NSA Playset: Bridging the Airgap without Radios Speaker Bio - - PowerPoint PPT Presentation

nsa playset bridging the airgap without radios speaker bio
SMART_READER_LITE
LIVE PREVIEW

NSA Playset: Bridging the Airgap without Radios Speaker Bio - - PowerPoint PPT Presentation

Nov 14, 2022 249 likes •737 views

NSA Playset: Bridging the Airgap without Radios Speaker Bio @r00tkillah Michael Leibowitz Day job in product security Froots around with electronics The views expressed.. NOT MY EMPLOYERS! ANT Catalog ANT Catalog NSA Playset:

slide-1
SLIDE 1

NSA Playset: Bridging the Airgap without Radios

slide-2
SLIDE 2

Speaker Bio

@r00tkillah Michael Leibowitz

  • Day job in product security
  • Froots around with electronics
  • The views expressed.. NOT MY EMPLOYERS!
slide-3
SLIDE 3

ANT Catalog

slide-4
SLIDE 4

ANT Catalog

slide-5
SLIDE 5
slide-6
SLIDE 6

NSA Playset: CHUCKWAGON

slide-7
SLIDE 7

Meet LoPan

slide-8
SLIDE 8

But what about 6LowPan?

slide-9
SLIDE 9

Traditional topologies don’t work

slide-10
SLIDE 10

LoPan devices communicate in short bursts to preserve their energy

slide-11
SLIDE 11

With limited range and spread

slide-12
SLIDE 12

How can they express themselves?

? ? ? ? ?

!

slide-13
SLIDE 13

How can they express themselves?

? ? ? ! !

!

slide-14
SLIDE 14

With 6 Lo Pans, you need to bridge different mediums to spread

? ? ?

Jack Burton?!

slide-15
SLIDE 15

With 6 Lo Pans, you need to bridge different mediums to spread

? ? ?

!

slide-16
SLIDE 16

!

With 6 Lo Pans, you need to bridge different mediums to spread

? ?

slide-17
SLIDE 17

!

With 6 Lo Pans, you need to bridge different mediums to spread

? ?

slide-18
SLIDE 18

!

With 6 Lo Pans, you need to bridge different mediums to spread

! ?

slide-19
SLIDE 19

!

With 6 Lo Pans, you need to bridge different mediums to spread

! ?

slide-20
SLIDE 20

!

With 6 Lo Pans, you need to bridge different mediums to spread

! !

slide-21
SLIDE 21

!

And then one Lo Pan can bridge the message to Jack

!

Shut Up, Mr. Burton !

slide-22
SLIDE 22

IoT: Smart Shirts

slide-23
SLIDE 23

Thinking Cap/Internet of Hats

slide-24
SLIDE 24

Radio Hostile Environments

slide-25
SLIDE 25

Basic Theory of Operation

Victim Hacker

Hacks

slide-26
SLIDE 26

Advanced Usage

Tubes

slide-27
SLIDE 27

VGA Pinout

slide-28
SLIDE 28

What Your Mother Didn’t Tell You About VGA

DDC PROM

slide-29
SLIDE 29

I2C

HOST (master) ddc prom (slave) Malicious Implant (either)

SDA SCL

slide-30
SLIDE 30

Basics of CIR

slide-31
SLIDE 31

UART

slide-32
SLIDE 32

CIR & UART

slide-33
SLIDE 33

The Zero Hour

slide-34
SLIDE 34

Packet Format

struct __attribute__ ((__packed__)) IRFrame { uint16_t source; uint16_t destination; int type: 4; int hops: 4; uint8_t payload[BLOB_SIZE]; uint16_t crc; }

slide-35
SLIDE 35

Eating Garbage

slide-36
SLIDE 36

Meshing

int hops: 4; if (!forme() && hops < 15) { hops++; send(); }

slide-37
SLIDE 37

Playsetable HW Platform

Requirements:

  • small
  • cheap
  • easy
  • fun
slide-38
SLIDE 38

Playsettable SW Platform

slide-39
SLIDE 39

Arduino?!

slide-40
SLIDE 40

HW details

slide-41
SLIDE 41

More HW

slide-42
SLIDE 42

Easy to Play With

slide-43
SLIDE 43

Ready for Implantation

slide-44
SLIDE 44

faraday cage

slide-45
SLIDE 45

Long Distance

slide-46
SLIDE 46

Demo

slide-47
SLIDE 47

Thanks!

@joefitz, @laplinker, all teh playset peeps