...fare well 

The final scores are....

Lets congratulate the winners.....

The team formally known as people but now just emojis

$150 Amazon Gift Card

blunderbuss

$100 Amazon Gift Card

Crimson Agents

$50 Amazon Gift Card

Wireless Basics Class!

Yesterday's wireless hacking basics class went amazingly well.   Attendance was off the charts....a packed house.  Nothing is warmer than or smells quite like a room filed with 75+ computers and their respective users.

Village elder Rick Mellondick and Wasabi delivered about as much information as you can possibly cram into a human head in a four block.

For those who couldn't make it to BSidesDC or to the training, the slides are available on Training Slides

I strongly encourage newcomers to wireless hacking to check out these slides.  Covered in the class were topics like:

• How to install and boot to a live Linux distro
• Correct use of wireless tools
• How to connect to wireless networks
• Understanding wireless concepts and basics
• Basic antenna theory and reasons to use different antennas
• Cracking WEP and WPA
• Understanding the basics of Bluetooth and Bluetooth Low Energy
• Tracking signals and direction finding (fox hunting)

Today we see many familiar faces from the class putting their new found knowledge to the test with at the CTF.  Good luck to all the new hackers out there,.

Welcome to the hub of democracy!!!!

The Wireless Village is here and ready to rock........

Today Wireless Village doing anther first

A Wireless Pen-test Basics course.

That's a lot of Pentoo!

So many of our CTF competitors are new to WiFi and other RF hacking.  75 people signed up for this Noob friendly class.

Led by Village member Rick Mellendick and Wasabi, attendees are learning basic use of Pentoo (the recommended Linux version for pen-testing), how to survey and attack WiFi, SDR and dealing with Bluetooth.

Tomorrow (Saturday) the Village will start its traditional CTF.  Come one come all (or until the room is full) and try your hand at the challenges.  Stay tuned for more fun.

... and we wave a fond farewell to DEFCON 26

The final scores are....

Thank you soooooooo much to our awesome sponsors who donated the awesome prizes below.

Hak5, Hacker Warehouse, No Starch Press, Simple WiFi

War Collar, ShareBrained Technology, Hackers For Charity, EFF

Lets congratulate the winners.....

Majestic 12

Cracking Codes with Pyuthon

PoC/GTFO Volumes I & II

Hack for Charity T-shirt

2 Baseball caps

Hak5 Field Kit bag

2 HackRF Acrylic cases

Hak5

     Packet Squirrel

     Micro Ethernet Essentials

     USB Adapter kit

     WiFi Pineapple Nano

     WiFi Pineapple Tetra

     Bash Bunny

     Rubber Ducky

     Lan Turtle

     Guides to the Bunny, Turtle, Squirrel, Pineapple, and Duck

2 HackRFs

HackRF Porta Pack

RF Explorer Field Antenna

Dope Scope

Paddle Anetnna

Blade RF II

Custom Flash Nexus 6

3 Wireless Village 2018 coin

3 Wireless Village patches

DiPolarBears . (Second Year in a row!!!)

EFF Hat
PoC/GTFO Volumes I & II
Cracking Codes with Python
2 HackRFs
HackRF One Acrylic Case
HackRF Porta Pack
RF Explorer Loop Antenna
Paddle Antenna
Blade RF Magnet
6 Wireless Village 2018 patches

ThereIsNoSpoon

Hak5 Pineapple Nano

PoC/GTFO Volumes I & II

Cracking Codes with Python

BladeRF Magent

4 Wireless Village 2018 patches

A packed house is a happy house!

If there is one thing that seems consistent at the Wireless Village it is growth.  We added new members to the team, new challenges to the CTF, but nothing seems to compare to this years DEFCON.

The first Wireless Village Badge

     Thats right! Thanks to the generous donation of our sponsor spirent combined with the RF genius of our very own Russ Handorf (Satan Klaus) the Wireless Village introduced a badge which operates as a fully functional (1Hz - 6Ghz) antenna, suitable for wearing as a fashion statement or kicking ass in a wireless CTF.

Wireless Village Antenna Badge

Hooked up and running on an Ettus X310

The first Wireless Village lanyard

     And whats a badge without a lanyard?  Yet another benefit to the sponsorship of spirent!

The first Wireless Fox truly carried by "animals"

     Anyone who has been around the Wireless Village and WCTF we love the fox and hound portion of our CTF.  But this year we had some special guests playing the "fox."  One of the more fun groups running around DEFCON are the furries.  These friends of the Village turned a fox hunt into the real thing.

mBlade (@mBlade_akita) posing with our teammate Wasabi

The first Bluetooth "personal device" fox

     Another, eh, first........ for the Village was the introduction of a BT fox that is, well, let's just say, ah...............unique?  The device is a personal use device intended for placement within, a more, intimate location.  But if anyone is going to push the limits, its THIS village.  

People People People

     Each year, DEFCON has increased our venue size.  And, each year the draw to the Wireless Village talks and WCTF has outgrown that new space.  This year was no different.  We had record attendance at pretty much all our talks (standing room only) and definitely the competitor tables.   On day one, the contestant tables filled to capacity in less than one minute from opening the doors.  How large will the village get?  How much room will DEFCON continue to give us?  If the trend sticks we're hoping to see even larger volumes of players and attendees next year.

Wireless Hackers

We take the RF back from the corrupt! The oppressors of the air waves who have kept you down with myths of free wavelengths, and we give it back to you... the people. The RF spectrum is yours. None shall interfere. Do as you please. But start by storming the challenges at Wireless Village! Step forward those who would serve. For and hacker army will be raised. The encryption will be ripped from their decadent nests, and cast out into the cold world. Challenges will be convened. Spoils will be enjoyed. Bribes for points accepted!  This great spectrum... it will endure. The Wireless Village will survive!

Winding up Day 2

Its the end of Day 2.  Competition is tight and flags are being taken.

We are wrapping things up with our final talk of the day from Village Sponsor

Join us after the Hak5 talk for the
Hackers Belong after party (7pm - 10pm)
sponsored by Hak5 and Wireless Village, right here in
The Wireless Village

The Current Scoreboard as of 1300 8/11/2018

Late DAY 2

STARGEEZER arrived in-spite of his injuries

WICKED HUGE THANK YOU TO OUR SPONSORS 

 .    

Photo log of day one

Zero and Wasabi teaching WEP and WPA cracking 101

 

  

Wasabi and Usako burnin' it up

Hacker Summer Camp is here and now in full swing!!

The following message arrived here at blog central from our man in the field Satan Kalus.

Solder party makin' badges!!

New WiFi card testing - kismet_shootout

It's been a long time since I've officially tested wifi cards to see what is best and what you should skip.  Well, during the refit of the Wireless Capture The Flag kits, I've done some testing... and now I will share what I do, and what I found.

To start with, all of this is reasonably custom, and some of it I'm simply not sharing at this time.  Much of it, fortunately, is already fully open source, available to you, and already in Pentoo ;-)

This is going to be a multi part series, where I will introduce the tools, how they work, and some preliminary results.  Nothing on this page should be deemed a hardware recommendation, this was me setting up my test rig for the first time in a while.  The setup was physically entirely unfair, with wildly unmatched stock antennas and extremely close sources of noise.  Don't buy anything because you think it performed well here, and if you do, it was your idea not mine.

Part One:

To start with, I like to test a lot of cards:

PHY     Interface       Driver          Chipset
phy7    036ac           8812au          Realtek Semiconductor Corp. RTL8812AU 802.11a/b/g/n/ac 2T2R DB WLAN Adapter
phy11   036ach          8812au          Realtek Semiconductor Corp. RTL8812AU 802.11a/b/g/n/ac 2T2R DB WLAN Adapter
phy4    036acs          8812au          Realtek Semiconductor Corp.
phy12   036eac          8812au          Realtek Semiconductor Corp. RTL8812AU 802.11a/b/g/n/ac 2T2R DB WLAN Adapter
phy2    7822UAC         8812au          Edimax Technology Co., Ltd
phy1    AC56            8812au          ASUSTek Computer, Inc. USB-AC56 802.11a/b/g/n/ac [Realtek RTL8812AU]
phy6    awus1900        8814au          Realtek Semiconductor Corp. RTL8814AU 802.11a/b/g/n/ac
phy9    edup            8812au          Realtek Semiconductor Corp.
phy8    eub1200ac       8812au          Senao EUB1200AC AC1200 DB [Realtek RTL8812AU]
phy0    intel7265       iwlwifi         Intel Corporation Wireless 7265 (rev 61)
phy10   N600UBE         rt2800usb       Ralink Technology, Corp. RT3572
phy5    rlnknano        8812au          Realtek Semiconductor Corp. RTL8811AU 802.11a/b/g/n/ac WLAN Adapter
phy3    wdn4200         rt2800usb       Ralink Technology, Corp. RT3573

I really like to name the cards to make this easier (as you can see), this is done by adding a line for each card to /etc/udev/rules.d/99-nicnames.rules  Basically I plug each card in, and then bind it's mac to a useful name like this:

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:c0:ca:98:73:82", KERNEL=="wlan*", NAME="awus1900"

First, let's see if it monitors, and how well.  For this, I am currently using "kismet_shootout.rb", a ruby plugin for kismet which can be found in the path on Pentoo systems.  This tool is very simple, start kismet, and feed it all the wireless cards you want to test.  Then you start kismet_shootout.rb and tell it which cards to test, and on which channel.  For right now, the testing is fairly dumb, all the tool does it count packets seen, and whomever has the most packets is claimed to be "100%" and every other card then has a lower percent based on nothing but packet count.  This gives you a reasonable estimate of how many packets are coming in, but not if they are valid or not, and nothing is checking if the packets really are the same.  This tool only runs with "old" (stable) kismet right now, and that version of kismet doesn't have all the features the new kismet has, so this is as good as we have right now.  If someone were to reimplement the tool for new kismet, they could take advantage of the dedup mechanism to get hashes for each packet and see for real if the packets seen by all cards are the same.  Then the percentage could be based off the total number of unique packets and how many each card has seen, which would be slightly more useful.

INFO: Locking 036ac, 036ach, 036acs, 036eac, 7822UAC, AC56, awus1900, edup, eub1200ac, N600UBE, wdn4200 to channel 36
INFO: Waiting for sources to settle on channel...
INFO: Started at 2018-05-25 22:43:01 -0400
      Name   PPS  Packets Percent  Total  Elpsd
   N600UBE    30 40562918  93.50%
   wdn4200    59 38580847  88.93%
     036ac    37 42653025  98.32%
    036ach    35 43381613 100.00%
    036acs    29 37327675  86.04%
    036eac    33 39970296  92.14%
   7822UAC    33 40226936  92.73%
      AC56    33 37751328  87.02%
  awus1900    17 14268805  32.89%
      edup    27 35987645  82.96%
  eub1200a    28 36292940  83.66%
                                     361 118h3m
INFO: Locking 036ac, 036ach, 036acs, 036eac, 7822UAC, AC56, awus1900, edup, eub1200ac, N600UBE, rlnknano, wdn4200 to channel 44
INFO: Waiting for sources to settle on channel...
INFO: Started at 2018-05-24 16:25:55 -0400
      Name   PPS  Packets Percent  Total  Elpsd
  rlnknano     0   111123   5.83%
   wdn4200     0  1699403  89.19%
     036ac     0  1905478 100.00%
    036ach     4  1892517  99.32%
    036acs     0  1709680  89.72%
    036eac     1  1845425  96.85%
   7822UAC     2  1878870  98.60%
      AC56     1  1843208  96.73%
  awus1900     4   105650   5.54%
      edup     0  1615999  84.81%
  eub1200a     0  1686462  88.51%
   N600UBE     0  1864576  97.85%
                                      12 30h15m

As you can plainly see, I like to run tests a long time.  At least 4 days is best, because that makes me feel warm and fuzzy about the card not failing during an 8 hour hacking session.  Driver instability is a thing, so is kernel instability, and during just these monitor mode tests I had one card completely fail and get put in the bin.

As you can also plainly see, the Alfa AWUS1900 (the only r8814au tested) performs like crap, despite looking like a 4 antenna monster.  This is common with newer drivers and out of kernel modules (which this is both).  The hardware is probably great, but the driver is so bad that it's nearly unusable.  It's a bit hard to see due to the durations, but channel 44 is actually far more busy in my environment than 36, and the AWUS1900 was hot garbage on a busy channel, only doing slightly better on a very quiet channel.

The two best performers, Alfa 036ach and 036ac, traded spots a little big, but both maintained top performance on both 5GHz channels.  The surprising break out was the Alfa 036eac, which did remarkably well despite having no antenna, outperforming the Alfa 036acs which has an external antenna.

Again, this isn't a hardware recommendation, and this isn't even a completely ideal way to test things.  That said, I don't have an ideal way to test things, and so I'm doing what I can.  Now that I've got some idea of which cards don't suck, I will be redoing this testing (and posting the results for all to see) and start making some actual recommendations.  For now, enjoy kismet_shootout.rb, and if you want to reimplement it for new kismet you can find me both on kismet's discord as well as irc channel, and there will be glorious prizes for doing so :-)

-Zero_Chaos