+ Reply to Thread
Results 1 to 13 of 13

Thread: How did you hack your DEF CON 20 Badge?

  1. #1

    Default How did you hack your DEF CON 20 Badge?

    DEF CON 20 in Las Vegas came to a close yesterday.
    I hope all who attended had a great time, I know the Parallaxians that went sure did.

    So tell us... how did you hack your DEF CON 20 badge?

  2. #2

    Default Re: How did you hack your DEF CON 20 Badge?

    I had some fun with the badge, originally overwrote everything in favor of custom lighting after modifying the sample lighting code. Later on found this forum and directions on restoring the original image.

    Used HexEdit to read the 'virgin' image and then captured one that had triggered the 'human' interaction switch, only to discover that they simply add 'FF'to the memory space at the end of image. Turned around and edited by hand the image to set everything to 'yes', and modified the categories to display my friends and my PS3 gamertags. Reflashed using 'hacked' version and you can see the below serial output. :-) Nothing elegant but fun.

    Click image for larger version

Name:	2012-07-29_13-48-46_422.jpg
Views:	824
Size:	75.4 KB
ID:	94593

  3. #3

    Default Re: How did you hack your DEF CON 20 Badge?

    Quote Originally Posted by Birukun View Post
    I had some fun with the badge, originally overwrote everything in favor of custom lighting after modifying the sample lighting code. Later on found this forum and directions on restoring the original image.

    Used HexEdit to read the 'virgin' image and then captured one that had triggered the 'human' interaction switch, only to discover that they simply add 'FF'to the memory space at the end of image. Turned around and edited by hand the image to set everything to 'yes', and modified the categories to display my friends and my PS3 gamertags. Reflashed using 'hacked' version and you can see the below serial output. :-) Nothing elegant but fun.

    Attachment 94593
    Not bad, Birukun! Now try injecting your own virus code to infect other badges - or better yet, make your Human act as a Goon badge . Welcome to the forums, btw!
    Daniel Harris
    Applications Engineer, Parallax Semiconductor
    (916) 632-4664 x 5503
    dharris@parallaxsemiconductor.com
    http://www.parallaxsemiconductor.com

  4. #4

    Default Re: How did you hack your DEF CON 20 Badge?

    That is exactly how I started, I took an image dump of my badge and some other guys badge (thanks dan), and compared them in hex workshop. Once I saw that the bytes at 0x7f00 were the only thing different it was only a matter of flipping those flags and boom it showed that I had seen everyone.

    It wasn't until Friday that I actually started playing with the propeller tools and writing some spin code. I wanted to make a Persistence of Vision (POV) hack that would spell something in the air using the LEDs when I waved it back and forth. It took me a while to figure out how to turn the LEDs on the badge on and off individually, and it took me even longer how to figure out how to do function calls with arrays in spin.<br><br>I eventually got it working and I'm very happy with the results. I defined each letter of the alphabet individually which allows me to modify it to say other things without too much work.

    You can check out what I actually wrote up here. http://yakhack.wordpress.com

    Click image for larger version

Name:	IMG_54452.jpg
Views:	146
Size:	48.3 KB
ID:	94604
    You can see that I had the spacing incorrect between the Xs in this picture. Since it took me about 50+ shots to actually capture it, I didn't really want to try again after fixing the bug.


    The video doesn't really show it well, but if you want to see it in action you can get the source code here. http://pastebin.com/n5Z5wXDq and just load it up on your badge.

  5. #5

    Default Re: How did you hack your DEF CON 20 Badge?

    Not too complicated but took a stock goon image that was transmitting the goon code and edited it to transmit the lost code.

  6. #6

    Default Re: How did you hack your DEF CON 20 Badge?

    Thanks to the little EEPROM reading utility and some social engineering, we were able to get a ROM dump of all the different badges except for the uber pretty early on. We also figured out the flags in the human firmware along with the timeout.

    With that, our attention turned to customizing things, now that we knew that no matter what we could restore our own images. We thought it would be fun to broadcast the lockout code ourselves, so I wrote a couple of little utilities. The first of which would reset the lockout on any badge in a couple of seconds. The second was a simple little program that would echo any IR codes it saw broadcast to the serial console. We walked around looking at codes and compiling a matrix of what we saw.

    Armed with this information, I put together some custom code (all using the libraries that had been provided to us) to modify the LED blink sequence to something different just to make people ask questions, as well as broadcast the uber badge lockout at a much higher rate. It certainly made wandering around at parties more entertaining. There were multiple people who had goon images who were actively 'infecting' others who were rather amused to see our badges doing something entirely different.

    From here, I kind of got side tracked to further development with other puzzles, but I did discover I rather like working with propeller chips, and am looking forward to using one in my next hardware design.

    It was indicated that the full source of the badges would be posted after defcon, when/where will this be? We had some hints from Lost about some other interesting tidbits in the code that we pursued, but we didn't have enough resources to fuzz out what might happening, and as such, I am rather curious what else I overlooked.

    Good job on the hardware, it was very accessible. I brought nothing more than my netbook and a USB cable as I didn't expect an electronic badge after last year, but still felt I had accomplished a lot. Our team was very informal, mostly it consisted of me and a friend being bored and poking at the badge on Thursday and random people dropping by to see what we were doing, ultimately resulting in a bunch of great friendships. Very good year!

  7. #7

    Default Re: How did you hack your DEF CON 20 Badge?

    I didn't get to go, but I was there in spirit .... up til about 4 am Friday and Saturday night ... Some DC groups had contacted me via E-mail for some help with code....

    Did someone say NTSC video from their DC20 badge?
    ... here is a badge hack to send NTSC video out of your DEFCON badge through the PS/2 mouse and keyboard ports using just 3 resistors.

    Note: - This hack will also work with the Propeller Demo Board.
    - For this to work, the "tv_pins" need to be changed from "001_0101" to "011_0000" in software with the existing TV driver.


    Video Output of the attached code:
    http://www.youtube.com/watch?v=s6ObUNcavao
    Attached Thumbnails Attached Thumbnails Click image for larger version

Name:	DC20_BadgeTV.jpg‎
Views:	307
Size:	66.6 KB
ID:	94611  
    Attached Files Attached Files
    Last edited by Beau Schwabe (Parallax); 07-31-2012 at 03:55 PM.
    Beau Schwabe | Parallax Semiconductor
    IC Layout Engineer
    Parallax Inc. * 599 Menlo Drive * Rocklin California 95765
    www.parallaxsemiconductor.com



    Asked about the ramifications of his discoveries, Hertz replied, "Nothing, I guess." Hertz also stated, "I do not think that the wireless waves I have discovered will have any practical application."
    www.BScircuitdesigns.com: IC's * Inductive proximity sensors * Misc

  8. #8

    Default Re: How did you hack your DEF CON 20 Badge?

    I wrote my own program that did two things, first, I wrote a function that output Morse code over the visible light LED's, and second, I transmitted through the IR LED the code for each other badge type, including goon, uber, and lost's special badge. Everyone who came up to see why my badge was flashing something different got their badge hammered, and locked out for a random amount of time from a few minutes to a few hours.

  9. #9

    Default Re: How did you hack your DEF CON 20 Badge?

    Quote Originally Posted by cavehamster View Post
    Thanks to the little EEPROM reading utility and some social engineering, we were able to get a ROM dump of all the different badges except for the uber pretty early on. We also figured out the flags in the human firmware along with the timeout.
    On the last day we got a dump of DT's badge. We wrote a simple program to broadcast the Lost code constantly.

    Can anyone confirm whether or not someone who had "seen lost" could disable other badges while they were locked out? I've heard that it worked that way but was never able to get it to work my self.
    Last edited by mstc; 08-01-2012 at 01:05 AM.

  10. #10

    Default Re: How did you hack your DEF CON 20 Badge?

    Quote Originally Posted by mstc View Post
    On the last day we got a dump of DT's badge. We wrote a simple program to broadcast the Lost code constantly.

    Can anyone confirm whether or not someone who had "seen lost" could disable other badges while they were locked out? I've heard that it worked that way but was never able to get it to work my self.
    As near as I could tell mucking about with broadcasting different codes that I had found to be broadcasting, it seemed the only that varied was how long your badge was locked out based on what badge code you had seen. Some people claimed some codes would nuke a badge, but I never was able to duplicate those claims. Lost indicated he would give us the source on the badges, I'm hoping to see it somewhat soon to see what I might have missed out on.

  11. #11

    Default Re: How did you hack your DEF CON 20 Badge?

    I would really like to get a copy of a couple of the images, especially two of differing types so I can diff them and see the changes; since the conference is over, would anyone be willing to upload them?

    I'd like to hack the badge more, but I'm not sure where to get started without an image of it. The serial port just tells me what badge types I've seen, and doesn't seem to allow user input at all.

  12. #12

    Default Re: How did you hack your DEF CON 20 Badge?

    Some guys posted them up on github. https://gist.github.com/3191236

  13. #13

    Default Re: How did you hack your DEF CON 20 Badge?

    Quote Originally Posted by yakpimp View Post
    Some guys posted them up on github. https://gist.github.com/3191236
    I was getting a checksum error with a few that I downloaded.

    Jim
    Infernal Machine

+ Reply to Thread

Similar Threads

  1. Robotics Merit Badge
    By rcrice in forum Robotics
    Replies: 5
    Last Post: 02-10-2012, 03:39 PM
  2. Boy Scouts have a new Merit Badge
    By Matt Gilliland in forum Robotics
    Replies: 17
    Last Post: 05-07-2011, 04:30 PM
  3. Robo Badge batteries?
    By Loopy Byteloose in forum SX Chips and Programming Tools
    Replies: 3
    Last Post: 09-08-2010, 03:57 PM
  4. Interface LED Badge with Stamp?
    By The Doctor in forum BASIC Stamp
    Replies: 3
    Last Post: 03-17-2010, 09:04 PM
  5. Robo Olympics Badge
    By DigitalDj in forum SX Chips and Programming Tools
    Replies: 4
    Last Post: 12-07-2007, 09:39 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts