We were lucky enough to get our hands on a hand-soldered prototype of the new Hacker Warehouse badge, and boy is this one a treat. It’s fashionable, it’s blinky, and most impressively, it’s a very useful tool. This badge can replace the Google Authenticator two factor authentication app on your phone, and it’s a USB Rubber Ducky. It’s also a badge. Is this the year badges become useful? Check out the video below to find out more.
This is the time of year when hardware hackers from all across North America are busy working on the demoscene of hardware and manufacturing. This is badgelife, the celebration of manufacturing custom wearable electronics for one special weekend in Las Vegas. In just about a month from now, there will be thousands of independent badges flooding Caesar’s Palace in Vegas, complete with blinkies, custom chips, innovative manufacturing processes, and so many memes rendered in fiberglass and soldermask.
Badge Evolution
When we took a look at last year’s Hacker Warehouse badge, it was everything you could expect from an indie DEF CON badge. On board was an ESP8266, a bunch of surprisingly small WS2812 RGB LEDs, and a 96×64 OLED with four buttons in a d-pad arrangement. The software was great, it played Snake, and it had the ability to detect WiFi deauth packets. It should be noted that the floor of DEF CON is the most hostile RF environment on the planet (although the reason for that is more lulz than an actual threat), and being able to detect WiFi deauth packets is something that is very, very useful.
This year’s badge is a marked improvement over last year’s Hacker Warehouse badge. Instead of the ESP8266, this year’s badge features an ESP32 placed on a unique PCB layout that compliments the design of the badge. The mini WS2812s remain, there’s 8 Mb of Flash storage, and an ATMega 32u4 provides USB HID capability. Also included are two ‘Shitty Add-On’ headers, because this year badges are getting their own badges.
Where This Badge Stands Out
Fancier chips give this badge a lot more functionality. With the ESP32, this badge can listen in on NTP servers, meaning this badge knows the time. That might not be a big deal for a badge that can play Snake on a tiny OLED, but this badge also supports two-factor authentication (TOTP and HOTP), and functions as a Google Authenticator. That, in itself, is some amazing functionality, and something we can’t remember seeing from any project that’s basically just an ESP32 and OLED display. With the ESP32, you’re also getting a web server, and all the fun that involves.
There is a USB-capable chip on this badge, too. This is the ATMega32u4 with USB attached, which means this badge can function as an HID keyboard and mouse. It works as a USB Rubber Ducky, the keystroke injection tool that will open up a command line and type anything into the console. The badge accepts the Ducky scripting format, so instead of spending $40 on something that looks like a USB thumb drive, you can spend just a little bit more on something that’s far more fashionable. It also functions as a mouse jiggler, for when you don’t want a screensaver to be triggered.
This badge really is a work of art. It’s fashion, it’s electronics, and with the combination of Google Authenticator, a web server, and Rubber Ducky functionality, this is a real tool that would not be out of place at the vendor area at DEF CON.
You can preorder these badges right now over at Hacker Warehouse with delivery during DEF CON. There’s also the option to have the badge shipped after the con if you can’t attend. This will be an Open badge, too: all the firmware is already available, and the hardware sources will be made public after the con.
Are you working on a badge or add-on? We’d like to hear about it so send us a tip. Also, Hackaday.io is a great place to publish information on these builds, we already have a huge list of conference badge projects!
So, my question is, does the software actually implement what is advertised? Last years badge had menu items for a bunch of stuff that was never implemented.
Does It have the Masamune Shirow seal of approval? That badge is a great homage to one of the most famous hackers from the cyberpunk saga GITS
The Major gets mad when we chatter.
But can you use it to hack peoples cyberbrains?
Masamune Shirow would want more T*** and A**or at least like give it a coat of plasti-dip tor the authentic skintight rubber suit. Don’t get me wrong I love GitS and Shirow but he really wants to be the Japanese version of Boris Vallejo not Robert Heinlein.