CODE BLUE 2014 : [ドローンへの攻撃] マルウェア感染とネットワーク経由の攻撃 by ドンチョル・ホン DONGCHEOL HONG
•
1 like•1,366 views
The document discusses Dongcheol Hong's work as CTO of SEWORKS Inc, including his experience with security events like DEFCON CTF and development of products like the HSDrone drone system. It provides details on the technical components, architecture and networking of the AR.Drone 2.0 drone platform, and describes methods for hacking and customizing the drone including exploiting services like Telnet, FTP and wireless access.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to CODE BLUE 2014 : [ドローンへの攻撃] マルウェア感染とネットワーク経由の攻撃 by ドンチョル・ホン DONGCHEOL HONG
Similar to CODE BLUE 2014 : [ドローンへの攻撃] マルウェア感染とネットワーク経由の攻撃 by ドンチョル・ホン DONGCHEOL HONG (20)
More from CODE BLUE
More from CODE BLUE (20)
Recently uploaded
Recently uploaded (9)
CODE BLUE 2014 : [ドローンへの攻撃] マルウェア感染とネットワーク経由の攻撃 by ドンチョル・ホン DONGCHEOL HONG
- 1. Confidential to SEWORKS Copyright ©2014 SEWORKS Inc. All rights reserved. SEWORKS INC. CTO WOWHACKER TEAM hinehong@seworks.co.kr Dongcheol Hong (hinehong)
- 3. 3 • SEWORKS Inc. -‐ Android Unity -‐ -‐ • WOWHACKER -‐ DEFCON CTF 5 -‐ SecuInside Codegate ISEC • 2009 Android Windows Mobile® • SecuInside HITCON 3Dongcheol Hong -‐ SEworks.Inc
- 4. 4 • • • "HSDrone" AR.Drone 2.0 4Dongcheol Hong -‐ SEworks.Inc
- 5. 5 • -‐ RC : -‐ WIFI : • -‐ -‐ • GPS Dongcheol Hong -‐ SEworks.Inc 5
- 7. 7 RC • 2.4GHz、3 4 • NEC -‐ [ ][ ][ ] -‐ -‐ -‐ • ZigBee
- 8. 8 ZigBee • • • AES-‐CCM* 128 • 802.15.4 AES-‐CBC-‐MAC-‐32 128 AES-‐CTR AES-‐CCM-‐32 128
- 9. 9 WIFI • WIFI • WIFI
- 10. AR.DRONE
- 11. 11 • AR. Drone WIFI
- 12. 12 AR.Drone • AR. Drone
- 13. 13 Telnet • AR. Drone Telnet daemon
- 14. 14 FTP • AR. Drone FTP daemon • /data/video
- 15. 15 program.elf • /bin/program.elf • program.elf /bin/kk
- 16. 16 • • Atheros ath0
- 17. 17 • ARM
- 18. 18 • • Master mode
- 19. 19 • ath0
- 20. 20 Android
- 21. 21 • UART PC • FTP Telnet • 3
- 24. 24 • •
- 25. 25 • iptables
- 26. 26
- 28. 28 AR. Drone • Parrot AR. Drone • • WIFI
- 29. 29 AR. Drone 2.0 2 GPS Beagle board PC
- 30. 30 1 1. 2.
- 31. 31 2
- 32. 32 1. 2. 1. 2. 3. GPS DNS
- 33. 33
- 34. 1
- 35. 35 • Android • AR. Drone 2.0 • • SMS E Android •
- 36. 36 • Apktool
- 37. 37 • Smali
- 38. 38 Android • • AR. Drone 2.0 IP 192.168.1.1
- 39. 39 FTP 1 • FTP •
- 40. 40 FTP 2 • FTP
- 41. 41 Telnet • Telnet •
- 42. 42 •
- 43. 2
- 44. 44 • iwconfig managed“
- 45. 45 • AR. Drone AP
- 46. 46 • “managed” • fork
- 47. 47 • AR. Drone AP
- 48. 48 • AP
- 49. 49 boot •
- 50. 50 • • AR. Drone AP • FTP • Telnet • •
- 51. 51 FTP • FTP • Cmdhp
- 53. 53 • HSDrone
- 54. 54 • • •
- 55. 55 • kk -‐ • ”master”
- 56. 56 AT • UDP 5556 AT*PCMD_MAG=21625,1,0,0,0,0,0,0<CR>AT*REF=21626,290717696<CR> AT*PCMD_MAG=xx,xx,−1085485875,xx,xx,xx,xx.
- 57. 57 tcpdump • tcpdump • • 192.168.1.5 IP
- 58. 58
- 59. 59 • 100000 100m • GPS AT*CONFIG=605,"control:alptude_max","3000" AT*CONFIG=605,"control:alptude_max", "100000"
- 60. 60 GPS -‐ AR. Drone 2.0 GPS -‐ -‐ “home” “home” -‐
- 61. 61 GPS
- 62. 62 DNS • AP DNS
- 63. 63 DNS • DNS
- 64. 64 dnsmasq
- 65. 65 dnsmasq • /etc/dnsmasq.conf • 8.8.8.8 Google DNS
- 66. 66 DNS
- 67. 67
- 68. 68 1 • bootloader 2 • UART • UART UART UART UART • 1 $170
- 69. 69 2 • • 10
- 70. 70 • HSDrone -‐ -‐ • UDP • AP DNS • AP •
- 71. Confidential to SEWORKS Copyright ©2014 SEWORKS Inc. All rights reserved. 71 THANK YOU
Editor's Notes
- We can bypass using macchanger on ubuntu.