 Hi Roots. My name is Chloe. Our next speaker is Erin Owens giving a talk about drone wars. Hi everyone. Some of you have had the chance to come by our workstation yesterday. That was kind of a preview day. Today we're running most of the workstation, but I want to introduce you to drone wars. I'm going to introduce you to the team. We're going to talk a little bit about our payload for our drones, the drone racing simulations, and the other things that we are doing with the builds. Before we get into that, I just have a quick question. So just for kids, for those of you that are under 18, who in this room is the best hacker in the room? Raise your hand. Who is it? I got one right here. Anybody else claiming that status? I got one over here. Who's claiming that status? Just two people. Three. Right here. He's five years old. He's just starting. He's the best hacker in the room. He's challenging everyone in the room. So part of what makes it fun, part of what makes this fun is that we introduce a little bit of competition into what we do. So drone wars has a little bit of competition in it. We're going to talk about that as well. You raised your hand. You're saying I'm inviting that competition. Do hackers get hacked? Do hackers ever get hacked? Yes? Well, I would tend to say we invite that competition so we don't get hacked. We compete, right? So let's go ahead and have some fun. We're going to introduce you to our drone wars program and a couple of people that are involved. The two things you're going to see today is a little bit about what we're doing at the workstation, what drone wars is about, and then you're going to see a little bit about our payload. So what is Tor? What is the dark net? And how can a drone be used to actually deliver a payload that's got some value to companies and individuals? They're in this cybersecurity arena. So we're going to go through a little bit of that. Okay, our program is in part sponsored by EC Council. EC Council gave drone wars this year free training for everyone that comes through our workstation. So for those of you that come over today, we'll be giving everyone in here some free training and training vouchers at a discounted rate of $25. That's the best they could give us for the actual vouchers, but if you want to get certified, they'll have that option as well. So we'll be taking your name and an email address in order to give some of the free training away. Our team includes six people today. What we have is myself. I'm Aaron Patrick Owens. I am the Executive Director of Drone Wars. We're a not-for-profit program. We'll talk a little bit about that. I have two youth leaders with me. I have Abby, goes by A.K.A. Fire Starter. You want to say hi? Okay, and I have Duncan, A.K.A. Stealth Rock. Hi there. Hi there. Okay, and up here with me I also have Justin Whitehead. He goes by A.K.A. Homeless. You'll see him at Homeless Hacker. Hello, everybody. And he's our Chief Scientist, so he's the man behind a lot of our tech. I'm just the face for the group and kind of put on the drone competitions and things like that. We also have our Chief Pilot, our drone pilot's not with us today. That's Chris Kiggins. He does a lot of our platform designs, our encryption of the channels and things of that nature. We'll talk about that. And then our Board of Directors Chairman, Sujit, he's not able to make it, but he's here at DEF CON right now as well. So we'll get him introduced at some point. Our program is about four different things. You see some of that at the workstation. But one of our arenas is the CTF arena. And you'll see this at Roots next year. The CTF arena is designed for you to be able to capture drones in flight. And it's also designed to be able to find the flight path and mission activities of a drone that's already in a post-flight or it's been captured. So you'll have a CTF arena where each drone is a red or a blue drone. And we act as your white team for determining who won the event with a total of five drones in flight for capture. So it's a nice gamified way to look at hacking drones. We also have a drone hacking arena and that is designed for hacking actual drones. And then we have competitions for that and the forensic analysis of that as well. We're planning an event at DEF CON 26 where we'll have about 25 drones in flight for drone hacking competitions. So that should be a lot of fun. We also have a drone creativity competition and that's coming up with unique use cases for drones. For example, our chief engineer Chris Kiggins designed a drone that delivers his coffee from across the street. So he'll go pick up the lattes at a local coffee shop and have them delivered at his office with the drone. So it's a lot of fun and we're looking for that kind of creative design with our drone. So that's what that part is about. To encourage that next year at Roots, we'll have a 3D printer for you to be able to custom print your drone platforms. So we'll talk about the custom work we did for this year's event today as well. We also have a drone solution arena and that puts a competition field in play where we have one solution or a set of solutions that we ask that you solve with drones or RC vehicles. So you have RF in play, multiple vehicles in play to be able to come up with a time-based wind solution within an amount of time that we give you to perform those solutions. We have each one set up for scoring points and it's a really fun STEM activity. But that's what Drone Wars is about. We're going to talk a little bit about our workstation. So if you guys could go ahead and let's go ahead and fly the basic drone and I'll talk about that. We are allowing drone builds. So what we did this year is, and we'll talk about the parts, is we took a drone. It's a small inductrix blade drone. We'll show you a picture of that as well. We took that and some of you might have seen this one in flight. He's binding now and here it goes in flight. This is the inductrix drone. Now this is an out-of-the-box drone that we purchased but that's just not enough fun. We have to hack it a little bit, right? So what we decided to do is 3D print a custom platform. It's a tie fighter. I'll show you that design in a moment. And we robbed these for parts and we also purchased parts for our flight controllers, props, motors, and batteries and we put together a custom drone. We're going to show you how to do that right here. So here's a little bit on our drone customization workshop. We're using the mini tie fighter design. You'll find this on Thingiverse. Thingiverse is a great website. If you're looking at doing 3D printing or getting into it, you can print just about anything. We can print drone platforms up here. And there's some very cool ones to try out. I would certainly encourage you to play around with this because you only need to buy one small drone and then you can print and make 10 or 15 drones out of it. So it can be a lot of fun. What you need to purchase is going to be a few additional parts. You might need some extra motors. You might need some extra props. And you might need some extra flight controller if you end up breaking that. You might want to add an FPV camera. And when you're done, this is what it will look like. So you saw the beginning, which is a custom out-of-the-box drone. We decided we're done with that. And we built this one with 3D printed parts. And you can do the same thing at home. Great job. Some things you're going to see from a build perspective when you come over to our workstation is you're going to see three major things that are going to be observations that you will need for a certified flight check before you go take your drone into flight. Number one, the props have to be installed properly. And we'll give you props for that if you can complete that properly. So we'll talk about that. I had to use properly as many times as possible for props. That's just required. So that portion is if you don't have your props installed properly, your drone will not operate correctly. We also see that the motors aren't hooked up in the correct order to the flight controller and the direction of the flight controller is determined by two things. It's determined in flight by the colors of the lights, just like a car, white in front, red in back. And it's determined by the direction there's an arrow on the board that we'll show you. And you'll be able to determine that when it's not plugged in and not in flight as well. We're giving away three prizes today. We gave away two yesterday as well for some great people that came through our workstation. Today we're giving away a few more. We're giving away one drone. I think we're giving away a Raspberry Pi to everyone that comes through as well, along with that EC Council training. And we're giving away an Arduino, I think. Did you say it's an Arduino? Arduino or Arduino? That right. Giving away one other computer as well. So you'll be able to come through our workstation and get a few prizes. We're going to give them based on best attitude. The person that gets the fastest in-flight drone in operation, which is the fastest built, and the best first flight. So if you can do those three things, you can win all three, or we'll see those go out to three different people. Now with that, we built a custom drone. I talked about it yesterday for our red team, so I won't go through all that background again. But we are going to talk about the payload, and we have a design workstation set up today for you to design your own payload. And everyone that comes through will leave with the Raspberry Pi with that payload installed. So I'm going to let my friend Justin here, our chief scientist, talk to you about our builds for that. Hey, how is it? Yeah. Apparently I'm a little taller. How's everybody doing? All right. So my background is I work for a company in Denver, and we specialize in darknet and darknet research. So there's a lot of good things about the darknet, and it tends to often get overlooked, such as things like Tor. I've worked all over the world trying to help people get information out of their countries. So I became really interested in this, and the basics around Raspberry Pi is something that's easy to drop off and leave. Right now the Tor Foundation does not have a Tor project for the Raspberry Pi. You can set it up as a server, but you can't run it as a client. Well, you tell a bunch of hackers they can't do something and what happens. I can run it at Raspberry Pi as a Tor client now. So, who knows what ARPANET is? Yeah, you have to be under 18 to raise your hand for that. All right. All right, trivia question. What did ARPANET become? Come on, this is for cash and prizes up here. I'll give it to him. ARPANET is what became the modern-day internet at this point. So basically, has everybody ever seen the random iceberg model of the internet, where what we see usually and work with right there on the top, and what's really happening below underneath is a much larger piece, just like an iceberg. What is the darknet? Darknet basically means you have to have a routable address to get to it. It's not going to show up in a search. A lot of times they're a lot more hidden. Darknet addresses, they were originally like, they were obfuscated from the ARPANET so that it made it harder for them to get to. Tor, Tor is the onion router. Tor is a set of software that actually helps you connect to the darknet. All right, next trivia question. What branch of the military started the Tor project? Oh no, no, I'm opening it up to everybody this time. What do you got? Yes, that is right. Well, this might almost fit you in the next five years. So yes, the United States Navy originally started the project for the onion routing protocol. So how does Tor actually work? Basically, you run a server for other clients to connect to. By doing this, you bounce from signal to signal, obfuscating your actual track or your actual path back to your computer. While you're at our workstation, I'll walk you through some of this a little bit more in depth. But this is the basics. And I want to give a big shout out to EFF for making these awesome slides and making my life a lot easier. It keeps you from your physical address being able to be really located. Now, there are a lot of things when you use Tor that you need to set up correctly. One thing you want to make sure you never do while you're on Tor is use your regular browsing habits. Do not open your Facebook account. Do not start up your email account on Tor unless that gives a way that you can actually be tracked back. So, as I said before, the U.S. Navy used it just recently in the last few months. There was an article that came out of how they were using it overseas still to this day trying to get information out. As I said earlier when I began this talk, I spent some time overseas during the Arab Spring and a couple other things where information was blocked. Does anybody know what happened during the Arab Spring as far as internet connections? Yes, they were all shut down. Do you know what they forgot to shut down? Dial-up networks. So, breaking out a whole bunch of 56K BOD modems that were found at most thrift stores or junk stores, we were actually able to set up internet connections. We were able to get information out over Tor during the Arab Spring. So, we all know that there's bad things that happen. Would you like to use the phrase from Spider-Man? With great power comes great responsibility. Who said that? Huh? Who said it? Yes! Yes, Uncle Ben said that. What Tor is really good for is it actually, it's a big thing for privacy. It helps us keep what we're doing on the internet private. It keeps people from being able to monitor and try to sell us stuff. It keeps people from being able to track back to us. So, there are a lot of really good uses for Tor. So, on our team, my main job is to build the custom distro that we're building for our drones. Right now, my first distro is called Vapor. It's the one that's based on the Raspberry Pi and actually being able to use it as a Tor client, as a leave behind. We also have a couple other tools that allow us to connect back to it. So, I can drop it off inside of an organization, connect back to it and Xfill data out of your company over port 9050 and 9051, which I found most people that run their networks don't even know what those two ports do. So, it works great for pin testing. The Raspberry Pi, it's cheap. It's cost effective to deploy it. You can use PoE systems to run them. So, it makes it really good for what we're doing. So, Skies. This is going to be another Debian based Linux distro. I base everything off of Debian Lite and build it from there. One of the really great things and one of the things I really wanted to talk to was you guys are all sitting in here like getting to meet new people, making new friends. Building these distributions has kind of done, it's my DEF CON for kids for myself. I have met some of the most awesome people in this industry who include my buddy Mr. Bot who has helped me turn the Wi-Fi card on a Raspberry Pi to where we can now put it into promiscuous mode, which now means we can bypass having an alpha card, stick this somewhere on a drone, drop it on a roof and start capturing WPA handshakes, then fly it back to ourselves. That helps a lot because I don't have to be in your building anymore. Again, one of the biggest things that I've loved about this is the friendships I've made. So while you guys are here today, make sure you introduce yourself to two or three new people. Just say hi. You never know when that person's going to turn around and be working on a project with you. So on that note, you guys are going to have a lot of fun at the workstation. This year we haven't yet released the wireless assault drone because we originally built that. I showed you guys yesterday with the Hack 5. We used the tactical nano for payload. We decided we wanted to do our own distro so we went ahead and built our own payload. That is now ready. We're just making sure it all functions on our platform. So that will be released very soon. You'll see that back up on the new build website as soon as it gets published. It's something you can duplicate at home and have a lot of fun with. It's not designed for purchase. We don't sell anything. We just like to introduce new technology, new ways of doing it and have a lot of fun. So with that next year, I talked to you a little bit about what we're going to be doing, but we love being part of Roots. We worked with the robotics workstations last year and we hope you guys have fun at Drone Wars. So with that, does anyone have any questions for our team? Yes. Good question. The question was asked whether or not our drones have power supply problems. You were absolutely correct to answer that. Drones batteries are very heavy and they don't fly for very long. I'm going to give you three problems that we've really been working with trying to come up with unique solutions on. One of those problems is our payload itself is power operated. The Raspberry Pi requires power. So we have a slim battery that we use for that. Justin here has taken the batteries out of the vapors that you guys have seen people convert to, which is for smoking. We've been using those. Those are very light. So we're trying every different battery we can find to try to get extended use out of our payload and out of the drone itself. So that's a great question on power. Right now we have about 35 minutes of flight time and that's why we set up the payload to be able to drop it off and pick it up. We originally designed the drone so that it would go, sit and hack, right? But you have to wait for each wireless signal to occur and that takes time. And so our drone was running out of power before the payload was running out of power. So we decided to drop it. So we designed a claw, drops the payload and we can pick it up later. So that's a really good question. A couple other questions we had regarding issues that were encrypting the channel. So everything's open, communications on RF when you're communicating with the drone depending on the amount of channels. So we've actually worked on encrypting those channels and we've got those encrypted as of today. We're just still doing testing with that to see if it meets all our forensic standards. So very good question, thank you. Any other questions? All right, back to you. Thank you.