ESP8266 wargaming at OSHCamp 2015

It was a few days before my talk on the ESP8266 at OSHCamp, and I thought it would be fun to make a hacker’s treasure hunt to run over the conference weekend. Oomlout and OSHPark kindly sponsored the prizes.

I didn’t have much time, so I settled on 3 stages, with the final one being to turn on this strobe:

The first clue was ‘find an access point in this room’. I had an ESP8266 and LIPO battery taped under a chair in the main room:

This set up an access point and was serving web pages on high port. There were a few misdirections (people who got this far got rickrolled) as well some real clues. The clues led to the next ESP, which was hidden in another location.

The second ESP created a password protected access point for 1 minute every 3 minutes. It served a single image that contained some hidden data. The data contained 60 passwords and source to the strobe box’s program.

A team from Manchester hackspace managed it with 10 minutes to spare, which was pretty exciting!

I wrote the puzzles/code to be fairly basic compared to some of the wargames I’ve played online. No buffer overflows, but port scanning, scripting and reading code was all necessary.

In running the game, I found it really useful to have unit tests setup for each puzzle. That way I could easily and quickly verify everything was running as it should.

There were a few problems; lots of port scanning would crash an ESP from time to time (but they rebooted on their own). The strobe ESP often became unresponsive but I think that was to do with the conference network rather than the ESP. It worked fine with its own AP or connecting to a different network.

If I do it again, I’ll try to have some more simpler puzzles at the beginning – a lot of people didn’t get past the first clue because they’d never used a port scanner.

If you want to run it yourself, take a look at the repository.

Leave a Reply

Your email address will not be published. Required fields are marked *