WEBVTT 00:00.000 --> 00:10.000 As a device, so like that, it does not take too much space because we don't create one 00:10.000 --> 00:16.000 Docker 5, one special Docker 5 for each topic. 00:16.000 --> 00:18.000 And so that picture looks as follows. 00:18.000 --> 00:23.000 And I will show you that in the demo because like that in this slide, it's not super interesting. 00:23.000 --> 00:29.000 But still, if you want to know how it works, is that we have a narrow shift binary. 00:29.000 --> 00:38.000 I'll see it binary with we'll be able to manage image files and also a lot of things with the hosts. 00:38.000 --> 00:43.000 And you will be able to create a container based on an image. 00:43.000 --> 00:45.000 So like that, you can also create a mission. 00:45.000 --> 00:46.000 What is cool with Docker? 00:46.000 --> 00:48.000 And I was using Docker for a while. 00:48.000 --> 00:53.000 Is that also you can at some point isolate each mission from each other. 00:53.000 --> 01:00.000 For example, let's say that in pen tests, sometimes we have to change like we have to change a lot of missions. 01:00.000 --> 01:05.000 So we have a client one, we have client two, right? 01:05.000 --> 01:10.000 I mean, and the premise that if you are messy, I mean, I'm super messy. 01:10.000 --> 01:15.000 And sometimes I will do traces and I will do like a lot of stuff in the container. 01:15.000 --> 01:20.000 What is cool is that this container is dedicated to one mission for the client one, for example. 01:20.000 --> 01:25.000 Client two, I create another Docker container, could be as there are four, could be Wi-Fi, could be Bluetooth. 01:25.000 --> 01:30.000 I mean, anything, but it will be dedicated to this mission. 01:30.000 --> 01:34.000 So if you are messy also, it also allows you to organize all these things. 01:34.000 --> 01:36.000 Let's do like some demo times, right? 01:36.000 --> 01:38.000 Because it is a little bit like, no. 01:38.000 --> 01:39.000 Let's bring all these things. 01:39.000 --> 01:43.000 It's probably not good, better to do like some demos. 01:43.000 --> 01:45.000 And I have like some fun demos. 01:45.000 --> 01:46.000 Up. 01:46.000 --> 01:49.000 So I don't know if you see those characters, perfect. 01:49.000 --> 01:53.000 So yeah, I was actually messing with the X-Rounder, but we have this computer. 01:53.000 --> 01:58.000 I mean, this computer is actually making fun of me with the display. 01:58.000 --> 02:00.000 So how it is working? 02:00.000 --> 02:03.000 I have in studio, I have a little binary, which is installed. 02:03.000 --> 02:07.000 It's pretty easy also to install, called aeroswift aeroswift. 02:07.000 --> 02:12.000 Whereas the poor needs also studio in order to work. 02:12.000 --> 02:18.000 So you basically, I mean, normally there's like a little ask here, but I would probably remove it in the time. 02:18.000 --> 02:20.000 I mean, it takes like a lot of space in the screen. 02:20.000 --> 02:21.000 But yeah. 02:21.000 --> 02:26.000 You're for the poor, a little help that allows you to see all the commands that exist. 02:26.000 --> 02:29.000 By the poor, you can do like some bindings. 02:29.000 --> 02:36.000 So that means that for the poor, let's say that you have something cool in Linux that is working is that if you are created container, 02:36.000 --> 02:41.000 you don't need to create another container by committing the last one. 02:41.000 --> 02:46.000 You can directly re-bind for the poor, the USB devices on your container. 02:46.000 --> 02:49.000 That is actually running, which is kind of cool. 02:49.000 --> 02:51.000 That does not exist in Docker, for example. 02:51.000 --> 02:56.000 So that's why we are also using the dedicated binary and not Docker compose or anything like that. 02:56.000 --> 02:58.000 We can also commit the containers. 02:58.000 --> 03:03.000 That means as far as the poor, if we have a container that is also interesting to reuse. 03:03.000 --> 03:04.000 We can actually commit it. 03:04.000 --> 03:09.000 We can extract, we can install also some some streets, some scripts for a container. 03:09.000 --> 03:11.000 I mean, there's like many, many tools. 03:11.000 --> 03:12.000 I mean, many features. 03:12.000 --> 03:17.000 For example, the first feature you want, for example, to use is images remotes. 03:17.000 --> 03:23.000 Because you want also to get the list of all existing images. 03:23.000 --> 03:27.000 So here you can see a lot of images that exist. 03:27.000 --> 03:33.000 For example, some are dedicated for NFID, some are for Bluetooth, some are useful for meon. 03:33.000 --> 03:39.000 As the years, for example, so you have, as they are like, as they are for, as they are for that allows you to have like a lot of tools, 03:39.000 --> 03:43.000 including also a lot of out of three modules for a binary view and so on. 03:43.000 --> 03:45.000 So there's like many things. 03:45.000 --> 03:47.000 And yeah. 03:47.000 --> 03:51.000 If you want, if I want to install any tool, I'll just move from the remotes. 03:51.000 --> 03:53.000 You can wait a second. 03:53.000 --> 03:56.000 I'll just lose the mouse. 03:56.000 --> 03:57.000 Yeah, perfect. 03:57.000 --> 03:58.000 Up. 03:58.000 --> 04:00.000 I'll just like up in that. 04:00.000 --> 04:04.000 And I can use, for example, image pool. 04:04.000 --> 04:07.000 Let's say I want to, to install. 04:07.000 --> 04:08.000 Yeah. 04:08.000 --> 04:09.000 I'll try to. 04:09.000 --> 04:10.000 I'll fix. 04:10.000 --> 04:11.000 I'll try to. 04:11.000 --> 04:12.000 Like that. 04:12.000 --> 04:14.000 Normally it's already installed. 04:14.000 --> 04:16.000 Normally I took care of that. 04:16.000 --> 04:22.000 Because I didn't know if I will have like any internet connection here. 04:22.000 --> 04:23.000 Which yeah. 04:23.000 --> 04:27.000 Normally it is actually looking at the the repository. 04:27.000 --> 04:28.000 Yeah. 04:28.000 --> 04:32.000 And actually it face because I mean the internet connectivity is not right. 04:32.000 --> 04:33.000 So it actually face. 04:33.000 --> 04:38.000 So this is like also some some I mean some trace that I need also to end on a little bit. 04:38.000 --> 04:39.000 But yeah. 04:39.000 --> 04:42.000 As you can see, this project also was created in June 2024. 04:42.000 --> 04:44.000 So it's pretty young also. 04:44.000 --> 04:45.000 But yeah. 04:45.000 --> 04:47.000 Normally on, you have an image. 04:47.000 --> 04:50.000 So first of all, here look, well, it looks like that. 04:50.000 --> 04:53.000 So you have some images that I have already downloaded. 04:53.000 --> 04:56.000 What is cool is that by the point, you have the tag reversing. 04:56.000 --> 04:58.000 I want to reverse binaries. 04:58.000 --> 05:05.000 And so if I want to use, for example, the I mean, I have images for only devices for 05:05.000 --> 05:07.000 SDR and also essay. 05:07.000 --> 05:08.000 Bluetooth, etc. 05:08.000 --> 05:11.000 So let's say that I want to use possible SDR light. 05:11.000 --> 05:16.000 The one that allows you to put to do some assessment with with some SDR and also essays. 05:16.000 --> 05:18.000 I can first put on it like that. 05:18.000 --> 05:20.000 I can just like do. 05:21.000 --> 05:24.000 Air Swift ran here. 05:24.000 --> 05:28.000 SDR lights like that. 05:28.000 --> 05:29.000 Right. 05:29.000 --> 05:33.000 And then I have to precise the name of the container. 05:33.000 --> 05:37.000 So super SDR one like that because it is super right. 05:37.000 --> 05:40.000 So I'm doing that. 05:40.000 --> 05:45.000 And then for example, I can plug any devices like that. 05:45.000 --> 05:48.000 Okay, I don't know which one. 05:48.000 --> 05:50.000 I will actually plug this one after. 05:50.000 --> 05:53.000 But do you have like one that's here? 05:53.000 --> 05:54.000 Here. 05:54.000 --> 05:59.000 I can plug here directly. 05:59.000 --> 06:03.000 And then I will show you with the essay that I have here. 06:03.000 --> 06:04.000 Up. 06:04.000 --> 06:05.000 Up. 06:05.000 --> 06:06.000 Up. 06:06.000 --> 06:13.000 So it's a Rick's one. 06:14.000 --> 06:15.000 Yep. 06:15.000 --> 06:18.000 I'm just taking the better off. 06:18.000 --> 06:19.000 Here. 06:19.000 --> 06:21.000 You can also plug in order. 06:21.000 --> 06:22.000 Any SDR? 06:22.000 --> 06:27.000 I mean, if you want to know also the list of SDR that I've supported. 06:27.000 --> 06:28.000 I can show you. 06:28.000 --> 06:29.000 Here. 06:29.000 --> 06:32.000 There's Swift. 06:32.000 --> 06:33.000 Up. 06:33.000 --> 06:35.000 Because there's also documentation here. 06:35.000 --> 06:39.000 So for example, I know that at first you will probably get lost. 06:39.000 --> 06:43.000 But this lack of documentation that allows you to see for example. 06:43.000 --> 06:44.000 Included tools. 06:44.000 --> 06:47.000 And like that, you can see for example for each image. 06:47.000 --> 06:49.000 Which tool actually are also. 06:49.000 --> 06:50.000 Included for example. 06:50.000 --> 06:51.000 UHD. 06:51.000 --> 06:52.000 There's RTLSDR. 06:52.000 --> 06:53.000 BIOS. 06:53.000 --> 06:54.000 New old. 06:54.000 --> 06:55.000 A caref. 06:55.000 --> 06:56.000 Earthspite. 06:56.000 --> 06:57.000 That means there. 06:57.000 --> 07:00.000 So even a line measure, which is painful to set up. 07:00.000 --> 07:04.000 I mean, it's pretty fast to get it running in here. 07:04.000 --> 07:05.000 SDR lights. 07:05.000 --> 07:06.000 You have for the book. 07:06.000 --> 07:07.000 New radio. 07:08.000 --> 07:09.000 Libre. 07:09.000 --> 07:10.000 Vainage. 07:10.000 --> 07:12.000 So for example, if you want to measure for the post. 07:12.000 --> 07:15.000 I mean, I can also show you that working directly. 07:15.000 --> 07:19.000 For SDR, we have many out of three modules that are actually installed. 07:19.000 --> 07:20.000 Even some. 07:20.000 --> 07:22.000 Some other programs. 07:22.000 --> 07:25.000 I mean, you can probably find your. 07:25.000 --> 07:28.000 I mean, some interesting programs there. 07:28.000 --> 07:30.000 So yeah. 07:30.000 --> 07:36.000 Let's maybe use one program that someone will also present lately. 07:37.000 --> 07:39.000 But just to show you that it works. 07:39.000 --> 07:40.000 Like that. 07:40.000 --> 07:44.000 And then I will go to a nice demo process with Bluetooth. 07:44.000 --> 07:46.000 And other things. 07:46.000 --> 07:49.000 Up. 07:49.000 --> 07:50.000 So. 07:50.000 --> 07:51.000 I just plug the. 07:51.000 --> 07:52.000 The plutonist here there. 07:52.000 --> 07:55.000 So the antenna is also falling here. 07:55.000 --> 07:59.000 Um, so I can directly just like do as they are plus plus here. 07:59.000 --> 08:03.000 I can also call it directly from air proof like that I can do like. 08:03.000 --> 08:06.000 I mean, as they have, I mean, pseudo errors with blah, blah, blah, blah, blah. 08:06.000 --> 08:09.000 And then, uh, they are also because this computer. 08:09.000 --> 08:12.000 I didn't use the computer in performance mode. 08:12.000 --> 08:15.000 So it will actually go very slow. 08:15.000 --> 08:17.000 Are we going to performance? 08:17.000 --> 08:18.000 It will be better. 08:18.000 --> 08:19.000 Wait. 08:19.000 --> 08:20.000 Perfect. 08:20.000 --> 08:21.000 And so where is. 08:21.000 --> 08:22.000 Bedaref. 08:22.000 --> 08:23.000 Which is second. 08:23.000 --> 08:24.000 Bedaref. 08:24.000 --> 08:25.000 One two. 08:25.000 --> 08:26.000 Okay. 08:30.000 --> 08:31.000 Here. 08:31.000 --> 08:32.000 Right. 08:32.000 --> 08:33.000 Up. 08:34.000 --> 08:35.000 So let's see. 08:35.000 --> 08:38.000 We can directly play it like that. 08:41.000 --> 08:42.000 Yeah. 08:42.000 --> 08:43.000 This is also. 08:47.000 --> 08:49.000 Did I just press play or not? 08:52.000 --> 08:53.000 Up. 08:54.000 --> 08:55.000 Come on. 08:57.000 --> 08:59.000 Put this low. 08:59.000 --> 09:00.000 Slow or not. 09:03.000 --> 09:04.000 Come on. 09:10.000 --> 09:12.000 It does detect the rates. 09:12.000 --> 09:14.000 But I don't know if it's playing or not. 09:14.000 --> 09:15.000 If I. 09:19.000 --> 09:21.000 Ah, I just double click. 09:21.000 --> 09:22.000 Yeah. 09:22.000 --> 09:23.000 Okay. 09:23.000 --> 09:24.000 Nice. Now it's perfect. 09:24.000 --> 09:25.000 So I can. 09:25.000 --> 09:27.000 I can go to gain. 09:27.000 --> 09:29.000 I can now go to gain. 09:32.000 --> 09:33.000 Yeah. 09:33.000 --> 09:38.000 I'm sorry for the display guys because we are good in RF but not with wires right. 09:38.000 --> 09:39.000 So. 09:39.000 --> 09:41.000 So maybe let that. 09:41.000 --> 09:42.000 And here. 09:42.000 --> 09:43.000 Yeah. 09:43.000 --> 09:44.000 Here we can see something. 09:44.000 --> 09:45.000 I mean probably. 09:45.000 --> 09:48.000 I can go to one specific frequency. 09:48.000 --> 09:49.000 Like yeah. 09:49.000 --> 09:51.000 From what 60. 09:51.000 --> 09:52.000 Eight. 09:52.000 --> 09:53.000 Like that. 09:53.000 --> 09:54.000 Find the microphone. 09:54.000 --> 09:55.000 Find the microphone. 09:55.000 --> 09:57.000 The microphone will be like. 09:57.000 --> 09:58.000 Eight. 09:58.000 --> 10:00.000 I mean 80. 10:00.000 --> 10:01.000 Right. 10:01.000 --> 10:02.000 Yeah. 10:02.000 --> 10:03.000 Yeah. 10:03.000 --> 10:04.000 Yeah. 10:04.000 --> 10:05.000 We will probably do that with the rest. 10:05.000 --> 10:06.000 I would be better. 10:06.000 --> 10:08.000 But I'm just looking at. 10:08.000 --> 10:11.000 Let's say like a remote like that. 10:11.000 --> 10:12.000 What. 10:12.000 --> 10:15.000 Or if someone wants to. 10:15.000 --> 10:18.000 We have like that in this frequency. 10:18.000 --> 10:19.000 Maybe not. 10:19.000 --> 10:22.000 So as we don't know exactly the frequency in use for this one. 10:22.000 --> 10:26.000 Actually, I can maybe just like step in a bit. 10:26.000 --> 10:27.000 No. 10:27.000 --> 10:28.000 No. 10:28.000 --> 10:40.000 We don't know exactly the frequency in use for this one. 10:40.000 --> 10:43.000 So what we can do is that. 10:43.000 --> 10:45.000 We can up. 10:45.000 --> 10:47.000 We can just. 10:47.000 --> 10:50.000 Rebind things because also. 10:50.000 --> 10:51.000 I will. 10:51.000 --> 10:53.000 Rebind the calibration. 10:53.000 --> 10:54.000 Data here. 10:54.000 --> 10:56.000 So it is again. 10:56.000 --> 10:58.000 Cal files. 10:58.000 --> 11:00.000 Demo. 11:00.000 --> 11:01.000 Perfect. 11:01.000 --> 11:05.000 Up. 11:05.000 --> 11:06.000 Demo. 11:06.000 --> 11:07.000 Right. 11:07.000 --> 11:09.000 So we use this path. 11:09.000 --> 11:10.000 And. 11:10.000 --> 11:12.000 I can. 11:12.000 --> 11:14.000 Where's the mouse. 11:14.000 --> 11:15.000 The mouse. 11:15.000 --> 11:17.000 We use with the cat's right. 11:17.000 --> 11:20.000 So up. 11:20.000 --> 11:21.000 I will just. 11:21.000 --> 11:25.000 Because I already also what is cool is that I can see for the last. 11:25.000 --> 11:27.000 Contenders that I've been. 11:27.000 --> 11:30.000 Use was bought that I've been. 11:30.000 --> 11:31.000 Executed. 11:31.000 --> 11:33.000 So what is cool is that. 11:33.000 --> 11:36.000 I will be able for the port to use the binding feature. 11:36.000 --> 11:37.000 Against. 11:37.000 --> 11:39.000 This container name. 11:39.000 --> 11:42.000 And what is cool is that you can use this container name. 11:42.000 --> 11:43.000 Yeah. 11:43.000 --> 11:44.000 If you want. 11:44.000 --> 11:45.000 But to re invoke it. 11:45.000 --> 11:46.000 You can use. 11:46.000 --> 11:47.000 I have swift exact. 11:47.000 --> 11:48.000 And the container name. 11:48.000 --> 11:49.000 So for the. 11:49.000 --> 11:50.000 The binding is the same. 11:50.000 --> 11:51.000 We do. 11:51.000 --> 11:52.000 Like. 11:52.000 --> 11:53.000 Studio. 11:53.000 --> 11:55.000 Air swift. 11:55.000 --> 11:56.000 Like that. 11:56.000 --> 11:58.000 Bindings. 11:58.000 --> 12:00.000 Bindings. 12:00.000 --> 12:01.000 Like that. 12:01.000 --> 12:03.000 And I don't remember the option. 12:03.000 --> 12:04.000 So like that. 12:04.000 --> 12:05.000 Okay. 12:05.000 --> 12:06.000 So we have to. 12:06.000 --> 12:08.000 Add. 12:12.000 --> 12:13.000 Add. 12:13.000 --> 12:14.000 Then. 12:14.000 --> 12:15.000 What we can do. 12:15.000 --> 12:16.000 Add. 12:16.000 --> 12:18.000 We have to precise the container name. 12:18.000 --> 12:21.000 We've asked the source and the targets with. 12:21.000 --> 12:22.000 Dashi. 12:22.000 --> 12:25.000 So we can use now. 12:25.000 --> 12:26.000 Container name. 12:26.000 --> 12:28.000 Super SDR one white. 12:28.000 --> 12:29.000 Here. 12:29.000 --> 12:30.000 With S. 12:30.000 --> 12:32.000 We precise. 12:32.000 --> 12:33.000 The source. 12:33.000 --> 12:34.000 Ah. 12:34.000 --> 12:35.000 This one. 12:35.000 --> 12:39.000 I'm that. 12:39.000 --> 12:40.000 The source. 12:40.000 --> 12:42.000 Like that. 12:42.000 --> 12:43.000 Up. 12:43.000 --> 12:45.000 And then the target. 12:45.000 --> 12:46.000 A directory. 12:47.000 --> 12:48.000 So that means. 12:48.000 --> 12:50.000 Let's say root. 12:50.000 --> 12:51.000 Up. 12:51.000 --> 12:52.000 Share. 12:52.000 --> 12:53.000 Like that. 12:53.000 --> 12:55.000 And so then. 12:55.000 --> 12:57.000 Successfully. 12:57.000 --> 12:58.000 Right. 12:58.000 --> 12:59.000 So seems like. 12:59.000 --> 13:00.000 Everything is right. 13:00.000 --> 13:02.000 So what is called is that. 13:02.000 --> 13:03.000 Then I can. 13:03.000 --> 13:04.000 Go back to the container. 13:04.000 --> 13:05.000 Just doing exact. 13:05.000 --> 13:07.000 It will execute the like test. 13:07.000 --> 13:08.000 Container. 13:08.000 --> 13:10.000 And normally I should see new. 13:10.000 --> 13:11.000 A new binding. 13:11.000 --> 13:12.000 In the description. 13:12.000 --> 13:13.000 Here. 13:13.000 --> 13:14.000 As you can see. 13:14.000 --> 13:15.000 So that means that. 13:15.000 --> 13:16.000 The binding. 13:16.000 --> 13:17.000 Now. 13:17.000 --> 13:19.000 Is able to see. 13:19.000 --> 13:20.000 The directory. 13:20.000 --> 13:21.000 I bind it. 13:21.000 --> 13:22.000 From the host. 13:22.000 --> 13:23.000 So first point. 13:23.000 --> 13:24.000 If I'm doing that. 13:24.000 --> 13:25.000 I'm doing that. 13:25.000 --> 13:26.000 Share. 13:26.000 --> 13:27.000 I will see. 13:27.000 --> 13:28.000 For example. 13:28.000 --> 13:29.000 The. 13:29.000 --> 13:31.000 The. 13:31.000 --> 13:32.000 The. 13:32.000 --> 13:33.000 The. 13:33.000 --> 13:34.000 I mean the. 13:34.000 --> 13:35.000 This is a needs. 13:35.000 --> 13:36.000 Also. 13:36.000 --> 13:37.000 I mean the software needs. 13:37.000 --> 13:38.000 The collaboration data. 13:38.000 --> 13:39.000 To be. 13:39.000 --> 13:40.000 Also in a particular directory. 13:40.000 --> 13:41.000 So that's why I. 13:41.000 --> 13:42.000 I. 13:42.000 --> 13:43.000 I'm not doing that. 13:43.000 --> 13:44.000 But like that. 13:45.000 --> 13:46.000 And so like that. 13:46.000 --> 13:48.000 You can always keep the files on the host. 13:48.000 --> 13:49.000 For example. 13:49.000 --> 13:50.000 Let's say the traces and success. 13:50.000 --> 13:52.000 So it shows you also this. 13:52.000 --> 13:54.000 This thing in the same time. 13:54.000 --> 13:55.000 So. 13:55.000 --> 13:56.000 I'm going to go into. 13:56.000 --> 13:57.000 Harajik. 13:57.000 --> 13:58.000 Cal file. 13:58.000 --> 13:59.000 Like that. 13:59.000 --> 14:00.000 I will just like copy. 14:00.000 --> 14:01.000 Everything. 14:01.000 --> 14:02.000 Up. 14:02.000 --> 14:04.000 Like a messy guy. 14:04.000 --> 14:05.000 And go to. 14:05.000 --> 14:08.000 Up generator analyzers. 14:09.000 --> 14:10.000 Ban. 14:12.000 --> 14:13.000 B 14:13.000 --> 14:15.000 I should do like something more automatic. 14:15.000 --> 14:17.000 Stand that right up. 14:17.000 --> 14:18.000 And then I can use. 14:18.000 --> 14:19.000 Studio. 14:19.000 --> 14:20.000 Search with. 14:20.000 --> 14:21.000 Besides. 14:21.000 --> 14:22.000 And then we will be bought to discover. 14:22.000 --> 14:23.400 Baby which frequencies and years. 14:23.400 --> 14:24.400 What. 14:24.400 --> 14:25.000 All right. 14:25.000 --> 14:27.000 Joel it's using I assembly. 14:27.000 --> 14:28.000 So three three for. 14:29.000 --> 14:29.300 Four three, 14:29.300 --> 14:31.000 Ming are ras or eight six eat. 14:31.000 --> 14:31.500 Yeah. 14:31.500 --> 14:33.000 We'd never know. 14:33.000 --> 14:36.000 So we don't want to also waste time. 14:36.000 --> 14:37.000 I'm looking for the şuras. 14:37.000 --> 14:45.240 USB top here, so that's the USB, so it is like a little glass box here, I will just 14:45.240 --> 15:09.240 like 13 here, top, top, do you have any, I mean, poor plug here, someone, no, okay, 15:09.440 --> 15:34.680 that's why we have also to use the Write, input write because it also has 15:34.680 --> 15:48.280 of my electrical, and so we can now just plug the other one for data up. We'll use this 15:48.280 --> 15:57.080 UWB antenna here up, and we'll see. So, Jenny, I mean, this is the first thing we are 15:57.080 --> 16:00.600 doing when we're doing a assessment, so when we don't know exactly which frequencies 16:00.600 --> 16:05.320 you use, is that we use a spectrum analyzer, could be like this one, which is a pretty 16:05.320 --> 16:14.280 chip, I mean for what it does up, and so we call it, we can call the software like that, 16:14.280 --> 16:23.160 and look at it, shit, it's not showing in the right, wait a second, ah, perfect. Up, so you 16:23.160 --> 16:27.560 can see, for example, a nice, I mean, it's a nice eye, there's like a lot of things happening 16:27.560 --> 16:35.960 here, so we probably just like, put some traces in here, up, up, next all, for example, at least, 16:35.960 --> 16:42.200 and let's see, let's see if we can see what is happening, 16:42.360 --> 16:57.320 it seems like, we're not be as easy, right? It's like a lot of stuff, Jenny, you will 16:57.320 --> 17:04.600 prefer to use also farer decades in order to just be very, in a clean room, but yeah, I mean, 17:04.600 --> 17:12.040 let's probably just, I will probably wait a second, use maybe a big search marker here, 17:17.640 --> 17:24.040 which one do you see? Yeah, we need, we need, we need, probably just like to 17:25.880 --> 17:30.680 to use this smaller, you're right, instead of you using nine carrots through our, 17:30.680 --> 17:35.160 at nine gears, we probably just like, lower it down a bit, like a hundred megahertz, like that, 17:35.160 --> 17:41.880 or even three hundred megahertz, we'll be better, right, and we'll go maybe through nine hundred 17:41.880 --> 17:48.280 megahertz, it's with you, probably better, oh, wait, oh, okay, up, hurts, like that's, 17:48.280 --> 17:53.720 perfect, and here, four hundred would be enough, right, because we don't need all the other 17:54.680 --> 18:01.800 bands, it's so, yeah, so now maybe just like, let's try to just disable when I'm on the 18:01.800 --> 18:08.760 trace, like that, and see, you'll see this like, okay, there's a lot of corrects, 18:08.760 --> 18:13.560 but we probably see something, I mean, there's like a respect that I spotted that is in here, 18:13.560 --> 18:21.080 so it's probably this one, so let's maybe take a look, I will just like, let's pick in here, 18:21.400 --> 18:35.640 I already see, so this package, that's 870 megahertz, so let's maybe just like, not use the sweep mode, 18:35.640 --> 18:39.800 because the sweep mode also messed, I mean, there's a lot of stuff in here, we can use, by the 18:39.800 --> 18:48.360 power at times spectrum, as upon mode, and look at sky, up, megahertz, like that, and let's see, 18:49.240 --> 18:59.400 if I can just like grab something interesting, okay, yeah, so you see, here, there's something in here, 19:00.040 --> 19:09.560 so it should be that, so we can probably zoom a bit on it, like, just reduce the span up, 19:10.760 --> 19:17.720 and what do we see, we see like, this is like an overjuck in here, let's we see something, 19:18.680 --> 19:32.520 in this frequency, particularly, perfect, so 868.9, 92, so let's maybe focus on that, we just like capture 19:32.520 --> 19:37.800 that, and then I will show you that, I mean, we have many tools in there, so we can just like do 19:37.880 --> 19:52.040 I can stream in mode 86, 68, 68, 0.69, okay, good, up, let's see, so we have that, perfect, 19:52.040 --> 19:58.440 you can also demodulate, I mean, this is like now some digital demodulator, I mean, numeric demodulators, 19:59.000 --> 20:07.000 so here, I will just like decrease a bit the span, so like that, I will be able to capture 20:07.560 --> 20:13.400 this little clicking there, I'll probably just like also do like a peak search, so like that, 20:21.080 --> 20:25.480 okay, perfect, so let's probably just like capture this one, 20:26.440 --> 20:34.920 so I will just like capture this one, like that, where is my mouse again, it is here, so up, 20:37.400 --> 20:42.600 record, record now, I will just like record time, I will just like put like two seconds, 20:42.600 --> 20:52.600 could be cool, like that, then oh, nice, perfect, thank you very much, so we can now record, 20:52.600 --> 21:00.360 so we just like record it, okay, so two seconds is enough, you just like take your trace and here, 21:01.480 --> 21:07.400 as you can see, we don't have like, you know, any demodulator in here, it exists, for example, 21:07.400 --> 21:13.720 if you pay some extra bucks, but we want maybe to use another tool, just like to show you that 21:13.720 --> 21:20.440 there's not only this tool, so for example, if I want to use another tool, let's say, 21:21.160 --> 21:27.720 a new radio, I can actually use it, and if you use the as their fool, you will have all the out of 21:27.720 --> 21:35.080 three-model of a new radio, Janey, all of them, or probably some of them will be missing, so don't 21:35.080 --> 21:41.400 hesitate to to also propose, but here you have the common one, so by the way, we can use a file 21:42.120 --> 21:47.640 tools like that, I mean, the way for resources because it is also recording the wave with 21:47.640 --> 21:59.240 a logic, like that, it has two tracks, it has two tracks, so it is like one eye, another cube 21:59.240 --> 22:08.280 track, so it separates all the tracks like that, and we will then use to do floats to complex 22:08.280 --> 22:14.200 like that, and so like that, we can just change a little bit of format in order to play with 22:15.080 --> 22:19.720 all of the tools, so like that, you can see that we can switch to from the radio to another tool, 22:19.720 --> 22:28.040 like that also, file up sync, like that, we will not use a throttle because we will just like 22:28.040 --> 22:36.680 record it directly in IQ, I can maybe show you that something is happening or so, that's with 22:36.840 --> 22:47.160 a QTB sync here, like that, so up, up, so where is the, so if this is the calibration file, 22:47.720 --> 22:53.240 I don't bother about that, so I want the recordings, so the recordings are in 22:54.280 --> 23:06.440 SGA tool, air tools, air tools, analyzers, says studio, data, and here there is the recording, 23:07.400 --> 23:14.840 so the recording looks like that, up, up, so yeah, if I just repeat like that, I will just 23:14.840 --> 23:24.200 let's see, if this is this signal or not, so let's do a test, oh like that, up, we can just like 23:24.840 --> 23:30.920 see if we have the recording here, we have something in there, right, so we can maybe just like 23:30.920 --> 23:37.640 also use, I mean, or if we look at the constellation, it will not be something in phase shift 23:37.640 --> 23:45.480 king, but if we look at the shape, looks like we have something that probably like is 23:46.760 --> 23:54.120 okay signal, something is such right, so we can maybe just to file sync, enable, file, 23:54.760 --> 24:07.160 kmp, ah, kmp, oh ho ho, c-fight, like that, just to precise that it will be a complex file, 24:07.720 --> 24:13.240 and then we can record it and we can work with all the tool, we can continue with the radio, 24:13.240 --> 24:20.280 but so, I mean, the things that just to show you that we can go forward, like that, 24:20.440 --> 24:25.080 with that the capture, the capture, we can use the new red flag, for example, if we don't want to 24:25.080 --> 24:34.280 just mess with the radio, we can directly open it in computer, up, it's a test, I mean, tmp, 24:35.720 --> 24:40.120 up, and then you can see something that comes as follows, let's see, for example, 24:40.840 --> 24:46.200 also it is interesting, with the spectrum, we see something like that, so it's pretty clean 24:46.200 --> 24:52.360 compared to what like an Azure already, with a better antenna gen X, it will be still a better than this one, 24:52.360 --> 25:01.640 but I mean, as a boy it's already detecting like an okay signal, and we have also our symbols 25:01.640 --> 25:08.760 that are here, so then we can go forward, we can, as a boy just like you say, hey, what is the number 25:09.320 --> 25:14.920 of sample per symbol here, so we can maybe look at this and see that it has actually also 25:14.920 --> 25:19.640 guessed that it is a hundred directly, but sometimes we have to also play a little bit of the 25:19.640 --> 25:25.000 things in here, but yeah, we can then continue a, we can reverse the signal that way, right? 25:25.000 --> 25:29.240 Or we can also do that with the radio or any of the tools, I mean anything like that. 25:29.240 --> 25:34.680 Let's say that now you are in a mission where you want to do some, let's say, Bluetooth stuff, 25:34.680 --> 25:39.720 right, your own purple approach, you just like open this lock, so if I suppose this lock is your 25:39.800 --> 25:45.240 mission, it's a, you know, gen is lock, it's lock, I mean, can anyone confirm that it's locked, 25:45.240 --> 25:51.000 it's locked, right? So it's a, it's really locked, and so if I want to open it, 25:52.040 --> 25:59.560 I can use for, as a whole directly, other, there's like a little image that is already here, 25:59.560 --> 26:05.560 that is the Bluetooth image that I have loaded, and so the Bluetooth image, I can directly use it, 26:05.640 --> 26:10.200 and you probably guess, I mean, I don't know if you have, you don't like a lot of assessment in Bluetooth, 26:10.200 --> 26:14.760 but it is a mess, I mean, all the tools sometimes are obsolete, it does not work, it's a mess, 26:14.760 --> 26:19.800 completely mess, and you have to, I mean, spend a lot of time doing so, so here with this image, 26:19.800 --> 26:24.280 I have blueing, you're working, I have mirage, I'm, am I right, sorry, I have many tools, 26:24.280 --> 26:30.920 that's, you know, probably we will waste a lot of time for you. So here, we go, so we just like, run, 26:31.880 --> 26:39.480 Bluetooth, like that, so run, Bluetooth, also, just to save time, because I know that there's like, 26:40.040 --> 26:44.840 not a lot of time, I will also directly load the script file, I will show you what the script 26:44.840 --> 26:51.080 does, the script, what the script does is that just like, it does replay the same packet to 26:51.080 --> 26:57.240 open the lock, because the lock is using the, I mean, does not use any ID or any encryption, 26:57.240 --> 27:01.960 I mean, to, structurally, get open, I mean, this is not running code, for example, for this one, 27:01.960 --> 27:08.360 so it is vulnerable to replay attack directly. So we'll use this replay attack, but we can also use 27:08.360 --> 27:12.840 mirage for example, to me, to mind the middle of the communication between the lock and the application, 27:12.840 --> 27:18.520 I mean, the legitimate application, but what we'll do is just, let's say that we have captured 27:18.520 --> 27:22.680 already some packets, we want to replay it, and you will see that we will play the same packets all over 27:22.680 --> 27:30.120 and over, it will be unlocked. So, for example, if we want to do so, yeah, I forgot also to, 27:30.120 --> 27:38.280 I wanted to do like bind, yeah, I will also bind some stuff in here, so we'll use bind and I will 27:38.280 --> 27:47.320 also bind that, because here I have the script file, so like that, also I can save time in here, 27:47.400 --> 27:54.920 so I will bind it in roots, share, let's say, and I will use a name, what name I can use, 27:54.920 --> 28:04.200 super Bluetooth, super Bluetooth, Bluetooth 1, right? Oh, yeah, it tries also to look at the, 28:04.200 --> 28:10.440 I mean, sometimes it tries to look at, I mean, I'm the, at the version of a error search, 28:10.440 --> 28:14.840 and if you don't have any network, it does shows you like something like that, 28:14.920 --> 28:20.680 I should actually patch it also, but yeah, let's say that I want to now exploit the vulnerabilities, 28:20.680 --> 28:26.920 so you can see for example the scripts, I just like, it's pretty small, I mean, that's just 28:27.480 --> 28:34.360 a connect to the target, it's authentificate itself, and then it sends a command to unlock, so 28:35.160 --> 28:42.840 I can now use for example this little command directly like that, I can now just press that, 28:42.840 --> 28:49.000 I hope I will not have any demo effect, but yeah, I can just like press two times in order to go 28:49.000 --> 28:57.000 to Bluetooth mode, and let's see, yeah, it failed, yeah, that's also the issue with Bluetooth, 28:57.000 --> 29:03.160 because we have also to make sure that the Bluetooth is not locked at something else, so 29:04.280 --> 29:08.120 disconnected, connected, connected, connected, connected, it didn't connect at it yet, 29:08.840 --> 29:13.160 let's wait as, our connection is successful, so maybe it will actually work, 29:14.040 --> 29:22.200 sometimes with Bluetooth you have to to push things a bit, so it is again that, that 29:23.080 --> 29:28.280 exits that, gone, gone guy, 29:35.880 --> 29:48.120 let's do that, that, that, up, yeah, I know, up, up, 29:48.120 --> 30:02.120 no, it's crazy, I think I will have to do that manually, so with a second, I will just 30:02.120 --> 30:06.280 try again with the script, and I tested the script yesterday, so normally it worked, 30:08.200 --> 30:15.000 like that, come on, oh, finally, it's free, so we have to be also close to the right, 30:15.080 --> 30:21.640 right, so yeah, so let's say, then you want to, I don't know, we have how many minutes we 30:21.640 --> 30:25.560 have asked a little bit of time, so we want to go to another topic, let's say, 30:25.560 --> 30:34.360 RFID, right, we can go to RFID, so we can go to RFID, I mean, we can go to Telco with 2G, 3G, 4G, 30:34.360 --> 30:42.120 your 5G station, install pretty easily also with RFID, but if we want to go to the RFID topic, 30:42.120 --> 30:48.840 yeah, I have some time, a lot of time, or maybe for the questions, right, could be better, yeah, 30:48.840 --> 30:54.440 yeah, maybe could be better for the question, so yeah, because we have only like less than 5 minutes, 30:54.440 --> 30:59.000 so if you have any questions, guys, don't hesitate to ask, also if you won't, 30:59.000 --> 31:05.320 cause for the demo, I have plenty of, as you see, a lot of toys, so we can also show some 31:05.320 --> 31:09.240 some stuff also here, and yeah, don't hesitate also if you have like any question there, 31:09.240 --> 31:14.840 or any issue, or if you want to also contribute, because I mean, I'm the only guys contributed 31:14.840 --> 31:22.040 on it, I'm using it at 200%, but yeah, if you have any ID, could be like also something 31:22.040 --> 31:27.080 interesting for me to add also there, so yeah, thank you very much for attending this presentation, 31:28.280 --> 31:34.120 just checking if everything is fine here, but normally, I have maybe the worst conclusion ever 31:34.120 --> 31:40.680 for that, blah, blah, blah, conclusion here, conclude, yeah, I mean, you can travel, yeah, as I said, 31:40.680 --> 31:45.480 you can travel safely with errors with, I mean, just also for your information, I was also doing 31:45.480 --> 31:52.120 like an assessment, this, this computer, this precise computer, also was corrupted, and I was also 31:52.120 --> 31:58.200 happy that in less than 10 minutes, I can also get all my setup back for my RFID assessment, so, 31:58.200 --> 32:03.560 I mean, I'm using it like a lot, but if you're using it and you like it, please also just 32:03.560 --> 32:09.880 like curap or maybe contributes, I mean, don't only just pull issue, because issue is also like 32:09.880 --> 32:16.600 sometimes a mess to correct every time, so if you want to contribute, it is free, it's open source, 32:17.400 --> 32:22.120 and also you can cook your own images, so that means that if you want to precise, 32:22.760 --> 32:29.000 as you are device with a precise tool, just to take like a very few megabytes, I mean, you can also do that, 32:29.080 --> 32:33.880 because you can do the Dockerfile yourself, so yeah, thank you very much for attending, 32:33.880 --> 32:39.320 and I hope you enjoy it, and if you have any questions, please, I'm here to answer any questions. 32:44.200 --> 32:46.200 Any questions? 32:46.280 --> 32:52.840 No questions? 32:55.240 --> 32:57.400 Don't be shy, you have any questions? 32:57.400 --> 33:04.200 Yeah, so you were working with a Bluetooth device at the end, where would you have to start 33:04.200 --> 33:06.600 if you were just handed at the brand of Bluetooth device? 33:06.600 --> 33:12.440 Oh, I mean, for this one, it's known to be vulnerable, but Jenny, what I do is that, 33:12.520 --> 33:18.920 for example, I will use an application on the phone and the device, and I will use my 33:18.920 --> 33:22.600 phone some tools, like my range, but it is like also some of the tools that exist that are also 33:22.600 --> 33:28.840 obsolete, sometimes some of us are, but Jenny, a lot of tools are obsolete in Bluetooth, 33:28.840 --> 33:33.480 and they get obsolete pretty easily, but yeah, I'm doing like a main demand at attack in order to just 33:34.040 --> 33:40.840 pretend to be the toy and pretending also to be the cell phone. 33:40.840 --> 33:45.880 So that means that then I can show, I can see all the commands at our sense, and just in blind, 33:45.880 --> 33:51.080 I can see, hey, I mean, it's repeating the same packets, so I can just replay even. 33:51.080 --> 33:57.880 But if it does not do that, I will use one for the power image to reverse the application, 33:57.880 --> 34:06.040 and see how the encryption or any mechanism that actually generate the packets is behaving, 34:06.040 --> 34:11.480 and so like that then, I can implement the same algorithm and up, I can maybe just attack the device 34:11.480 --> 34:20.760 a little. Yeah, yeah, I mean, the main demand of the device is that you can use for the 34:20.760 --> 34:30.120 poor, sorry. Oh, I'm very CPI. I mean, you have images, there is also some image 34:30.120 --> 34:35.160 that are in the GitHub repository, if you go there, and so you can also modify them, you can 34:35.160 --> 34:39.960 read the app them, you cook your own, and then you can use it private, if you also. 34:39.960 --> 34:43.960 Okay, thank you again. Thank you very much. Thank you.