After yesterdays late night with TCP, I decided to kick-off day 2 with a look at the lightning talks. Yesterday’s lightening talk from p4ula on sleep hacking was really interesting (if a little brief), so hopefully there#ll be something here to keep my interest.
The information on the lightning talks at 26C3 can be found on the CCC wiki
MFCUK = MiFare Classic Universal toolKit
MFCUK is an open-source implementation (GPL) that implements the “Nested authentication attack” and “DarkSide attack” using crapto1 libraries. This toolkit is a merger of existing projects – MFOC and MiFare Classic DarkSide Key Recovery.
The MiFare standard is used in a variety of different places, including :
- Student ID cards
- Building Access cards/systems
RFID Standard 14443A 13.56 MHz
The next revision of the tool will increase compatibility with card readers and possibly implement support for the Nokia NFC 6131/6212
Stali – Static linux
Primary focus is on statically linked binaries. This distribution is designed to have no dynamically linked libraries.
- Statically linked binaries only
- Hand-selected collection of best tools
- Radically cleansed filesystem structure
- Focus on end-user adoption
Pros of static linking:
- Smaller binaries (really!)
- Less memory footprint
- More secure userland
- Better startup performance
More information can be found at http://suckless.org or http://sta.li
Designing for socialization
Looking to create a new iPhone application designed to help people communicate and break out of their social shell.
Scan your own books to allow for full text searching and portable access to physically owned books.
Checkout the website for some great photos of other DIY scanners.
Crypto Stick (Version 2)
GPF Crypto Stick – Is a combination of OpenPGP Card v2 and a smartcard reader. RSA keys length up to 3072 bit (improvement over v1). 3 independent keys (authentication, encryption and signature)
This USB stick is used to store secret keys for things like GnuPG v2, Thunderbird+Enigmail, SSH, etc… The USB device is supported on Linux, Windows and Mac OSX (?). The project is based on open-source hardware and software.
Version 1 (Current)
- Available for €38 incl. MwSt
- order: firstname.lastname@example.org
Version 2 (Developement)
- Includes encrypted flash (MicroSD)
- dm-crypt/LUKS compatible
- Strong Aluminium case
- Securest portable data storage available
More information can be found at http://www.privacyfoundation.de/crypto_stick/ or by emailing info@privacyfounda
Hacking hearing devices
Features of hearing devices :
- Small and (nearly) invisible
- Microphones and speakers
- Powerful signal processing (recognize acoustic settings, direction, filter)
- Talk to each other
- Talk to other hardware (phones etc…)
Why hack them – If you can’t open it, you don’t really own it. Free the information and technically interesting. Current information and hardware is proprietary. This means that the devices are expensive, aren’t permitted to be sold on services like eBay (medical devices are prohibited).
- Allow for parameter adjustment
- Affordable bluetooth support – Currently very costly
- Write your own signal processing – Filter out specific voices 😉
- Hear more than normal people
- Use device to spy/record
More information, or to help with the future of the project can be found at http://hackandhear.com or through email at email@example.com
The distributed rainbow table project. So far over 1.5tb of tables created and indexed.
Focus is on LM/NTLM, MD5, SHA1 (with future work on MySQL (SHA-1) tables)
Common myth – Everyone uses SALTed hashes
Actuality – Systems still used unSALTed hashes on a regular basis
- More tables
- Maybe new format (smaller, faster)
- Maybe cooperation with other projects
- Maybe YOU as contributor
- More tables — Less mishaps !
More information can be found at the following locations :
OWASP Favicon enumeration project
Identify software running :
- Web Server
- Web app: CMS, Forum, Wiki
For the paranoid, you can change the favicon to prevent enumeration.
Gather the data using modified version of favicon.nse:
nmap -v -sT -iR 0 -p80 -n -PN –script=http-favicon-get.nse -oN nmap-p80-ir-favicon
More information is available at http://kost.com.hr/favicon.php , http://www.owasp.org/index.php/Category:OWASP_Favicon_Database_Project or through twitter @OWASPfavicon
Thanks for mentioning OWASP favicon. Correct URL of twitter OWASPfavicon is: http://twitter.com/OWASPfavicon
Thanks for the correction. I’ve changed it in the post. Great presentation. Hope to see the project results soon 😉