Defcon 17: Badge Hacking

joegrand

Following up on their post about the new Defcon 17 badges, Wired recently posted some of the best badge hacks of the con. Among the hacks featured were an LED frequency meter hack, a sound seeking dirigible powered by three badges, and a wireless geiger counter random number generator that sent random numbers back to a laptop equipped with a zigbee card. Probably one of the most impressive hacks mentioned, the hack that won the badge hacking contest, was the LED equipped baseball cap modeled above by [Joe Grand], Defcon’s defacto badge designer.

The hacked badge is connected to the cap by an ethernet cable, where the LEDs pulse on and off in order to defeat facial recognition systems. The cap’s designer told Wired that he initially designed the cap in order to sneak into [Grand]’s room to steal the über badges under his protection. Needless to say, the winner doesn’t have to worry about stealing the badges anymore as he was awarded his own über badge at the award ceremony. While we’re not completely sure who pulled off this awesome hack, we congratulate you and all of the participants of the badge hacking contest on your fantastic hacks.

Update: We’ve confirmed that the badge contest winner was in fact [Zoz Brooks], [Grand]’s co-star on the popular Discovery channel  show Prototype This. From all indications, his hack seems to be legitimate and not a clever idea, however we are still looking to confirm this. Also, even though Wired’s article stated that the dirigible was sound seeking, we have confirmed that it is sound avoiding. Thank’s to everyone in the comments for pointing these things out.

17 thoughts on “Defcon 17: Badge Hacking

  1. The winner was actually Zoz Brooks. I’m also pretty sure the facial recognition thing is a joke. It’s a couple of visible LEDs pulsing at ~15Hz, as far as I remember.

  2. Joe’s face was completely visable on the video screens, the badge ‘hack’ was a long creative story, based on the movie Sneakers… Joe got social engineered…

  3. Come on guys, don’t be haters! I was just trying to do some fun, anti-surveillance-related badge hacks.

    The reason Joe’s face looked normal to you on the video screen is that you’re a way more powerful face recognizer than any computer – and you don’t do it by grabbing and comparing frames. Face recognition works OK in the lab but it’s extremely sensitive to lighting variation – so much so that to use it at ATMs and so on there have been proposals for various kinds of synched strobing illuminators (like low-intensity camera flashes) – see:

    http://www.machinevisiononline.org/public/articles/articlesdetails.cfm?id=2180

    If you could synch to the camera shutter as well, you could easily defeat this by strobing yourself and blowing out the image. Some people have suggested constant IR illumination on the face to blow out camera images that are somewhat sensitive in the IR (like many digital cameras, even with IR filters – remember the see-through-clothes function on that Sony camcorder?). But you don’t have access to the surveillance camera synch, and you can’t count on the IR sensitivity of any individual camera. The demo I saw at a conference a few years ago, however, showed that by strobing at close to but not exactly the acquisition rate from multiple light sources you can throw enough noise over the image that the resulting spurious shadows, specularities etc push the recognition rates down significantly, even (and sometimes especially) when the algorithms are using multiple video frames to perform photometric optimizations.

    I built this at con from scavenged parts so it’s a proof of concept rather than something I’d use to go really robbing ATMs with or anything! I just wanted to make something that raised awareness of the shortcomings of some methods of passive biometric surveillance.

    Also Wired, bless ‘em, completely neglected to mention the other part of my submission, a fun mechatronic gizmo based on the DC16 badge that was indeed inspired partly by a scene in the movie Sneakers. But it’s also to make people think about this kind of sensing, how it might be defeated and what kinds of tools you could carry to improve the user interface of your chosen method. See this recent real-life heist where pyroelectric IR sensors were defeated with (1) polyester shield; and (2) hair spray and moving a certain way:

    http://www.wired.com/politics/law/magazine/17-04/ff_diamonds?currentPage=5

    Anyway, if you think my hacks sucked, I hope it’ll inspire you to blow everyone away with your own hack next year – we know the processor already, so get started early!

  4. I would have thought a fairly basic requirement of the competition should be to fully utilise the badges’ built in capabilities. Perhaps you even need a separate class for restricted add-ons; the frequency meter deserved more credit for using what was provided.

  5. i’ve got to say, as i was sitting there watching kingpin modeling this i thought: “really? this is the pinnacle of badge hacking?”

    then again, my badge hacking was pretty much “oh shit. i stood up, caught the badge on a table, and ripped off half the components. time to go up to the hhv and put them all back on.”

  6. The judging was done by three people: Me, The Dark Tangent, and Zac Franken (DT’s #2 guy at DEFCON). I knew people would be bitching and complaining about “fairness” since Zoz wanted to enter the contest, even though those who know me know I play no favors. The decision wasn’t only based on technical complexity (which Zoz’s hack didn’t have much of), but also usefulness for the hacker community and just “cool” factor. There are no rules to what portions of the badge need to be used for the hack, but obviously the more of the features I provide are used, the more heavily weighted the entry will be. I’m not going to defend our decision for every single entry (there were 23) As I say every year, if you think you have better hacks for the badge, then come to DEFCON and impress us or just modify your badge and share the results online with the rest of us. -joe

  7. I agree that the product should at least be along the lines of the original badge design. Just breaking out the microprocessor with leads to a bunch of gear you brought or made really isn’t hacking the badge – the same thing could have been done with any micro. It isn’t microprocessor hacking, it’s badge hacking, right? I could build a totally awesome robot/device at home then come to defcon, break out the leads, program the badge microprocessor and hook it up to my device. That isn’t badge hacking, is it?

    You should require participants make use of the parts on the badge (i.e. microphone and led) as an active part of their design. Despite all that, all of these were cool hacks and I’m not going to judge because I probably couldn’t have come up with most of those ideas.

  8. @kingpin
    “but also usefulness for the hacker community and just “cool” factor”

    i understand you’re decision not to defend the judging – that’s certainly a can of worms – but i’m still surprised that things like the dirigible were deemed less cool than a blinky hat. i expected more ‘cool sensibility’ from defcon level nerds.

  9. I didn’t make it this year but was pretty surprised when I saw the winner after reading about the other entries.

    That said, what the hell do I know, I wasn’t there.

    Kudos to just about everyone involved for posting their thoughts on various sites without being dicks.

  10. Hat’s off to zoz for the facial recognition fooler, plus it looks cool.

    Also the guy that had a blue box going was pretty cool. He even had to replace the chip when someone zapped it with a flash emp!

    The FFT thing wasn’t than complex, it was just an extension of already existing stuff on the badge. The original badge firmware already does FFT in order to drive the RGB LED.

    I’ve put up a simple page with notes, pictures, and the firmware source that I used to create it.

    http://www.thenetbrain.com/dc17_fft/

    Can’t wait till next year!

Leave a Reply to Dr. VoltsCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.