DEF CON 31 - Infinite Money Glitch - Hacking Transit Cards - Bertocchi, Campbell, Gibson, Harris

Показать описание

Who likes paying to ride the subway? Sure, you could hop the fare gates, but that can be athletically challenging and simply isn’t cool enough for our tastes. What’s a mischievous and miserly rider to do, then? Hack the fare system of course!

In this talk we'll walk you through how we, four high school students and cybersecurity noobs became the first to fully reverse engineer Boston’s CharlieCard fare system and earn ourselves free rides for life… or at least until the system gets fixed, whichever comes first.

We’ll start by exploring the trials and tribulations of exploring the hardware behind the CharlieCards. Next, we’ll dive into the emotional rollercoaster of reverse engineering the black box that is a transit card system older than us. We’ll then explain the process of disclosing our findings to a government agency without having to hire a legal team. Finally, we’ll show you a demo of some of the tools we made, including our own portable fare machine! By the end of our talk, regardless of whether you’re an avid RFID hackerman, or a complete noob, we’ll leave you with useful reverse engineering strategies, tips for working with a government agency, and if nothing else, a fun story.

Рекомендации по теме

Комментарии

The irony that DEFCON can hack into pretty much anything known, but can't run a slide show....

JeremyDWilliamsOfficial

A room full of hackers that can’t get a slideshow to work is literally a family guy scene

pablopaintem

Absolute ballers for carrying on with their technical speech with no slides for 20 minutes.

OzzyMandius

These are the most composed high schoolers I have ever listened to.

beatsbyandrew

These kids are fucking brilliant and inspiring. I saw this talk live and they blew me away.
Unfortunately the system in my city uses DESFire which is a lot more secure, but a lot less fun.
All these comments about the AV glitches are burying the lead.

jaredmeit

Great talk! A shame that defcon cant get their infrastructure tech together, even at $460/ticket.

jeffreyg

I felt so bad for those kids with all the technical difficulties. They did awesome tho! ❤

boneitch

Hope this gets rerecorded by the students and put online in a non panicked manner and with working slides throughout.

skellious

It’s good to see the worlds most fitting edge hackers still have problems displaying power point. 😂

SitNSpinRecords

im 40 yo and i need to say this is super inspirational, because young people like that it's a reference! incredible job guys congratulations 🎉

albertcorzo

Loved how they broke down how they discovered the vulnerability and cudo's for helping them fix it. Great job guys!

craigbabuchanan

I wish cybersecurity was available to me in high school! So cool to see this

xrk

Wow do y'all need an A/V tech? It burns my toast to see this. I really want to see the presentation, like with my eyes. As a professional audio engineer seeing egregious things like this happen at a large scale event I was tentatively excited to attend in the future makes me question how much of a priority I want to make this.

whilykitt

32:25 the values aren’t in half pennies, they just aren’t aligned properly when being checked. Shifting right 1 bit is needed to align.

JonathanTheZombie

These guys have the right spirit mixed with great humor.

simonstergaard

as someone not super into tech & watches these every once in a while, it blows my mind that these are some really techy people but they cant get the slideshow running for their event lol

JDMKEV

Choo choo!! 🚂

Great work guys! I would have had a nervous breakdown trying to get those slides working 😅

cmorche

Great talk exemplifying the best Defcon has to offer. Enthusiasm and technical skill. Keep it up, hope to see y'all come back with more exploits.

Ankudamurderer

You guys are the best! All of us involved with MATE are proud of you. There is no limit to what you will achieve in this world! Stay in touch!

c.ebenfranks

Was gonna say a room full of hackers that cant get a laptop to a projector but i dont want all my accounts hijacked so epic job guys 👍

mattybond

DEF CON 31 - Infinite Money Glitch - Hacking Transit Cards - Bertocchi, Campbell, Gibson, Harris

DEF CON 31 - Infinite Money Glitch - Hacking Transit Cards - Bertocchi, Campbell, Gibson, Harris

DEF CON 31 - SpamChannel - Spoofing Emails From 2M+ Domains & Virtually Becoming Satan - byt3bl3...

DEF CON 31 Infinite Money Glitch Hacking Transit Cards Bertocchi, Campbell, Gibson, Harris ru

Why Def Con 31 SUCKED - Full recap & review | Ep. 38

DEF CON 31 - Hack the Box Interview - Video Team

DEF CON 31 War Stories - Tracking the Worlds Dumbest Cyber Mercenaries - Cooper Quintin

DEF CON 31 - Tinfoil Hat Contest - Video Team

DEF CON 31 - Contextualizing The Vulkan Leaks & State Sponsored Offensive Ops - Joe Slowik

DEF CON 31 - A Pain in the NAS Exploiting Cloud Connectivity to PWN your NAS - Moshe, Brizinov

DEF CON 31 - Terminally Owned - 60 Years of Escaping - David Leadbeater

Biohacking at Defcon

DEF CON 31 War Stories - Living Next Door to Russia - Mikko Hypponen

DEF CON 31 War Stories - The Risks of Pointing Out the Emperor is Buck Naked - Renderman, Tom Dang

DEF CON 31 - Smashing the State Machine the True Potential of Web Race Conditions - James Kettle

DEF CON 31 - The Internals of Veilid, a New Decentralized Application Framework - DilDog, Medus4

DEF CON 31 - certmitm Automatic Exploitation of TLS Certificate Validation Vulns - Aapo Oksman

DEF CON 31 - Exploring Linux Memory Manipulation for Stealth and Evasion - Polop, Gutierrez

DEF CON 31 War Stories - A Series of Unfortunate Events - Ben Sadeghipour, Corben Leo

DEF CON 31 - Growing the Community of AI Hackers w Generative Red Team - Cattell, Chowdhury, Carson

DEF CON 31 - Advanced ROP Framework Pushing ROP to Its Limits - Brizendine, Kusuma

the Password Cracking Village | DEF CON 31

DEF CON 31 - War Stories - Youre Not George Clooney, and This Isnt Oceans 11 - Andrew Brandt

DEF CON 31 - Look Ma Im the CEO - Real Time Video and Audio Deep Fake -Gal Zror

DEF CON 31 - Revolutionizing ELF binary patching w Shiva - ElfMaster