DEF CON 31 - Infinite Money Glitch - Hacking Transit Cards - Bertocchi, Campbell, Gibson, Harris
Vložit
- čas přidán 22. 08. 2023
- Who likes paying to ride the subway? Sure, you could hop the fare gates, but that can be athletically challenging and simply isn’t cool enough for our tastes. What’s a mischievous and miserly rider to do, then? Hack the fare system of course!
In this talk we'll walk you through how we, four high school students and cybersecurity noobs became the first to fully reverse engineer Boston’s CharlieCard fare system and earn ourselves free rides for life… or at least until the system gets fixed, whichever comes first.
We’ll start by exploring the trials and tribulations of exploring the hardware behind the CharlieCards. Next, we’ll dive into the emotional rollercoaster of reverse engineering the black box that is a transit card system older than us. We’ll then explain the process of disclosing our findings to a government agency without having to hire a legal team. Finally, we’ll show you a demo of some of the tools we made, including our own portable fare machine! By the end of our talk, regardless of whether you’re an avid RFID hackerman, or a complete noob, we’ll leave you with useful reverse engineering strategies, tips for working with a government agency, and if nothing else, a fun story. - Věda a technologie
The irony that DEFCON can hack into pretty much anything known, but can't run a slide show....
Standard IT issues. It's expected.
I do wonder, every year, what does that AV setup look like?
You can NEVER have it all, and thats ok no, sey ? ^^
gotta tell them to hack into a power point slide not host one
the podium was so tacky the computer died of cringe
A room full of hackers that can’t get a slideshow to work is literally a family guy scene
A room full of hackers is going to have someone who wants to hack the slideshow. It’s basically asking for trouble
They didn’t wanna try hard enough
These are the most composed high schoolers I have ever listened to.
I hope they get some great college scholarships as a result of this hack. They deserve it... Though I imagine they will probably hack the meal plan software/database at their colleges as well. 😝
(╬≖_≖) Not really
Afaik the tools to hack mifare classic have been around for decades. They made a gui for it and chose not to publish it.
@@jayschafer1760 At this point college would just might slow them down. If they are into cryptography The best hope is that they bump up to quamtum cryptography cyphers. Then patten their own quantam algorithm.
I wish i got to do this stuff in high school instead of being told I’d be nothing in life.
Absolute ballers for carrying on with their technical speech with no slides for 20 minutes.
fix attention span its interesting
Great talk! A shame that defcon cant get their infrastructure tech together, even at $460/ticket.
They were too busy making the podium look nice 😅
that mic doubling situation over the slides is horrible, seems like a choice... seeing as defcon ended 2 weeks ago.
They spent all the money on the badges! Can't you tell? 😆
Jeez, the price has gone up drastically over the last few defcons.
Ok, so... This is power point made by some students set up by volunteers at a conference and who know who's computer is running what. Having done conferences before, unless you are having every slide show be delivered on a USB in a set format where only one person operates you will have issues... Even with this you will still have issues...
This is def con. Ain't no one is touching your USB, no you can't share a network. You are lucky we are letting you plug in an HDMI... Tech issues fall on the presenter...
Hope this gets rerecorded by the students and put online in a non panicked manner and with working slides throughout.
You can find the full pdf on their site brother
Site? What is this site you behold of? Let me know these guys are awesome
this video has them if anyone is looking v=J9Cmu6gBxzs
@@JimmyLucas-ev1hpjust Google it: "Matthew Harris Zachary Bertocchi Scott Campbell Noah Gibson - Boston Infinite Money Glitch Hacking Transit Cards Without Ending Up In Handcuffs.pdf" it's on the defcon site.
what site?@@Kashubialover
I felt so bad for those kids with all the technical difficulties. They did awesome tho! ❤
not really
These kids are fucking brilliant and inspiring. I saw this talk live and they blew me away.
Unfortunately the system in my city uses DESFire which is a lot more secure, but a lot less fun.
All these comments about the AV glitches are burying the lead.
Here they used to have DESFire on the more expensive cards, but mifare classic on the cheapo prepaid tickets. Made the reverse process a lot cheaper ;) No longer though, thanks to mobile apps becoming so prevalent and them axing the non secure tickets.
Isn’t desfire damn near impossible to crack?
@@hank10111111 Impossible ? What is this strange magic unknown to man ?
Give nerds infinite time and resources and they'll get into everything eventually, the fact no one got in YET is not a guarantee no one can get in.
Especially if something gets a reputation of being impossible, that's your fastest ticket to getting it hacked the next afternoon because you just motivated them all to get the title of defeating the undefeatable.
@@hank10111111 that’s my understanding. But it’s always a matter of time, right?
@@hank10111111seems like a challenge for a defcon presentation
It’s good to see the worlds most fitting edge hackers still have problems displaying power point. 😂
thats a feature of powerpoint. it detects live events then decides to fail
🤣@@iWhacko
@@iWhacko I expect there's a Gremlin who attends DEFCON each year.
powerpoint is made by Microsoft. A company that has no idea how to make a user interface work.
Ok but hacking mifare classic isnt anything new, this was done like 10 years ago or even older than that. I dont get how this is worthy of becoming a talk at defcon in 2024. Mifare classic were hacked ages ago, am I wrong? Eu used these types of cards 10-20 years ago but they got deprecated and replaced by more modern stndards because of the weak security. Why are USA using public transport cards with tech that is 10-20 years old?
Wow do y'all need an A/V tech? It burns my toast to see this. I really want to see the presentation, like with my eyes. As a professional audio engineer seeing egregious things like this happen at a large scale event I was tentatively excited to attend in the future makes me question how much of a priority I want to make this.
💯🎯
right? like couldn't just pan to left or right over the slides and make the audio mono?
This is typical for hacker gatherings. They can figure out how to take control of a spy satellite, one year they got like 11 dominion voting machines and had the all of them hacked in under an hour and was basically playing doom on them. But cant figure out how to make the 1k tin can feedback stop every time they get close to a mic. 😂. But i cant knock them too hard. They aren’t audiophiles, in the day, they could break VST serial keys and make protools work without hardware back when that was thing. Lol. I don’t think they ever broke Ilok tho.
I would love to hear a talk from you ! Maybe how this stuff gets prevented in a professional setting ^^
Sometimes venues like this are understaffed and under-prepared. I think it would be best if they hire someone in particular to hire in A/V techs and manage them. Most of this conference's content is heavily reliant on that stuff. Maybe they already do have an A/V captain and crew. 😛 It gets a lot more complicated when it comes down to brass tacks on resources and budgeting for staff. But definitely should not be so frugal on the AV side if that is what is happening.
as someone not super into tech & watches these every once in a while, it blows my mind that these are some really techy people but they cant get the slideshow running for their event lol
Reliable slideshows and working printers are the two unsolvable challenges of digital technology.
all the kings horses and all the kings men couldn't get the codebase to compile again...
The conference venues are handled by teams that are more video/audio savy than IT savy. Having on stage computer is not the defaut mode for them. Having tens of meters of HDMI cables neither.... So extenders failure ? Wireless dongle failure ? What is surprising is the no immediate plan B situation. When doing a presentation, always have your own plan B like an old chromecast 😊
You would be surprised, I work with wealthy ( 7 figure ) people who can’t tell me the difference between a PDF and potato.
For events, we always have secondary and tertiary devices during presentations for exactly this reason. The demo gods and spiteful and cruel. They come out often.
I have to admit, that is a fucking NICE podium. Props to the fabricator.
@steviewolfe666 made the podium.... heh, jk, seriously it is pretty bad ass isn't it!? Thought that too, why aren't they all cool like this one!?
is pretty
for real really fitting for def con!
im 40 yo and i need to say this is super inspirational, because young people like that it's a reference! incredible job guys congratulations 🎉
I wish cybersecurity was available to me in high school! So cool to see this
Oh nice to see you here. 👋
Was gonna say a room full of hackers that cant get a laptop to a projector but i dont want all my accounts hijacked so epic job guys 👍
Choo choo!! 🚂
Great work guys! I would have had a nervous breakdown trying to get those slides working 😅
The MBTA strikes again! Sabotaged!
Loved how they broke down how they discovered the vulnerability and cudo's for helping them fix it. Great job guys!
32:25 the values aren’t in half pennies, they just aren’t aligned properly when being checked. Shifting right 1 bit is needed to align.
These guys have the right spirit mixed with great humor.
A room full of hackers and they can't get the projector to work, or hide the mouse pointer, or turn off the powerpoint slide transition sound 😂😂😂
Great talk exemplifying the best Defcon has to offer. Enthusiasm and technical skill. Keep it up, hope to see y'all come back with more exploits.
theyll need a new wiki for that
Everytime I tap into defcon or the 'darkside', I realize how uncreative I am!! I am so limited and its wildly frustrating. I am such a dunce.
Loved seeing this live and love re-watching it now! Great talk
Amazing work. You guys have a bright future ahead.
Can't wait for your next talk.
Fantastic job to you all! This was fun to watch especially all of the fun technical difficulties!
I hope they record it in private again. Its a shame its so rushed.
Still, awesome talk !
You guys are the best! All of us involved with MATE are proud of you. There is no limit to what you will achieve in this world! Stay in touch!
Thanks Eben! Without MATE we probably wouldn't have done the project!
Applause for how articulate these fellas are!! Great research!!
My mind is blown. Especially because I’m based in New England and the T well haha. Well done kids. We need more of you in this world! Good kids doing great things!
Hearing this guy talk is like listening to young Zoz Brooks. Made my day. Long live free fares on the MBTA!
Defcon has the worst powerpoint setup, the most silent crowds, and the best speakers.
Brilliant work, lads, fantastic team work.
I love the energy! fun project guys
Well done for keeping going despite everything. 😀👍
Great upload!
Currently studying DFIR, and it's amazing what one discovers hidden in the binary of images across the internet. And I'm not even talking lsb/msb steg tactics.
Basic obfuscated encoded strings for extraction.
Makes me wonder why server-side code was never developed to a greater depth in relation to image parsing. Perhaps AI will fix this in gradual stages going forward, because we're obviously speaking of billions of images of various formats that will need to be revisited.
Some even holding personal info in reversed Base64/58/32 strings, which to the unsuspecting on a basic decode appears as unintelligible garbage.
Would Iike to see a conference on this some time...
that video describe "we know only what we know" that programmers know well but folks around the world don't haha great presentation!
wouldnt be defcon without the awkward technical issues
To see the youth make power moves like this makes me sooo soooo happy! props to the squad!!!!!!!!! I wish them the very best in life.
That is very cool. Great work guys
Would really like to see it in more detail, with no time limit, is there an extended version?
Halfpennies "for some reason" makes me think of Office Space... For some reason😂
Absolutely amazing. Would have loved to hear the story about the cops being called lol
What a great bunch of kids! The guy with the beard was funny!
Inspired me a lot. Thanks!
Great presentation! Well done lads!
These guys are bright, and they didn't give up when they hit a wall. I wish I knew my capabilities back when I was in high school. I didn't know I was good at anything yet, and when I tried something technical and failed, I just assumed I wasn't smart enough because that's what was drilled into me. I was scared to death that I would do horribly out in the real world until I found out that I'm actually very talented. Sometimes, I still can't believe it to this day, but the results don't lie. Encourage your kids or other people's kids that you mentor. They might not know how talented they are until they're encouraged to ignore the naysayers and toxic, disparaging people in their lives and just go for it. If you're a kid or a young adult and you're reading this, don't believe the people that say you're a failure or you're not capable. Being good or bad at school is not necessarily an indicator of intelligence or what you can contribute to humanity. You'll amaze yourself with what you're capable of if you know you have intrinsic value and dignity, that no one can take that from you, and you refuse to take no for an answer. You can do this.
that was fun, imagine a world where they stay together the next ten years and grow closer and grow into a multi-headed monster! But sadly, they will likely all go different directions, ending what might have been another new discovery. Or is this just a launching pad, and the beginning of multiple geniuses emerging, who knows, it def was fun to watch, hope there is more in the coming years! Woo Hoo!
hope they re do it because their slide presentations are always the best
It's crazy they store value on the card! MiFare Classic is so old too
Amazing work on the charlie card
Wow. The concern I see more than the money is ability to switch card to employee at any level thus giving bad actor access to possibly MTBA network or facilities.
I doubt that other offices/facilities would use the same transit cards. They would be more likely to use another facilities management platform and other NFC technologies.
@@cottsak I think you really underestimate the capitalist urge to have everything in one cheap and easily accessible system. See Facebook/Meta locking itself out of HQ with one bad code push for further evidence.
far as i know most if not all of the important things. like telecomms are behind passcoded scan doors. not that you said it, but i think it would be a stretch to not have thought of that and set the doors to only be opened by employee uid's that they specifically set and not a would be saboteur.
though the cloning thing would definitely still apply.
Defcon! Awesome! One day i plan on attending.
Wait the T cards actually have data on them. Bro I gave up on this idea years ago when I tried seeing if you can add mote money to an arcade card, and it didn't have any data except a user id 🙃. I figured the T cards would have better security than that, but congrats on the using a true Defcon virtue, attack on every vector
Room full of hackers and its still takes 20 minutes to get a power point running 😔
Love the unreadable fine prints.
Even at DEFCON filled with computer whizzes, there’s still problems getting the slide show to play
I been thinking about doing the same for the MTA for years now!
Cool, thanks for the info !!
Great presentation, even without a presentation. At 28:00 I can't help but think that when I had a similar problem with checksum I just used the card a few times to see what changed in the hexdump.
edit: Yep, did that at 31:30. xD
i'd like to see more, there's more content made by or about them online?
Has there ever been a single DEFCON presentation in the history of the con that hasn't been riddled with technical problems? Absolutely insane that after three decades they still haven't figured out how to run a god damn PowerPoint slideshow properly.
Poor kid, you can feel the anxiety just pouring off him
10:51 - hey! i didn't come here to feel old 😑
The ghost of Longmont potion castle was alive that day!!
Nice talk. I just wished they had more time though.
Daaang these kids NAILED this presentation
Ahh finally the talks are trickling in. What took so long?
kid is a cross between edward norton and martin shkreli
These kids are legends
This was nice, but one must admit that security was just terrible ahah!
"Remember the MBTA Hack! It was a long time ago back when dinosaurs roamed the earth when we were 2 years old!"
It was 2008 and I was in college.
Guess I need to start drinking Ovaltine and drive a Corvette. 👴
This is awesome congrats
Always use backup - backup hardware, software, files - this way a presentation won't have the problems they had during this presentation.
keep them vids coming
great job
Sorry guys I was there and was using my flipper zero to mess wit the projector ..😂 that ir blaster really worked...
4:44 Very professional 😂😂
On a side note, they may want to consider maybe vhs tapes for the video portion of the presmtation. And pretty obvious that its not gonna need to be hunted down in sa pc.....you just hafta rememmber one thing with vhs tapes. BE KIND. REWIND.
AND ERBODY BUT ME LIVED HAPPILY FOREVER AFTER.....YES. YES I WAS BORN THIS LEVEL OF AWESOMENESS. YOURE WELCOME.
Time to finally get Charlie off the MTA.
26:14 'but I still passed' what a modern day era chad
We can give you the protocol for your public transit card, but showing a powerpoint on an external display is not part of our qualifications
sadly london oyster card and the itso smartcards here in the uk both store data in a database
there was a restraining order on the A/V equipment
"Written in C" Look at this Dennis Ritchie Bro on the Up and Up
Guys are incredible : next time check for IA noise cancelling in your mic because the 90's are no more ...
Damn these crappy mics remember me the good old (odd) dayz ...
Glorious 🌅
31:46 what program is that
👎 For not enabling PowerPoint until 20:06 .
👍 For the speeches.
4:08 nice podium ❤😅
Hack the Planet!! Mic check 1st❤😂
18:30 he took a Dump 😅😂 💩 ❤
it's good to see that there are still skript kiddies. I thought that era was gone with the death of forums, promising to see young people can still get into hacking.
forums havent died haha
@@cix9420compared to 2000s they are super dead.
When did Greg Roy start hacking transit cards?
Anyone know what hex viewer/editor they are using ( 21:48 )?
hexedit with the --color flag
what happened to the audio?
Oh man i really wanna see the slide show
Respect
Would love to see this done with Ventra cards in Chicago
ב''ה, the ones that are full PCI, you say?
The slideshow not working is the transport companies fighting back
beautiful
the irony that hackers cant get their slides to work is amazing .
Plot twist: he never had slides!
You know these guys are gonna go places