Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

While playing laser tag, the author decided they were tired of the pay to win model. A group of college students were absolutely dominating because of this and something had to change! The author starts with that laser tag is not meant to be secure by design; this is just them reversing and figuring out how everything works.

The lasers of laser tag are just infrared lights transmitting the signal. The shot in laser tag is simply the signal being turned on. The technology is very similar to a TV remote! The red light coming out of the gun is an added feature; infrared light is not visible to the human eye. Normally, people wear vests. These vests, with the shiny lights, have multiple receivers. In comparison with the TV example, the vest is the TV and the gun is the remote.

There is a backend that sends data back to the gaming server. Who shot the gun? Is this a respond? Did somebody get hit? This may be bluetooth, Zigbee or something well.

The same code is constantly being used. As a result, a replay attack is possible to pwn this. Can we do better though? This could definitely be codified to kill everyone in sight and make an unstoppable player! The design considering are interesting for the context: small/concealable, high power, a UI to customize and data logging to see what was going on. Take it to the limit!

The author bought an infrared light that had 1 amp pulses. Additionally, shine is shaped in a 20 degree cone, which grows quickly. While using a 5 degree overlap, it created a ridiculous 70 degree location that just hit over and over again. To make this setup work with 5 LED at precise angles, the author 3D printed a case.

One of the important things to the author was having all commands run in the background and it was controllable via the phone. To connect to the device, the author created a hotspot and has a web server running on this. The physical commands were sent over pins with pigpio to the buck converter (voltage downgrader) and this went to the LEDs. It should be noted that IRRpy for sending infrared signals.

The flow for this working is interesting! First, shot a gun at the device and record it. Then, repeat again to validate we have got the right signal. Once we sure this is the signal, we can replay this when we want! Of course, this can be done multiple times for other fancier parts of the game, such as bombs or re-spawn points.

How did it work!? The normal gun can get about 2 shots off per second. The fake gun can get 20+ shots off per second. In practice, this absolutely killed everyone playing laser tag at the arena. To make matters worse, they realized they could clone the healing frequency as well; this would allow the team to be unstoppable and never die!

Interesting project and what happens when no one thinks about security. Although the tools take time to make, anything that is insecure will eventually be broken by somebody.