Building the Hacker Tracker

Video in TIB AV-Portal: Building the Hacker Tracker

Formal Metadata

Building the Hacker Tracker
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
In 2012, back when DEF CON still fit in the Riviera (RIP), I recognized a gap to fill. I wanted to create a mobile version of the paper DEF CON booklet that everyone could use at the con. I was unable to attend the conference that year. I was 8 months pregnant with my first child, and because I couldn't be there in person, I spent a lot of time wishing I was. So I built it. I spent countless hours pouring my heart into what became the Hacker Tracker, shiny graphics and all, and was committing code up until the minute I went into labor. Fast forward a few years: Seth was frustrated with the lack of a mobile app for iOS while attending DEF CON. Subsequently, he found the Android version of Hacker Tracker and reached out to me about creating an iOS version. I was thrilled that someone wanted to join me and help grow the project. Not long after that, I recruited Chris to work on the app as well. Now, 6 years since its inception, a small team supports the app development across iOS and Android and the apps are being used by half a dozen different conferences, representing several thousand users. From nothing to something, we've experienced quite a bit in 6 years. Join us as we share our moments of joy, fear, and panic,"things not to do", and more.
Ocean current Android (robot) Mobile app Open source Software developer Multiplication sign Information technology consulting Revision control Coefficient of determination Hacker (term) Damping Computer engineering Information security Metropolitan area network Systems engineering Software developer Moment (mathematics) Data storage device Independence (probability theory) Unit testing Cartesian coordinate system System programming output Right angle Family Sinc function
Point (geometry) Android (robot) Mobile app Information Mapping Feedback Data storage device Multilateration Mereology Cartesian coordinate system Event horizon Revision control Personal digital assistant Hacker (term) output Right angle Whiteboard Hacker (term) Marginal distribution
Point (geometry) Scheduling (computing) Process (computing) Computer file File format Point (geometry) Website Line (geometry) Mereology Scheduling (computing) Event horizon God
Point (geometry) Android (robot) Mobile app Scheduling (computing) Computer file Multiplication sign Source code Hidden Markov model Product (business) Software bug Twitter Revision control Crash (computing) Hacker (term) String (computer science) Dependent and independent variables Validity (statistics) Software developer Data storage device Bit Open set Parsing Process (computing) Rootkit output Normal (geometry) Right angle
Android (robot) Mobile app Scheduling (computing) Greatest element Multiplication sign Menu (computing) Software bug Element (mathematics) Twitter Revision control Medical imaging Goodness of fit Mathematics Term (mathematics) Different (Kate Ryan album) Hacker (term) Operating system Extension (kinesiology) Error message Mobile Web User interface Focus (optics) Touchscreen Information Bit Line (geometry) Cartesian coordinate system Graphic design Process (computing) Computing platform output Freeware
Point (geometry) Mobile app Scheduling (computing) Email Easter egg <Programm> Feedback Interface (computing) Multiplication sign Feedback Set (mathematics) Mereology Flow separation Code Event horizon Software bug Twitter Revision control Goodness of fit Bit rate Different (Kate Ryan album) Googol Password output Traffic reporting
Email Android (robot) Greatest element Mobile app Covering space 1 (number) Online help Mereology Event horizon Bookmark (World Wide Web) Software bug Revision control Crash (computing) Hacker (term) Software design pattern Information Cybersex Area Email Information Software developer Feedback Bit Line (geometry) output Right angle Hacker (term) Resultant
Web page Internetworking Code Software developer output Cartesian coordinate system Twitter
Android (robot) Mobile app Backup Scheduling (computing) Open source Parity (mathematics) Multiplication sign Source code Online help Insertion loss Solid geometry Event horizon Twitter Front and back ends Revision control Fluid statics Hacker (term) Different (Kate Ryan album) Software design pattern Extension (kinesiology) Information security Touchscreen Information Software developer Feedback Data storage device Content (media) Planning Cartesian coordinate system Data management Process (computing) output Right angle Musical ensemble Scheduling (computing)
all right so right off the bat I just want to say that I'm disappointed that my like talks on security unit testing just don't get this many people right man that's probably more important so we're just gonna switch it up and that's what we're gonna talk about instead okay all right all right we'll talk about the hacker tracker so right off the bat I am Seth Law I'm an application security consultant I've done development in the past I actually started my career at Iomega anybody here remember the zip drive yeah okay I was not responsible for the click of death that was not me blamed the hardware engineers right if you lost data that was not my fault that beats me I've been around for a long time I've been coming to Def Con since Def Con 8 or something like that but now I just do application security work I'm an independent consultant so that's me I do the iOS version I'm gonna turn over to Whitney really quick hi everyone I'm Whitney champion shortstack I've been doing the Android version of hacker tracker since 2012 so I'm a systems engineer out of South Carolina Android is a hobby for me that's why this guy's here now but yeah thank you guys for coming hey guys I'm Chris Olson I was a vice dog I met Whitney at DEFCON 24 and started talking to her about a hacker tracker because I liked using it but I was like I feel like it could be better right and it was open source I was really excited I'm like oh I can totally commit to this you know I could change things and I start talking to her and she was totally cool with me changing things so I joined the team started working things and I took over deaf the Android version for hacker tracker it for 25 and 26 so the current version yeah McDonagh ton rewrites pretty much it's a whenever I'm bored I guess I just look at hacker rock I'm like how could it be better so any performance you enjoy I spent way too much I liked that is a running theme as we spend too much time on it I've got my family here they know like the last couple of weeks especially every spare moment of my time has been all right can I get this in so I can get into the App Store so we can actually get it into the iOS version so the first thing we're going to talk about is where it came from I joined the hacker tracker team or the iOS version was started in about 2014 I think it was something like that right so it was a couple years after Whitney did the first one so we'll let her talk about what she came up with and then we'll move on to you know when iOS came and you know how we've done things what had happened was so I wasn't able to go to Def Con in 2012 I've been coming since 2009 I was really bummed that I couldn't be there that year so I wanted to give back in some ways I wanted to contribute I was pregnant and couldn't leave so I spent probably two months pretty much pouring my heart into the float was the first version of Android which is what you see here which is don't knock the awesome Photoshop skills I know it's just mind blowing but that if you came the first first version was like 2012 2013 and that is what it looked like and it's just beautiful so that was the first
four years and that said he joined a couple years later and did iOS version the iOS version you'll notice that that you know that all the other margins are off and things like that we had a lot to learn about actually how to put this together again you know awesome Photoshop skills as you can see nowadays we've got actual designers that work with this a little bit we'll get into that a bit later but you know the first iOS version Hank the version that made it through the the App Store that most of the attendees downloaded actually crashed for the first two days of the conference right it was not necessarily in my case this is a successful effort I remember being pretty disappointed that I couldn't push through the version that I wanted people to have and that's traditionally that's what happens to us is we have these ideas Chris pushes something we talk about it we put it into the app and then whether or not it actually makes it out to you there's another story that being said we've had a lot of great feedback so we'll step into some of that here in here in a minute now it's
official right this makes us happy DEFCON actually brought us on board when was that twenty yeah so it was what 2015 26 yeah 2016 I think it was was the first year that hacker tracker was the official app of DEFCON and now actually Chris and I this year are members of the info booth team so we are related to the guys that you're seeing sitting around in the booths telling you about maps and other things we're working with them closely Melo's helped us out immensely to actually get events and get them into the application but we are the official application for DEFCON obviously that's why we're here that's why they promoted at each of those info biz it's so that you have this information at the palm of your hands I mean part of the reason that I wanted to do it initially was the fact that I I had the booklet and it just wasn't tenable I had my phone with me as well and I got involved because I wanted to be able to track all these different events and actually do something I saw that Whitney had the Android version and thought yeah we can do that on iOS as well pain points now
there are a lot of pain points first off
is scheduling you want to talk about this yeah so scheduling for the first like three well actually until this year when so Seth will get in to his part of this after I talk about how difficult hand jamming thousands of lines of JSON was for the first several years it was mind numbing the other part was all the villages all the like contests all the events all the talks everything was in a different format so there was no like easy way to go scrape every website there was no easy way to get all the data it was very much a manual process so I don't know how many hundreds of hours we spent staring these files oh my god I'm glad that those days are over especially this year there's what like twenty eight villages something like that and every single one has a different format so hopefully that will ease up going forward
so yeah if you if you've never hand written json files and made sure that the modified date has changed at 2:00 a.m. you just have an experience joy right nice it's really easy to do and really easy to mess up and then the application crashes or if you're dealing with the iOS you know json parser and happen to have an arrant you know newline character inside of a string you want to know what happens to iOS yeah it crashes right so there's all of these pain points that we have dealt with with the schedule now the next one is you know don't trust the hackers first well I mean as soon as I got involved we started advertising out on Twitter hey guess what we've got this app that we built for Def Con how many people do you think actually downloaded the app that first year guesses five there's some trusting people there's more trusting people out there than that but our biggest response on Twitter was exactly this no no there's no a download that right you guys are shady it doesn't matter that the source code was all out there they were like who are you nerds putting out this app especially for the Android version because you know that that's just kind of a free-for-all but they're like there's rootkits don't do it there's they're gonna take your data they're gonna steal your pictures don't install any of it so and so the answer is yes we have all your data right just let's just get that out of the way we'll move on you're supposed to say that oh sorry sorry hmm okay the other thing is bug fixes at all hours how many people here are actually like iOS developers that push things into the App Store we got a couple of you I feel your pain how easy is it actually push bug fixes into the App Store quickly easy no it's very difficult right and we'll get into this in a little bit but you know this was realistically our lives over especially the month before DEFCON his the bug fixes and when that actually has to happen yeah I had the luxury of being able to blast anything to production at 3 o'clock in the morning after six shots in whoo what's gonna happen so that was that was a toss-up between Android and Apple for us yeah I've had a little more validation on his end I did and it's but
it's about finding time I mean obviously we've got normal jobs right I guess kind of normal jobs normal jobs and so actually finding the time to put this together it's not necessarily something that you know just happens in one afternoon as much as we would like to think we're great developers there's always bugs there's always things that there isn't happen in that no it just doesn't happen afternoon it happens at 3:00 a.m. when you push directly to master that's when it happens after the
kids goes yeah all right waiting unredacted anybody seen like the mobile operating system in the iOS version yes why why do you think that is okay this is the app review process okay we get random people that are looking at the application and I've marked the app that is explicit but you want to know what all right so so it's okay for in the app for us to say damn and hell yeah and everything else but you know what I can't say jailbreak just I can't say that that's not okay so last year especially this became a huge issue I've had I've had I just got rejected you know three days ago again on the latest version that I want you guys to have in your hand for iOS and it's because it says hack and it says you know there's other things that are in there that whoever it is that's in the app review process that's looking at the application actually thinks is hey you're promoting hacking there's like the whole Apple Terms of Service and like we're doing our best as realistically what it is and we're coming up with ways to actually get around this so they're redacted in there that you're seeing is because we yeah we've just learned that if we do that if we take out the term watch OS or we take out the term Mac OS that they accept it but if we don't and it happens to be in somebody's talk then they won't write so I feel really bad for the the speakers who's whose title of their talk is jailbreaking mac OS or something like that because it's you know redacting redacted right sorry that's all yeah that's all I can do we're doing our best okay okay so last year we did it we did a big overhaul and even this year you'll notice it's a lot different than those images that we put up there first I'll let Chris talk to the Android version first sure so DEFCON 25 was the first version that I came on to it so I did a ton of different changes and all that stuff so pretty much from the ground up I rebuilt the app and probably multiple times over the year just because I got a lot of free time but like a lot of the focus is just trying to figure out exactly how we can make a like a hacker conference good in terms of schedule because we don't really know there's like guidelines I guess out there of what what we could do and what we can't do but we're trying to figure out exactly what kind of information you need and like what you want and everything like that so we're also trying to do a lot of stuff just like everything from the ground up rebuild it and make it impressive you know from like and like I've rebuilt it mobile times also for Def Con 26 like for that example for last year hacker tracker on Android was about 19 megabytes this year it's about 4.2 is insanely small it should be the fastest smallest Apple and your phone hopefully and that's pretty much what I've been doing is just trying to make the best app for you guys you know because I found if if I hate it then you're probably gonna hate it you know if it bugs me it might bug you but it'll probably bug you eventually yeah so the whole idea is that we want it to bug you right like I even just saw a bug pop up on my phone on the reminders for iOS that's yeah but last year we did a pretty extensive overhaul of iOS as well we've got the animations that are in there if you've seen like the little jitter as it starts up yeah that's us stealing I mean that's us just animating the initial screen that you're on right there's it's not sending data anywhere right but along those lines we've upgraded right we don't know we don't support iOS 9 anymore I like I may try and push a version out there especially for those of you that have burner phones that have decided that we're all going to hack you because you're here yeah so we may support that in the in the future I'll do some downgrades to make sure that we can actually support some of those older versions of iOS but that is kind of a forward-looking thing when I tried to compile it initially I got a whole bunch of error messages for iOS 9 and so I scrapped it right there's only so much time in the day the other thing that we
did last year was the UI redesign we actually engaged with a graphic designer Chris Mays who may be here in the room somewhere Chris are you here all right I don't see him Chris actually worked for a company last year and their graphic designer was willing to chip in and help us actually do some of the UI design so a lot of the elements that make it look a little bit more polished came from her that was Megan she's listed in the iOS app and and it has made things more streamlined it's made it's easier to actually use and navigate the one thing that we did away with this year was the tab bar down at the bottom for iOS we moved to the menu so that we're trying to get more of a unified look and fill the other thing is we do support multiple conferences has anybody here used hacker tracker at a different conference no oh we had a couple okay yeah they're nowhere near as big as DEFCON DEFCON is definitely our primary conference but we support shmoocon Tork on we did hack West we did a couple 'besides events during the year so if you would like to use hacker tracker at other conferences just hit us up on Twitter it's not difficult we've structured the app so we can load
different conferences in there and make it easier to use and and a community resource the whole idea is the codes out there it can be reused these other conferences could compile it but we've got the ability to actually switch and use it within the same interface okay all right so high points so I think one of the most fun parts of the last few years that we've had is hiding Easter eggs in the app so several people have come to me to hide things for different contests specifically the DC darknet challenge that's been one of my favorites because we've done that probably three maybe three years now we one year I had a password in the app and a bunch of you came to me to get the most ridiculously dumb unicorn sticker and I don't know why any of you took the time to come find it because it's horrible but there it is sets went to the trouble of making stickers and hiding things an iOS version as well so it's it's been a lot of fun to like engage everybody and just try to do whatever we can to get other contests and events of all involved this
has been especially interesting we've gotten good attendee feedback we've gotten bad attendee feedback and we've gotten weird attendee feedback but the good attendee feedback has been by and large the best especially since Chris joined and input and a lot of work I don't have nearly as much time anymore to contribute so he's done a huge it's been a huge effort on his part to make it as awesome as possible for you guys on his end and so is Seth so the reviews that you guys have given us are just amazing and especially like the ideas you've come back with like feature requests bug fixes bug reports like all that stuff has been amazing so just like keep sending that because it helps us and it helps us make it better yeah okay you if you review us four stars and say some schedule items are wrong just hit us on Twitter please don't feel rude in our rating we're trying you know hit us up on Twitter we'll fix injuries hard the app rater and eventually cuz I all the negative feedback I get an email I read it I get depressed it's not the right thing for my feelings don't make Chris cry
this is probably my favorite email I've gotten so far there have been a lot of worst ones but this is definitely the best my emails been hacked when I reply to certain people that tells me it came back unreadable with crazy text covering up my info but bottom line the last part is the best if it does will it report the hacker to the police no it will not I never heard back from this guy I also did not respond so I mean I thought about but he says I've been having issues with cyber stalking so I decided to avoid that one yeah so like we were
saying last year Chris took over the Android version Chris Mays has helped me out immensely on the iOS version he's like a full-time iOS developer he's on the A's in the app if you if you see his name you know click on him give him kudos as well because he's been a huge help and actually debugging and making sure that the app runs expectedly it doesn't crash you know a lot of good just kind of overall design patterns and things like that have come from his brain and I was hoping he was here so we could you know recognize him a little bit but that's fine but otherwise right just getting feedback from you has been the best thing right if you use the app and there's something that bugs you like Chris said let us know tell us about it if you haven't downloaded the app go download the app and use it make sure and update the events because it is being updated every yea pull pull to pull down to update because that'll actually get you the latest results and the latest events that are going on and what's going on right now but let us know if those are wrong but also let us know if there's something in the app that is an issue especially if the app crashes so we've got a whole bunch of lessons learned right first of all
haters are gonna hate yeah so some of you are mean just saying the first couple years well first four years at least from my end was soloing this which means like a lot of late nights staring at this and then I would get on the reviews page and I'm like holy shit you people can be evil I already know this because we're on Twitter we've seen the worst of the internet but I think it definitely garnered some thick skin over the years so yeah the three of us have poured a lot into this and we've realized so you can't please everybody so the best we can do is just try to make it as good as we can for all of you guys but I will say it has been highly entertaining reading some of the stuff that we've gotten over the last what six years yeah I don't know what you got on your end all the iOS developers they're totally trustworthy and nice people the other
thing we've learned is that like taking feedback right obviously Twitter is a great way to do this you can hit us up that's why our handles are there in the applications but aside from that if you hit us up on github that's where we're actually tracking the code and you put in a you know pull request or you put in an issue we will track it in there and close it out so you know that that we've looked at it and we've done something with it yep we do have to wait I have to
wait I have to wait like I said there's a version that's out there that's hopefully going to be released soon I get denied on expedite requests I waiting on jailbreaks whatever right you know the other thing that I was thinking is that we could push it to like Cydia the you know the jailbreak store is anybody here using a jailbroken device even as a burner so I mean if there's enough of you that are doing it then I'll look into it and we'll push it that direction because it'd be a lot easier for me to be to push in there for Sarek than it is to actually push into the App Store I just am not sure if Apple is gonna be too happy about that you never know
back up plants you have to have backup plans right I think we've kind of learned that we don't have a solid backup plan so we've we've tried various different ways of scheduling and this actually ties into what you've built over the last I don't know how long you've been working on the on your event manager so we've tried pulling from the info booth we've tried static JSON so we've kind of tried to combine the two of those and have some like main dashboard for loading all the events and because it's just gotten so big and so many villages and so many pieces of this that we've got to streamline it some more yeah guesses on how many events we have in the hacker in hacker tracker this year all of that I wish but I don't think we have gotten there how many how many did you say okay keep going up keep going up keep going up close just under 1000 we're probably around 800 right now that you can actually do and that's between parties events and all the different talks contests yeah especially the villages hey I mean we're at 25 plus villages this year and each village is basically its own conference right some of those villages that like the content that is there is bigger than the other conferences that we've been talking about so you know we're trying to give you ways to actually filter things and actually you know do searches that's where you're gonna have to become familiar with actually get that data pack right okay so going forward first of all we we want it to be more streamlined the whole process from the feedback to you to actually us getting the features out the ios/android parody to make sure that they look somewhat similar so the experience on both is the same now that is difficult based on the design patterns from Android or from Google versus the design patterns from Apple but there's a lot of different apps that do this we're gonna we're kind of creating our own look and fill and we will be you know maintaining that parity to some extent right the scheduling application like Whitney said we built a back-end - hacker tracker and if you can find it insert event kudos to you right that's a yeah that would be a challenge but most likely you won't be able to figure out where it's at so it's fine it's fine don't worry I know I did that was stupid I have been here for too long yeah so the scheduling application is gonna make this a lot easier we are coordinating like I said with the info booth next year I were probably gonna take over info DEFCON org right and so we're hoping that we'll be able to bring that into parity with what the app looks like it just depends on the time if you are interested and have development skills and want to jump in and help us out let us know we're always looking for more people to help I mean how many hours did you spend inputting if anybody likes data entry juhi nice we need a mindless factotum who's out there you can't leave until we find one come on more conferences like I said before if you're attending a conference and they don't have a scheduling application let us know we'd be happy to add that data to hacker tracker to the backend and actually push that out so it becomes more useful realistically we want this as the go-to for not just DEFCON but for the community for the wider security community or development community for that matter I mean how many people have used an app did you use the blackhat app this year how awesome was that yes that was great yeah no okay okay well that's all I'll say on that feedback is always welcome so as always I get like Seth said feedback is always welcome hit us up on github hit us up on Twitter if you want to contribute do so it's all open source it's all out there the three of us are responsive pretty much all the time if you want to contribute please do we would love to have you and we would love the help yeah okay it's open source but please don't be too critical we're on a time crunch things are messy we'll fix it up later next year next we'll be back any questions I think we only have a couple of minutes before the DEF CON 101 panel is coming in here yeah how do you pull yeah whenever it on iOS whenever you pull on Android there is a there's a poll should be sending Vidya could be 15 minutes I don't know it's mainly about how Android and work manager I kind of specify seven days but it'll kind of hopefully if you're on Wi-Fi it's like all I'll do it now or whatever yeah but you can also do it manually so we're we're throwing in updates like this whole week it's been pretty much hourly though we've been adding events so just yeah just swipe down just like when you go to that first event screen just swipe down let it refresh because there's other stuff that's being added and those those dates change and we're getting told that we need to leave the stage so we got 10 more questions before we'll leave no no I wait wait no no I need the mindless factotum first well thank you for using the application follow us on Twitter leave us feedback and I hope it's useful that was the whole reason that we built it as we wanted something so it works for us but if it doesn't work for you it's not you know it's not as cool so yeah so Dale Mota download us it download it and let us know what you think okay [Music]