HAKC THE POLICE
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 335 | |
| Author | ||
| License | CC Attribution 3.0 Unported: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/48441 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
00:00
Multiplication signMereologyRow (database)Metropolitan area networkConstructor (object-oriented programming)Hacker (term)Information securitySign (mathematics)Computer virusNeuroinformatikInformationSpacetime
02:33
Formal languageUniformer RaumMarginal distributionInheritance (object-oriented programming)CountingGreen's functionMultiplication signCASE <Informatik>HypermediaPrisoner's dilemmaVideo gameRight anglePhysical lawNatural numberDifferent (Kate Ryan album)Metropolitan area networkHacker (term)Local ringGame theoryBackdoor (computing)Set (mathematics)Control flowBitGoodness of fitSpacetimePosition operatorReal numberPrimitive (album)Slide ruleMaxima and minimaPoint (geometry)Process (computing)Covering spaceInterpreter (computing)Computer animation
09:44
Doppler-EffektSound effectMultiplication signFrequencyDoppler-EffektObject (grammar)Position operatorMereologyWaveShift operatorGame theoryRight angleComputer animation
11:21
Shift operatorMultiplication signFrequencyNichtlineares GleichungssystemMeasurementVelocityRight angleObject (grammar)CausalityWavePoint (geometry)BitMathematicsDoppler-EffektLogical constantComputer animation
12:27
Office suiteObject (grammar)RadarMedical imagingVideoconferencingMultiplicationReflection (mathematics)YouTubeWorkstation <Musikinstrument>Network topologyBuildingRight angleSign (mathematics)Computer animation
14:04
Musical ensembleSlide ruleBEEPFraction (mathematics)Right angleObject-oriented programmingRadarNetwork topologyComputer animation
14:43
Musical ensembleRange (statistics)Chi-squared distributionRadarMusical ensembleMultiplication signPoint (geometry)Slide ruleData storage devicePhysical systemFrequencyRight angleRevision controlDefault (computer science)1 (number)MultiplicationDemo (music)Asynchronous Transfer ModeForm (programming)BEEPComputer animation
16:40
Demo (music)GodLimit (category theory)MathematicsBitDifferent (Kate Ryan album)Musical ensembleFrequencyPoint (geometry)Asynchronous Transfer ModePerturbation theoryVariable (mathematics)Reading (process)Doppler-EffektOffice suiteRadarMultiplicationCodierung <Programmierung>Data transmissionRevision controlNichtlineares GleichungssystemMetropolitan area networkTransmitterDisk read-and-write headLecture/Conference
22:11
BitFrequencyCalculationComputer animation
22:43
Service (economics)Google MapsComputing platformLimit (category theory)Dependent and independent variablesFrequencyMultiplication signSoftware testingInformationUniform resource locatorReal numberObject-oriented programmingRight angle
23:48
TransmitterNumberOcean currentFrequencySoftware-defined radioMobile appLimit (category theory)Electric generatorCoprocessorPhysical lawComputer hardwareTransmitterData transmissionRight angleSpectrum (functional analysis)SoftwareComputer animation
25:55
Sound effectDecision theoryElectric generatorOcean currentFrequencyWaveComputer animation
26:58
CloningSpectrum (functional analysis)Spektrum <Mathematik>CausalityComputer animation
27:31
2 (number)Latent heatOffice suiteReflection (mathematics)
28:24
Social classOffice suiteVideoconferencingBitSocial classStandard deviationFrequencyComputer clusterComputer animation
29:37
MeasurementInheritance (object-oriented programming)Multiplication signDistanceSlide ruleNichtlineares GleichungssystemResultantMathematicsComputer animation
30:09
DistanceGreen's functionEuler anglesMeasurementCalculationMultiplication signBit rateDistance2 (number)State of matterInheritance (object-oriented programming)Computer configurationComputer animation
31:07
Computer configurationOffice suiteComputer configurationMeasurementRight anglePulse (signal processing)FrequencyDistanceSeries (mathematics)Endliche ModelltheorieProduct (business)Dependent and independent variablesLine (geometry)Different (Kate Ryan album)Reverse engineeringMultiplication signCycle (graph theory)Error messageAsynchronous Transfer ModeReflection (mathematics)WindowMereologyCausalityTouchscreenForcing (mathematics)Shift operatorComputer animation
37:18
Connectivity (graph theory)Android (robot)Wireless LANAsynchronous Transfer ModeInheritance (object-oriented programming)ForceState of matterEmulatorInstallation artInheritance (object-oriented programming)Right angleMobile appArithmetic meanGame controllerWireless LANPhysical systemAndroid (robot)Computing platformForcing (mathematics)Asynchronous Transfer ModeVoltmeterReverse engineeringException handlingCycle (graph theory)Pulse (signal processing)BuildingHacker (term)Bit rateLevel (video gaming)Open sourceState of matterConnected spaceCausalityEmulatorComputer animation
40:00
CodeVoltmeterCodeDigital electronicsComputer animation
40:38
GradientAsynchronous Transfer ModeForcing (mathematics)CodeSoftware testingOpen sourceRoundness (object)Musical ensembleComputer animation
Transcript: English(auto-generated)
00:00
Our next speaker is Bill Swearengen. Bill Swearengen is a hacker from Kansas City. Bill has been coming to Def Con for a long time. He is a veteran of the Alexis Park. Yeah and all these new people. Um but just because he's been coming here he hasn't ever spoken be
00:23
spoken before. But believe it or not a lot of you may have felt the influence of Bill Swearengen before. For example if you drive past a construction information sign and you think every single time that should say zombies ahead and I know how to do that, that's this
00:41
guy. If you live in a non-major metropolitan area and you have a hackerspace or have been to a hackerspace that is in part this guy. He co he helped co-found the uh Cowtown
01:01
computer congress in Kansas City a few years ago. What else? If you um have come to a little thing that we call Sec KC which is the world's largest and the greatest monthly infosec meetup, that's this guy. But probably the the the largest reach that this man
01:25
has had. How many people in here are either still drunk or hungover off of booze that somebody else paid for? This guy is the uh is the uh better looking part of uh Def Con
01:41
parties. So this is Bill's first time. This is a banger of a talk. I've seen this thing before. You guys are in for a real treat. Give my friend and yours Bill Swearengen a big welcome to Def Con. Hello. Yeah so uh Juris thanks for that great introduction but so and
02:09
you actually mentioned some of the things I want to talk about. So this is my 15th year at Def Con in a row. And and so and and last year I decided it's time for me to start giving back. And so those of you that that uh have attended and those kind of things I I you
02:22
know I would say that you do the same. Start giving back to our uh you know to this this community. Okay so who's ready to hack some cops? Okay so I'm gonna tell you that right away that this talk is illegal. Okay and and it's illegal in all 50 states and
02:45
and so uh I am a little nervous being in front of you all and it's and it's it's uh not little bit not about speaking in front of you. It's not really about the legality of the talk. Uh it's really that I run with the set KC crew and they're pretty wild. Um and and I see a lot of them right up front here and I'm a little bit nervous of what they're
03:04
going to do. Um and so as I'm as I'm thinking about it right. So this morning when I was thinking okay how's this gonna go I realized that there's probably gonna be a few times in this talk where people yell Bill you suck! And right and so about 50% of those time I expect that those might actually be my friends so just take that take that as it is. I
03:26
don't think that guy was my friend. Okay but I I am serious so some of the things we're gonna talk about today that if used are a federal offense okay. And so what I'm here to do is just kinda talk about it and explore it and explain how they work right. I'm
03:43
gonna try and do a good job and explain what is a good idea to do and what is a bad idea to do to do but I'm gonna leave that up to you uh for your own interpretation okay. Um and and also I I do realize that the talk that I'm about to give is very US centric um and so when we talk about the technologies that are used and the laws uh that
04:02
we will break um they're you know they're they're US but so for those of you that traveled a long way to get here uh to to attend Def Con um I think that the technologies will will uh translate pretty well um but do a lot of your own research about your own laws and and and go from there. Okay so given given the topic and the
04:24
nature of this topic um I'm not exactly sure if I will or will not get arrested during this talk um and so I I have I have consulted with my attorney and everything like that and so but I figure just in case it'd probably be good to go ahead and post the slides up up right now um and so there they are and I wanted to give a shout out to SetKC let's
04:43
hear it one more time SetKC. Alright um next if anybody has any questions after the talk or whatever please see if I am in jail and if I am bail me out and I'll be happy to answer any of those questions. So Benson already kinda talked about I've been in this space
05:01
before um so about 10 years ago I owned a website called iHacked and and one of the things that I released was a device that would trigger uh the emergency preemptive devices that would turn street lights green right um and it was awesome man it was really cool we'd be driving around you know just like it was green lights all the way and you can go as fast as you want um and I got a lot of attention about it um I I got interviewed uh by you
05:24
know a lot of a lot of different media Wired was one of them um and and I thought that was pretty cool but um so I I learned I've I've grown since then you know that was 10 years ago um and I've learned a few things first um you know you you really probably should consider talking to the media about committing federal offenses right um that that was uh
05:46
that was that was not that didn't actually work out very good for me um and and also it was really interesting the the quotes that came out of that right so so I was giving a very technical uh you know interview to to Wired um you know and talking about 5 5 5
06:01
timers and the way that that we can interact with with the preemptive devices and my quote that I got was that I'd take the highway to work right alright uh but but more importantly right um don't talk publicly about committing felonies alright so it turns
06:21
out that it is a felony to to sell buy or use a MERT um you know so the preemptive device uh punishable by up to 2 years in prison with a maximum fine of 10k um or both whoo so well I'm out of jail and fines are paid so let's do this again alright so here's the thing
06:43
I I'm a hacker I've always been a hacker I'll always be a hacker um and when I think about what what that means to me and why and how I ended up this way you know I I really do think it it you know it really kind of goes back to to my dad right so my dad was an engineer I mean he spent the time with me as I was growing up to to to question
07:00
and and try to understand and and explain and the way that that things work in our world right um and and just question how it works so I I've spent my life uh you know very curious trying to understand uh how do things work and why right and and how can I make sure that that I am in a position that I can influence those devices to to make my life
07:23
better right um so I want to take advantage of my world in any way possible and and I think that as hackers this is our game that we can win um so before I get started I do want to read an excerpt from the hacker manifesto real quick um and it it says and it
07:40
just clicked off but it says I'll I'll paraphrase here but yes I I am a hacker and my crime is that of curiosity uh I do not judge people by how they look but what they do and what they know right and so I think that really is a good ethos as hackers to have um and and and I hope that our community stays strong that way okay please if there are any local or
08:06
federal law enforcement in the audience please raise your hand and and and I understand that that that that might not be you probably don't want to do that but I but it's for a reason um so so first I I'm gonna be using some audience uh uh participation and and you do
08:21
not want to be selected as that audience member so any any local federal law enforcement please raise your hand okay I got a couple how about any undercover any undercover uh okay you're right yep so I I I can't believe that worked um but but I do believe that I just one spot the fed right there um okay but uh really really why I
08:44
want to do that is I don't want to live in a society without laws I really do respect what you do um your mission and and that's not the point of this talk right um and so I I don't want you to feel like targeted or or you know or anything like that in this talk um it's really about the technology and understanding and being very curious about how
09:01
that works okay um and and I will tell you for specifically for those that that are in law enforcement there's gonna be a couple slides in here where you get a little nervous um and um it's okay like uh uh just trust trust me we'll we'll get through it together um I you know and and and everything's okay um so what we're what we're talking about
09:21
um it just gets right up to that spot um and then I stop so uh trust me on that okay so story time um I've always also been a speed junkie I mean if you take a look at some of the things that we've done you know when primitive traffic lights those kind of things just always kind of been a speed junkie um fast cars motorcycles etcetera um I love them right
09:43
but what I don't enjoy is all the speeding tickets that go along with it um and so a few months ago I'm sitting on the side of the road um with some blinking lights in my mirror um and I started thinking like what is radar like how does this work um how how can how
10:02
can I outsmart this how can I how can I take advantage of of my position to make sure that that I'm going to win this game um and an interesting thing is uh I as I'm sitting there I thought about a story my dad told me one time and this goes back when I was very little um he told me that um that that he had some friends that were taking apart
10:22
microwaves um and using the magnetron in the microwaves to to to jam radar um and you know and as a kid I I didn't really understood what that meant I didn't understand how that worked I didn't really understand but for some reason that that stuck with me right so that that little that story that that my dad told me it stuck with me and so as I'm
10:43
sitting there I I decided well I should probably figure that out okay so it turns out um that that radar works just by measuring the doppler shift of sound waves so we've we've all seen that before right we we've heard that sound and and and probably everybody
11:01
here under has a has a very basic understanding of how radar works right we we know that a signal is sent um it is reflected and it comes back to you know to the the sending device and it and it measures our our speed right um and and what what's really interesting is when you start looking at at how like how does this work it's actually
11:21
very basic right so when you take a look at at the doppler shift um and the way that that we measure that um what we can see is that police use high frequency radio waves and and they're actually microwaves actually to to bounce off objects and then they measure the shift using this equation in the in the return frequency to to measure the
11:41
speed um now what's really important and I'll keep calling this out during this talk but this is a very important point here radar measures speed okay so so what does radar measure come on tell me speed okay that's very important and you'll understand here in a
12:01
minute um and so and and here you can you can see the equation but basically um you know you can you can read that they measure that the change in frequency over the sent uh frequency and it equals two times the velocity of the target over C was constant of time um and now that I rec I you know I do understand that now that I've shown the math we can kinda all go home right cause everybody understands what we're
12:23
gonna do right I I get that okay um but okay so let's shift gears a little bit um and and and before we start hacking let's look at how police use radar um and and I do wanna say I apologize for the the quality of of this uh the the image here the video here but a
12:43
hundred percent of the police polled uh would not let me film them radaring people um and they started asking a lot of questions and so I left I found this one on YouTube okay um but one of the one of the really neat things about RF radar um is that the officer can kinda just set it and forget it just look look at the video it's just sitting
13:03
there uh it's radaring the cars as they go by um and and he and the officer doesn't have to do much right also what's incredibly neat about RF based radar is they can drive while they're doing it um we've all been radared by by police uh you know passing by
13:20
those kind of things and what's neat is the way that these radios work is they're transmitting this frequency and they're receiving signals back from multiple objects right um the the device can determine its current speed by the reflections that are coming back from stationary objects like trees or signs right or or or you know other station
13:43
buildings other stationary objects um and then calculate the speed of the moving objects based off of that um and some some of the more advanced radar systems that police can use can even track multiple targets and even show which lane of traffic that they're in um I just think that's really cool um you know I I think that that's very interesting that the
14:02
way that this technology works um and as as we really start to dig in um and and understand okay what is is happening um you know with with our radar this this slide is also very important so a very tiny fraction of the signal sent is actually reflected back to the police radar system right the the rest of the RF signal continues to to go on uh
14:25
bouncing off of trees um can uh scattering off oops scattering off the car um you know but but it continues to to to go and that's that's really all I'm trying to show on this slide is that it's just a little tiny fraction of what is sent that's returned back. Okay so
14:44
X-band, K-band, K-A-band. Ooh I forgot about that one sorry out there guy. Um so police radar it really comes in three uh major forms and and you guys all probably know this right so um but this slide if I were to take a picture of a slide it'd be this one um and you'll understand why but but X X-band is was kind of the the de facto back in the
15:06
day right um so it's kind of like the the older uh the the older radar systems that really aren't used much um in in today's um next is K-band um and believe it or not K-band um is is used worldwide and it it but it is the most commonly used radar in the United
15:26
States um so it if if you were to take you know if you were to take a a poll K-band still remains the default radar system um it's also classified as the grocery store band um because it's the same frequency that that the doors um at grocery stores use and so um if
15:43
any of you guys have radar detectors and seen false alerts it was likely K. Um K-A is is the new um the the new multi-mode version of K um it's the it's the emerging system um and um I I mean it it's definitely in use uh around now just uh there's also the K-U
16:03
band do I have any K-U any people from K-U? Alright so so K-U band exists but no one's ever paid a ticket for that so right um yeah um actually K-U band is is uh is the European K-A so for anybody in Europe I have the I have the signal or the frequency is there. Okay so
16:23
does everybody at least have a basic understanding of what radar is? Okay um does anybody remember what does radar measure? Okay thank you that's very important I really only wanted to to make sure that that point was driven home. Okay so it's time for a live
16:41
demo okay um what should we not do at Def Con live demos but we're gonna give it a shot. Okay so I do wanna take a volunteer up on the audience and as I was looking across one person's kinda sticking out um I have sir would you please join me on stage? Okay so
17:09
oh my god that's the other half of Def Con parties right there. Okay so what we're gonna do um the demo that we're gonna show is that I'm going to uh give our mister police
17:23
officer here a radar gun um I am going to walk towards him and I am going to return the same frequency that he is sending to me which should indicate that I am standing still. Okay? Then I am going to slightly adjust the frequency sending uh and I will stand still and I
17:42
will indicate that I am moving. Um and and I realize that I don't have any good way of of demonstrating this to prove to you uh that this is happening so you're just gonna have to trust me that this wasn't all lies okay? Is that good there? Okay so I have two
18:12
different versions of radar guns here. One just commonly off the shelf um radar system and a Hot Wheels one. Um the the turns out the Hot Wheels one was a little bit easier to modify
18:25
for my needs um oh and if there are any people from the FCC here um I I I've got you know I I wanna tell you that uh that uh it it's all good I I stayed within the legal limits. Okay okay so the first demo is gonna be you holding down the button
18:46
radaring me I am going to return the same frequency to you um and and hopefully if all goes well you will not get a reading here we go. Okay you ready? We believe you! Okay now on
19:05
the second the the second demo what I'm going to do is I'm going to slightly adjust the frequency of this gun um and what what I'm doing is now using the the Doppler shift because I know the exact frequency that that gun transmit I am going to return a signal that says I'm going a certain speed. So a hundred and eleven miles an hour. Alright you
19:50
somewhere right? Okay this is where it gets good. Oh man that was good. Okay so can we do
20:12
the same thing to police radar? Yep. We could build a device um that that says and transmits that we are always going sixty five miles an hour. Okay um since we know uh the
20:25
vehicle speed that we want to go um we just have to solve the equation for uh two other variables right and that would be uh the frequency that uh that that's sending to us um and um and uh well I guess that's it I only have to solve for one and then and the change
20:40
the change of frequency from there but using the using the math. Um and so it turns out that if I needed to to uh to defeat X band radar and say that I'm going sixty five miles an hour all I have to do is transmit at ten point five gigahertz. I don't have to do any kind of a special encoding uh there's no packets it is truly just a microwave signal at
21:03
ten point five gigahertz. Alright if I would like to do the same to K band radar uh which once again is the most commonly used radar in the world um and the US uh all I have to do is transmit at twenty four point one two gigahertz and that will return
21:20
that I'm going sixty five miles an hour. Um if I would like to so so KA is a little bit different um it's it's a multi mode transmission but uh believe me uh if you were to transmit at thirty three point eight uh you're gonna you're gonna get away. Okay? Um and and as I was doing the math here I started to think okay remember my dad? You remember
21:41
that story about the microwave? Uh did that work? And it turns out it did. Um if we would've had our microwave oven transmitting um back in the day when they were using X band radar it the cops would've seen that I was going negative ninety seven million miles an hour. Okay raise your hand if you know where this is going. Yeah alright. Well here we
22:13
go. So it um the interesting thing though is uh so let's take that sixty five mile an hour example. We we have a little bit of a problem with that right? Uh so if I was always
22:24
transmitting sixty five miles an hour or if I was always transmitting at at a certain frequency I've already shown you that that some of those frequent they're they're ranges right? Um and and the calculation matters um but but really the the biggest problem is is if I was always going sixty five miles an hour what happens when I go through a school
22:43
zone? Right? Um and and we don't actually know what frequency the the police radar is sending. Well friends I gotta tell ya we live in interesting times. So we live in the
23:01
future right? Uh the world's information is at our hands right now right? Um and we can do with it as we please. Um and the newer radar detectors uh specifically the Valentine 1 and the Escort 360 detect the radar signals about two to three miles ahead and via bluetooth can share exactly which frequency we're being radared with. Do you understand?
23:28
Okay? So real quick I do want to give a shout out to TriWolf thank you so much for where yeah there she is. For finding she was able to find me a very consistent location to uh to uh run some tests would be a good way. Testing yeah. Perfectly legal. Official
23:46
business. Okay oop. I went one too far. Okay so all we need to do is we would just need to build an app that knew exactly what the current speed was uh the current speed limit uh using the the uh Rhodes API. Um a way to detect what frequency that we're
24:05
going to be radared in about two miles uh the current generation of radar detectors do this. Um and then uh cal- calculate the frequency of the speed that we wish to go based upon the the current speed limit and transmit. Right? Um all we need is a very
24:22
very small processor to do this. Uh you know up here I I'm showing an ESP8266 uh we don't need much to do that. Um the uh one of the one of the issues is that currently the the common commonly available SDRs uh or software defined radios that that are available to us currently aren't aren't working in that high frequency or or microwave space. Right? Um
24:43
so so they're they're actually much lower on the spectrum. But if you take a look at the hardware that it would take um and and just even the way that that SDR is progressing um we could build this device very very trivially for about seven hundred bucks. Okay? Uh right now. And that and most of that most of that cost would be around
25:02
the SDR. Right? Um and the high frequency transmission. But but um the FCC is is not gonna want you to do that. Um so the FCC is very strict about radar jamming and they've actually been um illegal since uh 1996. Um that means that anyone that uh that that
25:27
uses or sells the devices um you know could it could be a federal offense. Right? Um and and I they they are serious about it. Um and so and and not only that like they're
25:40
so serious that you're not even able to like they they are so concerned about radar jamming that you're not even able to advertise. Um right so it's actually against the law to advertise radar jammers. Not even just use or or or sell. Um and so and and right now when you take a look at it you know a seven hundred dollar device it it's really
26:00
not that cost effective anyway. Uh uh yet. I mean it'll get there. Um and and knowing the way that we can do this and and when those devices become available that's when you can make a good decision. Alright. Um so so the FCC won't let us speed um you know or let me be me so let let's see. Um what what other effective countermeasures
26:21
uh do are available to us? Um and and they're and they're the common things they're the common things but but the if you have not used the radar detectors the the the current generation radar detectors they're they're tremendous. So so earlier I I I showed you how how that the the the radio frequency uh continues to scatter right? It
26:42
continues to go and it continues to bounce around and the current generation um of radar detectors are are picking that up very very good. About two miles and and Waze is really good. But the problem with radar detectors the problem is that they suck when it comes to to detecting laser right? So you've probably heard that that radar
27:02
detectors today um when when you get hit with with a laser all you're going to do is that just tells you that you're going to get a ticket right? Um and and and most people probably feel like the the cops are using laser anyway. Well we'll slow down trigger um cause we've got some neat things to talk about. So the FCC doesn't even regulate the light spectrum. That's done by the FDA. So so let's hear it for light.
27:28
Come on light! And it also turns out that that these laser guns they're very different than their RF cousins. Um they they use an eye finder to to to single out a
27:41
specific target ok? Um and if if you take a look at the picture I have here you'll you'll notice that that there's two lenses one for one that's uh the the transmit that's the smaller lens um and then one to receive that's the larger and that'll be important here in a second. Um and what's really interesting and what what I love about laser is the officer has to treat it like a weapon. Uh it has to be they have to be stable. They
28:05
have to point. They have to single out a target and they have to find a reflective surface on your car to get a signal back ok? Um so generally speaking what they're after is they're looking for those for your headlights or your uh license plate or those sweet sweet
28:21
fancy blingy grills right? Um and here's what an officer sees when they're targeting your car. What you can see in this video is you see an officer trying to to get a lock on a car um and then the second one it's a little bit harder to see when when they do. Ok? Um but because laser is regulated by the FDA lasers have to be a class one laser.
28:46
That is the same uh class as a laser pointer. Laser guns are laser pointers ok? They have to be eye safe which means that pretty much uh you know the the amount of
29:00
reflected laser that's coming back to the police officer is very very little. Ok. Also um because it's regulated by the FDA they are restricted to the the uh the actual frequency of laser that they can use. They have to use a an eye safe laser um and and they they
29:21
have standardized on 904 nanometers. Uh this is an invisible laser beam um but what's great about this is it's standard. There's one and it's very weak and we can buy them too. Now another thing uh what does radar measure? Well laser does not measure speed. Laser
29:47
measures distance. Ok super important slide here um I'm gonna give you guys time to write the equation down. Um like if you if you know if we have any math majors you can you know kinda like tell people you know explain how this works but speed is is uh a result of
30:03
distance over time. I saw somebody take a picture of that slide. Ok. Now now the issue is that um laser guns uh when they when they do measure distance they're doing it at a rate that that's that's a very aggressive usually around 100 to 200 measurements per
30:23
second. Um and so that really kinda goes back to by the time your radar detector has gone off um the laser gun has already acquired your speed um and in fact many times over. Right? Um and and that's the calculation that the that the you know the gun is using for distance. Um but here's where it gets interesting. Ok here we go. Alright. Whew it
30:46
turns out that in about two thirds of our country um represented by the green states that are super cool um laser jamming's perfectly legal. Um the yellow states are not as cool and I just literally don't know what the fuck is going on in Virginia. So we have a
31:09
couple options um this is the one that I'm gonna go with. Um it's not really effective but it's hilarious and it makes it very hard for the police officer to get a lock on my car. Ok or or or we can attack the gun. Let's attack the gun. Alright here we
31:25
go. So first we have to know exactly how these laser guns work. Um and before we get started I I'm gonna show you an example of timings. Ok so the timings that we're gonna talk about here will will not be for every gun but the frequency that we're using is. Um and and what's and what I wanna met under want you to understand is that once you
31:44
understand how they work you will understand how to attack every single one. It only comes down to a matter of timings. Ok. So the things that are really important here um are the pulse width, how long the laser is on, um and the period cycle which is how
32:00
often it shoots. So in in in this demonstration I show um a a pulse width 1, 2, 3, 4, 5 pulse pulse pulse pulse pulse. Those are pulse width right. Um and the period cycle of a 5 millisecond period cycle ok. You'll understand here in a second. Ok but this part gets really important. Ok so when the when the gun sends a series of pulses what it is
32:26
expecting is a return. Ok and that return measures what? Does anybody remember? Booze. Booze. Distance. Distance. The pulse measures distance ok. So when your car
32:41
gets hit by the first pulse does that officer have a lock on your speed? No. No they only know how far away that car is. It's not until the second, third, right? You know until they can start that gun can start getting a lock on your on uh on your speed. Right and so that's why why the why the uh why why they they measure so many times and in
33:04
one second 100 or 100 you know 100 to 100 200 to get your speed. Ok. So let's go ahead and and zoom into this pulse period and let's talk about some countermeasures. Alright. So these red lines indicate pulses from the gun. Pulse. Pulse. Pulse. Ok
33:22
everybody good? Alright. And and it it expects to get a return. Pulse. Return. Ok. But we have a 5 millisecond window that we can return our own. Ok. And what does la laser measure? Distance. Distance. Ok. So it does not measure speed. Right? So if we were to
33:48
return a pulse before the reflected one we can tell them how far away we are. Alright? So what I'm gonna show you is a brute forcing method. So uh just imagine driving
34:02
around knowing exactly which frequency you're going to be lasered with it's always the same 900 904 right? And every 1 millisecond putting a pulse. Ok. So what um now the interesting thing is in in your brain I know where you're going cause I went the same way as well if if I turn if I turn an immediate an immediate response am I telling the cop
34:25
that I'm going 97 million miles an hour? No. No. What I'm telling them is that I'm very close. Right? I'm 100 feet away. But then they get another one. He's 100 feet away. Then they get another one. He's 100 feet away. I'm going 0. Right? Um yeah.
34:43
And so most of the guns believe it or not so there there's probably I don't know 9 or 10 different models of of laser guns on the market. Uh this method comes back with an error message. Just a simple brute force 1 millisecond pulse will return an error message to the gun. Now um there are a few models uh that that have implemented countermeasures to
35:03
countermeasures um and we'll talk about that here in a second. Um so so commercial uh so some of the the newer guns that what they will do is they will they will recognize I sent one pulse out and I got 4 back. Right? So that's that's not right. So they'll they'll they'll actually laser shift like they'll shift their pulse width um to to account for that to
35:25
find an empty spot in in the return the return signal. Um but but we can counter those too. Right? So once we understand how the gun laser shifts, what is expected result? We can shift our um our uh response to that uh just as easily. Now what's
35:41
interesting is because of of the the pulse width and the timing we can identify the gun by the second pulse. So when we get it once and then we measure how long did it you know so then we move immediately into brute force mode. Right? Um then we receive another one. Now we can identify exactly which gun we're being targeted with and we can
36:04
implement countermeasures from there. Um and so I'll I'll go through those here real quickly. Um so a countermeasure so what you're seeing here on the screen the red lines indicate a pulse from the from the laser gun. Um the the orange uh the orange indicates our reflection and the green is what we're returning to the gun. Um so what we can do is
36:22
we can vary our own returns. Right? So imagine if we if we understood that we have a 5 meg 5 millisecond window to return uh that the first time we we return a very early signal we're we're at 600 feet away. Right? And then on that second pulse we've identified who the gun is. We know that we know exactly which gun we're being targeted with and we
36:44
can move into we can move into countermeasures that but we we then say that we're further away uh perhaps uh you know a thousand feet away. Now to that gun we're going in reverse. Right? And then we can continue on with with strategies like that that they continue to to even bypass even the most laser guns. Um and commercial laser
37:03
jammers are already doing this. There there's a couple there there is a couple different commercial uh products that you that you can purchase that are already that are already implementing uh these countermeasures. Um and so I just want to uh let you know that those are available. Okay so um a a few years ago I released a uh a tool called
37:24
Cocha it's an ESP based uh Wi-Fi hacking tool um and and and you know and and basically what what I've done is like okay let's let's build on that platform let's continue to stay with the ESP8266 um it's a build platform that that I'm very comfortable with that uses the Arduino um and the Arduino platform um and we can and
37:45
and we can uh build off of that. Well so what I'm gonna release here is is Nachikacha um and so so what Nachikacha is is an ESP8266 based um laser jammer. Um
38:00
it's based on 12 volt circuitry um for easy auto automotive installation. Um and uh it uses on the same 9 uh 940 uh no it should be 904 but um it had it implements brute force mode meaning that it it's pulsing at at a 1 millisecond pulse rate. Um that will bypass 80 percent of the laser jammers um that are in use right now. Um it will not jam
38:26
the the more advanced DragonEye um uh systems that that uh that that implement countermeasures to brute force mode. Um however um you know we're we're doing this open source right and so um because because commercial um commercial jammers exist um it
38:43
should not be it shouldn't be too difficult for us to reverse engineer um the the pulse cycles that that those more um actually I don't know if that's legal or not. Um let's not do that. Let's build our own. Okay. Um so um wireless connectivity Android app um it's legal in some states right remember those green states? Oh I forgot to
39:01
mention I don't know if you saw that but on that that uh map where where uh laser jamming was legal Colorado wasn't on there and I'm like come on Colorado I thought you were cool like I just couldn't I don't know. Um it also can lay it can uh emulate laser guns so you can test uh your your own uh you you can test it you can you can test your um
39:22
yeah your radar detectors etc. Um yeah and and turns out MERT mode would work okay too which would be uh green lights but that's a super bad idea and probably probably shouldn't do that. Um okay well so I'm just gonna tell ya like not your conscious
39:40
freedom um and this is this is how we we can take control of of any systems that that are targeting us. Um we uh hey audio guy's gonna get louder in a second just FYI um and I just wanna say go America um except for Virginia cause I don't know what's going on there. Um uh so real quick this is kinda what it looks like uh bill of materials super simple. Um
40:05
we're looking at an ESP8266 and an LED array essentially and a 12 volt uh circuit. Um cost is 8 bucks. Um so so code's available now it's kinda janky but that's how it goes
40:26
Defcon um and I actually meant to bring one I ha I have one here um but I broke it uh yesterday when we were prepping for the talk. Um I know bill I know. Um so seriously I you know so it is being released open source uh the brute force mode works um I I I cuz I
40:46
tested it I live in Kansas it's legal there. Um and um and so you know really there's only round one I'll continue to to to post code um and I I would really expect or I would really hope or and appreciate if anybody would like to to help me build a uh a fully
41:00
open source uh laser jammer that that competes with uh with the commercial grade equipment. Um so with that guys thank you very much I had a great time. Um I really appreciate it.