How did you hack your DEF CON 20 Badge?
Jen J.
Posts: 649
DEF CON 20 in Las Vegas came to a close yesterday.
I hope all who attended had a great time, I know the Parallaxians that went sure did.
So tell us... how did you hack your DEF CON 20 badge?
I hope all who attended had a great time, I know the Parallaxians that went sure did.
So tell us... how did you hack your DEF CON 20 badge?
Comments
Used HexEdit to read the 'virgin' image and then captured one that had triggered the 'human' interaction switch, only to discover that they simply add 'FF'to the memory space at the end of image. Turned around and edited by hand the image to set everything to 'yes', and modified the categories to display my friends and my PS3 gamertags. Reflashed using 'hacked' version and you can see the below serial output. :-) Nothing elegant but fun.
Not bad, Birukun! Now try injecting your own virus code to infect other badges - or better yet, make your Human act as a Goon badge . Welcome to the forums, btw!
It wasn't until Friday that I actually started playing with the propeller tools and writing some spin code. I wanted to make a Persistence of Vision (POV) hack that would spell something in the air using the LEDs when I waved it back and forth. It took me a while to figure out how to turn the LEDs on the badge on and off individually, and it took me even longer how to figure out how to do function calls with arrays in spin.<br><br>I eventually got it working and I'm very happy with the results. I defined each letter of the alphabet individually which allows me to modify it to say other things without too much work.
You can check out what I actually wrote up here. http://yakhack.wordpress.com
You can see that I had the spacing incorrect between the Xs in this picture. Since it took me about 50+ shots to actually capture it, I didn't really want to try again after fixing the bug.
[video=youtube_share;WyLYN4MSYPs]
The video doesn't really show it well, but if you want to see it in action you can get the source code here. http://pastebin.com/n5Z5wXDq and just load it up on your badge.
With that, our attention turned to customizing things, now that we knew that no matter what we could restore our own images. We thought it would be fun to broadcast the lockout code ourselves, so I wrote a couple of little utilities. The first of which would reset the lockout on any badge in a couple of seconds. The second was a simple little program that would echo any IR codes it saw broadcast to the serial console. We walked around looking at codes and compiling a matrix of what we saw.
Armed with this information, I put together some custom code (all using the libraries that had been provided to us) to modify the LED blink sequence to something different just to make people ask questions, as well as broadcast the uber badge lockout at a much higher rate. It certainly made wandering around at parties more entertaining. There were multiple people who had goon images who were actively 'infecting' others who were rather amused to see our badges doing something entirely different.
From here, I kind of got side tracked to further development with other puzzles, but I did discover I rather like working with propeller chips, and am looking forward to using one in my next hardware design.
It was indicated that the full source of the badges would be posted after defcon, when/where will this be? We had some hints from Lost about some other interesting tidbits in the code that we pursued, but we didn't have enough resources to fuzz out what might happening, and as such, I am rather curious what else I overlooked.
Good job on the hardware, it was very accessible. I brought nothing more than my netbook and a USB cable as I didn't expect an electronic badge after last year, but still felt I had accomplished a lot. Our team was very informal, mostly it consisted of me and a friend being bored and poking at the badge on Thursday and random people dropping by to see what we were doing, ultimately resulting in a bunch of great friendships. Very good year!
Did someone say NTSC video from their DC20 badge?
... here is a badge hack to send NTSC video out of your DEFCON badge through the PS/2 mouse and keyboard ports using just 3 resistors.
Note: - This hack will also work with the Propeller Demo Board.
- For this to work, the "tv_pins" need to be changed from "001_0101" to "011_0000" in software with the existing TV driver.
Video Output of the attached code:
http://www.youtube.com/watch?v=s6ObUNcavao
On the last day we got a dump of DT's badge. We wrote a simple program to broadcast the Lost code constantly.
Can anyone confirm whether or not someone who had "seen lost" could disable other badges while they were locked out? I've heard that it worked that way but was never able to get it to work my self.
As near as I could tell mucking about with broadcasting different codes that I had found to be broadcasting, it seemed the only that varied was how long your badge was locked out based on what badge code you had seen. Some people claimed some codes would nuke a badge, but I never was able to duplicate those claims. Lost indicated he would give us the source on the badges, I'm hoping to see it somewhat soon to see what I might have missed out on.
I'd like to hack the badge more, but I'm not sure where to get started without an image of it. The serial port just tells me what badge types I've seen, and doesn't seem to allow user input at all.
I was getting a checksum error with a few that I downloaded.
Jim