Intro to Hacking anything - Creative mind of a hacker

uh how's it going awesome it's it's awesome to meet all of you my name is raul shashi before i go into the depth uh or in detail about me i just wanted to show you a bunch of things i've done in the past so i was always a curious guy uh you know that's how i got into hacking which is why you are all here as well right your curiosity um i just want to show you a cool hack which i did long back this hack was hacking your cable tv network and it is basically like someone is watching a tv channel right and you can remotely hijack that tv channel and make them show any video of your

choice this is a hack we did back in 2015. i did it purely to impress my girlfriend so the idea was that while she is watching a tv channel i should be able to remotely flip the channel and make her watch a video proposal of mine right so i'll show you the video and i'll explain how it was done uh sound sound where you can watch excerpts from the most controversial interviews with all the biggest news makers who have taken straight questions from india's most direct manner hello greetings from garage 4 hackers this broadcasting is taken over by us knowledge is free in garage form is to libre knowledge you may acquire interpret and apply freely the knowledge

you gain from garage the knowledge can be reformulated according to one's needs and shared with others for community benefit visit us at garage4hackers.com so yep let me tell you how this thing was done right uh so your whole tv network right what happens is your satellites broadcast the signals you have these dish farms which collects those signals right sends it to us cable tv operator the cable tv operator basically decodes the signals modify it amplify it and then sets it to the different houses right so this is where exactly you can do the hack you can actually be a man of the middle attack you can do a man in the middle attack in the cable

tv operator premises so what happens is when the signal which is actually modulated passes through the local cable tv network you can actually inject your own signal into it and let me explain how it is done for example every channel which is out there right for example let's say national uh national channel it comes in a particular frequency and the box which you see over here is called an ir decoder the objective of this machine is to actually decode the signal right to the broadcasted signal and then re-broadcast it into the network so it comes in a particular frequency let's call it frequency a right and then every channel which is out there has a

similar ir decoder so what you see over here is an ir decoder farm an ir decoder farm is where let's say you watch 34 channels at your home all of them are decoded using this form all right and what you see on the bottom of those farm of those decoders are you called modulators once it's decoded it's again modulated amplified and send it back on the network this is exactly where you can do the man-of-the-middle attack right you inject your own signals for example let's say you your girlfriend is watching times now you want to replace times now with your own video so you then create a video in the same frequency of primes now injected in the network but that's

where the problem happens right now there are two frequencies in the network of the same uh frequency so this is why you need to do a one-way tapping so what you do is you basically cut the frequency of times now like literally kill it and then replace it with your own video in the same frequency so that way you can basically hijack the entire you know town or your entire village how how much ever the cable tv operator has control on this is a setup which we build it costs us 100 100 to spend close to eight to nine months working in this facility trying to figure out reading as many rfcs you know the

the manuals right uh talking to all the cable tv operators on the ground figuring out how to do it eventually we did it uh all hundred dollars and this is a setup which we this is a this is a workshop which you spend all the time basically in 2015 trying to build or do the school hack um so that's that's it um youtube so this is what analog tv networks are right now your tvs are not analog it's actually digital actually we figured out a way to hack those also so digital is again the the fundamental principles are same the the the frequency comes but it's actually converted into a digital signal and then your houses have a set

up box i don't know if you're seen there's a setup box in every house the setup boxes are the one now you know and it's the stream is now encrypted you can't just do a man in the middle because the stream is encrypted the setup boxes are on recording it and then showing it on the tv this is where we found a very cool hack right and where did we find this cool hack by reading the manual all right the rfc of these protocols setup boxes managers and we found that the setup box when they parse a video of course it's encrypted but there is a bit in the transport stream and if you change the bit the setup box can be

confused in thinking that the incoming audio video signals are unencrypted so instead of sending encrypted streams you can actually send unencrypted streams still do the mitm and the setter box will pass them so what could you do with it we are able to even find more bugs in the setup box with these bugs you can actually crash any set of boxes if you crash the setup box you can crash any tv which is in in your locality so which means i can go to your town and literally crash everyone's tv like let me show you a let me show you a demonstration of that um so this is well let's let's say your mom is watching the soap opera of their

choice and then yeah so what do you have what happened is the setup was literally crashed because of the passing scam and keeps restarting so what happens is you can keep restarting someone's tv like literally you in your entire town at the will of your choice so anyways a little bit background about myself uh you know i was a very normal kid i was a very normal grade growing up it was very difficult i always felt like an outsider i felt like an outsider and i was not very talented in sports nor talent in academics right and school was extremely difficult that's when i saw this movie metrics a movie where a hacker called neo

tries to you know fight a much highly intelligent uh computer system that's when i got introduced to the term hacker i subsequently started researching got i felt that this is where i where i should belong and i reached college this is back in 2006. when i reached college i was contributing to various cyber security communities etc etc and when i reached my seventh semester particularly um that is when actually you know in in college that i got introduced to the community called garage for hackers um this was very new for me because it was an online community where the learning was very different there were no professors there was no assignments no bullying people came together shared what they

knew and it was always about the learning right there was no show off but being humble and trying to learn as much as you can when i met this community i felt that this is where i belonged right and i kept contributing to the community so when i reached my seventh semester of college i got this internship opportunity from this large startup called eyesight partners they wanted me to be in their campus for six months and unfortunately i studied in a dumpster college and there was like you can't go do this internship you have to be in campus for the next six months and for me it was like this is all i wanted to do in my life

and and that kept him thinking you know it was more it was very difficult for me to you know cop up with this reality so i got a meeting with the head of department trying to convince him why they should let me do this internship and i'm sitting in front of my hre right trying to tell him that i should be in this company doing internship and he's like rahul how many areas you have how many backlogs you have well there was a subject called digital signal processing in my sixth semester this is a subject i had no clue i mean it i never understood the subject because i knew what i could do with it i

didn't knew the practicalities of the subject because of which i flunked i said well i have this subject as my area he's like well you stay in campus finish the subject but you're not going anywhere this is like more this is worse than a breakup for me and i was like uh you know all our life we want to do what we wanted to do and here is this one guy telling me that i can't do it or i should not do it so i decided to cute engineering i quit engineering in my seventh semester and my thought process was why do we need to learn things for a certificate why can't we just learn things for the sheer fun of

learning for the sheer fun of creating something valuable and just contributing back to the community so and then my thought process was because now i don't have an engineering degree everything i learn and everything i create i'll put it back into the community i'll publish white papers so now these white papers will become my certificate so someone when they look at me like number of years down the line well i don't have a degree but i still have all these publications right so i started doing that when i started doing that um uh the first paper i published was on digital signal processing it was actually a hack in interactive voice response systems so i spent researching

about this topic and i understood that digital signal processing is everywhere right i mean from your interactive voice response system what it does is the usb dss converts uh some form of a signal into a different form right and that's what i ivrs does like the interactive voice response systems it takes voice as an end but even alexa does the same thing but it takes voice as an input converts it into some form which is what the fourier transform and fourier transform and discrete mathematics is all about so i went in the depth and i understood it and then this was the first research i published in 2012 which got me as an invited speaker to

black hat uh amsterdam i was a young speaker there so what we did is we found ways to hack interactive voice response systems where you can trigger the system please

are being processed by a dfp okay

application failed sesh with code 500 server error url http colon slash slash 192.168.43.97 slash cgi slash the underscore test. what is basically reading out the entire text stack it even reached out the session token of the device which is but what how did we hack into the system why using see input is everything right in our world right you can tamper an input and make it do anything in this case the input is audio which is the dtmf tones you can modify you can create fuss payloads with the dtm frequency and then you can actually uh hack into the system so this is a paper which we published this is the old this is my first paper

from 2012 you can read more about it but yeah so this is what i've been doing my name is raul shashi i got the opportunity to speak in almost 22 plus countries uh and and this is what i like uh this is what i like doing and this is what i continue doing in 2015 i quit my job uh founded cloud tech and when i quit my job right there were a bunch of my colleagues who said well rahul you don't have any manageable skills right you're an individual contributor so you would never be able to build a company well today we are a team of hundred plus people and i think i'm doing okay

so [Applause] the the thing with people is that right they'll always tell you you can't do things just because they haven't done it right this is exactly what we do in the community right we prove people on a daily basis wrong and this is what our skills are right so the idea is not to be normal the idea is to be disruptive and it's not a straight line there are no rules for you guys if there are rules you are supposed to break them right and and why do we do it we do it for the sheer fun of doing it just to prove a bunch of tools wrong as simple as that right that we can do it

so and and it's very similar what we do is very similar to the magical community the magicians they take something which is very silly very simple like for for example a smoke or a playing card chain them together and create a masterpiece out of it which is what we do also here right we take small small different hacks put them together and create a giant exploit out of it um and the idea is right the idea is not to be afraid of trying new things the idea is to know that you will fail but you'll still end up creating something valuable right this is even similar to the skateboarding community the thing with skateboarding community

is so what you see over here is rodney muller i'm not sure if you're able to see this slide this side rodney is a very famous skateboarder what he's doing over there is called as a kick flip you know the idea is we'll just slide you click it the board flips it your it rotates lands but he has created a variation of that right so his variation is that he it moves he flips it to one side and right in the air he flips it again and brings it down very difficult to perform but he mastered it right and the thing is and the thing about this community is every time they take or do something new

they fall every time they fall it hurts so much right but they get up and they try it over and over and over again till they get it which is their thoughts of our community as well right i mean imagine the number of times you've been trying to do something it doesn't work um it hurts mentally right might not physically but it hurts you mentally so much but in the end we get it done and and that's that's that's very important to understand that when you're trying to create something new you always fall but every time you fall you're gonna get up and become much more wiser and smarter so this is a hack which

i tried putting it together the whole idea was so you know the have i been born sort of come saying a dark web a server of dark web credentials so the idea was you know there's a lot of data on dark web we have this huge data of dark web available on our server what we will do is we will put a drone and then a face recognition system on the drone so what the drone will do is it will fly around in the crowd start reading the faces of the people because your faces are your photographs are there on the social media and then the drone will detect dawn will capture the faces the

face detection system will understand the faces and then convert it to an email address or a name search that information on the dark web and then show them the information so this i thought was a very cool way of demonstrating things right and me and my team of four people we spend weeks right practicing this stunt and we are planning to do it in a large conference called cocoon there is almost 2000 people in a coming there and this is like this talk because you know the way i explained it's pretty it should come out pretty good right so they gave us the you know the talk right after keynote um see we even went to the

conference venue one day before to practice the whole setup right uh we practice it everything came out really well so on the day of the event i'm on the stage my team is down there we even brought a professional uh drone pilot because you know because there are enough people now on the floor we should not make a mess uh so let there be a provisional pilot everything was planned everything was perfect and then i am on the stage the drone flies up and the video is supposed to stream onto the screen which is right there right and that it will start capturing faces and showing them their passwords if there's that is there on the dark pipe the drone

flew up but no footage is coming and i'm friending standing in front of a crowd of 2000 people looking like a jackass have no clue what is happening i can see my crowd my team on the ground and they're just literally running around and and you know and the matter of the fact is i stood there five minutes embarrassed not knowing what to do um and then we have to call it off we couldn't do the stunt at that point of time when we got onto the because you know you're panicking also but when i got to the back to the team right when i got back to them they were like really sad you

know because this has been what we've been trying for long um that's when i understood the problem is the room is now filled with 2000 people all of them has a um what do you call a baseband a phone right the phone has uh what you call the wi-fi hotspots right many of them have these wi-fi hotspots so what we did is on our drone we have attached a gopro the gopro works on wi-fi frequency you know wi-fi technology the wi-fi technology is the one which is streaming the video back to our computer and that's how we are supposed to get because of all these base stations in in in the room there is a signal jamming which is

happening now remember the old cable tv hack we did which is very similar you're just jamming your frequency but but that's a very similar kind of situation that has created in that room because of which we are not able to get feeds on the computer and that's why it failed but once i got down onto the floor i understood this particular thing so we oh sorry

[Music] so i mean uh you know it was supposed to be like a higher upgraded version it was supposed to be multiple drones flying around capturing that is how it should originally come but then once you identified that you can't do the stand inside the room because of all the base stations we took all the audience the audience came out for lunch break and we did the same thing so now when they are outside there is no signal jamming and and we are able to do it so what you see over here is the the dsp of kerala police and the other guy is also an ips officer so now the drone is able to detect the faces and

then on a click of a button we'll be able to show them their leaked credentials on the dark way um yeah and and that's that's pretty much how that went and what you see oh here is their leak credentials are just much more easier to show so yeah so being here talking to you is such an honor right it's an honor because there is this beauty in speaking to a community of your own making seeing all the young folks who are now doing much better things than you could or you will ever do is such a happiness right and this is all what we are here for just share happiness so thanks a lot for having me

here i appreciate your time [Applause]