0
00:00:00,584 --> 00:00:03,998
, 00:00:03:27 ,   NICOLAS OBERLI: Hi, DEF CON.

1
00:00:03,999 --> 00:00:04,958
, 00:00:04:22

2
00:00:04,959 --> 00:00:06,208
, 00:00:06:04 ,How many of you have ever used

3
00:00:06,209 --> 00:00:08,041
, 00:00:08:00 ,a vending machine?

4
00:00:08,042 --> 00:00:08,458
, 00:00:08:10

5
00:00:08,459 --> 00:00:09,998
, 00:00:09:25 ,(Chuckles).

6
00:00:09,999 --> 00:00:10,333
, 00:00:10:07

7
00:00:10,334 --> 00:00:12,208
, 00:00:12:04 ,Who has ever wanted to hack them?

8
00:00:12,209 --> 00:00:13,291
, 00:00:13:06

9
00:00:13,292 --> 00:00:14,833
, 00:00:14:19 ,All right.

10
00:00:14,834 --> 00:00:16,917
, 00:00:16:21 ,So this talk is for you.

11
00:00:16,918 --> 00:00:16,999
, 00:00:16:29

12
00:00:17,000 --> 00:00:18,998
, 00:00:18:24 ,So just to introduce myself, I'm

13
00:00:18,999 --> 00:00:22,750
, 00:00:22:17 ,a security engineer from Switzerland.

14
00:00:22,751 --> 00:00:26,249
, 00:00:26:05 ,No, I don't speak Swedish, but many Americans think we speak

15
00:00:26,250 --> 00:00:29,208
, 00:00:29:04 ,Swedish in Swiss, but no.

16
00:00:29,209 --> 00:00:30,500
, 00:00:30:11 ,I speak French.

17
00:00:30,501 --> 00:00:30,833
, 00:00:30:19

18
00:00:30,834 --> 00:00:31,958
, 00:00:31:22 ,Excuse my English.

19
00:00:31,959 --> 00:00:33,875
, 00:00:33:20

20
00:00:33,876 --> 00:00:36,833
, 00:00:36:19 ,I love old video games.

21
00:00:36,834 --> 00:00:37,082
, 00:00:37:01

22
00:00:37,083 --> 00:00:41,625
, 00:00:41:14 ,I brew and I love beer and as he said, I'm a N00b speaker.

23
00:00:41,626 --> 00:00:43,998
, 00:00:43:25 ,So if you have any questions it would be great.

24
00:00:43,999 --> 00:00:45,416
, 00:00:45:09

25
00:00:45,417 --> 00:00:47,750
, 00:00:47:17 ,How did I get there?

26
00:00:47,751 --> 00:00:48,958
, 00:00:48:22

27
00:00:48,959 --> 00:00:52,917
, 00:00:52:21 ,Some years ago I created a MAME cab machine.

28
00:00:52,918 --> 00:00:56,917
, 00:00:56:21

29
00:00:56,918 --> 00:01:00,124
, 00:01:00:02 ,I play video games with this.

30
00:01:00,125 --> 00:01:00,708
, 00:01:00:16

31
00:01:00,709 --> 00:01:03,500
, 00:01:03:11 ,And to be more realistic, or to take money

32
00:01:03,501 --> 00:01:07,999
, 00:01:07:29 ,from my friends that came to play at home (Laughter).

33
00:01:08,000 --> 00:01:13,999
, 00:01:13:29 ,I started I searched and I bought a coin acceptor on an auction site

34
00:01:14,000 --> 00:01:19,374
, 00:01:19:08 ,and this is the tale of what I did with this.

35
00:01:19,375 --> 00:01:20,458
, 00:01:20:10

36
00:01:20,459 --> 00:01:24,833
, 00:01:24:19 ,So first of all, any kind of machines that accept coins

37
00:01:24,834 --> 00:01:31,583
, 00:01:31:13 ,or bills are used every day, especially, I think in casinos or in Vegas.

38
00:01:31,584 --> 00:01:35,291
, 00:01:35:06 ,Like ATMs, vending machines, slot machines, et cetera,

39
00:01:35,292 --> 00:01:39,583
, 00:01:39:13 ,and there are multiple devices that are used to process money

40
00:01:39,584 --> 00:01:41,998
, 00:01:41:26 ,and give money back.

41
00:01:41,999 --> 00:01:42,291
, 00:01:42:06

42
00:01:42,292 --> 00:01:47,998
, 00:01:47:24 ,For instance, coin and bill acceptors, they are used to count coins and bills,

43
00:01:47,999 --> 00:01:51,998
, 00:01:51:25 ,they can detect if you insert a false coin or a coin

44
00:01:51,999 --> 00:01:57,708
, 00:01:57:16 ,from another country, et cetera, et cetera, and it uses different methods

45
00:01:57,709 --> 00:02:03,998
, 00:02:03:25 ,to recognize the money for the weight, for the size, even visually.

46
00:02:03,999 --> 00:02:04,998
, 00:02:04:25 ,Yeah.

47
00:02:04,999 --> 00:02:08,416
, 00:02:08:09 ,There are many ways to recognize that, and it's used to sense

48
00:02:08,417 --> 00:02:12,249
, 00:02:12:05 ,if the coin has been accepted to the main board and

49
00:02:12,250 --> 00:02:15,958
, 00:02:15:22 ,the main board needs to process the events that

50
00:02:15,959 --> 00:02:21,208
, 00:02:21:04 ,a coin has been inserted and it's the machine that's processed that you

51
00:02:21,209 --> 00:02:25,666
, 00:02:25:15 ,have entered, for instance, $1 or et cetera.

52
00:02:25,667 --> 00:02:27,541
, 00:02:27:12

53
00:02:27,542 --> 00:02:32,833
, 00:02:32:19 ,Other devices are coin hoppers that are used to give money back.

54
00:02:32,834 --> 00:02:36,998
, 00:02:36:26 ,When you need to get the change so it's pretty much

55
00:02:36,999 --> 00:02:43,124
, 00:02:43:02 ,like a big tray that's operates using some commands and gives you

56
00:02:43,125 --> 00:02:46,999
, 00:02:46:29 ,the money, coin by coin, back.

57
00:02:47,000 --> 00:02:53,791
, 00:02:53:18 ,So if you need to receive back, like, $1 and this contains quarters, it

58
00:02:53,792 --> 00:03:01,124
, 00:03:01:02 ,will tell it to give back four coins to get your change back.

59
00:03:01,125 --> 00:03:03,998
, 00:03:03:23

60
00:03:03,999 --> 00:03:09,998
, 00:03:09:23 ,All of this stuff communicates with several protocols, they are parallel,

61
00:03:09,999 --> 00:03:16,166
, 00:03:16:03 ,serial, and another protocol is MDB and the last one is ccTalk.

62
00:03:16,167 --> 00:03:19,541
, 00:03:19:12 ,As all of these protocols are very vendor specific.

63
00:03:19,542 --> 00:03:25,750
, 00:03:25:17 ,So one can only do ccTalk or only serial devices.

64
00:03:25,751 --> 00:03:27,999
, 00:03:27:29 ,So you need to check whether you get

65
00:03:28,000 --> 00:03:32,291
, 00:03:32:06 ,the right protocol you want to use.

66
00:03:32,292 --> 00:03:36,374
, 00:03:36:08 ,So since I didn't know about this, I just received the my coin acceptor

67
00:03:36,375 --> 00:03:41,291
, 00:03:41:06 ,and it was ccTalk and this is what we will be talking about.

68
00:03:41,292 --> 00:03:43,208
, 00:03:43:04

69
00:03:43,209 --> 00:03:47,416
, 00:03:47:09 ,So ccTalk is a name for coin control talk.

70
00:03:47,417 --> 00:03:49,998
, 00:03:49:25 ,It's a semi proprietary protocol, it's maintained

71
00:03:49,999 --> 00:03:52,998
, 00:03:52:25 ,by Money Controls in England.

72
00:03:52,999 --> 00:03:56,625
, 00:03:56:14

73
00:03:56,626 --> 00:03:59,998
, 00:03:59:25 ,It's available on ccTalk.org, but some parts

74
00:03:59,999 --> 00:04:04,875
, 00:04:04:20 ,of specs are only available after signing an NDA.

75
00:04:04,876 --> 00:04:08,458
, 00:04:08:10 ,So you just have parts of the information, but not everything.

76
00:04:08,459 --> 00:04:11,875
, 00:04:11:20 ,So you have to find something and check this.

77
00:04:11,876 --> 00:04:13,082
, 00:04:13:01

78
00:04:13,083 --> 00:04:15,041
, 00:04:15:00 ,How does it work?

79
00:04:15,042 --> 00:04:18,124
, 00:04:18:02 ,It's simply a request and response protocol.

80
00:04:18,125 --> 00:04:20,458
, 00:04:20:10 ,So just send a request.

81
00:04:20,459 --> 00:04:23,583
, 00:04:23:13 ,The device sends you a response, and that's it.

82
00:04:23,584 --> 00:04:23,998
, 00:04:23:26

83
00:04:23,999 --> 00:04:26,458
, 00:04:26:10 ,It uses a UART data transmission.

84
00:04:26,459 --> 00:04:29,082
, 00:04:29:01

85
00:04:29,083 --> 00:04:33,082
, 00:04:33:01 ,At 9.6k, and TTL signals.

86
00:04:33,083 --> 00:04:33,291
, 00:04:33:06

87
00:04:33,292 --> 00:04:38,750
, 00:04:38:17 ,Each device is on a bus and it has its own device.

88
00:04:38,751 --> 00:04:39,208
, 00:04:39:04

89
00:04:39,209 --> 00:04:42,625
, 00:04:42:14 ,One is the controller and two is the coin acceptor and 14

90
00:04:42,626 --> 00:04:45,998
, 00:04:45:23 ,is a coin hopper, et cetera, et cetera.

91
00:04:45,999 --> 00:04:48,625
, 00:04:48:14 ,So on the same bus, you have all the devices that can communicate

92
00:04:48,626 --> 00:04:50,708
, 00:04:50:16 ,between each other.

93
00:04:50,709 --> 00:04:54,708
, 00:04:54:16

94
00:04:54,709 --> 00:05:00,082
, 00:04:59:29 ,A frame a sys talk frame looks like this.

95
00:05:00,083 --> 00:05:02,998
, 00:05:02:28 ,You have one bite for the destination address, one bite

96
00:05:02,999 --> 00:05:06,998
, 00:05:06:23 ,for the data length, one bite for the header.

97
00:05:06,999 --> 00:05:07,625
, 00:05:07:14

98
00:05:07,626 --> 00:05:09,416
, 00:05:09:09 ,I talk about this later.

99
00:05:09,417 --> 00:05:09,666
, 00:05:09:15

100
00:05:09,667 --> 00:05:11,124
, 00:05:11:02 ,Several bytes of data.

101
00:05:11,125 --> 00:05:16,291
, 00:05:16:06 ,It depends on what comment you will send to the device and a checksum.

102
00:05:16,292 --> 00:05:20,998
, 00:05:20:24 ,The header is the comment that you will send to a device, and

103
00:05:20,999 --> 00:05:26,166
, 00:05:26:03 ,if the header is equal to zero, it means it's a response.

104
00:05:26,167 --> 00:05:29,998
, 00:05:29:23 ,So you don't actually have a response to what.

105
00:05:29,999 --> 00:05:35,082
, 00:05:35:01 ,So you need to know what you asked to get the correct answer.

106
00:05:35,083 --> 00:05:35,416
, 00:05:35:09

107
00:05:35,417 --> 00:05:37,998
, 00:05:37:23 ,The check sum is a simple check sum.

108
00:05:37,999 --> 00:05:41,917
, 00:05:41:21 ,It's just a complement to 255 of the hold packets.

109
00:05:41,918 --> 00:05:43,998
, 00:05:43:23

110
00:05:43,999 --> 00:05:47,791
, 00:05:47:18 ,So all of these headers are commands, as I said and

111
00:05:47,792 --> 00:05:53,124
, 00:05:53:02 ,from the documentation you can find, you have the list of all the headers

112
00:05:53,125 --> 00:05:56,750
, 00:05:56:17 ,and you have, for instance, all the headers and

113
00:05:56,751 --> 00:06:01,208
, 00:06:01:04 ,the corresponding commands and if you get the documentation,

114
00:06:01,209 --> 00:06:06,082
, 00:06:06:01 ,you have all the data unique to send, when sending a request, and

115
00:06:06,083 --> 00:06:11,998
, 00:06:11:26 ,all the data that comes back so you can actually see or understand what's going

116
00:06:11,999 --> 00:06:14,041
, 00:06:14:00 ,on on the bus.

117
00:06:14,042 --> 00:06:14,625
, 00:06:14:14

118
00:06:14,626 --> 00:06:21,041
, 00:06:21:00 ,For instance, you have a simple command that is sent.

119
00:06:21,042 --> 00:06:23,791
, 00:06:23:18 ,You can see it's a sample poll.

120
00:06:23,792 --> 00:06:27,750
, 00:06:27:17 ,So it's kind of like a ping for a device on the bus.

121
00:06:27,751 --> 00:06:27,999
, 00:06:27:29

122
00:06:28,000 --> 00:06:32,791
, 00:06:32:18 ,That is sent from the address 1, so it's normally the main board.

123
00:06:32,792 --> 00:06:32,998
, 00:06:32:26

124
00:06:32,999 --> 00:06:35,291
, 00:06:35:06 ,To a device at address number two.

125
00:06:35,292 --> 00:06:38,541
, 00:06:38:12 ,Normally a coin acceptor and if you send this, you

126
00:06:38,542 --> 00:06:43,998
, 00:06:43:24 ,will probably see a packet like this on the same bus which is a response,

127
00:06:43,999 --> 00:06:45,998
, 00:06:45:23 ,zero to what?

128
00:06:45,999 --> 00:06:46,998
, 00:06:46:24 ,We don't know.

129
00:06:46,999 --> 00:06:47,208
, 00:06:47:04

130
00:06:47,209 --> 00:06:50,998
, 00:06:50:23 ,From device, to device at address one.

131
00:06:50,999 --> 00:06:54,208
, 00:06:54:04 ,So just, again, just by looking at those packets,

132
00:06:54,209 --> 00:07:00,833
, 00:07:00:19 ,at the response you cannot know exactly a response to what it is.

133
00:07:00,834 --> 00:07:05,082
, 00:07:05:01 ,You have to sniff the bus all with the request to actually see

134
00:07:05,083 --> 00:07:09,541
, 00:07:09:12 ,the response and know exactly what it is.

135
00:07:09,542 --> 00:07:09,875
, 00:07:09:20

136
00:07:09,876 --> 00:07:13,666
, 00:07:13:15 ,The second packet here is ahead of F6 and X which

137
00:07:13,667 --> 00:07:15,917
, 00:07:15:21 ,is request manufacturer I D.

138
00:07:15,918 --> 00:07:20,333
, 00:07:20:07 ,and in the response you have an NRI, it's the manufacturer

139
00:07:20,334 --> 00:07:23,124
, 00:07:23:02 ,of the device I bought.

140
00:07:23,125 --> 00:07:25,999
, 00:07:25:29

141
00:07:26,000 --> 00:07:28,833
, 00:07:28:19 ,So I have been able to ping this device

142
00:07:28,834 --> 00:07:32,208
, 00:07:32:04 ,to know some information about this.

143
00:07:32,209 --> 00:07:34,416
, 00:07:34:09

144
00:07:34,417 --> 00:07:39,208
, 00:07:39:04 ,Now, I want to actually know if there was a coin entered,

145
00:07:39,209 --> 00:07:44,958
, 00:07:44:22 ,if it was correct, if it was one franks or two francs.

146
00:07:44,959 --> 00:07:45,708
, 00:07:45:16

147
00:07:45,709 --> 00:07:50,208
, 00:07:50:04 ,So you have header, number 229, that you just send

148
00:07:50,209 --> 00:07:55,917
, 00:07:55:21 ,to a coin acceptor and you receive back 11 bytes.

149
00:07:55,918 --> 00:07:56,249
, 00:07:56:05

150
00:07:56,250 --> 00:08:00,998
, 00:08:00:24 ,The first byte is the counter and you have five groups

151
00:08:00,999 --> 00:08:03,998
, 00:08:03:28 ,of two bytes a result.

152
00:08:03,999 --> 00:08:05,082
, 00:08:05:01

153
00:08:05,083 --> 00:08:09,958
, 00:08:09:22 ,The counter is actually every time the device has a new event,

154
00:08:09,959 --> 00:08:14,583
, 00:08:14:13 ,like you inserted a coin, the coin was accepted, was refused,

155
00:08:14,584 --> 00:08:18,625
, 00:08:18:14 ,et cetera, this counter is incremented.

156
00:08:18,626 --> 00:08:21,374
, 00:08:21:08 ,So for the main board, you have to actually know which was the state

157
00:08:21,375 --> 00:08:23,875
, 00:08:23:20 ,of the counter and if there's an increment,

158
00:08:23,876 --> 00:08:26,875
, 00:08:26:20 ,you know that there was a new information and you have

159
00:08:26,876 --> 00:08:28,416
, 00:08:28:09 ,to pass it.

160
00:08:28,417 --> 00:08:30,124
, 00:08:30:02

161
00:08:30,125 --> 00:08:33,791
, 00:08:33:18 ,The results are sent in two bytes as I said.

162
00:08:33,792 --> 00:08:38,208
, 00:08:38:04 ,Normally the first result contains what is called the validation channel.

163
00:08:38,209 --> 00:08:44,333
, 00:08:44:07 ,On coin acceptors, you have what is called validation channels,

164
00:08:44,334 --> 00:08:51,166
, 00:08:51:03 ,it's normally 16 ways or kind of coins it can recognize.

165
00:08:51,167 --> 00:08:57,750
, 00:08:57:17 ,So it can make the device learn 16 different coins.

166
00:08:57,751 --> 00:08:57,999
, 00:08:57:29

167
00:08:58,000 --> 00:09:03,583
, 00:09:03:13 ,And each one of these is assigned an ID, and it's that ID that is sent

168
00:09:03,584 --> 00:09:05,917
, 00:09:05:21 ,in the response.

169
00:09:05,918 --> 00:09:07,208
, 00:09:07:04

170
00:09:07,209 --> 00:09:11,875
, 00:09:11:20 ,So there's a nice trick there because since you only have the ID,

171
00:09:11,876 --> 00:09:15,208
, 00:09:15:04 ,the coin acceptor only knows an ID.

172
00:09:15,209 --> 00:09:19,917
, 00:09:19:21 ,It doesn't snow which kind of piece of coin or its value.

173
00:09:19,918 --> 00:09:22,458
, 00:09:22:10 ,It only knows an ID and the main board needs to correlate

174
00:09:22,459 --> 00:09:27,208
, 00:09:27:04 ,the ID with the actual value of the coin that has been inserted.

175
00:09:27,209 --> 00:09:28,791
, 00:09:28:18 ,We will check that after.

176
00:09:28,792 --> 00:09:29,998
, 00:09:29:26

177
00:09:29,999 --> 00:09:33,625
, 00:09:33:14 ,The second byte contains the error code.

178
00:09:33,626 --> 00:09:37,625
, 00:09:37:14 ,So if it's a bad coin, if it was an error recognizing the coin or

179
00:09:37,626 --> 00:09:40,998
, 00:09:40:23 ,in the coin was accepted, the problem is that

180
00:09:40,999 --> 00:09:44,833
, 00:09:44:19 ,all of these codes are vendor specific.

181
00:09:44,834 --> 00:09:48,998
, 00:09:48:24 ,So if you buy different kind of coin acceptors, they won't be

182
00:09:48,999 --> 00:09:54,291
, 00:09:54:06 ,the same error codes or error IDs, et cetera, and even sometimes

183
00:09:54,292 --> 00:09:57,333
, 00:09:57:07 ,the two bytes are swept.

184
00:09:57,334 --> 00:10:00,124
, 00:10:00:02 ,So you really need to have the documentation or you

185
00:10:00,125 --> 00:10:04,166
, 00:10:04:03 ,will have lots of trouble when doing this.

186
00:10:04,167 --> 00:10:06,416
, 00:10:06:09

187
00:10:06,417 --> 00:10:11,166
, 00:10:11:03 ,So for my initial project, I implemented the ccTalk protocol

188
00:10:11,167 --> 00:10:17,958
, 00:10:17:22 ,on a teensy, a small tiny device and it simply pulse a coin acceptor.

189
00:10:17,959 --> 00:10:19,458
, 00:10:19:10

190
00:10:19,459 --> 00:10:26,500
, 00:10:26:11 ,As soon as there's a new coin inserted, it will send key strokes to MAME

191
00:10:26,501 --> 00:10:32,041
, 00:10:32:00 ,the emulator to insert the credits in the name.

192
00:10:32,042 --> 00:10:41,791
, 00:10:41:18

193
00:10:41,792 --> 00:10:45,041
, 00:10:45:00 ,So here you have the board.

194
00:10:45,042 --> 00:10:48,500
, 00:10:48:11

195
00:10:48,501 --> 00:10:51,917
, 00:10:51:21 ,You have the Teensy right here.

196
00:10:51,918 --> 00:10:51,999
, 00:10:51:29

197
00:10:52,000 --> 00:10:53,998
, 00:10:53:24 ,You have the coin acceptor there.

198
00:10:53,999 --> 00:10:55,791
, 00:10:55:18

199
00:10:55,792 --> 00:11:05,082
, 00:11:05:01 ,And if I put some money, the game will see that you see, if I put two francs.

200
00:11:05,083 --> 00:11:06,583
, 00:11:06:13 ,There are two credits there.

201
00:11:06,584 --> 00:11:12,124
, 00:11:12:02

202
00:11:12,125 --> 00:11:13,998
, 00:11:13:23 ,Et cetera.

203
00:11:13,999 --> 00:11:14,917
, 00:11:14:21

204
00:11:14,918 --> 00:11:20,998
, 00:11:20:23 ,So that way I had the first part of my my first project was nearly done.

205
00:11:20,999 --> 00:11:23,124
, 00:11:23:02 ,So I was able to put it into the my MAME cab

206
00:11:23,125 --> 00:11:25,708
, 00:11:25:16 ,and it was working.

207
00:11:25,709 --> 00:11:27,875
, 00:11:27:20

208
00:11:27,876 --> 00:11:30,999
, 00:11:30:29 ,I thought that's a simple project.

209
00:11:31,000 --> 00:11:34,791
, 00:11:34:18 ,It only uses the coin acceptor I bought, et cetera,

210
00:11:34,792 --> 00:11:41,625
, 00:11:41:14 ,and many other machines that use those kind of protocols, et cetera.

211
00:11:41,626 --> 00:11:44,998
, 00:11:44:24 ,But the problem is that it's difficult to track those responses.

212
00:11:44,999 --> 00:11:45,166
, 00:11:45:03

213
00:11:45,167 --> 00:11:47,541
, 00:11:47:12 ,You cannot see them because the header is always equal

214
00:11:47,542 --> 00:11:51,666
, 00:11:51:15 ,to zero and you don't know which answer is to which request.

215
00:11:51,667 --> 00:11:51,999
, 00:11:51:29

216
00:11:52,000 --> 00:11:54,791
, 00:11:54:18 ,And I didn't find any open source info for ccTalk.

217
00:11:54,792 --> 00:11:55,124
, 00:11:55:02

218
00:11:55,125 --> 00:12:00,791
, 00:12:00:18 ,So I created two tools which I call cc sniff and cc pass that are used

219
00:12:00,792 --> 00:12:05,750
, 00:12:05:17 ,to sniff data on a ccTalk bus and the other one is used to parse

220
00:12:05,751 --> 00:12:10,374
, 00:12:10:08 ,the data that you sniffed so you can pretty easily understand

221
00:12:10,375 --> 00:12:14,750
, 00:12:14:17 ,and learn exactly what happens on the bus.

222
00:12:14,751 --> 00:12:17,666
, 00:12:17:15

223
00:12:17,667 --> 00:12:21,917
, 00:12:21:21 ,If you want to have a look can everyone see correctly?

224
00:12:21,918 --> 00:12:22,166
, 00:12:22:03

225
00:12:22,167 --> 00:12:23,791
, 00:12:23:18 ,Yeah?

226
00:12:23,792 --> 00:12:24,041
, 00:12:24:00

227
00:12:24,042 --> 00:12:25,041
, 00:12:25:00 ,All right.

228
00:12:25,042 --> 00:12:26,998
, 00:12:26:23 ,   AUDIENCE MEMBER: (Inaudible).

229
00:12:26,999 --> 00:12:40,041
, 00:12:40:00 ,   NICOLAS OBERLI: I cannot zoom anymore.

230
00:12:40,042 --> 00:12:41,041
, 00:12:41:00 ,Maybe if I do this.

231
00:12:41,042 --> 00:12:42,374
, 00:12:42:08 ,It's a little bit bigger.

232
00:12:42,375 --> 00:12:43,374
, 00:12:43:08 ,Maybe you will see?

233
00:12:43,375 --> 00:12:44,374
, 00:12:44:08 ,Better?

234
00:12:44,375 --> 00:12:45,416
, 00:12:45:09 ,I cannot, sorry.

235
00:12:45,417 --> 00:12:45,666
, 00:12:45:15

236
00:12:45,667 --> 00:12:52,958
, 00:12:52:22 ,Well, so you have on the upper side, the packets all the packets list that you

237
00:12:52,959 --> 00:12:54,998
, 00:12:54:24 ,can select.

238
00:12:54,999 --> 00:12:54,999
, 00:12:54:29

239
00:12:55,000 --> 00:12:58,625
, 00:12:58:14 ,And when you select the packets, you can see on the bottom the header,

240
00:12:58,626 --> 00:13:02,998
, 00:13:02:27 ,the corresponding function directly so we don't need to check on the table,

241
00:13:02,999 --> 00:13:04,625
, 00:13:04:14 ,et cetera.

242
00:13:04,626 --> 00:13:08,166
, 00:13:08:03 ,You have the raw end of the packet and if you take some other packets

243
00:13:08,167 --> 00:13:12,291
, 00:13:12:06 ,like the one I showed you before, the request manufacturer ID,

244
00:13:12,292 --> 00:13:14,875
, 00:13:14:20 ,when you check the response, you have

245
00:13:14,876 --> 00:13:18,708
, 00:13:18:16 ,an automatic payload decoding and it's the same for nearly

246
00:13:18,709 --> 00:13:22,291
, 00:13:22:06 ,all of the ccTalk packets and responses.

247
00:13:22,292 --> 00:13:24,541
, 00:13:24:12

248
00:13:24,542 --> 00:13:28,333
, 00:13:28:07 ,Again, if you check the we prefer credits and codes, so

249
00:13:28,334 --> 00:13:31,416
, 00:13:31:09 ,the one used    Hi, everybody!

250
00:13:31,417 --> 00:13:33,082
, 00:13:33:01 ,(Applause)    You know the drill.

251
00:13:33,083 --> 00:13:39,208
, 00:13:39:04

252
00:13:39,209 --> 00:13:42,875
, 00:13:42:20 ,Can I have a lucky audience member volunteer?

253
00:13:42,876 --> 00:13:42,998
, 00:13:42:25

254
00:13:42,999 --> 00:13:44,458
, 00:13:44:10 ,you sir.

255
00:13:44,459 --> 00:13:49,166
, 00:13:49:03

256
00:13:49,167 --> 00:13:52,998
, 00:13:52:24 ,Oh, I just meant to get to watch us.

257
00:13:52,999 --> 00:13:57,998
, 00:13:57:24

258
00:13:57,999 --> 00:14:00,750
, 00:14:00:17 ,We have been doing this all day.

259
00:14:00,751 --> 00:14:03,374
, 00:14:03:08

260
00:14:03,375 --> 00:14:05,625
, 00:14:05:14 ,Here you go, sir.

261
00:14:05,626 --> 00:14:06,750
, 00:14:06:17 ,Is your first DEF CON?

262
00:14:06,751 --> 00:14:07,750
, 00:14:07:17 ,   No, sir.

263
00:14:07,751 --> 00:14:08,666
, 00:14:08:15 ,   Oh!

264
00:14:08,667 --> 00:14:12,833
, 00:14:12:19 ,   All right, anyway, cheers!

265
00:14:12,834 --> 00:14:25,750
, 00:14:25:17

266
00:14:25,751 --> 00:14:27,208
, 00:14:27:04 ,   NICOLAS OBERLI: Cheers!

267
00:14:27,209 --> 00:14:28,208
, 00:14:28:04 ,   Cheers!

268
00:14:28,209 --> 00:14:29,666
, 00:14:29:15 ,(Applause)    Don't worry.

269
00:14:29,667 --> 00:14:33,583
, 00:14:33:13 ,We will see you tomorrow.

270
00:14:33,584 --> 00:14:33,998
, 00:14:33:24

271
00:14:33,999 --> 00:14:37,082
, 00:14:37:01 ,   AUDIENCE MEMBER: (Inaudible).

272
00:14:37,083 --> 00:14:40,041
, 00:14:40:00 ,   NICOLAS OBERLI: Okay.

273
00:14:40,042 --> 00:14:40,458
, 00:14:40:10

274
00:14:40,459 --> 00:14:42,998
, 00:14:42:25 ,Where were I?

275
00:14:42,999 --> 00:14:43,998
, 00:14:43:25 ,Woo!

276
00:14:43,999 --> 00:14:44,998
, 00:14:44:25 ,So, yeah, okay.

277
00:14:44,999 --> 00:14:47,998
, 00:14:47:24 ,So as I said, this is read prefer packets.

278
00:14:47,999 --> 00:14:51,999
, 00:14:51:29 ,So I get the data, the status and I have all the details

279
00:14:52,000 --> 00:14:57,998
, 00:14:57:23 ,they encounter, which is zero because it was starting.

280
00:14:57,999 --> 00:14:58,124
, 00:14:58:02

281
00:14:58,125 --> 00:15:01,249
, 00:15:01:05 ,And all the results are zero but with this tool,

282
00:15:01,250 --> 00:15:04,998
, 00:15:04:24 ,you can pretty much get any information about what happens

283
00:15:04,999 --> 00:15:08,291
, 00:15:08:06 ,and what's happening on the ccTalk bus.

284
00:15:08,292 --> 00:15:09,666
, 00:15:09:15

285
00:15:09,667 --> 00:15:13,958
, 00:15:13:22 ,That's cool, but, okay, so now, I can read on the bus, but, yeah,

286
00:15:13,959 --> 00:15:17,583
, 00:15:17:13 ,why not write directly on the same bus like, for example,

287
00:15:17,584 --> 00:15:22,208
, 00:15:22:04 ,telling the main board, hey, okay, I'm the coin acceptor.

288
00:15:22,209 --> 00:15:26,958
, 00:15:26:22 ,I received a new coin and now a new coin and now another new coin.

289
00:15:26,959 --> 00:15:27,124
, 00:15:27:02

290
00:15:27,125 --> 00:15:28,583
, 00:15:28:13 ,That could be pretty great.

291
00:15:28,584 --> 00:15:29,583
, 00:15:29:13 ,Oh, God!

292
00:15:29,584 --> 00:15:31,958
, 00:15:31:22 ,I'm so sorry.

293
00:15:31,959 --> 00:15:36,082
, 00:15:36:01

294
00:15:36,083 --> 00:15:37,458
, 00:15:37:10 ,All right.

295
00:15:37,459 --> 00:15:39,041
, 00:15:39:00 ,So you see the point.

296
00:15:39,042 --> 00:15:39,291
, 00:15:39:06

297
00:15:39,292 --> 00:15:41,416
, 00:15:41:09 ,The problem is that you only have one wire

298
00:15:41,417 --> 00:15:43,666
, 00:15:43:15 ,for the whole bus.

299
00:15:43,667 --> 00:15:47,917
, 00:15:47:21 ,So if as an attacker, you will receive the requests,

300
00:15:47,918 --> 00:15:51,416
, 00:15:51:09 ,the device also receive the same requests and

301
00:15:51,417 --> 00:15:54,124
, 00:15:54:02 ,the response directly.

302
00:15:54,125 --> 00:15:56,625
, 00:15:56:14 ,So if we try to respond just before him or just after him,

303
00:15:56,626 --> 00:15:58,374
, 00:15:58:08 ,it won't work.

304
00:15:58,375 --> 00:15:58,666
, 00:15:58:15

305
00:15:58,667 --> 00:16:01,833
, 00:16:01:19 ,We have many chance that we will jam the signal,

306
00:16:01,834 --> 00:16:04,958
, 00:16:04:22 ,and make things quite worse.

307
00:16:04,959 --> 00:16:05,458
, 00:16:05:10

308
00:16:05,459 --> 00:16:09,958
, 00:16:09:22 ,Fortunately, in somewhere deep in the documentation, we have what

309
00:16:09,959 --> 00:16:13,500
, 00:16:13:11 ,is called multi drop commands, which is normally used

310
00:16:13,501 --> 00:16:16,998
, 00:16:16:26 ,by the controller to to solve addressing conflicts,

311
00:16:16,999 --> 00:16:21,208
, 00:16:21:04 ,like if you have two or three coin acceptors, you can set them

312
00:16:21,209 --> 00:16:23,708
, 00:16:23:16 ,different addresses.

313
00:16:23,709 --> 00:16:23,999
, 00:16:23:29

314
00:16:24,000 --> 00:16:28,333
, 00:16:28:07 ,And it's simply just a comment that you use 251 address

315
00:16:28,334 --> 00:16:34,458
, 00:16:34:10 ,change and you give as a parameter the new address to the device.

316
00:16:34,459 --> 00:16:38,166
, 00:16:38:03 ,So you just send that packet and the device will say, okay, fine.

317
00:16:38,167 --> 00:16:40,458
, 00:16:40:10 ,Now, my new address is the one you sent.

318
00:16:40,459 --> 00:16:40,875
, 00:16:40:20

319
00:16:40,876 --> 00:16:44,166
, 00:16:44:03 ,And what is great is there is absolutely no checks made

320
00:16:44,167 --> 00:16:48,833
, 00:16:48:19 ,on the device or on the main board that I tested.

321
00:16:48,834 --> 00:16:48,999
, 00:16:48:29

322
00:16:49,000 --> 00:16:53,875
, 00:16:53:20 ,So you can just connect to the bus and just send one little packet

323
00:16:53,876 --> 00:16:55,833
, 00:16:55:19 ,to change it.

324
00:16:55,834 --> 00:16:56,374
, 00:16:56:08

325
00:16:56,375 --> 00:17:00,082
, 00:16:59:29 ,And then you get his address.

326
00:17:00,083 --> 00:17:02,958
, 00:17:02:22 ,If I show this, you have the main board there which

327
00:17:02,959 --> 00:17:04,917
, 00:17:04:21 ,is address one.

328
00:17:04,918 --> 00:17:06,541
, 00:17:06:12 ,The device at address two.

329
00:17:06,542 --> 00:17:09,917
, 00:17:09:21 ,It sends credit read, and credit responses, et cetera.

330
00:17:09,918 --> 00:17:10,333
, 00:17:10:07

331
00:17:10,334 --> 00:17:13,999
, 00:17:13:29 ,I just get on the bus like I take the address

332
00:17:14,000 --> 00:17:20,041
, 00:17:20:00 ,like 77 and just send a packet address change to the device.

333
00:17:20,042 --> 00:17:20,500
, 00:17:20:11

334
00:17:20,501 --> 00:17:24,291
, 00:17:24:06 ,It will tell actually the address 99, for example, and I check

335
00:17:24,292 --> 00:17:28,374
, 00:17:28:08 ,the address too and the main board will continue to ask me

336
00:17:28,375 --> 00:17:34,082
, 00:17:34:01 ,instead of the coin acceptor my status and that way I can respond.

337
00:17:34,083 --> 00:17:35,791
, 00:17:35:18 ,I got a new coin.

338
00:17:35,792 --> 00:17:38,666
, 00:17:38:15 ,A new coin again, again, again, again.

339
00:17:38,667 --> 00:17:39,291
, 00:17:39:06

340
00:17:39,292 --> 00:17:40,999
, 00:17:40:29 ,That's pretty great.

341
00:17:41,000 --> 00:17:44,958
, 00:17:44:22 ,But since it's on one wire, you have to be really careful

342
00:17:44,959 --> 00:17:48,458
, 00:17:48:10 ,about the timing because if you write something

343
00:17:48,459 --> 00:17:53,458
, 00:17:53:10 ,if the device another device was also writing on the same bus, it

344
00:17:53,459 --> 00:17:58,917
, 00:17:58:21 ,will collide and normally the bus will stop and the machine will reset

345
00:17:58,918 --> 00:18:04,208
, 00:18:04:04 ,or there will even be I could test it, an alarm ringing on the machine

346
00:18:04,209 --> 00:18:07,416
, 00:18:07:09 ,and you have to run quickly.

347
00:18:07,417 --> 00:18:07,917
, 00:18:07:21

348
00:18:07,918 --> 00:18:09,374
, 00:18:09:08 ,I won't say more.

349
00:18:09,375 --> 00:18:09,625
, 00:18:09:14

350
00:18:09,626 --> 00:18:13,998
, 00:18:13:25 ,So you really have to check for the silence and in the specs,

351
00:18:13,999 --> 00:18:20,124
, 00:18:20:02 ,it's indicated that the device needs to be pulled every 200 milliseconds.

352
00:18:20,125 --> 00:18:20,541
, 00:18:20:12

353
00:18:20,542 --> 00:18:23,333
, 00:18:23:07 ,So as the packet needs about 8 milliseconds to be sent,

354
00:18:23,334 --> 00:18:26,998
, 00:18:26:23 ,that's normally enough time for us to do.

355
00:18:26,999 --> 00:18:27,833
, 00:18:27:19

356
00:18:27,834 --> 00:18:32,291
, 00:18:32:06 ,So the thing is, to sum it up, to hijack a device on the bus,

357
00:18:32,292 --> 00:18:37,666
, 00:18:37:15 ,you have to scan this bus to search for a silence period.

358
00:18:37,667 --> 00:18:37,999
, 00:18:37:29

359
00:18:38,000 --> 00:18:39,998
, 00:18:39:25 ,Prepare the injection.

360
00:18:39,999 --> 00:18:41,998
, 00:18:41:24 ,Create the address change packet.

361
00:18:41,999 --> 00:18:41,999
, 00:18:41:29

362
00:18:42,000 --> 00:18:46,958
, 00:18:46:22 ,Wait for the silence, just send the packets in your silence window,

363
00:18:46,959 --> 00:18:52,249
, 00:18:52:05 ,and then directly take the address of the device who wants to inject

364
00:18:52,250 --> 00:18:55,998
, 00:18:55:25 ,and start respond instead of it.

365
00:18:55,999 --> 00:18:59,791
, 00:18:59:18 ,And then when you finish, that's also pretty cool to just set

366
00:18:59,792 --> 00:19:04,666
, 00:19:04:15 ,the address back so the device is at its old address and you can just

367
00:19:04,667 --> 00:19:07,625
, 00:19:07:14 ,leave and everything works.

368
00:19:07,626 --> 00:19:10,998
, 00:19:10:26 ,And, again, you need to do this while the bus is in use.

369
00:19:10,999 --> 00:19:12,291
, 00:19:12:06 ,It's quite complicated.

370
00:19:12,292 --> 00:19:12,750
, 00:19:12:17

371
00:19:12,751 --> 00:19:15,500
, 00:19:15:11 ,So I created a cool called ccJack which auto mats

372
00:19:15,501 --> 00:19:17,998
, 00:19:17:28 ,the hijacking process.

373
00:19:17,999 --> 00:19:19,625
, 00:19:19:14 ,It creates a device.

374
00:19:19,626 --> 00:19:19,998
, 00:19:19:23

375
00:19:19,999 --> 00:19:24,708
, 00:19:24:16 ,It scans the bus and reads every packet that passes on the bus,

376
00:19:24,709 --> 00:19:29,917
, 00:19:29:21 ,and each packet which is directed to the device one to inject,

377
00:19:29,918 --> 00:19:34,374
, 00:19:34:08 ,he will recall the device and the response.

378
00:19:34,375 --> 00:19:37,998
, 00:19:37:23 ,So as soon as he will take over or hijack the device, it

379
00:19:37,999 --> 00:19:41,166
, 00:19:41:03 ,will start responding by the last response,

380
00:19:41,167 --> 00:19:44,998
, 00:19:44:27 ,the actual real device used to send.

381
00:19:44,999 --> 00:19:47,416
, 00:19:47:09 ,So normally, it will be pretty much transparent so

382
00:19:47,417 --> 00:19:52,041
, 00:19:52:00 ,the main board won't fire an alarm or something like this.

383
00:19:52,042 --> 00:19:52,625
, 00:19:52:14

384
00:19:52,626 --> 00:19:55,541
, 00:19:55:12 ,It also uses a bus pirate to sniff and inject.

385
00:19:55,542 --> 00:19:56,958
, 00:19:56:22

386
00:19:56,959 --> 00:20:01,708
, 00:20:01:16 ,And one of the coolest examples I have is to inject coins.

387
00:20:01,709 --> 00:20:02,124
, 00:20:02:02

388
00:20:02,125 --> 00:20:05,458
, 00:20:05:10 ,So as soon as the coin injector is hijacked,

389
00:20:05,459 --> 00:20:08,999
, 00:20:08:29 ,just start incrementing the counter.

390
00:20:09,000 --> 00:20:13,291
, 00:20:13:06 ,As I said, the counter is whenever there is a new event.

391
00:20:13,292 --> 00:20:17,625
, 00:20:17:14 ,So just put one coin, if it's accepted, that's okay.

392
00:20:17,626 --> 00:20:20,249
, 00:20:20:05 ,Hijack the device and start incrementing the counter

393
00:20:20,250 --> 00:20:24,458
, 00:20:24:10 ,and it will see that there's a new event that is the old one that

394
00:20:24,459 --> 00:20:28,998
, 00:20:28:25 ,is a new coin has been inserted, et cetera, et cetera.

395
00:20:28,999 --> 00:20:29,541
, 00:20:29:12

396
00:20:29,542 --> 00:20:34,999
, 00:20:34:29 ,Another thing that's used also on the same machine is that if there

397
00:20:35,000 --> 00:20:41,124
, 00:20:41:02 ,is a glitch like if the the counter value is lower than the one that is set

398
00:20:41,125 --> 00:20:46,708
, 00:20:46:16 ,on the main board, there will also be an alarm and, again, you have

399
00:20:46,709 --> 00:20:48,998
, 00:20:48:24 ,to run quickly.

400
00:20:48,999 --> 00:20:51,291
, 00:20:51:06

401
00:20:51,292 --> 00:20:52,998
, 00:20:52:26 ,So as a demo.

402
00:20:52,999 --> 00:20:54,791
, 00:20:54:18 ,   AUDIENCE MEMBER: (Inaudible).

403
00:20:54,792 --> 00:20:57,958
, 00:20:57:22 ,   NICOLAS OBERLI: Maybe after.

404
00:20:57,959 --> 00:20:58,958
, 00:20:58:22 ,I don't know.

405
00:20:58,959 --> 00:20:59,998
, 00:20:59:23 ,It's up to you.

406
00:20:59,999 --> 00:21:01,458
, 00:21:01:10

407
00:21:01,459 --> 00:21:06,750
, 00:21:06:17 ,I wanted to do a live demo, but my coin acceptor just crashed

408
00:21:06,751 --> 00:21:11,291
, 00:21:11:06 ,in the speaker room like 20 minutes before.

409
00:21:11,292 --> 00:21:13,998
, 00:21:13:25 ,So I have this deal.

410
00:21:13,999 --> 00:21:14,999
, 00:21:14:29

411
00:21:15,000 --> 00:21:20,249
, 00:21:20:05 ,So what we have here is a shell, obviously, and here it's

412
00:21:20,250 --> 00:21:27,750
, 00:21:27:17 ,the main emulator, that I will use to actually show you what happens.

413
00:21:27,751 --> 00:21:27,998
, 00:21:27:25

414
00:21:27,999 --> 00:21:31,458
, 00:21:31:10 ,So the tool ccJack needs several arguments.

415
00:21:31,459 --> 00:21:35,958
, 00:21:35:22 ,You give it the interface, so the bus pirates, the source address

416
00:21:35,959 --> 00:21:40,917
, 00:21:40:21 ,of the device to hijack and the destination you want to send

417
00:21:40,918 --> 00:21:47,041
, 00:21:47:00 ,the device to and a time to sniff the packets so it will listen.

418
00:21:47,042 --> 00:21:50,833
, 00:21:50:19 ,Like I said, it will listen to all the responses, et cetera,

419
00:21:50,834 --> 00:21:53,666
, 00:21:53:15 ,and record the new events.

420
00:21:53,667 --> 00:21:53,875
, 00:21:53:20

421
00:21:53,876 --> 00:21:57,249
, 00:21:57:05 ,I just inserted two or three credits.

422
00:21:57,250 --> 00:21:58,625
, 00:21:58:14 ,So I have two credits now.

423
00:21:58,626 --> 00:22:05,082
, 00:22:05:01

424
00:22:05,083 --> 00:22:09,124
, 00:22:09:02 ,And if I send this, I will change the address of the device

425
00:22:09,125 --> 00:22:11,166
, 00:22:11:03 ,at address two.

426
00:22:11,167 --> 00:22:14,291
, 00:22:14:06 ,So the coin acceptor, I will send it to address number seven.

427
00:22:14,292 --> 00:22:14,541
, 00:22:14:12

428
00:22:14,542 --> 00:22:16,082
, 00:22:16:01 ,Hit send.

429
00:22:16,083 --> 00:22:20,333
, 00:22:20:07 ,So now the device the actual device is on address number 7,

430
00:22:20,334 --> 00:22:26,583
, 00:22:26:13 ,and I took its place and respond at its place to the main board.

431
00:22:26,584 --> 00:22:31,374
, 00:22:31:08 ,If I look at the values, I see that I have actually learned

432
00:22:31,375 --> 00:22:35,249
, 00:22:35:05 ,an unsearchable request 229, so the request

433
00:22:35,250 --> 00:22:40,833
, 00:22:40:19 ,the coin acceptor status and the responses for yeah, it's 01

434
00:22:40,834 --> 00:22:46,291
, 00:22:46:06 ,is counselor and 07 was the new coin was accepted.

435
00:22:46,292 --> 00:22:50,082
, 00:22:50:01

436
00:22:50,083 --> 00:22:53,541
, 00:22:53:12 ,So what I will do is change the address.

437
00:22:53,542 --> 00:22:55,249
, 00:22:55:05

438
00:22:55,250 --> 00:23:00,124
, 00:23:00:02 ,Let's say at 2201, I will add two new coins.

439
00:23:00,125 --> 00:23:00,333
, 00:23:00:07

440
00:23:00,334 --> 00:23:02,124
, 00:23:02:02 ,So I will change the payload.

441
00:23:02,125 --> 00:23:02,583
, 00:23:02:13

442
00:23:02,584 --> 00:23:06,998
, 00:23:06:25 ,And now I will have two new credits, great.

443
00:23:06,999 --> 00:23:07,082
, 00:23:07:01

444
00:23:07,083 --> 00:23:11,998
, 00:23:11:25 ,And what I found also is if I do that again, that will work

445
00:23:11,999 --> 00:23:16,999
, 00:23:16:29 ,and normally in the specs, if the counter increments too much,

446
00:23:17,000 --> 00:23:22,791
, 00:23:22:18 ,like the if it increments in 10 to 10, normally it only needs to get

447
00:23:22,792 --> 00:23:26,875
, 00:23:26:20 ,the last five results, the ones that are actually

448
00:23:26,876 --> 00:23:29,082
, 00:23:29:01 ,in the response.

449
00:23:29,083 --> 00:23:29,416
, 00:23:29:09

450
00:23:29,417 --> 00:23:31,708
, 00:23:31:16 ,But as I found in several machines that I tested,

451
00:23:31,709 --> 00:23:34,998
, 00:23:34:23 ,is that you can just put whatever value.

452
00:23:34,999 --> 00:23:37,041
, 00:23:37:00 ,It will just check the last response codes.

453
00:23:37,042 --> 00:23:40,249
, 00:23:40:05 ,So let's put FF as the counter value.

454
00:23:40,250 --> 00:23:44,041
, 00:23:44:00 ,So we increment it by 200 and what happens?

455
00:23:44,042 --> 00:23:52,875
, 00:23:52:20

456
00:23:52,876 --> 00:23:54,541
, 00:23:54:12 ,(Applause) Yeah?

457
00:23:54,542 --> 00:24:03,208
, 00:24:03:04

458
00:24:03,209 --> 00:24:05,458
, 00:24:05:10 ,   AUDIENCE MEMBER: Does the counter decrease when you

459
00:24:05,459 --> 00:24:06,998
, 00:24:06:26 ,use credits.

460
00:24:06,999 --> 00:24:07,082
, 00:24:07:01

461
00:24:07,083 --> 00:24:09,500
, 00:24:09:11 ,Does the counter on the mother board decrease?

462
00:24:09,501 --> 00:24:10,998
, 00:24:10:23 ,   NICOLAS OBERLI: No, no, afterwards, it's another counter that

463
00:24:10,999 --> 00:24:12,917
, 00:24:12:21 ,is in the main board.

464
00:24:12,918 --> 00:24:16,082
, 00:24:16:01 ,That's only a counter for the coin acceptor.

465
00:24:16,083 --> 00:24:17,124
, 00:24:17:02 ,That's it.

466
00:24:17,125 --> 00:24:17,998
, 00:24:17:25

467
00:24:17,999 --> 00:24:19,541
, 00:24:19:12 ,All right.

468
00:24:19,542 --> 00:24:24,998
, 00:24:24:25 ,So since it's nearly over, I will get through it more quickly.

469
00:24:24,999 --> 00:24:28,998
, 00:24:28:24 ,So as the acceptor is offline, so we are we have injected.

470
00:24:28,999 --> 00:24:31,500
, 00:24:31:11 ,So we are able to send commands to it.

471
00:24:31,501 --> 00:24:35,999
, 00:24:35:29 ,So we can change the validation path.

472
00:24:36,000 --> 00:24:39,249
, 00:24:39:05 ,So we can just say the path normally that is allowed

473
00:24:39,250 --> 00:24:41,708
, 00:24:41:16 ,for the $1 coins.

474
00:24:41,709 --> 00:24:42,500
, 00:24:42:11

475
00:24:42,501 --> 00:24:44,041
, 00:24:44:00 ,That existing right?

476
00:24:44,042 --> 00:24:45,416
, 00:24:45:09 ,   AUDIENCE MEMBER: Yeah.

477
00:24:45,417 --> 00:24:49,875
, 00:24:49:20 ,   NICOLAS OBERLI: So you just tell the coin acceptor to change

478
00:24:49,876 --> 00:24:55,416
, 00:24:55:09 ,to learn a new coin, and you set the validation pass of the $1

479
00:24:55,417 --> 00:25:00,998
, 00:25:00:27 ,and you just put several quarters or cents, et cetera, and it

480
00:25:00,999 --> 00:25:09,583
, 00:25:09:13 ,will learn this new coin and you actually put this new coin, you will see it at $1.

481
00:25:09,584 --> 00:25:11,875
, 00:25:11:20

482
00:25:11,876 --> 00:25:13,999
, 00:25:13:29 ,So it works.

483
00:25:14,000 --> 00:25:15,041
, 00:25:15:00 ,That's great.

484
00:25:15,042 --> 00:25:20,999
, 00:25:20:29

485
00:25:21,000 --> 00:25:25,208
, 00:25:25:04 ,(Applause) The other thing that is great is you have several path

486
00:25:25,209 --> 00:25:29,374
, 00:25:29:08 ,for the money, like when the coin is not accepted, normally, it

487
00:25:29,375 --> 00:25:31,999
, 00:25:31:29 ,will give it back to you.

488
00:25:32,000 --> 00:25:33,750
, 00:25:33:17 ,So you can try it for several times

489
00:25:33,751 --> 00:25:36,666
, 00:25:36:15 ,before dropping the coin.

490
00:25:36,667 --> 00:25:38,666
, 00:25:38:15 ,And you can also change that.

491
00:25:38,667 --> 00:25:40,750
, 00:25:40:17 ,So just invert the two.

492
00:25:40,751 --> 00:25:42,750
, 00:25:42:17 ,So when the coin is not recognized, it will get in the machine and

493
00:25:42,751 --> 00:25:45,999
, 00:25:45:29 ,if the coin is accepted, it will get it back to you.

494
00:25:46,000 --> 00:25:49,249
, 00:25:49:05 ,So as soon as you as you win, you just play again.

495
00:25:49,250 --> 00:25:50,291
, 00:25:50:06 ,That's great!

496
00:25:50,292 --> 00:25:50,999
, 00:25:50:29

497
00:25:51,000 --> 00:25:55,249
, 00:25:55:05 ,There are many possibles and, again, there are absolutely nothing,

498
00:25:55,250 --> 00:25:57,999
, 00:25:57:29 ,no authentication, nothing.

499
00:25:58,000 --> 00:26:00,124
, 00:26:00:02 ,You just have to be connected on the bus.

500
00:26:00,125 --> 00:26:00,374
, 00:26:00:08

501
00:26:00,375 --> 00:26:04,583
, 00:26:04:13 ,Regarding protection and the security.

502
00:26:04,584 --> 00:26:05,998
, 00:26:05:27 ,There are several things.

503
00:26:05,999 --> 00:26:06,291
, 00:26:06:06

504
00:26:06,292 --> 00:26:10,082
, 00:26:10:01 ,You can provide a PIN code on the device.

505
00:26:10,083 --> 00:26:13,416
, 00:26:13:09 ,The only problem is that the PIN code feeds to be sent

506
00:26:13,417 --> 00:26:16,998
, 00:26:16:24 ,in clear text to actually be used.

507
00:26:16,999 --> 00:26:18,998
, 00:26:18:23 ,So just sniff the bus.

508
00:26:18,999 --> 00:26:22,833
, 00:26:22:19 ,Check for header 218 that is provide PIN code to a device

509
00:26:22,834 --> 00:26:25,998
, 00:26:25:23 ,and just read the four digits that are

510
00:26:25,999 --> 00:26:28,666
, 00:26:28:15 ,inside and that's it.

511
00:26:28,667 --> 00:26:32,166
, 00:26:32:03 ,You can help by just pulling the power cord and repower

512
00:26:32,167 --> 00:26:36,166
, 00:26:36:03 ,the machine and it resets the PIN code.

513
00:26:36,167 --> 00:26:43,583
, 00:26:43:13

514
00:26:43,584 --> 00:26:45,708
, 00:26:45:16 ,There's also encryption.

515
00:26:45,709 --> 00:26:50,166
, 00:26:50:03 ,I didn't put a lot of time on.

516
00:26:50,167 --> 00:26:53,249
, 00:26:53:05 ,This there are two encryption method I used.

517
00:26:53,250 --> 00:26:53,750
, 00:26:53:17

518
00:26:53,751 --> 00:26:59,166
, 00:26:59:03 ,One is proprietary, a 24 bit key and the other is a desk description.

519
00:26:59,167 --> 00:27:03,998
, 00:27:03:25

520
00:27:03,999 --> 00:27:05,750
, 00:27:05:17 ,So you can put it.

521
00:27:05,751 --> 00:27:05,958
, 00:27:05:22

522
00:27:05,959 --> 00:27:08,875
, 00:27:08:20 ,But the problem is that it's a different header.

523
00:27:08,876 --> 00:27:11,041
, 00:27:11:00 ,So you still can request the device using

524
00:27:11,042 --> 00:27:14,998
, 00:27:14:24 ,the unencrypted headers and while the machine is in use

525
00:27:14,999 --> 00:27:18,583
, 00:27:18:13 ,with the encrypted, the encrypted one.

526
00:27:18,584 --> 00:27:19,625
, 00:27:19:14 ,So, why not?

527
00:27:19,626 --> 00:27:21,208
, 00:27:21:04

528
00:27:21,209 --> 00:27:25,583
, 00:27:25:13 ,I decided yesterday I was working in the Caesar's and there was

529
00:27:25,584 --> 00:27:27,708
, 00:27:27:16 ,an open machine.

530
00:27:27,709 --> 00:27:31,333
, 00:27:31:07 ,So just to show you exactly where (Applause)

531
00:27:31,334 --> 00:27:36,666
, 00:27:36:15 ,You see here the machine is just opened.

532
00:27:36,667 --> 00:27:37,666
, 00:27:37:15 ,Yeah.

533
00:27:37,667 --> 00:27:39,999
, 00:27:39:29 ,And the bill acceptor is just right here.

534
00:27:40,000 --> 00:27:41,750
, 00:27:41:17 ,I don't know if it's a ccTalk one.

535
00:27:41,751 --> 00:27:42,998
, 00:27:42:26 ,I didn't test it.

536
00:27:42,999 --> 00:27:45,998
, 00:27:45:24 ,I wanted to be there and not in jail or something.

537
00:27:45,999 --> 00:27:47,708
, 00:27:47:16 ,   AUDIENCE MEMBER: (Inaudible).

538
00:27:47,709 --> 00:27:52,998
, 00:27:52:23 ,   NICOLAS OBERLI: To so it's just there.

539
00:27:52,999 --> 00:27:53,041
, 00:27:53:00

540
00:27:53,042 --> 00:27:57,917
, 00:27:57:21 ,You can put you on wire.

541
00:27:57,918 --> 00:28:00,998
, 00:28:00:27 ,Normally, it's fourth one.

542
00:28:00,999 --> 00:28:03,791
, 00:28:03:18 ,It should be that red one there, but I'm not sure.

543
00:28:03,792 --> 00:28:04,998
, 00:28:04:24 ,(Laughter).

544
00:28:04,999 --> 00:28:05,082
, 00:28:05:01

545
00:28:05,083 --> 00:28:09,958
, 00:28:09:22 ,So, yeah, normally, these machines if they use the ccTalk bus,

546
00:28:09,959 --> 00:28:14,583
, 00:28:14:13 ,you can just get into them something there.

547
00:28:14,584 --> 00:28:15,082
, 00:28:15:01

548
00:28:15,083 --> 00:28:16,541
, 00:28:16:12 ,All right.

549
00:28:16,542 --> 00:28:17,541
, 00:28:17:12 ,Other things.

550
00:28:17,542 --> 00:28:18,541
, 00:28:18:12 ,I will get quickly.

551
00:28:18,542 --> 00:28:19,625
, 00:28:19:14 ,Sorry.

552
00:28:19,626 --> 00:28:26,625
, 00:28:26:14 ,Other things that might be good points of research is the encryption supports.

553
00:28:26,626 --> 00:28:32,041
, 00:28:32:00 ,There are many things you can do there, because 24 bits is a bit weak.

554
00:28:32,042 --> 00:28:32,917
, 00:28:32:21

555
00:28:32,918 --> 00:28:37,124
, 00:28:37:02 ,You can also dump the internal memory of devices.

556
00:28:37,125 --> 00:28:40,999
, 00:28:40:29 ,You can upload the firmware and you can pretty much many,

557
00:28:41,000 --> 00:28:46,666
, 00:28:46:15 ,many many things with those and that's just the start.

558
00:28:46,667 --> 00:28:46,998
, 00:28:46:23

559
00:28:46,999 --> 00:28:51,750
, 00:28:51:17 ,So in conclusions, the specific protocols are quite fun

560
00:28:51,751 --> 00:28:53,708
, 00:28:53:16 ,to analyze.

561
00:28:53,709 --> 00:28:54,708
, 00:28:54:16 ,It's quite easy.

562
00:28:54,709 --> 00:28:57,249
, 00:28:57:05 ,You can find really fun things to do with this.

563
00:28:57,250 --> 00:28:58,166
, 00:28:58:03

564
00:28:58,167 --> 00:29:02,541
, 00:29:02:12 ,You definitely need to look more in depth in ccTalk

565
00:29:02,542 --> 00:29:09,875
, 00:29:09:20 ,because since it's money related, you have interest in applications, right?

566
00:29:09,876 --> 00:29:09,998
, 00:29:09:26

567
00:29:09,999 --> 00:29:16,291
, 00:29:16:06 ,And just get a bus pirate, it's a fun tool for hardware hacking

568
00:29:16,292 --> 00:29:19,998
, 00:29:19:25 ,and pretty much all stuff.

569
00:29:19,999 --> 00:29:22,166
, 00:29:22:03 ,CcTools are available on my GitHub account.

570
00:29:22,167 --> 00:29:27,166
, 00:29:27:03 ,And I will post several items on my website.

571
00:29:27,167 --> 00:29:28,291
, 00:29:28:06

572
00:29:28,292 --> 00:29:29,791
, 00:29:29:18 ,And that's it.

573
00:29:29,792 --> 00:29:30,791
, 00:29:30:18 ,Many thanks.

574
00:29:30,792 --> 00:29:33,374
, 00:29:33:08 ,(Applause) If you have any questions, just come by.

575
00:29:33,375 --> 00:29:34,259
, 00:29:38:08