Hands-on The AND!XOR Unofficial DEF CON Badge

DEF CON 24 is still about two weeks away but we managed to get our hands on a hardware badge early. This is not the official hardware — there’s no way they’d let us leak that early. Although it may be unofficial in the sense that it won’t get you into the con, I’m declaring the AND!XOR badge to be officially awesome. I’ll walk you through it. There’s also a video below.

Over the past several years, building your own electronic badge has become an impromptu event. People who met at DEF CON and have been returning year after year spend the time in between coming up with great ideas and building as many badges as they can leading up to the event. This is how I met the trio who built this badge — AND!XORAndrew Riley, and Jorge Lacoste — last year they invited me up to their room where they were assembling the last of the Crypto Badges. Go check out my guide to 2015 Unofficial DEF CON badges for more on that story (and a video of the AM transmissions that badge was capable of).

The outline is this year’s badge is of course Bender from Futurama. Both eyes are RGB LEDs, with another half dozen located at different points around his head. The microcontroller, an STM32F103 ARM Cortex-M0 Cortex-M3, sits in a diamond pattern between his eyes. Above the eyes you’ll find 16 Mbit of flash, a 128×64 OLED screen, and a reset button. The user inputs are five switches and the badge is powered by three AA batteries found on the flip side.

bender's-nose-closeup

That alone makes an interesting piece of hardware, but the RFM69W module makes all of the badges interactive. The spring coming off the top of Bender’s dome is a coil antenna for the 433 MHz communications. I only have the one badge on hand so I couldn’t delve too deeply what interactive tricks a large pool of badges will perform, but the menu hints at a structure in place for some very fun and interesting applications.

rf-module-and-coil-antennaIncluded in the menu are entries for Chat and Peers, obviously part of the connectivity system. But one of the games on the badge is Ninja and when you enter the game all you get is a Peers list (empty for me). There are single player games too, and the games menu has a Progress entry that scores you 0-100. I’m not sure what the Ninja game encompasses but I sure want to find out.

The rest of the menu immediately drives home how well polished this firmware is. There’s a self test and an airplane mode (a nice touch especially if you want to make sure no hidden RF triggers are executed on your badge). But there’s also an RF debugging screen and an ‘about’ screen that lists software version, flash data version, and credit for the creators. There’s also a link to the GitHub repo, which is currently empty because they don’t want to give away all the secrets, and the software libraries used. Both of these show the developers really went the extra mile.

At the bottom of the badge there is a male USB plug. This thing might be a bit unwieldy to plug into the side of a laptop so if you’re going to try to get your hands on one of these badges bring a USB extender cable along with you. The goal is to produce and sell 120 full badges ($40 each) and 50 more that have just the LEDs and microcontroller ($20 each). Follow their Twitter, but the tentative plan is to start selling them somewhere near the chill room on Thursday.

This USB port is where I think a lot of the puzzles will lie. It was the first thing I tried out when the badge arrived.

Below you can see a quick video I made of the serial mode. The badge attaches to /dev/ttyACM0 and enumerates as 1eaf:0004 (dmesg says Product: Maple and Manufacturer: LeafLabs). 115200/8/N/1 is printed on the silk screen on the back so no surprises there, and when you connect the OLED tells you to hit ‘c’ to enter terminal mode (the badge continually echos “Ready” until you do).

As far as hardware hacking potential, there are 11 GPIO pins broken out as well as RX/TX, DIO, RST, and a few power and ground pins. It’s an exciting package waiting to be explored. I’m glad I got an early look, and I can’t way to hit the hallways of DEF CON and give this baby a try. See you in a couple of weeks!

15 thoughts on “Hands-on The AND!XOR Unofficial DEF CON Badge

        1. It would help that I finish my thought before clicking the post button. But yes, it’s an M3. Full part number is STM32F103CBT6. 128KB flash, 20KB ram, running 72 Mhz. Compare that that to an Arduino Uno :).

  1. Never seen minicom before. I usually use screen when connecting via serial. Is there any advantages to using minicom? I understand that it’s original purpose was to connect to a modem and handle dialing and sending data via kermit and the like.

    1. Minicom will translate backspace regardless of your x terminal’s termcap, while screen doesn’t.

      (I just helped someone bootstrap themselves using a serial terminal; this difference was no end of frustration)

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.