Break, dump & crash

Subtitle: Broadcom based Cable Modem Hacking for fun and profit

Many last-generation Cable modem are based on last generation Broadcom chipsets, allowing multiple applications to run, multitask support and various embedded files such as HTML pages or resources. This talk aims at presenting simple tools and methods to break into these modems, dump information from specific components, and also presents many features of the BCM3383 chipset.

The author wrote many tools dealing with packed firmwares and files, and identified many ways to hack the way cable modems work. These tools will be made publicly available once the talk done.

Around the world in 80 Cons

This is a talk on perspectives. I step outside of mine to see hacking around the world though different views. We will explore how companies who publish reports help skew the global perspective. We will look at how people from different parts of the world see hacking/ information security from their own perspective. We will hear a few tales of what I saw through my perspective of a stranger in a foreign land. We will then explore a small slice of history of a few hackers to gain a better perspective of where we have been, where we are now and where we are heading. This talk was not only created to entertain and enlighten the conference attendees to take a step back and look at what they themselves are a part of. It was made for them to share with friends, family and coworkers. So people on the outside could get a better understanding of what a hacker truly is and why being one is such a great thing to be!

Use CNC and 3D to cut your own mechanical keys

This presentation will show you how to duplicate a key, with no experience, applicable on standard keys, dimple keys and even high security pump locks keys. Only for a few bucks.

Commercially available code cutting machine usually cost more than 10 000 euros, and the are dedicated to a specific type of key. Even locksmiths are pretty rare to own one, because the total invesment is around 60 000 euros if you want to duplicate a large part of the key available on the market.

Using a CNC milling machine can be very helpful, for less than 5 000 euros, or even less than 1 000 euros with DIY machines. And this machines are more and more present in HackerSpaces and FabLabs.

And what about 3D printing ?
Please come and you will know ;-)

Take back the control over your physical security !

HaveFun !
MrJack

Using a basic bathroom scale to remotly follow a behive production

• Description of different possible solutions
• Description of a multiplexed LCD signal
• Practical way of rebuilding the LCD structure

1.    Example based on the Téraillon TX6000 scale
2.    Arduino code for weight reading
3.    Communication method : Sigfox network with Akeru board, why and how.
4.    Results : history of an actual behive mesures

Security Threats for Instant Messaging Platforms

Global surveillance emerged as a phenomenon since the late 1940s and Internet and mobile technology are being developed with such pace that it is impossible to guarantee electronic privacy and nobody should expect it. How strong are the actual Instant Messaging Platforms? Do they take care of our security and privacy? We'll look inside the security of several clients (like BBM, Snapchat, Viber or Line) and will put our focus on WhatsApp.

WhatsApp might not be as widely known as Twitter, but the company announced that it has passed 400 million active monthly users. WhatsApp has been plagued by several security issues in the past, so we decided to start the research. We’ve discovered several vulnerabilities more that we'll disclosure (with proof of concept code), including encryption flaws, remote DOS (making the client crash by sending a custom message) or how to spoof messages manipulating sender address information.

Defeating Memory Corruption Attacks by Replication and Diversification

Memory error exploits have been around for quite some time now, but despite all the efforts to prevent these attacks, they are still one of the most commonly exploited vulnerabilities to get arbitrary code execution - sometimes even with system privileges - on a target machine. Most of the protections currently deployed are probabilistic, meaning that they can make the exploitation of memory errors harder and more time consuming, but they cannot prevent them deterministically. It turned out that ASLR can be bypassed with techniques such as heap spraying, and that stack canaries can be left untouched by simply overwriting pointers other than the return address. Furthermore, these security mechanisms rely on keeping the seed secret, which cannot always be assured.

We propose a technique that provides deterministic protection against all memory corruption attacks that perform full pointer overwrites to redirect the execution flow. The key ideas are address space partitioning, process replication and I/O synchronization. Deterministic protection can be achieved by making sure that any virtual memory address is only valid in one of the processes. Any memory corruption attack that attempts to redirect the execution flow by a pointer overwrite, cannot be successful in both processes. Since both processes are fed with the same input, it will result in a segmentation fault in one of the processes. By monitoring the processes at system call ganularity, it can be assured that malicious code cannot do any damage to the system.

A PoC was developed in the course of the research, which is published under the terms of the LGPL.