SAINTCON Badge (Badge Hacking for Mortals)

[Josh] attended his first SAINTCON this weekend before last and had a great time participating in the badge hacking challenge.

The 2014 SAINTCON is only the second time that the conference has been open to the public. They give out conference badges which are just an unpopulated circuit board. This makes a lot of sense if you figure the number of people who actually hack their badges at conferences is fairly low. So he headed off to the hardware hacking village to solder on the components by hand — it’s an Arduino clone.

This is merely the start of the puzzle. We really like that the published badge resources include a crash course on how to read a schematic. The faq also attests that the staff won’t solder it for you and to get your microcontroller you have to trade in your security screw (nice touch). Once up and running you need to pull up the terminal on the chip and solve the puzzles in the firmware’s menu system. This continues with added hardware for each round: an IR receiver, thermistor, EEPROM, great stuff if you’re new to microcontrollers.

[Josh] mentions that this is nothing compared to the DEFCON badge. Badge hacking at DEFCON is **HARD**; and that’s good. It’s in the top-tier of security conferences and people who start the badge-solving journey expect the challenge. But if you’re not ready for that level of puzzle, DEFCON does have other activities like Darknet. That is somewhere in the same ballpark as the SAINTCON badge – much more friendly to those just beginning to developing their crypto and hardware hacking prowess. After all, everyone’s a beginner at some point. If that’s you quit making excuses and dig into something fun like this!

The Queercon 11 Badge

DEFCON is known for its unique badge designs, which have featured displays, radios, and tons of LEDs in the past. This year, there was another digital badge at DEFCON. The Queercon 11 badge featured an MSP430, a LED display, an IR interface, and an ISM band radio.

Queercon started off as a DEFCON party for LGBT hackers. Over the past eleven years they’ve run events at DEFCON including parties, mixers, and networking events. Over time the group has grown, become a non-profit, and provided a social network for LGBT people in tech. We must admit that they throw quite a good pool party.

This badge gave you points for meeting other people. When held near another QC11 badge, the IR link sends the identifier for each person. Both badges light up and display the other person’s name, and store the event. This process became known by a variety of colloquialisms, and “badginal intercourse” was a common occurrence at events.

The reader for Queercon 11 badges
The QC11 Badge Reader

The RF radio, implemented using a HopeRF RF69 module, shows how many people with QC11 badges are near you. A base station at events sends out data to give badges points for attendance. As points are accumulated, the rainbow LEDs on either side of the display light up.

At Queercon parties, a reader connected to a dumb terminal read data off the badges. It then shows who the badge has paired with, and what events its been to.

The hardware design and source code have all been released on the Queercon website. The full functionality is discussed in the README.

TiLDA MKe: the EMF 2014 Badge

The TiLDA badge from EMF 2014


Hardware conference badges keep getting more complex, adding features that are sometimes useful, and sometimes just cool. The Electromagnetic Field (EMF) 2014 badge, TiLDA MKe, is no exception.

This badge displays the conference schedule, which can be updated over an RF link with base stations. It even notifies you when an event you’re interested in is about to start. Since we’ve missed many a talk by losing track of the time, this seems like a very useful feature.

Beyond the schedule, the device has a dedicated torch button to turn it into a flashlight. A rather helpful feature seeing as EMF takes place outdoors, in a field of the non-electromagnetic sort. They’re also working on porting some classic games to the system.

The badge is compatible with the Arduino Due, and is powered by an ARM Cortex M3. It’s rechargeable over USB, which is a nice change from AA powered badges. It also touts a radio transceiver, joystick, accelerometer, gyroscope, speaker, infrared, and is compatible with Arduino shields.

For more technical details, you can check out the EMF wiki. EMF 2014 takes place from August 29th to the 31st in Bletchley, UK, and you can still purchase tickets to score one of these badges.

DEFCON 22: The Badge Designers

If you go to DEFCON next year (and you should), prepare for extreme sleep deprivation. If you’re not sleep deprived you’re doing it wrong. This was the state in which we ran into [LosT] and [J0nnyM@c], the brains behind the DEFCON 22 badge and all of the twisted tricks that torture people trying to solve the badge throughout the weekend. They were popular guys but wait around until late into the night and the throngs of hint-seekers subside just a bit.

Plans, within plans, within plans are included in the “crypto” which [LosT] talks about in the interview above. We were wondering how hard it is to produce a badge that is not only electrically perfect, but follows the planned challenge to a ‘T’. This includes things like holding off soldering mask from some pads, and different ones on a different version of the badge. Turns out that you just do as well as you can and then alter the puzzle to match the hardware.

Speaking of hardware. A late snafu in the production threw the two into a frenzy of redesign. Unable to use the planned chip architecture, [J0nnyM@c] stepped up to transition the badges over to Propeller P8X32a chips, leveraging a relationship with Parallax to ensure they hardware could be manufactured in time for the conference.

If you haven’t put it together yet, this is that same chip that Parallax just made Open Source. The announcement was timed to coincide with DEFCON.

DEFCON 22: Badge Talk


I got a great seat on the main floor for the first big DEFCON 22 talk which is a welcome to the con and discussion of the badge hardware. [LosT], the creator of this year’s badge, started the discussion with a teaser about the badge… there’s a phone number hidden as part of the challenge. [LosT] took a call from someone chasing the puzzles. The guy was in the audience which was pretty fun.

The process of building a puzzle that can be solved at DEFCON is really tough. How do you make it just hard enough that it won’t get pwned right away but easy enough that a large number of attendees will be able to figure it out during the weekend? The answer is to build a secure system and introduce strategic flaws which will be the attack vectors for the attendees solving the badge challenge.


Of course the badge can be used as a development platform. The populated electronics on the board all have these nice little footprints which can be cut to disconnect them from the chip. The breakout headers on either side of the board allow you to connect headers for your own uses. Great idea!


The back of the lanyards have special characters on them too. This encourages community at the conference. To solve the puzzle you need to find others with different lanyards. Compare the glyphs and crack the code (so far I have no clue!!).

Know what I’m doing wrong? Have suggestions on where to go from here? I’ll be checking the comments!

Hands-On DEFCON 22 Badge

It took a measly 2-hours in line to score myself entry to DEFCON and this nifty badge. I spent the rest of the afternoon running into people, and I took in the RFIDler talk. But now I’m back in my room with a USB cord to see what might be done with this badge.

First the hardware; I need a magnifying glass but I’ll tell you what I can. Tere are huge images available after the break.

  • Parallax P8X32A-Q44
  • Crystal marked A050D4C
  • Looks like an EEPROM to the upper right of the processor? (412W8 K411)
  • Something interesting to the left. It’s a 4-pin package with a shiny black top that has a slightly smaller iridesent square to it. Light sensor?
  • Tiny dfn8 package next to that has numbers (3336 412)
  • Bottom left there is an FTDI chip (can’t read numbers)
  • The DEFCON letters are capacitive touch. They affect the four LEDs above the central letters.

I fired up minicom and played around with the settings. When I hit on 57600 8N1 I get “COME AND PLAY A GAME WITH ME”.

Not sure where I’m going from here. I don’t have a programmer with me so not sure how I can make a firmware dump. If you have suggestions please let me know in the comments!

Continue reading “Hands-On DEFCON 22 Badge”

Building a Mesh Networked Conference Badge

[Andrew] just finished his write-up describing electronic conference badges that he built for a free South African security conference (part1, part2). The end platform shown above is based on an ATMega328, a Nokia 5110 LCD, a 433MHz AM/OOK TX/RX module, a few LEDs and buttons.

The badges form a mesh network to send messages. This allows conversations between different attendees to be tracked. Final cost was the main constraint during this adventure, which is why these particular components were chosen and bought from eBay & Alibaba.

The first PCB prototypes were CNC milled. Once the PCB milling was complete there was a whole lot of soldering to be done. Luckily enough [Andrew]‘s friends joined in to solder the 77 final boards. He also did a great job at documenting the protocol he setup, which was verified using the open source tool Maltego. Click past the break to see two videos of the system in action.

Continue reading “Building a Mesh Networked Conference Badge”