>> All right. So we've got a big group up here. We've got -- we've got Ross and Rob and LosT is going to be up here and focus is going to be working the technical angle of things. So let's give these people a big PartyTrack welcome. >> Hello, DEF CON. So it's about once per year I actually get to get on stage that is not opening ceremony or closing ceremony, so this is your one shot to get -- to get to watch my embarrass myself publicly. >> No, it's not. >> My boss is in the audience. >> She's right here. >> Yes, she is. She's in the front row. Sorry, George. So anyway, this talk's about the prop lane. And we'll go into a little bit of the history. We'll talk about the technology. Everything we're going to talk about is public. We'll have all the source code. We will have all the schematics. You will be able to build everything that we are showing you today on your own. >> They love you. >> Yeah. On top of that, we originally built this on the DEF CON 20 badge because it uses a Parallax propeller chip. They're like, yeah, Parallax. Kick ass. As it turns out, this year's badge also uses the Parallax propeller chip. And LosT was kind enough to build out the board to make it really easy for you to build shields for this. We may actually design those and release the schematics for those as well. But everybody that has been at DEF CON, either at DC 20 or this year, should be able to build these devices and carry around the mobile encryption device. You can modify the encryption. You can modify the software. And we've got a list of ideas that we want to see you guys do at the end. All right? So I did not come up with the title. I will give that dubious honor to Rob. >> Who doesn't love sensationalist headlines? >> So if you were here when General Alexander was here, he made us a lot of promises. He talked a lot of crap. He -- he lied to a lot of us about certain things and what was going on. And then in the press a couple weeks ago, we saw that he's trying to make a million dollars a day releasing all these great ideas for securing the Internet and transactions and stuff. So this talk ended up being more timely than we intended. Now, before I get too far, how many of you know about Hackers for Charity? All right. And how many of you have seen Eddie Mize in the contest area or the artwork that he does? All right. So Eddie has drawn a special piece for Hackers for Charity. And this is going up for auction. You can place your bids at Eddie's booth in the contest area. He doesn't keep any of the money. And if you know Eddie, you'll know that that's the absolute truth. So this is an original piece, and it will go to whoever has the highest bid. So please help support Hackers for Charity. Help support Eddie, and go over there, please. All right. So let's get on with introductions. I'm Russ. I'm chief of operations at DEF CON. I am helping run the show, but really it runs itself and I get to walk around and do this. So over here we have Rob, Evil Rob. This concept of this kind of a device was originally his idea. And we'll get into that a little bit more. You know Ryan Clark, the LosT boy. He creates all the batches. And then Mark Carrier Forcus, who has done a large part of the software development of this. Now, the one part of this team that is not up on this stage is you. And you'll remember I said a few minutes ago that we have a list of projects at the end of this slideshow, at the end of the demo and everything, where we want to see you guys build this out and bring it to us next year. All right? So take that as your challenge. We've made it as easy as possible to you guys to do this and get involved. So let's talk a little bit about crypto. How many of you are actually into crypto, that's what you work with? All right. So you're the people I cannot have a conversation with. All right? They can. I'm not the one you want to talk to about that. You know, you go from everything is simple, like a Caesar cipher that was used thousands of years ago, really easy for us, now you can do it with pencil and paper, right, and then you get more complex as we get -- as we move through history, past the Enigma machine that was used during the war, up to AES that was adopted. So we're actually using AES on this device. And I don't want to steal any of their thunder, so I'm trying to be careful about what I say. But suffice it to say, we've built enough flexibility for you guys to be able to make changes to the software, add modules and change the functionality. And we really want to see some good stuff come out of this. Some of the things that kind of were the impetus for this, the whole NSA vacuum, that was actually a big part of what we're doing here. And so we figured what's the best way to do this? We can port all of our research and code over to a microcontroller that most people have. And since we used it this year as well, you guys are in good shape, right, because everybody has a badge either from DC 20 or this year, I'm hoping. And if you got temp badges this year, you should have gotten a DC 20 badge because we had some extras. All right. Who's willing to stand up and say that Tor is safe now? You can almost hear the crickets. It's amazing. Again, we need safe ways to communicate. You know, Darknets, we've got a lot of people creating their own Darknets. This is another way to do it. If we could get everybody that's been at these last two conferences to build these things out, we'd have about 25 to 30,000 of these things floating around out there. That's a lot of secure communication. So I'm going to let Rob take this. The whole concept of this came from -- we were actually funded for a project, and I'll let him talk about his ideas and stuff. And we were sitting there talking, and I said, you know, it would be really cool if we could port that code over to the propeller chips so we could put it on the badges. And it all went to hell from -- in a hand basket from there. So I think you'll like the show. The traffic is running. If you can see the blinky lights, we're -- we have a sniffer going. We can see the encrypted traffic going. So our demo should work just fine. Keep your fingers crossed. There's very few people that are willing to tread that ground at DEF CON. But I think we're in good shape. Here's Rob Batherst, and I'll let him move. >> All right. Thank you, Russ. I assume you all can hear me okay. Who's sleeping from after lunch? Anyone? Anyone? Or was it breakfast, if you're doing it right? So, you know, we're going to talk a little bit about the impetus for this and why we did it. So, you know, I spent some time in the government. And I decided that the government has these, you know, really neat ways they do things when it comes to encryption. And they don't tend to relay on -- rely on software as we traditionally think of it from a VPN perspective or a VPI tech or an SSL. They use, actually, a hardware type of device to protect that communication. And so I was sitting there, and I was like, you know, why do we have all of these, you know, really just absolute shit VPN clients that never work and always need configuration changes and the concentrator is down and everything else? I was like, you know, what's a good way that we can actually provide this type of system to the masses to make it easy to get into your home or your office or communicate with Russ or LosT or any of us and, you know, actually have it be moderately secure? Depending on the platform, maybe not fast, but moderately secure. You know, like I said, we did this because we want our privacy to be stay in our hands. We want to make sure what we're saying is protect and we only show it to those who actually should be able to see it. Luckily enough, we got funding -- what's that? Did you say something? Did you interrupt me? >> I didn't say anything. >> You did. You did. They're agreeing with me. So, you know, we actually got funding from the Cyber Fast Track program, which is an amazing DARPA program, that allowed us to actually take the time to research these particular aspects. And if you didn't know anything about it or the projects that came from it, I would totally take some time and go on Google and look for the Cyber Fast Track and see what came out of it because some of these projects are absolutely amazing. So what's been happening since then? So about two years ago when we actually produced this for DARPA, we did a considerable amount of work on the key management aspects and everything else that goes into managing a crypto system. And for those of you who have not had to deal with IPSec crypto, that is one of the biggest challenges, is dropped keys on ins and people trying to communicate back and forth. And in a large organization, it can take you five or six admins just to manage all of your site to site VPN connections. But that is a whole other talk. So, you know, what's our approach here? We have the cheap way, which is what we're looking at. It's a propeller chip, which Ryan was kind enough to provide, or an ARM chip if we wanted to do custom development that we already started to work on. Then we have the -- the -- you know, is it fast? Well, the propeller is not fast. It runs 80 megahertz on a single course. So it's not very fast. Then we have the ARM, which, you know, ARM has, you know, quad core processors now. They can be very fast from a crypto perspective, but they have a theoretical limit. And then you have the FPGA or the ASIC, which are custom made to be extremely fast because that's all they do. So, you know, some of the neat advantages are the dual-cored FPGAs or ASICs that also have an ARM core on them. But, you know, look into those. We're like, okay, what's the best tradeoff here? We can make a custom ARM board, but then people would have to get ARM boards. And we're like, you know what? Let's just use the propeller chip that's on the badge. So the keys here are simple to use, simple key exchange that we'll go into, and then an on/off switch. The encryption system's running. The encryption still's not running. The encryption system may not be running, no, it's on or it's off. It works or it doesn't. And I like stupid simple, if you get to know me. So about this project in particular, we have the parts, a DC 20 badge or a 22 badge, which has a parallel propeller chip on it, 16 user IO pins, a SBI bootRAM, a G2 serial-to-USB, transceiver and whatever else you want to cram onto it. So that's what you get just with the badge. Then with the additional stuff that we added, we added the Ethernet transceivers, which it is very difficult to do wired communication without Ethernet transceivers. But if you have a way, please let me know. Anyone? Anyone? No. All right. So it's a microchip BNC, 28 J60. I don't expect you to remember this, which is why the slides and everything else will be public. It's a 3.3 or 5 volt, gram buffer. And if you don't use this particular model that we have that we wrote the driver for, you'll have to write your own. So good luck and Godspeed. >> Yeah, these are, like, two bucks if you get them from China. They're super cheap. >> EBay. >> So the key store is an SD card. It's very simple. Go to Fry's, super cheap. The only thing we had to do from a custom hardware perspective that was one of those if-I-had-all-day-and-a-pile-of-cocaine type of things, was create a custom VRU. We have the instructions for it. They're actually very easy to make. It's just a voltage regulator. And like I said, we'll have that up there. So what you see up here is a much better version of this, which is what it started as, okay, a piece of metal, a badge, some FYEs and everything else. You know, props to Ford. Just give this man a hand. He wired everything up and made these rigs and everything so you could see them. >> Thank you, thank you. And one safety warning -- >> I didn't say you could talk yet. >> I know. I just have to give the safety warnings. If you're ever drilling a circuit board, remember that if you go too fast, that smoke causes mesothelioma and it will kill you. >> You know this isn't public radio, right? >> This is my best Barry White knockoff. What can I say? >> All right. So moving on, you know, I'm going to let Ryan touch on this, but, you know, the high level here is when you're dealing with these propeller chips which, you know, may or may not help you when you're doing stuff with the badges, is Spin, which is basically the high level programming language. You can go to learn.parallax.com to read all about it, and then the PASM, which is actually a symbol.ly version. It's faster. There's simulators out there called, like, Gear. You know, they're great. I do recommend looking them up, great tutorials, lots of people talking about them. So fair warning about this badge, when you go to pull it off, we had to use a specialized SPI cog to be able to do what we did. It runs in transparent bridging, so attempting to figure out what's happening from the side where the encryption's running is very hard to do. And then for our particular implementation that we'll be making public, it uses a 128 key. It can use 256. However, it will go very, very, very slow because the propeller is not very fast. Yes, sir? >> Hey, Ryan. Can you answer a question for me? If they use PASM instead of Spin, it will actually run faster, right, because the code's not having to go through an interpreter? >> Yes and no. It depends on how they write the code. I mean, you can write really awful code, and then it's not going to be fast. >> Okay. >> And actually, as a caveat to that, the -- >> Public radio time. >> -- pieces of this that are speed intensive are already written in PASM. So the encryption routines are in PASM. The driver code, which actually communicates on SPI is already on PASM. So most of the speed sensitive stuff was actually not written by me. They were written by open source driver folks and then modified to actually work the way they were supposed to. >> Open source does not mean quality. I'm warning you right now before you go look at our code, okay? You know, so those -- those are some fair warnings with what we're doing. So it's not a -- it's 256, though it's capable, it's just 128 for speed purposes. So why crypto works, you know, the two things we tend to talk around, and I'll just -- high level again, is a hash versus encryption. You know, you're supposed to be able to do a symmetric encryption. Do I have the key? Do you have the key? Yay. It comes out the other side, is what it should be. Whereas, in theory, you're not supposed to be able to figure out what is on the other side of a hash. You know, crypto can be defeated. You know, this is the general warning to everybody. You know, crypto, you can lose your symmetric key, which means anybody who gets that particular segment can read it. You can have compromised PTA inserts in the sense of, you know, public key infrastructure. They could brute force the entire key space and just wait to find the one that matches your segment. And the number one killer in everything -- and this is my fair, fair warning. Go read the code and look at it yourself. You know, we built this for fun. It was a side project. You know, we weren't paid to do this particular thing -- is poor implementation. Poor implementation in key control, poor implementation in memory management, poor implementation in the actual S locks within the code. You know, it's only as secure as, you know, it's reviewed and trusted to be. So fair warning. Yeah, it's his fault if it doesn't work. So, you know, here's the money shot. This is what you're looking at right here. This was -- this was the hours of torture and toil to come up with it. Yes. So, again, give a hand to this guy. He never sleeps. And so the other guy who doesn't sleep, you know, I'm going to hand it off to him and let him talk about the DC 20 badges and 22 badges and anything else he wants to go into. So LosT, everyone. >> Hey. So I'm only going to speak for a few minutes here because I want to give Fork as much time as possible because these guys -- you know, it's their baby and I was just kind of along for the road. I've also been on stage like four times this year, and you guys are probably sick of hearing from me. And really, Fork tends to be a little bit verbose. And so I'd like to give him more time. They asked me to speak a little bit about the badge this year. So how many of you here were at DEF CON 20? Okay. Like three people? It was a very small conference. So if you came to the intertalk, you know a little bit maybe why we went with the propeller again this year. It also -- it lined up really well with the prop plane project Ross was talking to us about. For those of you who don't know, the DEF CON 20 badge was the same architecture. The layout was a little bit different. We had some different components. Again, we had the Parallax. I think a bunch of the Parallax guys are in the audience, are you not? Raise your hands if you're here, guys. So give those guys a hand. I don't know, also, if we put this in the slides here, but I'm going to bring this up. Chip Gracey, who is the founder of Parallax, and Ken announced that they are open sourcing the propeller chip. So they have Verilog code that has been -- that has been put out there. And I'd really like to give them a hand for taking -- as a company to take that pro prior tear information, get the Verilog code information out to you guys as a community. I think they deserve a hand for that. Yeah. So Fork suggested maybe I should say what that means. For those of you not familiar, they had mentioned FPGAs and other things. What this allows you to do is basically emulate the processor and software or on hardware, like an FPGA, which means you can actually implement this and test it if you don't even have the chip, if you have hardware capable of loading the Verilog code. So really what it is, is the design of the chip. It's the -- it's the description of the chip's hardware. This is a high enough level of description? >> Yeah. >> So for those of you that aren't familiar, if you're not familiar with hardware description languages, go look up Verilog and see what it is. But basically it's a big deal for a company to give out that type of information, to go ahead and say, hey, here's Verilog. So if you go to open cores and stuff like that, you can get that for a lot of other chips. But it's been stuff that has been reversed and has been done by other groups. This is actual Parallax releasing that. >> So one of the things this will let you do that's important is if you want to add additional cogs, so if you have eight cogs on a propeller normally, which are essentially little risk processors with some static ram. Well, if you wanted to put 12 cogs on there, you could. So that's what makes the Verilog so very important and so very powerful. So if you take an FPGA of, you know, a substantial quality of gates, you can actually emulate not only the propeller, but you can modularly add additional cores, additional memory, additional IO. So it sets you free. It's a wonderful thing. >> It sets you free. >> It's very -- >> You didn't know you were coming to an inspirational talk, did you? It's also going to keep you from drinking -- speaking of the badges, by the way, I apologize if I'm a little lethargic. For the past three days, there have been folks working on the badge challenge, and we actually had a solution at 5:30 this morning. So I'm a little exhausted. Yeah. For those of you who don't know what that means, there were groups and groups of people for the past three days that have had no sleep that literally have been going 24/7. At the point we walked out last night, there was no one left on the DEF CON floor including the CTI folks. So the folks that were doing the batch has been going for three days straight. So we had a solution. Congratulations to those guys. They're way smarter than I am. Just to break out of the pinouts on the DEF CON 20 badge, and we had a lot of people bitch because it was a non-standard spacing, but it was more done for aesthetics. This year we kind of took that and ran the -- if you look at your own badge, the two rows of header holes that are along the sides facilitate a shield-type add-on board which will make it much easier to do than to build a prop lane for yourself because we've also got gerbers we're going to give out for everybody that you can actually design add-ones for your board yourself. If you didn't go to the talk, also we facilitated removing parts without actually taking them with those cut -- those places where you can cut the traces and take parts out. So hopefully it will be easier for you guys to build. So I don't know what else -- I'm -- oh, you can keep hearing this discussion of cogs. So basically the chip that's on your badge is a multi-core processor. It's got eight 32-bit cores on it. They're called cogs. And it uses a -- in high terms, like a round robin that goes through for executing. They're all running concurrently so you don't have to worry about interrupts and things like that. How many of you have ever been a slave for dealing with timings for interrupting your teams? You know how much of a pain in the ass that is. So with a propeller, you can also launch another cog so you don't have to worry about that timing issue. And there's also facilities for talking between cogs, passing information and there's also ram that's individual to each cog. So I'm going to go ahead and just turn it over to -- like I said, I want to give Fork as much time as possible because really he's put a lot work in on this. So give Fork a hand, guys. >> So okay, where to start. Wow. Yeah. They've warned you that I can be kind of verbose, so I know some of you in the audience have stop talking cards. Do you want to hold those up? Anybody? No? Okay. Okay. All right. So the basic discussion of the architecture of the prop lane is that we've set up two device drivers for each of the network interfaces. So each one of these network interfaces uses a chip called an ENC. What is it, 28J60, I think? Anyway, it's in the slides. And the point to it is it's nice -- a nice little device. It actually manages all of your Ethernet FYE information for you. It manages SPI for you. >> They don't need your life story. >> Right. Sorry. High level. Okay. So you have cogs for the Ethernet drivers. You have cogs for the encryptor and the decryptor. Now, right now they're not fully a synchronous, meaning they don't all run independently and -- like an engine without a timing belt. >> That was a good analogy. >> Yeah, but eventually they will. And they won't have rod collisions and have horrible things happen either. But anyway, the speed the speed of this device is about 2 to 3 megabits a second on a good day. And the propeller is running at 80 megahertz. For those of you who know propellers, you can run them at varying clock speeds. We ran them as fast as we possibly could, well, because crypto tends to be pretty demanding. And yeah, we wanted to get as much performance as we could. So the basic sequence of operations. How many of you guys have written a network encryptor. >> Hey, we've got one back there. >> We've got one? All right. Excellent. Well done, sir. So the basic sequence of operations is -- the basic sequence of operations is that you have data that comes in on the protected side that gets transformed and then shot out the other end, right? And on the other end, it gets taken in from the public Internet, transformed back and shot to the other client, at least that's the general theory of operation. >> Lightning bolt, lightning. >> Magic missile, magic missile. >> Encryption at Hogwarts, Mark style. >> Magic. The point to this is there's different algorithms, et cetera, et cetera, et cetera. We chose AES because it's a standardized algorithm. It's relatively speedy on embedded hardware and, you know, we had some great public implementations with varying quality in their CVC routines. So let's talk about the network cogs. All right? So how many of you guys know that your Ethernet card has its own processor on it. Anybody? Yeah. Good. Good show of hands. All right. Good. Well, we use one of the cogs as the processor on our network card, essentially. So technically there's the Ethernet FYE, which has the ability to receive packets from the wire and write them into a buffer. And then you have to do something with those. Well, in this particular Ethernet device's case, we use the SPI protocol, which stands for serial peripheral interconnect, to retrieve the data from that chip into the main propeller core. Now, the way that this is written right now, it uses what's called a zero copy architecture. Anybody familiar with that one? Yeah? A couple of (inaudible) guys in the audience, I see. All right. So what zero copy architecture means is you only copy the darn thing when you need to. So we copy it once into main memory, do the transformation and then send it out ESP I bust to the other interface. So think of it as two giant packet shovels. That's the best way to think of it. And it's -- it's a FIFO queue, which means first-in/first-out, because that's how those chips work and they're cheap. Like I said, about two bucks on eBay, although if you guys all order them there's going to be a run and they'll go up to four or five. But nice little pieces of hardware. Highly recommend them. And if you do anything with embedded, that particular chip, great -- great piece of hardware. Excuse me. Packet wrapping, encryption. We've talked about the transformation. What we do in this particular case is we converted it to IP protocol 99. So IP protocol 99 is a reserved protocol number. So you know TCP is, you know, zero or six. BDP is seventeen. ICMP is one. Well, IP Protocol No. 99 is reserved for private encryption systems. And every router on the Internet, for the most part, will transit this protocol number without much trouble. So if you want to build your own crypto system, that's a really handy fact to exploit. So what we do is we convert the IP protocol number to 99, add a little bit to the packet size, and we end up with a packet structure that has appended an AES block size. So anybody who knows stuff about crypto is going to tell you have what's called blocking, which means it's the smallest unit that the encryption system will deal with. All right? So in order to use this device, your clients have to set their M T U, the maximum transfer unit on the unit, down to 1,400 bites because otherwise you don't have the headroom to add other stuff sometimes, like, the AES block size or the size of the packet in the original protocol in our case. So -- forgive me. Forgive me. Let me get a glass of water. >> Make some noise for Fork, you guys. Come on. >> Thank you very much. I do realize that some of this stuff is incredibly dry. Trust me. I'm going parched even talking about it. >> That's also true. So targeting this particular device right now, the source code and the condition it's in right now, it has one key to rule them all. In other words, anything that you try to send to anybody gets encrypted with that particular key. Now, the advantagal strategy on this is that the SD card that you plug into it is going to have a representation of a network name and a mask. And what does that buy you? Well, it gives you the ability to individually communicate with different people with different keys. And what does that buy you? Well, that keeps -- you know, if you're communicating with Alice and she has one of these and you're communicating with Bob and he has one of these but they don't have the same key, now they can't read each other's communications. Right now they could. So right now. >> And we all know all hackers are named Alice or Bob. >> I've met a few Ivanhoffs, but that's neither here nor there. >> Stay on target. >> Or Alexanders, yes, indeed. >> Ghostwriter. >> So multi-key management is a special kind of joy, for anybody that's not done it. One of the impetuses between -- or behind the original DARPA project was, as Rob said, this key management stuff. That's hard. That's really, really hard because if you have two end points that have desynchronized key, well, what happens? They can't talk. And what does that mean? >> You send your lowest-paid administrator to fix it? >> That is correct, usually, usually. And usually they fix it on the lowest-paid administrator schedule, about three weeks. So practically speaking, you don't want that. You want something that's automatic, largely bulletproof, and that's where it gets really complicated. But I'm running off of the face. >> Yeah. >> So suggested protections for key management, stuff that you can do to keep yourself safe. If you want to add a snazzy user input device to that, you could. You could use an SPI or an I squared C 32-bit extender, for example, and add a key pad so they could type a pin in that would actually decrypt the actual material. Pretty good idea too. And the pin should probably be at least eight digits, if not twelve or fourteen. >> 64. >> 64, yeah. >> But it's all sixes. >> How do you know my password? Oh, no. So you encrypt the keys for the destination device with some other master key, never transmit things in plain text. Do we all know that one? Everybody. >> No, or people wouldn't have jobs. >> There wouldn't be wall of sheep. Right, got it. Use alternate channels, if possible. So that means, you know, we could have used the inFred on the badge. Let's swap keys, and then everybody in the room could get it too. >> It's super private. >> Super private. In addition, you can use -- I mean, yeah, use mechanisms like texting people the keys or whatever you really want to do. With you I recommend face to face, dark alleys, phones off, you know, the usual. >> Okay. I'm sorry. All right. So separate communication, yada, yada, yada. Live demo. Okay. Grab your benches, kids. Here we go. And what's the first rule of live demos? >> Don't do them. >> Well, not just don't do them, but they never go as planned. >> And don't talk about doing them instead of before you do them. Just sit down and do them. >> All righty then. So -- so one of the caveats here is that the MacBooks come with two thunder bolt ports. Both of those are in use right now and we have a V G A to thunder bolt adapter. So I've prerecorded some of this presentation because, well, there's no way to show you live with both interfaces plugged in. >> And if you would like to see it live, it should be running after -- >> And I would be happy to show you up here live. >> Assuming you have all day, because that's about how long it would take you to see the demo. >> Sorry. Give me one moment to actually save the captured files so in case I plug this in somewhere and it crashes -- how about that? It didn't crash. All right. So -- all right. So now that we have a sufficiently tiny, yikes, screen, yeah, can you guys actually read any of this? >> Yeah. >> All right. Groovy. That's what I wanted to hear. So back in this window over here, you see something that looks fairly standard. We've got address 10. 30 -- or 10. 230, 10. 231 over what appears to be a local network, correct? All right. And we see a very standard-looking I C M P request packet and a very standard-looking I C M P reply packet, all right? So let's see what that looks like from the man in the middle perspective. So from the man in the middle perspective, if we look at the packets being sent, assuming that the window is going to cooperate, which it may not -- okay, there we go. Yeah, that's all right. So one of the things that we notice here is that the data that's being sent here doesn't look the same at all, does it? It's been encrypted. Shocker. Which is the whole point of the presentation. Sorry, yes, I know. Lousy at show manship. But the thing that I'm good at is writing crypto. So if we start looking at -- >> Remember, if it doesn't work, that guy. >> Oh, crap. Anyway. The I CD M packet structure is still intact, but it's fully encapsulated now. So this is encapsulated in IP protocol No. 99. And we will go up through here. So IP protocol 99 reads as any private encryption scheme. So, again, if you're building your own, IP No. 99 is the one to use because it's a route, it's clean and it works like a champ. And in our case, that's our encrypted data, which includes the I C M P header, as well as the actual I C M P content. >> I mean, this -- this truly is where the magic happens, like from a crypto perspective, demoing crypto is one of the hardest things ever because it's like look at this judgeably crap and look at this judgeably crap and then tell me the different. >> Right. (Check) which is the stuff you don't want him to see on the -- >> I mean, the government just has more jumbled crap than everybody else. So that's -- that's really -- I mean, this really is impressive from an interviewing perspective. And thank this dude enough for all the time he put it together. It really is. >> Thank you, guys. Seriously, flattery will get you everywhere. I'll work for days without food or sleep. >> Yeah, that's a lie. I mean, the sleep thing is -- you know -- >> Well, okay. Without sleep. But in any case, I think that's the demo. So who wants some question time? >> Hey, hey -- >> I'm sorry. Rob is not done. I will get off the stage. Sorry. >> Again, this man. >> So little -- a little bit more in -- you know, then you can go back to drinking. So let's get this guy running. So yes. Live demo, kind of sort of. It's running right now, so if you really want to see it before we strip everything down or come find us later, we'll probably be in the contest area with them running anyway. So, you know, using the prop lane, I just want to give everybody an overview of kind of what to do with it or what to expect when you actually pull it off the hub. So the badge assembly should look like the money shot over there. It doesn't have to look like this, but this is just the easiest architecture from a riser perspective to get to everybody, or if you're using the C 22 badge and you make an awesome shield for it, please share with the community because the better we can make all this, the better it is for everyone. >> Jumbly crap for everyone. >> Jumbly crap for all. So anyway, here's the basics. So this is what kind of Fork was alluding to, was the key dot text that will be distributed in the get hub code is where you set your targets. And what we mean by that is the target is this key matches this network. So as long as your key and your target match on the other side after all the jumble crap happens, it should work, fingers crossed. So what the prop lane actually does is uses a black side/white side concept. (Check) the red side is if anybody got on this side, they could see everything I'm doing. Normally, that's about a foot of cable between your computer and the encryption device, if you're smart. Or, you know, if you really want to risk it, you could put it on wireless, you know, just saying. There's some guys down in the village down there that would like to talk to you, if you do, though. So, you know, what the prop lane won't do, it's not fancy. It doesn't do fancy shit. It's -- it's a very straightforward device right now. The bright side, with our code, there's still half the cogs unused. So if you wanted to have a westbound server on it or you wanted to do anything else, make it like a little file storage server with your SD card in there, you absolutely could, you know, from an innovation perspective, there's a lot of room. What you shouldn't use the prop lane for, hiding from the government. It is not an a.m. anymore device. It is an encryption device. They still see where it's coming from. You know, theoretically, a bunch of you could get together and make exit nodes out of them if you really to and, you know, by all means, go right ahead. But it is -- it is not fast and not really for that. But neither is Tor. >> If John Faye is still in this room, please don't use this. >> Right. >> It is not going to swear your life. I swear. >> It won't take a bullet very well. So, you know, don't -- don't put secrets on it. If you do happen to work for the G O D, don't take it in and try to replace it with whatever was there before, just because it's cheaper. So, you know, don't do -- >> The feds are laughing. >> Right, exactly. It is budget conscious, I promise. >> Or crying. >> What's that? >> Laughing or crying. >> Laughing or crying because they know it's true. So, again, again, don't do stuff you wouldn't want to see out there, unless you're totally sure what we did is awesome. And if it is, then by all means, I accept checks. >> I encourage independent code review, lots of it. >> You know, what you should use it for, though, you should make something new out of it. You know, that's kind of the whole theme of why we did this, you know, why it's out there and what we should do with it. You know, make something new, in know, take something new, rip it apart, say it sucks, make something better. By all meanings, we are not the end all be all. And the lulls, that is the first one. If someone can get a nine cat going through the pipes as an encryption thing, that would be outstanding. Who knows what a nine cat is? Come on, it was funnier than that. Jeez. So, you know, from -- from a danger LRobinson, if you're that old, perspective, right now we have the mode we're releasing to you that has two variants. It has an EC B code book variant and a C B C variant. The C B code book will run faster. However, it is not as secure as C BC. So use at your own risk. And right now, as Fork was saying, it uses a single device Kesow it's targeting zero zero zero zero. So anything you send out with the single key, it will just create a network of that same key. You can change the key between all your friends. However, it's just going to send it all out at once. When we release it to the get hub, we should have the multi-target environment. So, you know, John, Joe and Susan can all have different keys. Expected privacy. I mean, it is a 128. It is a, you know, 256. As long as you don't lose your symmetric key, you're doing pretty well. I mean, like I said, it's not going to be fast, but it still takes a tremendous amount of effort to actually -- you know, to break that. And then, you know, the difficulty in actually creating it, it is not a small task. I mean, like he said, he spent a lot of time -- he spent a lot of time not eating and not sleeping. And, you know, we spent a tremendous amount of time thinking into the key managements and all the aspects around the evolution of this. So be prepared to do some work, but, you know, that's half the fun of doing all this is the challenge you get from understanding what's going on at the end. So the future goals, this is where we're going to continue working on this project. You know, we want this to be an open sore project for everybody. We're going to continue to contribute, and we hope you do too. You know, what we're going to look to do is -- the crypto is portable because it runs on a single cog. So what we want to try to do is switch out cogs or some of the hard core (check)al gorisms which were released by everybody's favorite agency a couple years ago. And, you know, some of the EU stuff that can be released for crypto reasons. We like to complete our port of this particular code variation. And then any direction you guys want. I mean, that's kind of what it is. If the community thinks this is an awesome direction to go in, we'll go in this direction. You know, what -- what -- what we think we should do in the future, we're going to try and speed up the implementation of large key crypto on very small processors. That's kind of what the NSA algorithms were designed to do, but we're going to try to do it for some of the public key already existing. We're not sure we're going to be able to do it, but we've got it pretty efficient on this prop chip as it is. We'd like to make crypto a feature on all future electronicD C badges just to allow, plug it until, talk to your friends, say bad things about everyone else in the room. And, you know, we want to help protect the community and give somebody something to hack on, you know, break on and improve. So from a possibilities perspective, this is, you know, what we're looking at. I mean, theoretically, you can take the code we have right now, slap on another FYE, make it a firewall, do wired, you know, ham communication, voice sip, all right, you can do multi-plexing prop lanes and make it into (check). You can do point coms with onboard antennas. You can do so much more. I mean, this is just stuff we thought about sitting around for five minutes that, you know, hey, this would be a fun variant to do for this project. So from an administrative perspective, and I know I'm going through kind of fast because I want to stay on time and get some questions -- you can get the software here as long as we upload it. It's basically prop lane. Prop lane. Is the domain. We'll put all the F A Qs up and how to use it and everything else. You can contact all of us, Evil Rob, Russ, LosT, at prop lane. >> That would be set up in the next couple of days. >> Yeah, it should be set up after cons over. And then drink preferences, anything that anyone hands me, don't give me roofies, I swear. So questions and dogs. All right. So -- hot dogs anyone? Five minutes. I'll take some questions for -- for anyone up here. If there's a microphone out there, we have a, you know, a little bit if anyone has any questions or not, we can talk afterwards. Last chance. Oh, you have a question? >> So -- yes. So one thing before he starts talking, so the -- yeah, we did it -- we had considered doing it, but we wanted to make sure that there was no extra piles of cocaine you needed to make this, so that's why we did it just the way it was on the naked chip itself. >> We've looked at things like the A T S H S 24 from that for authentication reasons. And there's also a few others like -- I don't remember the chip number, but there's an AES chip they have as well that's fairly compact. And it's actually in an S P I form already. So that was appear K. (Check) but I didn't want you to have to order and then sign and on and on. >> So, I mean, come talk to us later. We can talk about all the chips we looked at. Yes, sir? >> You said can you hear me? You mentioned that in the future you were looking at the sometime special gorism for future growth. Do you have a lot of faith in that ago gorism being that it was designed for a particular alphabet? >> It's not that I don't necessarily have faith in it. It's just given my schedule, with the amount of time I have, someone should have done a cryptal sis on it by the time I get it. That's really what should have happened with it. And it's new and should improve both the (check) and embedded devices. So it's a curiosity, at best. >> Thank you. >> Is there another question? Yes? >> I'm curious about the types that you deal with and react. I noticed you mentioned making some special exceptions for things like ARM. I wonder what would happen if I attached this to a dual (check) and IP 6 running across the network. >> At present, it's going to look at it with a great amount of confusion. However, theal gorism is extremely extensible. All you need to do is put in an appropriate test condition. So if you look at the protocol class and it says IB (b)(6) instead, you say, oh, then I'm going to go look at this offset to get the packet length instead of this other offset. So it's a matter of very, very simple extensibility. It's all done through constants at the end of the file, and it's very easy to extend and modify for anybody. >> I have a better one. Have you looked at it? >> Not yet. I have just received the URL. >> Well, there. Now you can go look at it. >> Yes. >> So, you know, again, try and do whatever you can with it. If you have questions for us, come talk about that. I just want to make sure we can address whatever we need to address. But, you know, thank you. >> Yeah. And I try to remain accessible via e-mail, although it may take a month sometimes for me to get back to you. I apologize for that. I tend to be that swamped. >> The gentleman behind you and then we'll take one more, and then we're done. >> Okay. One more. We'll talk to you afterwards. Yes, sir? >> Sure. I was curious. Do you have any estimate on how much current consumption one know natures? >> In terms of power or what? >> Yeah, power. >> So it will take over the normal USB port in its present incarceration. And the reason for that is that the clocking on both of the boards is using its own crystal, so that takes a fair amount of draw. In addition, you have to have enough current to actually run the Ethernet transceivers. And being a differential trance receiver, you have to create enough potential across the pairs basically, or across the signals. That said, I'm running it through an LD 1117 V 33 power converter, and that provides adequate draw through a beefy bit coin S hub to power each device without much trouble. >> Excellent. Thank you. >> So I don't think you can run it off a USB port, if that's what you're asking. >> But you should try. So with that, I think we're out of time. If you have any questions for any of us, we're extremely approachable and usually wandering around. >> Thank you. >> Thank you for your time. >> And thank all of you for participating in the community. Seriously.