Posted on August 1, 2017 at 1:00 AM
HackMyPi sent a project to DEFCON 25, and here is how I did it!
For DEFCON 25, a buddy of mine who was going asked me to build a project he could keep in his backpack, that could 'do something cool'. Well, we decided on a PirateBox to start. What a Piratebox does, is broadcast an open WiFi that when connected to, will redirect you to a web portal. From this web portal you can share files with those around you, chat, or post on a forum. All anonymously. The PirateBox software is a great little package from some awesome open source developers, and there is now a Raspberry Pi version! The hardware's pretty straightforward:
Above are pictures of the project in development stage, including working on the custom SMB path's and working on the Scavenger hunt.
Getting the Pi setup is straightforward, lets start with setting up the software. Download the PirateBox image from this site Make sure to get the correct image for your Pi. Once your image is downloaded, burn the image file to your SD by following my guide HERE.
Take the Redbear IoT pHAT and stack it on top of the Pi 2, making sure to align all 40 pins. Put the SD card into the Pi, and hook the Pi up to a monitor, using an HDMI cable. Plug in your keyboard/mouse to the Pi's USB jacks, and give the Pi power. It will begin to turn on, reboot itself a few times, then open up to a terminal.
Log into the Pi using 'alarm' as both the username and the password. Once you are logged in, the box will give you a few more instructions for customizing your individual box. The Pi will begin broadcasting a WiFi signal. You can connect to this WiFi from any device, and when you open a browser you will be able to interact with the box. There will be the ability to add files, copy files, chat in a chatroom, and post in a forums. The basic configuration of the Piratebox is now done!
Anyone who went to DEFCON and tried it, or has been following my site, will know that there was a crypto Scavenger hunt setup on the Piratebox. In the files area, I left my own file that acts as a jumping off point for the scavenger hunt:
This image, if you check closely, shows that the username for the box is 'alarm' and the password was changed to 'SSID'. Now, the password is not literally 'SSID', but rather the custom SSID I set for the Pi's WiFi network. Use those credentials to SSH into the Pi at it's host IP. (You can find this by running 'ipconfig' on any windows machine command line connected to the Pi, or 'ifconfig' on any unix based system).
Once inside, I changed the Message Of The Day (MOTD) to a clue, pointing to a directory hidden in root. This directory contained a single text file, that was an encrypted message. I used the ASCII decimal values of the phrase 'hackmypi.com/defcon.php' and shifted it 25 characters (DEFCON 25 this year). If you cracked this code, it points you to my site HERE. Here was the final clue. Rather easy to crack, it prompts the user to send me a specific tweet. The first person to tweet me the hidden phrase will win a custom PiMiniMint!
Finished shot of all the parts in the enclosure:
Enter your Name and Email to receive notifications about new posts
Feel free to email me at firstname.lastname@example.org with any questions!