Everyone loves sports. And everyone loves winning at sports. But sometimes, athletic abilities just aren't enough. What if there was a core source of truth, relied upon by players, referees, and scorekeepers, that could be subtly manipulated to give the home team just enough of an edge that they can win? For most sports, this source of truth is the scoreboard. It holds the shot clock, the score, the match time, and more. And if the score could be changed, or the time could be slowed down or stopped altogether, the manipulator could divvy out any advantages they want to their team.
In this talk, we will demonstrate how to hack a scoreboard. In order to do this, we have to pull together concepts from multiple disciplines of engineering, put all the pieces together, and finally, end up with full control of the device. And the score. And the clock. And, thus, the entire game.
The talk will start from a zero-knowledge perspective of the device. From nothing, we will build up our understanding of the system piece by piece. Demonstrating in chronological order, we'll show the techniques and strategies we used to completely reverse engineer the scoreboard. This will include wireless signal analysis, hardware hacking, cryptography, and other related fields. By the end, we will have full knowledge of the protocol and the ability to create arbitrary packets in software. Once we have the bits lined up, we will create a transmitter for the scoreboard in GNU Radio and Python. With the transmitter, a custom antenna, and a power amplifier, we can launch both blatant or subtle attacks against the scoreboard to alter the course of a game however we see fit. Because, after all, everyone loves winning.