 My name is Brad Dixon and I'm with Carve Systems and we're talking today about uh cheating in e-sports, how to cheat at virtual cycling using USB hacks. So yeah I'm really caught talking about bicycling and you might not think about bicycles as having a lot of technology in them or maybe all the technologies in the manufacturing and materials. But over the past few years um electronics and software have been creeping into the components that that high end professional cyclist and the really competitive amateurs use. And wherever there's software uh we know that there can be hacks and and that that's cool. But I was kind of interested and and my and Mike Zussman uh is uh my boss over there is also interested to say well what can we do like more to cheat? Because the cheating is really kind of I'll talk about is like the the most fun part of competitive cycling I think. Um and and just just so I don't disappoint anybody. We're not talking about like these e-sports uh so you know there's there's no great fortnight hints, no league of legend hints uh and and those are cool. What we're talking about is something a little bit different. We're talking about the sweaty e-sports. And so these are people who compete in e-sports where the performance of their avatar is driven by their physical performance in the real world. They're actually dropping sweat and doing work uh to win in these competitions or just for exercise. But there's something cool about this. Unlike other e-sports, virtual cycling is part of the greater world of cycling. Uh so just a little backstory for you. There's a group called the Union Cyclist Internationale. And you the UCI is the federation that governs all cycling competitions. Whether it's road biking or mountain biking or BMX or there's some very odd uh artistic bicycle competitions that I never knew about but people do. The UCI sets all the rules for those. Um and so they work with the International Olympic Committee. The International Olympic Committee last year had a meeting that said we want to start including e-sports in the Olympic program somehow. So everybody came to this this forum. Uh including all of the you know I'll call them the like the video game people like Fortnite, League of Legends, all that stuff. And these weird little cycling people on the side. So the International Olympic Committee had one of these big meetings you know lots of food and wine and drinks for a week or something. Um but out of this they came out with saying yes we really do want to include e-sports in future Olympic programs but there's a catch. And their catch was that they thought that that e-sports that involve you know killing didn't really sit with the vibe of the Olympic movement. They're not so much into that. And so the virtual cycling people are really excited about this because they're looking at it and going I don't know there's like we bowling and then there's us. And so virtual cycling is gonna you know maybe rank on up there. And I'm excited about this because um cyclists have the best cheaters. I mean they're like seriously the best. They're absolutely the best. I mean Tom Brady should learn from these people. I had to get that in there sorry Tom. So so just a little history on here. So the Tour de France got started in 1903 uh organized cycling in a as a competitive sport had only been going on some like since like the mid 1890s. And this guy here not actually a mine uh my buddy Hippolyte here. Uh he was racing in the first Tour de France really competitive and he actually he had to drop out um because because he had intestinal duress. But later investigations um theorized that this was actually him uh he received a spiked bottle of water from the other competitors. Uh and this kind of stuff went on. Um the the guy who made the Tour de France a little bit of a sadist. In his view like the perfect Tour de France uh which is a 21 day race 2200 miles. The perfect Tour de France would have only one finisher. Everybody else would drop out die or quit. Um and and you know he never really reached that goal thankfully. Um but the competitors even in the early days they would inject their muscles with strict nine just to deaden them so they could take more pain more suffering and make it up that hill. Um but don't worry about Hippolyte. Hippolyte learns really fast. He comes back the next year and he put together this this scheme where uh he put a cork in his mouth had a rope and the rope was connected to a car and that car would tow him up the hills. And it would have worked but Hippolyte finished just after the race officials got to the end of the course uh to set up for the finish and Hippolyte comes flying in and they they disagreed with that. Um this guy Maurice Garan he he kind of like up the Keystone cops level here. He uh he had itching powder stuck in his rival's shorts. Uh he sabotaged bikes of his rivals. Um he he actually had a part of the course where he took a train to just just skip past all these other riders. Uh and picked up from there and then had all the supporters spread broken glass uh in front of in front of them. Uh very creative. And and then you know in the more modern era this guy Jean Robich uh he would have this scheme where he'd ride to the top of the hills and just before the descent uh his his um support crew would hand up new water bottles and he'd stuff them in his bike and and these water bottles were filled with lead just to make it go faster down the hill. But the funny thing about this is that at the time this actually wasn't illegal you you could do this. He was fine. But in the modern era cheating has has continued uh and has this hundred year history. It's gotten more technical. Um in uh 2016 we had a rider that was uh and not a competitive rider. Uh just just a rider uh ejected from a race or actually having a motor in the seat post of the bike. Uh and uh in 60 minutes did a program all about this. It's actually quite fascinating if you want to go find that. And then there is this guy. If you know one cyclist you probably know this guy. Lance Armstrong. Famous slash infamous for being a seven time winner and cheater of the Tour de France. Um and and he put together not just like he didn't just dope himself. He had like an entire mob that was responsible for getting him the material, doping the teams. I mean it was it was quite a production. But it wasn't just him. Um he won seven years. There are 21 podium finishers of the Tour de France in those seven years. And of those 21, 20 uh were later uh discovered to have been doping through either their own admissions, sanctions from investigations or um or other erroneous or or suspect test results. So 20 out of the 21. Uh they actually didn't award those uh those years to anybody. Just like nobody won those years. They're all all doping. So we started looking at virtual cycle and we were like nobody's gonna cheat on this. Cause like it's a video game right? Um but you know as people have started to have four money competitions uh in virtual cycling. I I found this noted internet expert who said things that that this is such a big sport you know lots of money on the line. It will sure to happen. Um so how does virtual cycling work? So it's a game put together with um a couple of sensors. It's just like any other like large multiplayer online game. But these sensors measure the athlete's real performance. There's another aspect to it that um the rider sits on what's called a trainer. Let me see if I can get my video going here. So the rider sits on a trainer and they take the wheel of their bike off, mount it on the trainer. The trainer does two things. It measures the power and then it also offers resistance. And the resistance is what you know makes the work happen right? Uh typically the trainer also measures cadence. How quickly the pedals are turning over. And it then they'll wear a heart rate monitor to measure that aspect of their performance. All of this feeds into the game. And from that the games have a speed estimation model. It's based on a few things. It's really pretty simple. There's a terrain model for the course. Right? When the course goes uphill the game increases the resistance of the trainer so you have to work harder. And and of course that elevation change the slope of that feeds into the speed estimation. Uh your power is an input to it. Two other things are controlled by the by the game player. There's the rider mass. You just type that in and your height. Now mass is pretty obvious. The lighter you are given the same power the faster you go and the faster you'll go up hills especially. Um drafting though is what the uh the height plays into. Drafting is not just like a little thing in cycling. It's like the thing. Um that it's a big part of strategy and how riders and teams ride in competitions. And so they've emulated this in the in the game as well. And your height goes into that. And um the the games aren't really clear about how it works but there's good evidence to show um that that if you're a shorter rider drafting behind a taller rider then you're gonna get a drafting boost from that. So the easy ways to cheat um are just to make yourself lighter and shorter in the game. Just change that. And in fact there is a redditor that pulled together a bunch of data looking at uh how often people change their height or weight right before an online virtual cycling competition. And there's links to that uh on the website that you can go take a look at. Um so there's evidence that people are doing that as well. But you can't just use those to like get maximum super power. Um they're they're the bicycle police out there in the world of online cycling. Um the game that I used for this was something called Zwift. There's others out there uh but Zwift is definitely the most popular. And Zwift published some e-racing guidelines. Um and written by lawyers um really kinda interesting though talking about um performance limits. So in Zwift performance is measured in watts per kilogram. The idea being you know if you're a taller, bigger, stronger person then you have more muscle. Uh and so your wattage output can increase. And it's a watts per kilogram over a duration of time. Um so for example if you exceed five watts per kilogram over a twenty minute period you're gonna get flagged for uh potentially a follow up investigation. If you exceed twenty watts per kilogram for a five second period like a sprinter might do at the finish of a race. First of all you're like super human. That's like amazing performance. But second of all the Zwift bicycle police are gonna come looking at you potentially. And we'll talk about potential ways you could cheat given this performance review board. So I chose to put together a hack so we could cheat at this game using the sensor network. And the sensors are an 802.15.4 ish protocol um called ant plus. That's the RF link between the sensors and the USB dongle. Uh there is optional encryption that can be turned on in ant devices. Nobody turns that on. Um so that wasn't a problem. Um but we wanted to have a way to be able to influence these sensor readings directly. If I can control the sensors then I can control the game. And so the easiest place to do this was the USB interface between the USB ant dongle and the PC running the game. And so I built a tool uh for some commercial work that we were doing. Uh and I wanted to retask this to something fun. And so we picked Zwift on this. And so this tool is called USB Q and it's it's put together so you can explore and hack application level protocols that are flowing across USB buses. Now there's a lot of prior work in USB hacking. Uh there's tons of stuff you can go read about. Uh it just Google Face Dancer and you can find uh a couple of repositories and there's a bunch of people who have contributed great tools for doing the kinds of USB explorations that you might want to do. If your objective is to target the uh USB drivers or operating system interfaces of a USB host or peripheral. So they can do all sorts of interesting tricks with Face Dancer. You should definitely take a look at it if that's your objective. Um there's also uh tons of great links under this uh Hardware Village USB links uh uh page put together by Andre Kahneloff. Go take a look and find that. But the first thing I'd recommend if you want to start hacking on USB is just use TCP dump and wire shark. Really simple always works. Um and on a Linux host you can plug in a USB device, use TCP dump against a USB mon interface and get captures of USB packets. Um USB is a networking protocol which is kind of counter intuitive because you see serial in there. Um but wire shark is great at looking at this. So when I was working on this commercial project doing this USB hacking uh I knew about the Face Dancer code and that was what I thought I was going to end up using. But I had one challenge in this project I was working on. It was a USB uh high speed interface. So I couldn't use the Face Dancer board which uh which only supports USB low speed. Um there is there was some hardware out there and I'll talk about that in a moment. Uh but it was uh it was at the moment you couldn't just buy it. You had to solder it together and honestly my soldering skills and PCB assembly skills are pretty pretty bad. Uh so I knew that'd be a big waste of time. Um but I did find a tool kit put together by a named ben named Benoit Cameron of US of Airbus Seclapse. Uh Benoit built a pretty cool tool and he polished a paper about it that's linked to on the site as well. And so it was a Python 2 user space and the loadable kernel module that could be installed on a Linux kernel running on any board. Now the board has to have two things. It has to have a USB host interface and a USB device interface. The device interface is um it is what re-exports that to the host. And so some boards have that some don't but the Beagle Bone Black is a good easy to find choice that does. But I had this idea because there's a few things I wanted the tool to do that it didn't. So I just decided like let's just do a little short project to rewrite the whole user space side of this. And and that's what ended up being USB queue. So USB queue like I said the thing it's good at is for when you when you're not trying to attack the operating system or the drivers but you want to be able to inspect and modify the application communications that go back and forth. Um and in fact you know I didn't want to break the drivers right I need those to work. And so with a board like the Beagle Bone Black uh you can set it up plug your USB device into one end of the board plug the other USB interface into your host computer and then install the loadable kernel module. You can start up the USB queue user space application and then it'll receive packets over UDP uh when they come in from the device process them however you wish send them onto the host and the reverse. So now there's just another tool in the in the toolkit out there for you to work with. Um but some things that have changed on the face dancer side that are worth mentioning. Uh for one there's a new board out by Michael Ossman called the Great Fit One. Um and that is has higher speed USB interfaces on it. So uh that's a good board. You can pick them up now and just buy them they're like a hundred bucks. Uh I've got one and I've just started fiddling with it. You can also use USB queue with a with a off the shelf piece of hardware like a Beagle Bone Black that you might have. And I'll talk about how I used it in the application hacking. So this is USB queue. It's a command line application. It implements by itself just one command M-I-T-M man in the middle and has a set of plugins that go with it. The plugins do various stages of packet manipulation as stuff flows back and forth. Let me walk you through that. USB queue is super simple. It's just got a main loop that goes on uh continuously. And in that loop it grabs packets from the device, sends them through through the tool and then onto the host, grabs packets from the host, sends them to the device and then has a tick to let uh plugins do work. For each uh packet processing stage the orange boxes. It's a really simple set of hooks that are called. Uh I'm using uh a plugin framework I'll talk about next but you can provide your own hook implementations. So there's hooks for waiting for a packet, getting the packet, decoding it into a format that you want to work with. Um logging it, modifying the packet you know so you can do whatever hack you want to do. Um encoding it for transmission and then sending out the door to, to the host or the device as is appropriate. And these again are all hooks so you can use the existing behavior that USB queue has or add your own capabilities. The plugin framework is built using a great toolkit in the Python world called Pluggy. Pluggy is super awesome. If you've worked with PyTest before you use tons of pluggy uh implemented hooks in there. But it gives a bunch of defined extension points uh that you can override or, or modify however you need. So um you know the basic tool just does USB. But if you want to do USB with an application level protocol like we did with Zwift then you write plugins that sit on top of that. Um and there's basic plugins for doing things like getting and sending packets and decoding them to escape representation so that you can then manipulate the fields uh and gives you some convenience features for development. Some of the convenience features that will help you out it'll always do a pcap capture so you can look at the c- look at what happened on the wire after you're done. Uh but most useful to me was that uh I coded an ability to be able to reload uh plugins on the fly. Um lots of times you'll be hacking things that take a while to boot up or there's a complex synchronization process something that you know like you don't want to reboot the board every time. Uh and in, in the case of Zwift the game takes like about three, four minutes to start up. So that's pretty slow. Um and so I can start up the game, have it running and then load the plugins that introduce the hacks, change stuff, unload them, reload them again. Uh and do all of that through a pretty convenient interface. There's uh Ipython console support too so you can just you know reach in there and manipulate packets on the fly. So USBQ is available now at usbq.org. It's an MIT licensed uh component uh piece of software I should say. Uh I've got some planned work that I want to work do with it. First of all it's dependent now on this loadable kernel module which is GPLv2 licensed. That module is good but it's not part of the mainline kernel. And so I'd like to work on USBQ so that it can use a native feature called USB IP that's in most Linux kernels. USB IP support is so that uh the kernel can reach out and use a remote USB device over a TCP connection. It's it's really pretty cool. Um and and that's half of the problem that I need. We need to also implement another mainline kernel feature to be able to then create the emulated USB device on the other interface of the board. So that's something that right now the kernel can't do. I'd like to see that improved. Um and we've got one working example in an out of kernel module thanks to Benoit. The great fit one as I mentioned looks like a really great board. I want to start figuring it out and see if I can integrate that with USBQ as well. Looks pretty straightforward. And then on the more important side I want to start building other types of US- other types of protocols that are right on top of USB. So that no matter what your hacking project is you've got a you've got a man in the middle tool that knows how to work with that packet format uh just by installing a new python module. But back to the cycling part and more importantly the cheating part. So like I said USBQ is just a generic man in the middle tool but I wrote it I wrote another plug-in that sits on top of it uh that I like to call Elance, the elite automatic e-sports network cheating enhancement um for my man Lance. So so there's there's a lot of great features that you you get with Elance. And how many of you guys ride Zwift? Anybody here? Alright? Okay you're gonna be winners tomorrow. It's gonna be awesome. Um because you get two modes. You get Epo mode. Epo mode is great. This is probably the one you want to start with cause cause like Mike Zussman over there. Mike Mike is like a real bicycle rider. I ride bikes like kids ride bikes. Like I just like like riding down the hills fast and goofing around and you know I just like to go places. Mike is serious. Mike actually trains. Um and and so if I'm ever gonna have a chance to beat Mike on Zwift I need its Epo mode thing. And what it does is it lets you like sustain that performance without having to work nearly as hard. So you can dial up like how much a performance boost do you want? Would 20% help you beat Mike? I'd probably need 50. Um and it also makes the world flat. So like when your avatar is riding uphill instead of pedaling getting harder you just stay the same. Only Mike has to work. And that's a good thing. And so Epo mode is what you want. It's also realistic cause like you do have to work a little bit. But for some people this this might not be good. Uh and so for you there's slacker mode. If it's too important to risk sweating this is the mode for you. So slacker mode gives you the ability to use an Xbox controller to run the game. And it's and it's really kind of stupid because it takes a game and like turns it into a one dimensional game. Like you just squeeze the trigger. I mean it's at that point what are you doing? Uh but you know you do you. Uh so so slacker mode does this for you. And I've got some new features that I'm working on. I want to do cruise control on there. That's really easy. I I actually built that and then I erased the code. Uh sorry. Um but then most importantly because the bike police are out there in the Zwift world. Uh I want to work on a mode that'll use other riders real world performance from a website called Strava. People all over the world publish rides they do on Strava and will have um their power data on there. And you can get course elevation data. So I'm gonna use that and say okay when all these other riders ride this course this is their maximum power. I just want like that plus one. Um and so then I think I can pull this off. So the Elant's plugins for USBQ are put together really cause it looked fun and is a good like example plugin for how to work with a pretty straightforward protocol like you find on Zwift. Um and so the uh USBQ gives you the blue parts at the bottom. The basic host and device interfaces. Uh the ability to pass the packets back and forth. But the orange parts on top are what are in Elant's. And if you are working on a new protocol something you know that's not in there now you'd want to write new hooks and you can use Elant's as a model for that. And so the plugins that I have on Elant's will decode these ant plus protocol packets. And plus you might not have heard you probably haven't heard of it before. But it's a predecessor to uh Bluetooth low energy and it's something that's used primarily in sporting and fitness equipment. Like if you have it's owned by Garmin nowadays. So if you have a Garmin watch it probably supports ant plus. And you can hook it up to an ant plus heart rate monitor or uh a foot cadence meter. And so when you go out and do your run you get all this data that streams off of there. Um and it's a it's a predecessor to Bluetooth low energy but has very low level security support. Pretty much none at all. You can set a network key and from that it derives an AES key. But since it's really hard to type in a network key onto a piece of fitness equipment I don't think anybody does that. So it's always in the clear. They just do a pairing stage. Step. Um but the ant plus protocol is really well documented. Um at at the website edope.bike that's the site for this talk. Um it'll link you over to find the ant plus payload definitions. And you can just register as a developer get those payload definitions. And in there there's a field that has um that indicates for power just defines what's the instantaneous power that this writer is is mashing the pedals with. And that's what we were hacking in this example. So when you put it all together you you have USB-Q in the middle and it's doing three things really well. It's modifying power as it streams past from the sensors to the game. It's uh tweaking your heart rate and your cadence to keep stuff normal looking. Uh and then it's also controlling the grade or the resistance that the trainer sets. Uh and all of this uh you guys can go do yourself if you want to. So let's do the demo. So this is uh elan's running in the top left on top of USB-Q. And then I'm gonna get it it fires up here and connects with the kernel module. And now it's set up so that my device which I've plugged in uh it all the packets are running through USB-Q. And I'm starting up Zwift. Uh like I said Zwift goes a little slow starting up. But the first step that you go through any time is uh setting up the sensors. This box over here on the left that's just a rendition of my Xbox controller. The horizontal band at the top that's the the right trigger on there. So you can see that that's my throttle input. And we're connecting over ANT plus to the three sensors I have uh for for this experiment here. And then we'll get off writing shortly. Now you may not be familiar with like how many watts you make when you ride in a bicycle. Like you know if you if you're a kid and you're riding a bicycle and you're working really hard you might be making 100 watts or something. That's that's kind of what you feel like. When I ride a bicycle like 187 watts that's that's pretty good pace. But but now I don't have to be limited by my own physical limitations and disinterest in training. Uh because I can hack stuff. 500 watts is crazy power. For me that's nutty. Mike probably does that like every day riding home uh from work. But like um you know like Homer Simpson said uh you know there's there's the right way, the wrong way, and the max power way. And so I wanted to see like we've got this big 16 bit field. Can we really crank it up? So I took the limits off and you know screw the bike police. Let's get this thing going. And so when you crank it up Zwift this is crazy power right here. You get achievements and then and then you get this one the 2.1.21 gigawatts um award. But Zwift has some senses in there. The the game like you go too hard too fast in certain sections of the course and they ding you. And they're like no you're something's broken cheater. Uh why don't you fix that? And and something you may not have seen in there you get a little dunce cap when when you do that. So when you're sensors go all wonky like that your avatar gets a dunce cap this little orange triangle. And every rider can see that out there. So if you want to pull off this trick with your friends you gotta make sure you set your power limits so you don't get the dunce cap okay? That's important. But then you know we're back to like this is really about can we cheat? Could we like really cheat in a competitive event? Um and and we've definitely like proven if you just want to cheat yourself out of out of a workout and you know drink a beer with your bike on cruise control yeah you can do that. That's not a problem. Um you're just gonna have to use sensible limits so you don't get the dunce cap. But cheating in an online race is gonna be a little bit harder for you. In Zwift every day there's just dozens and dozens of rides that they have. And there's uh a website where every rider who enrolls in a ride their performance is recorded on there. So they're winners right? And and like anything where there's a ranking some people are really super competitive about it. And and one point I want to make is that in this research I took care never to actually compete and finish in a race. Because even if you know I'm not taking this seriously but other people do and it's really important to them and I don't want to like you know screw somebody who's like actually trying to be a good cyclist. Um most people on Zwift are just there for the workout. They're having fun. But I do think it's very plausible to take a mediocre rider like me and stretch him into somebody that's more competitive. But you're gonna have to be careful about it. First of all you're gonna have to have multiple accounts. Not a big challenge. Um but you're gonna have to multiple accounts to so you can probe the limits of um you know get in the dunce cap and also in what this in any you know any time the bike police are out there you want to figure out well what are the things that clue them off. You're also going to have to with your real competitor account build an in real life track record riding that bicycle. This is because the in the Zwift e racing rules. This is part of what they look at. They want your Strava profile to be open. They want to see that you've done a lot of real world riding out there. Now luckily you can fake all that too. Uh you know you just upload data to Strava and it's like yeah you did that ride. Um so you you've got you know more hacking to do uh to pull that off. But you can just like with uh drug testing uh the Zwift e racing rules say that in competitive events that anybody who finishes on the podium top three finishers and two other competitors will be subject to the ominous sounding performance review board. Uh the performance review board has a couple of things that they talk about that they might do. One of them is they might require you to weigh in uh on video. Um so you know get busy hacking your scales so that when you step on them you actually measure lower. Uh and make some funny little rulers that are you know not quite afoot so you come out short. I think you guys can do this. Um but there's a catch we'll get to on the next slide. The other thing is that they'll want you to possibly submit at their request other uh like a second power source uh recording. So you're gonna have to get another power meter. Put it on your bike maybe on your crank. Do a ride. And then download that data file with no authentication. Um modify it and upload it to them. So I don't see a big barrier in doing that. Uh cause we like hacking things. It's not a big deal. Uh but then there's a requirement that they might ask you you know maybe if they've seen you presented Defcon uh to go to a third party verification lab where you'd have to hop on a real a real bicycle and ride it in front of people. So by this point if you've already committed to doing all of this stuff you might as well bribe lie. Do whatever you need to do. To get a third party test lab to sign off and give you give you you know say yeah he actually can generate 2000 watts for half an hour. I don't know how his muscles didn't melt. Um so get to work on that. That that's an important part of the of the Roos. Um but then not every competition in Zwift is gonna be online. Um next year the UCI is going to have a world championship of of what they call e-bike racing. Uh and this is virtual cycling. Not to be confused with bikes with batteries in them. Um so like they're gonna have a world champion of virtual cycling. That's a big deal. Um and that competition and the and the prior four money competitions that have happened in the Zwift world have all been live competitions. Things where you show up and you know maybe unlike the Fortnite championship where that kid won three million dollars and there's not like thousands of people. There's like ten people watching. Um but but you gotta do it live. And that's harder. And cause you're gonna have to weigh in and you're not gonna be able to bring your funky scale or your short ruler. Um and so you you probably don't wanna lie about that. And you're gonna have to figure out if you're gonna use this hack some way to get your exploit actually in the chain. Um and our friends at the NSA when they're not busy riding software reverse engineering tools have been building funky USB cables for years. Michael Osman also built one uh and it's really fascinating to look at it. And just this week uh another presenter had a doctored uh iPhone cable that that was like a dead ringer. So you can definitely make these cables. The hard part though is gonna be getting them onto your bike. So I don't know hire a magician or somebody with like sleight of hand skills. You know you're gonna have to figure that out. Maybe do it the NSA way and just interdict all the cables. Replace all of them with doctored cables. So then you can control your bike and everybody else's. I think that'll work. But there's other ways too that we're working on uh and hopefully it'll be simpler that won't require physical access uh just just not quite done with them yet. But I also wanna mention that you know I found out just this week uh that there's another researcher out there who took a different path to cheating and Zwift. Uh his name is Keith Wakeham and I'll have his video linked to off of uh edope.bike. And so Keith took the path of saying um forget buying hardware or man in the middle stuff. I'm just gonna build completely fake sensors. And so he has a complete sensor emulator board uh that just does away with that and he can control everything directly. Now that's an interesting approach and it definitely worked. Um but one of the things is like I you know as as um as the bike police get smarter you know they'll maybe take more steps in software to verify that the hardware is actually the expected hardware. And so that might involve probing for behaviors which are not commonly used by the game uh what can be used to at least try to authenticate the hardware. And so if those features aren't emulated your cheat might be uh be caught. So you know two different ways uh and and there's gonna be some more definitely. So wrapping up um if you wanna cheat yourself out of a workout go ahead it's it's it's totally possible. But but this this shows like the general challenges that we see in industries when they try to take sensors and software that haven't been designed for secure applications. And then shift it to a place where people like care about status and money in fame. Like what could go wrong uh we've seen this movie before. And and this situation was Zwift is just one of these things that's that's happening. And it's not just Zwift all of the cycling uh all of the virtual cycling applications are gonna have the same kinds of difficulties because they all depend on the same kinds of sensors. Um so it's just not a good foundation for security. And the second part is is that well third on the bullets here is that there's a lot more electronics and software creeping into cycling. So if those organizations that govern cycling are not already looking at security as part of you know software and electronic security as part of their uh uh competitive integrity measures they really need to start doing that because we really like hacking things. And when people have lots of money on the line they'll do weird things uh you know when it can make a difference for them. So I hope you enjoyed this little insight into the crazy world of cyclists, their cheats. And I really recommend go find something that's got USB and go start hacking with it. Uh if you wanna find all all the slides, all the links to the software, I've got a bunch of references you can read as well. So you can go find all these articles and also find all the technical details that you need. All of that's at edope.bike. Thank you very much.