Sorry, We are not Recruiting!

We are not actively recruiting at this time. We may have spots open after CSAW.

(updated: 3/22/2018)

Sunday, June 24, 2018

DIY Wireless Fox Hunting Lab

Wireless Fox Hunting is a high-tech version of Hide-and-Seek. Except in this version, one person  (the fox) hides, and multiple people seek after them. Additionally, as this game is about RF signal hunting, the foxes don't need to hide out of sight and are often walking among unperceptive seekers.

Accurate depiction of a Wireless Foxhunt
If you're looking to participate in a Wireless Village CTF, then you will need to learn how to hunt the foxes and have lots of practice doing it. If you're interested in learning how to perform a fox hunt, then I'd suggest looking into SANS SEC617: Wireless Penetration Testing and Ethical Hacking. This post will be about putting together the resources for a practice lab.

Now, unless you had a terrible childhood and learned how to play Hide-and-Seek by yourself, you will need one other person to assist. They will not need to be technical, just good at hiding hand-sized objects from you. As you get better at finding static foxes, you will need access to a pool of assistants, who can pass the fox off randomly to each other and move about in a defined area. Offices and schools make great environments for advanced practice.

Next, you're going to need some small wireless devices that mimic the Wireless Village CTF challenges. These challenges change from year to year but they generally come in three flavors: Wifi, Bluetooth, and SDR.

Wifi Fox Version One 

In past years it was enough to simply identify a person carrying a specific mobile Wireless AP. This is easy to reproduce by enabling the mobile hotspot mode of your smartphone. If this triggers your separation anxiety, then an alternative is getting a dedicated battery powered access point, like the TP-LINK TL-MR3040. With either choice, just set up the fox like you would a normal access point and have your assistant hide it, and you'll, hopefully, be able to find it in no time.

Wifi Fox Version Two

Recently, the Wireless Village changed this up by giving the fox both a mobile Wireless AP and a mobile Wireless client and asking the hunters to determine the Wifi password before approaching the fox. With these changes, they have also changed their form factor, and we have followed suit with the SanDisk Wireless Flash Drive. 

I don't know what the Wireless Village uses for the mobile client, but feel free to tweet to them @WiFi_Village. Instead, I use cheap pre-paid Android phones that you can typically pick up for around $20 (if you can find them in stock). Another cheap solution is a Raspberry Pi Zero W and a battery pack.


For the SDR challenge, I don't know what the Wireless Village uses. I speculate they likely use Raspberry Pi and something like Vapor Trail. To simulate this challenge, I use a Motorola Roadster handsfree paired via Bluetooth with one of my pre-paid "research" Android phones. The Roadster acts as a mini-FM station and doesn't have a lot of range (10 meters at best) which makes the fox hunt challenging.

For added flair, I created an mp3 file using Google Translate that reads off a string of numbers in four different languages and played the file on repeat for an ad-hoc "numbers station."

Bluetooth Fox

Again, we don't know what the Wireless Village uses for these challenges, but we simply use Bluetooth locator tags that can be hidden anywhere.


I hope this guide helps you gain the skills to participate in a Wireless Village CTF or develop a mature RF response training for your corporation. If you see us at a CTF, feel free to say "hi."

About Crimson Agents

Formed in 2013, Crimson Agents is a DC based recreational security team that competes in various computer security wargames and hacker jeopardy contests. Our team comprised of various professionals seeking to practice and enhance our skills in penetration testing, vulnerability development, computer network defense, forensics, and reverse engineering. In addition to exploitation based CTFs, we also compete in Wireless CTFs with several members who focus solely in this domain. Our sister team Threat Inc focuses on defensive exercises such as malware analysis, forensics, honeypots, and network captures. We reuse what we learn from our "Blue Team" research to make our "Red Team" operations more effective and vice-versa.