|Start time:||Note: The 22nd of July is the day that MCH2021 actually starts but some volunteers go earlier to help set up.|
|Location:||The Netherlands"The location is the Scoutinglandgoed in Zeewolde, 55km east of Amsterdam."|
|Fee:||Standard ticket: €355,55 - Parking ticket: €42,-|
|Short description:||May Contain Hackers 2022. Successor of SHA2017.|
Like many other hackerspaces, some of us (ACKspace) are also going to attend this conference. It would be awesome to attend the conference as Village:ACKspace (extension 150).
Things to considerate:
- computer1up, has car! DECT extension 151
- NetworkDoctor DECT extension 152
- PsychiC DECT extension 153
- xopr DECT extension 154
- PsychiC: core orga (geen ruimte voor extra taken i.v.m. onregelmatige planning)
- Computer1up: transport, inkoop
- Xopr: assistent logistiek en financiën
- Xopr/Computer1up: keuken/corvee
- Xopr/Computer1up: lokale infra
From july 22-26, I went to a hacker camp.
This is how it went.
The camp was a 5 day event and consisted of 3 track tents, 2 workshop tents and 3500 hackers. They had a 200Gbit/s uplink to Amsterdam that connected to more than a dozen IP-transit providers and Internet Exchanges with a total capacity of 450Gbit/s. Your direct tent-uplink could be 10Gbit/s and had a 20Gbit/s connection to the main switches with everything set up redundant.
Preparations started Wednesday and Thursday night: gather stuff (it was roughly 0.7m³ of gear scattered everywhere on my property). I wanted to set up the VoIP as well, but alas, no time.
Friday: drop offspring off at the day care, strip car and fill it with gear. Leave at 9:30, arrive at 11:40. I should have gone to the toilet, because my bladder starts to hurt.
I took the Cyber bike, tied a toy wagon behind it and filled it with the party tent parts and other essentials. Meanwhile I bumped into computer1up and together we traveled to the soon-to-be village, where PsychiC conquered ground for it for about a week. There we met our newest member: TheNetworkDoctor; our inhabitants were united!
After the first transport iteration, we had a Gator shuttle service at hand, so together with one last cycle, we picked up everything in one go.
Time to build a village! With a bit of hands, the village tent was up in no time, and soon decorated with network, power and lights.
It took until the evening before I got the network part sort-of right: the Guerrilla VoIP switch had a default passwords with arbitrary configuration and the 16 port "smart managed" switch only worked with a Windows tool. The other downside was that the management interface was accessible on every VLAN, had a default password and accepts a magic reset packet, but luckily, the PoE worked as intended (only VLAN 1). I kept a management interface VLAN open and set all the rest to a semi random untagged VLAN. Next thing were the LED sleeve / torches: they were going on a /19 network, and I wasn't going to scan 8k addresses, so I've set up a mirror port for those two connections to sniff out a DHCP ACK. The first worked instantly: WireShark filtered on `dhcp` immediately handed over all the details, so the second one should be a breeze as well.. Well, nope. The traffic that was hitting the switch was too much for the poor ENC28J60 to handle (I was aware of this type of flaw since it chokes on ART-net packets the same way).
Steps to success were: power 1 LED sleeve, read the lease, unplug the ethernet connector and power the second sleeve to read the other lease. Simple. Now that this was working and running a torch animation, I had some spare time to register my DECT handset.
Meanwhile, the sun had turned over and it was Saturday.
After brushing my teeth, it was time to fix the VoIP. Default passwords are bad, so I chose a simple alternative to keep script-kiddies out. The day was 10 hours old and half of the village was still sleeping. The initial setup was letting the desk phone register to my VPS and let the VPS register at the local "telco". This way, it was easy for ACKspace to call the "offsite" extension, but the calls from DECT never came through.
The other half, including me, went to the bar on Flower fields to grab a coffee and wait until the rest was awake to join the bacon & eggs session. Time flies and at noon and a bit I had the VoIP rerouted so that it actually registered locally, and the offsite extension was forwarded to this number. With some testing, it seemed great success, so two hours later I've managed to forward all extension in a similar fashion.
Meanwhile, our village became an open house and a lot of people jumped in to say hi and admire the 3D-printer or asked to have something printed.
Then came the idea for a nice and simple hack: add an extra extension to manipulate the torch by calling them. Since torch in Dutch is fakkel, I registered 3225 (fACK) for intended puns. I wasn't going to write a SIP parser, so I've looked around and finally found something that seemed to work. I proudly shared a video at 1am to demonstrate it, but the library was pretty wonky and failed after a couple of calls/minutes. Let's call it a day.
Sunday was a bit of a relaxed day: roaming the terrain and peek at some talks. Meanwhile I was fixing spacenet because PsychiC's laptop on regular wifi acted up. Of course this was going over a VPN since I didn't want to reference the RADIUS server in any way.
Monday had a late start; some tiredness kicked in and everything went slow. After watching some talks on the stream, and ductaping the party tent together because the wind had ripped off all loops, we had a visit from Speakup, the DID number-block provider (trunk) at 3pm.
So if we could change the password for 8225 (vACK), because it was used last night to do several phone calls to Belarus. This made the number block go onto the blacklist. It took me an hour to install a firewall/router, reset the phone, rewire the cables and reconfigure everything, but we were up and running again.
After hanging around in the village, we got a visit from the mailperson from Chaos Post just around dinner time; I had received a greeting card. It stated:
TO: FROM: xopr Evil VoIP hacker ACKspace Torvalds Field ----------------------------------------------------- Please let me back into your Polycom :(
Note that the capitalization of every word is 100% correct. This person had done its homework. We applaud his effort, I was seriously impressed and we thanked Evil VoIP hacker on IRC and Twitter and offered a beverage. My commitment is that the beverage offer still stands.
When we left the village for some partying, I put the greeting card on top of the phone together with a bag of sweets, but the "prize" was never picked up..
The next and final day for me consisted of packing everything, and start tearing down the local infra in a controlled manner, followed by the party tent. I had no time to watch any talk and all packing, transporting and eating took 8 hours (one roundtrip to the car was 2km of which I had to do 5)
All and all, we had a lot of fun, talked to a lot of strangers (and incidentally, some familiar persons).
The phone hack was done beautifully, and it reaffirmed that everything is a target, even snail mail.
How I think the hack went:
- Evil VoIP hacker downloads the phone book (number, description)
- They send `SIP OPTIONS` to determine it’s IP address (it was a public address)
- Next, do a port scan on all addresses
- Have a list at hand with common usernames/passwords (and a password list modified to include names and keywords of this event)
- Do a brute force login and extract the SIP credentials
- Call Belarus using the credentials (or even the phone itself as plausible deniability) to trigger blacklisting of the DID provider
- Find the “Village” wiki page that was name-referenced in the phone book entry
- Visit the hackerspace’s web page and see which nickname relates to VoIP activity
- Send a personal card to let you know they did research
Most interesting talk
There are so many different topics that it's hard to pick a favorite. One of the most interesting talks was pointing to a very simple problem: the e-signature of dynamic content documents and its legal validity. An honorable mention would be Reverse engineering Albert Heijn app: this was a fun talk and well presented.
Most interesting tech
Everywhere you look, there is tech, often combined with art. I've seen a dragon made out of emergency blankets, all kinds of light and mirror artwork and driving couches. The most interesting tech is actually anti-tech: how to use a rotary hammer to open electronic locks without damaging them (using a 3D printed knob-holder). The presenter did 7 locks in 90 seconds.
Most interesting stand
Note that there are not really stands that sell anything. If anything, they might ask for a donation and provide you something for free. My most interesting stand was the Arcade hall, where I did two games of flip the table on a Japanese arcade cabinet (equipped with a table).
What was reaffirmed
Everything is a target.
What needs more research
- a better way to combine both VoIP systems
- something something party-tent kite: they will never be a good alternative where there's wind
What have I leaned
- although all people are nice, some environments they are in are really hostile.
- always use complex passwords (you cannot escape a password manager or hardware token anymore)
- apply a firewall
- use a hardware firewall (router)
- have IPv6? firewall
- walking around with a laptop? firewall
- drop down and over top cable management (power/network)
- you cannot be too paranoid
- you might need intrusion detection as well
What can I learn more
- For events like these, it's good to have a list of items to bring, but also a list to do. This is something that needs work.
- Local light art projects like Stoplichter
- Better party tent walls
- Hackerspace stamp / flag / merchandise
- make a small battery powered transport vehicle that also has a hitch
- IPv6 is beautiful, but in some ways way more complex than a regular NAT/PAT router
What could other people learn
- Security costs time: use it or don’t participate at all
- EVERYTHING is a target: your phone, your VPS/VPN entry-point, postal mail, your badge (bluetooth/wifi)
- Power is a luxury: don’t expect uptime
What could $company learn
Visible hackers are really friendly and helpful, but also powerful in a way that nobody wants to see abused. Keep them happy or leave them at ease would be my approach.
|List of Dutch hacker conferences|
|quadrennial||eth0 summer/autumn||eth0 winter|
|2014||Eth0:2014 Summer||Eth0:2014 Winter|
|2012||Eth0:2012 Summer||Eth0:2012 Winter|
Also note: there is a yearly Hacker Hotel event