The Car Hacking Village CTF at DEF CON 27 was a fun, educational, and humbling event to participate in. We got 9th place, mostly due to luck and tenacity. Before this event, we have not tried to interface with, let alone hack, a vehicle. So, we spent the whole of DEF CON 27 in the CHV CTF to change that. Here's our story...
CHV CTF Final Scoreboard
Unfortunately, we cannot offer up a single write-up for the actual car hacking challenges as we were unable to complete a single one of them. However, there were a lot of trivia questions which sent us down multiple rabbit holes where we learned terms, concepts, and attack vectors that we had zero knowledge of before. The purpose of this post is simply to share our experience and touch on building the nano-can and using a HackRF One to replay a key-fob button press.
Overall, I'd say that going to one of the largest hacking conferences in the world to participate in a hacking competition against something that you have zero experienc…
I have been to many CTFs over the last five or six years and I wanted to share some tips, tricks, and advice for beginners. My hope is that this post helps those who are new to CTFs by sharing what I pack in my "go-to-war" bag, what some of the non-standard tools I use are, and how I spin up cloud based systems.
When the CTF room opens up, the first problem is finding a place to sit. I like to get to the room as soon as possible to ensure that we have a decent place to setup. For example, all of the Defcon villages on day one are crowded and intense. I encourage everyone that's serious about the event to line up well before it opens. Also, the CTF and the village talks are generally held in the same room so it is likely going to be noisy and seating will be limited. My advice is to sit as close to the infrastructure as possible.
It doesn't hurt to have a plan in place about approaching the challenges before you get there incase you can only tolerate a coupl…
I have stumbled across a few audio files while competing in CTFs over the last few years and I thought covering spectrograms would make a nice and quick blog post.
Flags can manifest themselves in many ways when dealing with media files. One of the most common ways I have seen is by hiding them, or clues to find them, in the file's audio spectrogram.
According to wikipedia: "a spectrogram is a visual representation of the spectrum of frequencies of sound, or other signals, as they vary with time." Basically, it is a method to visualize sound and signals.
I first learned that you can embed hidden messages and images in a spectrogram when a friend showed me an image from an Aphex Twin song some years ago.