Defcon 17: Badge hacking

joegrand

Following up on their post about the new Defcon 17 badges, Wired recently posted some of the best badge hacks of the con. Among the hacks featured were an LED frequency meter hack, a sound seeking dirigible powered by three badges, and a wireless geiger counter random number generator that sent random numbers back to a laptop equipped with a zigbee card. Probably one of the most impressive hacks mentioned, the hack that won the badge hacking contest, was the LED equipped baseball cap modeled above by [Joe Grand], Defcon’s defacto badge designer.

The hacked badge is connected to the cap by an ethernet cable, where the LEDs pulse on and off in order to defeat facial recognition systems. The cap’s designer told Wired that he initially designed the cap in order to sneak into [Grand]‘s room to steal the über badges under his protection. Needless to say, the winner doesn’t have to worry about stealing the badges anymore as he was awarded his own über badge at the award ceremony. While we’re not completely sure who pulled off this awesome hack, we congratulate you and all of the participants of the badge hacking contest on your fantastic hacks.

Update: We’ve confirmed that the badge contest winner was in fact [Zoz Brooks], [Grand]‘s co-star on the popular Discovery channel  show Prototype This. From all indications, his hack seems to be legitimate and not a clever idea, however we are still looking to confirm this. Also, even though Wired’s article stated that the dirigible was sound seeking, we have confirmed that it is sound avoiding. Thank’s to everyone in the comments for pointing these things out.

Comments

  1. Erant says:

    The winner was actually Zoz Brooks. I’m also pretty sure the facial recognition thing is a joke. It’s a couple of visible LEDs pulsing at ~15Hz, as far as I remember.

  2. kajer says:

    I added a Breathalyzer to my badge, would have thought I would have been in the top three… I thought I had something from the response I got from the masses at Defcon

  3. anonymous says:

    Joe’s face was completely visable on the video screens, the badge ‘hack’ was a long creative story, based on the movie Sneakers… Joe got social engineered…

  4. YenTheFirst says:

    Like erant said, the winner was Zoz. For those who don’t know, Zoz, Joe, and others did a fairly interesting show on the discovery channel called “Prototype This

    Also, the blimp was sound-avoiding, not seeking.

  5. Zoz says:

    Come on guys, don’t be haters! I was just trying to do some fun, anti-surveillance-related badge hacks.

    The reason Joe’s face looked normal to you on the video screen is that you’re a way more powerful face recognizer than any computer – and you don’t do it by grabbing and comparing frames. Face recognition works OK in the lab but it’s extremely sensitive to lighting variation – so much so that to use it at ATMs and so on there have been proposals for various kinds of synched strobing illuminators (like low-intensity camera flashes) – see:

    http://www.machinevisiononline.org/public/articles/articlesdetails.cfm?id=2180

    If you could synch to the camera shutter as well, you could easily defeat this by strobing yourself and blowing out the image. Some people have suggested constant IR illumination on the face to blow out camera images that are somewhat sensitive in the IR (like many digital cameras, even with IR filters – remember the see-through-clothes function on that Sony camcorder?). But you don’t have access to the surveillance camera synch, and you can’t count on the IR sensitivity of any individual camera. The demo I saw at a conference a few years ago, however, showed that by strobing at close to but not exactly the acquisition rate from multiple light sources you can throw enough noise over the image that the resulting spurious shadows, specularities etc push the recognition rates down significantly, even (and sometimes especially) when the algorithms are using multiple video frames to perform photometric optimizations.

    I built this at con from scavenged parts so it’s a proof of concept rather than something I’d use to go really robbing ATMs with or anything! I just wanted to make something that raised awareness of the shortcomings of some methods of passive biometric surveillance.

    Also Wired, bless ‘em, completely neglected to mention the other part of my submission, a fun mechatronic gizmo based on the DC16 badge that was indeed inspired partly by a scene in the movie Sneakers. But it’s also to make people think about this kind of sensing, how it might be defeated and what kinds of tools you could carry to improve the user interface of your chosen method. See this recent real-life heist where pyroelectric IR sensors were defeated with (1) polyester shield; and (2) hair spray and moving a certain way:

    http://www.wired.com/politics/law/magazine/17-04/ff_diamonds?currentPage=5

    Anyway, if you think my hacks sucked, I hope it’ll inspire you to blow everyone away with your own hack next year – we know the processor already, so get started early!

  6. bWare says:

    I would have thought a fairly basic requirement of the competition should be to fully utilise the badges’ built in capabilities. Perhaps you even need a separate class for restricted add-ons; the frequency meter deserved more credit for using what was provided.

  7. Agent420 says:

    yeah, the fft seemed the most complex. the hat thing fails for just being a big blinker… not to mention the blue nerd umbilical cord.

  8. redbeard says:

    i’ve got to say, as i was sitting there watching kingpin modeling this i thought: “really? this is the pinnacle of badge hacking?”

    then again, my badge hacking was pretty much “oh shit. i stood up, caught the badge on a table, and ripped off half the components. time to go up to the hhv and put them all back on.”

  9. cynic says:

    “contest winner was in fact [Zoz Brooks], [Grand]’s co-star ” Wow, that sounds like a fair and unbiased result if ever there was one.

  10. JD says:

    Ah, Zoz and Joe, still living up to their standard of rapid prototyping. Man, I am going to miss that show dearly.

  11. kingpin says:

    The judging was done by three people: Me, The Dark Tangent, and Zac Franken (DT’s #2 guy at DEFCON). I knew people would be bitching and complaining about “fairness” since Zoz wanted to enter the contest, even though those who know me know I play no favors. The decision wasn’t only based on technical complexity (which Zoz’s hack didn’t have much of), but also usefulness for the hacker community and just “cool” factor. There are no rules to what portions of the badge need to be used for the hack, but obviously the more of the features I provide are used, the more heavily weighted the entry will be. I’m not going to defend our decision for every single entry (there were 23) As I say every year, if you think you have better hacks for the badge, then come to DEFCON and impress us or just modify your badge and share the results online with the rest of us. -joe

  12. Brett says:

    I agree that the product should at least be along the lines of the original badge design. Just breaking out the microprocessor with leads to a bunch of gear you brought or made really isn’t hacking the badge – the same thing could have been done with any micro. It isn’t microprocessor hacking, it’s badge hacking, right? I could build a totally awesome robot/device at home then come to defcon, break out the leads, program the badge microprocessor and hook it up to my device. That isn’t badge hacking, is it?

    You should require participants make use of the parts on the badge (i.e. microphone and led) as an active part of their design. Despite all that, all of these were cool hacks and I’m not going to judge because I probably couldn’t have come up with most of those ideas.

  13. Agent420 says:

    @kingpin
    “but also usefulness for the hacker community and just “cool” factor”

    i understand you’re decision not to defend the judging – that’s certainly a can of worms – but i’m still surprised that things like the dirigible were deemed less cool than a blinky hat. i expected more ‘cool sensibility’ from defcon level nerds.

  14. markyb86 says:

    I wish I could ever goto one of these events. :-/

  15. JoeBaloney says:

    I didn’t make it this year but was pretty surprised when I saw the winner after reading about the other entries.

    That said, what the hell do I know, I wasn’t there.

    Kudos to just about everyone involved for posting their thoughts on various sites without being dicks.

  16. simap says:

    Hat’s off to zoz for the facial recognition fooler, plus it looks cool.

    Also the guy that had a blue box going was pretty cool. He even had to replace the chip when someone zapped it with a flash emp!

    The FFT thing wasn’t than complex, it was just an extension of already existing stuff on the badge. The original badge firmware already does FFT in order to drive the RGB LED.

    I’ve put up a simple page with notes, pictures, and the firmware source that I used to create it.

    http://www.thenetbrain.com/dc17_fft/

    Can’t wait till next year!

  17. Dr. Volts says:

    simap,

    I really dug your FFT badge! I was kind of hoping you would bring it to the Ninja Party or one of the other parties so we could watch it in action with the music.

    -Dr V

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 93,871 other followers