After enumerating the badge, dumping the firmware, and giving it a little kiss goodnight, I figured out how the RFID and reporting system works to count badges for the leaderboard when scanned by a scanner. It’s all based around MAC addresses.
Well, these devices are all using WiFi because… well of course they are. I just so happened to have my Hak5 WiFi Pineapple with me. Who doesn’t bring their entire kit to a security conference knowing that it’ll collect dust?
I walked around during the conference, collected all of the MAC addresses in the air, and fed them to the scoring server. Plenty of failed attempts, of course. However, I eventually figured out the manufacturer range that was in use and narrowed down my attempts. This took me most of the way into 3rd place for the badge competition.
Also, I got reset for enumerating and brute forcing the MAC addresses before the conference started during the training days. Oops. Sorry.
]]>