Why do hackers who usually call the wind and rain “overturn” the game?

This article is from WeChat official account: brunette Technology (ID: qianheikeji) , Author: Xie unitary, the original title: “Dear friends hacker, Next time you go to the GeekPwn awesome competition, remember to burn a stick of incense first. The title picture comes from: screenshots of the movie “The Matrix” stills

Hello everyone, this is Xie Yao.

Old shallow friends know that since the beginning of Qianhei Technology, we will participate in the GeekPwn awesome contest every October 24th. Be the audience.

The official full name of GeekPwn is “Awesome International Security Geek Contest”. The so-called “security geek” actually means “hacker” in my context. Perhaps it is because the term “hacker” has been wronged for a long time, and the prejudice is too deep. In order to ensure safety, the organizers used the “security geek”.

GeekPwn is a beautiful stage. Every year, contestants crack various things on stage, such as mobile phones, smart door locks, routers, and smart speakers. The host exclaimed, the audience applauded, the spotlight shone on, and a group of reporters gathered around the interview. Of course, this is only for players who challenge successfully.

On this stage, many projects “roll over” on the spot every year. Those players may have put in the same effort, but failed the challenge due to various unexpected reasons, left the field sadly, had no bonus, participated at their own expense, and did not interview.

There are rollovers every year, and this year there are so many, so I want to talk about them.

GeekPwn Great Conference Main Stage

one

On the day of 1024, the dim auditorium, me, in history, Muzi sat side by side, and the first cracking challenge project was underway on the bright stage: “With the dual protection of physical protection and hardware encryption, why do I Is your virtual currency still lost?”

A simple translation is: Crack two smart safes and an encrypted hard drive, and get the key inside. The reason why virtual currency is involved is because in the real world, there are indeed people who keep the keys of encrypted currencies in this way.

On the left is the player, and on the right is the safe to be cracked

The host Jiang Changjian announced the start of the challenge. There was a 20-minute countdown. Three contestants stood in front of the computer. One began to crackle and knock on the keyboard, one stood by to assist, and the other put on blue rubber gloves.

According to the “normal plot”, they will first crack the brand A smart safe, get the first series of passwords on the inside note, and then crack another B brand smart safe, get the encrypted hard drive inside, and then Crack it on the spot and get the second password.

These two safes

According to the judges, the last process of cracking the encrypted hard disk was “quite wonderful”, because it involved cracking at the hardware level and had to be welded on site. The visual effect was very good.

Unlike a pure software cracking project, the audience can only see the players knocking on the keyboard. Those who didn’t know thought that the players were playing Jinshan Typing.

‍Ahem…Let’s return to the serious competition scene. As the challenge progressed, weird and gloomy music sounded in the venue, quite the atmosphere of a spy movie.

In less than two minutes, the gloved player silently walked to the two safes on the right side of the stage and tapped the password lightly.

“Huh? So fast?” the host Jiang Changjian exclaimed.

In the auditorium, Brother Zhong turned his head and said to me: “This year seems to be going well.” I said that this is the first project after all, and the organizer must put the most stable one in the first place. Well…

As soon as the voice fell, a voice came from the station: “The player seems to have encountered some network problems…” the judges on the stage said.

The two of us tainted milk quickly shut up.

It turns out that the contestant didn’t come to crack it just now, but found that the smart safe was not connected to the Internet. Come and see what’s going on.

Five minutes passed. Afraid of being cold, the judges and the host kept talking. The three players were still standing in front of the computer, their expressions were not calm, and the blue rubber gloves were also taken off.

Another five minutes have passed, another five minutes have passed, the safe has not broken open, and the hard drive has not been obtained.

In the auditorium, a media teacher next to me also ridiculed: “Haha, if I were the manufacturer of this safe, I would definitely have to publish a manuscript to promote it, and even great players would not be able to crack it.” strong>

This reminds me of CCTV’s “Zhengda Variety Show” that year, a foreigner challenged the Guinness record of breaking toughened glass, but after a long time he smashed a piece of toughened glass, putting a solid advertisement for Chinese toughened glass.

“China’s tempered glass is of very good quality”

“5, 4, 3, 2, 1… the countdown is over, unfortunately, the challenge failed.” The host Jiang Changjian said: “We still have to give them applause and encouragement.” Applause broke out and the spotlight hit the three contestants In fact, they shook hands with the host one by one and stepped down.

The embarrassment they were at that time was like you were an autumnal mountain bike god who wanted to show off his superb skills in public, but after 20 minutes, the car engine did not light up, and the audience applauded and comforted you.

“What’s the situation? Shouldn’t it?”

According to common sense, they must be able to crack these devices, and they must have successfully demonstrated to the organizer (otherwise they will not be allowed to come on stage), but they stayed on stage for 20 minutes and nothing happened.

There is a problem, there must be something wrong.

two

I thought the first project was just an accident, but accidents happened one after another, quite unexpected.

The second project is one of the highlights of this year’s awesome project: The first CAAD Challenge finals that uses AI technology to deceive a face recognition algorithm with a special mask.

To put it simply, put on a mask and fooled the AI face recognition system to recognize Zhang San as Li Si.

The four groups of contestants came on stage with a lot of backing. Some came from top universities like Tsinghua University and Peking University, and some came from leading technology companies like Ant Group. The psychological expectations of the audience suddenly increased.

There are three levels in the challenge: the first level is within 150 seconds. The contestants use special masks made in advance to fool the “white box” face recognition algorithm of the vending machine on the left side of the stage, making it mistaken for the host Jiang Changjian. , And then ran to the right side of the stage and fooled the “black box” face recognition algorithm of the ATM, making it mistaken for Tesla founder Elon Musk.

The judges are presenting the process

By the way of popular science, the so-called “black box” means that the player does not know how the system works to recognize faces, while the “white box” means that its internal operation mode and algorithms are public. It’s like you have to fight with the black box and the white box. You know the martial arts sects and tricks of the “white box”. You don’t know the tricks of the “black box”, so you usually think that the black box is more difficult. (But it’s not necessarily, maybe the black box is very mysterious, but the dishes are really compelling.)

The difficulty of the second and third levels increases successively. The area of the mask covering the face is reduced from 3/4 of the first level to 2/3 and 1/2 in turn-the less part is covered, the more difficult it is to disguise.

At the same time, the targets of disguise have also become “Black Widow”, “Captain America”, “Chuan Jianguo” and “Putin”-the faces of foreigners and players are more different and more difficult to disguise.

The first group of players enter the field and the countdown starts with 150 seconds.

Boom boom boom… the weird and eerie background sound rang again. I have to say that the stage lighting and sound effects are pretty good.

The atmosphere is very good, but the results of the game are surprising: only one of the four groups of players successfully challenged the first level and successfully deceived the face recognition system. The other three groups’ disguise were all on the street, or the machine did not respond. , Or the face recognition confidence is always hovering around 0.4 (It must be more than 0.5 to pass), seeing the 150-second countdown end, it fails.

AI believes that the player Jiang Changjian’s confidence is 0.466238

In the middle of the competition, the judges on the stage asked for a re-challenge several times and restarted the machine and on-site lighting to reduce environmental interference, but after several attempts, the results were almost the same.

The various actions of the judges made me in the audience aware of a problem: The performance of the contestants on the stage must be very different from the situation they tested before.

A group of players are trying to pretend to be Musk

In the end, because only one team passed the first level, the second and third levels did not continue. The audience did not have the opportunity to see the players change their faces with masks to “Chuan Jianguo”.

Is this the 4 best players selected from the preliminary round? It shouldn’t.

Intuition tells me that something must be wrong.

three

In the afternoon, the “5G network hijacking” project came on stage. The contestants came from our old friend Tencent Xuanwu Lab.

Perhaps they were frightened by the car overturning all the way in the morning, and they applied to the organizer to move the demonstration process outside the venue.

According to the “normal plot”, they will hijack the mobile phone and the communication network of the nearby 5G base station without touching the target mobile phone, and send a text message with any number and content to the target mobile phone-which means hackers use The person with this loophole can pretend to be your mother, bank, police officer or any other number to send text messages to you.

The challenge begins, and there is a 20-minute countdown.

According to the description of the on-site judges, the vulnerability they discovered this time is quite powerful, which is a design flaw of the basic communication protocol, which means that the vulnerability does not exist in a specific device, but widely exists in the base station On the “communication method” with the mobile phone.

Like the “socket fight” problem we mentioned before, it’s hard to tell whether it’s a socket or a plug.

domeet webmaster