Schedule

Event schedule

Talk/Worshop schedule

Talk/Workshop details



Event schedule

Friday

Time Events
1000 HHV/SSV/BMCA Startup
1000 SMD Soldering Challenge begins in the SSV area!
1500 Robo Sumo
1830 SMD Soldering Challenge last call for the day!
1900 HHV/SSV/BMCA Shutdown

Saturday

Time Events
1000 HHV/SSV/BMCA Startup
1000 SMD Soldering Challenge begins in the SSV area!
1500 Robo Sumo: Hebocon Edition
1730 SMD Soldering Challenge last call for the whole contest!
1900 HHV/SSV/BMCA Shutdown

Sunday

Time Events
1000 HHV/SSV/BMCA Startup
1030 Breakfast at DEF CON 26: Tindie x Hackaday Meetup in the BMCA
  What better way to nurse your DEF CON hangover that with some strong coffee and pastries with the Hackaday and Tindie Crew? This year, we’re super pleased that Hardware Hacking Village will be hosting us in the “Badge Maker’s Community Area”. Join us on Sunday morning at 10:30 am local time and bring along your hardware to show off!
1300 HHV/SSV/BMCA Shutdown



Talk/Workshop schedule

Friday

Time Events
1000 ~ 1300 Workshop - Applied Physical Attacks on Embedded Systems, Introductory Version
  Joe FitzPatriclk, @arinerron, and @pixieofchaos
1400 ~ 1800 Workshop - Getting to Blinky: #badgelife begins with a single blink
  Chris Gammell

Saturday

Time Events
1000 ~ 1040 Talk - Hacking your HackRF
  Mike Davis
1100 ~ 1130 Talk - Disabling Intel ME in Firmware
  Brian Milliron
1200 ~ 1250 Talk - NFC Payments: The Art of Relay & Replay Attacks
  Salvador Mendoza
1500 ~ 1530 Talk - Breaking In: Building a home lab without having to rob a bank
  Bryan Austin
1600 ~ 1630 Talk - The Cactus: 6502 Blinkenlights 40 Years Late
  Commodore Z
1700 ~ 1720 Talk - WiFi Beacons will give you up
  John Aho
1800 ~ 1845 Talk - Building Drones the Hard Way
  David Melendez Cano



Talk/Workshop details


Applied Physical Attacks on Embedded Systems, Introductory Version

Joe FitzPatriclk, @arinerron, and @pixieofchaos

Abstract

This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi development board. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.

What to Bring

No hardware or electrical background is required. Computer architecture knowledge, Linux internals, command-line familiarity, and low-level programming experience all very helpful but not actually required.

All equipment, including laptops, will be provided for use in the class. Students will be provided with a lab manual that includes an equipment list of all materials used for the class.

Max size: 24, first come first serve basis.

Bio

Joe (@securelyfitz) is an Instructor and Researcher at https://SecuringHardware.com (@securinghw). Joe has spent over a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He has spent the past 5 years developing and leading hardware security related training, instructing hundreds of security researchers, pen testers, hardware validators worldwide. When not teaching Applied Physical Attacks training, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.

@arinerron is a student, security enthusiast, CTF player, bug bounty hunter, software developer, and ham radio operator (K1ARE). He’s interested in many aspects of security, though most of his experience is in web and binary exploitation.

Chaos Pixie (@pixieofchaos) works for the man doing embedded systems security.


Chris Gammell

Abstract

This is an in-person, hands-on version of “Getting To Blinky”, an online course series that has taught thousands to use the free and open source electronics CAD program, KiCad. This would be a “DEFCON badge” version of that course which showcases how to add a blinking circuit, get acquainted with the tool and also add customizable artwork to a Printed Circuit Board (PCB). By the end, attendees will be able to actually order a low cost PCB from online sources.

What to Bring

Please come to this session with a computer with KiCad set up and running. Course is aimed at KiCad 4.0.7, slightly earlier is fine but 5.0.0 is not advised. Install assistance can be given during the beginning of the presentation if needed.

Max size: 24, first come first serve basis.

Bio

Chris Gammell is the host of The Amp Hour Electronics podcast and the owner of Contextual Electronics, an online apprenticeship program. He has been teaching people to design and build electronics online for 8 years, including 5 as an online instructor. His interests are in hands on education and making the electronics learning process easier. He also focuses on low cost and no cost tools, like the open source CAD program KiCad. Prior to teaching online, Chris was an electronics designer for 15 years in various industrial settings.


Hacking your HackRF

Mike Davis

Abstract

The HackRF isn’t just an SDR - it’s an open-source, open-hardware device that’s designed to be modified. In this talk I walk through the basics of how to open and modify the hardware and software. I also show all the mods and hacks I’ve done to/with my HackRFs, including physical synchronisation between HackRFs, quadcopter transmitter adaptation, audio encoding/decoding, quadcopter vtx and a future project to add USB3

Bio

Software/hardware developer, currently studying an MSc Computer Science (infosec), not yet a cyborg


Disabling Intel ME in Firmware

Brian Milliron

Abstract

Modern OSes have consistently raised the bar in regards to security with each revision, largely due to the efforts of the security community to find and report bugs. Because of this the OS layer is reasonably secure at this point. However the security of the hardware layer has fallen far behind and now represents the biggest threat. In particular, the Intel Management Engine is a huge security hole which Intel has put great effort into forcing users to accept blindly. No more. This talk will present a how to on permanently disabling Intel ME by reflashing the BIOS using a Raspberry Pi. Take back control of your own hardware and give Big Brother’s Backdoor the boot.

Bio

Brian Milliron works as a freelance penetration tester for ECR Security. He has been monkeying around with security since his teens and has worked as a pentester for the last 8 years, working primarily with the Energy/Utility sector. Besides popping shells and defeating Big Brother technology, he also enjoys exploring the RF spectrum, finding new uses for Raspberry Pis, studying malware, nature and off-grid living.


NFC Payments: The Art of Relay & Replay Attacks

Salvador Mendoza

Abstract

Relay and replay attacks are becoming more common in the payment industry. Getting more complex and sophisticated day by day. We are not just seeing simple skimming techniques but complex attack vectors that are a combination of technologies and implementations involving SDR(Software-Defined Radio), NFC, APDU(Application Protocol Data Unit), hardware emulation design, specialized software, tokenization protocols and social engineering. In this talk, we will discuss what these attacks are, or what kind of hardware or software could be implemented.

Bio

Salvador Mendoza is a security researcher focusing in tokenization processes, magnetic stripe information and embedded prototypes. He has presented on tokenization flaws and payment methods at Black Hat USA, DEF CON 24/25, DerbyCon, Ekoparty, BugCON, 8.8, and Troopers 17/18. Salvador designed different tools to pentest magnetic stripe information and tokenization processes. In his designed toolset includes MagSpoofPI, JamSpay, TokenGet, SamyKam and lately BlueSpoof.


Breaking In: Building a home lab without having to rob a bank

Bryan Austin

Abstract

Building a home lab is critical to making you as a hacker better, but between space, hardware costs and learning it can quickly become an expensive habit. This talk will aim to show you some of the low cost options to learning the skills of the trade, and a bit of the mindset you need to finish that project.

Bio

Bryan Austin is an information security researcher with a background in electronics, threat analysis, social engineering, working with at-risk children, mentorship and research. He is also the co-founder of Through the Hacking Glass, a free mentorship community partnered with Peerlyst. By day, he secures people and organizations against scammers and hackers but by night he works with children with behavioral issues and a variety of other challenges. When not crusading against internet evil doers, he enjoys hiking, Taekwondo, and hacking with his beautiful wife and 3 amazing children.


The Cactus: 6502 Blinkenlights 40 Years Late

Commodore Z

Abstract

While many machines prior to the microcomputer boom of 1977 were commonly found with front panel interfaces and blinkenlights, only a few obscure examples use a 6502 microprocessor. What seemed like a perfect blend of inexpensive computer technologies didn’t mix well in practice, thus kits and the majority of homebrew machines opted for other microprocessor/interface combinations. Building a computer from the ground up around a microprocessor was a process worth exploring, so why not approach it from a historical perspective? Enter the Cactus: a technological “what if” built with the goal of recreating the homebrew computer experience of the 1970s. This includes parts and construction techniques of the era, with only a few post-1980 concessions where appropriate. I will describe the process involved in making a 1970s homebrew computer ~40 years too late, as well as why such a machine never could have come to be in the era it was designed to mimic.

Bio

Commodore Z is vintage computer geek by night, and a broadcast engineer by day. He collects and restores vintage computers & robots, studies historical telephony, and peers into the past to better understand the future. He lives by the mantra “jack of all trades, master of none, but better than a master of one”, and doctors say there are traces of blood in his lead stream. When time permits, he volunteers for the Vintage Computer Federation.


WiFi Beacons will give you up

John Aho

Abstract

A quick and dirty intro to making wifi beacons with esp8266 modules. A new small tool to help you generate your own beacon and unveiling of a fun multi-beacon setup.

Bio

John is a programmer who makes gloriously useless things and occasionally useful ones by accident.


Building Drones the Hard Way

David Melendez Cano

Abstract

Drones are now “the sexy technology” but few people really know what kind of algorithms and hardware mix is involved.

This talk will show the roadmap of building two homemade drones, built from scratch. No ardupilot/pilot boards was used to develop this project. Topics like real time scheduling on Linux, DeviceTree configuration, I2C bitbanging , Attitude estimation and PID control functions will be covered.

Bio

David Melendez, Spain, works as R&D software engineer for TV Studio manufacturer company, Albalá Ingenieros S.A. in Madrid. He has won several prices in robotic contests and he has been a speaker at Nuit Du Hack, RootedCON, NoConName, Codemotion, HKOSCON, etc. Author of the book “Hacking con Drones” and robot builder.