[Josh] attended his first SAINTCON this weekend before last and had a great time participating in the badge hacking challenge.
The 2014 SAINTCON is only the second time that the conference has been open to the public. They give out conference badges which are just an unpopulated circuit board. This makes a lot of sense if you figure the number of people who actually hack their badges at conferences is fairly low. So he headed off to the hardware hacking village to solder on the components by hand — it’s an Arduino clone.
This is merely the start of the puzzle. We really like that the published badge resources include a crash course on how to read a schematic. The faq also attests that the staff won’t solder it for you and to get your microcontroller you have to trade in your security screw (nice touch). Once up and running you need to pull up the terminal on the chip and solve the puzzles in the firmware’s menu system. This continues with added hardware for each round: an IR receiver, thermistor, EEPROM, great stuff if you’re new to microcontrollers.
[Josh] mentions that this is nothing compared to the DEFCON badge. Badge hacking at DEFCON is **HARD**; and that’s good. It’s in the top-tier of security conferences and people who start the badge-solving journey expect the challenge. But if you’re not ready for that level of puzzle, DEFCON does have other activities like Darknet. That is somewhere in the same ballpark as the SAINTCON badge – much more friendly to those just beginning to developing their crypto and hardware hacking prowess. After all, everyone’s a beginner at some point. If that’s you quit making excuses and dig into something fun like this!