 Hello. It's 1pm now and you're sitting in room 5. So if you have read the schedule right, that means you're in the KS VPN CTF Gaming Network talk. So I'd like to get some information about the audience first. So who of you is involved in a hackerspace? Who of you is involved in CTF gaming? That's a bit less, but also interesting. Okay. And who of you has experience with network? Good. Okay. This talk is about KS VPN CTF Gaming Network. Who we are? Rude. This is Jens Mücker. He's an open WRT developer. He codes for his daytime job. And he has written a lot of the codes we need to write. Then we have virus. He's with DC949. He did the OCDF or worked with the OCDF 1-5. He's a layer one that needs to be mentioned. I don't want to read all the slides. You can read that. Yeah. He's one of the co-founders at Null Space Labs and did some other interesting things, especially regarding CTF capture the flag network hacking networks. Then we have Eric Tafes. He's from the KS computer club Darmstadt. He studied computer science. He's working at the TU Darmstadt now and is interested in cryptography, crypt analysis and stuff like that. You might know his software to break WEP in less than 60 seconds. Oh, yeah. And then there's me. I'm from the KS computer club Hamburg. I'm an administrator for the daytime job. I played a lot CTF with the University of Darmstadt. For example, USP CTF. Some of you might know Cypher and DA Open. Together with some people I co-hosted the CCC CTFs and I like to travel hacker spaces and have some friends around the world in different hacker spaces which I'd like to communicate to. Any questions for the speakers? So I will explain how we got to all of this. So has anyone of you been on hackers at random? Some? C2 or 3? Hackers at random is a Dutch camp. Hackers camp in usually the swamps somewhere. This time it wasn't too bad. We talked a lot about that. It is a problem to communicate on the network between the different hacker spaces. Also we wanted to play CTF and we were playing CTFs. But hosting a CTF is a lot of work. Most of this work is the same work all over again. It's the network setup. So there was an idea born. We wanted to play CTFs in our rooms. Most of us had hacker spaces. And this required a VPN setup. And to reduce the work on that we decided to make this VPN setup permanent. Or wanted to have that permanent. If you don't have to set it up all over again that saves a lot of work by doing a CTF. And you can understand that if you do a CTF which is a lot of work you want to reduce the things that you have to do all over again which is not too interesting. Like it's interesting to write a service but it's not too interesting to set up the network again and again and again. KS VPN. We'll explain that. Fulfilled most of the requirements somehow but not all of them. And with KS VPN we had a lot of experience with that software and with Tink. So we needed to redo KS VPN. Okay. I think at this point I should explain KS VPN. KS VPN at that point was a meshed VPN that's used to host the Chaos phone which is the asterisk phone service the Chaos computer club has among their spread hacker spaces. So we have a big asterisk system and we used Tink and some power code on some DB unboxers to connect them all of them together. And to have a phone system within that because you can understand that we would like to have a phone where well just we are listening. Okay. The other involvement on the idea we need to talk on the 2063. We kind of leaving the shadow like telling people what we are doing and we are planning to do. The things done there was the rewrite of the code to see we'll explain the reasons after that. And we got a lot of people, a lot of more people involved in that. So the idea. We wanted to have privacy on the network. I'll show you don't want to have your internet access provider and his deep packet inspection looking directly in your packets all the time. Also with the times that providers for example fake DNS and other stuff which just leaks out a lot of information of the web pages that people use in the hacker spaces. We want to get more of that private. And especially the thing we wanted to get private is the traffic between the hacker space. Well there was very few between those but we wanted to have if we have private traffic between that private. The community that all was to connect the hacker spaces and our friends and the whole hacker space thingy and to play war zone. But the first step was to redo this network and then use this network to play war zone on that. The availability was a problem. We want to have a set up that is really robust and has a solid up time. So a lot of those VPN installation in the hacker spaces have the problem that they are. You might know that. Working somehow. We wanted to avoid that. Well speed if you do, you don't want to be limited by the VPN stuff. We wanted to have fast network. For sure there's some FTP and other data transfer maybe later going on. And also with speed comes the latency. If you want to do CTF and especially if you want to do VoIP you need no low latency. It should be easy to use. So maintenance not very complicated and neighborly join your friends, block your enemies. So what we came up basically was a mesh based encrypted and authenticated private network that administrates itself. All going to explain that. Meshed. The meshed thing is the biggest difference compared to most VPN installation. And meshed everybody is communicating with everybody. So if you have set up tunnels and you have two spaces you need one tunnel. If you set up a system between three spaces you need three tunnels. You will see that this in the end scales with O equals N square. So Tink defines end points and not tunnels. This just is N. So scales way better. The latency is better if all the hacker spaces just communicate to each other and not over certain routing hops. You get a high bandwidth because you're just limited between those two connections and the connection in between but you're not limited for example on the speed of some root hops. We don't have a single point of failure in there on the network base. So if any node can die and just this node will be off the network, not the whole network. And very important nobody will see the traffic from other people in the default configuration. If you want to you can also fuck up this one. But it's pretty hard. Any questions on that? Encrypted and authenticated? Well this is easy. You should want to have strong encryption that people who may be able to tap the line will not be able to do it while tapping the line. And also we want to mask the traffic details. So somebody tapping the line cannot easily see what is going on there. You can do statistics over encrypted traffic and guess what's going on there. But well I think you know all that. It's just better this way. And audit authentication we want to know who are talking to for sure. Private network is clear. We want to have the private network to connect all this. Administrates itself. That is an important point because this is the reasons that some earlier tries to set up a network between hackers bases and stuff like this went down. That basically means if a node joins the network no other node should need to do something. Think for example that all those mesh base approaches in before had the problem that if somebody joins the network every administrator has to touch his contract files. Which sucks and does not work as you know that. And if you go over some time zones this will just not be very good. So the problem of Tink is keep the conflict in zinc. And if you have a problem that can be solved with writing a program write it. So we did. Yeah. This was the network based around the case VPN before who mostly run the VoIP of the CCC. Had seven years of uptime. I think that's a pretty good uptime. Lesson learned from the first version from the network. You sometimes in Tink have the problem that some administrator by mistake. This happens more often. Or somebody who will try to annoy you announces a wrong network. And that is hard to get rid of. To explain that a bit if you have a wrong network in your mesh cloud which is slash 24 you can announce to slash 25. This is more precise and then you can take over the information again. But this does not work with the slash 32 obviously. And we had some important servers with the slash 32 in the network. Also Paul was required and if you want to put this on an embedded device. And our idea was to have it on an embedded device. If you put Paul on an embedded device there's not a lot of space left in this embedded device usually. So the software. Yeah, Wacom I hope you don't have a hangover from the party last night. So now it's a little more technical. So basically we had these awesome software called Tink which do all the VPN but we had to do something for the configuration to get that in a good state running. Basically what our software is doing is it wraps around Tink. Provide a tone device which is needed for Tink. Read the local config file and knows what it has to do like which address it has to download the config. So it fetch the network config so it knows about all hosts and where it has to connect to which p address and that stuff. And then it creates the config file for Tink with all the host files, all the up and down scripted all that is needed for Tink to run the network. And at the end it started. That's basically it. We do it rewrite. So the first version was done in Perl because it's easy to write it in Perl and it works pretty good except some mistakes my try already told. We decided to do rewrite and see more about that later. And I really want to thank Higa and HC for taking that software with me because it wasn't only me that did that part. So the network file. So your local network file contains a public key and a P range for that part you're using to get all the notes that downloads that file from a specific URL which is in your config. Why are we doing that? So we have a solution that can provide more than one network. So we did it for Warzone, KS VPN, it's more known as a Google link here. And if you like to do your own network, you can do it easily. Portability. This was very, very important for us. So this is one of the reasons we do a rewrite and see. It now compiles on every major system. We're looking for more. Special thanks for the first compile under Windows. I'm not very much into that part. And we really strongly suggest to put it on embedded devices. And this was the main reason we did that part in C because you don't want to run Perl on an embedded device like a little router. After we did the rewrite from Perl in C to the 26G3, we added some new feature to make it more comfortable. One of these features is we have these restart functions that it restarts to things in a specific interval. You can define in your config. And these interval means it checks if there's a new config available. So it requests the HTTBC for the config. And if it gets a 304 response, it knows, okay, I didn't have to change anything. So I also didn't have to restart the thing to get the new config. We added an archive support which means we didn't have to download each host file. We can download one file and get an archive which includes all the host configuration, the main configuration, all the things you needed. And we also added some signing and encryption, more about that later by Eric, to get a more encrypted part. It also provides HTTPS, but this is different crypto. We didn't want to use it for that. And all that stuff is in around 4,700 lines of code, so it's not that much. We tried to get rid of most of the dependencies because you can build it on more systems when you have less dependencies. We are still backward compatible, which is the reason why we have this strange config file at the moment. So it's written in Perl style. Sorry for that. But you still can use an old config file with the new software. The only thing is we added new features, so we have to add new config entries, but we said proper default values, so if you don't define that values, there's a default value for that. To make it a little bit more running on all devices, especially embedded devices, we provide a lot of images and archives for all Linux. I think we also will provide a Windows download pretty soon. But most people put it on these little devices for Nero 2.0. This photo is actually from Null Space, DC 949. Just Null Space. We got the experience that these devices running pretty good. They are very stable. They are less power consumption. So especially in Europe, energy is much more expensive than it is here. So we care about energy consumption. So we really suggest we let it run on better devices. You make it ready. It's running. You didn't touch it anymore and it's running for years. Another reason is to buy these little embedded devices that are not that expensive. You can get one for 20 bucks. If you want to have a proper one, you can get one for 100 bucks. You can also put an MP3 player on it. It's basically, it's a run device. It's not a PC where other people get their fingers on installing new software and it's not running anymore. And it's really much more energy efficient. A computer is like 50 bucks a month in power. And these devices like 5 bucks in power a year. So in Europe for that. I'm not so much into the crypto part. So I really think that Eric is here and I give over to him. Thank you. So hello. I'm Eric and I'm here to talk about the crypto part of KSVPN. So usually when you write software, you will usually either, you will usually notice very soon when you have done something wrong because the software starts crashing. Except if you have a security problem or you have a crypto problem, then this won't be noticed for a long time. So in KSVPN, every participant in the network owns an RSA key pair, which means that you have a private key or you are the only owner of that key and with the private key you can decrypt some messages, but you are, well, but you're the only one who can decrypt that. And every other participant in the network has a public key, knows your public key and he will be able to encrypt messages for you, but he will not be able to decrypt messages for you. The KSVPN client connects to a server and downloads an encrypted and signed configuration file for KSVPN, which is encrypted only for you and it's signed. So after you've downloaded it, you can decrypt it and then check that nobody has altered the file on the server or during the transmission. So you know that this file is authentic. After the file has been decrypted and verified, the client generates a Tink configuration and starts Tink and Tink can now establish connections with all other nodes in the network and it can authenticate these other nodes using their RSA public keys. So when two nodes connect, they do an RSA key exchange to establish a session key and after they have a session they can exchange packets and these packets are encrypted using Blofish by default and they are protected with a sharp one HMIC so that nobody can alter these packets. So far that's reasonably well crypto in KSVPN. There are currently some weak points, that means that you can still improve that crypto part. So so far the configuration is distributed over a central server, which is not so good. You would like to have that on multiple servers. However, if the primary server here fails and this network still stays up, so the network can run for hours, days, a week, even without the central server. The only thing which does not work is that you cannot update your network configuration anymore if the central server is down. Currently I think there are replay or downgrade attacks possible. So an attacker could not really alter your network configuration but he could give you an old network configuration even if there is a new configuration already out there. Or with KSVPN it's possible to route packets indirectly between two nodes. So if you have two KSVPN nodes all behind a nut gateway, they might not be able to communicate directly. In this case you can route traffic indirectly. So far KSVPN does not reuse standard formats for crypto like IPsec, ESP or AHA to encrypt and protect the packets. But this could be added in a later version. And currently we don't have perfect for secrecy in the network. This means if you have a KSVPN node running now and one year later somebody is able to recover your private key, then you will be able to decrypt your past traffic. Or in the future we would like to have more administrations for the configuration and more distribution points for the configuration. Even a decentralized distribution of the configuration would be nice. And we would also like to give participants of the network more choices in who they trust. So currently they trust a central configuration but you can extend that to a kind of PGP or GBG like web of trust so that every participant can select certain nodes in the network he trusts and some nodes in the network he doesn't trust so much. And we would like to have indirect routed traffic in the network which is only decryptable by the final destination. So that you can route traffic between two nodes who cannot see each other because they are firewalled or whatever with the assistance of a third node who will be able to pass this traffic through but he won't be able to decrypt the traffic. Okay. Next question will be done by McFly. Any questions for the crypto part? Or it works so far it works reasonably well. Okay the question was how good does blowfish work on these tiny devices like embedded access points and the answer is so far it works reliably well but this is a configuration option so blowfish is a default but you can extend that to another, you can change that to another algorithm. So for example, some of the small devices have accelerators for the AS encryption algorithm because WPA uses AS to encrypt packets and if you change that to AS you will more likely get performance boost. We have chosen the FANERA 2.0N as well reference design because this is fast enough to host most available broadcast connections you will have a hacker spaces or spaces where people hang around. Like they can solve up to around 20 to 30 embedded downstream and upstream equals. So I think that's not too bad. If you have a bigger connection like if you're in a university or stuff like that you'll possibly want to use different hardware for that. That is true. Also if you want to do some host servers don't put an embedded device in front of it to do the crypto if you have like a gigoo bit internet speed. Then you will just need a bigger computer where you can install free BSD or open BSD or DBN for example or ARCLY notes whatever you want on that. And if you want to play around with the code and the compilers you can also install Windows or Mac OS X on it. More free questions for the crypto part? Okay so I'll hand over to McFly. So I'll just shortly explain what the general status of the case VPN is at the moment. And then we will go over to war zone which is the second implementation. This is for the playing of CTFs. Like you remember from the beginning our idea was to build up a network to play CTFs. But for this we decided to redo the chaos VPN first which connects hacker spaces. And you will see what we use there. And yeah it's starting to get used for CTF stuff. So general status is the life, the network works, more and more hacker spaces are joining, IP ranges are compatible with some other networks and some peers to DN42 which is another VPN exists. Those are for example a list of some hacker spaces involved. Like well I don't really down all of them. Those are more or less a lot of the bigger and older ones. The maybe more interesting thing is what is up on the network. So we have a DNS up there, voice over IP is used very much but that can just be it. So for example one of the first things to have an additional use of the network is a rainbow table hash look up system. Some of you might know Ben codes and has read his Twitter feed today in the morning that he just upgraded that to a new version. There's a box maintained by him on this network which is just for the network and pretty fast. I think if you want to try that out you will find out that you get most of the hashes. I think we are at 10 or 11 keys and all keys available on the German, American and English keyboard for MD5 and a word book for MD5 and the whole line manager stuff and that. We are working on a decked rainbow table look up service there. ISC and Java servers are in that network. You will find hack and IC servers in there. This is also a commonly used IC network among CCC. The official CCC Java server has a lag in there. FTP CCC is there so you can download stuff without people seeing what you are downloading there. We are making high performance computing available there. Some people had just too many ATI and NVIDIA graphics cards and decided to get them together because they are very useful when it comes to the point, some points upstairs rainbow table. We kind of cloned computing. We can stream multimedia events so if you have a talk in a hacker space you can just stream that to a different hacker space and watch it there. The very interesting thing is you can kind of pick the nationality you go out to the traffic. If you want to you can choose proxies to become German, Dutch, American or whatever is on the KSVPN. And more stuff still not mentioned and working here. But I think a lot of you are interested in the CDF and now we will come to see the CDF with the virus. I apologize in advance for sounding like a dead frog. I'm still voices recovering from last night. I forgot to move that picture. So the war zone is more or less a copy of the original KSVPN slash agoralink network. It's just another spun up instance of the same thing. Used for an entirely different purpose. The agoralink KSVPN network is designed to be just universities, hacker spaces, people learning all the time, people mirroring talks between one space or another, the VPN tunnels that we would test beta software on, VoIP channels for people to call back and forth in the middle of the talk. Maybe there's a talk going on at PS1 that somebody in New York really wants to watch and they want to ask questions and stuff like that. War zone is just all pain all the time. The idea is to build this entirely isolated no men's land of data where each node gets its own little chunk of the network to host whatever game they want to host. We come up with a loosely adapted global scoring system and people just lay into each other. So if it's on that network, it's hostile. So war zone is like agoralink but evil. The idea is right now for the most part, the concept of a CTF or challenges that are very similar, most of the time are relegated to a conference setting. You either go to a camp or you go to a con. There's only so many games you can run because you only have a certain amount of time. Moving hardware around the world is expensive. So sometimes there are types of challenges that aren't accessible. A lot of the offline challenges that people play like root wars are kind of niche and very tiny and there's no scoring linking. So there are built in limitations to playing these kinds of games in a conference setting. So the idea of the war zone is to give this other space where anybody with an idea or with a contest concept can host these ideas all the time, hopefully so that there's some more freedom for more exotic challenges at some of the conferences. So the targeted groups for people playing on it, obviously Hacker Space is kind of the point. University groups, security research groups, anybody who's just looking for an ever present, ever evolving CTS style challenge, constant brain teachers. So the layout of the network is each node on the war zone is given a slash 24. And the dot one of that slash 24 is your info page. Or basically, if you're on a node and you decide you want to go play somebody's game, you look up the giant directory and go, oh, it's PS1 hosting some game. I'm going to go talk to them. So you go to their dot one and there's this web page that has all of the services that they're hosting and how to play and how to score and all the ins and outs of whatever their challenge may be. And the idea is that this dot one, whatever the gateway is not this is the only part of each node that's not malicious. This is the portion where you find out how to play and not the portion that attacks you. And there are rules obviously. I'm not going to go over these particularly because we're still kind of forming how this is going to work. And there'll be a more permanent fixture. But the idea is basically anything goes as long as you don't attack the hosting network itself. Whether it be botnet challenges, people hosting web stuff for you know, you can log in and elevate credentials. And no space we're actually talking about a project where we'll take live malware and defang it but leave the infectious portions and high T's in them and let people download them and try to launch them to each other. Anything goes as long as you're not stopping other people from playing. That's the spirit of the rules. Yeah, that's, you want to give the fly. Thanks. Okay, there's some guys we need to you say thank you for that. No, first of all, any questions regarding the CTF stuff? You don't have a lot of questions today. Does it, is that connected to the Ninja party last night? Okay. We need to say thank you to several people. One of them was Higa who has built up the, an idea of this, of the VPN for the phone system years ago. Goose who's the developer of Ting. He pretty much likes our hacker spaces and Ting development is done at the moment together with us. You have seen some wishes for the future. Eric Michaud is one of the Americans who kept the pressure and open fly who's doing the images for, for example, for the Phanera. And a lot of other people who helped to contribute in the code and stuff like that. Yes. And we have a wiki where we contact all this information. This wiki is the Hamburg CCC wiki and if you enter KS VPN and Google it will directly get you there. The source is that GitHub. So if you want to have a look at what we're doing, you can just do that very easy. The Ting website is ting minus VPN dot org. Yeah, usually you will find us on the hack and ISE as mentioned on the channel Pound KS VPN. Are there any questions? Two. Okay. No they're two separate networks. It's this, okay the question was if war zone and KS VPN are two different networks or if they just don't attack each other rule. There are two different networks. One of the reasons is war zone, KS VPN is only for hacker spaces while war zone is also for university and security groups and other groups of interested people. So it's different target groups, different ideas. It's just the same stuff we're using. Yes. This is not, this is just, we did it for us but it's all open source and we already have a lot of people, a lot of feedback from people who use it for their own network. I think the general idea to have a mesh network and the general requirements we have are requirements that a lot of people have to the network. This is why it's open source. There's documentation how to set it up for yourself. It's you'll just all find that on the wiki. And we have a network image from the KS VPN to give an impression of the size to, but this is, shall we just show that, yeah. Are there any more questions? Okay, let me try to find, so if you want to get involved in one or another, just as we still have some time left to come over here and we can exchange data, the most, all the information you will need is on the wiki. Just Google for KS VPN and if you want to be more detailed Google for KS VPN, CCC and Hamburg, you will find that. Yeah, there's one more question. There is a set up, there are two different networks. Do we need two different devices? The answer is no. If you use a decent computer with more than one network card, or if you use the Phonera, the switch on the Phonera access point supports VLAN so you can put KS VPN on one port network without any KS VPN at all on the second network, then you can do what on the third network and for example anything totally different on the fourth port. Ting is using this turn device so you can set up more than one tunnel, which is basically the concept behind Ting and you don't have any problems running two or more instances of Ting at the same time. It's working pretty good for me. This should be an overview of the network status at this minute. This page is generated every minute and it's a bit slow. It shows all the notes on the star of the network. Are there any more questions as this is loading? Sorry? So the question is what designates the security group on the war zone? Both networks are web after us so ask and find out. More questions? Okay. Well the star is loading very slowly as it's a very big image. We'll just keep it loading, maybe push it up. First of all, thank you for staying here and talking and listening. If you want to get involved in one or another, feel invited to just come in the front. Hey.