44CON 2017 Talks

Linux Containers Made of Steel

Presented by: Jesse Frazelle

It is a well known fact that today Linux containers do not “contain.” This talk will cover the steps we have taken and can take in order to change the skepticism surrounding containers. This talk will cover active developments in the Linux kernel that are being worked on to get to this goal. It will go in depth into the design decisions of other similar technologies, such as Solaris Zones, vt-d, and vt-x, and how they can be applied to the primitives in Linux to reach a state of real “contained” sandboxes.

Cracking HiTag2 Crypto – Weaponising Academic Attacks for Breaking and Entering

Presented by: Kevin Sheldrake

HiTag2 is an RFID technology operating at 125KHz. It is distinguished from many others in the same field by its use of 2-way communications for authentication and its use of encryption to protect the data transmissions – the majority of RFID technologies at 125KHz feature no authentication or encryption at all. As a result it has been widely used to provide secure building access and has also been used as the technology that implements car immobilisers.

In 2012, academic researchers Roel Verdult, Flavio D. Garcia and Josep Balasch published the seminal paper, ‘Gone in 360 Seconds: Hijacking with Hitag2’ that presented three attacks on the encryption system used in HiTag2. They implemented their attacks on the Proxmark 3 device (an RFID research and hacking tool) and gave several high-profile demonstrations, but didn’t release any of their code or tools. Since then, the forums supporting Proxmark 3 and RFIDler (another RFID hacking tool) have received many requests for implementations of these attacks, but so far none have been forthcoming.

I implemented all three attacks on RFIDler, supported by desktop computers. The first attack uses a nonce replay to misuse the integrity protection of the comms in order to allow access to the readable RFID tag pages without needing to know the key. I will explain how HiTag2 RFID works and will describe the first attack in detail plus the implementation challenges that I faced. The attacks are weaponised and permit cloning of tags, which I will demonstrate.