- Check out the previous MEP EP#69 Incognito Mode for the last time the AND!XOR group was on the podcast
- Did the Android mobile application for the DEFCON 25 badge
- Does the hardware design
- Embedded software, puzzles, etc
- DEFCON 25 RECAP
- Last year’s badge details
- Hunter S. Thompson as Bender
- Bender on a bender
- Changing voltage regulators mid-manufacturing run
- QFN design on PCB
- Iterative prototyping
- HotFix to patch BLE exploit
- Hacking IoT Vodka
- Badge Sales
- Last year’s badge details
- DEFCON 26 new Badge details
- Hardware or Software secrets?
- Double down on Botnet
- Lessons learned to apply to the new badge?
- WS2812Bs do not reflow well
- QFN design on PCB is critical
- Implement OTA updates
- Iterative prototyping
- Hardware or Software secrets?
- Looking forward to this year?
- Not flashing badges three times
- Going to hacker jeopardy
- Want to see more people hacking badges
Visit our Slack Channel and join the conversation in between episodes and please review us, wherever you listen (PodcastAddict, iTunes). It helps this show stay visible and helps new listeners find us.
Special thanks to whixr over at Tymkrs for the intro and outro!
About The Hosts
Parker Dillmann is MacroFab's Co-Founder, and Lead ECE with backgrounds in Embedded System Design, and Digital Signal Processing. He got his start in 2005 by hacking Nintendo consoles into portable gaming units. He also runs the blog, longhornengineer.com, where he posts his personal projects, technical guides, and appnotes about board layout design and components. Parker graduated with a BS in Electrical and Computer Engineering from the University of Texas.
Stephen Kraig began his electronics career by building musical oriented circuits in 2003. Stephen is an avid guitar player and, in his down time, manufactures audio electronics including guitar amplifiers, pedals, and pro audio gear. Stephen graduated with a BS in Electrical Engineering from Texas A&M University.
Host 1 00:11
Welcome to the macro fab engineering podcast. We're your guests bitstream zap. And Hi, Ron.
Host 1 00:16
And we're your hosts, crab foam and Blitz.
Host 1 00:22
This is episode 109. Yeah.
Host 2 00:24
So an episode 69. The was it the Incognito Mode episode? We had zap and Chiron on. So welcome back. Thank you,
Host 1 00:36
In person this time.
Host 1 00:39
Our that's that's our entire audience
Host 1 00:44
We have bitstream. So you should introduce yourself first.
Host 1 00:48
So I'm bitstream. I'm a mathematician, engineer, Hacker 1/5. We call 1/5 of and not XOR. So just like the alcohol. And I do a lot of our so on last year's badge, I did the web app or not web app, the mobile app phone for Android. So that was the integration with the badge via Android. And this year, I'm working on some of the backend infrastructure, which we'll talk about.
Host 2 01:19
Cool. And then zap and high on reintroduce yourselves.
Host 1 01:23
I'm zap. So software coder by trade, although I don't do much of it any more than on the badges. I do most of the hardware design. A lot of software work. day job I do management. So I think last podcast I said I was MS Office and that's incorrect. I work in MS Office. And I sit on planes quite a bit. So it's that's my job and this balances it out. He is really Clippy I am pretty clip. Yeah.
Host 1 01:50
So I'm higher on um, yeah, mathematician, computer scientist. I've been really ramping up and teaching myself hardware over the past year and a half couple years. For our project. I mostly do bedded software design work on puzzles, and some of our Blend Modes.
Host 2 02:07
Oh, cool. And so yeah, if y'all, y'all as the listeners that night you're sitting across the table wants to know more about the background, go check out episode 69 and then come back here. So I guess we're gonna jump right into it. So quick, maybe two sentences, what is and not XOR?
Host 1 02:27
It's nothing. So if you listen to 69 It's nothing it's gates that mean nothing. We invented it to troll DEF CON, make up fake parties. And it became our group name. And now we sell badges that people really enjoy.
Host 2 02:41
So cool. And what was the badge all did that was the popular one last year.
Host 1 02:46
So that was the bender Rodriguez with Gosh, what was a Hunter Thompson as bender? Oh yeah. Fear in LA very reloading. So we are
Host 1 02:56
Vendor data vendor many names for via vendor on a bender was another good one that we use for
Host 1 03:00
It. Yeah, so that was really upping our game moving out of Arduino and to see really, you know, color screen more LEDs, a lot more code. And really, you know, challenging ourselves to do something a lot bigger and better.
Host 2 03:13
Yeah. So is there anything y'all can share now since that badges done from last year? Because you were very secretive about it last year?
Host 1 03:20
Yes. I just listened to podcast today just remind myself what we what we brought up. But we had a botnet last year that were the five of us could issue a button it
Host 1 03:32
Go way down. There's smart people on that.
Host 1 03:38
Nology update from the cyber world.
Host 1 03:40
So tangent on that. A botnet is typically you have some kind of command and control server. And you have a bunch of bots or nodes that are being commanded controlled by those. So an example of it is like a year, year and a half ago. There's the Moriah botnet bunch of embedded systems and baby monitors and DVRs toasters, toasters. Or maybe there was one with security cameras, too. Yeah, yeah, it was all the same. Like they reuse the same firmware base with the same embedded passwords. And all those IoT devices were used in a massive DDoS attack and brought down a bunch of Internet routing services, name servers. So when we go, yeah, and when you're trying to figure out our, one of our main features, we were like drinking and watching this on the news, and we're like, it'd be kind of stupid and fun if we put botnets on the badge where we could forcefully push things out over a Bluetooth network, and then it kind of turned to Yeah, we need to put, you know,
Host 1 04:40
We need to make a botnet.
Host 1 04:43
So while we made a game that people were playing in the back end, we had backdoors and command and control so we could forcefully roll animated GIFs on people and change names. That's what we say. Yes, that's the correct way to say yes. As a gift, but
Host 1 05:00
Host 1 05:02
That's why you were on the first podcast.
Host 1 05:05
I boy down here in Texas, we say give
Host 1 05:10
Y'all all in the tangent. But yeah, it's it's kind of a way to take over dumb IoT devices. And it's kind of a theme of our badge was we were kind of poking fun at how bad IoT embedded system design is. And we wanted to put that on a conference badge, bring it to a hacker conference and let people go to town on it.
Host 1 05:30
So how many people actually did that?
Host 1 05:33
Well, there were only five of us had control over DC 801, they found a way to take control the button from us who's DC?
Host 1 05:41
No one guess what? So
Host 1 05:42
DC is our Yeah. So DC 801. You'll have you'll have various DEF CON groups that are okay, their zip code. So it's sort of like the 801 area code area code.
Host 1 05:53
Okay, Salt Lake
Host 1 05:53
City, like city? Yeah. Alright, that makes sense. So they found a way to capture our packets, fuzz the data, so just tweak the data a little bit and then replay it. And by doing that, they were able to override all of our commands, just right. Okay. And so they were pushing out a Rickroll animation, and everyone was constantly getting rickrolled by it because the botnet spread is a mesh, right? So one bad got infected, it would infect every other Badgett saw, and it just spread throughout the conference. And they also found a way to send out we had this little spinning GIF of Matt Damon, in black and white, they were doing that one and it was frustrating me because you have to you have to wait for 60 seconds before you can dismiss the animation. So every time you turn on your badge, you have to wait 60 seconds to do anything. And I was trying to make fixes and push all sorts of stuff. It's just, it's frustrating. But it's kind of what we wanted to do was find people find ways to hack it. And yeah, it was kind
Host 1 06:44
Of fun, you know, having us be able to troll people. And everyone's like, oh, there's wanna cry, or Rick Roll on my badge. And then after a while, it's like, Hey, what is my badge, say DC 801 sheep. And like, I don't know, I didn't send that out. And after it propagated, we just kind of lost control of it figured out ways later on to pull it back. But that was kind of the fun of doing it. Sure. So that sort of came as a little bit of a surprise, even though you set it up as sort of a playpen for people to do that. Yeah, we didn't intend for that to happen. But it's DEF CON. So it wasn't a huge surprise, like a kudos. We knew someone would do something. And that's the fun of it. Right? And no one was aware of this. Right?
Host 1 07:21
They had to figure it out.
Host 1 07:22
Yeah. So turns out the guy. His name's Mike Weaver. Yeah, he posted on our Hackaday page about it. He was following us around to the laptop. How we missed somebody walking behind us with a laptop. I don't know. But that's how I figured it out.
Host 1 07:36
I feel like we saw him at besides, I feel like at one point we're like, I think it's that guy. I could have been
Host 1 07:42
Speaking of that, though, I mean, aside from the botnet, because that was that was propagating and working over Bluetooth. I mean, we made a mesh network off of Bluetooth playing with the gap advertisements between the Badgers. But right when we got there besides there, there was like an exploit demoed at besides with Bluetooth, and everyone went to town using it. And we had
Host 1 08:03
To pay what invalid field length in the in one of the fields. And so we were just accepting it. And so the guy was putting in there, the next field is 255 bytes. And so we were just reading off into memory. Whatever it happened to be in, it was crashing, as soon as you get close to
Host 2 08:18
Someone, someone was giving a talk about a exploit for Bluetooth that you had in your code.
Host 1 08:25
Yeah. Well, we had a zero day that we were Yeah, yeah. So that forced us to flash 500 badges within a couple days of getting to Las Vegas.
Host 2 08:34
I was more impressive, like, everyone showed up to get their badges flashed.
Host 1 08:39
Anybody who wanted to keep using their badge. Yes.
Host 2 08:41
Oh, basic, because everyone was hammering that. Yeah.
Host 1 08:44
Yeah, they're just the battery just freeze. And so it wasn't very usable. So we were putting out on Twitter. Hey, come meet us at the hacker hacker warehouse booth. We'll reflash your badge. And we had people coming back a second time. Like you've already got the fixed don't worry about it. But it is what it is.
Host 1 09:05
That's all Parker at 100 badges, right.
Host 1 09:10
Yeah. Anything having to turn around like a major system vulnerability in your product? And reflash within 24 hours? That's tough. Yeah.
Host 1 09:22
Call it good customer service.
Host 2 09:25
No, no, that's the thing. Those actually, it's more kudos to your people who had them because they actually showed up and right got the fix. It's like maybe because it wasn't usable. But,
Host 1 09:35
But it's basically manufacturer recall. Right? So a lot of IoT, like your toaster with a bagel pin. Even a vulnerability. Yeah, there's no way they're gonna hopefully make
Host 1 09:43
The pins not runnable.
Host 1 09:49
So you must have just a line of people lined up for flashing, right?
Host 1 09:54
Yeah, we sat there for about four hours. Just flashing badges, fixing buttons. A lot of buttons. sheared off the turns out surface mounted buttons are not a good idea. So we're doing it again this year.
Host 1 10:07
He said like they're not a great idea. We're gonna do three hold then you see it right? You're like, well surface mount.
Host 1 10:13
Yeah, my thumb still
Host 1 10:14
Sitting there and re solder. That's okay. Yeah,
Host 1 10:16
Yeah. So the first year I was pushing them through the PCB. I'm never doing that again. So I'll re solder a few broken buttons. Yeah. We had some voltage regulators fail to on the the second round the white badges that the second 100 grouping that we did some of those voltage regulators they got let out the magic smoke. So that was fun.
Host 1 10:35
Oh, that's interesting. I bet it's ESD or something like that.
Host 1 10:37
Yeah, it was also different part number. Yeah. Oh, very last minute change because we ran out a we ran a stock on.
Host 1 10:43
Oh, that's right. That's right. Remember that? Yeah.
Host 1 10:45
Like these are exactly the same. They're gonna work.
Host 1 10:49
Yeah. We haven't tested it. I'm gonna have to worry about that.
Host 2 10:55
Now can't remember the bender badges on the oh, there it is right there. The your, the programming badges y'all have that header on all of them? Or did you have to do the lien trick to get the program we had her to work,
Host 1 11:08
There's a little sweet spot, just
Host 1 11:13
We did the lien trick. And what's nice is we learned you could actually flash through the bubble wrap bags, we had these
Host 1 11:20
Made it perfect. Like being able to push through the ESD bubble wrap it you know, it's uneven. So it causes the header pins just to tilt a little bit, a little bit. So we just started sticking them in ESD bags folded over and when I would shove the, you know, the little 10 pin through it would just kind of hit the bubbles and pop and I make contact and I'm just knock them out like
Host 2 11:41
You know, and that those ESD bags are conductive.
Host 1 11:46
It works well. You see I
Host 1 11:47
Learned something new.
Host 2 11:51
The bags on the outside have a conductive film so that the charge builds on that and not go inside the bag.
Host 1 11:58
Them the more you know, you know, I would have loved to see in the next year. There's assembly instructions on how to flash and there's pictures and like all these Origami Folds.
Host 1 12:09
No, they did attack connect this year we yes
Host 1 12:11
We switch attack. So interesting thing that we can reveal this, technically may not stay in that same spot in the classified location. But we've actually exposed a lot of the pins so we can test for continuity. And do a lot of those initial tests. We haven't built yet the bit sandwich is supposed to do that. But build on it. Yeah, get on that if you're listening. But we're so sue like a bed of nails thing. Yes. We can just kind of plug it
Host 1 12:35
In like a Minecraft Ice Cream Sandwich.
Host 1 12:38
Yes. A bit sandwich. Yeah. We got to make sure we throw him a bone right. Yeah. So but yeah, so you completely plug in and then using Python or something, we can go in and do all the tests that I plan to do on the prototype by hand before we do any of the flashing or any of the other stuff and potentially breaking it. Right? Yeah. Let the smoke out. Lend smoke up. That's the best part.
Host 1 13:01
It's It's incredible how these badges are evolving. They have like full manufacturing and testing and stuff. I mean, it's a badge, but that's super cool. Yeah,
Host 1 13:10
I mean, it's a weird shape. Yeah, you want your special post modes and test modes because if you're making 500 of these and it's only for a four day event, five day event. Yeah, you don't want to flash them multiple times. You want to drink
Host 1 13:24
In time really? Yeah.
Host 1 13:28
But there's a there's a I yeah
Host 1 13:34
There's a there's one person the badge Life Group. Married Jade I think is oh she was by so she sits at a hardware hacking village and all she's done last couple years is just fix badges. And so she's asked Hey, can you put in post modes and self tests and things like that to help me know what's broken because I get people coming up randomly Hey, I lost this or lost that or it's not working. So we're trying to a lot of us are trying to help her out and build that in into a much more rigorous
Host 1 14:00
I think it's it's also on us to like you know, we were helping people like the buttons broke off right? Maybe that's on us because we chose surface mountain when they're gonna bounce around. But there were a lot of repeat offenders where I'm like, you're back for the fifth time you're just drunk and breaking your circuit board. At some point we need to teach them to fish you say we're gonna help you solder this
Host 1 14:21
Welcome to the world of surface mount.
Host 1 14:24
How many people at DEF CON have a soldering iron?
Host 1 14:27
A lot a lot? Yeah,
Host 1 14:29
Well yeah. If you go into like the hardware hacking village and like you see like the their badge and they've got like, rows of tables with soldering irons for people learning how to do it for the first time. It's really impressive. Very sweatshop like but
Host 1 14:44
It is impressive to see all the hotel rooms turn out Yeah. Oh, cuz yeah, we'll have toolbox blocks and soldering stations and everything laid out.
Host 2 14:51
I I've never been to DEF CON but I go to a conference called the Midwest gaming classic. Okay, yeah. And we have a room that we just take over and it's Like, basically if someone has a broken video game console, you bring it to this one room and we can fix it. And it's just wall wall of like stinky people and like tronics everywhere, but either way, like beer. Yeah, lots of lots of people. Actually last year we made it was snowing, because it's an in Milwaukee. And so we made white Russians with snow. It's pretty good.
Host 1 15:23
I was I was wondering because I was about to say snowed has no impact on drinking beer? No, but you can make other drinks.
Host 2 15:34
Speaking, drinking, hacking IoT vodka, I had no idea what this is about.
Host 1 15:39
So we did bring some we did bring some show and tell
Host 2 15:43
Everyone on your podcast, look at your screen, which will probably just show the icon of the Mac prep engineering podcast. Yes.
Host 1 15:52
I was gonna take a picture of this. Okay,
Host 1 15:54
Yeah, feel free to take a picture.
Host 1 15:56
That is the most valuable thing in the world.
Host 1 16:00
It wouldn't let me bring the the vodka on the plane. So I brought the LED matrix
Host 1 16:06
That might fit like a dog or cat.
Host 1 16:09
Funny, you should say that because the company who makes those that originated as a dog collar. They also make flower vases we've learned. And the reason I know they make for dog collars, because we may or may not have seen references to dogs in the source code.
Host 2 16:27
Found like the Alibaba page, and it has like a photoshopped picture of a dog. But like a Great Dane and that little thing is like, barely big enough to fit on Stephens wrists. Yeah, they
Host 1 16:36
They took their chunky wrist. I don't know if it's on mine. But they they basically took their dog collar app that controls that, and they repurpose it for vodka. But that comes on the outside. The bottles are like 2030 bucks. It's not very good. But
Host 1 16:52
They spent five bucks on that.
Host 1 16:56
That's a lot of LEDs. Oh, yeah, it gets
Host 1 16:59
It's a big flat flex with. I don't know. So yeah. I just want to share
Host 2 17:07
Basically looks at half offering that's in plastic that snaps all round a vodka bottle. Yeah, yeah. And then it's got a LED matrix that has a scrolling. I think zap right now. Yeah, that's
Host 1 17:19
Because I hacked with my badge. With your badge. Yes. So if you have yours, I think we sit over there handy. You can connect to it, you'll see it nearby, connect to it, and it will scroll DEF CON 25. It'll scroll or whatever name you put into the badge
Host 1 17:33
Of honor and just hacking other badges, they can hack other things.
Host 1 17:37
It's great. If you're one of the very, very few people in the entire world that has one of these badges and one of these bottles of vodka. You can do something with it. Yeah.
Host 1 17:47
Or access to your local Bevmo.
Host 1 17:49
One of our one of our buddies secure this now we'll give him a shout out as well. He, he went to a liquor store, and they had a full case of these $420. It's like $10 apiece. It's like you want one? Yeah, buy them all. Around the DEF CON with us, because the matrix has to be worth at least $10. Right. So I don't know what how good that bug is. But it can.
Host 1 18:13
Yeah, they're giving it away for free. Yeah.
Host 1 18:16
Practically, I think they're just trying to get rid of it. But that was one of the fun
Host 1 18:19
Things. I mean, yeah, we talked about we were doing a security base game and then embedding a botnet on the background. And we we started looking around like, there's got to be something we can hack with our badge that won't do any damage. But it's kind of fun to hack. And yeah, when we started digging into that thing, it's ridiculous to see the different cases in which you authenticate, because they're, they're based on ti chips. So I think the first mode is, if your manufacturer ID is Texas Instruments. Thank you let me in. Yeah, I am this IoT manufacturer of vodka. Let me in. No passwords, no any kind of authentication, you just have to have the, you tell it. Here's my name, and it lets you in. So we just kind of use Uber tooth and whatnot. And you watch the protocols go across, and you finally figure out oh, that's how I write to it.
Host 1 19:09
Very simple protocol. And they link something up where if you text a certain phone number in the Bay Area, with the ID of your bottle, they will display it on the bottle. If any phone anywhere in the world is connected to the bottle. It's gonna get really
Host 1 19:24
Creepy. Exactly. Yeah.
Host 1 19:28
So if you can add the same feeling when we looked at that we're like, there's technically nothing wrong with doing that. But it's kind of weird.
Host 2 19:36
Yeah, yeah. So that's you for just like a $20. bottle of vodka.
Host 1 19:39
Yeah, yeah. But it was fun. I think when we started showing that off, people showed up with either the bottles at the con or the same thing. They broke them off and cut them open and people were like, sewing them or velcro me on the hats or sides of backpacks and stuff. I wore mine around so if I walk around people can like write something on me and Oh, Do your worst Cool.
Host 2 20:03
All right. And so I think we haven't talked about this either yet the DEF CON badge sales, you brought some to DEF CON the sales, right?
Host 1 20:12
Yeah, so yeah, so we did our Kickstarter, we sold a lot on Kickstarter, which helped us fund the production run of the badges that we're gonna then take to DEF CON and right around September at macro fab plus less than 24 hours. So once we got to DEF CON, we had
Host 1 20:32
300 We brought 400 to DEF CON
Host 1 20:35
100, to DEF CON to sort of sell. And so largely the way that we sell these is by when people come up to us and ask can I get a badge if we're not for not carrying them? Or we don't feel like selling them and say follow us on Twitter. We'll post that one we're gonna have the next sale. And a lot of them are you know, posting out at some random time at some random location. So we did a sale with Mr. Robot Maj. Who down at Circus Circus and XCaliber Excalibur That's right.
Host 1 21:07
Host 1 21:08
Host 1 21:10
Yes, yeah. So he had a he was trolling people hard. So we decided we'll just follow along. And it was great,
Host 1 21:16
Good, good people. That badge and then they found out that we were there selling ours as well. So it was a big surprise for them. And so we sold like 10 you will something like that. Sorry. I just said
Host 1 21:26
Meet us at the dirty castle. Yeah, exactly. Everyone knows what that is.
Host 1 21:31
So, so as we were going through the con, we thought, you know, hey, you know, we should try to sell these from the middle of Caesars pool, because they have a nice little area that you can drink in in the pool.
Host 1 21:44
Island Island. It's
Host 1 21:46
An island and no, you can't drink because that's what I got yelled out.
Host 1 21:51
Wrongly that you could drink in the middle of this island. But we took we loaded up higher on and another person on our team a bit a bit into loaded some into backpacks, got him in swim trunks and send them out into the middle of the pool to sell. See if we could get any hackers fully clothed to run into the center of the pool.
Host 1 22:12
Side note, you mentioned how it was at your gaming convention. Yeah, you got a bunch of geeks and nerds and hackers.
Host 1 22:20
Host 1 22:23
We have a rule where it's three hours asleep two meals a day and one shower and a lot of people skip number one. So we were saying that we're giving people their daily hacker baths, but you had to jump in the pool to get it. You're surprised how many people got to the edge of the pool and stared at us going well, we're here might know you got to swim through the 30 feet and they argued about it. But then eventually a lot of people just jumped in in their clothes and swam through to get a circuit board to get
Host 1 22:48
Money for free either
Host 1 22:51
$120 They're gonna go pay to shirtless dudes in the middle of the Caesars pool. They're gonna jump in. One guy threw his wallet. quick enough
Host 1 23:00
Was like the last the last batch we had there was two people making a run for it through the pool. And the and the guy took in, got to the middle of pool and threw his wallet at us. You know, like, take my money. Fry people to fry. So
Host 1 23:15
You're welcome. You have gone.
Host 1 23:16
Did he get that one?
Host 1 23:18
We ended up telling him tell him to meet us on a floor later.
Host 1 23:21
Yeah, he technically lost the race. But with that much effort, we're like now we'll take care of you man. Yeah.
Host 1 23:27
He came up fully clothed, completely soaked, you know, money soaked while it's soaked everything and bought one. Like we said it was like the 16th floor or something. But
Host 1 23:37
I mean, that's, that's public and Lozi. But yeah, a lot of times it's like he described we're walking around with backpacks and people walk up and they wink at you give you a nod. We joke you haven't lived until you've like sold PCBs out of your backpack like a drug deal? Yes.
Host 1 23:52
Gunny, that bling.
Host 1 23:55
Want to buy some
Host 1 23:56
Host 1 23:59
Host 1 24:01
A matte black. Or like
Host 2 24:03
You got the kidney on the panel van with a sliding door. And so says I have PCBs on the side.
Host 1 24:12
I have to wonder what casino casino security things like you know, they're watching everyone like hawks on camera and they see me opening up my backpack and they're like, Oh, those idiots are just selling circuit boards. But you know, like the week before, they're all like they have their like morning meeting and they're like, alright, it's nerd week,
Host 1 24:27
We got to get ready for this. Dude selling PCBs.
Host 1 24:31
They do. There's a there's a famous picture goes around right around DEF CON time from the Alexus Park, which was one of the first hotels if not the first, right. Yeah. And it's a note to the staff. Right? If you see cattle in the hotel call security. It's like all these random things. Like, you know, they must have had a problem with this before because they're making a note of it to their staff.
Host 1 24:54
That's awesome. And Oh God, no, I was gonna say we should talk about sort of like the object that we had to do for like the So we do do a large batch sale to get rid of a lot, which was hosted at the car hacking village this year. And so we we realized about the time that we're getting ready to do that, that we needed to like have some OpSec or, you know, some security around how we're transporting. It was about 130 30 that we were going to carry through and we didn't want to get mobbed. So we had an individual with us who wasn't necessarily part of the store and we gave him the the the case of Pelican case and said, nobody's gonna know who this guy is. And so he was able to walk through with 130 of our badges like through the pool public areas. Nobody stopped him nobody knew we got all the way to car hacking village. So I hired a mule. Yeah, we oddly weird how how there's a lot of drug dealing correlations.
Host 1 25:49
It's completely wholesome.
Host 1 25:51
And while that may sound out of character for, for that situation, when you're in Vegas during that week, it is not a normal to see people walking around with Pelican cases and carrying server racks and power supplies. And like dollies with a bunch of electrons, that's just normal. So you do blend in quite a bit, even though you're like who the hell would walk around Vegas with a pelican case and a server rack.
Host 2 26:19
Um, and so last thing on the last week's or last year's badge was
Host 1 26:24
Puzzles. So we mentioned the botnet, right? Yep. And there, there's a network security game, they're playing badge to badge. But bit stream mentioned the Android app that he made. On the apparel, the first appearance of it, it was so that you could use your phone and over Bluetooth have a serial console that remotely logged into the badge. But we let people know on the first day, hey, we accidentally hard coded the same root password on every single badge, you should figure out what it is and change it. The process of figuring that out and changing it was a series of puzzles to go through where you first had to guess well, who's the maintenance user, scruffy janitor, he figured out his password started tweeting out pictures of like dark helmet with 12345. Actually, a few people figured that out, a lot of people did not figure out just guessing that the the initial maintenance password was 12345. But when you get on there, the logs were encrypted. They had MD five stuff in there. So they had to go through all that. And by the time they escalated and got root privilege on the badge, it let you control the firewall and the services on the botnet on someone's badge.
Host 1 27:38
So in the name of the badge, too. So the reason that's important
Host 1 27:41
Is anyone with a phone could serial into anyone's badge over Bluetooth, and I made it so you could save scriptable macros. So once you cracked all those puzzles, you could just say connect a badge, hit number one, hit number two, login, turn on all their stuff or turn off all their stuff. So it was it was kind of a puzzle based on you know, hacking and network security and escalation of privileges. In addition to a lot there was a lot of like external physical puzzles that that put on the badge and others put on there.
Host 1 28:11
Yeah, we there's some hidden hidden Twitter accounts in there. They're hidden on the PCB. There's some we worked with other groups to embed puzzles from them. They embedded puzzles with us. There are some puzzles that no one solved yet. So Hint, hint. Er, but we'll see if they figure it out next year. Yeah, we may have to bring it back. Because that's that's kind of hard to be hard one.
Host 2 28:36
Yeah, I'd like to have us build another 500 of those.
Host 1 28:39
You want to you're on. Let's see, we we had some of you soldered uh, maybe use soldered a pin just added like a zero ohm resistor or something just basically took a GPIO higher low, you would unlock something. So that was that was pretty neat. There's just kind of
Host 1 28:58
An obvious space on the back of the board where you're like, there should be something here. I tell people Yes. Yeah, I would. Oh, yeah. Yeah. Yeah, let me see here. I told him I think I put it on my mock if you put such one sauce on it. I may have put the resistor on mine. Oh, he's got a he's got a solder there. Okay, it's it's kind of comedonal on a handful of badges. You'll see something like that. Like oh, if I bridge the right thing, it'll give me Sam on lock. We there's a cryptocurrency game called coin droid where they they attack each other over their QR codes. And we worked with them they they had a robotic Bender with the Hunter S Thompson hat on their end, and we embedded some QR codes on our end. So if you're part of the game, you had to find someone with one of our badges and you had to work with one of them playing the game so you got unlocked on both. So we tried to work with many different groups as we could just to you know, send people around and socialize and realize you can't solve all these puzzles by yourself unless you go meet people talk People make friends.
Host 1 30:01
It's cool. That it is that all the puzzles
Host 1 30:06
More. There are 15 ought to look at the code to see what I'm already on. DEF CON 26. So something for
Host 1 30:15
The for the future. Oh, okay.
Host 1 30:21
He's planning the next podcast
Host 1 30:25
Host 2 30:27
I saw DEF CON 26. So the prototypes are being built. Tomorrow morning, right there about 20 feet behind you. Yeah.
Host 1 30:38
I actually confirm that it is tomorrow. Yes. Yeah.
Host 2 30:41
So is there any hardware or software secrets that y'all can?
Host 1 30:45
Yeah, so one thing I have been able to tell people in person we input on Twitter, but we're gonna double down on botnet. That game was so popular, we learned people are going to Derby con, to torque on to all these other conferences, bringing the badges back and then finding places to meet up and play the game. So we gotta go. We gotta go even further with that. So we're going to do the same thing. But it's going to be different.
Host 2 31:08
Is it gonna be compatible with the old badge?
Host 1 31:11
Not sure yet on that? I'd like to say that we inquire I knew. And I was hiding a secret, but I don't know.
Host 1 31:21
Mostly because the so locked away, he doesn't know him. So
Host 1 31:24
I don't even know. Yes, I've hidden it for myself. Well, I mean, we'll see how far we can get. I do have the current prototype, the one that doesn't look like vendor, recognizing last year's badges. So we already worked that bit. So we'll see how far we can get. Maybe we'll make it interact with the old one. One of the interesting things about last year's badge that people didn't really recognize or appreciate was that they all synchronize time with each other. And that turns out to be a very powerful feature when they're all within about one second of the same time source. So it'll be fun, although we're not going to let DC 801. And again,
Host 1 31:58
No one have a real time source this time. Yeah.
Host 2 32:01
So the speaker last badge, and then on this new badge that you're designing, what did y'all learn from, you know, badge life last year that you're implementing on this one?
Host 1 32:13
Don't use ws 2012 B's ever? smart, smart, unquote, LEDs, right? Yeah, they're really nice. But it's worth the extra effort to use an LED controller and some common anode sort of LEDs, you can buy them from Mouser you can buy them really cheap on eBay, if that's your thing, or China or wherever it's, it's a little bit harder to do the programming is a little bit more, a lot more routing to do on the PCB. But as far as placement and reliability goes, it's so much better. There are a reflow oven. Yeah, the other thing I personally did better, oh, these two guys talk but the other thing I learned personally and this is kind of in the weeds, but qf N design on a PCB is really critical on the way you handle vias like in the ground pad to handle some of the extra solder paste in the thermal pad all the Yeah, the thermal pad and the way that you put the the traces symmetric so that it places properly when it goes to the oven. Stuff I never even thought would be a problem. You just assume Yeah, you drop the part on there and you bake it it works. There's a lot of there's a lot of really good documentation out there from TI from NXP from Microchip that explained, this is the way you do it. And they all say about the same thing. So I've learned a lot there. And there's a lot that's gone into design this year.
Host 1 33:27
Yeah, I think for for our site, we we did, as we talked about earlier, we did three firmware patches. In the during the con, we did one Android app that was relatively easy, much easier, obviously, than the firmware patches. So one of the things in the chipset we use in the BMD 300, that would have been available have we had enough time to squeeze it in was was over the air updates, because it supports that. And so that's something we said, you know, this year, we're going to try to do that. So, so we're working on a back end infrastructure for the end Nadex or badges, that we'll be able to reach out to our servers through the DEF CON network on some Raspberry Pi's that we'll have strategically placed throughout the con, they'll pull down our latest patch release and then they'll send out a beacon saying hey, I've got updates, sort of like a badge update server and and then the badges will recognize that turn on their Wi Fi which is pretty power hungry, they won't have it on all the time. And and download those patches.
Host 1 34:31
Some new one has Wi Fi then maybe
Host 1 34:40
Exclusive to the macro fab engineering podcasts.
Host 1 34:46
But he's right though, I mean, we we have to assume that no matter how much effort and you know, wring it out that we do to this to the hardware and the software until you distribute a lot of these to a lot of people who are hell bent on it. braking hardware and software, you're you're going to have something go wrong. So should definitely plan for having to do hardware fixes and software fixes and how are we going to make that as easy as possible on ourselves. And so right up front, we're designing in our, our patch system, our over the air update system. We're working really hard to secure those. Yeah, it
Host 1 35:24
Was kind of fun. As long
Host 1 35:26
As you don't short the bagel pin, it runs fine.
Host 2 35:30
And then you mentioned a how your prototype doesn't look like bender. So what are you doing in on the hardware design to that's different from last year?
Host 1 35:43
So the one you have Yeah, we'll talk about I'll bring it out. Yeah, so the one that you have 20 feet behind you one that actually looks like this. Here's badge Yeah, that's we're calling that one pickle Rick,
Host 2 35:52
Which may or may not look like Bender right?
Host 1 35:55
It does look like Bender and it's been Bender as it has been vendor eyes. We do have an actual artist. So big shout out to Doc, if you're listening. Really good job in the art this year. We did I did the art last year. I'm not an artist. But he's he's good. So this is the the scary Terry. prototype and I know
Host 2 36:14
Carry weight. Everyone on the board on the floor out here. Love this thing. Really? Yeah. They love they whenever someone puts like art and stuff on the PCBs, they love it.
Host 1 36:23
Yeah. So flip it over. And you'll see that my supposed to be there. And there's there was a message on there. I don't think I saw it when it went through Makerfaire back in November. Or December, whatever it was. We did have something on there. But you guys and
Host 1 36:41
Yeah, it's on there. I think it's covered up by a rubber.
Host 1 36:43
Yeah. I love how in the silkscreen. The words. Not USB with an exclamation point.
Host 1 36:48
Yeah. So if you see the add on stuff, the bad life has been polishing. One of our early attempts at doing the add ons was to use USB to do it because as a nice mechanical linkage, and they're inexpensive and inexpensive. You can buy them anywhere. So that the scary Terry actually included that and it was not USB, it was I squared C and power over a USB port. Yeah, making sure people didn't plug in like nine volts and fried that thing.
Host 2 37:16
So But why did you design like this? Instead of? I was asked? Well,
Host 1 37:22
It's basically it looks very much like a dev board. Yeah, the rectangle with stuff on
Host 1 37:27
So you basically made a modules and then
Host 1 37:31
Modules and you'll you'll see the actual board
Host 1 37:32
Seat more scary
Host 1 37:34
Tear. I mean, if you if you look at
Host 2 37:36
Flux under here, of course there is. Oh, look, look underneath there. There's some nice bedbug action.
Host 1 37:45
XC. Yeah, there's a few issues with it.
Host 1 37:49
But we did realize with, you know, our iterative prototyping, there were some components we wanted to reuse. So we kind of took those main components and put them on modular, you know, make little hats and boards because we figured, I don't want to redo screens or buttons over and over, we at least pop them on the next one. If it works, but it's nothing like production level. Yeah, so
Host 1 38:12
The screen board or hat. So we took them off. Yeah, they'll come off we have three. So that's a common PCB. But basically, I adapted three different LCDs that we were looking at. So just depend on which one you had you'd solder that one on, and then plug it in the board and then we can test. Let's find out what's the frames per second.
Host 1 38:32
Parker and Steven
Host 3 38:35
Sub Parker and Steven Okay, I have to I have to ask real quick because this is this is written in silkscreen on here, it says, Yo, Hi, Ron. And it has two arrows pointing to SEL and SDA. Is it because they were flipped at one point in time?
Host 1 38:49
Because he was demanding I squared C to do his do some of his stuff I should do so seek we're gonna dig
Host 2 38:58
In. It's funny cuz you put that on a board is one of our our The Pinball Controller I work on. There's a connector called the connector that then didn't want but I put on anyways, because we would need it. That's a good connector. I mean, yeah. And we used it. Yeah.
Host 1 39:20
I mean, you probably knows, but this board is not made for anybody else is made for us. Yeah. It'll probably get thrown away in this board. I can feel it. There is a lot of love, right?
Host 1 39:28
I mean, you can tell by the rosin.
Host 1 39:29
Yeah. Yeah. So one of the pins floating on that off, is that serial, do that USB to serial part. And sometimes it fails. And so I've had to replace it a few times. That's why you still have the flux and stuff on it. I just replaced it last weekend.
Host 1 39:46
Putting it back together. Yeah. Carefully as I can.
Host 1 39:50
Like, it is a priceless artifact.
Host 1 39:52
It is. Yeah, they they don't look very good when they're in this stage. To be on a
Host 1 39:57
Pedestal working actually probably more work in that than there is in the end badge.
Host 1 40:03
Yeah, other than the routing for the LEDs and the the final badge. I think I redid that. And when you see it in person, I think you'll appreciate what it is. But there's so many there's four traces per led times 31 LEDs. So do the math. How many V is that is it's ridiculous. It's too late.
Host 1 40:21
Right? What's that? Is it Tueller? Secret?
Host 1 40:27
It's four layer. Oh, well, the routings on. Friend back. Yeah. So power grid in the middle.
Host 1 40:33
3.3 volts. Yep. Okay. Trying to extract as much as possible.
Host 1 40:41
Turn off the microphones. I'll give it all.
Host 3 40:46
So I'm okay. So I wrote this down earlier question that just came to mind. And it might work with the new badge. One thing I hadn't fully heard. Is there any kind of opportunity for badge to badge?
Host 1 41:03
Yeah, connectivity or anything? Okay. But not like I'm saying not your badge, but somebody else? Yes. Okay. So there's there's a
Host 1 41:08
Limit. Yes. We were secretive about that last time. There was at that time, there was a spec. A BLE spec is just a word doc, we've updated for this year. But if you watch any of the badges that go around DEF CON, our group, queer con, CPV, DC, 801. They are buddies, right? We like them. But there's a few other groups that implement it. It was basically, if you advertise on BLE advertise with field there with these fields in this area. That way we can recognize you. And so we knew each other's manufacturers, Id we have a real one that Bluetooth Association issued us is zero 49 e fascicles. Yeah, yeah. Yeah. So if you scan it, oh, pro, there's a great app, I highly recommend all your listeners download it. It's called NRF. Connect. It's a great BLE scanner. If you scan our badge with it, it'll show up and not XOR LLC when it sees it. So when these badges see each other they'll play an animation. Like hey, hello DC 8018010 by there's some ID you should in the nearby you should see Medallia and then you should see the ADA one badges. You see
Host 1 42:13
That one? Like show our favorite robot on there? Yeah, yeah, yeah.
Host 1 42:18
So So you pull the badge out of your bag? What badge is this? That is
Host 1 42:21
DC no one's sheep. Sheep. Cool.
Host 1 42:26
So they actually we went in with using the same same riguardo so when we got that regard, oh real for because like really nice discount like 60% off or something. We didn't need all 1000 BMD three hundreds. So we shared with them they shared they end up buying the screens and share the screens with us see the same screen? Same, same soc. So even though on Twitter and with the botnet, we're kind of adversaries? There's a lot of sharing going on with the badge itself.
Host 1 42:53
Well, that's yours. There's actually a hardware spec for breakout boards too.
Host 1 42:57
Yes, that's the add on that you see from Mr. Bench off. Yeah. That's the name, Mr. Robot badge. I'm being respectful of our of our Hackaday brethren. Brian bench off put that put through that on Twitter, but he was, he said weeks of deliberation, but it was five minutes. Yeah, we're doing an add on. We're doing an add on. Okay. Great. Nice. sketch something up with Comic Sans. On Twitter. Yeah. This is how you do as you do it. Yeah. So our pickle Rick prototype doesn't support it yet, because it was so fast. But we'll do in the next.
Host 1 43:27
So we can expect to see that at this year's DEF CON.
Host 1 43:29
Yeah, I'm really hoping people build out boards and, and send stuff out just so they can add on to the existing badges because that's
Host 2 43:36
What the Hackaday super conference badge was like.
Host 1 43:39
Yeah. Fact event? Yeah. So the little red LED board. I know listeners can't see it. But the red LED board on the prototype we have, that's what we designed for the Hackaday badge guy to plug into the I squared C, I mixed to the pin, so I had to move it over and mess around some of their prototyping area. But that's what it was built for. And it was also an opportunity for us to test some of our parts.
Host 1 44:01
Do work once reused many times. Yeah,
Host 1 44:03
Host 1 44:06
It's getting really in depth now. Yeah.
Host 2 44:10
So what are you looking forward to this DEF CON. They're
Host 1 44:13
Not flashing badges. I saw one talk is closing ceremonies last year.
Host 1 44:20
Yeah. It would be nice to actually go to like hacker jeopardy or something like that. So not flashing badges. Yeah. Yeah.
Host 1 44:29
Yeah. Like, I'd say that's one thing that people don't realize, like, you know, nights and nights and weekends. We're putting in all this effort into doing this so we can have fun and everything. But last year, yeah, we were. We were working for 10 days straight. We were running around and we love doing it. But we were running around fixing badges talking with people working, but we didn't get to see any cool talks or any of the other events going on. So poker
Host 1 44:55
Machines, like some poker we played,
Host 1 44:58
Like let's not It's Vegas. So
Host 1 45:04
Yeah, being able to offset some of that with, you know, taking into account, we're going to need to maintain it, we're going to need to fix it when people find bugs in our firmware. So trying to get a lot of that up front, we're looking forward to having a little more free time to enjoy the conference, then working the conference, agreed.
Host 2 45:22
Anything else? Like maybe with what you want to see there, or?
Host 1 45:27
I'd like to see, like see more bad, I'd like to see more people hack on the badges. Hmm. We are. We're putting some stuff in this year last year to tickle, putting some other stuff that's kind of similar, that we really hope people dive into and make use of and it'll come out right, we'll give people about a month. Right. So the add ons, those are kind of starting come out. Now. We want to see people build add ons, and come up with really interesting things. And so giving getting out early is important for that. I want to see people write their own code for the badge.
Host 1 45:58
We're making that very easy this time around.
Host 1 46:01
Yeah, that was easy last year. But this this year, we're not just adding on this tickle interpreter on the side. But it's actually part of the badge itself now. So it's not as obviously thank you in advance. Yes, there is. Yes. So we will we'll release, probably release that source code early. And just have fun.
Host 1 46:22
Yeah, we figure if people see it ahead of time, they can hack it ahead of time and show up with some nefarious things in mind. And that's what we want to see. Because as much as we can point out, we had to fix stuff. It is kind of fun and interesting. You're like, oh shit, we lost control of our bot that went on or that's going on.
Host 1 46:42
He's going to shrug your shoulders and go Oh, well. Yeah.
Host 1 46:45
So be made aware of that. And where can they find it?
Host 1 46:50
Well throw it on Hackaday and on Twitter, Twitter's our main our main avenue to throw all this stuff out there. And they and XOR AMD nxo are Yep. Yep. Like the logic gates. Like the logic logic. Yeah, I think if you do the math, that means like, if all three are true, then it's true. I nerd, yeah. Computer science. So there's some basics there.
Host 2 47:14
Cool. Yep. So I think that's gonna wrap up this episode, right? Anything else y'all?
Host 1 47:20
So when do we cue the eight bit music?
Host 1 47:23
After y'all sign it off?
Host 1 47:24
Host 1 47:34
Let's keep going. No, yeah, that was the macro fab engineering podcast. We were guests zap.
Host 1 47:40
Hi, Ron, and bitstream
Host 2 47:41
And we're your hosts crab foam and Blitz. Later everyone take it easy.
Host 2 47:54
Thank you, yes, you our listener for downloading our show. If you have a cool idea, project or topic or badge that you want, Blitz, and crab foam to discuss, tweet us at macro fab or email us at email@example.com. Also check out our Slack channel which we'll talk about the badge that we are going to make for DEF CON if we can get there. And if you're not subscribed to the podcast yet, click that subscribe button. That way you get the latest episode right when it releases
Transcribed by https://otter.ai