CALL FOR PAPERS
The DEFCON 16 Call for Papers is now Closed! The DEFCON 16 speaking schedule is complete, with occasional minor adjustments.! So keep your eye on the Speaker Page and the Schedule Page for all the latest info as it happens. You can also subscribe to the DEFCON RSS Feed for up to the minute news.
RIVIERA IS FULL
The Riv is officially full for DEFCON 16 weekend. For more on the Riviera, visit the Venue page.
Contest results will be added as they are received
Capture the Flag
Congratulations to Sk3wl0fr00t for their win in this year's Capture the Flag Competiton, which was masterfully engineered and executed by Kenshoto!
1st - Sk3wl0fr00t
2nd - Routards
3rd - 1@stPlace
4th - Taekwon-V
5th - Guard@MyLan0
6th - Shellphish
7th - Pandas with Gambas
8th - WOWHACKER
For some great perspective into CTF, you can check out atlas' run-down (team 1@stPlace), as well as a fantastic write-up with the binaries from the competition at http://nopsr.us/ctf2008
Open Capture The Flag IV
Here are the scores from oCTF IV. In addition to the scores for each team, we also mention which services were owned by which teams and for how many points at the bottom. If you played oCTF IV, and have code, hints, or explanations as to how you scored some points, please send it to firstname.lastname@example.org so I can include some solutions on the site when we post a write-up of the challenges.
|The 5th Octet||337|
|big pimpin thug-a-lot||101|
|lol bbq ch33ze8urg3rs||2|
Now here are the services, and which team pwned them, and for how many points
- Auction purchases - vand(954)
- Auction sales - neg9(759), sudoers(195)
- Highest Credit - rgw2(902), The 5th Octet(6), everyone else(3 or less)
- Lowest Credit - vand(945), everyone else(less than 10)
- Most Equity - DDUCK(461), neg9(235), Kelson(110), rgw2(92), vand(44), big pimpin thug-a-lot(39)
- Badge soldering - rgw2(45), vand(15)
- Ice Cream Shoppe - DDUCK(545), rgw2(175), neg9(88)
- LarpQL - DDUCK(638), vand(121), kelson(31), neg9(24), big pimpin thug-a-lot(2), rgw2(1)
- Maze - DDUCK(476), sudoers(156), rgw2(128), wwbd(127), Cthulu(58), kelson(21), The 5th Octet(17), maveric(2), neg9(1), vand(1)
- Pwned the box(192.168.192.120) - vand(1500), wwbd(1500)
- Social Engineering - big pimpin thug-a-lot(17) (I forget what they gave us, but they just wanted to break the 100 mark, no matter what the cost!)
- T0astCR - DDUCK(645), rgw2(149), bingpimpin thug-a-lot(40), vand(26)
- War Games - vand(2025), The 5th Octet(306)
Race to Zero
Congratulations to the chicagostreetsweepers for winning the Race To Zero 2008.
Other teams that received awards:
Honorable Mention: Team retem completed the contest in 2 hours 20 without a debugger
Dirtiest Hack: Team retem for packing the word vuln in an .exe and calling office
Most Deserving of Beer: The team that included a loop in their dropper looking for the string ”beer”
Thanks to all teams that competed!
DEFCON 16 BADGE HACKING CONTEST
We had 20 contest entries this year up from seven entries of DEFCON 15. The submissions ranged the gamut from simple firmware modifications to complicated integrated systems of hardware and firmware. Sorry if I forgot your names!
1ST PLACE: Human Password Generator by the Greek Geeks
A software application on a PC laptop tracked the motion of the badge's LEDs via a webcam and sent a hash of the motion profile over USB to the badge, which then computed the password based on the motion hash and transferred the result back to the PC.
2ND PLACE: Apple Front Row and HP Pavilion DV Laptop remote control emulation by BonzoESC, Sterling, Critta, & Jymbolia
This hack uses the badge's IR transmitter to emulate Apple Front Row and HP Pavilion DV-series laptop remote controls. Also provides brute-forcing of the 8-bit keyspace used for pairing of Front Row remote control to computer. More info here: http://github.com/bkerley/dc16_badge
3RD PLACE: Motion-generated/context-sensitive music & snooze alert (tilt detection) using accelerometer
Motion-generated/context-sensitive music using an external accelerometer connected to the JM60 MCU. Also features "snooze alert" by making sound if a tilt is detected.
OTHER ENTRIES (in no particular order):
- TV-B-A.D.D. (channel changing) and Hotel-B-P0wn by Major Malfunction
- Hardware addition of a camera flash charging/discharging circuit
- LED animations (binary counter + police light bar emulation) & music generator with external Parallax BS2sx circuit
- LED pattern generator with added multicolor LEDs
- Cellular Automaton with two models: Rule 30, random number generator, and Rule 110, Turing-complete "spaceship pattern."
- Fiber optic LED hack + POV displaying "DEFCON"
- Optical trojan/covert channel via LED (transmitting "HELLO DEFCON" in morse code, undetectable to the human eye) by CVORG
- Real-time binary clock with IR time synchronization
- VGA signal generation (almost working)
- Persistence-of-vision (POV) saying "DC16 HACKER" & Psuedorandom number generator w/ PWM dimming
- Nikon camera remote control/trigger
- TV-B-Gone/IR distance enhancements (multiple LEDs) & audio generation via PWM/LPF (almost working) by Solder Guy
- LED animations & high-level scripting language for LED patterns (Logo-style) by charliex
- 2 guys from CCC ported the Freescale Codewarrior/JM60 development tools to Linux!
- Misc. Artistic Decorations/Badge Paintings by Eddie the Yeti and "Paint"
DC16 badge-related development info (schematics, firmware, slides, links to badge hacks, etc.) can be found on my site here:
I've also posted videos (http://www.youtube.com/user/kingpinempire) and hacked badge pictures
Thanks to everyone's support and participation, the contest is now officially a black badge event, so start planning for next year and win the ultimate bragging rights!
Beverage Cooling Contraption Contest (BCCC)
So the results are in and we had a fucking great time with the Beverage Cooling Contraption Contest this year at DEFCON 16.
We had six main offerings this year, all of which were creative and fun in their own way...
We officially declared both Ad-Hoc as well as S & J to be the winners. Ad-Hoc treated the contest parameters the best, and S & J offered up the most powerful contraption (in more ways than one)
Great job, everyone! I hope that all the people who were standing around outside enjoyed the show and got enough free drinks. Next year we'll strongly enforce the "constant pour" system and i'll have electronic equipment rigged to judge all entries simultaneously so that we can really make some strong output flow for the crowd!
For detailed descriptions of the contraptions, see https://forum.defcon.org/showthread.php?p=98284
|1||G Mark Hardy||Aloha Fed (Royal Kona Roy's Blend)||7.5|
|2||Shawn||Quarry Coffee Sumatran||7.2|
|3||Stefania||Cafe Iguana Colombia||6.8|
For full results and ratings, see http://www.coffeewars.org/Results.shtml
|1st Place||Team Yozhik||Mikhail, Konstantin|
|2nd Place||N/A||Daniel, Scott, Josh|
|3rd Place||Zero Op||Colin, Dan, Mike|
|4th Place||Blu Team||Joe, Kevin, Zack|
|5th Place||A||Nick, John|
|Go to http://defconbots.org/defcon16/results.php for results with photos.|
Hacker Jeopardy 2008
Host: Winn Schwartau
Judge/scorekeeper: G. Mark
Vanna Vinyl: Banasidhe
Beer Betty: Li'l Jinny
Winner of the Fourteenth Hacker Jeopardy was NYMPHS (New York Metro Phreakers and Hackers Society), consisting of Bobcat, Foofus, and Billy Goto. Overall results for 2008:
Friday, Aug 8, 2008
Less Than Sober Ninjas (Chris, Scott, Oswald) - negative 200 points [so much for truly random contestant selection improving the intellectual gene pool]
Whopis (Dan, Eddie, Mac) - 299 points [for 2,700 points, how the hell do you pronounce "Whopis"?]
WINNER: RRRRs (Viki, Alice, Mallory) - 2,999 points
Friday, Aug 8, 2008
WINNER: Team Jaeger Muesli (Hypatia, Shardy, Dan Kaminsky) - 2,700 points [WINNER] [finally, a team willing to use their handles at DEFCON. Look on YouTube for Meee's hilarious video of Dan desperately trying to bribe a janitor to use a closed men's room after the round was over]
*Vegas 2.0 (HackAJar, Packet Baron, Jake) - 0 points [well, at least they're consistent; that was their score two years ago]
Flying Packets (?, ?, ?)- 0 points [Team did not identify themselves, and as Winn referred to them as the "Flying Faggots," this is consistent with DEFCON's "Don't Ask, Don't Tell" policy]
Saturday, Aug 9, 2008
**Prevalidate the Goat (Evil MoFo, yotta, iphelix) - negative 1,500 points [I think this is a new all-time low score.]
Satyrs (ravyn, ?, ?) - 5,200 points [Actually, these guys were pretty good, but didn't follow directions on the DEFCON forum posts and figured if they wrote their name on a piece of paper somewhere I'd magically know who they were. Well, they sent me an e-mail at the last minute, got picked, and had one of the highest second place point totals in Hacker Jeopardy. RTFM and come back next year.]
WINNER: NYMPHS (Billy GOTO, Foofus, BobCat) - 5,201 points [Another strategic win as these three-time champions paced themselves with only eight beers since they would play the final round immediately afterward.]
Final round: Aug 9, 2008
Team Jaeger Muesli (Hypatia, Shardy, Dan Kaminsky) - Tied NYMPHs at end of regulation with 2,900 points, but only drank 12 beers to finish with 4,100 points. Bet nothing, got the answer wrong, so finished with 4,100 points.
WINNER: NYMPHS (Billy GOTO, Foofus, BobCat) - Tied at 2,900 but pounded down 18 beers to finish with 4,700 points. Bet and lost 500 on final, so finished with 4,200 to bag their fourth win in ten years.
RRRRs (Viki, Alice, Mallory) - The only team with enough cajones to bet all their points (and sell articles of dainty undergarments to boost their score), they missed the final answer, and so finished with
zero points. Kumquat (defending champions from 2007) - Turned in a disappointing performance, finishing in the hole, but drank themselves to pluss 800 points and then bet none of it.
Winner of Black HAXOR badge: NYMPHS
* Humperdink Award (most beers consumed in one round): Vegas 2.0 (21)
** 2-year Old Award (For pulling a "Mommy said, Daddy said" to trick Winn into permitting a designated drinker (Salem) after I told them "no."): Prevalidate the Goat
POLICY STATEMENT for the record: NO MORE DESIGNATED DRINKERS. BUY YOUR OWN DAMN BOOZE.
Special mention to Geoffrey (Monkey) Bennett, who played a number of years on Deus Sex Machina and brought everyone a lot of laughs. He collapsed and died April 6 while jogging. Farewell, my friend. You knew the final, final answer to get you in the pearly gates was "grace."
Final Hacker Jeopardy Question:
A: This retired Navy admiral and former director of the NSA now serves as the Director of National Intelligence for the Bush Administration.
Q: Who is J. Michael McConnell?
Scores and results certified by G. Mark (judge and scorekeeper)
Here were the results of the finalists' round (the "medium" car lock was broken at the end of normal competition and therefore was not used at all in this last round)...
easy cuffs, easy door, easy file cabinet, easy deadbolt, easy car
easy cuffs, hard door, medium file cabinet, medium deadbolt, easy car
cuffed behind back, medium door, medium file cabinet, medium deadbolt, easy car
cuffed behind back, hard door, medium file cabinet, hard deadbolt, easy car
cuffed behind back, hard door, hard file cabinet, hard deadbolt, easy car
it came down to a miraculous photo finish between schuyler and dosman. each had very similar times (two minutes and change) and attacked almost all the same locks. eventhough schuyler was a slower by almost 30 seconds, he attacked the hard filing cabinet lock as opposed to the medium one. this alloted him enough in additional points to be the grand prize winner.
Get complete results at: https://forum.defcon.org/showthread.php?t=9793