Intro to the ArchAssault Project

we're good volume is good all right so as he said uh my name is Tyler Bennett uh I am one of the main Arta developers um been doing this for about a year and a half so far uh we don't plan on stopping anytime soon um see so why you know what is Arch Clinic does anybody know does anybody actually use it here all right you guys plan on adding the repot when you get home or right now all right um so we use Arch Linux because we find that it's a lot more lightweight than say Debian or Cali or Fedora any of those um we find that a lot of users have a lot

of um they have more issues with it because most users are used to being handh holded by De and that's obviously an opinion but that's my opinion to have um so we find that a lot of people enjoy uh enjoy Arch because light weight is fast you can install exactly what you need and nothing more um so we are a layer on top of Arch Linux and Arch Linux arm um we support uh X i86 x86 64 and R&B 6 and R&B 7 so all of the R&B 6 and rb7 boards are toic arm supports you can easily drop our layer on top of it and install whatever you would like from the repository um we work very Clos with the

aric arm and aric developers to try to maintain a very uh stable and um try to form a symbiotic relationship between the two so that you can easily just drop our repository on top of them and grab any tools you need being built to the standards of Arch Linux and Arch Linux arm because they follow Arch Linux um that being said we we follow their standards so you know we don't have an installer because we use pack strap we do that because we believe that we want to keep it simple stupid you know follow kiss philosophy um yeah so what is this although that's kind of funny everyone you know right so I like to Define us as a fully

customizable artics distro for Security Professionals on the bleeding edge

so got nothing on that one so we're fully customizable you know we don't have you we don't give you we don't give you gnome and say okay here's G that's all you need to use we let you put whatever you want on there give you all the tools you need to do what you need to do and obviously we built aric standards which means that we follow their philosophy very closely we package all of our package directly to their their philosophy and their guidelines so that means that uh for example if you try to install a package you can easily remove that package without having to worry about it messing up your system because it's

packaged correctly obviously as I said we support 32bit 64-bit and rb6 and R&B 7 so that means we support drones so one of my other developers is a big drone fanatic he's actually been building uh drones for probably 15 years now a very long time and he started taking our distribution and dropping it onto uh embedded devices such as a o C1 or a um ble bagle bone black and it'sing adap antennas you know USB Uber Toth all that kind of stuff scripting everything out and then flying it around and capturing all the bation he needs and then flying away and all using a um using a uh an autopilot to be able to have it

fly in and fly out so he can fly in grab what he needs fly away before anyone knows so the idea behind that is so you would uh you know build a drone that that would say go Target an office building goes and flies on top of the office building it lands being all battery powered and solar powered land sits down does everything it's do starts scanning grabs what it needs flies away they never even do you came by unless the check the top of the building so yeah so how do we do this well we do everything via G um we have multiple git repos we're on GitHub we're on bid bucket and we're on git lab we've

had to move things around a few times because we we like to keep our GE repos uh private especially our development repo mainly because someone's going to just copy us then why are we doing this so we try to keep things back a little bit so someone can't just pull everything in um um see so we utilize namc cap namc cap is a AR Linux tool they wrote to make sure that each package build is built to a to the standards that they they advide to so um for example a a c based program that we compile if we forget a library when we NCAP that tarball that it builds it's going to show that we're missing you

know uh I don't know live ISL and we just add it in recompile it bam everything's done but that makes sure that we maintain their standards directly so clean trots so the AR Sonic standards maintain that each package is built in a clean Tred environment which means that basically install all the base which all of your your development libraries uccc make patch all of that and then your package build is going to have to pull in all the dependencies and needs so if the package build doesn't build correctly and a clean rout we don't push the package because that ensures that the package is not correct needs to be fixed um obviously following standards again so why do we do

this why not um we do this because we can you we we enjoy our Linux we enjoy infos and we enjoy breaking things and hacking things um if nobody used this we would still do this just for own ends because we really love what we do we're very passionate about it um so i686 why do we support is6 86 well we again we try to follow AR standard and Har Linux still supports it so do we they drop it out we'll drop it out mainly we'll lose a lot of packages that way but that's either there obviously it's a 32bit architecture we all know that um runs on a lot of embedded devices all of the rv6 and rv7 are

32-bit there's no 64-bit arm right now maybe rv8 when it comes out um so we have x86 x86 64 support as well obviously everyone wants 64-bit now when we utilize 64-bit support we have to make sure we include multip because a lot of these tools are built specifically with 32bit libraries if we don't include 32 bit if we don't include 30 multi you will not get your 32-bit GCC to compile that one package and will not build correctly on 64b GCC um so arm so we've R pretty heavily on the Arch Linux arm developers to maintain and build Arch Linux arm and that allows us to again be an easier layer on top of our on top of their

distribution we work very close with those guys all the time to ensure that everything's working correctly um um if we have certain issues we will patch it and submit up to them or we will just put a patch in it and go on um perfect example the other day we were trying to get a prince processor working on arm and the developer that built Prince processor he did not immediately make it available for arm so we had to make patches inside of it to allow it to install correctly on arm and then he made some changes and broke it and then we got rid of it hard hard but that's not the point so we we make as many packages as

we can do things to keep things working and then because we are a small team if they eventually are too much of a hassle we will put it aside put it in a staging put it away for a while maybe remove it from repos that are broken in until we can fix it at a later date now if someone really requested and really wanted it fixed we'd bust our butts to get it working correctly

um obviously again we build their standards so R&V 7 so R&V 7 is our main bread and butter there's a lot of devices now that are R&B 7 and R&B 7 means that they are a um multi-core device I believe it's quad core is an rb7 device that's that's a standard now there's still 32-bit there's no 64-bit armed devices as of this time as far as I know um and obviously we support o Droid not not the P we have issues with the r with the foundation uh we try to look at the more um at the more lesser known rv7 devices out there I'm sure a lot of people haven't ever noticed even heard much

about theid C1 it's a very interesting device we uh we started building with it and uh it's it's got gig Nix it's gig of RAM and it's a quad core processor it's able to handle dual Alphas at one time at the same time capturing for over 48 hours without a glitch while at the same time stressing the CPUs up to a load of 30 was still having 90 Megs of ram I'd say that's probably pretty good on a device that only takes a Max of 2 amps of power so you can easily power it via VIA like a 5,000 milliamp um uh LiPo battery probably powered for two or three days I haven't tested any

of that of course but theoretically could be possible I'll be louder project more okay sorry everyone just kind of talking the front row you know so we talked about multicore again standards already questions now that that's not good I should make more it's more to go on you show off you got yeah yeah so I have a few devices here um you ready so Aim Shoot click so this obviously is a alpha 2.4 GHz omnidirectional 5dbi antenna nothing fancy just something fun to play with um we have another one from simple Wi-Fi same kind of thing we we really like them a lot there I bought few things from them I don't have anything else up here from them but a really nice

device actually my rtlsdr this is a software defined radio that can sniff GSM um FM all kinds of signals out of thin air I believe the Arch Linux arm guys are us using it for um pulling the radio signals from the airport and graphing it via a waterfall device that's kind of cool right and obviously we have the H Droid C1 it's the gig Giga Ram quad core processor it's got four USB ports so you can hook up probably possibly four antennas to four four Wi-Fi adapters to it tack four different networks in one time it only does 500 milliamps on USB so may run into some issues it's maybe not powerful enough but we'll have to do some further

testing we obviously have more Alphas for wireless uh access or wireless access points and hotpots and just back and injection um all of these are fully support inside of our kernel um as well as the mainline AR Sonic kernel by now because it's on 4.05 I believe um so we have this USB Armory is anybody ever heard of this before but you ever seen it so and we have all this stuff at the tables we can't can't see we can see more things when you come by this is a dual core 52 megas of Ram uh USB stick you can plug in you can actually boot off this this running Arch Linux arm so I have this configured

right now to be a fake mirror of our repository so you could put this into a computer boot off of it and you can actually download all of our packages as it currently exists and our repo from this device right now you're completely offline um we work pretty close with these guys these are for guys of iners path you can pick this up by crowd Supply if anyone's curious they're about 140 bucks really recommend them they're really really nice guys so now we have a uh shikura from exhibitor it's a new device I've been playing with to uh work on embedded systems so it handles uart zip and um jte and one more protocol I forget so

recently I used this to um I pulled the case off by ubiquity AP and you and uh basically you into it and C serial was able to root it and pull off the image and then uh wipe it with open work because he B his AP stuff is so so um you sure everyone's seeing the hrf sorry so hrf is a device for pulling RF signals I believe it does GS GSM and Wi-Fi as well um it's pretty expensive but it's also by the same guys that make the ubertooth I don't have that up here but we do have one at the booth um yeah that's all right talk about that can everyone's probably seing these

before this is a professional one from simple Wi-Fi I didn't buy it so I'm not sure exactly what it cost but pretty nice gives you a very wide range it's a unidirectional and does anybody have any questions I didn't answer or anything

yes yeah so so the live CD outside is um our full install our full repo install it's about 16 gigs fully installed and that's about you count AR Lin plus o it's probably about 2300 packages on that CD that makes a 32-bit about 3.9 gigs the 64-bit including multi is about 4.3 um but it's a live city running open box you can uh you know it's got Firefox it's got tour it's got pretty much everything do you can install off of it you can do whatever you want to do with it you can play with it um we don't have have any persistence or anything like that yet we are working towards adding persistance there's an issue because the

the squash FS that holds all the packages is at 32 gigs and the way Arch Linux works is it actually wants to take the whole squash fs and load it onto a USB stick or hard driver or something of that nature and then we actually have to label that device so each time you would you would want to have persistance you'd have to actually have a specific label device label on your system to be able to have resistance so we haven't quite figured that out yet that's also in line with using forensics mode we working on the forensics option as well where you can copy whole entire squash FS to Ram problem is that it's quite large you

have to have 32 gigs of RAM just to be able to hold the image that's a massive amount um I I forgot I missed a few things so I apolog it's all kind of rample for a second um so we do have a custom kernel our our our little life C runs our custom kernel which is 3182 and it sorry I thought someone said something it maintains um all the Cali patches are built right into it so all the Wi-Fi injection patches are baked right into the into the CD into the uh kernel so in doing that we have to maintain actually maintain virtual box modules um a few other um Kent modules for I think uh R8

169 the um uh Nick driver we support the same same kernel modules and our kernel that the Linux LTS package pulls into their theirs um and we make that the default colel when you boot from R ISO but as you said since we're on like for the 5 most of the pack most of the Wi-Fi cards are supported with full packet injection already in main line and if they're not you're probably using something very obscure anything else yeah go you in the back

we would love if people would be able to commit and help out I will say this we've had issues where people have committed and they we criticize what they do because they don't follow standards and then they drop off the face of the Earth so I would say don't do that we we we hold our hold our drro to to high standards and we we will throw criticism back if something's not right but we're trying to give creative and instructive criticism not yelling at you for doing it wrong um if you want to do that you can do all that via our GitHub can Fork it pull it and um make any changes you want

if you find any fixes you know let us know we have our bug server we have bugs. ar.org we have a Wiki server which has our Wiki pages with different tools um some of things that we don't do so like like medis and Cali they automatically enable you to be able to connect to connect via to the post database we don't set any of that up for you so it's basically just standard metas point now you can just set that up we have instructions to do that in honor a waking and then you can connect Armitage to it or uh Team SP what everyone to do from there anything else anything else anyone

again well you can easily find us in RC we're on RC fre no/ Sal um you can can certainly put if you have a specific armor device that maybe don't support or you want to see supported you can easily put a put it in our bug tracker all you got to do is register an account submit the bug we'll get back to you we usually pray prompt uh one thing that a lot of people say is that you know most most security distributions are really not are not supported very well I mean you find a bug in a package it might take you know 4 months for it to get fixed but I mean I'm literally online

every day so if you find a bug you find an issue I will probably see to it and answer it within 20 minutes usually that's a little excessive because I do actually have a job so you know but I mean what I'm trying to convey is that we really care about this project you know you guys find any issues you know please let us know don't just throw your hands up in the air and say oh this you this is stupid you know if you let us know we we can't make it better without you guys cuz we don't know we can't fix we don't know it's broken you were tweeting me before I even finished downloading the

iso I yeah I mean I basically sat outside in my booth on Twitter and on RC all day long it's been quiet but been watching things just to see what's going on obviously everyone's here so why don't want to be online right how many P do we

room I Ur you toe how many of you USPS or loaded

I seriously get out there not's not he's not selling himself overly exive quickly responds when when Adam and I released the he had in I could even you know could P the image down and uh so these guys are very fast and if you're not on responsive I think I've in his room when there hav't been there recently yeah we've been there for a long time G how many of you have heard a you go confence or pull or whatever you cannot find it in or never there's never been a tool yet that I have not heard about that I don't go and or we'll see a post like in or something asking for it that it's not

there really quick I've seen like two and three updates a day to their repos so I I I don't use it as strong I still have my solid set of tools that I use but I will say like when I have something I just can't find or can't get work anywhere else I my arbx and it's there so it's a great place to go and try those tools especially they did you give the num based on thees uh compared to what C or um so we've done a little numbers and so C shows their actual tool list and that basically maintains every single tool they have except for dependencies and we blow them out of the

water by about 600 packages now we have a lot of Community Based tools we'll pull in things that you know a simple python script that does you know WordPress scanning we easily pull that in because we support the community as a whole and now as you said it's always changing so we always have to work very fast to make sure that we are supporting and make sure that it's up there if you find any Cool Tools let us know we'll figure it out simple as that many of the tools are actually inst by default I know talked with some people who prer to have sort of a lighter lighter weight distribution and be able to pick and choose the tools

they you mean from the iso perspective yeah the iso has all of them has all them yes now we do that so they you can't say oh I tried to use ISO and I didn't have this tool got that way it's all there we have different categories for everything but we we put we categorize every tool based on the type of tool it is you know Wireless uh signography cryptography whatever we try to make sure that all our tools are in the correct groups we have any tools in the wrong groups you know let us know fix fix things we're trying to work on that that's a lot of work because you got actually rebuild all those

packages that being said you can

take and when you do the installer too at least the last one that I downloaded when you do the actual two dis install it's noo well that's what keeps it like weight yeah I was going to say like it's I mean you have to do you know you have some scripts they have some different options install you can choose but for those that like that that's pretty much the default right yeah we that's basically the default of AR Linux is it's basically just a um I don't if everyone's ever used debian's boot bootstrap same kind of way it just basically puts all the packages onto a Tred environment and you build everything out on that so like when I

build a server I can literally build my um I can go from clean disc all the way to fully installed in about 10 minutes mainly because I already know exactly what I need I already have everything configured drop it on that I can reboot those reboot in that disc and there is the environment so any other questions not answering and I appreciate it guys thank you I'm obviously forgetting a lot of things