 Welcome to Introduction to Tamper Evident Devices. I'm Datagram, and you're probably going, who's this asshole? So I have a pretty solid background in tamper evident technologies. I just gave a two-day class earlier this week at Black Hat on this very subject. I also do a lot of non-destructive entry stuff. So I think lock picking, safe cracking, making friends with guards, and so on and so forth. I also do forensics, particularly forensic locksmithing. So determining if locks have been picked or bumped or opened with things other than a key. And like many of you, I also do computer security. And like many of you, it's also a bullshit term that I use, so we don't have to talk about it so much. I run a couple websites, such as Lockwiki, Lockpicking Forensics, and eventually Tamper Wiki will have something more than a cool splash page that I got bored and made. I'm also the leader. Am I the leader? I'm the leader of a tamper team called the Motherfucking Professionals. And for the record, if anybody is wondering why we picked that name, it's because John used to ask me, like, can we do this? And I'm like, John, please, I'm a fucking professional. So that's that. We won the tamper contest last year, which was the first ever tamper evident contest, ran by DT. And I'm proud to say that this year we've won all four levels. So what the hell are tamper evident? There's a cord here, and I'm not, Jesus. I thought this was a professional conference. OK, so what's the difference? We have terms. We all work in security. We all have retarded things that we wonder, why do people say that? Why is that on every box I buy for security products? So these three terms, tamper resistant, tamper proof, and tamper evident as a fourth pseudo term is anti-tampering. So what do those mean? So a product that's tamper resistant is actively made to deter tampering. Now what tampering is may vary depending on the product, but generally it's anything other than normal use. So for our water bottle, if we take off, thanks. I didn't realize I needed this prop, but thanks. What the fuck? So the water bottle has this little seal. So if we take the seal off and put something in the water, that'd be tampering, as long as we put it back and it looks right. Something that's tamper proof doesn't exist, but a lot of companies use the term to denote something that cannot be tampered with. And that, by definition, means every definition that you can think of for tampering would be protected against. So it's the same like saying, are these computers hack proof or whatever? So we all think that's retarded, and that's retarded. And then our last term is tamper evidence. So that's something that doesn't necessarily resist tampering, much like our water bottle, but it is determined to leave evidence of whatever methods of tampering that you did to the product. So tamper evidence itself, anything that leaves evidence. Usually, in a general sense, we say tampering is unauthorized access, alteration, or replacement. You can also use counter-fitting and so on and so forth. So why don't we just use locks, where we would use these tamper-evident products? Because locks actively prevent entry. That's their goal. Some locks are tamper-evident. They're meant to show that the lock has been opened with something other than the key. But that's not always the case. So the main thing is, is it better to prevent an attack or detect an attack? So think about that. Think about shipment of nuclear materials. Is it better to prevent someone messing with it or better to detect when someone has messed with it? Because by attempting to prevent, we assume that we'll be able to detect all of these methods by default, or that they would not happen. Tamper devices, by their very nature, that's the Yeager kicking in, they enforce you to inspect them. Because again, they're not locks. They're not resistant to tampering or physical abuse. And locks are pretty expensive by comparison. These tamper seals are just little metal or plastic things that look a lot like locks. They're essentially one-way locks. But they cost a lot less. And think of also the cost of maintaining key maintenance and key control and distributing keys and disposing of keys and all that kind of stuff. And then you also have to consider environmental considerations. Will a lock function in this environment? Will it get jammed up? Will I have to replace the keys? Will I have to re-pin the lock? So on and so forth. So who uses tamper-evident devices? The answer is all of us. We just may not think of them as such. So food and drug packaging, again, are from the water bottle. Blackout, I took the fire extinguisher from the room and I put it on stage and I got really mad about it. But those all have tamper seals on them. They inspect them or do whatever they do for the US Fire Marshal. And then they reseal them to show that it's been inspected and so on and so forth. A lot of drugs, pharmaceuticals, Tylenol, everything, that kind of stuff all have little tamper seals on them. So that when you buy the bottle, you open the box, you take off the shrink wrap, you open the bottle, all that kind of stuff. All are little tamper-indicating devices so we can tell if our pills have been screwed with. Pretty much everything, warranty protection, all of our DVD players and electronics like that usually have a little tamper sticker to determine when we've opened the case. The customs, Border Patrol use these a lot to secure cargo shipments and other kind of stuff. And then also think about confidentiality. So how do you determine, if I send a letter to you, how do you know I sent it or it wasn't modified and route? It's easy with digital stuff, easier, but it's a lot harder with physical things, because we have to inspect them and then how far are you willing to go to inspect them to ensure that that's the real deal. We also use them a lot for international stuff and government level, three letter agency level kind of stuff. So for example, nuclear safeguards. When we transport or, or I actually don't know what we do with nuclear materials, but whatever we do with them, we seal them. All these little containers that have the plutonium or whatever and we also use these heavily for treaty enforcement between countries. So agencies like the IAEA and United Nations, they'll say, hey, you know, country A, you know, we're not gonna make bombs and country B agrees. So how do you enforce, you know, this idea of two countries agreeing to something when, you know, you can't just have representatives of each government, you know, watching everything they do. So think in terms of like Pakistan and India and North Korea, China, in all these nuclear arms treaties, we have to say, okay, we're not gonna make bombs. How do we enforce that? A lot of that comes back to tamper seals. We seal them and then determine if they've been tampered with, you know, when the inspectors come, however routinely it is. So we're gonna go over a little history and then we're gonna talk about two basic types of seals. So this will just give you a brief overview of all the kind of stuff that you use in modern day. So the original idea was that we used a lot of clay or mud and we'd dry it over something. So think of a box, we're gonna cover it in clay and then put this pattern. So for you to gain access to the box, you have to figure out how to remove that clay and then put it back when you're done. So that may or may not be difficult, especially when it's, you know, 1800 or 800 BC, you don't know what the fuck you're doing. This is another example from, you know, a long, long ago and so we would, let's say we have our box again, we tie rope around it, right? So this is called a boulet and it's a little piece of clay that fits over the rope and then you stamp it in and it squishes into the rope and dries. So again, like our box covered in clay, you'd have to remove that to access the rope to open the box. The pope is awesome and he has a ring which he's kind of baller in that sense, right? He has a ring. So there's a guy, there's two guys, there's two guys. One guy, when the new pope, well, when the old pope exits, he has to melt his ring, right? When the new guy comes in, some other guy makes him a new ring and then they use that for stamping, papal insignia. And so you can see, here's a real old version, but tradition still continues to this day and usually they do wax nowadays. In mid 1800s, we started combining locks with seals and it's pretty cool because, you know, again, we think, why not use locks? Why use seals? Why not use both? Have the best of both worlds. So this is an example of a real old padlock and you can see on the right here, there's this little piece that kind of swings open and that allows you access to the keyway. So they figured, well, why don't we just put the stamp over that and then close that up and then to get access to the keyway, you'd have to remove the stamp, right? Now we'll ignore any, you know, well, what if you don't need to use the keyway to open the lock? There's also a lot of locks from this time period that have little glass plates so when you lock it, a little glass plate slides over the keyway and you'd have to shatter that to get access to it. During World War I, World War II, we started doing a mail censorship and probably before that, so essentially what it is is you send some piece of mail somewhere along the way, the censor says, okay, flag that. So they cut it open, right? Then they see, they read what it is, they determine if it's okay to go through. They tape it back up and then they put a stamp over it and you can see over in the top left here, they even write what language the letter was in. And then again, we also use this kind of similar stamping stuff to make sure that our mail has gone through the mail system properly. A very cool story is beginnings of the Cold War, beginnings of the CIA, they had a lot of difficulty with communicating back and forth, excuse me, the CIA had a lot of difficulty communicating with agents in Moscow. So what they did was they did this elaborate program where they bought thousands of different postcards and they sent them to and from different addresses, different recipients, and they put different things on them like in Moscow, from Russia with love, so on and so forth. And then when they reached their destination, the CIA would go back and look at them, determine which ones had been tampered with by the Russians, and then determine which methods they used to try and detect tampering and then which postcards weren't didn't qualify for whatever censorship or tampering that the Russians did. So through all this, they look at the pattern and say, well, if we send it to Ohio and it's in this rural area, maybe it doesn't get flagged and so on and so forth. So it's a very, very cool project and I think it's a lot of it's in Family Jewels if you wanna look that up to read more about it. I don't remember the name of the project but it's also documented a lot in the book SpyCraft. I just think it's a really cool thing that 70 years ago we were thinking, well, how do we detect mail tampering and how can we prevent it? How can we get around people doing it? Cause obviously you can't tamper everything that goes through the mail system. It's just not logistically possible. So you gotta pick and choose. In the 1980s in Chicago, there was a lot of scares where Tylenol pills were replaced with cyanide pills. And so you can see on the left is Tylenol and the right is cyanide Tylenol. So people started dying from this and there was this huge scare where Tylenol was rushed off the shelves and Johnson Johnson, owner of Tylenol, said, we can't detect tampering at the factory level so it must be further down the chain. And to this day, it hasn't been determined how this happened. There were a lot of copycat kind of things like a woman fed her husband a cyanide Tylenol and then went to her local store and put like a dozen cyanide boxes mixed up in there so that other people would die and they think it's just another freak occurrence. All the boxes have been tampered with kind of thing. Obviously it didn't kill Tylenol but similar incidents killed a number of other aspirin or pain medication type companies. So now we get to more modern day seals. After the whole fiasco in Chicago, we instituted the Federal Anti-Tampering Act and so all pharmaceuticals now have to have these different layers of protection. So I think of it just like computer security where we have defense in depth. We don't just have a firewall or a, what the hell do we use in computer security these days? We don't have an IDS or all that kind of crap. So now you have to open the box and inside the box you take your little shrink wrap off. You attempt to take the child proof container off and then despair usually. And then there's this little wax adhesive combination seal that's over the actual pills themselves. On a lot of electronics we use these little warranty stickers, right? So this is the first generation of this particular Xbox tamper seal and it's just this little silver seal that says Microsoft. If you try and pull it up it leaves a little residue that says void or opened or whatever it is. And so there started to be videos of people taking these off on YouTube. And Microsoft, I believe there are official responses that well that's cool and we're always looking to make our product better so they instituted a new seal and now there's videos of this being removed with a hairdryer on YouTube. It's essentially a sticker. So I think you're all comfortable removing stickers at one point or another. We use these a lot. One thing I found out recently was that the duty-free bags at airports you could actually take different kinds of chemicals on board planes as long as they're sealed in the duty-free bag. Now, depending on where, yeah right? Holy shit. And it's funny for me cause I actually it's not legal for me to fly cause I have all these dangerous chemicals that I use for the tamper stuff and I can't be like, hey can I bring this gallon of acetone on board? I paint my nails a lot. So I found out that you could actually take these on with certain size, certain chemicals as long as they're sealed. Now, depending on your airport, depending on where you're going, domestic, international, you can, you may be stopped and they may remove these from your persons before you get to the terminal and you can only buy them after you check in and crap like that. But I think it's very interesting that we rely on these. On the right is a check and deposit bag that is used by a lot of banks. The one in the picture is actually a Bank of America bag but there's a lot that are almost extremely similar and you just throw your cash in and seal it up and then obviously if someone wants to steal it, they're just gonna steal the whole damn thing and it's not gonna matter. But if somebody tries to take a portion of it, they have to figure out how to get that out and then reseal it without leaving evidence. Now obviously the missing cash may be evidence but think of if we wanna transport sensitive documents or company secrets and so on and so forth in these. I gotta stop saying so on and so forth, don't I? We also use these to seal evidence bags similar to the plastic bag here on the right. There's a lot of evidence bags that look the same. This is just a manila folder with some evidence tape over the edges but we use these pretty heavily for this kind of stuff. We started using these not too long ago in electronics. So all these sites like Hackaday that people are like, oh my God, I got the latest new iPhone, awesome version, holy shit. And I took it all apart and then I reprogrammed it so that like titties appear when I boot up or whatever. And so companies are actively trying to stop that, stop reverse engineering of their products, stop modification. Again, we could go back to like Xboxes and stuff where they don't want you to mod it or do anything against what they want you to do with it. So they started making both tamper evident and tamper resistant electronics. So in the photo is just this little chip and all the leads are coated in a thin layer of epoxy. So if you wanted to remove this chip or get access to the leads, you'd have to remove that and then figure out how to repair it. You could go hardcore and become the government where you just coat the whole damn thing in epoxy, the entire PCB. So it's essentially just a little black box at that point where you don't really know what it does but it just plugs in somewhere and then hopefully it works. It's used a lot on little DRM chips too and military crypto electronics. A lot of these are also tamper resistant where they destroy themselves if they detect tampering and so on. How many of you have a blackberry or an iPhone? If you take off the back right now you could see a little white seals and some of them are water sensors and some of them are little covers for the screws so that if you wanted to take your device apart you'd have to remove all those little stickers or break them when you put the screwdriver so all of these are little warranty protection type things. The water sensors don't really evidence tampering so much since the only thing they do is detect water or other types of liquids but for the most part just water. So a lot of people ask me, well what about like tilt sensors on packaging? Like you send a crate and you put a tilt sensor in it. That's kind of a tamper evident device but that's more of a cover your ass device so if something happens in transit then you could say well the tilt sensor went off so this must happen. How many of you have to take a piss test for work? Funny story, in the contest this year there was a medicine bottle that looked pretty similar and I filled it with apple juice and there's a picture of me drinking it like that. Yeah and another team used Jack and Water that looked a lot like P2. I don't know what's with us in P but let's stop talking about P. Anyways, we use these for a lot of medical type stuff so specimen containers and you can see the blood vials in the center and then even some more expensive medicine bottles will actually have a tamper evident seal so that you have to physically break it and it's not like the normal seals like the one on the left here or the normal kind of water bottle seal. It's meant to not be able to go back to the way it was. You all have gas, water and power. All of your little meters have little tamper seals on them and they're just these little tiny plastic things and again tamper evident things don't resist force. You can just snap these off with your fingers. It's just a little piece of plastic but if it's gone the next time the guy comes to check your meter he files a report saying something may have been tampered with and then they choose to investigate or not. For cargo transportation we use more heavy duty seals for the most part. We'll talk about different types of seals in a bit but these are called bolt seals and they're essentially just a one-way lock that snaps through the half of a truck. The IAEA does a treaty monitoring for North Korea and this is an example of a cup seal that they use and so this half of the cup seal is actually not unique so you could technically replace it with one of the same size and the same hole diameter and the same hole position. But what they do is they take a little knife and they scratch it up in here and they add little dabs of solder and then they take a picture of it. They seal it up, the next time they come they inspect the outside. When they're ready to remove the seal they cut it open and look at this and compare it with the picture to determine if it's been tampered with. This is a photo of Marines sealing a can of nuclear material with just a little tamper seal and if you remember back to our evidence slide this is essentially that same little red adhesive just being applied to the nuclear container. So as with most security products there's a lot of bullshit and so one thing I found really funny is that everyone who sells zip ties markets them as tamper proof and I thought that was pretty funny. Now how many of you are uncomfortable opening a zip tie? Did not think so. What if it's a pulled tight zip tie? A little more tricky, huh? Step it up. There's also dedicated tamper companies and most of them represent their products as being more secure than they really are and that was one of the motivations for DT starting the contest last year and continuing it on this year and next year. So you'll see it's just a little sticker similar to our Microsoft warranty sticker. When you pull it up it just says void and the wording to the right says impossible to reseal or reuse. Another one is these little metal padlock security seals which sounds very intimidating but essentially just this little frangible, is that a word? We'll find out later. It's just this little shackle that fits through the body and it snaps into place and it says positively tamper proof. We'll get back to him later. So, what makes something tamper evident, right? Is a water bottle tamper evident? Is an envelope tamper evident? You know, all these things, yeah, but are they designed to be such? So something that's tamper evident should be durable to everything. I'm gonna try walking around and we'll see how it works. Something that's tamper evident should be durable but it should be weak. It should not resist physical attacks, right? It should be a one-way lock mechanism. There's extremely few seals that are actually resealable because, you know, think if it's resealable, it's essentially a lock that you can lock and unlock at will, given the right tools and skill and a lot sort of stuff. Tamper seals usually have unique identifiers to prevent you from just swapping one out and counter-fitting it. And they're sensitive to basically everything other than a tug test. And so what a tug test is is where you seal your seal and we'll talk about this particular seal in a second. You seal it up and then you just pull it, right? So we know it's locked. So what if I pulled it and it snapped, right? If I'm just pulling lightly, then that may evidence tampering, right? And there also should be very weak to things like temperature or different chemicals and so on and so forth. So how do we inspect tamper seals? And this is a talk all on its own but we can think we just look at them casually. I go, oh, do, do, do, do. And then you can look at them closely and see if there's any little scratches or missing pieces. You can also disassemble them if they are disassembleable. And then you can get to serious science where you're saying what trace evidence is in on the seal or their fingerprints there, or their hair and fiber, that kind of stuff. And then there's also seals that have traps or alarms. So think of an example of a trap would be, what the fuck was that? An example of a trap would be like the little ink things when you go to the department store and all the clothes you wanna buy are the ink things. So if you try and remove that, it sprays ink everywhere. And so that's considered a trap. An alarm's more like when you're in the same department store and you just try to walk out and the siren goes off. So what does defeating a seal mean? So this is kind of ambiguous. Defeating a seal doesn't mean just pulling it apart because it's pretty easy just to pull most of these apart. So by defeating it, we mean that we open it and we reseal it, which sometimes is the harder part, and we leave little to no evidence of tampering as little as possible. So there's vulnerabilities kind of everywhere. So we can think of, there's problems with the design, something that the end user just can't fix. There's problems with procuring seals. So what if I start a malicious tamper seal company that sells flawed seals, right? And you buy seals from me. What about storage of your seals? If somebody has access to your seals before you install them, can they be tampered with and then made vulnerable to different attacks? What about installation? You can definitely install a lot of these wrong to reduce the security they offer. And then of course, the biggest thing is the human element. You know, to identify tampering, you need to have somebody actually look at it. There's no good automated way to do it. Now you can say, of course, we have electronic tamper seals that will alarm and do that kind of stuff, but that kind of stuff tends to make us lazy. And so we just need to say, you know, and the guy pushes the button to see if it's been tampered with, it tells them no. And there's a lot of ways we can fake that. And then think about also how you remove or dispose of the old seals when you pull them off the container when they get to their destination. If you just kind of throw them in the dumpster out back can somebody go through them and get parts or get materials from that, that would allow them to better tamper the seals that you're using still. So the first thing we're gonna talk about is called mechanical seals. And these are a little plastic and metal type seals that physically prevent you from doing what you want. So think of it like a little half spun a door and we have this little tiny tamper seal around it. Top on the door, you need to break this seal in theory. So zip ties, seriously zip ties. We're not joking when I say zip ties are a basic tamper evident seal. Again, show of hands, how many people are worried about a zip tie? Fully sealed zip tie? Those are tricky. Okay, so the first thing we're gonna talk about is the beaded cable seal and I have one here. You wanna pass it around? Wow, that was off. I'll seal it for you. And you know, just pull on it lightly, see how it feels. Don't tighten it too much, but play with them, see how they feel. And essentially it's just this little cable that fits through the body and once you push it through enough, it locks into place. So it's basically a fancy zip tie. How confident are you that you could beat this now? One guy, jeez. I thought you guys were pros. You had like the whole fully locked zip tie thing down. So I tried to do this earlier when I was drunk and I ripped the shim, but you can essentially just put a little coke can through there and get it around the cable and you push in and then once you get it through, you're essentially doing the same thing with the zip tie where you're separating the teeth from the cable, then you could just pull it back out. And there's a lot of these seals and they look different now and then, but they're essentially the same thing, right? They're just these little plastic or metal pieces and you snap them together and they're glorified zip ties. Some are two-sided, some are four-sided, some have two rows with a divider in the middle so you gotta shim both of them. And again, shimming's not the only defeat. Think of, you know, a lot of these don't have serial numbers. Can we just swap in another one of the same color? Of the same model? Lots and lots of different defeats. So again, go back to, you know, our list of different places we can attack them and just think of all the different things we could do to these basic little seals. Next type of seal we're gonna talk about is called the plunger seal. Now, one thing I should mention is that all the companies that sell these have really tarted names for them so they all call them truck seal. So it makes it really hard to talk to somebody and say, hey, you know that truck seal? And they're like, oh, which of the 5,000 are we talking about? So I call them just kinda how they interlock because it's easier for me. And hopefully I'll just give enough talks that everybody else starts using the terminology. But it's essentially just this little piece that snaps in. So it's similar to our little cable seal, but it covers the piece that we would wanna manipulate. And you can see that the little flanges here kinda prevent you from sticking something in and pushing those little legs back. But on most of these, they're capped. So the way that they seal this is that they form the body, they put the little white piece in the detainer, and then they cap it, right? And then whenever you're ready, you just snap it into place. So I don't know why that slides there, but okay. So you can actually take caps from other ones and you could just pull the caps from existing ones, just using a little screw. You just screw it in there and pull it out. Sometimes you could use heat or boiling water to make it easier, but you could just pop that out and then put a new one in there. And no one's a wiser. And once you have the cap out, you have full access to the internals, so it becomes a zip tie again. And so you can see here in the photo, for our team, we have a big box of different little caps ready to go. So it saves us time when we want to do defeats. We just pop the existing one out and then pick the right color. And if we damage the white part in anyway, it's hard to see if it's right here. If we damage that, we just pop a new one in because they're all the same too. And none of these little pieces are serialized or unique. So there's other little plunger seals that are pretty common as well. Again, these are used a lot by the utility companies and they're essentially just the same thing. They're just a different little format. And you can see the one on the left doesn't even have a serial number. So if we find the same type of seal with a serial number, think can we print a new one on it? Because we have blank ones? Sure, why not? The padlock seals are called so because they resemble padlocks. And they're kind of nifty. The one on the left just uses little spring-loaded detainers that shoot out when you push the shackle in. So you can think, can I shim that? Can I just put a little piece of wire and get around that? You can actually just remove the shackle. You can cut it and take the pieces out and then put a new one in if you have it. And you know, all these other kinds of defeats we talk about. The one on the right is funny because it sucks. So this is our tamper-proof seal, right? And so it's just this little piece that clips in similar to our plunger seal. So we have it here and you try and pull it, doesn't work. So you could of course just go in there with a lockpicking, push those little legs back and pull it out. What I thought was a really funny attack is you could take another shackle, which is funny, because you see they have these little tabs so it's supposed to be where you can put a serial number so you can't just replace the shackle. So we'll assume that they're serialized, but you just take another one and you kind of fit it down it. You see, somebody knows where I'm going with this. Oh, wait for it. And you take them out and it reseals. Super. You guys want to play with this? Should I pass it around? Don't fuck it up for all the people in the back. Come here. I'm not throwing it. So I'll have fun with that. At the tamper evident contest, if they're still set up after the talk, they have some practice seals. If you want to just take one home to play with, I unfortunately don't have, well, I do have a million seals, but I didn't bring them. But I'll have a couple extras up here afterwards. The next seal we're going to talk about is also called a padlock seal, but for different reasons. So you see they have different designs, different places they put the serial, different little shapes up here and different shapes of the clip. But essentially, they're all the same thing. It starts open, right? And then you fix it to whatever you want to put it on and you snap it closed. And the little legs dig into this middle piece and the barbs prevent you from pulling it out. And it's actually a tough little seal. I didn't push anything. We skipped several slides for no reason. So one cool attack is you could just clip it off, whatever it's on, and then you dunk it in saltwater or anything that's conductive. And you can use a battery or a power supply and you attach the leads to each side. And you could just, essentially, you rust it really fast. And because the main part of the seal is plastic, it's not affected. So you just rust these little metal pieces until they're gone. You pull the old clip out and put a new one in. And it works like a charm. So here's a picture of it once it's been through the electrolysis process. And now it's ready to take a new clip. Now it's a little difficult to do. Sometimes you have to scrape out whatever little bits of the old clip might be in there. But it's a really cool attack. And it only takes about half an hour. And again, this doesn't need to be on the thing that you're attacking. You just clip it off and then put it in your solution and go. The other seal we're going to talk about is called metal cable seals. And this is the first of three seals, this type of seal, not necessarily the models that we're going to demo. This is the first of three that's approved by Customs and Border Patrol for their sealing needs, for all their tamper stuff. So they use the heavier duty cable seals, but essentially the same idea. And there was one that they use in this year's tamper contest. And I think all the teams defeated it, or at least the majority of them. So essentially what it is is you put the cable through one side. Oh, another one here. So you put the cable through one side, and then it should lock into place, just like our little beaded cable seal. And there's a little spring in there that pushes a little gear. So when you try and pull back, the teeth of the gear and the braiding of the cable make it so you can't pull out. So what we could do is just shim it. So I have one prepared. You can see it passes tug test. You want to, you, come here. So just tug on that cable a little bit to make sure it's locked. Give them a thumbs up if it's locked. All right. People think I'm bullshitting them sometimes. So we got audience participation and all that. So I have my shim kind of just inserted, but you see it's still locked. So what we're going to do is we're going to do the same we did for the other one, where we just kind of put it through. Oh, but I scrunched it. Oh, I broke it. Oh, I'm tarted. OK, it's done. I'm tarted. Shut up. Yeah, this one's locked. Oh, it's tarted. I ruined it. Sorry. Too much jagger. You can thank dark tangent for that. What you can also do is just put a little magnet on it, and it'll pull the gear away, and then you can pull the cable out. So hard drive magnets work. Obviously, you need a different magnet depending on the size of the gear, the strength of the spring, and the size of the cable, but definitely doable. The next seal we're going to talk about is called the metal ball seal. And every company I could find that sells these, sells them as tamper proof. No tamper resistant. No, maybe you can tamper it. Tamper proof. Every company I can find. And so what it is, is on the top is unsealed. And so you pull the strap through. And then normally, there's obviously the ball over this section. But there's rings clipped around each side. They don't go through. There's a ring like this, and it snaps together under the force. And when you push the strap through, it pushes the rings through, and they snap together when both sides can fit through the holes. And then you can't pull your strap out. So let's talk about, how can we defeat this? Because this is a pretty complicated lock. It's very simple in design. But how do we defeat it? So to defeat it by so-called picking, we'd have to rotate the rings back and spread each of them to get the strap out. So that's pretty hard. And there's some in the contest area you can look at. It's a very small little area that you have to work with. And trying to rotate and spread in that area is very difficult. We could always try cutting the strap somewhere that they might not look at and repairing it. It'll probably fail the tug test. But maybe that's a basic defeat you could try. And then what about, can we counterfeit it? Can we change the serial number? Can we take another one and re-serialize it? Can we make our own strap and then serialize that? These are all varying degrees of difficulty. But just think about that. What else can we do? Anybody? Ideas? Thoughts, comments, concerns? You guys are quiet. I'm sorry? You can manufacture the rings, but how do you get the rings in there apart? And how do you get new ones on? Because the ball doesn't come off even if you cut the rings. Ah. Sorry? Vibratory. No, that will not work because you need to actually spread the rings. Nice try, though. OK, so the defeat we came up with for this year's tamper contest is we made dies to re-crimp metal balls. So we get our target metal ball seal. We cut the ball off. We take two halves from other seals. We put them back on after we separate the rings and take it apart, put it on wherever it's supposed to go. And then we just re-crimp it. So can you tell which of those photos has a tampered seal? Any of them? One, two, three of them? Why didn't tell the people at Black Hat? So I guess I can't tell you. But there's at least one of them that's been tampered with. It's difficult. And it's kind of a contrived thing, obviously, because you only see one view of the seals. But it's very difficult to tell. So think of this from arm's length. Very difficult to spot. The next seal we're going to talk about is a bolt seal. And we talked about this a little bit earlier. There's lots of different varieties. And do they serialize both the bolt and the body? Is the bolt all metal, or is it covered in plastic? And then they have various little anti-spin techniques. So here's what most of the insides look of them. And there's two varieties. One uses a little clip and one uses a ring. So this is an example of the clip one. It's just you put your bolt through, and then the clip snaps around the head of the bolt. And then you can't pull it out. You can also see on the left, it has these flats to prevent you from twisting the bolt while it's in. You could twist it if you turn hard enough, but you'll chew up the plastic. And again, that'll leave evidence of tampering. So let's talk about some basic defeats for these. We could just cut part of it off, and then try and reseal it and see how it works. Potentially difficult. It's easier on the all metal or all metal bolts, but varying degrees of success. We could also drill and repair or replace the bolt. So think is that hard? It's pretty hard, depending on the bolt. Some, the ones that actually don't spin, probably a little easier, because you don't have to worry about the bolt moving around. But you just put a drill at an angle, which is a difficult thing in the first place, and you just go down there and hit the little ring or the clip. Well, I'll tell you about something we did this year. We had a tamper-o-day. What we did was we made a custom little drill piece, and it just fit around the body of the bolt. And we put it on our drill and it spin it. So we spin it, and while spinning it, we pull both sides. And doing so causes friction between the little clip and the bolt. And it slowly choose away the bolt and the clip until it can pop open. And on tamperevidentwiki.com, after the conference, you guys can see all of our documentation. There's some videos of us doing this on YouTube. I think you just search Defcon 19 tampering. Yeah, Defcon 19 tampering, and you can see the video. And it works really quick, and it's pretty easy. And depending on the design of the bolt, it will leave no marks or a little marks. And it's kind of a beta thing. We need to work on the design of the tool. But for now, it works really well, even though it leaves some marks on the body from just having to grab it. But we're working on it. So the next thing we're going to talk about are called crimps and wraps. So the first type are crimps that are similar to our mechanical seals. But essentially, they're little pieces of lead or aluminum that we squish. And usually, we squish them around a wire or something. It's just a little frangible wire, and then you squish this piece over it, and then you can't separate the wire. So in this example, this little flag just gets rolled up over a wire. It's very tight, and it's hard to pull the wire out. Most of these basic types of crimps aren't serialized. So they're very easy to counterfeit. If you have the same, in this picture, it has a USLC type thing, they're very easy to defeat if you have the same type of crimp or if you can replicate that type of effect. And there was a bunch of little crimps in this year's contest that everybody defeated. So here's an example of a squeeze crimp. So instead of the roll that just rolls that little flag up, you physically squeeze a little piece of lead or aluminum, and then you leave an imprint if your dye has a little imprint. And these are kind of cool, because if you actually take the time to inspect them very thoroughly, then you can get a pretty good degree of anti-tampering out of them. Because think, every time you crimp one of these little pieces, it's going to deform in its own unique way. So if you take a really high resolution photograph of it, and then you inspect it in that same manner, then you could potentially detect alterations to it or replacement. There was a lot of lead seals in the contest this year. They're all defeated. I think we all basically use the same thing where we clip the cable, and then we put it back in and crimp over it so that it's stuck again. But there's lots of different things you could do. And again, so think about how far are you willing to go to detect tampering? Because it's obviously expensive the more you do, the farther you go. But are you willing to go that far? Think back to our example of Russia and the US with the postcards. How much mail are you willing to censor or pass through this tampering to detect spies and all that kind of stuff? This is a photo of the seal crimping tool. It's just a basic little hand tool. There's these self-crimping seals that are pretty cool. And essentially, they're the same thing. You thread a wire through the back, but you could just snap them together with your fingers. They suck pretty hard, actually. The ones that I found, at least, you could see on the right. That one's actually a fully locked thing. And you could just essentially put a little lockpick in there and push out the parts that need to be pushed out and reopen it. So this is something that's more familiar to you guys. And these are just little plastic wraps that fit around a lot of pharmaceuticals or food packages and that kind of stuff. And they kind of have mixed effectiveness. A lot of people put these on their products just to say, I have a tamper seal on my product, with no eye to how good it is or how valuable it is to quality assurance and that kind of stuff. But the real question with this kind of stuff on food and pharmaceuticals is, what's your real goal? So is your goal to prevent replacement of the pills, replacement of the bottle? Is your goal to prevent people opening it and doing whatever they're going to do with full access? What if we just take a needle and inject some kind of doping agent onto the pills? Would that be detected? Because obviously, for the most part, you can bypass this little seal. Now again, we talk about defense in depth. We have the, for our normal bottles, we have all these layers of things that we have to go through to open it. But think of these things, is that the right thing to do? A lot of these that are used aren't very good. And usually it's the design of the bottle, like this kind of seal is similar. And if you just put this in boiling water or just very hot water, it'll loosen up the plastic and you could just go pry it open. And depending on the container, what's inside of it, you could just get one off full and then just put it back on at your leisure. And the same is somewhat true for these, although these little plastic ones are a bit more, heat affects them a lot more than these bigger plastic seals. But a lot of them, how many of you have ever bought a product where you just kind of wiggled it off and you got it off intact, right? Oh, he was just raising his hand, he didn't have a question, I'm tarted, sorry. How many of you think of the ones you couldn't take off? How far do you have to cut up this little seam to get it off? Probably not all the way, right? Usually very little, if any at all. So think how can we cut and repair that? And think, a lot of these are pretty easy to counterfeit because nobody really serializes them. So you could just, if you have another one, you rip this one off, put a new one on and then heat it back up so it shrinks. So think, again, how far are you willing to go to detect tampering? Are you gonna take photos of the exact pattern that your little plastic wrap seals on to whatever you're doing? As you get bigger and bigger, think huge companies, they can't afford to do this kind of detection. It's just a, well, we put a tamper seal on it because the law says we have to. The next and last thing we're gonna talk about are adhesives, and adhesives are super popular for sealing a lot of stuff. Almost all the packages we get are sealed with some form of adhesive. And then you can also extend this to think about envelopes and that sort of stuff, and the bank bags we talked about earlier. But adhesives are kind of, they're not very great. And one funny thing is that there's no standard for high security tamper adhesives. There's one for mechanical seals, but I thought the funny thing was is that they don't actually test for tampering for this standard until 2012. So there's all these seals that say, we're compliant, but it doesn't mean anything just yet because they haven't enforced this tamper evident testing. So adhesives are kind of bad because they're misunderstood. A lot of companies think you could just slap on a sticker on the back of your Xbox and then you're great. All the morons in the world are just gonna rip it off and they go, oh damn, I guess I can't stand it back now. But think of a more sophisticated attack. Can we shim it? Can we just put a piece of Coke can or wax paper and just get it up? Will heat help us get that off? Water, steam, solvents, temperature? Again, both hot and cold. And then also there's always counter-fitting. There was a funny situation earlier where they were judging the tamper contest and they said, when you apply this tape, because with all the contests to lift the tapes and put them back down, they said, did you get dust on here? And I go, no, when you use this roll, that's just how it looks. And they didn't like that at all. But we actually have dreams of one day giving back two boxes for our tamper contest because we can counterfeit so much of it that we could just duplicate it. But I'm told that's bad form. So we haven't done that yet. So the thing about this is that you could put whatever you want on a piece of tape, but that doesn't make it any better than a piece of tape. So this is an example called tamper evident tape and it's tape. And it's not very good at being tamper evident. Now, the main feature of this is that if you cut it, think again to our tarted example, if you just take your knife and you slice it open, it's gonna be very difficult to realign all these little lines so that they look right. But again, why do that when you could just put acetone or isopropyl or any of these things that you could buy in your local drug or hardware store or pharmacy to lift the tape? So the real questions are, when you look at an adhesive, is it serialized? What's it applied to? Is it on wood? Is it on plastic? Is it on metal? Is it on paper? Cause all these things depend how well it's gonna adhere. And then you gotta think what type of material is the adhesive, the backing? Tapes are a combination of a backing so like your little plastic layer and then adhesive under it. So you combine that with whatever you're sticking it to is gonna determine how well it sticks and how long you need to leave it before it sticks. Cause think about a big company. You're a shipping company. You get an order in. You wanna get that out as fast as possible so that customers are satisfied. So you slap tape on it and then you send it out right away. Well that tape hasn't had time to cure. So it's gonna be a lot less resistant to attack. So think about how do you integrate all this kind of information into making a more secure tamper evident system? And then you gotta think, well what type of residue, if any, does the tape leave behind? How much do you really need to remove to open whatever it is you're working on? Cause the answer is generally never all of it. Almost, very rarely you have to remove the entire piece of tape, right? So the two things we have, and we'll just talk, we'll go right into them, is a full residue tamper tape and that's where if you pull the tape up, if you just physically force it up it'll leave behind a residue and that residue will be the full width of the tape. So you can see here there's a little residue all the way to the bottom, right? And then a partial residue tape will only leave a certain imprint. There's also what's called no residue tape where when you pull it up it doesn't leave anything behind on the substrate but it voids itself. So the tape now says void or whatever in the same way that this leaves behind residue. So let's talk about solvents cause solvents are probably one of my favorite aspects of adhesives even though I never paid attention in chemistry in school. So let's think about common solvents. Acetone, isopropyl, carbon tetrachloride is funny cause the CIA used to love it. I don't know if they still do. I'm actually not with the CIA if you hadn't noticed. But yeah, food. But it's extremely dangerous. So we don't really use it for the contests and I think it might even be illegal in a lot of the nearby states but it's actually extremely effective at lifting a lot of adhesives. Methyl ethyl ketone is pretty strong but it could be useful for some stuff and then pretty much the sky's the limit. Any type of solvent will probably work on something. Again, it depends on your backing, depends on your adhesive, depends on your substrate. All this kind of stuff. And so literally the sky's the limit. There's huge amounts of solvents you could pick from. I did a black hat teaser talk for the training and I didn't wanna show a solvent in it cause I wanted it for the contest and I wanted it to be a secret. So I replaced it with aromatic bitters. So my goal was to, no, no, I thought this out. My goal was to identify all the bad teams by whether or not they added aromatic bitters to their kit. So think about how do we inspect adhesives cause adhesives and envelopes and that kind of stuff, we generally have more of a drive. When we see them we can tell if it's been tampered with or not. So we look for cuts or tears or wrinkles, any distortion if it has lettering. We also wanna look at, has it changed place? Again, how far are you willing to go to look at this kind of stuff? Is the texture of it different? Is the gloss different? When you peel it up, is the adhesive the same strength? If it's supposed to leave a residue, does it? Does it leave it properly? Has it been altered? So there's lots of stuff. If you use, the bad part about solvents is that if you use the wrong one, you're probably screwed. So this is just an example of a ruined tape and you could see it just basically dissolves and leaves the security pattern behind. And if we look at this again, you could see it even flared out to the sides here so it's all covered in blue ink. If you use heat, if you use too much heat, it's pretty easy to ruin a lot of adhesives. So here's an example. One thing that a lot of solvents do is that they affect the gloss of the tape itself. Because generally speaking, you don't wanna put the adhesive on top of the backing. You want it between whatever it's stuck to in the adhesive because it doesn't really do you any good to have it on top of it because that's not what's holding it there. So if you get it on top, you might change the actual texture or gloss of the backing itself. You can also look even, as far as you want to get into this to look at, is it actually stuck? And when you peel it, does it feel the same? Does it look the same? So again, here's another example of heat with all the letters are all distorted and smeared. Big bubble marks. Let's say you use solvent and the solvent lifts the tape but it damages the adhesive so the adhesive doesn't work right. So you gotta add new adhesive, right? If you want it to look right. It's pretty difficult to do and you could see here's a photo of glue being stuck kind of around the edges from it being resealed. Here's an example of aerosol adhesive. So when you use aerosol, it's a combination of whatever the sticky stuff is and the propellant that actually makes it spray out. And here's a photo of all those little particles on the tape itself. And so that's obviously not normal because that's not how normal adhesives come. So the things I want you to take away from this talk are that there's lots more seals. There's hundreds of types of seals out there and little design variants that make certain attacks better or worse. There's always room to improve your methods of defeat. Everyone's leaving, geez. And so how do we improve our defeats? How do we improve more importantly our installation, our storage, our inspection methods? Because at the end of the day, you don't need to beat the tamper seal. You need to beat the people looking at them. And that's generally a much easier thing to do. And how do you integrate all this into whatever your business is? So don't think that you could just slap a sticker on and then it's gonna work. The hard part about it is that unless you're crazy like me, it's hard to evaluate CLA versus CLB and determine which one's better. And there's no real information on the internet about how to do this. So that's one of the goals of the contest that DT's running is starting this year. All the documentation will be a public wiki every year for the contest. So we do all our defeats, we type it up, and then once DEF CON's over, it all gets published to the internet. So you can look up this seal. Was this used in the contest? How do people defeat it? And what are ways that we can make it better and we could use it better in our business? So I wanna thank you all for coming. Are there any questions?