skip to main content

DEF CON China 1.0 Hacking Conference

Demo Labs

Demo Labs

English | 中文


JTAGulator

Joe Grand (Kingpin)

Scheduled: To Be Announced

JTAGulator is an open source hardware hacking tool that assists in identifying on-chip debug interfaces from test points, vias, component pads, or connectors on a circuit board.

Additional information:
http://www.jtagulator.com
http://www.grandideastudio.com/portfolio/jtagulator

On-chip debug (OCD) interfaces can provide chip-level control of a target device and are a primary vector used by engineers, researchers, and hackers to extract program code or data, modify memory contents, or affect device operation on-the-fly. Depending on the complexity of the target device, manually locating available OCD connections can be a difficult and time consuming task, sometimes requiring physical destruction or modification of the device.

JTAGulator is an open source hardware hacking tool that assists in identifying on-chip debug interfaces from test points, vias, component pads, or connectors on a circuit board. It currently supports the detection of JTAG and asynchronous serial/UART interfaces. The tool can save a significant amount of time during reverse engineering, particularly for those who don't have the resources required for traditional hardware reverse engineering processes, and bridges the gap between gaining physical access to circuitry and exploiting it.

JTAGulator continues to be updated with new features and functionality. The project welcomes feedback/contributions/pull requests from the community. JTAGulator hardware and core firmware is distributed under a Creative Commons Attribution-3.0 United States license (http://creativecommons.org/licenses/by/3.0/us/). Supporting Files, Code, etc: Complete design details, documentation, presentations/videos, etc. available at the project page above

Target Audience: Hardware, Offense, Defense
Hardware hackers looking offensively for an entry point in which to compromise a hardware device. Engineers looking to defensively identify/classify their exposure by using the tool to test for open interfaces on their devices.

Joe Grand (@joegrand), also known as Kingpin, is a computer engineer, hardware hacker, DEFCON badge designer, teacher, advisor, runner, daddy, honorary doctor, TV host, member of legendary hacker group L0pht Heavy Industries, and the proprietor of Grand Idea Studio (grandideastudio.com). He has been creating, exploring, and manipulating electronic devices since the 1980s.

OSfooler

Jaime Sánchez aka segofensiva

Scheduled: To Be Announced

Using commercial tools to secure your network is recommended, but it is necessary to be one step further to keep the system secure. With this technique you can give that step in order defend your servers against the first phase of all attacks Fingerprinting. This is done by intercepting all traffic that your box is sending in order to camouflage and modify in real time the flags in TCP/IP packets that discover your system.

This tool is a practical approach for detecting and defeating:

  • Active remote OS fingerprinting: like Nmap or Xprobe
  • Passive remote OS fingeprinting: like p0f or pfsense
  • Commercial engines like Sourcefire’s FireSiGHT OS fingerprinting

Some additional features are:

  • No need for kernel modification or patches
  • Highly portable
  • Will emulate any OS
  • Capable of handling nmap and p0f fingerprint database (beta phase)
  • Transparent for the user
  • Undetectable for the attacker
  • Available for your Linux laptop, server and mobile device

You can get more details of the tool and insights in this Defcon 21 presentation: https://www.defcon.org/images/defcon-21/dc-21-presentations/Sanchez/DEFCON-21-Sanchez-Building-an-Android-IDS-Network-level-Updated.pdf The tool will be released under open source license

Target Audience: Defense and Mobile

Jaime Sánchez (aka @segofensiva) has worked for over 20 years as a specialist advisor for large national and international companies, focusing on different aspects of security such as consulting, auditing, training, and ethical hacking techniques. He holds a Computer Engineering degree and an Executive MBA . In addition, he holds several certifications, like CISA , CISM , CISSP , just to name a few, and a NATO SECRET security clearance, as a result of his role as advisory of many law enforcement organizations, banks and large companies in Europe and Spain.

He has spoken in renowned security conferences nationally and internationally, as in RootedCON , Nuit du Hack , Black Hat (USA, Europe and Sao Paulo editions), Defcon , DerbyCON , NocOnName , Deepsec , Shmoocon or Cyber Defence Symposium , among others. As a result of his researches, he has notified security findings and vulnerabilities to top companies and vendors, like Banco Popular, WhatsApp, Snapchat, Microsoft, Apple etc.

He is a frequent contributor on TV (TVE, Cuatro, LaSexta, Telecinco), press (El Pais, El Mundo, LA Times, NBC News) and radio programs, and writes a blog called 'SeguridadOfensiva' (https://www.seguridadofensiva.com/).