To work on an EKO to say the least is a challenge. It means sitting in front of a monitor, A LOT of meetings, doing research in different areas to be able to make the stand work and above all have enough time to to make things running smoothly for the event. In the next couple of pages were going to talk a bit about our experiences trying to innovate and upgrade something that we´ve been doing for a quite a few years now. We are always running against time, but our motto in these situations is ¨get it done¨.
This year, maybe one of the most important things for us was to get a place with more space and be able to add activities, due to the big turnout that the last couple EKO parties have had. Especially, when we did different workshops, for example Lockpicking. The lockpicking stand was organized by Infobyte and the space was divided in distinct areas; a hardlocks section (skeleton keys, padlocks and yale locks), a new game called ¨the box¨ that consisted of a physical security challenge as well as in the cyber realm. Lastly, we did an area where, (workshop style) we explained how to copy and lift prints to generate ¨fake fingers¨ and using this we were able to obtain access to the locks with biometric readers, in this case utilizing ZKSoftware.
Keeping with the tradition of past years, everyone that wanted to participate in the stand´s activities could try their hand at the lockpicking whenever they wanted. The participants already had a number of different tools available (many made from scratch) like picks and torsion wrenches and there was a kit made especially for the biometrics workshop with everything necessary to get started.
THE BOX CHALLENGE
Born as a new challenge in last year´s EKO and above all an attempt to implement different types of security. Whether it be machines, from locks, to contact sensors, PIR, an infored, a maze of lasers, a biometrics reader and an IP camera connected to a wifi router. All this was connected to a game that apart from being highly entertaining was actually quite tricky and involved different types of expertise and abilities ranging from informatics to electronics and finally of course lockpicking. The goal was to find vulnerabilities throughout the security system and be able to connect a USB keyboard that was found inside the box and finally type a chain text. The attack could be done centrally or deactivating individual sensors, trying to avoid sounding an alarm (if they do the participating team is out until the next round). A flag is granted for the highest score for those who could beat the ¨box¨ and are participating in CTF (Capture the Flag), the winners at the end of the EKO were given an award and prize.
Construction and Function
The box during it´s inception and then after painted and with acrylics
The box was made using fibreboard, after acrylics were placed in the interior to separate the electricity and make sure it didn´t connect to inside the box. At the same time you could observe its interior and use information to discover sensors and its functionality.
On top of the box were placed acrylics with a hole of 15 centermeters in diameter which was there to be a tease for the participants. The idea was that they would think that they had an east way to access the USB but really the opposite (this actually would trip sensors and the security doors, the infrared and the lazer maze).
This ¨top¨with the hole also had located in corner four little locks. If you happened to move the locks to take off the acrylic cover, the alarm would go off.
The interior acrylic covering, PIR sensors, nutricion sources and Arduino
The box was powered by primarily 2 common switching sources from a PC, the IP camera was also a source the same as the router and part of the biometric reader as well as the magic lock that was fed with the power sources.
Both access points of the ¨Box¨. The access point for the magnetic lock, the biometrics reader and IP Camera (left). The door with the skeleton key and hardlock and sensors (right)
Detalle de IR para la barrera laser (izq) y PIR (der)
THE IR for the laser maze (left), the PIR (right)
THE IR for the laser maze (left), the PIR (right)
The laser maze running
The access point for the box that only could be opened if you managed to duplicate a fake finger
The box was made in a way that it seemed like the participants had to go in through the door that had the biometric reader (because of this, we gave a workshop explaining how to duplicate fingerprints how to be able to infiltrate them), also you could do it through the door on the other side but given that the participants only had 10 minutes to get through, it took too much time to open the padlocks and the skeleton locks.
Another of the possible ways to go through was remoing the acrylic of the part on top, but so that they didn´t activate the sensors. Then infiltrate the PIR and infrared and lastly the lasers to be able to connect the keyboard (not as easy as it sounds).
One of the computers that controlled the box
Different sensistivity thresholds were established for each sensor in the box and the lasers were calibrated (The beam bounced correctly off the mirros and was reflected well by the IR). Before, of course we had tested to establish the values and we kept on adjusting them through out the EKO.
It´s worth saying that we had help for those that wanted to break the password for the WEP of the Linksys WRT54G router, as they already had access to the wifi network (it was accessible for everyone close even those not playing). Also, they could see the IP camera, the availibility of all the sensors, the laser beam and mirrors and elaborate a better strategy
when it was youre turn to break the box. The only difficulty was that the router had registered the MAC direction of only computers that could access it and for those that wanted to enter after breaking WEP, they had to be listening and analyizng traffic hoping that this computer accessed the router (this happened once per hour) to obtain its MAC.
During the three days of the EKO party, it was possible for those interested in this subject to participate more actively in the box challenge. We conducted a workshop of fingerprint copying to be able to infiltrate biometrics readers.
We explained how to do duplicates using Cianocrilate and Silocon to make dental molds to lift the prints and later on how to make a ¨false finger¨ of silicon with the lifted print.
In the workshop neccessary materials were given out and a brief chat was given how to do the procedure.
It´s worth saying that the explained technique is viable currently in the majority of access systems. This shows that not only is it possible to infiltrate these systems in a fast and effective manner, but also with materials that are easy and cheap to get.
As always we had fun but above all we had the satisfaction of having completed a bet that we had made a long time before to imporve and be able to offer something more than just the normal lockpicking stand.
Also this bet is a big challenge because now we have to one up ourselves every year.
We think that there are people interested in not only lockpicking itself but in everything related to physical security and the reach it has in all factors in a site. Because of this, nowadays its important to take into account the perimeter for example of servers and places where important information is kept.
While trying to do a fun exercise, all the different mechanisms, sensors, etc should make us remember that for informatics security the physical environment will always be a crucial factor and being able to understand well all components of security should help us improve the protection of information.
EKOPARTY 2013 - STAND LOCKPICKING
RESEARCH, DEVELOPMENT Y MANAGEMENT
(Finger Print Workshop – THE BOX – Stand)
Juan Urbano Stordeur
PROGRAMERS AND OPERATORS
Matías Nahuel Heredia
Juan Pablo Vercesi
The lockpicking stand, the workshop about finger print duplication and the box challenge were developed by Infobyte LLC. and it was made exclusively for the Ekoparty Security Conference 2013 edition.