CHALLENGE YOURSELF!

TROOPERS18 Conference,
Heidelberg, Germany
Prize pool of 2000 HKN
Valuable Rewards
Contests will be launched at 10 AM, March, 14th

Hardware & Smart Contracts Contests

Onsite Bug Bounty Marathon"Hack my key"
About
Hacken invites TROOPERS18 participants to take part in onsite bug bounty marathon focused on searching vulnerabilities in hardware digital key Hideez. Just imagine what can you lost if somebody hacks this tiny device: credentials from banking services and your social life, access to your office and even your home! Let's try to hack Hideez to do it more secure and keep safe other owners.
To participate you need
1
Take a look at Hideez Program Policy below
2
Start hacking at the Hacken area
3
Report your findings via special form at Hackenproof
(sign up first)
4
Wait for confirmation of your submission by triage team
5
Get reward
Hideez Program Policy
Product
At our stand you can try to break Hideez Key, this key using nRF51822 system-on-chip b Nordic Semiconductor as a starting point. Nordic chips are proven and reliable, nRF51822 features 32-bit ARM® CortexTM M0 CPU with 256kB flash and 32kB RAM. In addition, it contains an 8-bit 90dB buzzer, Atmel T5577 RFID chip with antenna. More details about the product you can find here.
Aim
Providing PoC for the following attacks
MiTM and attack on cryptography
Device firmware replacement
Plain text key extraction
Environment
You can try yourself in our challenges at demo stand. For testing, you have the following devices
Bluetooth Sniffer
Hideez Key
Laptop\PC Windows for sniffing
Laptop\Phone connected to Hideez Key
Attack Vectors
#1. Hacking the exchange over encrypted Bluetooth connection (AES 128)
  • Goal: to break secure communication.

  • Test environment: a computer with a connected and configured Bluetooth sniffer, with which you can see the entire exchange and try to analyze it. The tag and computer/smartphone are pre-connected.
# 2. Read the data from the tag using a wire connection
  • Goal: to read sensitive data from the tag by plugged programmator

  • Test environment: A computer with a connected and configured programmer and all the necessary software. Tag in disassembled form with soldered wires for convenient connection.
# 3. To replace the encrypted and signed firmware
  • Goal: to replace encrypted firmware

  • Test environment: firmware file and software with which you can try to fill this firmware into the device (by wire and bluetooth). The original firmware should be filled in without problems, modified one should not.
# 4. Get access to an attached user tag without a password and without knowing DeviceKey
  • Goal: to conduct MiTM attack

  • Test environment: you need to use web server with two tags - one normal, with a known password and DeviceKey, the second with an unknown DeviceKey. You can analyze traffic while binding a normal tag and then try to bind the second tag.
More details here.
Rewards
The prize pool is 2000 HKN (ERC 20 Token)
img2
Those who will find vulnerabilities through the list of predefined attack vectors will be rewarded with 500 HKN per each challenge described in Hideez Program Policy.
Only first valid submission of 4 predefined attack vectors is eligible for reward.
"Hack my smart contract" CTF
About
All developed countries are transferring their economy in cutting-edge digital area, the overwhelming majority of international corporations integrate their partnerships into blockchain based framework and even average people explore new financial instrument – cryptocurrency. One of the main blockchain tool is smart contract, what can happen if it's hacked? Try to find and eliminate its vulnerabilities.
Rewards
Only participants of the conference eligible to receive rewards
500 HKN, personal invitation to HackIT cybersecurity conference, Hacken special souvenirs
img2
Personal invitation to HackIT cybersecurity conference, Hacken special souvenirs
Hacken special souvenirs

The Winners Are:

-1-
Georgios Konstantopoulos
-2-
Bharadwaj Machiraju
-3-
Daniel Sanchez Ambite