Sunday, January 05, 2014

Hacking the CES Scavenger Hunt

This post was originally publish on the MAKE Blog 
and co-authored with Sandeep Mistry.

It has just been announced that at this year's Consumer Electronics Show (CES) will feature a promotional scavenger hunt based around Apple's iBeacon technology. What if you could win the hunt, without ever having to go to CES? 
What if you could win the hunt, without ever having to go to CES?
Quietly introduced by Apple at WWDC last year, iBeacon is a technology that allows you to add real world context to smart phone applications. Based around Bluetooth LE—part of the new Bluetooth 4.0 standard—it’s a way to provide basic indoor navigation and proximity detection. As we talked about when we reverse engineered the Estimote beacons, there are three properties of an iBeacon that work together to create the beacon’s identity. These are:
  • UUID — This is a property which is unique to each company, in most use cases the same UUID would be given to all beacons deployed by a company (or group).
  • Major — The property that you use to specify a related set of beacons, e.g. in a retail setting all the beacons in one store would share the same Major value.
  • Minor — The property that you use to specify a particular beacon in a location.
The scavenger hunt is therefore a hunt for a number of beacons that will probably all share the same UUID and Major numbers, but will have different Minor numbers. Effectively, we're looking for a set of beacons. However wandering the hallways at CES hoping to get into the—approximate 100 foot range—of all of the iBeacons they've scattered across the show floor sounds like a lot of work. CES has teamed up with Radius Networks who are providing the iBeacon hardware, and Marc Wallace—CEO and cofounder of Radius Networks—has this to say about the hunt,
This is one of the coolest proximity-aware apps we have worked on. This is also one of the first, tangible applications that leverages iBeacon technology. And it is a great example of how iBeacon technology is not just about advertising as it is about bringing new and innovative solutions to the marketplace. We are very excited to be a part of it.
Since they're using hardware from Radius Networks we can't just assume—as we could with the Estimote hardware—that we know the UUID of the beacons. However the identities of the beacons—all of the beacons—are somewhere where we can easily get our hands on them, the CES mobile app. Sure enough looking at the CES Android application—it's fairly easy just to download the APK without having to install—there are some hints there for us and using a decompiler it was fairly easy to find the details of the target beacons. 
The Minor numbers of the nine target beacons in the code of the CES mobile application.
The Minor numbers of the nine target beacons in the code of the CES mobile application.
The iBeacon UUID we're looking for is 842AF9C4-08F51-1E39-282F-23C91AEC05E, while the Major number—interestingly not actually needed and just ignored by the Android application—is 65000, while the nine beacons scattered throughout the CES venue have Minor numbers from 65001 to 65009.
The completed scavenger hunt—all nine beacons.
An almost completed scavenger hunt—with eight of the nine beacons already "found."
Since we now know the identities of the beacons, it's trivial to finish the scavenger hunt without ever going to CES as it's actually fairly simple to build your own iBeacon hardware and "fake" the app into thinking you've found the beacons. To do that you can either use a Raspberry Pi, or a Bluetooth LE board like the Red Bear Labs BLE Mini board—Radius Networks, the people supplying the hardware to CES, is even selling a "iBeacon Development Kit" which would work just fine for our purposes. 

At which point—now you have your own iBeacon hardware—you can just go ahead and set the UUID, Major and Minor numbers of your beacon to each of the CES scavenger hunt beacon identities in turn, and then bring your beacon into range of your cell phone running which should be running the CES mobile app. Once you've shown the app all of the beacons, you'll have "finished" the scavenger hunt and can claim your prize. Of course doing that isn't legal. It's called fraud and will probably land you in serious trouble. 

Of course it could be worse. If they are using Estimote hardware it'd be easy for someone to make the hunt impossible to complete. Because as we've shown, anyone with the Estimote SDK can modify the UUID, Major and Minor number of the Estimote beacons in the field. Which would have meant that the beacons deployed across the CES floor didn't work for the scavenger hunt anymore. 

We talked about both of the ability to configure "fake" beacons, and the ability to disable beacon in the field—in our discussion of our reverse engineering of the Estimote iBeacon hardware. However, we didn't think we'd see something like this quite as soon.

40 comments:

  1. I am glad that I saw this post. It is informative blog for us and we need this type of blog thanks for share this blog, Keep posting such instructional blogs and I am looking forward for your future posts.
    Cyber Security Projects for Final Year

    JavaScript Training in Chennai

    Project Centers in Chennai

    JavaScript Training in Chennai

    ReplyDelete
  2. Very good info. Lucky me I discovered your blog by chance (stumbleupon). I have saved as a favorite for later!
    Techno

    ReplyDelete
  3. occupations as a genuine calling. Along these lines, white cap programmers can be considered as life heros from illicit hacking that has made our online lives dangerous.Subway surfer hack

    ReplyDelete
  4. Data Science course in chennai

    am glad that I have visited this blog. Really helpful, eagerly waiting for more updates.

    ReplyDelete
  5. Draper, Worniak, and Mitnick laid the foundation of hacking through the 1970s. So you may ask, how was hacking started, and why? click this link

    ReplyDelete
  6. Really wonderful blog! Thanks for taking your valuable time to share this with us. Keep us updated with more such blogs.
    R Training in Chennai
    Data Science Training in Chennai
    Cloud Computing Training in Chennai
    R Training in OMR
    R Training in Porur
    R Training in Vadapalani

    ReplyDelete
  7. It proved to be Very helpful to me and I am sure to all the commentators here! get a professional hacker for hire online

    ReplyDelete
  8. I have read all the comments and suggestions posted by the visitors for this article are very fine,We will wait for your next article so only.Thanks! Best Blacknet

    ReplyDelete
  9. The deep web and dark web is different than the surface web. You can’t find these webpages with the use of search engines, such as Bing and Google. Search engines can’t get access to these pages. You will need a special browser to access these websites. dark web links

    ReplyDelete
  10. How to hire a hacker on the dark web hire a hacker

    ReplyDelete
  11. Such a very useful article. Very interesting to read this article. I would like to thank you for the efforts you had made for writing this awesome article.
    Data Science Course in Pune
    Data Science Training in Pune

    ReplyDelete
  12. Nice blog. I finally found great post here Very interesting to read this article and very pleased to find this site. Great work!
    Data Science Training in Pune
    Data Science Course in Pune

    ReplyDelete
  13. Nice Post. Very informative Message and found a great post. Thank you.
    Business Analytics Course in Pune
    Business Analytics Training in Pune

    ReplyDelete
  14. I feel very grateful that I read this. It is very helpful and very informative and I really learned a lot from it.
    Data Analytics Course in Pune
    Data Analytics Training in Pune

    ReplyDelete
  15. I was very pleased to find this site. I wanted to thank you for this great read!! I definitely enjoying every little bit of it and I have you bookmarked to check out new stuff you post.

    Data Science Course

    ReplyDelete
  16. Two full thumbs up for this magnificant article of yours. I've really enjoyed reading this article today and I think this might be one of the best article that I've read yet. Please, keep this work going on in the same quality.

    Data Science Training

    ReplyDelete
  17. Much appreciated you all that much to share these connections. Will look at this.. How to recover my bitcoin passphrase

    ReplyDelete
  18. I feel very grateful that I read this. It is very helpful and very informative and I really learned a lot from it.
    Data Science Training Institute in Bangalore

    ReplyDelete
  19. After reading your article I was amazed. I know that you explain it very well. And I hope that other readers will also experience how I feel after reading your article.
    Best Data Science Courses in Bangalore

    ReplyDelete
  20. I curious more interest in some of them hope you will give more information on this topics in your next articles.
    Data Science Course in Bangalore

    ReplyDelete
  21. Glad to chat your blog, I seem to be forward to more reliable articles and I think we all wish to thank so many good articles, blog to share with us.
    Data Science Training in Bangalore

    ReplyDelete
  22. Thumbs up guys your doing a really good job. It is the intent to provide valuable information and best practices, including an understanding of the regulatory process.
    Cyber Security Course in Bangalore

    ReplyDelete
  23. Very nice blog and articles. I am really very happy to visit your blog. Now I am found which I actually want. I check your blog everyday and try to learn something from your blog. Thank you and waiting for your new post.
    Cyber Security Training in Bangalore

    ReplyDelete
  24. Wow! Such an amazing and helpful post this is. I really really love it. I hope that you continue to do your work like this in the future also.
    Ethical Hacking Training in Bangalore

    ReplyDelete
  25. I am impressed by the information that you have on this blog. Thanks for Sharing
    Ethical Hacking in Bangalore

    ReplyDelete
  26. Excellent Blog! I would like to thank for the efforts you have made in writing this post. I am hoping the same best work from you in the future as well.Thanks for sharing. Great work!

    ethical hacking course training in vizag

    ReplyDelete
  27. 360DigiTMG Provides ethical hacking courses in hyderabad with 100% Placement assurance. India's leading training provider. Get IBM certification and UTM certification from Malaysia. ethical hacking training in hyderabad

    ReplyDelete
  28. top ca institute in chennai

    A Professional Coaching Institute, founded with the vision of Creating Quality Chartered Accountants, has been a stepping stone to the success of Aspiring Students.
    Now

    ReplyDelete
  29. python interview questions and answers for testers


    Important Python Interview Questions and Answers for freshers and experienced to get your dream job in Python! 101 Python Basic Interview Questions for Freshers

    ReplyDelete
  30. Hey thank you for sharing this article, pretty informative.
    Well written and well explained.
    Ethical Hacking Course in Pune

    ReplyDelete
  31. Took me time to read all the comments, but I really enjoyed the article. It proved to be Very helpful to me and I am sure to all the commenters here! It’s always nice when you can not only be informed, but also entertained! Credit Cards

    ReplyDelete
  32. Hello! I suggest using our detective and hacker services. We have such relevant services as:
    - Check cheating;
    - Location of a person;
    - Hacking WhatsApp;
    - Hacking Facebook
    - Hacking Instagram;
    - And other cool services;

    E-mail: private.service.best@gmail.com
    WhatsApp: +1 581-703-2052
    Site: https://private-service.best/

    Friend, write to the website, consultation is free!

    ReplyDelete
  33. That is the proper weblog for anyone who desires to search out out about this topic. You realize so much its nearly exhausting to argue with you (not that I truly would need…HaHa). You positively put a brand new spin on a topic thats been written about for years. Nice stuff, simply great! genuine hackers for hire online

    ReplyDelete

  34. Thankyou for this wondrous post, I am happy I watched this site on yippee. ExcelR Data Analytics Course

    ReplyDelete