Sunday, January 05, 2014

Hacking the CES Scavenger Hunt

This post was originally publish on the MAKE Blog 
and co-authored with Sandeep Mistry.

It has just been announced that at this year's Consumer Electronics Show (CES) will feature a promotional scavenger hunt based around Apple's iBeacon technology. What if you could win the hunt, without ever having to go to CES? 
What if you could win the hunt, without ever having to go to CES?
Quietly introduced by Apple at WWDC last year, iBeacon is a technology that allows you to add real world context to smart phone applications. Based around Bluetooth LE—part of the new Bluetooth 4.0 standard—it’s a way to provide basic indoor navigation and proximity detection. As we talked about when we reverse engineered the Estimote beacons, there are three properties of an iBeacon that work together to create the beacon’s identity. These are:
  • UUID — This is a property which is unique to each company, in most use cases the same UUID would be given to all beacons deployed by a company (or group).
  • Major — The property that you use to specify a related set of beacons, e.g. in a retail setting all the beacons in one store would share the same Major value.
  • Minor — The property that you use to specify a particular beacon in a location.
The scavenger hunt is therefore a hunt for a number of beacons that will probably all share the same UUID and Major numbers, but will have different Minor numbers. Effectively, we're looking for a set of beacons. However wandering the hallways at CES hoping to get into the—approximate 100 foot range—of all of the iBeacons they've scattered across the show floor sounds like a lot of work. CES has teamed up with Radius Networks who are providing the iBeacon hardware, and Marc Wallace—CEO and cofounder of Radius Networks—has this to say about the hunt,
This is one of the coolest proximity-aware apps we have worked on. This is also one of the first, tangible applications that leverages iBeacon technology. And it is a great example of how iBeacon technology is not just about advertising as it is about bringing new and innovative solutions to the marketplace. We are very excited to be a part of it.
Since they're using hardware from Radius Networks we can't just assume—as we could with the Estimote hardware—that we know the UUID of the beacons. However the identities of the beacons—all of the beacons—are somewhere where we can easily get our hands on them, the CES mobile app. Sure enough looking at the CES Android application—it's fairly easy just to download the APK without having to install—there are some hints there for us and using a decompiler it was fairly easy to find the details of the target beacons. 
The Minor numbers of the nine target beacons in the code of the CES mobile application.
The Minor numbers of the nine target beacons in the code of the CES mobile application.
The iBeacon UUID we're looking for is 842AF9C4-08F51-1E39-282F-23C91AEC05E, while the Major number—interestingly not actually needed and just ignored by the Android application—is 65000, while the nine beacons scattered throughout the CES venue have Minor numbers from 65001 to 65009.
The completed scavenger hunt—all nine beacons.
An almost completed scavenger hunt—with eight of the nine beacons already "found."
Since we now know the identities of the beacons, it's trivial to finish the scavenger hunt without ever going to CES as it's actually fairly simple to build your own iBeacon hardware and "fake" the app into thinking you've found the beacons. To do that you can either use a Raspberry Pi, or a Bluetooth LE board like the Red Bear Labs BLE Mini board—Radius Networks, the people supplying the hardware to CES, is even selling a "iBeacon Development Kit" which would work just fine for our purposes. 

At which point—now you have your own iBeacon hardware—you can just go ahead and set the UUID, Major and Minor numbers of your beacon to each of the CES scavenger hunt beacon identities in turn, and then bring your beacon into range of your cell phone running which should be running the CES mobile app. Once you've shown the app all of the beacons, you'll have "finished" the scavenger hunt and can claim your prize. Of course doing that isn't legal. It's called fraud and will probably land you in serious trouble. 

Of course it could be worse. If they are using Estimote hardware it'd be easy for someone to make the hunt impossible to complete. Because as we've shown, anyone with the Estimote SDK can modify the UUID, Major and Minor number of the Estimote beacons in the field. Which would have meant that the beacons deployed across the CES floor didn't work for the scavenger hunt anymore. 

We talked about both of the ability to configure "fake" beacons, and the ability to disable beacon in the field—in our discussion of our reverse engineering of the Estimote iBeacon hardware. However, we didn't think we'd see something like this quite as soon.

98 comments:

  1. occupations as a genuine calling. Along these lines, white cap programmers can be considered as life heros from illicit hacking that has made our online lives dangerous.Subway surfer hack

    ReplyDelete
  2. Data Science course in chennai

    am glad that I have visited this blog. Really helpful, eagerly waiting for more updates.

    ReplyDelete
  3. Draper, Worniak, and Mitnick laid the foundation of hacking through the 1970s. So you may ask, how was hacking started, and why? click this link

    ReplyDelete
  4. It proved to be Very helpful to me and I am sure to all the commentators here! get a professional hacker for hire online

    ReplyDelete
  5. I have read all the comments and suggestions posted by the visitors for this article are very fine,We will wait for your next article so only.Thanks! Best Blacknet

    ReplyDelete
  6. I was very pleased to find this site. I wanted to thank you for this great read!! I definitely enjoying every little bit of it and I have you bookmarked to check out new stuff you post.

    Data Science Course

    ReplyDelete
  7. Much appreciated you all that much to share these connections. Will look at this.. How to recover my bitcoin passphrase

    ReplyDelete
  8. I feel very grateful that I read this. It is very helpful and very informative and I really learned a lot from it.
    Data Science Training Institute in Bangalore

    ReplyDelete
  9. Excellent Blog! I would like to thank for the efforts you have made in writing this post. I am hoping the same best work from you in the future as well.Thanks for sharing. Great work!

    ethical hacking course training in vizag

    ReplyDelete
  10. top ca institute in chennai

    A Professional Coaching Institute, founded with the vision of Creating Quality Chartered Accountants, has been a stepping stone to the success of Aspiring Students.
    Now

    ReplyDelete
  11. python interview questions and answers for testers


    Important Python Interview Questions and Answers for freshers and experienced to get your dream job in Python! 101 Python Basic Interview Questions for Freshers

    ReplyDelete
  12. Hey thank you for sharing this article, pretty informative.
    Well written and well explained.
    Ethical Hacking Course in Pune

    ReplyDelete
  13. Took me time to read all the comments, but I really enjoyed the article. It proved to be Very helpful to me and I am sure to all the commenters here! It’s always nice when you can not only be informed, but also entertained! Credit Cards

    ReplyDelete
  14. That is the proper weblog for anyone who desires to search out out about this topic. You realize so much its nearly exhausting to argue with you (not that I truly would need…HaHa). You positively put a brand new spin on a topic thats been written about for years. Nice stuff, simply great! genuine hackers for hire online

    ReplyDelete

  15. Thankyou for this wondrous post, I am happy I watched this site on yippee. ExcelR Data Analytics Course

    ReplyDelete
  16. After study a few of the websites in your internet site now, and I really like your way of blogging. I bookmarked it to my bookmark website list and will also be checking back soon. Pls look at my web site at the same time and let me know how you feel. فناوری اطلاعات

    ReplyDelete
  17. I read that Post and got it fine and informative. Please share more like that...
    data science course in noida

    ReplyDelete
  18. This is a great motivational article. In fact, I am happy with your good work. They publish very supportive data, really. Continue. Continue blogging. Hope you explore your next post
    data science in malaysia

    ReplyDelete
  19. Thanks for your post. I’ve been thinking about writing a very comparable post over the last couple of weeks, I’ll probably keep it short and sweet and link to this instead if that's cool. Thanks.
    digital marketing courses in hyderabad with placement

    ReplyDelete
  20. We are really grateful for your blog post. You will find a lot of approaches after visiting your post. Great work

    business analytics course

    ReplyDelete
  21. Great Blog!!! Was an interesting blog with a clear concept. And will surely help many to update them.
    Big Data Hadoop Coaching
    AngularJS Online Training
    SAS online training

    ReplyDelete
  22. Finally I’m glad to check this blog because it’s a nice and informative blog.
    Selenium Training in Chennai
    Selenium Training in Bangalore
    Selenium Online Training

    ReplyDelete
  23. Hello I am so delighted I located your blog, I really located you by mistake, while I was watching on google for something else, Anyways I am here now and could just like to say thank for a tremendous post and a all round entertaining website. Please do keep up the great work. hacker huren

    ReplyDelete
  24. Anonymous7:49 am

    This is a very nice one and gives in-depth information. I am really happy with the quality and presentation of the article. I’d really like to appreciate the efforts you get with writing this post. Thanks for sharing.
    CCNA training in bangalore
    CCNA Course in bangalore

    ReplyDelete
  25. Improved Customer Service and Support. Salesforce provides your company with an easy and sustainable way to improve the customer service and support options. salesforce online training

    ReplyDelete
  26. This post is very simple to read and appreciate without leaving any details out. Great work!
    data scientist training in aurangabad

    ReplyDelete
  27. Awesome blog. I enjoyed reading your articles. This is truly a great read for me. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work!
    data science training in malaysia

    ReplyDelete
  28. Definitely a great job you did here for your readers and tech loving folks. Hacking the CES Scavenger Hunt and the beacon of number details you explained in this post was totally a knowledgeable and worth reading. I think to stop any hacking problem it should be wise to hire a hacker as they have the extra genius in the tech world. So, we should use use their service for positive activities.

    ReplyDelete
  29. After reading your article I was amazed. I know that you explain it very well. And I hope that other readers will also experience how I feel after reading your article.
    data scientist course in malaysia

    ReplyDelete
  30. Hey There. I found your weblog using msn. This is an extremely smartly
    written article. I’ll be sure to bookmark it and return to learn extra of your helpful information. Thanks for the post.
    I’ll certainly return. 스포츠토토

    ReplyDelete
  31. 바카라사이트 magnificent put up, very informative. I'm wondering why the opposite
    experts of this sector don't notice this. You must
    continue your writing. I am confident, you have a huge readers' base already!

    ReplyDelete
  32. 카지노사이트 of course like your web site however you have to take
    a look at the spelling on several of your posts. A number of them are rife with
    spelling problems and I find it very bothersome to inform the truth on the other hand
    I'll certainly come again again.

    ReplyDelete
  33. It’s nearly impossible to find knowledgeable folks on this topic, however, you appear to be there’s more you are talking about! Thanks dark web links

    ReplyDelete
  34. Great blog.thanks for sharing such a useful information
    QTP Training

    ReplyDelete
  35. Alley kat adventures When your website or blog goes live for the first time, it is exciting. That is until you realize no one but you and your.

    ReplyDelete
  36. The global Silicon on Insulator (SOI) Market is projected to reach USD 2.3 billion by 2026 from an estimated USD 1.1 billion in 2021, at a CAGR of 17.2% from 2021 to 2026. A new generation of mobile communication technology has enabled new datacom and telecom applications and services for three decades, and the demand for mobile data is increasing every two years. 5G service began in 2019, with 6G service projected in 2030. With ten times the number of connected devices per square kilometre and ten times faster reaction times than 4G, 5G can enhance data transmission speeds by up to ten times. Smartphones available in the market currently include manufactured SOI wafers and the rising demand for differentiated RF solutions continues to skyrocket, as the telecommunications industry transitions to 5G.

    ReplyDelete
  37. Yes i agree with your post. It contains very important data and i use it as my personal use. Your 95% posts are useful for me and thank you so much for sharing this wonderful blog. Thank you for your great share. Your blog is really awesome. I am very happy to see this. It is totally useful for me. Once again thanks for sharing. Get best Dubai App Development service you visit here site for more details.

    ReplyDelete
  38. how long meth stay in urine
    Many men and women struggle with drug and alcohol use along with mental illness. In 2018, an estimated 9.2 million people in the U.S. struggled with co-occurring disorders like this, according to the Substance Abuse and mental Health Services Administration.

    ReplyDelete
  39. what is considered a social drinker
    This is a hallucinogenic drug. This means that when consumed, it causes the user to have unusual experiences such as hearing sounds, seeing illusions, and feeling things that are not actually there. A drug with an extensive history of both medicinal and recreational use, LSD use does not come without risks. An acid trip can last 12 hours or more, and when it goes wrong it can go terribly wrong. This substance is common at raves, parties, and music festivals, so knowing what acid looks like and understanding the risks is imperative, especially for young adults and teenagers.

    ReplyDelete
  40. This is a great article, Given such a great amount of information in it, These kind of articles keeps the clients enthusiasm for the site, and continue sharing more ... good fortunes. ยูฟ่า168

    ReplyDelete
  41. Outstanding blog site! I am amazed with pointers of writer. handyman ottawa

    ReplyDelete
  42. I Want to leave a little comment to support and wish you the best of luck.we wish you the best of luck in all your blogging endeavors.
    https://bit.ly/3ECqPDl
    survey to fill

    ReplyDelete
  43. EASYSIGHT changed into mounted actually in 2005 through a meeting of professionals in Karachi, Pakistan, and later our bodily shops grew extra branches for purchaser facilitation. We have begun EASYSIGHT is a collection of Eyeglasses, Prescription, and non-prescription Sunglasses. We have pretty asked and first-rate gadgets that are suited to get used and appear excellent on you. Quality is our energy and your achievement is our want this is the purpose we fabricate our gadgets beneath Neath our look ahead to first-rate affirmation.
    Blue Cut Lenses

    ReplyDelete
  44. EPSCO’s AC Cleaning Services include servicing of all the components of the air distribution systems for instance, the air handling units, air ducts, interior surfaces of the air handling unit, filters etc. EPSCO’s air duct cleaning service also includes third party TR19 and indoor air quality test as per customer’s requirement.

    AC Cleaning

    ReplyDelete
  45. It can be a little daunting, but the internet is a wonderful and enormous source of information. If you want to study more about a certain subject, where do you begin? How do you determine the veracity of the information you're finding?
    Finding lists of the top 10 facts about anything is a good place to start. These lists offer a quick and simple method to learn about a variety of subjects, from history and science to pop culture and geography.
    Here are our top 10 favourite facts about everything to get you started.
    top ten wow

    ReplyDelete
  46. Great job for publishing such a beneficial web site tank cleaning houston

    ReplyDelete
  47. This blog is an artistic blog. In this post, the given nail art is very unique fit out companies uae

    ReplyDelete
  48. This post give truly quality information. I’m definitely going to look into it. Really very useful tips are provided here. thank you so much. Keep up the good works
    uncontested divorce virginia online
    uncontested no fault divorce in virginia

    ReplyDelete
  49. You have shared a very informative article with us. I was looking the article on an electronic show. Thanks for sharing. Now it's time to avail Windows Installation Services In Marion County FL for more information.

    ReplyDelete
  50. We are providing the best plumbing work in Dubai. Our plumbers will give you the most professional, reliable, and honest service that you deserve. Plumber in Discovery Gardens Dubai Watertank service in Dubai Plumber in City of Arabia Dubai We provide 24 7 services and guarantee to be fast and efficient at all times.

    ReplyDelete
  51. This essay, in my opinion, is quite educational and gives an excellent summary of the subject. Anyone wishing to understand more about this topic should definitely check it out. I appreciate you sharing!
    What a helpful post. This blog has a lot of interesting stuff, and the post is quite helpful. Thank you for sharing your knowledge and expertise.
    abogados de quiebras
    Abogados de bancarrota baratos en Virginia

    ReplyDelete
  52. that was wonerful.Thanks for posting.
    CCNA course in Pune

    ReplyDelete
  53. It is very useful and very informative blog. keep doing content like this. thanks for the post.
    Loudoun Traffic Lawyer

    ReplyDelete
  54. Thanks for sharing this article. Really helpful for me. Unlock the doors to global communication with Ziyyara Edutech’s comprehensive English language courses in Saudi Arabia.
    For more info visit English language courses in Saudi Arabia or Call +971505593798

    ReplyDelete
  55. Online Forums: Visit relevant online forums, discussion boards, or communities related to the product or service you are interested in. Users often share their opinions and experiences in these forums.

    Review Websites: Check popular review websites like Trustpilot, Yelp, or Sitejabber for any reviews or ratings related to "dailyack."

    Ask for Recommendations: If you have friends, family, or colleagues who have experience with "dailyack," consider asking them for their feedback and recommendations.

    Please note that the availability of reviews and information may vary depending on the specific product or service offered by "dailyack." Additionally, if "dailyack" is a relatively new or niche entity, there might be limited online information available.Abogados de Lesiones por Accidentes de Camiones

    ReplyDelete
  56. Your blog is a source of intellectual delight. Your ability to present complex ideas with clarity is a skill I deeply admire.Prevention of Domestic Violence Act New Jersey

    ReplyDelete

  57. this is such an incredible post. i know it is hard to find the time and need an actual effort to generate a good article. but there's nothing i could say other than your website is really beautiful.
    Abogado Criminal Federal Washington DC

    ReplyDelete
  58. Very awesome post! I really like that and very interesting content. Keep it up a good job. Ziyyara Edutech's AS Level online courses and tutoring are here to provide the support you need.
    Book A Free Demo Today visit AS level online courses

    ReplyDelete
  59. A blog post from 2014 discusses the potential manipulation of a scavenger hunt based on Apple's iBeacon technology at the Consumer Electronics Show (CES). The post details the technical details of iBeacon technology, including UUID, Major, and Minor numbers, and suggests a way to cheat the hunt by creating fake iBeacon hardware. The authors caution that such actions would be considered fraud and could lead to serious consequences. They also mention that if the scavenger hunt used Estimote hardware, it would be easier to manipulate or disable beacons in the field. The post emphasizes the importance of acting ethically and within legal and ethical guidelines, as technology and security measures may have changed since then big truck accident attorney

    ReplyDelete
  60. Great experience I got good information from your blog. Say goodbye to the search for "online tuition for class 1 – Ziyyara Edutech program addresses parent pain points head-on.
    For more info visit online tuition for class 1 near me

    ReplyDelete
  61. Hacking and unauthorized activities, such as scavenger hunts at CES events, are illegal and against ethical guidelines. Participating in or promoting hacking can lead to severe legal consequences. Official scavenger hunts and challenges should adhere to event organizers' rules and guidelines, as they are designed for entertainment, networking, and engagement within legality and ethical conduct. For specific questions about CES or scavenger hunts, check the official website or contact the organizers. Prioritizing legal and ethical behavior is crucial in all online and offline activities.how to file for divorce new jersey

    ReplyDelete
  62. The article provides a detailed explanation of how iBeacon technology can be manipulated to complete the CES scavenger hunt without physically attending the event. While the technical process is explained, the article emphasizes the illegality and ethical issues surrounding such actions. While it is technically feasible to use a Raspberry Pi or Bluetooth LE board to mimic beacon identities, the article warns against engaging in such behavior due to legal repercussions. The article also discusses fraudulent behavior, such as manipulating the UUID, Major, and Minor numbers of beacons to deceive the app and falsely claim the prize. The article serves as a cautionary tale about the ethical use of technology and the implications of exploiting vulnerabilities for personal gain. Exploring technology responsibly and legally is recommended. abogado de patrimonio

    ReplyDelete
  63. I cannot provide assistance or guidance on any illegal activities, including hacking or any attempts to compromise the security of events or systems. If you have any other non-illegal inquiries or topics you'd like information on, feel free to ask, and I'll do my best to help.
    breach of contract dispute




    ReplyDelete
  64. Hacking or engaging in unauthorized access, such as those at scavenger hunts or events like CES, is illegal and unethical. It can lead to legal consequences and violate the terms of service of the platforms or events involved. Participating in a scavenger hunt or event should adhere to the organizers' rules and guidelines, as they aim to be enjoyable, educational, and conducted within legal and ethical boundaries. If you have questions about a specific event, contact the organizers directly. Prioritize ethical behavior, respect terms of use, and enjoy the event responsibly.honorarios de abogado de bienes

    ReplyDelete
  65. provide assistance or guidance on any illegal or unethical activities, including hacking or any form of unauthorized access. If you have any other non-controversial questions or topics you'd like information on, feel free to ask, and I'll be happy to help.
    Attorney near me





    ReplyDelete
  66. bankruptcy lawyers in lynchburg virginia
    The CES Scavenger Hunt is a highly competitive event that encourages ethical behavior and legal participation. Participants are praised for their strategic thinking, tech-savvy navigation skills, innovative problem-solving, collaborative triumph, attention to detail, tech trendspotting, efficient time management, engaging social media presence, adaptability in action, and inspiring enthusiasm. The event showcases a keen understanding of clues, quick thinking, and a keen sense of camaraderie. The participants also praise the team's efficient time management, engaging social media presence, agility, quick thinking, and infectious enthusiasm. The event's success is attributed to the team's commitment to ethical behavior and a positive and legal approach.

    ReplyDelete
  67. In a world full of chaos, your optimistic posts are a beacon of hope; thank you for being a source of positivity. Tried the Clicks Per Second for 100 seconds – intense but exhilarating! Who's up for the challenge to break the world record of 1,051 clicks in 10 seconds?

    ReplyDelete
  68. CES (Consumer Electronics Show) offers an exciting scavenger hunt opportunity to explore new technologies and discover new technologies. To hack the CES scavenger hunt, research the event, plan your route, use technology, team up, stay organized, engage with exhibitors, be creative, network, and have fun. Research official scavenger hunts or challenges, understand their rules, objectives, and prizes, and plan your route in advance. Utilize the official CES app or other navigation tools to locate booths or products mentioned in the scavenger hunt clues. Team up with friends, colleagues, or other attendees to divide and conquer tasks. Keep track of progress, clues, and findings using digital or physical notepads and take photos or videos of completed challenges or items found for verification. Engage with exhibitors and learn about their products or services to discover hidden gems or clues. Be creative and think outside the box when tackling challenges. Use the scavenger hunt as an opportunity to network with fellow attendees, exhibitors, and sponsors. Enjoy the competition while taking breaks and exploring exhibits. Adhere to the rules set forth by the organizers to avoid disqualification and spoil the overall CES experience. By strategically and creatively approaching the CES scavenger hunt, you can enhance your overall experience and potentially win exciting prizes.dui lawyer emporia va

    ReplyDelete