Confidential to SEWORKS Copyright ©2014 SEWORKS Inc. All rights reserved.

SEWORKS  INC.  CTO  

WOWHACKER  TEAM      

hinehong@seworks.co.kr  

Dongcheol  Hong  

(hinehong)  

3  

•  SEWORKS  Inc.  

-­‐  Android Unity -­‐

-­‐  

•  WOWHACKER  

-­‐  DEFCON  CTF 5  

-­‐  SecuInside Codegate ISEC  

•  2009 Android Windows  Mobile®

 

•  SecuInside HITCON

3 Dongcheol  Hong  -­‐  SEworks.Inc

4  

•   

•   

•  "HSDrone" AR.Drone  2.0

 

4 Dongcheol  Hong  -­‐  SEworks.Inc

5  

•   

-­‐  RC  :  

-­‐  WIFI  :  

•   

-­‐   

-­‐   

•  GPS    

 

Dongcheol  Hong  -­‐  SEworks.Inc 5

7  

RC

•  2.4GHz、3   4  

•  NEC  

-­‐  [ ][ ][ ]  

-­‐   

-­‐   

-­‐   

•  ZigBee

8  

ZigBee

•   

•   

•  AES-­‐CCM*  128    

•  802.15.4  

AES-­‐CBC-­‐MAC-­‐32    128 AES-­‐CTR AES-­‐CCM-­‐32    128

9  

WIFI

•  WIFI

 

•  WIFI

AR.DRONE

11  

•  AR.  Drone WIFI

12  

AR.Drone  

•  AR.  Drone  

13  

Telnet

•  AR.  Drone Telnet daemon  

14  

FTP

•  AR.  Drone FTP daemon  

•  /data/video  

15  

program.elf

•  /bin/program.elf  

•  program.elf   /bin/kk  

16  

•   

•  Atheros ath0

17  

•  ARM  

18  

•   

•  Master  mode  

19  

•  ath0

20  

Android

21  

•  UART   PC  

•  FTP Telnet  

•  3

22  

• 

RX TX GND 12V

23  

• 

• 

• 

• 

iPhone Android

24  

• 

• 

25  

•  iptables  

26  

28  

AR.  Drone

•  Parrot  AR.  Drone  

•   

•  WIFI  

29  

AR.  Drone  2.0    2  

GPS    

Beagle  board  

PC

30  

1

 

1.  

2.

31  

2

 

 

 

32  

 

 

 

 

1.  2.  

1.   

2.   3.  GPS DNS

33  

1  

35  

•  Android  

•  AR.  Drone  2.0  

•   

•  SMS E Android  

• 

36  

•  Apktool

37  

•  Smali

38  

Android

•   

•   AR.  Drone  2.0   IP 192.168.1.1

39  

FTP 1

•  FTP  

• 

40  

FTP 2

•  FTP

41  

Telnet

•  Telnet  

•   

42  

•   

2  

44  

•  iwconfig  

managed“  

45  

•  AR.  Drone AP  

46  

•  “managed”  

•  fork  

47  

•  AR.  Drone AP  

48  

•  AP  

49  

boot

• 

50  

•   

•  AR.  Drone AP  

•  FTP  

•  Telnet  

•   

• 

51  

FTP

•  FTP  

• 

Cmdhp

53  

•  HSDrone  

54  

•   

•   

•   

55  

•  kk  -­‐   

•  ”master”  

56  

AT

•  UDP  5556  

AT*PCMD_MAG=21625,1,0,0,0,0,0,0<CR>AT*REF=21626,290717696<CR>  

AT*PCMD_MAG=xx,xx,−1085485875,xx,xx,xx,xx.  

57  

tcpdump

•  tcpdump  

•   

•  192.168.1.5 IP

58  

59  

•  100000 100m  

•  GPS  

         AT*CONFIG=605,"control:alptude_max","3000"  

         AT*CONFIG=605,"control:alptude_max",  "100000"

60  

GPS

-­‐  AR.  Drone  2.0 GPS  

-­‐ 

 

-­‐  “home” “home”

 

-­‐ 

61  

GPS

62  

DNS

 

•  AP DNS

63  

DNS

•  DNS

64  

dnsmasq

65  

dnsmasq

•  /etc/dnsmasq.conf  

•  8.8.8.8 Google   DNS

66  

DNS

67  

68  

1

•  bootloader

2  

•  UART

 

•  UART UART UART

UART  

•  1

$170  

69  

2

• 

 

• 

10

70  

•  HSDrone

 

-­‐   

-­‐   

•  UDP  

•  AP DNS  

•  AP

 

•   

Confidential to SEWORKS Copyright ©2014 SEWORKS Inc. All rights reserved.

71  

THANK  YOU