DEF CON 20 – Anch and Omega – The Darknet of Things, Building Sensor Networks That Do Your Bidding

welcome to the talk about the darknet of things can everybody see the slides okay everybody read them cool all right first couple introductions I’m anch also noted known as Mike or hey I respond to any of those this is omega he is not known as hey say hi hey hello okay we are here to talk to you a little bit about what we’ve built in a project that we’re hoping you guys will help us with and get involved a little bit and have a little bit of fun so let’s first talk a little bit about the Internet of Things it’s thrown around a lot you know people think that connecting your fridge to the Internet is a really great idea only if you want your temperature controlled by hackers that should be fun we’re not talking about your fridge here when we talk about things we’re talking about a network of things not things on the Internet okay there’s a huge difference I’m not going to take my garage door and attach it to the internet and call it the Internet of Things the garage door is just a thing on the internet it’s just another network connected thing right so what we’re talking about is actually building networks of of things things that do interact with one another things that that actually build their own networks and talk to one another and and create a network of things so let’s talk a little bit about it sensor networks and what they are so we have a bunch of little disks up here we’ll talk a little bit more about what we built a little bit later but basically what we have here is a small sensor network and the sensor networks take information they pass it to one another and usually compute a little bit of the information and send stuff wow really okay anyway they I’m going to have the talk louder I guess they they send stuff back in order to be interpreted interpreted by a central node and that central node is usually a part of the sensor network itself that’s what they’re supposed to do what they’re usually used for our industrial controls manufacturing tracking of equipment things like that they’re usually pretty small as far as we can tell the the some of the largest networks sensor networks independent system ever sensor networks are around the 3 4 500 center stage and then they break off and other networks so that is the next slide sorry my my laptop has a presenter view and and it wasn’t working with the projector so I’ve got the save you that you have up here so I can’t tell what’s next so it’s it’s it’s a little bit thing it’s a little bit fun thing so there are several things with with sensor networks first off zigbee is a protocol as a sensor network protocol that is designed for small sensor networks they mesh they do a lot kind of stuff well there’s also another protocol called 6lowpan and 6lowpan is basically ipv6 for sensor networks so we can actually run on these these little guys here a full wireless ipv6 stack they have a whole ipv6 network their pingable they mesh they do routing a lot kind of fun stuff and so it’s designed for it and some of those advantages are it’s a very very large address space right I have a ipv6 tunnel with a slash 48 and I have something like I don’t know there’s a lot of zeros after the number of addresses i have 65,000 / 64 s and the / 64 has got six billion addresses in it you know so I’ve got 65,000 so I yeah yeah quadrillion or a key I don’t know the name of the number he does I don’t know he doesn’t so there’s some serious advantages to that I mean we’ve got we’ve got a large address spaces we got a larger number of sensors that we can put on an address and they’re all

addressable at this point some of the limitations are it’s low bandwidth high latency typically so you know you’re the amount of the amount of data that i can push across these networks is very some very very limited in fact we’ll do a little demonstration up here in a little bit and and when i send a packet to these guys i’m sending like two bites i mean it’s it’s really really small I think my max into you is 182 bites and that’s that’s you know it causes a lot of big problems when people are trying to do large large packets on these networks because they fragment and they do all kinds of funky stuff if you want to know more about 6lowpan come talk to me afterwards I’ll go into some pretty deep detail I don’t want to glaze everybody over sitting here oh yeah they swapped wow that’s cool so this was supposed to be before the last slide but that’s okay we’ll figure it out so we talked a little bit about zigbee to its its low-power wireless network and the advantages are that they it’s really simple to do I mean you turn it on and it essentially works they talk with one another limitations are the number of sensors you can have on the networker is is really really relatively low zigbee isn’t routable it’s not a p so talk closer think he is proud of all it’s not really i p so you can’t get to it from anywhere else it’s just the tiny little network and you have a access point and you have to bridge the protocols all kinds of stuff yeah i was actually poking these from the internet the other day it was kind of fun so what are we doing up here besides setting up here you know looking at all you guys go we developed a project and it’s a project for all of us as a community to work on it’s not something that we’re trying to keep exclusive rights to or sell exclusive rights to or anything along those lines we’re trying to turn something up that the week and all kind of fun have fun with and we want to build a darknet of things we want to take hardware hacking to the next level everybody here likes to hardware hack and all that kind of stuff we got these really cool badges that lost me this year everybody give a hand to lost he keep but a lot of work into these and really seriously oh man okay okay yeah it’s my anyway so you know we really want to do something next between now and next year that’s going to make next year at defcon 21 awesome and so we want to build the largest free-roaming sensor network in the world next year we want your guys’s help okay it’s something for all of us to do and it’s something that all of us can take pride in next year when we’re all walking around with that we built that’s all talking to one another and we’re all having a good time here’s some considerations no arduino none we’re not building this on an AVR we’re not going to build it so you can hack it with Arduino we’re not going to build it so it’s it’s easy to use we want you guys to actually learn something and have a little bit of fun Arduino is quite frankly very much overdone and underdone it’s got some definite technical problems the pinout is rather awkward do you think they could have made it much more normal but they didn’t the software is pretty it’s okay you can do some stuff with it but it’s common problem is you try and use a standard library it’s too slow it doesn’t have the right API you write your own and then you’re stuck with the chip that you chose because the Arduino is changing chips about every Rev and I’ve seen a lot of cool stuff but it’s okay I haven’t even touched it personally then how many of you guys have an Arduino yeah you already know it we want you to learn something new okay so so we’re actually we’ll talk a little bit more about about stuff that we’re planning here in a little bit our stuff needs to be hackable okay it’s a hacker

conference after all right so we want you guys to be able to hack it and have fun with it I needs to be modifiable changeable bendable but yet still we need to have it a little bit stable well we need to be able to maintain it you can be able to fix this if it breaks and happens at con right you guys all know that you get you know you’ll get this and well you’ll shorter it out and blow it up or your build something and somebody will come along and pummel the network so it won’t work so we need to be able to do that so it needs to be maintainable it needs to be a network of things we’re not going to put things on a network so we’re going to build our own network of things well we have off points to the DEF CON Network I hope so i’m going to talk to a la quête about it and see where we can do and used to be free roaming so they need to be wearable movable possible stuff like that we’ve already been talking with some people we have some ideas we mocked this up these aren’t functioning yet and we haven’t put code on them but these are really really cool it’s a it’s essentially a wearable badge it’s got a 2.8 inch TFT touchscreen on it I’m going to burp just a second I love drinking beer while I present it’s awesome now I’m not that gross we also want these things to be able to work outside at Def Con you know I have a collection of electronic badges sitting in my office at home and they all work but they don’t really do very much outside of con it’s not like I put them on I go to prance around the city wearing my Def Con badge that would be kind of stupid but you know we want things to be able to work at home and at other hacker spaces and be able to have you guys be able to play with the stuff that you’ve built at home and still have it interoperate and so we’re also going to provide some of our other hardware some access points and development hardware things like that early on so you guys can actually build the stuff at home test it make sure it works before you bring it to con next year so let me turn this over to Eric he’s going to talk a little bit about the hardware I’m actually going to slide over so you can control the slides because you don’t me doing this kind of so the badge that we mocked up is as he said it’s a 2.8 inch LCD touchscreen you can get them from ebay for why it was it 15 bucks qty 1 so they’re pretty cheap it’s built the radios the network is built around a radio chip that is a single package beta to that 15 class radio and a microcontroller and all the antenna matching everything else in one package it literally needs a crystal and an antenna and power and that’s about it so that makes layout very easy if you’ve seen a lot of the radio boards out there the xB and the Nordic semi stuff there’s a huge number of little discrete parts are in there very specific antenna matching yeah it’s just easier to put in one package and freescale’s manage it done it managed to do it it’s a pretty quirky chip but it works so far the rest of the badge consists of a fairly high end LPC was at 1778 so that’s a 120 megahertz arm it’s got a memory bus so we have a sdram on here this is two megabytes you can go to like 64 touch screen controller because there’s no I’m getting analog into the main microphone making that work SD card two USB ports host and device an OTG I think a theoretically battery-powered but we haven’t gotten that far yet oh and an Ethernet site so in theory you could hang an Ethernet cable off your badge that might not work so it’s pretty heavy jtag header here you can see it on this one here standard jtekt header on this badge that might be a little sharp for a badge I’ve heard comments that even these things are kind of sharp and not sure I wouldn’t want to look that around we’re going to be posting the toolchain the schematics all that stuff on the DC gcg darknet site and we hope that you hack on it modify it do whatever you want make your own badge make it work and yeah so there’s basically the summary we have not routed

out much of the extra peripherals on the part because we just wanted to get this thing going but there’s a lot of part there’s a lot of peripherals on this chip you could do a lot of stuff that there’s a sound interface there’s you could put we’re planning on putting us an accelerometer on here or you know all kinds of stuff so in order to ease development we put together this very simple adapter it’s literally it’s the chip the antenna jtag and some pins because you it’s a full arm microcontroller on here you could write an app to do whatever you want for instance i want to put one of these in the basement of my house controlling the dampers on my air duct so I have my own little zone system and being on ipv6 network I can control it from my computer I could control for my phone I could do whatever I want and so can I there’s the problem yeah is that us yeah that’s us II you know it’s got you arts SPI ITC take your pick there’s a boot loader on here so if you put up put a you know you get a standard USB to serial adapter you hook it up a couple of pins and you’ve got yourself a loader you can talk to the computer you can run slip over the thing that’s how you get slip ipv6 into your computer you can route it it has this tiny little jtag header which is a bit of a challenge you have to get adapter but it’s not too big of a deal boot loaders your friend and then the mode that we build a bunch of this is again it’s pretty much just the chip it’s got a button an LED and a battery and we’re going to demo showing putting these on the desk here and turn the lights on yeah the way I’ve been describing this to people is this is a wirelessly connected ipv6 LED throwie yeah it has a little LED on it in a button and not a whole lot else it’s got a certain Scott the serial port out for it so you can actually attach sensors and stuff to it if you want we will actually have these in q2 an a for people that want to help us recoup our hardware costs and we have these and we have kits and we’ll give them to you for a little bit of an exchange the other one we didn’t build this one we actually have boards printed but we didn’t populate it this is essentially an access point yeah it’s Ethernet it’s not POA that’d be nice but that’s kind of big basically drop it on a board not even populate the pins on the side plug into your network and you’ve got yourself a p6 bridge I know we can even put a tunnel on the thing now imagine the evil things we could do with this so this is an ipv6 access point essentially that if I have this I one of these I can create an ipv6 bridge that’s wireless that’s not kind of show up on your wireless intrusion prevention system if you have some fun with that or what all right so we’re going to do a little bit of a hardware demonstration here and I need my other piece I’m have to plug it in here in a minute so I’m going to give my standard disclaimer about live demos this is actually a live demonstration we have not recorded this we have not attempted it in this room we have attempted at other places and whenever we do live demos live whenever I do live demos something always happens I have made several beer sacrifices to the demo gods I’m hoping that they work we’ve had some success with this stuff earlier today and it’s been pretty fun but yeah so that being said here we go you’d have a cable right yeah I got to get my cables on my bag so let me have the triple this is my friends my friend Eddie Mieses Tribble and without that was pretty funny that’s because it’s in my pocket yeah that is what she said so basically what I’m going to build here

real quick does i don’t need the programming cable i’m going to start a slip bridge between my laptop and one of the development boards we have mounted on a breadboard and this development board is attached to a USB to serial interface it’s 125 wire five wires there’s five wires for this board it’s hard to see but we’ll will show anybody that wants to see you later in QA but basically if i plug this guy in and vmware works right there we go okay fire up the everybody don’t look I’m entering my password all right so we have a ipv6 bridge here and so coatsy doesn’t come up and we see that this guy is a border router he has no neighbors and no routes so eric is going to start putting batteries in these little notes here and one should see them pop up and they take a second to boot and start to communicate with one another pray demagogues there we go look so you got a couple of neighbors and we have a yeah we should a lot for here eventually there’s three and we have listed the routes for the neighbors everybody read that okay you don’t need to jump the font up a little bit with all plus I control up there is that better until it’s okay well I can do it one more time at four and now there I love at interactive audience it’s so much fun okay so sorry what we have on these running on these moats actually right now is a version of Kon Tiki with a a restful a small cope server on it and what cope does it takes a couple of little little interactions and I can do some things with them so i’m going to start turning LEDs on here as soon as I start the white rubber the correct web browser and we will copy this address you go here and we’ll go everybody dance to the music next door oh yeah we have to put brackets around ipv6 addresses because I’m Firefox doesn’t understand them either does chrome say that again i miss the last four okay well i did miss the last four didn’t I thank you for catching that cuz i would have been up here scratching my head Oh feel okay what all right here notice that you know there’s an homage to my friends here alright as you drink the presentations get harder yeah what’s often those coming okay there we go that’s a little bit better okay so what we got here is basically I’ve got a console to cope and so I can discover this mode and it tells me that all these things are available to me to

be either read as a sensor or uses an actuator then what we want is the LEDs so I’m going to put the color here which I hope is red color is red I’m going to tell it that I want to turn it on and I’m going to put it and I got content and it got this one so the advantage to to these guys is they’ll actually mesh with one another so no I don’t want to attempt it I got one good demo out of the demo gods i’m not going to get another one but they’ll hop bellhop one another and so will be able to read them going out and so you can we can actually really have a whole lot of fun with these and we’ll be around the next couple of days to have a whole bunch of fun and we can we can help you have some fun with them i have been told by lost that there are actually power and ground headers on the badge and so if you get a moat we can actually put them on the badge and have them powered by the Deaf combadge and do some fun things with them this weekend okay we don’t have very many unfortunately they’re kind of expensive to build anyway so with that I think I’m going to go back to the presentation because yeah we’ve got about 20 minutes or so so we’re not doing too bad bit so can everybody see the potential to this is everybody can everybody see how much fun we could actually have a space like this with this many people being sitting around and having things to poke at it at different people and there’s potential for fun and for profit I mean you could build these things pretty simply it doesn’t take very much for us to put them together that’s about a nine dollar bomb on this in small quantity I was a little bit more than that but okay 950 come on more like 15 anyway um but quantity yeah yeah you’re talking quantity but we actually we didn’t have these made in a fab house we had the boards printed for us we got them and we used a toaster oven to do all the surface mount parts and no no no she hea in a toaster yeah he can be g this man works hard where miracles he’s really good he’s really good at what he does and and so you know we actually built these in his attic upstairs double our last week in a couple hours and so they’re not too terribly difficult to build and so everybody can do it it’s just a matter of actually doing it dental pick tweezers solder paste $25 toaster that come out a few hours okay now we’re going to get to the fun part why we actually are giving this talk today and how how you can get involved we felt we felt when I say we I mean Eric and I and some of the other members of some Def Con groups and some other people that we talked around last year felt that the community needed a common project to bond around and to build upon and given that common project I think we can we as a group can can do fun things I i can say that I’m not really a hardware guy I’m a pen tester by trade but getting to the hardware and then learning this this last these this has taken us kind of two years to put together but learning learning that the last two years has made me a better pen tester getting close to the hardware has taught me a lot about how things work which is what it’s all about we want to learn how things work right is that why we’re all here yeah yeah so you know learning how things work is important to us and so that that is it’s really kind of helped me become a better pen tester and it’s helped him become a better teacher we also want to break people out of the Arduino rut I see a lot of projects at our local hardware hackers group called Dirk bots which we have

anybody from Portland in the audience go to hate anybody go to dorkbot okay go to dorkbot it’s every other monday at backspace at seven really starts about 8 30 or hackers after all we’re always a little bit late so we wanted to break people out of their Arduino right I’ve seen a lot of projects based on Arduino that are really cool they do some really cool things I think we can get a quadcopter now based on Arduino right yeah could you imagine a quadcopter built out of one of these with a gigantic antenna I’m going to build run quadcopters I’m going to build a drone for next year for defcon I’m gonna have a buzzing people in the contest area it could be rad was that hell yeah it’ll be on the Internet damn straight will be on the Internet make anybody be able to buzz people in the conference area it’ll take requests a pyro guy I hate that no I really don’t i really love him he’s like a brother to me but anyway we want to expose people to a new chip I new set of chips and a something different to work on with different possibilities doing that makes us better at what we do makes us more able to do different things to learn new things I’m getting old it’s really really hard for me to learn new things but yeah that looks so young yeah that’s it’ll look young I feel hold any way compared to all you’ve all you guys out here that are like 22 and that Vegas getting drunk every night I’m having trouble keeping up this year anyway and we wanted something different and fun to work on that’s really what it’s all about is fun having fun building something that we can weaken as a community as a whole community we can take foot a take take part in and have some pride in so the goal of the darknet of things we’re going to build fun things next year that operate as a darknet of things it’s not going to be super accessible to internet because I don’t want people with it in Israel or China or oh you know we’re going to keep the apt out okay you sir get an energy shot that was awesome and we’re going to produce these for next year this is something that we’ve kind of had a dream of doing for quite some time I don’t know how many of these were going to produce all kind of depends on how much funding we can get cuz they’re pretty expensive but yeah actually that was my next that was actually my next word out of my mouth where are you raise your hand who said kicks there he is here’s somebody get this energy shot to him okay I’m just gonna throw it at you watch your head oh that was close uh no I don’t throw beer that’s alcohol abuse that could actually that could actually kill somebody all right so what we want to know is what do you guys going to do you know we’re going in we have some resources set up now to help we’re going to have we’re going to continue this this next week actually it’s going to be two weeks for me because I’m going on my honeymoon yeah contrary to popular belief there are girls at DEFCON one of them’s my wife and she’s awesome anyway the other one is his wife and she’s awesome too and so here’s some more information we’ve got dcg dark net net net and the website itself is ipv4 and ipv6 and you’re able to get ahold of it and you’re able to go look at it there’s not a whole lot there it’s a

wordpress blog don’t hack my please thank you very much I realize it sucks but it’s huh I’m asking them I’m asking them nicely hackers are nice people yeah I know I’m sitting up you’re grinning my ass off because I’m hoping you’re not going to hack my actually it’s pretty secure so don’t worry about it don’t test that this last words I’m gonna go shut it off friend actually give me just a second I’ll shut it off right now dev dcg darknet it’s ipv6 only because this is actually right now it’s not ipv6 only but it’s going to be the reason why I’m going to make this ipv6 only is we want you guys to actually have a working ipv6 network before you start to develop it develop any of this hardware and get the code that’s the first step really you need to have that in order to do any of this stuff anyway and so if you’re gonna if you’re going to try to leap and grab the code before you have it working you’re going to have a lot of problems and so this is going to save us a lot of headache and heartache so working ipv6 connectivity is a requirement go get a free tunnel from hurricane electric they’re awesome the instructions out there are are really really good set it up you can set it up on just about anything open work is great for it you just go to ipv6 a cheat and they’ll tell you how to do it this this is something that Eric is passionate about and so I’m going to let him talk about it a little bit you have about three four or five minutes I’ll be quick okay be quick about it so Mike here has been trying to set up a development environment how long have you been at it most of six months yeah so we have a tool chain GCC bin details they work fine everything else not so much if you’ve developed anything for the Arduino and actually not use the ID itself if you’ve written straight for the AVR it’s really simple you do GCC mmm you atmega328 and your files and you’re done everything just works it brings in the register headers the linker script the vector tables all that stuff you don’t have to think about it in the arm world as it stands right now for about every single chip yeah well you could just show them I’m not going to show my show your notes i can turn more leds on I have fun with that I’m mature more LED okay so it when you’re writing for an ARM chip there are 10 12 different manufacturers each of them have several different lines they have different variations of those chips there’s no consistency whatsoever when you pick a random chip like we went with the LPC 1776 we look out there we find that okay somebody’s developed something with the 1374 or whatever it is and they have the project it has make files that are usually abysmal it has the linker script they probably copied in the register headers from the IDE that an XP put out that I hate at e’s personally and you end up with this chaos you have to copy all the files that at least an AVR world just come as part of the tool chain hey there’s no you have to copy them into your project and you have to maintain them and most of the time you go download an example and you find three or four and one of them is kind of close so what’s needed is some kind of consistency in the tool chain it means some fairly minor modifications that AVR is already done to GCC bin details to make it know where these files are when you actually need a collection of these files that actually all work because a lot of the stuff the manufacturers put out are not so hot no I just was at the wrong spot if this isn’t really hard stuff it’s just kind of tedious you have to gather all the chips you have to gather all the register headers you have to figure out if there’s if we want to come up with a standard style on registers for peripherals in a VR world they’ll pretty much work the same way they all have the same name and we were looking through the code trying to get this led working on here and they’ve got like four different layers of just gpio code and

all of them are really weird and they’re built on top of each other so for people like me that used to be really ignorant of what a GPIO is and don’t know and want to learn tell them what it is please gpio is general purpose input/output it’s literally the pins on the chip chips like this come with multiple peripherals they have serial ports LCD interfaces sdram all that stuff gpio is the default operational mode for all depends on the chip for the most part so if you actually want to talk to stuff light up LEDs that’s what you use it’s a really simple thing you set the direction of the pin you set all the really it’s just the direction and whether the pain is high or low you’re looking go it’s over there no I did really put her mother yeah spread them out a really simple thing they built layer upon layer upon layer of API on top of this thing and I i have trouble untangling what the heck freescale did it’s unnecessary and if i want to go to another manufacturer they would have their own other insanity they have this thing called cmsis which i have no idea what it stands for but it’s supposed to be some kind of common API across all armed peripherals it doesn’t work it’s just it’s is it is horrible it’s if you’re programming a microcontroller you kind of odd to know what the chip does and not use a you know it’s like programming a bit micro in Java it’d be kind of that’s kind of what they’re trying to get you to do so we kind of need to wrest control of all the stuff back for the from the manufacturers because they don’t care about the other manufacturers they don’t care about consistency and without consistency developing stuff like this is a pain in the ass so what are we going to do about it well we need to get a group of people together actually care about this stuff and start acting on it he wants us to build a consistent development environment like we have for AVR yeah it’s been done before which can be done we have software people in the room right just a few yeah so we can do it power of you know the power of people that that are here really as a community we can do anything and so we really want to we really really really want to get this done i’m just going to make our lives easier as we go on so how can you get involved a couple of things how many people in your involve are involved in a DEFCON group i’m actually pretty passionate about this i just came from a panel on DEFCON groups anybody involved in Def Con group team before oh come on converge where are you no he’s not in here okay anyway start one get involved to find your local DEFCON group if there doesn’t that there’s not one that exists start one join one have fun get together with your with your group local we are willing to do for these really feedback really bad there we go for these we are willing to do custom artwork will put your logo on it if you’re at DEFCON group so we’ll put your logo on it if you’re a group and you’re registered group and you’re all good let us know we’ll put your logo on these for next year you can want you can walk around being cool anyway yeah get some hardware we’ve got a bunch of me we’ve got some of these here if you give us your email address we’ll we’ll e-mail you when we have more and we’ll mail you some and yeah well just come talk to us a Q&A will will gladly sell you some of the stuff that we have up here in order so you can start we only brought a little bit with us because it’s kind of expensive to foot out of our own pockets to to build a bunch of hardware to give out or sell or whatnot but if you’re really really really passionate about it will be in Q&A after come and talk to us we’ll get we’ll get it in your hands one way or another okay we have the bill of materials and the schematics will have the Eagle files available all that kind of stuff will have on the website freely available you can grab them bring your own boards put your own together you know or even just make your own beep be a part of this be a part of the community and have some fun with this my last point here is learn

have fun and then teach I always put teach at the end of things because we as a community I think keep a lot of our private right I don’t want him to know that I don’t know I don’t want him to know Holly how I broke his password because I’m super uber leet your lead if you teach somebody else how to do it Def Con 101 people that are sitting in Def Con 101 high was a good friend of mine he says get involved in the community ask questions talk that goes both ways somebody comes up and asks you a question don’t look at them in their face and go who the are you no answer their question have fun teach them something and they will teach you something back none of us are great at everything we do we have photos photos photos we having with us just come see him big thanks I have a lot of people to thank here especially our lives they’re sittin up here in front they put up with our on a weekly basis sometimes more than weekly we actually do something together we call hack night and so we get together and and have some fun rus-rus in here no rust on the DC 719 crew russ’s has given me a lot of ideas over time and so he he actually we’re actually developing something talking about something for next year with all this stuff which would be really cool if we could pull it off DC 503 you guys represent here there’s a few of us guys are but and dorkbot of course work dark but is where it’s a group order for these PCBs comes out of ya if you want more as our cheap and fest if you want more come get it you know come ask us about it will give you more information and of course your mom we won’t go into and do what we’re thanking your mom for but thanks alright we have like three minutes so we’re going to see everybody over in QA come talk to us by hardware