33C3 notes & keywords part 8

Post date: Jun 4, 2017 6:28:12 AM

  • Do as I Say not as I Do: Stealth Modification of Programmable Logic Controllers I/O by Pin Control Attack - Industrial Control System hacking, Process control, system level protection, firmware integrity, logic checksum, doppelgamger, symbiote defense, autoscopy, PLC Runtime, PLC controls I/O, Rootkit.
  • A New Dark Age - How information, technology, understanding and function changes over time. Helikite surveillance. Weather forecasting and massive data processing using early computer systems like ENIAC. Weather forecasting and nuclear bomb simulations run on same computers. Weather modification, cloud seeding. Automation of medicine research. Computer / Human / Algorithmic synergy will produce very powerful results Go / Chess. Many of the AI based tools are created to alter reality, like change photographs, video and or sound. New kind of literacy required, to understand the new world.
  • Talking Behind Your Back - Ultrasound Tracking System - Cross-Device Tracking (XDT). Comments, I just happened to read an article from technology archive, where they wrote that TV remotes used ultrasound from mid 50s to early 80s. So that's hardly anything new. uBeacons. Ultrasound framework, ultrasound advertising tracking network allowing ad targeting. Device pairing using ultrasound. Tor de-anonymization attack sample with tor browser. How to solve this in long-term. Abusing could bring lot of negative publicity.
  • An Elevator to the Moon (and back) - Space Elevator is a nice idea. But does it work practically. Beyond Rockets. Rocket Equation, Physics of Space Transportation. Benefits of Moon elevator, feasible ribbon material, only few artificial satellites, no (human-made) space debris, no rope erosion by atmosphere. Elevator Cable is the problem and challenge, climber isn't. Hacking celestial mechanics. Space hotels, space power stations, etc. Space Elevator Wiki, Global Exploration Roadmap. Satellite and Space Elevator Simulator. Btw. Excellent speaker, loved even the questions section. Being professional speaker and lecturer does make a difference. Space bombing, Military use. (Sources: ESA, European Space Agency, Unclassified, For Official Use) Wikipedia links: Space Elevator, Launch Loop, Space Fountain, Orbital Ring
  • The Moon and European Space Exploration - Nice talk about European Space Exploration and what it is all about. Yet as said, the time was very short.
  • Decoding the LoRa PHY - Nice examples how to intercept and inject stuff to wireless wide area network wan. Applied security research. Applied on cutting edge wireless IOT protocol. Software defined radio. Fast Fourier Transform (FFT). Local provisioning, gateways. 3G requires lot of power. Of course this is relative term. 3G IoT Standards: LTE-M/NB-LTE Release 13. LPWAN for IoT. Like Sigfox, LoRa, nwave, lte-m, nb-lte, weightless, ieee 802.11ah, ec-gsm, zigbee3.0, dash7 alliance, bluetooth 4.0. Not for everyone, because of duty-cycling, sparse datagrams and serious rate-limits. SIGFOX provides "only", 140 12-byte datagrams / day. That's just bit more than 1.5 Kilobytes. LoRaWAN MAC/NWK stack, LoRa Alliance. Concentrator / Gateway. Roaming supported. NwkSKey and AppSKey used for encryption in security architecture. Uses ISM band. Commercial Networks and Crowdsourced networks. LoRaHam. Radio fundamentals crash course. OSI Model PHY physical layer, energy being sent over RF medium. Radio frequency energy, electromagnetic radiation. Software defined (SR) radio in software implemented using CPU or FPGA. Amplitude, Frequency, Phase. Digital modulation. Symbol presents state. FSK symbols. Spread spectrum. Microchip LoRa RN2903 and Ettus B210 (SDR). Analyzing spectrogram with time and frequency. Chirp Spread Spectrum (CSS) provides resilience and lower power, it's also resistant to multi-path and Doppler effect. GNU Chirp Sounder. OSIN. AN1200.18 and AN1200.2 app notes. Bandwidth, Spreading factor, Chirp rate. FM modulated chirps. Dechirping the signal. Demodulation and data extraction. Overlapping FFT buffers to synchronize timing for first SFD symbol. Normalizing data. Data transformation to improve OTA resiliency using encoding. Symbol gray indexing. Data whitening. Interleaving. Forward Error Correction (FEC). Cracking the decoder. Hamming(N,4) algorithm. Reverse engineering challenge. Documentation is full of lies. (Nothing new?). PHY packet contains PHY header, Preamble Symbols, Header Symbols, CRC and of course the Payload and Payload CRC. Header is only present in Explicit mode. Implicit mode omits header and sends data alone. Whitening sequence changes between these modes. Header uses coding rate 4/8 and spread factor is always 2. Optional Low Data Rate mode. GR-LORA @ GitHub provides LoRa Encoder LoRa Moluator, etc as GNU Open Source. Adafruit SDR radio transmitter live demo. See PoC||GTFO 0x13 if you're interested about details. - Comments: Thanks you for sharing! It was a really awesome talk!
  • From Server Farm to Data Table - Networks of New York - An Internet Infrastructure Field Guide. Neal Stephenson, essay, Global fiber network. Hacker tourists. Uncensored Google Data Center Satellite Pictures.