Browsing all articles in General

Hacker badges of Defcon 2017 (25)
Defcon every year has many many different electronic badges that you can play with / hack / blind your friends with.  I was lucky enough to get one of these really cool badges and I wanted to figure out the lock codes from the hardware/firmware rather than trying to use the interface.

TL;DR

I didn’t end up going into the firmware beyond strings since they released it on github eventually and there were no other unlocks, but the basics of doing it were as follows:

— Get an FTDI cable ( the hackerwarehouse badge is 3.3v and I have one similar to this: https://www.amazon.com/gp/product/B06ZYPLFNB/ref=oh_aui_detailpage_o01_s02?ie=UTF8&psc=1 )
— Connect the wires up correctly to TX and RX
— Make sure the device is found ( lsusb on linux and system_profiler SPUSBDataType on OSX )
— Get the lastest esptool from https://github.com/espressif/esptool
— Put the badge into firmware mode by booting and holding the down button
— python ./esptool.py –port /dev/tty.usbserial-A106AUUX -b 74880 -c esp8266 read_flash 0 0x400000 badge_flash.bin
— 
strings original_contents.bin | grep -B 15 -A 15 LRLR

 

...snip
region perm unlocked
region unlocked
konami!
UDDDUULR 
RLRLLRDU
UUDDLRLR
see if I don't!
with my blurglecruncheon,
...snip

Read more »

After the fairly successful ZACon badges I did in 2014, the BSides team in Cape Town (where I now live) asked if I’d like to be involved in building another one. Naturally my response was abso-fscking-lutely not. However with a combination of alcohol, begging and offers of whatever we wanted ( mostly from our marvelous sugar pony ) they did manage convince Mike Davis (@ElasticNinja) and myself to do them for 2016. So we set off with a couple of cynical attitudes and some fantastic hangovers to start some brand new badges.

This is a much longer post than normal and one I’ve split into two separate parts, a brief coverage of the hardware and then a longer explanation of the software. If you are just interested in the code, you can head over to https://github.com/AndrewMohawk/BSidesBadge2016

Read more »

Badges

At some time in the next 6 billion years I will complete the writeup for the badges about how they were put together. For now this is just how to get your badge working at home as well as how to unlock all the challenges now that BSides Cape Town is over.

For those of you that missed it here is a picture of em and a potatocam video of it:

As some of you may have noticed (and people have asked), your badges are simply not doing anything once you take them home. This is a quick writeup on how to get your badge going again as well as how to unlock all the challenges and their addons (pong / wifi scanner / etc).

First off, if you want to find out about the badges for now you can go to http://badge.bsidescapetown.co.za:8000/badge/about/ this will describe the screens / options as well as explain the game:

http://badge.bsidescapetown.co.za:8000/badge/thegame/

Why they dont start up at home

In case you missed the small segment we did at the end of the conference, the badges won’t start up again unless they can connect to a wifi network. You have three options for how to configure this:

Create a WiFi Network

The badges are looking for a WiFi network with and SSID of “Highway” and a password of “dangerzone” ( note those are CaSeSeNsiTiVe. If you create this network and reset your badge (there is a reset button on the back), it will simply work.

Connect via Serial to tell the badge what network to connect to

The badges initially will try connect to the default WiFi network, if that fails they will try reading from the EEPROM (non volatile memory) and if that fails they will drop to a prompt asking the user for their SSID and Password. To view this simply install the CH430 driver so your machine picks up the device. Then you can connect to it at a baud rate of 74880 (this is the baud of the ESP8266’s debug channel).

Personally I’m just using the Arduino application since it was easier to have it connect at the baud rate. Using it you should see the following screens and be able to input your SSID and Password:

In this case I used the SSID “ExampleNetwork” and password “ExamplePassword”, it connected and saved it to the EEPROM, for now on I can just wait for this badge to fail and if that network is available I will be connected.

Upload new firmware

If you don’t want to wait for it to timeout or run the Highway SSID you can also change the following line in the firmware and then re-upload it via esptool or Arduino

Unlocking all the extras

I have updated the page at http://badge.bsidescapetown.co.za:8000/badge/addhash/ that near the bottom you can simply put in your badge number and it will output a series of correct hashes that you can use to unlock all the challenges for your badge.

Keep it punk.
-AM

The ZaCon badges were a ton of work on the hardware side (see ZaCon V Badge [1/2]: Build Time), however they provided their own challenges on the software side as well.

Since my knowledge of chipsets only extended to the Arduino the badges are essentially a complete Arduino without the UBS->FTDI breakout. This means that each badge includes an Arduino bootloader which is _really_ nice if you are coming from an Arduino background or simply have an Arduino and want to play.

The idea behind the badges was that they would provide a means of tracking communication between individuals at the conference. Additionally I wanted this information transmitted to a central location so that it could be stored and visualised (yes yes, Maltego and all). Additionally because people would be moving around I needed to create a ‘mesh network’ of sorts so that anytime someone came into range of any other badges they would be automatically be part of the network. This blog entry is going to cover how the badges did this and the challenges faced, if you are not interested make like a heartbleed and go away.

Eye Candy:

Here is a video of a few of the black badges communicating to each and flashing for all the valid messages received:

Read more »

I realise I should have done this entry a little sooner, but as everyone should be well aware of by now, I am lazy. Also I moved to Cape Town just after ZaCon V which proved rather time consuming! Please note this is gonna be a first of 2 big entries on them so if you don’t like reading, pull up now.

Overview

zaconPic
(pic from https://twitter.com/DavidBisschoff/status/401460570911956993/photo/1)

One of the highlights of the annual Las Vegas pilgrimage for me has always been the electronic badges, whether it’s for defcon, ninja networks or custom badges that people have built for their hackerspaces. I especially enjoy the ones that are a little more complex (more than just lights) and are hackable. I have always been in awe of security researchers such as Adam Laurie, Zak Franken, Michael Ossman, At1as and the other hardware hackers.

For ZaCon V ( www.zacon.org.za ) I built some electronic badges for the conference that are based on an Arduino framework (at least using an ATMega328 with an Arduino Bootloader) and communicate to each other via 433Mhz RF (the same that is used in remotes). The idea with the badges was to have a way to see who was interacting with whom and show it in a visual representation (Maltego — yes yes, man with a hammer etc). Additionally I needed the badges to be cheap as.. well… I am cheap :)

The badges took about 3 months to go from breadboard to finished and a large majority of that time was spent learning how electronics work (and don’t!). This however was not my first attempt at building badges, for the last 3 years I have built a design on a breadboard and then basically done nothing with it (apart from make a shakey cam video at 3am and suggest the idea).

A lot of the design actually came from me wondering around hobbyist electronic stores on the internet and coming across two really cool things namely, very cheap communication in the form of 433mhz RF chips and Nokia 5110 LCDs (also cheap :P ).

I ordered a few of the screens and RF kits and started tinkering- having a display connected to my Arduino brought all kinds of warm and fuzzy feelings. Next I started playing with the 433Mhz, originally thinking that the badges would only receive a simple message, something like who was currently speaking, from a PC near the stage. Roelof looked at it and suggested that this idea was boring and if I really wanted to do something cool I should make all the badges talk to each other. And so the tinkering began.

Read more »