It was a lot of fun, but I thought there could be a better way to do this. One of the drawbacks to the approach was that a standard wireless access point needs to be attached to power. This meant that, in all likelihood, we just had to walk around where the area was strongest and look at all the power receptacles.
Additionally, because the AP was quite large, there were limited choices for hiding spots.
I like a challenge, and I thought "what do I think would make a fun and challenging rogue access point activity?"
1) the AP needs to be small and capable of hiding anywhere
2) the AP needs to be battery powered
3) the AP should require you to interrogate it over the network to get the prize
4) the prize should only be unlocked by some physical interaction with the AP
My first attempt was to use a WeMos D1 mini, a nifty little ESP8266 board that I had lying around:
I decided to call it the "White Rabbit", hereafter to be referred to simply as "the rabbit".
This worked! I had the code configured the rabbit to present itself as an AP. A user could connect to the rabbit, and once connected it would hand out an IP via DHCP. The rabbit itself would pick a random IP address on the subnet, so the user would then have to nmap scan the network for other hosts to find the rabbit.
Once the rabbit is found, there is a service running on it (on a random TCP port) requiring the user to use nmap to scan the rabbit to find the port for the service.
Once the TCP port is found, a user can connect to the port, and the rabbit will spit out instructions. By default it will say the prize is not yet activated.
The user has to locate the rabbit, and push the button. After the button is pushed, the rabbit opens another service on a random UDP port, connecting to the port will now tell the user how to get the prize, via UDP connection to another random port.
When data is sent to that random UDP port, it will respond with the "phrase that pays" and then close the service on the UDP port and put the rabbit back in the deactivated state for others to find.
This was great! But I still needed a tidy enclosure and battery.
Then it hit me. In September I was at Splunk .conf2017 in Washington D.C.. They had an area called the "Science Sandbox". This was, to me at least, the coolest part of the vendor area. There was a guy there from Splunk that had 3d printed fidget spinners with built in wifi enabled microcontrollers. The intention being that you could spin the spinners and they would report the number of spins to a splunk server in the cloud. I was given one of these spiffy spinners, which happens to be based on the Huzzah feather board from Adafruit (buy one here) This board shares the same basic architecture as the WeMos D1 mini I had used in my prototype. So I got to hacking it. As luck would have it, the code was pretty much drop-in compatible with the fidget spinner, and in fact the sensor on the spinner used the same port on the ESP8266 that my button on my prototype did.
Now I have a portable, small, battery powered rabbit that I can hide anywhere and requires physical manipulation to unlock the prize.
Works great and I just need to now find a collection of fellow nerds that want to do a hunt to try it out :).
-G
