1 / 45

Intro for new WCTFers

Get started in the world of Wireless Capture the Flag (WCTF) competitions with this guide. Learn about RF technology, legal considerations, tools, and techniques for interception and exploitation. Discover the hardware and software you need, as well as tips for selecting the right antennas and radios. Get ready to tackle challenges and score points in WCTF competitions.

robd
Download Presentation

Intro for new WCTFers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Intro for new WCTFers

  2. Reason behind the WCTF Use of RF technology has exploded RF used to require special and expensive equipment Safe Environment $20 gets most signals of interest

  3. Legal issues to be aware of IANAL, neither are you Consult your local laws (fcc.gov) Restrictions for telco services (pagers and cell) Wiretap/Dual Party Consent

  4. How we do this • WiFi Flags • Crypto • Keys • Hashes • Communication interception • SDR Flags • Protocol reversal • Demodulate files • Rx/Tx

  5. Recon • Know your wireless neighborhood • WiFi • Kismet • Airodump-ng • SDR • Freqwatch • gqrx

  6. Exploitation Do your homework on the tools Practice in a safe environment Score the points!

  7. Platform Selection Internet access A device with USB tether Laptop (PC or MAC) Multi core processor (high end for SDR) 16 GB ram or more (especially for VMs) Hard drive space for all the things Screen with space for multiple terminals External Radios/antennas Internal radios generally do not give the optimal capability Built in antennas rarely give flexibility needed Power-Supply Enough outlets to power all of your gear Possibly powered USB hubs

  8. Operating Systems Pentoo GNU Radio Live Windows Kali

  9. Software Tools Aircrack-ng Kismet-ng Airodump-ng Wireshark TCPDump Nmap PGP/GPG inssider Reaver   Pyrit OCLHashcat Wifite Fern-wifi-cracker Airdrop gqrx dsd Channelizer multimon-ng smartnet-scanner GNUradio OsmoComSDR EyeP.A. SpecTools Baudline Gr-fosphor pixiedust Custom tools

  10. Hardware Tools Metageek Wispy DBx Signal Hound BB60(x) GSG HackRF Nuand BladeRF Any RTL-SDR GSG Ubertooth zigbee radios Rosewill RNX-N600UBE Alfa AWUS036NHA Alfa AWUS051NH v2 Ubiquiti SR-71 Airpcap Nx TP-Link WN722N Globalsat BU-353 GPS Custom transmitters Rokland n3 Pwnie Express PWNPad Hak5 Wifi Pineapple Wired and wireless Tap USB hub USB power USB ethernet Headphones Antennas(assorted)

  11. Helpful Radios Alfa radios (ABGN) Rokland N3 (BGN) Rosewill N600 UBE (ABGN) SR-71 (ABG) AirPcapNx (ABGN) WiSpy DBX (2.4 and 5Ghz) TP-Link TL-WN722N (BGN) Ubertooth One (many uses) HackRF One (SDR) RTL-SDR (SDR) Nuand BladeRF EnGenius EUB 1200AC (ABGNAC) Signal Hound B60

  12. Headphones There are thousands of headphones Headphones are a very personal decision They range in price and quality Find a pair that are comfortable and clear Avoid ones with bass boost or other signal processing Reference type headphones tend to be cheap and well suited

  13. Something to carry it in Pack Pelican case Vehicle (MRAP)

  14. Antennas for WCTF • Two relevant polarization types • Horizontal • Vertical • Three basic radiation patterns • Omni-Directional • Most common type • Radiates “equally” in all directions (horizontal) • Semi-directional • Radiates stronger signal in certain directions • Highly-Directional • Radiates a much stronger signal in one direction

  15. Omni Directional • Radiates equally in all directions on the horizontal plane

  16. Semi-Directional Radiates stronger signal in multiple directions

  17. Highly Directional Radiates strong signal in a signal direction

  18. Target Selection Look for “hot spots” Determine what the limits are that you are working within Look for beacons that are within your target set

  19. Transmitters to be found

  20. Putting it together In WCTF as in the real world: Right Tools for the Right Job Know your tools and limitations SDRs and GNURadio provides easy access to much of RF and rapid construction of custom tools! Now to put it into practice…

  21. What am I seeing/hearing? http://www.sigidwiki.com/wiki/ Signal_Identification_Guide

  22. Common problems in SDR labs Antennas Lightning Static Noise Clocks and Drift

  23. Static protection is a must! The cheaper RTL’s do NOT have static protection Wind generates static Rubbing things… generates static

  24. Noise Reduction Must Reads The-Mitigation-of-Radio-Noise-from-External-Sources-at-Radio-Receiving-Sites http://www.dtic.mil/cgi- bin/GetTRDoc?AD=ADA468464 Naval RFI Handbook http://www.arrl.org/files/file/Techn ology/RFI%20Main%20Page/Naval _RFI_Handbook.pdf

  25. Clocks The cheaper SDR’s have a lot of noise in them Choke them out and isolate noise sources Use a unified PPM if you use more than one for IQ

  26. Wireless Capture the FlagWCTF Always new changes Typically between 12-25 challenges for different disciplines Challenges are all RF 30MHz – 5.9GHz

  27. Challenges

  28. Let’s get started Welcome to WCTF! This is your first challenge. The Test net is a wpa2 WCTF_00, the key is Form blazing sword (with spaces) This gives you 10 points and tests scoreboard for you

  29. Scoreboard https://scoreboard.wctf.ninja If you have already created an account (i.e. at DEF CON) you do not need to create a new one. Go to the “SUBMIT FLAG” menu item to submit flags.

  30. Budget Your Time Challenges do not have to be solved in order Difficulty range easy-insane Pay attention to details Don’t dwell on the problem Ask questions Learn things HAVE FUN

  31. The talk… Time to talk about the challenges

  32. Not all residents of Voltronville use the municipal Wi-Fi; some are still using obsolete tech. +50

  33. Sometimes people connect. Sometimes they don't. +100

  34. Sometimes people try to connect, but do not succeed 100 points

  35. Are they home? Are they not? 100 points

  36. Crack the network 100 points

  37. Somebody is at the coffee shop 200 points

  38. Fox & Hound: first team to capture gets 200pts! SSID and MAC will be provided at 4:30 on Saturday

  39. Hide and Seek! SSID and MAC will be provided at 4:30 on Saturday 200 Points

  40. The local HAM Radio club is having a HAM Fest; find and capture their error prone signals. 50 to 200 points that can decay

  41. The local movie theatre is branching into digital movie broadcasts! Find their management system. 50 to 250 points that can decay

  42. There is an amateur radio SSTV broadcast; 100 points

  43. There are spies amongst us; find their transmissions, decode, demodulate, decrypt and analyze. 250 to 500 points decaying.

  44. The factory has a wireless SCADA sensor. Find it and explore. 50-100 points.

  45. SDR Fox Frequency: 130 MHz 200 points

More Related