AHE17: Event Summary
On June 7th, we organized our third Android Hacking Event at Fraunhofer SIT. As every year, we focus on Android related challenges. However, this time we broadened our challenge categories and came up with completely new types of challenges (see next section). In comparison to the Android Hacking Event 2016, we could treble the amount of local hackers. This year, 95 hackers attended from different parts of Germany and one team from Italy. This made us really proud and we would like to say „thank you“ again to all local hackers who came to Darmstadt from near and far. Additionally, we also would like to thank our sponsors Google, Microsoft, Avira, Intel and Titus for their support.
Challenge Categories
As Android is still growing and reaches more and more parts of the everyday live, we decided to create a wide verity of challenge categories to show as many aspects of Android as possible. We invested a lot of time to come up with three new categories: Real-Device, Money Safe and Intel Edison Boards. You can find an overview of the challenges and write-ups here.
Real-Device
We built a „wall“ full of Android Smartphones running different applications (challenges). Every group needed to connect from their notebook to a single smartphone without physically accessing the smartphone. Therefore, the smartphone basically became a blackbox. We needed to find a mechanism to allow multiple (transparent) connections to a single phone. We did some hardware/software hacking and created a middleware which had access to 12 smartphones via Android Debug Bridge (adb). Local hackers could connect to the middleware over SSH and got redirected to a phone. The complete communication was filtered by the middleware to create an unique environment for each hacker.
Money Safe
The „Money Safe“ challenge had the goal to open a money safe via NFC. When opening a safe regularly, the user needs to enter the correct PIN (8-digit number). As bruteforcing is not an option with the limited time, local hackers needed to find an exploit to open the safe. By looking at the Android app implementing the NFC protocol, an exploit containing two stages could be crafted. When executed correctly, the safe would open. Inside the safe was an envelope containing the flag for the challenge.
For this challenge, we needed to implement two things, the software for an Arduino sitting inside the safe itself and the Android App talking to the Arduino over NFC. Using the Android NFC API was really painful and took a lot of time and energy. But it was worth the trouble, local hackers really enjoyed doing this challenge. Especially the aspect of physically hacking a hardware device was completely new to all participants, also for well experienced CTF players.
Intel Edison Board
This challenge is mostly hardware hacking. Thanks to Intel, we got 35 Edison Boards for designing a challenge with it. Normally, a lightweight Linux is used as operating system on Edison Boards. As we organized the Android Hacking Event, we wanted to use Android Things (an Android version for IOT devices). This didn’t work out of the box, but we managed it in the end. After some all-nighters with flashing every single Edison Board, we created the Edison Board challenge.
For solving the challenge, hackers needed to connect cables in the correct way to trigger a Bluetooth and Wi-Fi discovery mode. After discovering the correct Bluetooth and/or Wi-Fi device, the flag got displayed on logcat. Additionally, the state of the device was indicated by a RBG-LED, giving feedback to the hacker.
Pictures
Awards 2017
Another new innovation of AHE17 were random awards. Random awards are awards that are awarded to participants for a „special purpose“. We did not have fixed awards beforehand, we define them during the event. For this year, 5 different random awards went to:
- Female-Attendee-Award: Goes to the only female participant at AHE17 (94 male hackers and 1 female hacker).
- 0day-Award: For the team finding a bug in our middleware and not using it to their benefit
- Long-Distance-Award: Goes to team TRUEL IT from Italy, since they came from most far away.
- Best-Car-Award: Goes to team Uber1337 for their awesome Hummer containing „#AHE17“ stickers.
- Biggest-Commitment-Award: Goes to one team member from team TRUEL IT, who had his last exam in Italy the day after the event at 2pm.
Attractions
Based on the feedback from AHE16, we needed to have the pizza wagon again for AHE17. With 3 times more participants, the pizza wagon needed to extend as well. With an additional oven, it could serve all participant well. Everybody enjoyed the pizza while hacking. Apart from that, we wanted to add new attractions to AHE17. Therefore, we had nerf gun rockets, a bouncy castle and most important a real bar with drinks for the after-event party.
Teams
After hacking 6 hours, we had three winning teams:
Congratulations to team Squareroots for the 1st rank!
Congratulations to team SaarDroid for the 2nd rank!
Congratulations to team C3P0wn for the 3rd rank!
The complete score board containing all teams:
# | Team | Score |
---|---|---|
1 | Squareroots | 1870 |
2 | SaarDroid | 1730 |
3 | C3P0wn | 1720 |
4 | TRUEL IT | 1580 |
5 | ❄ | 1550 |
6 | Uber1337 | 1210 |
7 | 0XAJK | 1080 |
8 | IOS_ROCKZ | 1020 |
9 | NSEC | 1000 |
10 | KEINEAHNUNG17 | 910 |
11 | FAUSTA | 890 |
12 | TUMUCHSECURITY | 850 |
13 | OPT. GRAV. ANACONDAS | 750 |
14 | TABLE13 | 660 |
15 | PASTA | 610 |
16 | SLOEWEN | 610 |
17 | NXN | 550 |
18 | NULLPOINTEREXCEPTION | 550 |
19 | 1337HAXX0R | 550 |
20 | B_SOCIETY | 550 |
21 | WASLOS? | 500 |
22 | DEEP_PENETRATORS | 500 |
23 | LARGE SLIME CRABS | 450 |
24 | FAUST 1 | 450 |
25 | FRIENDLYFIRE | 400 |
26 | THINKERS | 400 |
27 | DEANJU | 400 |
28 | GR00T | 300 |
29 | ARKHAM | 250 |
30 | PIKACHU | 150 |
31 | DUCKTALES | 150 |
32 | DBCOOPER | 150 |
33 | SYYH | 0 |
34 | LEADROYAL | 0 |
35 | PHR0S | 0 |
36 | HURLEBURLEBUTZ | 0 |
37 | RAJIV | 0 |
38 | ABANDON | 0 |
39 | FLUFFLE | 0 |
40 | OHNEFLEISSKEINREIS | 0 |
41 | GAMMAGANDALF | 0 |
42 | DZONERZY | 0 |
43 | MONGOLOMANIA | 0 |
44 | UPB | 0 |
45 | RALITA | 0 |
46 | IRGUILDS-CTF | 0 |
47 | SST | 0 |
48 | DANII | 0 |
49 | ROGUEWIRE | 0 |
50 | OPENTOALL | 0 |
Thank you all for participating! Maybe see you in 2018!