- Joe Grand
- Also known as Kingpin
- Computer engineer, hardware hacker, product designer, teacher, advisor, runner, daddy, honorary doctor, TV host, member of legendary hacker group L0pht Heavy Industries
- Proprietor of Grand Idea Studio.
- Our first guest to have a Wikipedia page
- Has been creating, exploring, and manipulating electronic systems since the 1980s.
- Parker and Joe met each other at the unofficial propeller expo in Sacramento. This what right around the time MacroFab was starting in 2013.
- Joe “flew” Ken’s brand new quadcopter
- IRC channel #tymkrs on afternet
- Joe first discovered the hacker world at 7 years old in 1982.
- First online name was “black ninja” then went to fbi agent, astro zombie, autovon, the youth, before settling on Kingpin.
- Joe’s first hardware hack he remembers was the Ring Busy Device – you can still use the phone, but if someone called, it would give a busy signal. Built with circuit board from Radio Shack kit. Came with switch so he could turn it on and off.
- DEF CON badges – what’s the history?
- Joe is friends with the Jeff Moss aka Dark Tangent for a long time through bulletin board systems
- Joe had been giving talks for DEF CON for a long time and was approached by Jeff to make an electronics badge
- Before e-badges they had Laser cut , acrylic badge, liquid filled badge
- First electronic badge ran on a PIC10f202
- Badge hacking contest – 20 people hacked the first time
- DEF CON 14-18 were years that Joe tried to challenge and one up himself
- DEF CON 14 Badge
- DEF CON 15 Badge
- DEF CON 16 Badge
- DEF CON 17 Badge
- DEF CON 18 Badge
- Joe is friends with the Jeff Moss aka Dark Tangent for a long time through bulletin board systems
- Tooth tunes hack
- The MacroFab Meetup in Houston is next week!
Special thanks to whixr over at Tymkrs for the intro and outro!
About The Hosts
Parker Dillmann is MacroFab's Co-Founder, and Lead ECE with backgrounds in Embedded System Design, and Digital Signal Processing. He got his start in 2005 by hacking Nintendo consoles into portable gaming units. He also runs the blog, longhornengineer.com, where he posts his personal projects, technical guides, and appnotes about board layout design and components. Parker graduated with a BS in Electrical and Computer Engineering from the University of Texas.
Stephen Kraig began his electronics career by building musical oriented circuits in 2003. Stephen is an avid guitar player and, in his down time, manufactures audio electronics including guitar amplifiers, pedals, and pro audio gear. Stephen graduated with a BS in Electrical Engineering from Texas A&M University.
Host 1 00:10
Hello and welcome to the macro fab engineering podcast. I am your guest Joe Grande, aka Kingpin.
Host 1 00:17
And we're your hosts Parker
Host 1 00:19
Dolan and Steven Craig.
Host 1 00:20
This is episode number 73. Oh, you guys are so great in tandem.
Host 1 00:27
We tell we've got this down we've only done it 73 times
Host 1 00:31
That was done that was by sheer luck because I can't really hear him with the headset on.
Host 1 00:35
Oh. Next to each other. Yeah, yeah, yeah and and almost no almost facing each other too. So, that was perfect
Host 3 00:43
Way to go. Alright, listeners if you enjoy the macro fab engineering podcast, please let others know about us. Tell your co workers, your friends, your family, your loved ones and share it on social media at macro fab or follow us on Facebook. We also have an Instagram at macro fab Inc. At some point during the show, we're going to announce a secret code word. If you email us the code word and your address, we'll send you some cool macro fab swag. The email address is podcast at macro fab.com. So our guest this week is Joe Grande, also known as Kingpin. He is a computer engineer, a hardware hacker, product designer, teacher, advisor, runner, daddy, honorary doctor, TV host member of legendary hacker group, loft Heavy Industries, proprietor of grand ideas studio and our first guest to actually have a Wikipedia page.
Host 1 01:36
He's been creating, exploring and manipulating electronic systems since the 1980s. Which I bet you a good portion of our listener group wasn't even born in the 1980s
Host 1 01:50
I was barely born in the 1980s. But yeah, thanks for making me feel old. I've also never had somebody read that bio. It's cool to have somebody say daddy normally do.
Host 1 02:00
Right. And what I like about it is how daddy is somewhere buried in the middle of all of that. Right? It's perfect. It's
Host 1 02:07
There's other ones also. So I don't know how
Host 1 02:09
I was really hoping you go Wikipedia page and then emoji smiley face. Yeah, right.
Host 1 02:14
Yes, there is. Right. That was part of it. I totally skipped over that. Sorry. So Parker, you you and Joe actually know each other?
Host 1 02:25
Yeah. We went to a like, parallax propeller meetup kind of thing over and was it San?
Host 1 02:33
That was an outside of Sacramento was in Rockland Sacramento. Yeah. And this was like, I guess a few years ago for a few years parallax who you know, specialize a lot in hobbyist electronics and robotics. And they make a bunch of hobbyist modules, of course, the the propeller processor and the basic stamp and all these things. And they had been holding. Originally, they started as what was called the unofficial, unofficial propeller Expo. And then it just turned into sort of these annual kind of meetups somehow showed up for one.
Host 1 03:04
Was that the Maker Faire that year? Oh, so yeah, it was, yeah, I drove out and met up with all the guys from toymakers. And, and I think it was called parallax con or something like that.
Host 1 03:18
Yeah, they changed the name because it was sort of not you know, there was no real agenda. It was just everybody hanging out. And oh, yeah, that's right. Because it was the the Bay Area Maker Faire. And you were there. Yeah. toymakers, which a bunch of us hanging out on the on the toymakers IRC channel, lb t y m k Rs. and on after that, you were already there. Right? And then you're already on the channel. So it was just like meeting another new face? And it was, uh, yeah, yeah. Surprising that you came all the way from Houston?
Host 1 03:45
Well, I always made the San Mateo Maker Faire and it was just one of those toymakers invited me out. I'm like, sure. I'll just go ahead and just drive on over there. Yeah, that was awesome. That was I was, that was actually right when we were starting macro fab as well. And like, I really wanted to look at parallaxes assembly line and see, like, how we how you actually build electronics, because at the time, we're just still trying to figure that out.
Host 1 04:11
And that's actually like four years ago. Well, you guys sort of figured it out, it looks like but you know, it's like parallax is a great example of that because they're, you know, small kind of family family run very dedicated group of people working there. And they believe in what they're doing. They're not this faceless, you know, normal type of assembly facility or contract manufacturer, where you might have, you know, some project manager dealing with your stuff who might have to communicate with other people like it's a small thing, so you get to see their real process. And I think you were there when we saw the selective soldering station, right. I think they just set it up. So it was like a big blob of solder that they could move around and solder through whole parts. And like that was just so so cool. Again,
Host 1 04:52
Yeah, they had a kiss model that and basically I put that on our list of what we had to have at macro fab. So we have a Rhythm RPS, which is basically the same thing as that machine.
Host 1 05:06
Nice. Yeah. And, and there was the something about the quadcopter, too, right? Like Ken. I don't remember if Ken Gracie from parallax had just finished building it was like their new quadcopter kit or something like that.
Host 1 05:19
Yeah, it was what's it called? It's like a PX eight. Octo quadcopter.
Host 1 05:27
It was a massive thing that was a kit. And you could download it or something. And the thing is,
Host 1 05:31
The other thing is like four feet in diameter. Wow. It's huge. Yeah. It's the best thing is is like, Ken just finished building this thing, and hasn't even flown it yet. And takes it outside. And we're all like flying all these little tiny ones around. And then Ken hands Joe, the controller for the big copter and says, it's easy. Go for it. You can't
Host 1 05:55
Crash it. I don't know why he gave that to me. I told him that I'd never flown before. But I've been curious about it. And especially since they had a kit. I was like, well, we can build the kit. And it would be fun to fly. And like, you know, so many people fly quad copters now and to me, it looks so easy. But then when you put a controller in my hand, like I basically have a whole bunch of thumbs. And I grew up using computers, I'm not that coordinated. And he was like, it's easy. Just keep the red lights in the back and the green lights in the front or something like that. And it basically like, I think it went up, like really high up and then really fast down. I was a little bit embarrassed. But you know, he gave me the chance. What can I say?
Host 1 06:37
Yeah, it was it was the highlight of that trip.
Host 1 06:41
Yeah, and Ken Ken probably probably spent the rest of the trip fixing it.
Host 1 06:48
3d printing new parts and stuff. That's right. Yeah. So in your description, also known as Kingpin. What's that from?
Host 1 06:57
Yeah. Okay, so I guess I should give a little bit of background on my history. I do want to say by the way, I have the awesome macro fab engineering, feature guests t shirt, and I have my my peach blossom kombucha in the macro fab koozie. So I'm, like, totally ready for this for this podcast?
Host 1 07:18
Give us a selfie. For the podcast notes. That'd be awesome.
Host 1 07:22
I'll take one when I'm done. So yeah, and I did say kombucha. I live in Portland, Oregon, possibly hope of kombucha and drink beer. But this is like, the best thing to have. And it has a little bit of caffeine. And I'm super sensitive to it. So by the end of this podcast, I'll probably be running around in circles in my office, because luckily, no one's gonna see that. Okay, so Kingpin. So I grew up, started using computers in 1982. And I had an Atari 400. And my, my brother is six years older than me, and he was Joe, when were you born? So I was born in 75. So I was seven, seven or seven years old. Okay, yeah, um, when I started, and I mean, that was just dumb luck, like my brother had a computer. I don't, I don't know why he was, why he was interested in it. I know, he was interested in electronics as well. So we would kind of tinker around on the computer on weekends and stuff. And we typed programs out of magazines. And then he decided, I think he was like in maybe eighth or ninth grade that he wanted to become a musician and sort of just stopped using the computer. So I just basically inherited the computer room with all these disks. And by that point, we had been calling bulletin board systems to connect to other computers, some of them, you know, intentional setup, bulletin board systems where people can communicate with each other. And then other things were just random, weird systems that you could connect to with a computer. And at the time that the hacker community, I didn't know the word hacker, but really, you know, the people that were involved in computers, a lot of them were what I would call hackers. So people are curious about technology, and wanting to learn something new. And you know, computers at the time, were really, if you had when you were lucky, but it was really a hobby, and it was a passion for people. It wasn't like today where it was a mainstream tool that everybody has. So there are a lot of a lot of things that that I started to do. I sort of discovered the hacker world at the time, which was which actually, you know, you hear about, like hackers being nerds in their parents basement or whatever. At that time, like it really was nerds in their parents basement, or in my case, like up in my parents, you know, third floor, little tiny room.
Host 1 09:30
But it was just a douche. You're the nerd in the attic. Then
Host 1 09:33
I was in the attic. Yeah, and I finally came out of the attic a little bit later on, but it was like having eat. People didn't use their names. They didn't use their real name. So it was sort of like creating pseudo names. And kingpin was not the first that just happened to be the one by the time I was 16 is the one that stuck. So my actual first hacker name was black ninja, because as a seven year old that's awesome.
Host 1 10:00
Host 1 10:05
And not even black ninja with numbers behind it. You were like the black ninja.
Host 1 10:11
There was no other Yeah, it was just like Ninja
Host 1 10:12
There can be no other.
Host 1 10:15
Which is hilarious because you know, like if you talk to any seven year old ninjas are amazing, right like kids love ninjas, and especially black ninjas like if they're, you know, dressed in black. So, to me, it seemed like a natural handle, except now I have kids and when my when my son, he's eight, I have eight year old a five year old when my eight year old was. He was like six years old. He had to choose a name for something in his school and he chose black ninja completely separate, never knowing about my
Host 1 10:46
Usernames are genetic. Yeah.
Host 1 10:49
It's like a black ninja Jr.
Host 1 10:55
So it's like, you know how like, usernames, like now you have to have a username and then you have to have like, numbers and stuff afterwards. Yeah, yeah. So when you so when you die, you also pass on your usernames now? Now there we go. Yeah. Yeah. So like, a username that doesn't have that is doesn't have numbers, at the end would be our gummy. Like, scarcity. Like if you have one of those. You're like one of the original Internet user families. Oh, yeah.
Host 1 11:25
No, I remember once I played a Starcraft game on Battle dotnet with a guy whose username was Viper. And I thought it was so cool. Because it was like, This guy was like, an original OG StarCraft right here. Yeah.
Host 1 11:38
Sure, you know, like a three letter domain name or something which we used to have so many of back in the day and just got rid of them all. But that's right. You had you know, we had LH ai.com, which was one of our part of our hacker group. And I think we ended up selling it, but we should have held on to it and sold it for you know, something more. But yeah, so you know, people just had fake names back in the day. And it was mostly a novelty at the beginning. So you know, I would use black ninja, I had a whole bunch of other ones in between. As I started to turn it to teenager. I say let's see if I can think of some of them. I had a FBI agent, another original one. Astro zombie was another I was a huge misfits fan at the time in about eighth grade. So after a zombie, auto Vaughn was one which was like a secret government telephone network. And I can't remember what the other ones. I had the youth for a while, because I was always like the youngest of everybody in every group I was involved in. And then kingpin came around because I thought all those other names were lame, and I wanted to find something, which looking back, it's sort of like that sort of, I think Kingpin is sort of a lame name also. But I was still a teenager, and it sort of stuck. Like I would have liked it if somebody else gave me a nickname, because it would have been more funny. But this one was I was heavy into skateboarding. So kingpin was like, you know, a part of the skateboard truck. There was a band in Boston where I'm from called kingpin at the time that I was really into sort of from the punk hardcore scene. And then I'm not into Spider Man. But that guy in Spider Man like the kink the guy named kingpin who's like that big fat dude with the, with the diamond, and like, you know, he was like this this badass gangster? Yeah. I just liked his persona. And I don't like bowling either, by the way, but I just like that aesthetic. So I don't know, it just stuck. And it was like, it's not really. It's sort of like a I'm stuck with it. What can I do? And I deal with it. And people still call me kingpin or KP. What's funny is like, sometimes when we were at the loft, which was our hacker group, and you needed to, you need to sign up for some, you know, magazine, or something that required a first name and a last name. kingpin obviously didn't work. And it was obviously a fake name. So I would I would do kin as the first name G as the middle initial and pin. And then it was like, you know, I'm Kinji pin. On the internet, no one knows you're a dog. So. So it worked. But yeah, so you know, that sort of history as the as the last progress, which was a hacker group I was involved in, in the early 90s, we were one of the first publicly facing hacker groups who really challenged companies to fix security vulnerabilities and spread the message, the good message of the good side of hacking as far as discovering problems and helping people to fix them, and not relying on the corporations to fix the problems because if you trust corporations, and you wait for them to do stuff, like you're going to be shut out of luck really fast, right? Because they're, they're concerned about money, not security. And that's the same thing today. So we were doing very controversial things like we would find problems in Windows and I was mostly a hardware guy. So I would tinker around mostly with like I was playing around with mobile data terminals and decoding packstack pig pager transmissions and messing with radio systems. But so I would do mostly hardware but as a group, we were you know, taking Taking a lot of pokes at Microsoft was the biggest and we'd find vulnerabilities in their products. And they'd say, Oh, no one's ever and we'd confront them. And they'd be like, no one's ever going to do that. And we're like, well, no one's gonna find that. Yeah. And like, we can find it as a group of seven people doing this, when were the good guys that are just curious, there's probably somewhere somebody else doing it, that's gonna exploit it in some malicious way. So we're doing this as a service to give you and eventually they're like, you know, we had to write some exploit code to show this stuff. And eventually, they got it. And that sort of kicked off what I would say of like, the sort of responsible disclosure era of security, but we were pissing off a lot of people. You know, there are seven guys with fake names that have basically forced their way into the the InfoSec community, which at the time was like a very square, mostly academic, like, you had a lot of practical on the network side, but not allowed on the security side. And we were just coming in, like, you know, like the Kool Aid Manny, like, bust through the wall. He's like Kool Aid. And
Host 1 15:58
You dude, busted me like hacking man.
Host 1 16:02
You know, it's like, We're seven guys. Like, literally seven dudes that work at you know, we could we go to this clubhouse at night. And like, we're not these, you know, we're just normal people. So we're like, hackers. And but I finally got the message that we, we had, we had I know, the images is hilarious. We had, we had a lot of people that were angry at us, and they would send us messages and say, you, you should use your real name, if you're so brave about releasing security vulnerabilities and all this stuff. And we're like, Well, the reason we're not is because people like you are gonna harass us. So that was really how kingpin stuck because that was the name I used through the loft. Through our Senate testimony, when we testified to Congress about the state of security in the government, I had papers published with the name Kingpin, and there's all this other stuff. So eventually, when I started using my real name, I associated it with Kingpin. So everybody knew. And at this point, it's like, I don't care if my name is out there, what I did in the past, I'm proud of the statute of limitations is probably, you know, expired for probably the stuff I did. So, you know, it's like, it's a cool piece of history where it was like, nowadays, people choose a name because they can, everybody has a pseudonym, or a handle or whatever they call it, you know, online. But this was like a nest necessity requirement. So we wouldn't get harassed all the time. That's the short version of it.
Host 1 17:25
Version. The The best thing about that is the probability of statute limitations is, you know, it's probably
Host 1 17:36
Something, something can always come back and get you right. So I don't really know. But we were generally on the good side, doing good things. spreading the good message, as a kid, though, I will say so that was at the loft. When I was growing up. As a teenager, there were a lot of things, I don't know the statute of limitations on some of this stuff. But I do know that for some of the computer exploration that I was doing as a teenager, if if if I got caught doing that, now, I would probably be in jail for the rest of my life and be labeled a terrorist and identity theft, cyber warrior, whatever, you know, it's like, the laws have changed so much where there really was no structure around what we were doing. And as a kid, I sort of like in what I was doing a lot as a kid as like digital mischief of I was exploring, and I wanted to learn and I would read electronics now magazine and Popular Electronics and radio, electronics, and I would build all these projects. And then on the computer side, I would want to explore and it's you know, originally started as a kid trading games with people, that's what I was using the bulletin board systems for, but then you discover all these other systems. So it wasn't even this thought process of like, am I connecting to something I shouldn't be connecting to? No, it was just like, I dialed with my, you know, rotary phone and plug the phone into the acoustic coupler modem. And like now I've connected to a system, I didn't have to log in, I didn't have to guess the password. Usually, if I did, a lot of times those systems, we would just go through the trash, the physical trash, and like pull out passwords. But it was just like a totally different time. And that sort of shaped my mindset of moving forward into my, I guess my career and my life and everything about sort of questioning things and exploring and doing what I want to do to kind of learn. So yeah, I don't know it was it was a fun time.
Host 1 19:20
You never had those messages pop up that says the the system admin has been reported and your IP has been logged?
Host 1 19:28
No, this is before IP. This was like the secret service calls your house and your parents answers the phone. We get a lot of phone calls from telephone operators, because a lot like back in the day I was before the loft. I was part of a hacker group called renegade Legion. And there's not a lot of information about us online. But if you do go to Text files.com, which is sort of an archival of old text files put together by an old friend of mine, Jason Scott, who was a bulletin board system operator of a BBS called the works and is now working at the And our Internet Archive, basically archiving all digital history. There are some files that we released back then. And you know, you read the titles, and it's like, well, you can read them for yourself. And you can sort of get a feel for like, what the what the early 90s kind of hacker community was. But we would set up Alliance Tella teleconferences. So basically set, you know, set up a telephone conference where you could have 50 people dial in, and you'd have these massive phone conferences where people would just talk, it's sort of like, I don't know what the equivalent would be online now, like IRC or slack or whatever, but it's like, everybody's on the phone, trading information, heckling, you know, calling the bully at school and screwing with his parents, or whatever it was. And those were not set up in a legal manner. So the phone company would call the numbers that were on the conference call and try to get information about like, do you know, you know, who was on this call from this phone number? And I'd be like, No, sir. There is nobody here that would
Host 1 20:58
Like 13. Yeah, and make your voice lower.
Host 1 21:02
At that age, and at that age, you know, people call me Mickey Mouse, because my voice was so high. So it was yeah, it was a hilarious time I have actually, I have phone recordings of trying to get out of some of those phone calls as well. I had one guy call me because I was abusing a telephone service to get free phone calls. Also, again, as a teenager, way before I was 18. And he ended up calling me and saying I know somebody was calling numbers from this phone number and blah, blah, blah, blah, blah. And I'm like, I'm sorry, sorry, I don't know what you're talking about. And just hung up. But it was so scared. Yeah, actually. So that actually brings me to an interesting first project of mine in electronics project was something called a ring busy device. And it was a device that it was a I don't remember the exact resistor value, but it was a single resistor, half watt resistor that would go in line with the ring in the tip of the RJ 11, your standard telephone lines for those who remember those. And what would happen is, you could still use the phone from like the house, so my parents could use the phone, like my sister and brother could use the phone. But if somebody tried to call our house, it would give a busy signal. So it was perfect for like for fear of people calling the house and it helped a lot. So I would just put on so I built a circuit board etch the circuit board of ferric chloride and stuff because you know, Radio Shack sold the kids to make your boards. And yeah, with a sharpie in it, with a sharpie in it and the rub off letters you could get so I made a whole bunch of those as kid as a kid, like different projects, but that ring busy device was the first one. And I had a little switch so I could turn it on before dinner, and turn it off. You know, when I was going to have my friends call me later at night or whatever. But that was like a godsend man. I mean, to have the to have the confidence to know that nobody's gonna call my parents while they're home was like, Who?
Host 1 22:50
Did your parents ever get suspicious of the fact that no one could call them?
Host 1 22:54
No, but a few times, I think they had like, waited for a phone call and didn't get it. So they call their friend and their friends like, oh, the phone is busy in there. Like I don't know. I feel bad telling that story. Because they're actually right outside my office right now visiting me from Boston, and listen to the podcast.
Host 1 23:17
That's great. That's awesome. So speaking of first you did the last time we had a guest we had an XOR. And not Excellent. Yeah. And not. And they do. DEF CON badges. Yes. And when that episode came out, you ping me on IRC. And you're like, I have history with this. Like, maps. So yeah, what? So what's your background on DEF CON badges?
Host 1 23:44
You're okay. So I have to say, let's start with the current state of things. The end, not XR badges and the group that are working on that stuff is epically amazing. And the art and sort of the design. And the number of people creating electronic badges these days is is crazy, right? And it's just so cool to see, like every conference, you go to every party, you go to every sub conference within a conference has a thing. Every group has a badge. So it's really kind of great to see because that just means that electronics in the hardware side of things is spreading to the masses. The reason I pinged you is I know there's us, you guys asked him a question about what is the history of the DEF CON badges? And it turns out he wasn't actually Sure. And electronic badges. The history doesn't go back that far. But I was like, Wait, maybe nobody really knows the history. So the as far as I know, and it would be great if any listeners have examples of earlier of this. But as far as we know, the DEF CON 14 badge, which was the first electronic badge that I designed, it was the first electronic badge used as like a conference thing. So it was it basically, you know, some electronic product that was used as some artistic conference, public conference badge. And I don't know if that's true. So You know, I'm wondering if there's, you know, some Homebrew Computer Club from the 70s or something that somebody made a badge and use that as the the actual official conference badge. But the history was,
Host 1 25:11
I can just imagine someone wearing a ginormous motherboard with a 68k.
Host 1 25:18
That was like, That would be so cool.
Host 1 25:21
It's like every, like the flavor flavor of classic computers.
Host 1 25:24
That's right. Well, there was sort of a time actually, I'll explain that with DEF CON. Like the badges sort of increased in size to the point of people were actually wearing a flavor flavor sized.
Host 1 25:36
Host 1 25:37
But it wasn't it wasn't a board. It was a record. It was a vinyl record. So I was a little Yeah. And I actually wrote I drew a clock on mine to look more like flavor flavor. The so the history of the DEF CON badge goes like this. I've been friends with WITH THE DARK TANGENT with Jeff Moss for a long time since we were teenagers. He lived in Seattle, he grew up in Seattle, I was from Boston, somehow we knew each other through bulletin board systems or some hacker, you know, community, some hacker conference or something. And so he had started DEF CON. And then he had started a conference called the Black Hat briefings, which is now people just kind of commonly refer to it as Blackhat. And that's more of DEF CON was like the hacker, you know, underground conference, over a weekend in Las Vegas. And then Blackhat became this was a, you know, a few years later, Blackhat was a corporate security conference as the InfoSec community became the cyber community and became more of a real industry. Blackout was there at the beginning for have to having technical talks and corporate sponsors, and really the first kind of corporate side of things. In 2005, I started. So I've been giving talks for Blackhat. For a long time, I'd been giving some talks for DEF CON. And Jeff had come up to me one day at BlackHat. We were actually in Japan together for the first Blackhat Asia and he said, Joe, you should you should teach some class about hardware hacking, because they had started training classes at BlackHat, which is now a common thing across a lot of platforms as well across the different different events have like two day training classes or a one day workshop on a specific topic. So I was like, alright, so I ended up designing this hardware hacking curriculum, that since 2005, I'd been teaching and part of that curriculum, I have this G shaped circuit board, so it's in the shape of my logo, and it has a microchip PIC on it. It originally was like a 16 F 648 A and now it's a 16 lf 1829 I think don't quote me on that. But it was a pic bass were totally word in the shape of my logo that we would do soldering exercises, D soldering exercises. Cutting trace is modifying the circuit board, reverse engineering the board, and the board basically would like Blink lights. But there is a security mechanism in there that if you defeat the security mechanism, it would unlock a game. And that was the challenge for the students at the end of the two day class to defeat the security on their own using a logic analyzer using the different tools to monitor communications and figure out the you know, the process of how the system works to defeat it. And that's something that continues on to this day. So after I think a year of doing that Jeff said, and again, Jeff, he really is like this mastermind of seeing seeing the future. He's like this visionary of the hacker world. And it's amazing, because, you know, I'm an engineer, by by lifestyle, and by trade and by everything. So I was really just I'm focused on doing my projects, I don't really think about how is this going to affect the future and change the world where Jeff is like, let's make this a big thing. Let's do this. Let's do that. And he has these grand plans. So he said, Hey, let's do something like your badge that you use for our training class for DEF CON. And I was like, Huh, that's a pretty cool idea. And that's how it started. Like before that DEF CON had a lot of very cool badges like they'd always been sort of non standard like their first year was actually a paper badge that you would write your name on, or your fake name because they were mostly afraid of law enforcement at the time.
Host 1 29:03
And but they had like, you know, some cool laser data laser cut badge one day acrylic one before laser cutting was like a thing. They had like a liquid filled badge, they had all sorts of really neat stuff. So it just seemed like this natural progression to go into circuit boards. So DEFCON 14 was the first time that we designed electronic badge. I think it was for 6000 people or so. And it was a very simple design a pic 10 F 202 with some blinking lights that did some different stuff when you push the buttons. And everything, of course was open source because we want to share the knowledge with everybody. And then I held a badge hacking contest to say, you know, what, can you guys do? conference attendees, what can you do with this badge over the weekend to modify it, just to get people inspired about hardware in sort of give them something to do if they wanted to? Like at that time? You know, say there was 6000 people at DEF CON. I think that first year like maybe 20 People did a badge hacking contest, but it was it was enough to say You know, people really were interested in hardware. So yeah, that was the first one that DEF CON 1516 1718. What I consider, you know, I kind of tried to beat myself each year and do something a little bit different. Try different technologies work with companies that I hadn't worked before. And all of the information about those, those designs are online, on my website, the history of the problems I ran into, because every year the first talk of the conference would be the story of the badge, like the trials and tribulations of designing it. And it really was this attempt to, because if you think about in, when was it 1999 2007 2006. Like, I think Arduino may not even have been a thing, or maybe it was beginning to be a thing outside of the classroom environment.
Host 1 30:48
Wire wiring, yeah, it
Host 1 30:50
Might have been, like, just make Make Magazine had had just been starting a few years earlier. So the DIY community, the maker community, like, you know, the hacker world had had up until that point been very software focused, very network focused, of course, lock picking, we had that we had social engineering, but not hardware. So this really was an attempt to get people inspired about hardware to learn about electronics, to take something and mess with it. And you know, mess with something that it wasn't going to get them in trouble if they did it at work, right. Like they could take this badge screw around with it, do something. And if they wanted to, and and have it do something else, it was just to inspire that sort of hacker ethic, but then also get people interested in hardware. By the time DEF CON 18 came around that final one was a, an aluminum substrate board with one side had a laser engraving on it. And if you had seven different badges, because there were seven different types of attendees of the conference, human speaker, goon contest, vendor press, whatever, you put them all together, and it was like this nice drawing like this, this landscape drawing that one of the Def Con artists did. And then the backside had a Freescale part and some other stuff in LCD, like a cola steric zero power LCD from Kent Displays. So you know, we were doing a lot of really interesting stuff. But it got to the point where people were expecting every year, they're asking me, like, what's gonna be the next badge, what's gonna be the next thing. And by after doing it for five years, I could see like, there were other other groups starting to do electronic badges and like the momentum had been built. And I just figured that in the hacker world, if people are expecting something, that I was just gonna stop doing it, because my, which sounds like really bad. But my whole thing is, I don't want people in the hacker community to get to get used to the same thing, right? We always want to evolve, we always want to try new things. So I didn't want anybody to get comfortable of saying, Okay, well, Joe's gonna do the badge again, it's gonna be this, it's gonna be this. And I was tired of sort of competing with myself of what can I do to better this? What can I do and like, and I always say, with anything I do, if it's not fun, I'm not going to do it. And it got to the point where it sort of stopped being fun. Because I didn't want to compete with myself. I didn't I have a lot of stress of like, I feel like I always have to, if I'm going to do something, and has to be 100%. I want to always prove to myself that I'm better than I was yesterday, right? It's like this constant thing. And I just, I just got to the point of like, Oh, enough, people are already doing it. Like, let's change it up a little bit. And I'll just stop doing the batch just without any sort of, like, announcement or anything.
Host 1 33:25
Did anyone say anything about that?
Host 1 33:27
I mean, people were people were bummed. But it was like, you know, the hacker hacker is adjust. And Ryan Clark last, who is a friend of mine, had been running the mystery challenge for a long time, which was a very popular contest at DEF CON with puzzles and crypto. And he ended up just taking over and starting the baddest design from there. But really, that history just started as like, you know, Jeff Moss saying, Hey, you should do something like this for DEF CON. And he doesn't he's not a hardware guy. Like he just sort of saw the, the potential wave starting to come Yeah, of like, electronics becoming popular. And now it is. So it's, you know, to the point where I was very careful about the aesthetics of the badge, and I wanted it to look good, I would I would leave off. You know silkscreen markings, I would add a lot of art because I knew that most people at the conference didn't give a shit about wearing an electronic badge. They wanted to do what they were there for DEF CON to do. And DEF CON is all about creating an environment where it is what you make it like some people are gonna like it, some people aren't. So I was very conscious about doing something that wasn't over the top and that wasn't in your face, but then people could still enjoy if they wanted to play with it. And I think I would like to think I did that. And then sort of seeing what's come after it is like, it's sort of like watching your kids grow up or something. It's like, damn, there's a lot of cool stuff out there and a lot of super talented people and the tools have gotten better, right and the techniques and people have been able to share information about like, how do you load a logo into your silkscreen, and there's all the how do you do a custom cut out? So there's all these things that people just didn't know were possible And really it just comes down to like, there was nothing special other than you just talk to the board fab and say, Hey, we're doing something a little bit different, their manufacturing process ends up being exactly the same. Once you you know, once you work through and make sure they understand what they're doing, but it was just really a fun time to, to do something that nobody's done before. And that's the other thing is like, by the time I stopped so many people were doing it, I was like, that's not my thing to continue a process like I would rather do something that no one's done, until I'm bored with it, and then go do something else. So it's just a perfect time to let other people kind of take over. Don't fall off your chair.
Host 1 35:37
No, no, no, no, I was I was gonna say something look like, say something. You guys are sleeping? No, no, no, it's just very interesting. Because that's such nowhere online. It's not a wiki pedia page.
Host 1 35:50
Yeah. So I should say that DEF CON has been trying to put together a page on the various badges. And every year I did write something for the, for the program. Actually, one year for DEF CON 15. I wrote a poem, because I was tired of writing like a technical description. And I'm like, I'm just gonna write a poem about how the badge works. And for that year, for the backpacking contest, a group of kids a group of people took my poem, found somehow through some like, online game team, they were on. Found a rap group in Michigan, a legitimate rap duo to create a rap song based on my poem. And then they modified the badge to be a viewfinder, you know, like the lights going up and down with amplitude. That year was like a matrix of 995 LEDs in a matrix. So they would plug in my audio, which was this rap song they had created into the viewfinder, and it would play the song. So they actually created a song based on my poem, which is on my website. It's hilarious. I'm not like a rap fan. But I play the song all the time. And it's like, the ringtone on my phone. So it's like, you just never know what people are gonna do. And the hacker world with that sort of stuff. But yeah, everything is everything like that information is on my website. It's on def cons website, but the history and that's why when, when, when and and not XOR guy, guys started answering the question. It was like, Wait, there needs to be some sort of history about it. I mean, it doesn't need to be but otherwise it's going to be forgotten. And it's also interesting to look at my designs, versus the later designs, right? Because like, you look at my now and it's like, wow, those are actually like not that special. But at the time, given the resources and the constraints and stuff, like it's just interesting to see the progression. It's like looking at Windows version 1.0. and Windows 10. You know, even though some people would say it still looks like shit,
Host 1 37:41
It's, you know, it's gone backwards, backwards,
Host 1 37:44
But you know, there's a progression over time. So you have to take into consideration like the era in which it was created or whatever. But yeah, so some of that information, hopefully will be preserved. Also, I think Jason Scott of Internet Archive has a badge page or something. But who knows, you know, it's like, I feel like my job was done because people got inspired and did other stuff. And like, that's, that's all I can ask for. Right? It's like, that was just the coolest part of the whole thing.
Host 1 38:11
Yeah, actually, um, I don't know if you listen to the and not XOR one, but like, I'm gonna do a badge for the spooky pinball group at the Texas pinball fest. So we're going to spread
Host 1 38:23
It start breeding over to other festivals.
Host 1 38:25
Yes, it's spilling over. And like the toymaker is adding whisker made a badge for some biotech conference or something like that. It was like a DNA strand. So yeah, it's starting to branch out. And it's really neat. And people always said to me, like, you should start a business doing custom badge designs. It's like, Yeah, but that's not that doesn't excite me, like doing it a few times is fun, but like, doing that over and over again, it doesn't seem fun, right? Like I want to, I have a sort of short attention span, and I want to do things that are interesting. And it's, you know, like I said, it stopped being fun, and I wanted to do other projects. And that was like a really time consuming thing but a huge huge enjoyment and like a huge rush to be involved in that and like stand on stage and explain the process and you know, be involved in closing ceremonies and announcing the winners that had hacked these badges and like crazy ways. It was just so cool to have so many people involved in it. But it was yeah, it was just you know, it was time for something new.
Host 1 39:20
So speaking of something new then what other projects that have you done that you really liked? Like you've done wow. Or just pick one?
Host 1 39:32
So I guess I so you know, I guess I should say like, part of what I do in my in my job is in the job is just me doing what I want to do is design electronics. So I would say like part time I design electronics and I'll design various mod mostly modules for hobbyists. So I've done a lot of work with parallax with their RFID reader and writer series in the EMIC text to speech module and I've done some other stuff with them that has now been discontinued and I've Got a bunch of consulting work of working on consumer electronics and medical devices and all sorts of things. So I've worked on a lot of projects. So there's sort of some of them kind of stand out. And on the other side of that, that I do my training and teaching more security related, which I never actually thought would become a thing, because, you know, like I said, I am an engineer, like, I like designing stuff. I grew up engineering and building and breaking stuff. But it just happened that the security has just sort of taken over. But yeah, designing things I don't know. I mean, currently, so I guess one of the last things I've done and I know you guys mentioned it on the show, is the the tooth toons toothbrush hack, which was, which was not a product, a product by any means. And it was sort of this thing where for the past few years, I've been thinking of doing it, and it just came time to do it. It was like in between some traveling and I thought it would be fun. And now my kids are old enough to brush their teeth. I was like, this is perfect. Like, I'm gonna do this thing. And it was this too, you detailed it, but it was like this, this toothbrush that is sold by Armand Hammer, and they might not sell it anymore, but you can still get them on eBay, where they play music of hopefully not used songs, not used No, but I you know, with eBay, you never know. They, so these things play like really bad pop songs, and they vibrate some transducer in the in the head in the bristles. So as you're brushing your teeth through bone conduction, you actually feel like you're hearing the song in your head. So it's a really neat concept. And I know bone conduction has been around for a long time and swimmers have been using it, you know, to have to be able to listen to music underwater. And I'm sure there's lots of other applications. But this was like, as far as I know, the first consumer application. And so these toothbrushes were out there. And I was like, well, the songs are really bad. What if I could modify the circuitry and make my own, you know, make it play whatever I wanted. So I basically took took a took the circuitry out created a device with the it was an 80 Tiny, with a little wave, live wave player library and a micro SD card and built a little circuit that would stick right in place. And I could load your own songs in it and play it and just made it fun. But that's an example of like, a lot of times I'll do stuff that isn't necessarily to make money, it's to do something because it's interesting, and I can learn something and other people could learn from it. And I can open source it. And people could take that and build on it right now. And that's sort of like, my, that's what I've realized over time, too, is like not everything that you work on has to make money because money is not the ultimate goal. It's it's increasing this, this excitement about hardware in the community, especially in the hacker world, but just in general, like, you know, now my kids see that and they go, Oh my God, you can make your own circuitry to play things like then their mind starts going and other kids mind start going realizing that they don't have to buy something off the shelf, they can make something on their own, or they can modify something and like that's the that's the key is doing that. So it's like a lot of the stuff I work on is really silly and not practical. But it's it's interesting and it's educational. And you know, somebody somewhere will hopefully build upon it.
Host 1 43:01
So the on the two to two tunes. Did you do any testing on like, if like a heavy metal song verse like a classic song would clean your teeth better?
Host 1 43:12
Well, no, cuz I don't actually brush my teeth. I'm joking. I do like every once in a while. He's got
Host 1 43:20
Like, one two thing.
Host 1 43:22
And he plays music on that one tooth?
Host 1 43:26
That's right. No, so I haven't I haven't tested it. The song I ended up putting in was at least for my my version of the toothbrush is a song by by a parody hardcore punk band called Crucial youth. And they were sort of this band making fun of the straight edge youth crew culture of the 80s which is the straight edge culture was it is kind of an anti drug anti drinking kind of philosophy and mindset of kind of going against the mainstream pressures, which I was heavily involved in and still am as sort of, you know, I was a teenager and still now, but the band was hilarious. And they had a song called positive dental outlook. Instead of the traditional, like, you hear a lot about positive mental attitude or positive mental outlook as like a real a real concept of like thinking positively. So this was like a hilarious song. And of course, with a toothbrush, it was perfect. So that was like a pretty heavy song. And I haven't actually brushed my teeth with it, but like it definitely vibrates the bristles. And you can you can hear it pretty well.
Host 1 44:30
That's awesome. That's yeah, that's pretty hilarious. Can we find that song on YouTube? I guess?
Host 1 44:35
Yeah. So actually, if you go, if you probably if you just search for tooth tunes hack on Google, it'll probably come up with a link to one of the videos and I've made a video about the project. And then I link to the song also. And the song has the lyrics in it. Great. So you can read along but yeah, you know, it's just a kind of fun, ridiculous thing. But I learned some really neat things about because I built my stuff, the wav player and I had built that on an existing project. So I'm using an open source project to build on that to do something else. So I learned a lot about an area that I wouldn't normally deal with, which is Atmel processors. And just dealing, you know, dealing with this cool, vibrating transducer and stuff like it was, it was really kind of neat. But there's lots of other projects I've worked on. And they all tend to be things, especially recently, since since training is my real avenue of financial stuff, that I have more time to do kind of these other things. But I try to try to work on things now that are going to be open source, for sure. At least partially, you know, if not the entire thing schematic, you know, board layout bill of materials and stuff like the DEF CON badges were, I don't know, you know, there might be people saying they're not fully open source because I didn't release the Gerber's. And that was because the Dark Tangent Jeff Moss didn't want people to just go and create their own black badge, which is like a lifetime entry to the conference, and then use those to get in. But I do try to just share as much as I can, because it really comes down again to that education, and inspiring the future people, you know, generations of, of hackers and people doing stuff, like as cheesy as that sounds like it's true. Like, I'm 41 years old, like I'm not a young kid in the in the community anymore. And like, to be able to have something to share is like, that's what's important is like, getting getting other people inspired, because, you know, the next generation are gonna take what we've done and build on it, hopefully, for better things, and not make a lot of like dumb social media things and stuff like face plumbing is just horrible. And we are getting
Host 1 46:32
We are getting the internet of things now. Yeah, that's true.
Host 1 46:35
Oh, yeah. That that is like a whole other, like, Oh, my God, don't even get me started. But you know, especially from, I'll get started, especially, you know, like Internet of Things is basically just a silly word of like, we're connecting more stuff to the internet. And the things are just computers, they're just low resource, you know, resource constrained computers on the network, we can't even secure highly functioning very powerful machines and servers on the Internet, how the hell are we gonna, you know, secure devices that are that basically have no capability other than, you know, TCP IP stack, and some other very basic things. The approach of dealing with IoT security, and all of the threats we're seeing is just the wrong way to do it. Because you can't rely on the endpoints to be secure.
Host 1 47:24
I think I think Parker and I have been preaching for a while about why these exact same things about, yeah, the fact that it's not going to be secure, or it isn't currently.
Host 1 47:35
No, it won't be. And I think we're gonna end up seeing a lot of a lot of continued widespread attacks and continued devices getting owned, you know, the onus has been placed on the consumer to like, change the default password of a camera, like, do you know, anybody that actually changes the default password, except maybe us that are like technical, like, I know, for a fact, my neighbor that just put in his his internet connected front door camera, did not change his password, right? It's just people don't do that. And these are problems we've been seeing for decades with computer systems. And now it's just more devices being added to the network. So you know, maybe there's going to be network monitoring, or maybe there's going to be firewalls or proxies or other things, but it's just like, the mindset is just the wrong approach. And it's interesting to see from a hardware perspective, it's like, well, great, like, it's more job security for me, because I get to go to more people. But then on the other side, it's like, so frustrating, because nothing is changing in like, decades, you know. So it's, it's, it's interesting. And, of course, you know, the money that companies with the biggest budgets are going to are going to have the biggest influence. And even if it's the wrong solution, they're going to be there. And it's a really, really hard problem to deal with. And designing secure hardware also is very, very hard. So yeah, it's gonna be interesting to see what happens with that. But it's just a very, very open area. Oh, and I should mention, most engineers, like, you know, design engineers don't have a security background. Most security professionals don't have an engineering background. So there's this disconnect, of, you know, we have Maker Faire, we have embedded systems conference, we have engineering shows. And then we have hacker shows, there's very little overlap, there has been some attempts at like the embedded systems conference or design West. Now, I don't remember what they call it now. But that that conference, had a track about computer security, and we're starting to see some overlap, but it's still very preliminary. And that's the hard thing is if designers aren't thinking like attackers, then they're not going to properly protect themselves in a way that that will be practical and useful. So it's scary it's scary all around. Yeah, yeah, absolutely.
Host 1 49:45
So Jones makes
Host 1 49:46
Me want to like jump out of security altogether and jump out of technology and just like go be a nomad be a nomad and just like go go running on trails and never come home. What's
Host 1 49:56
What's like Gone YouTube that like he made toys and He like, like, move to like some island in the Caribbean or something. Oh, yeah,
Host 1 50:05
So J So Jamie Mansell. Yeah, be like him is hilarious. Oh my god, I love Jamie for more reasons than what he's doing now. We actually ran on the same track team in Boston, before he went on this journey. So back in like 2002, my wife, my now wife and I, we were dating at the time. We met on the track team. And then Jamie was on the track team as well. And he's this phenomenal runner. He ran it, I believe it was Brown University, and he was a stellar runner back in high school in Canada. And he just happened to be living in Boston. So we had known him. And he'd always been this quirky guy building robots. And he would run to practice with like, a 50 pound weight vest on he would run like six miles from his house, and then do this crazy running workout and then run six miles home with this drive vest. So he had always had this passion of building. And, you know, it was some it was something where like, it's slightly more normal now. But he was just living, what he wanted to live. And it was like, so inspiring and amazing. So we actually had gone to visit him when he had moved out to Vermont, to build his first geo destek dome. He was living there. And he has some videos of his time in Vermont online. But it was like, he basically had gotten sick of the mainstream world, right. And it was like, I want to do what I want to do. I've saved up the money, I'm going to go do this. So he lived off in the middle of in the middle of nowhere. It was like this landlocked area that he had to hike through some other property to get to. And he hauled everything there manually. He built his dome, he had his little hot tub he built he had little battery charger circuit with his exercise bike. And it was like, I was so envious of that. And I still am so that he ended up you know, make a lot of videos. And he moved I think it was somewhere in South America, Panama or something. He bought an island like now he lives on an island and he's building everything. And in Cuba, and I, my wife and I were looking at that. And some of those videos were like, man, that we know, Jamie, like, that's cool. He can do that. Like, how could we not do that? And it's definitely this mindset. Like he just has it right. And he can do it. And I know he talks about in his videos of like, you know, if you're questioning why, why are you sitting in an office and I'm out here like, you can do this too. And it's totally true. But I just love his energy and I love what he's doing. I personally know that I could not survive one day on a remote island, or I would die. Like there's no question about it. Like I I grew up in the city, I you know, like I go trail running a lot. I'm or I'm a competitive runner. And I've been running my whole life, but I started running on trails I'm terrified of, of cougars, and snakes and bears. So it's like, you know, can you imagine living on some tropical island and it's like, oh my god, there's a spider like I would just I don't know what I would do. But yeah, so that's, you know, his, his thing is he is super talented, technological genius, mechanical genius that had just had enough and went nomad. And I think about that every day. I'm like, man, maybe we should just go move and live with Jamie. So you never know maybe one of these days we'll do a podcast from from the island in the South America somewhere.
Host 1 53:09
That'd be awesome. Yeah.
Host 1 53:12
So with that Joe working our listeners find out more about you.
Host 1 53:16
So probably the best way is on Twitter at Jo Grande. Jo, E. G, Ra nd I like to say like $1,000 not like a big burrito. You guys might get that right. Oh, yeah. Like Rondi Yeah, so. So Joe Grant, that's really my only kind of public social media like being secured being a security person that hacker like, I like having the personal, the personal side, but it's all like the public side. But I don't post that much stuff. It's mostly like ongoing projects, or maybe once in a while I'll do things to share. But I don't post like I'm eating dinner now. Or I'm doing this or I'm doing that like it's it's less of a day to day and it's more of just like once in a while, but at yo grand My website is grand idea. studio.com It's not the easiest website to navigate. It was designed, we designed it like 10 years ago. So it's not like the coolest, you know, what all the what all the cool kids are doing now. I will fix that at some point. But go to if you go to portfolio, you can browse through all of the different stuff that I've that I've worked on and look for details of various projects. And, you know, if you take anything and build on it and do something cool, like let me know, because that's, again, like that's the most inspiring thing to see that people are kind of progressing and and taking that next step to doing other things.
Host 1 54:30
Well, great. That's that's, that's fantastic. And would that would you like to sign us out
Host 1 54:36
Joe? Let's see. All right, so that the macro fab engineering podcast podcast, I was your guest and I actually still am Joe Grande.
Host 1 54:48
And we were your host, Steven Craig
Host 1 54:50
And Parker. Parker Doleman. Next week, we'll have our monthly meetup here in Houston. Check the podcast notes for more information.
Host 1 55:00
Take it easy guys the code word is kingpin
Host 1 55:12
On a 70 $800,000 in the name of Laurie if you want to learn more just seeing the funny story matrix all the LEDs five columns 19 rows to coin cells will make a mask colors that you want to show a peek on a ship icon in a text message that's the top icon again to try number symbol elementary just like badges I'll make your head spin back from represent Joe brand he
Host 1 56:05
Pitches from represent icons and begin your normal quest to cycle through the list to see the character Q 16 letters is the max that we do when it's all done seek out the subtle block change it like a trunk prescription select velocity between one to five which goes to Eliza it drives down to your last bed stay in specialties to treat that will show up in your face with a secret message pops up like a fucking
Host 1 56:48
Joke he just like badges I'll make your head spin back from represent brand he just like badges on your head from represent
Transcribed by https://otter.ai