DEFCON25 Project: How I Did it!


Posted on Augst 1, 2017 at 1:00 AM

HackMyPi sent a project to DEFCON 25, and here is how I did it!

For DEFCON 25, a buddy of mine who was going asked me to build a project he could keep in his backpack, that could 'do something cool'. Well, we decided on a PirateBox to start. What a Piratebox does, is broadcast an open WiFi that when connected to, will redirect you to a web portal. From this web portal you can share files with those around you, chat, or post on a forum. All anonymously. The PirateBox software is a great little package from some awesome open source developers, and there is now a Raspberry Pi version! The hardware's pretty straightforward:

  • Raspberry Pi 2:
    I picked this over the Pi 3 because of lack of a WiFi adapter. For what I was making I wanted to use a RedBear IoT pHAT (MUCH better WiFi range, and allows for ease of adding on external antenna's). The Redbear hat doesn't interface very well with the Pi 3.
  • Redbear IoT pHAT:
    This is the same board I used for my original PiMiniMint. This board uses the GPIO pins to give the user an external antenna, that is much better quality/gives better range then the standard Pi 3 antenna.
  • Battery Pack:
    This project is powered using an Anker PowerPack, I chose this simply due to cost, if you have a USB battery pack feel free to use that one!
  • USB Stick:
    I configured my version of the box to store all files for the filesharing on a 128gb USB stick. You can use any USB drive you want, as long as the Pi can handle it.
  • Micro SD card:
    The Raspberry Pi uses a Micro SD card for storing and running the Operating System.
  • Enclosure for the project:
    I chose a small camera case that would hold both the Pi and the battery pack.

Above are pictures of the project in development stage, including working on the custom SMB path's and working on the Scavenger hunt.

Getting the Pi setup is straightforward, lets start with setting up the software. Download the PirateBox image from this site Make sure to get the correct image for your Pi. Once your image is downloaded, burn the image file to your SD by following my guide HERE.

Take the Redbear IoT pHAT and stack it on top of the Pi 2, making sure to align all 40 pins. Put the SD card into the Pi, and hook the Pi up to a monitor, using an HDMI cable. Plug in your keyboard/mouse to the Pi's USB jacks, and give the Pi power. It will begin to turn on, reboot itself a few times, then open up to a terminal.

Log into the Pi using 'alarm' as both the username and the password. Once you are logged in, the box will give you a few more instructions for customizing your individual box. The Pi will begin broadcasting a WiFi signal. You can connect to this WiFi from any device, and when you open a browser you will be able to interact with the box. There will be the ability to add files, copy files, chat in a chatroom, and post in a forums. The basic configuration of the Piratebox is now done!

Now for my scavenger hunt!

Anyone who went to DEFCON and tried it, or has been following my site, will know that there was a crypto Scavenger hunt setup on the Piratebox. In the files area, I left my own file that acts as a jumping off point for the scavenger hunt:

This image, if you check closely, shows that the username for the box is 'alarm' and the password was changed to 'SSID'. Now, the password is not literally 'SSID', but rather the custom SSID I set for the Pi's WiFi network. Use those credentials to SSH into the Pi at it's host IP. (You can find this by running 'ipconfig' on any windows machine command line connected to the Pi, or 'ifconfig' on any unix based system).

Once inside, I changed the Message Of The Day (MOTD) to a clue, pointing to a directory hidden in root. This directory contained a single text file, that was an encrypted message. I used the ASCII decimal values of the phrase '' and shifted it 25 characters (DEFCON 25 this year). If you cracked this code, it points you to my site HERE. Here was the final clue. Rather easy to crack, it prompts the user to send me a specific tweet. The first person to tweet me the hidden phrase will win a custom PiMiniMint!

Finished shot of all the parts in the enclosure:


Raspberry Pi 3 Model B Motherboard
Eleduino Redbear loT PHat with header for Raspberry Pi
SanDisk Ultra 32GB microSDHC UHS-I Card with Adapter, Grey/Red, Standard Packaging (SDSQUNC-032G-GN6MA)
Anker PowerCore+ 10050 Premium Aluminum Portable Charger with Qualcomm Quick Charge 3.0, 10050mAh Power Bank with PowerIQ Technology



Enter your Name and Email to receive notifications about new posts

Like what you see?

Consider backing us on Patreon to help cover server/project costs! Shop using our
Amazon Affiliate link! Follow us on Social Media!

Contact Me

Feel free to email me at with any questions!