Building the BSides DC Registration System

the b-sides DC 2016 videos are brought to you by clear jobs net and cyber sex calm tools for your next career move and Antietam technologies focusing on advanced cyber detection analysis and mitigation

the truth

okay so i'm also scheduled to talk about I sia stata stuff this afternoon so but I like to build things my name's Jim gilson I'm a electrical engineer by trade so I kind of stumbled it a cybersecurity a few years ago probably go on 15 at this point and we suffered quite a bit of issues with our red system the last couple of years for the con so we decided there had to be a better way and I took it upon myself to make something that would work we have we use busy crop which is a site that helps conferences to execute reg systems and we so we send out the bar codes with that and that ends up giving us a flat

text file for our database of like registered attendees in there it's just three fields it's one for the code itself long for the email and then one for a field that describes what what they are so in our database we've got a speaker attendee and we've got one like I identifiers for each class or different things so it figure out a way to work with that we have been using the con q our system that dirty Tom uses so the way dirty Connor has it set up is they have a separate life lines a network and they basically have phones just linked into that Wi-Fi network and use the QR reader that's on the phone we have had problems

with that Wi-Fi linking to the reg system previously the last two years we basically had it buried just kind of crapped out we couldn't do anything so we ended up deciding that we wanted to do a fully wired system and because i love cheaper and rama things i had a whole bunch of the Raspberry Pi the poem I had had no I purpose to do with them I said let's try and do a Raspberry Pi for us so this that may be seen this is the actual box here inside there's a brethren 53 and basically what i have on here is the pie hat so if you actually so I actually use the pie hat which is

up top here and I knew these would be poked around quite a bit or just the possibility of some of the anything on it or even just sitting in storage they'll get bumped around everything so I want to actually solder buyers to it instead of just using the little jumper cables that you use on the proto cords so I actually started on to the proto on to the PI had just so I had something nice and solid from there I'm just going to four of the GPIO pins general purpose are economical that is and I use it to basically light of these lights so the way the way it all works is I actually have the pipe here on board and the pike

county board is set up to do motion detection so the pie is set up with motion detection and what it will do is every it takes him two frames a second if it's a text motion it will actually go and save that off to a file in a particular directory what am I my Python code just sits there and says is there a new file in that directory if it is I automatically shut that off to the QR reader code there's Python like available downloadable code for QR reader stuff it's actually built ian is just sooo dope it installed QR code it'll do processing of the QR codes you need a good generation or even

processing of them and so I just do that now what I found is that the for the camera the focal length for the camera on the raspberry PI's is actually about in order to get the focus properly at around eight inches you need to use a lens of some sort the cheapest easiest lens is walmart three blesses so it works and actually I found a lot of people doing that online it's just really simple they're like a dollar or actually these are I think these are a lot of work but it's just like they're plastic lenses you can drill it them you have to worry about shattering stuff so this is actually a plus three lens on it

to get it and that focuses really nicely at around eight inches so from that I get a nice clean image process it through the QR code in Python I get I just submit that QR code to the conch you our server the QR cert the server itself is set up to basically act as a TMS master for the system so whatever code whatever DNS it gets it automatically just processes that into the system so it doesn't it doesn't actually care what the HTTP portion of it is just looking for a few our code that's submitted as part of that so it could be food blind doesn't care but it crosses a QR code inside the server it

goes and looks for it in the actual server in the flat text file if it finds it it then writes it out to a registered file writes that code into a registered file that way just in case you're getting multiple people at least you have a way because it is development code I mean even though it's been out there for a while and derbies been using it it's still development code so it crashes occasionally but you got a bit you got a way to back it up it's not all just in memory in a database or something like that so and then what it does is it sends back an HTML response on the on the return the

original con q our stuff that Derby con uses is a very simple it's actually just it's not even sending back a fully like qualified HTML response it's actually just sending back a text string using HTTP we actually tweaked it so it's sent back a full HTTP our HTML file coded and I send back a response in the meta description field in the header that says whether it's registered whether it's a duplicate or it's unknown from that I get the response back from the server this guy what it does is it goes and reads that interprets the text field and then it will flip on the LEDs so the one side of the LEDs let's see it is

this this right side here that actually is what you were seeing when you'd walk up it was a blue it was just a blue light that was telling me the systems up and running it's good to go the when that one went green it was saying it got a good QR code and it was sending a signal to the server the other side of the red or green one that was actually saying whether it was a good code is green a bad code was or duplicate code was red and we actually had a couple times where it came back is unknown and that was the doin that was given a yellow LED but it was actually just a

way for us to kind of give a visual and then I also have I also have the little monitor that you saw next to it I actually give a visual representation on that monitor as well for the same thing and so I actually have the image that's being shown here I display that using a PI game and then I also overlay on top of that a little box that shows the code and gives me an indication of whether it's good bad or unknown so that's the that's generation one this and as I said Alex said I already have the code up on github and uh the i'll put the design plans basically these pictures and then a blog article

as well up on github as well and then will publicize it out any change that we made to the con q our server stuff we're going to actually send them back to Dave Kennedy and the guys at Derby con so they can roll it into their system because that was actually in I started like looking through their code for con QR and the like to do add better HTML response so they they were looking for help anyway and so we figured to help the community out we're going to just continue to roll this through so one of the actual things that we found on this for this year that we want to improve is actually I had had some LEDs on the

bottom here to help because I figured it would be dark or did I didn't want to have to worry about the lighting situation it turned out they were too bright for any phone pretty much they reflected off the surface and what would happen is the QR code would get this bright white spot and it would actually mess up the QR code reader so what I actually did just temporarily this year I just taped over with electrical tape actually what I'm going to do for for future version is put a little manual switch on it for cuz paper codes they actually need more light and so we were just sitting there with a flashlight and kind of lighting them up or like taking

the tape off or just so we could get a little bit more light in there so we'll just have a manual switch there was thought to try and do some sort of like automated oh I'm detecting a spot or something and it's it's just we got people standing up there anyway so just hit a manual switch and then improving on the server response so the the little screen that pops up instead of just giving an indication of what they are registered of that they are registered or not registered things like that we actually wanted to put an indication of what they're registered for so are they a speaker if they are put bigger if they're registering for bro then put the

bro class or if they're registered for this class or at class or their ninth ND or they're a sponsor we can put all those kind of indications in there since we have it in the database for the con q our server will literally just have that additional field that we actually process along the way so it was actually a pretty fun project I did the first one that I built took me probably a couple months to get kind of up and running and debugged at least to a stable point and then turned in terms of the the hardware itself so you may notice that this looks rather like a letter this this white portion here is actually from joann fabrics it's

a craft j and then this of course is just an electrical box but one of the big things that i was probably too worried about was non-conductive so I first actually what happened was I was originally looking for just a wooden box to put the Raspberry Pi in about the right size and everything and it turned out that actually the electrical box from home depot was probably the easiest thing to use and then while I happen to be wandering through the aisles looking for ideas of stuff I happen to see these days I just happened to walk down that particular I'll and I said you know what I was already thinking about having a gooseneck from a lamp or trying to

figure out some way I could do it but then I didn't want to have it conductive so i couldn't I was trying to figure out some way to do it and then I just I happen to stumble past this set of letters and it was the perfect size and perfect shape and everything so it was an interesting project I had a lot of fun with it too until once I had that once I had sort of the design and everything built it only took me about six hours to replicate for the others but that was like when I had the soldering iron up and hot and I was like ready to go and had all my tools out and

everything but as I said it was a kind of a fun project yeah

yea big because the this because we have this locked into a particular size it's only got a certain amount of vocal space on it so the idea would be yeah we could have one where we could maybe move it to that's that's maybe a possibility of how we could adjust it we also had actually over the speaker sponsor area they're check-in we had a little tablet okay so that that's another thing to actually so with these I don't have it here but since we were dealing a hardwired system we were trying to figure out ways to get something else that we could use and we actually had a little um Alex brought his little Nexus tablet us a nexus 7 and

from that there's a little USB or like a micro USB to ethernet adapter that you can get and so we had that and that has the normal regular camera that it can use in the Google designed actual QR reader so it's a lot more stable than this is and from from that you could actually like hold it up to a higher distance so that's another possibility for how we can do it for the future to we can have more than one of those or a at least one of those sitting around for that kind of case since we're dealing which is a flat text file to we were able to at least register people by by

hand looking in the text file right now we actually had to manually copy that code into a separate registration file to make sure we so when we were actually sitting there basically if you had troubled you or forgot your code you basically came over to where I was sitting with the monitor and I was able to actually look people up and so I was just looking up people in that in that flat text file just doing a big just doing a grip on them and then what I was doing is I was copying their code into a separate just man txt file so after the con we're probably going to go and make sure that we didn't

get too many duplicates in there but it's just kind of like looking in that extra file for it but the idea of the QR code being too big we just probably have to figure out just another method and I think the the tablet seemed to work out okay for that or taking a picture of it and just using it on your phone that way too so yeah no problem I was kind of like talking to people about it anyway and so I figured but but yeah I plan on putting out a full like article about it and instructions and everything and we'll we'll tweet it out and and all so

ok so the server we actually set up with DHCP first with that so it's got a dhcp server running so these guys can just plug in so the dns a way that works in con QR i'm not fully sure but it's sort of setup to automatically redirect any DNS requests to this server and so it doesn't care what the address you're looking for is so that the first part the HDTV / something / and then you've got your QR code equals this so if you actually like if you have your if you have your code with you take that and run it like take it and run it through a QR scanner and what you'll see is you'll

see HTTP b-sides DC I think it's besides DC reg and there's no like dot org or anything like that it's just slash ? QR code equals this so it strips all that out and just set and it only really uses that QR code equals this value so it doesn't care it could be as I said it could be food blah and it doesn't care it's it's just looking at any requests to DNS it's redirecting that to the con q our server Python code and saying process this as a QR code yeah no problem there's no other questions of come on up i'm sitting at reg desk i'm trying to actually work on the last slide or two

of my presentation for this afternoon but i'm willing to show it to you in more detail or if you want to come up here I can show you and ask me afterwards so thanks