a 386 series processor. That's the actual unit right there. It comes with that funky remote control, which is actually a wireless mouse and integrated laser pointer. It is designed originally to do presentations like this. You get up and you can just click the thing, and there's a cursor that will move around everything. But in playing with it, we found that we could actually get Linux. It was running a native form of Linux. We've tried to get a couple of things going on it, and it's working fairly well. We just haven't gotten all the scripts going completely. IronGeek, I don't know if he's here or not, but he supplied the original Wallashame script, which is on his site, and it's real neat. It works real well. We're just having problems getting some of the other packages up and running. But it is getting there, and hopefully that will be up, I'm hoping, within another month or two on the Kaufig site. Okay, this is another one. This is a Stealth's file server. This is basically the same kind of idea as the unconventional LAN, but what it is, is it goes in a camera bag, and you can carry around a wireless LAN that you can switch between infrastructure and ad hoc mode. You can distribute files without having anything happen to it. It will just sit there and distribute files all day long. We built this one just because people were saying, can you actually build it? I'm not big into sharing a lot of music files and so forth, but I know a lot of people that are, and it was suggested that this kind of thing may be the David versus the RIA's Goliath. I'm not sure about that, but it can be done. The nice thing about this is it uses the game adapter, and that gives you a single switching capability. The file project is called Rolling Thunder, and I built this one for myself, basically. This one is the same kind of thing. It's made to be portable, and it will run out of a car. I use this one personally. That way I can distribute files from my car as I need them on client sites. Yes, it does use file encryption. There's the whole package right there, packed up right ago. Thank you very much. I'm done with my portion of it, and now we've got something completely different. We have the Prez 98. Good morning. I want to talk about three things. First, I want to talk about the wireless contests. The overall wireless contest is broken up into five subcontests. The picture that you saw earlier right in the beginning with the stacked up WRTs, that's a tower challenge. It's going to be a multi-level contest. They're still working on getting that set up today, but we expect by later today or tomorrow that that should be running. That's going to be a weekend long thing. The other contests are more time-based. WPA cracking will be this afternoon. Web cracking and direction finding contests will be tomorrow, and then on Sunday we'll have an RFID locating contest. If you're interested in participating, you don't necessarily have to participate in all the contests. If there's one thing you're interested in, or if there's something you want to learn, please go ahead and come up. In addition to the contests, we're having those breakout mini-sessions before the contest. If you don't know anything about RFID and you want to learn about it, you can come up and learn about it and then participate in the contest if you want. I want to talk about two different projects. One, unfortunately, that we don't have here. One of our members, Barry, lives in North Pole, Alaska. It was a little difficult for him to get down here, and we tried to set up something like a teleconference, but they don't have good cell coverage up there for some reason. Barry's The Box is a Janice-style portable computer project that he made for wireless surveys. He had this idea, or he was kind of going off the Janice concept, and he basically wanted to see what he could come up with. Here's the specs. I'm not going to read through them, but just to give you an idea of what he put on there. Here's a picture of it. It's basically just a Pelican-type case. He's got Ubuntu running on it. He's got about eight different wireless car or wireless connectors there. I asked him, why did he build this thing? He said, well, because I could. It's kind of one of those, something he was interested in doing and a project that he built. Unfortunately, like I said, he couldn't be here, but we just wanted to give him some props for the project that he built and just to kind of demonstrate that. The second thing that I want to talk about is not one of our projects, but I think it's something that we thought, collectively, was a really cool project to talk about. This is called the Traveling Terabright Project. This was introduced last year at DEFCON by our friend Deviant. This is a project that we kind of thought, wow, this is something that, while it's not necessarily a wireless project and while it's not necessarily one of our projects, this is something we really want the community to know about because this really embodies the kind of community that we are. This was conceived by Deviant in June of 2006. He had ordered a couple hard drives for a client and found that they were a good price, so he ordered a couple more. The project is basically two 500-gigabyte external hard drives. The green case up here in front of Thorne is the package. It's in a green Pelican case. It's got power adapters, power converters, USB, fire wire. The main idea for this project was to be able to take this case and send it to somebody who may not be in an area where there's a lot of connectivity or a lot of content, like in Iraq, Afghanistan, that sort of thing, to be able to share con talks, video, music, movies, all that sort of stuff with someone who doesn't really have the bandwidth or the capability in a remote location to do that. So this was kind of the project that was introduced at last year's DEF CON. Debuted last year and his project has already been called an urban legend. This was one of our friends. AST Cell was in the Middle East and one of his bosses had heard about the project but thought it was just some myth that was going around, but this is actually something that's taken place. Here's the project's first owner displayed last year at DEF CON. Is AST Cell here? There he is. Here's the first owner of the project looking very scary in his army uniform. He took the project from Las Vegas to Tampa where he was working at SENTCOM and then he sent the project to me when I was in Iraq. I was in Ashraf, Iraq, which is about 50 miles northeast of Baghdad and it really is the middle of nowhere. I really had no... This is my desk here that I was working off of and not much connectivity, pretty bored during the day. I got this project that had all sorts of cool things on it. I had a lot of space to copy stuff on and contribute as well. By October, a second set of drives had been unveiled. This is the second case over here and you can see in the picture here that basically all the pieces and components of this thing put together. Traveling Terabyte 1, I looked through the logs. It's been throughout the continental U.S. as well as Iraq and Kuwait and I've estimated up until now it's traveled just about 25,000 miles so basically around the globe in excess of one time so that's pretty cool. If you're more interested in this project there's the link there for the homepage, Deviance page on the Traveling Terabyte project. There's also a thread on the DEF CON forums that talks about the history of this project and then there's been some news releases about this project. Like I said, not one of our projects but something that we really wanted to mention as something that's really indicative of the way this community should be. A whole bunch of people had ideas and contributed to this project and now it's benefiting people that maybe don't have the resources to get this sort of material. This is my shameless self-promotion slide. Like we talked about, please check out the village up in the skybox. We're going to start up probably around noon today. We'll be running the entire weekend. Check out the contest. I'm giving a talk tomorrow night called the Hacking Iraq. We're going to be in speaking area one and then I'm getting out of the Navy so if you're interested in hiring somebody I'm looking for a job. Okay, so it's my turn now. Basically for the last couple of years I've been the main mouthpiece for the church of Wi-Fi so I figured I'd give these guys a shot to save a few things and make my life a little easier. I just want to start off with sort of a comment. I've been with this community since at least 99. I went to DEF CON 7, that was my first one, I've been going ever since and the community has changed. I mean everything evolves, it's going to happen but it just seems like some of the good old-day things are gone. People are now hacking because they're getting paid, not necessarily because they're just, because they should. Nobody ever talks anymore. Prime example, like you look at something like the iPhone comes out and the sheer amount of attention and effort from all of the corners of the globe trying to get apps on this thing and just make Apple's life miserable but just the sheer amount of effort and community that just exploded around this project. You don't see that as much as you used to and it's kind of a shame. A lot of it seems to be with people who have grown up, gotten jobs in Infosec and, you know, hey, you're under NDAs, I can understand that. Hey, I'm looking for a job myself, so if somebody wants to hire me, please. But we need to talk to each other more. There's going to be an example later on where our group and two vendors, major wireless vendors, end up recreating the exact same work three times. So how much effort have we wasted? It just seems to me like, okay, yeah, you can have your NDAs, you can have your tight little confined research and development departments but if there's something that's really cool in there and your company's not interested, don't let it die. Say, okay, we're not interested in developing this, let your developers talk to their friends, let them pass it out back to actually see the light of day, give it to people who actually can make something happen with it. So as Thorne was talking about the site earlier, we're actually going to be changing the site quite drastically here in the very new future. It's been complained that we have this sort of evil look and in all honesty, we never expected things to take off as quickly as they had so we never expected people to take us as seriously as they have. So we want to get a little bit away from that. It's basically still going to be talking about the joys of wireless and how many interesting projects there are and it's not a dead field by any stretch of the imagination despite what anybody might say. There's a lot of good research to be done. It'll hopefully be easier to navigate, easier to maintain for us. Another complaint is that it's really hard to link to but basically it's all tongue-in-cheek. We're not trying to be offensive to everybody. Actually, we are trying to be offensive to everybody. All right, and part and parcel of that redesign is we're going to go through and you create the church of Wi-Fi confessional. A church has to have a confessional. So basically, this started out as an idea of security has to be right every time where the bad guys only have to be right once. Well, you can have all the best intentions in the world. We're all human in this room. Most of us are human in this room, but we're all trained security people for the most part. We know something about what we're doing, but we make mistakes and a prime example of that is I hope they don't throw something heavy at me is core security. At Shmukan this year, I was standing