Video thumbnail (Frame 0) Video thumbnail (Frame 7172) Video thumbnail (Frame 10822) Video thumbnail (Frame 11377) Video thumbnail (Frame 11703) Video thumbnail (Frame 12131) Video thumbnail (Frame 12476) Video thumbnail (Frame 16621) Video thumbnail (Frame 17110) Video thumbnail (Frame 18111) Video thumbnail (Frame 21466) Video thumbnail (Frame 25080)
Video in TIB AV-Portal: WIRELESS VILLAGE - PiClicker v2.0

Formal Metadata

BSSI [Brain Signal Strength Indicator]: finding foxes with acoustic help
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
Present, and (hopefully) Demo using a raspberry pi to detect wifi signal strength via audio click frequency.
Slide rule Context awareness INTEGRAL Multiplication sign Computer programming Area Revision control Web 2.0 Frequency Medical imaging Optical disc drive Military operation Information security Wireless LAN Systems engineering Injektivität Context awareness Collaborationism Trail Demo (music) Interactive television Database FLOPS Sound card Process (computing) Software Software repository Infinite conjugacy class property Revision control Connectivity (graph theory) Configuration space Right angle Information security Table (information) Asynchronous Transfer Mode Row (database)
Module (mathematics) Slide rule Default (computer science) Mobile app Thread (computing) Link (knot theory) State of matter Multiplication sign Connectivity (graph theory) Workstation <Musikinstrument> Control flow Cartesian coordinate system Mereology Perspective (visual) Computer programming Web 2.0 Type theory Pi Different (Kate Ryan album) Flag Error message Address space
Internetworking Frequency Demo (music) Personal digital assistant Multiplication sign Thread (computing) Flag
Point (geometry) Game controller
Point (geometry) Web 2.0 Addressing mode Multiplication sign Order (biology) Right angle Bit Computer programming Number
Slide rule Multiplication sign Configuration space Right angle Musical ensemble Instance (computer science) Connected space 2 (number)
User interface Demo (music) Inheritance (object-oriented programming) Code Multiplication sign Direction (geometry) Source code Electronic mailing list Planning Line (geometry) Revision control Mathematics Word Personal digital assistant Different (Kate Ryan album) Intrusion detection system Configuration space Information security
here buddy thanks for uh thanks for coming to my talk and showing some interest I'll be showing this slide again during the questions portion so you can write that down or follow whatever so my name is Steven my friends call me Stevo this is my 11th Def Con and my first time as a speaker so yeah that's kind of cool this is my third year participating in a wireless capture-the-flag my team has won three years in a row and two of the years we won a black badge my day job is I'm a system engineer or ops guy there's a lot of people like to call it and at night I like to play with security stuff so now Rick gave a breakdown of what foxhunting was I'm not sure how many of you guys were there when you saw him go over that but basically they release people out there with Wi-Fi foxes in their pocket that have a be SSID and associated with it and we're supposed to go out there and try to track it down follow up where it is and ask ask the person if they're the Fox one of the new challenges which kind of cool I wrote this into my program is crack that the WPA so anyhow the the Fox is actively avoid you so if you have like a Wi-Fi cactus on your back and you look like you're looking for somebody you're not going to catch the Fox because they're gonna avoid you and sometimes I can go into non-public areas and go hide and stuff so you have to like wait it out or what have you so you have to you have to kind of be stealth about it and that's kind of what this tool what it is based on is the ability to just have like your PI hiding in your backpack or you know wherever you want to put it and strict for the Fox from odd audio cues so I just kind of went over this Wow why why I built this and an inspiration was kind of like a Wi-Fi Geiger counter I wouldn't be cool if you could like walk around and you know the frequency of the clicks would increase as you got closer to the the Fox so last year my team captured the flop Fox with version 1 of this software and it's on github you can download it now and you can like throw it on your PI if you can get it to work that that version has click only so it's just sound the configuration wasn't dynamic so it didn't have a web UI or anything like that and there wasn't any external interaction like pulling from a API or something like that so version 2 is what I'm hopefully going to demo today if things go well and I'll go ahead and release that version to my github repo after Def Con this has a web UI it's team aware so I have a slack integration so you can you can put a slack command in say like add fox with the bssid and it'll talk to the database and my device will go and grab that dynamically it also has a Auto cracking feature with Wi-Fi - really cool tool it like it's point-and-shoot it's it's really simple if you haven't used it I'd recommend giving it a shot it's pretty neat I have other ideas and actually 0 was just talking to me about it maybe doing a little collaboration with this so yeah might might be cool I had a lot of fun making this too by the way so a minimal setup which is kind of what you see on the table here is gonna cost you about 90 so this particular version is running Kali on the Raspberry Pi so it's a Kali image I'm using an Alf adapter that can go in a monitor mode and do package inject injection it has a USB soundcard because I couldn't get the onboard version to work and it's a little particular about the USB soundcard so some of them crashed so you have to find the right one I'll probably work on that later I didn't have time this this go-around obviously you have a battery pack and headphones so this is you can come out
and look at it or this is what it looks like picture wise and all Ola post a link to the slides after so you can download them so from a program flow
perspective so me as a user I have my my phone with me and I'm connecting to a shared ap between me and the pie and I interface with a web UI where I can issue commands I can select what bssid I want to scan for and there's also a flag to auto crack so it's not turned on by default in the background it's got a the scan the cracking adapter basically that does the scanning the signal scanning and does the cracking the the program is controlled and it has a shared state among all the threads this is the first time I've actually written a multi-threaded application - which was which was interesting so it's got a UI module which you'll see where you you control it a sound module which is what controls what is played sound wise signal scanner which is telling it's constantly pulling when this is turned on telling you what the the signal strength is and it depending on what the situation is it'll play different sounds and there's a module that pulls the the API to see if there's new foxes and it'll play sounds depending on if it successfully successfully pulled it or it had an error and I don't know you might you might hear both sounds you might just hear one and yeah so I kind of went over that the slack part so the team can be sitting at the the workstation and they could type a command into slack that'll add the the MAC address of the bssid that'll in turn go to a flask app in AWS and the PI clicker will download the latest data yeah so it's just kind of an interactive component not I do some of this for work so the slack stuff and the API was kind of fun to do so yeah I think I kind of
went over some of the design principles now I'm gonna try to do a live demo I have screenshots just in case it doesn't work I practice this a couple times so like we'll see we'll see how this turns out all right stand by
initializing this controller VSC at 192.168 point
0.106 container we have seen at 192.168 point 0.106 all right so sorry about that didn't realize I don't have the microphone so I am going to I clicked on the wrong one I have to activate peas by the way so all right so that's the sound where it's not picking up signal and this should pick up in just a second any time so who wants to who wants to go like run away all right here you go yeah you need to come back yeah I had like my AP back Thanks yeah so you don't need to go very far like you know I'm gonna go down that way a little bit and he's holding it up to his badge now it doesn't do anything with the badge go out go that way a little bit I wanna I wanted to disconnect and play the sonar sound you guys hear this okay all right cool hey what's going on to the program here is like this is the debug stuff it's not gonna be nearly as verbose you know when when it's actually enabled all right so we lost signal all right you can come back now oh did you did you uh did you hang on just okay if you put it in tin foil to stop responding to what's that I think there's a lot going on in this room too so it kind of makes sense we're did switch off no it's possible someone's messing with it too like that's that is a very anyway so it especially when there's not a whole lot of interference it actually works pretty well so in order for it to start cracking it needs a number of successful polls how many's it's at right there okay 18 so that should be enough and we're going to me see here you guys
haven't seen the web UI yet Abia sorry about that I forgot that I had it up here all right so does it say navel we're
cracking enabled I get it sorry it's a little awkward you know you gotta you gotta have something to listen to what it's doing its thing [Music]
and I may have lost connection to the PI let me make sure yeah [Music] second [Music] all right so that's Wi-Fi doing its thing now I need to connect to it so it can properly D off [Music] all right did did it cap it yet I can't tell all right all right so now it's doing this cracking [Music] and it's a pike because this isn't very fast I thought about offloading that to the AWS instance as well but didn't have time [Music] any day now [Music] alright configure BSC that 192.168 Saturn they're like okay you can go on to the next one you can go grab the Fox and say this is the passphrase so don't need any of those slides now this was
just in case the demo got walking all
right so does anybody have any questions what's up like it was like super secret secure passphrase or something like that what's that yeah yeah anybody have any other questions or that word list I was like 200k or something like that the word list this this year is like six but 335 K I think or actually I'm sorry lines so words yeah yes features I want to add Bluetooth scanning III also during the during the signal scanning portion it's actually going through all the different BSS IDs and names I also want to generate a list of BSS IDs that are dynamic in that web interface that I showed you so that I don't know you can you select one of those without having to actually do any configuration like I said I didn't have time to do that but yes no pictures I guess have I guess actually I have one so like my thought is like when you're doing the fox hunting is you use omni to like get a general vicinity and then like when you have a lock on the fox and you can use the direction one yeah so that's that's the plan anyway yes sir I have thought about that I have thought about that but math is hard and I didn't have enough time so but yeah that that that's awesome suggestion I have thought about it but yeah I didn't yeah maybe Version three and like I said like the the source code is gonna be online so like if you guys want to contribute feel free it's it's totally welcome if you can bear my crappy code so alright guys well thank you very much and thanks