The Glider

FNG/n00b here....

I would really like to learn how to hack my badge, but am new to hardware development (plenty of C/C++/Java etc. software experience) and specifically the badge set-up......Can anyone recommend some books or tutorials that are even at a basic level intro to this type of programming. The Codewarrior IDE is new to me as well, but I *think* I can pick that up on my own.

Any and all advice is very very much appreciated......I'd love to be able to participate in the BHC someday.......


-d.

DEFCON 18 BADGE HACKING CONTEST
-------------------------------

The Badge Hacking Contest exists to award the most ingenious, obscure, mischievous, or technologically astounding badge modification created during the weekend and is supposed to be fun and encourage people to try new things and show off their skills. This year we had 21 entries ranging from pure firmware modifications by non-hardware folks to insane hardware creations. The energy in the Hardware Hacking Village during submissions was palpable. Everyone was having a great time showing off their work and seeing what others had done. Hardware hacking at DEFCON has definitely taken on a life of its own!

The Dark Tangent, Zac Franken, and I reviewed the submissions and selected our favorites, then narrowed down the Top 3 and Honorable Mention from there. There were so many interesting entries and, as with every year, the selection process was not easy. While we'll never be able to please everyone, I think the Top 3 show a great cross section of what can be done with the badge.

Thanks again to everyone in the HHV and all those who participated in the contest. If you have source code/schematics that you want to share, PM me or contact me via http://www.grandideastudio.com/contact/

I don't know what next year's badge will entail, but I hope to see you all at DEFCON 19!

Joe Grand aka Kingpin


DC18 Badge information (schematics, firmware, slides, links to badge hack project files, etc.) can be found on my site here:
http://www.grandideastudio.com/portf...fcon-18-badge/

Pictures of the various badges here:
http://www.flickr.com/photos/joesmoo...7624486798145/

Pictures of all badge hacking contest entries here:
http://www.flickr.com/photos/joesmoo...7624655809938/

And, some videos here (search for "DC18 Badge Hack"):
http://www.youtube.com/user/kingpinempire



1ST PLACE: GoatBar Barcode Writer/Emulator by Brad Threatt
----------------------------------------------------------
UPC-A/UPC-E Barcode Writer/Emulator. Take advantage of the self-checkout lines by entering a lower-priced item into your badge using the nice GUI and two buttons, scanning the badge with the laser at checkout, and placing the higher-priced item into your bag.


2ND PLACE: STD In by Team Redacted
----------------------------------
Virus propagation and social network analysis. Passing "friendly" virus between badges with capability to track propagation path and originator. Also functioned using two DEFCON 17 badges.


3RD PLACE: The Badge-a-Lyzer by Dan Z.
--------------------------------------
Breathalyzer using an alcohol gas sensor to detect alcohol concentration on the user's breath and LCD to display current level of intoxication (Noob, Hacker, Goon). Demonstrated using a sober subject (Dan Z.) and a not-so-sober subject picked randomly out of the Hardware Hacking Village.


HONORABLE MENTION: Origami Dragon from the Paper Badge by Doug
-----------------------------------------------------------------------------------
Doug's finely crafted origami dragon showed how to make the most of an unfortunate situation (e.g., running out of all 7,780 electronic badges)


OTHER ENTRIES (in no particular order):
---------------------------------------

Austin
Personal Oscilloscope
Uses standard oscilloscope probe and displays the measured voltage level over time on the badge's LCD

Kajer
802.3af Power-over-Ethernet power modification

Team Bashfork :(){:|:&};:
Dancing Badge w/ Ninja Party Badge Bruteforcer

Optimized Tomfoolery
Porn Theater
Adult-themed slideshow with 4-bit audio generation using resistor ladder

501d3r Guy and 14rG0 (youngest participant @ 13 years old)
Long-range TV-B-Gone

EZ$
Flash detector & camera jammer w/ UV lights (attempted)

EZ$
"Mad Max Bot" sound-controlled robot using DC17 Badge

Team Tardfest
XXX Interactive
Adult-themed game

Tim
Flava Flav Badge
Segmented image of Flava Flav shown on LCD with bonus image at the end

Dan
Paper badge w/ 7-segment display aka "Short Changed"

Sk3tch
RFID & Barcode Emulator aka "Retail Ripper"
Two part hack: UPC barcode emulation and 125kHz RFID emulator. Both identifiers set in source code.

Autocracy
Paper Badge Display aka "Accidental Badge Surplus"

Red Lambda
Slot Machine aka "DEFCON Slots"
What better way to enjoy Vegas (without losing your shirt) than to play slots on your badge? PRNG w/ nice character/graphic set.

Dustin C.
Boob-Ma-Tron
Nokia LCD w/ sexy animation

Bryce
Coffee/Drink Mixer
Using transistor and DC motor. LCD screen displays image when drink is properly mixed.

Bo
Web-of-Trust
Sharing of unique IDs between badges over USB. Determines degrees of separation using Bloom filter.

Brad C.
"You're Busted" alternating red/blue police lights

Mossmann
DEFCON Super Rocker 18 Guitar
Contains a stroboscopic tuner for each string (working) and optical pickups (not fully functioning yet)


- END OF FILE -

I missed the final talk, is there any information on the winning badge?

I've installed Code Warrior, edited the firmware code within the IDE, and connected my badge. What do I do next? Whenever I try to run debug in CodeWarrior I get a ton of syntax errors (ones I know were there before). Also, I'm just confused as to what file gets flashed to the device.

Anyone have a newbies guide to tinkering with the badge via software? I'm running the tools off the CD under Win XP on my netbook, so there should be no shenanigans there. I know the license for CW expires at the end of August, so I'd like to figure it out before then. :)

Hello,

I can't connect to the DefCon 18 Badge with minicom on Linux or with PuTTY or TeraTerm on Windows. My exact efforts (and failures) are documented below.

I really want to develop software for this device, but I don't want to keep wasting my time with dead ends. Can a few people suggest specific programs for Linux or for Windows that have allowed them to successfully connect to and interact with the DefCon 18 Badge? Specific URLs and directions would be most helpful.

Thanks.

-M.

Using minicom on Linux
After plugging the device into Linux, I ran dmesg and learned that it was present as /dev/ttyUSB0. I configured minicom to connect to that device. In minicom, I was unable to select any emulation other than VT102 or ANSI; the flow control is also very vague (Hardware or Software = either On, or Off; nothing about Xon/Xoff). The banner at the bottom indicated that the connection was offline. I tried the "Initialize Modem" command, with no results. When I send the '#' character, I do not get a welcome banner or ACK character (.).

Using TeraTerm on Windows
In TeraTerm, I was able to specify all the settings required by the device, but I got bad results. When connected to COM1, nothing was returned in response to my transmissions; on COM3, the characters I entered were echoed back to me without any effect on the device. I could not connect to COM2 or COM4 (TeraTerm displayed an error dialog).

Using PuTTY on Windows
I got the same settings and same results as with TeraTerm (including the exact same behavior with COM1-COM4).

has anyone figured out what the 4 combo icon code does?

So that you know:

There are 3503 possible codes that can unlock ninja party on the DC18 badge.
For those who want to play with their badges -- 10 first codes and 10 last codes are listed below.

0 means "tumbler is up"
1 means "tumbler is in the center position"
2 means "tumbler is down"

(to reset badge back to the locked state, remove the battery for a few seconds)

Note that this will not get you to the party because (as far as I understand) only about 600 codes will be "valid". However, since every 6th code is valid, your chances are pretty good. Be aware that goons will probably kick you out on your 3rd attempt to get in. :)

110210010000000
022012220000000
111201211000000
020100202000000
112221122000000
021120110100000
110022001100000
022111021100000
200110012100000
112202222100000
[ *** 3483 more codes here *** ]
121121122022222
210020110122222
122112001122222
010111021122222
212200012122222
011102222122222
210001210222222
012122101222222
211021121222222
010210112222222

Have fun!

P.S.: Does this qualify me for the ninja badge?

For those of you that want a quick bitmap on your LCD, I wrote a quick utility tonight to do so. It's for Windows. http://www.musatcha.com/software/DC18BadgeImageWriter/

Clever hackers that we all are, I'm sure more than one of us has thought "bypass the Ninja Networks 'achievement locked' code and get an instant +1 invite code..."

Ain't that simple :) This is not the algorithm you're looking for ... move along.

On another note .. thanks for putting an FTDI chip on this year's badge Kingpin! I'm already having oodles of fun with mine.

If anyone needs some surface mount pin headers for the two rows of exposed pads, I have a limited amount of them in my HHV kit. It will be first-ask, first served tomorrow at the HHV skybox, unless someone wants to make a run to Frys. You can, of course, also carefully solder a standard through-hole two row pin header there by bending the lower half of the pins 90 degrees, but it will be more fragile.

When and where will the Judging take place for the badge hacking contest?