The first big surprise Vegas had in store for everyone is that the DEF CON badge is an electronic badge this year. It’s traditionally been the DC practice to alternate years between electronic and non-electronic badges. Last year we had a fantastic electronic badge designed by the ToyMakers, so I had expected something more passive like the vinyl LP badge from a few years ago. What a pleasant surprise to learn otherwise!
Second up on the surprise list is the badge maker himself. The design is a throwback to days of yore as Joe Grand steps up to the plate once again. Veterans know him as Kingpin, and his badge-making legacy runs deep. Let’s jump in and take a look.
Hardware
There were 26,500 total badges manufactured with a 99% yield by a US-based fab house because of the complexities of the build. The timeline was incredibly tight, with Joe Grand’s turnaround from alpha prototype (no bodge wires!) to production in just seven days. He had to write and verify all low-level drivers in this time, and go to production without first testing the inevitable board revisions.
The shape of the badge is simple enough, just a small PCB disc about 3 inches in diameter. The defining visual factor for this badge is the thick diffuser. This is quartz crystal from Brazil, cut and polished specifically for the badges by a gem and jewelry company in China. For Human badges (the regular conference attendees) it’s just a white disc, but the rarer variants look a bit fancier.
On the back of the PCB you’ll find all the goodies. There’s a microcontroller and LED driver (Kinetis KL27, and TI LP5569) off to one side which power the reverse-mounted LEDs. To the other side of the board there’s a chip that provides badge interactivity. Place two of these badges near each other (about 2 feet away) and they’ll transfer data. You don’t need to physically connect them, which sometimes proved troublesome with last year’s badges as the connectors had an unpleasant tendency to break off.
Power is provided by a single CR2032 coin cell. Two LDOs on the board provide the 1.3 V and 1.8 V necessary to power all of the chips. There are six reverse-mounted LEDS (some are multicolor, some single color, depends on the badge variant) and Joe assures me there’s more than enough juice to keep them running all weekend long.
The Magic of Wireless that’s Not
Badge-to-badge communication uses a magnetic field, not radio frequency! The radio chip is something special, the NXH2261UK from NXP uses near field magnetic induction (NFMI) to both receive and transmit from the coil that’s on the board. This is wireless communications, but it’s not emitting radio frequency — you can’t listen in on it with an SDR. The concept is a rarity in consumer goods, most commonly you’ll find it incorporated in hearing aids. This chip-scale BGA is the smallest package Joe has used in a design.
A Lanyard Connector of a Different Color
There’s a novel take on connecting lanyards this year. Rather than rely on a hole in the board, there are two lugs soldered onto the board. These parts are normally used as jumpers in high-voltage applications. You’re meant to thread the lanyards through these two lugs, leaving the actual hook on the lanyard for unofficial badges. Joe Grand may not have included a header for “shitty” add-ons, but he’s still managed to fully embrace custom hardware badge culture — of course he played a large part in the genesis of this culture.
Puzzle
The first obvious part of the puzzle is the unlocks you get by holding badges up to different varieties like those issued to Goons, Speakers, Artist, Press, etc. I assume this causes firmware unlocks that slowly reveal the puzzle.
People are already hard at work unlocking the secrets within. [charliex] discovered the serial pads which are an alternating footprint for SMD 0.1″ pin header. He reports a UART (1.8v logic levels) and reveals on his Twitter account some of the dump from the terminal. He’s also posted a dump of the firmware, which I’m told is the same on all badges, and excellent closeup images of the hardware on his GitHub.
Solve this Badge!
It takes a village to hack a badge. Click this magic link to automatically join the badge solving project on Hackaday.io. You can view the project here.
Make new project logs for each challenge you’re trying to solve on the badge. Jump into the public chat to discuss what’s going on. All are welcome, you don’t need to be here to take part. Ask for more info from people who have a badge in hand and tackle the challenges the come to mind! Just make sure you’re posting back new info as fast as you can find it.
Neat. I never ran into communications using “near field magnetic induction (NFMI)” before. Never even occurred to me. Obviously it is for near point to point comm, but there might be some interesting real world applications using it. Going to have look into that.
It’s essentially the technology behind telecoil loops in theatres and concert venues designed for people who are hard of hearing. And it’s really new having only been around since, ohh, 1937 or so :-) https://www.dizziness-and-balance.com/disorders/hearing/hearing-aids/tcoil.html
Most hearing aids contain such a reciever as well, it transmits the sound from the speaker coil in a telephone interface (hence the name) directly to the hearing aid. All the hearing aids I’ve ever worn (been wearing them for 40 or so years now) had this incorporated.
The hearing aid use what we called a t-coil to pick up the magnetic fields from the telephone, and on other aids used that coil to recharge the batteries, (Magnatone corp.) The coil peaked at 25khz ,when place in that field with a led and battery in series ,wa-la
NFMI is also used in some headphones.
https://japantoday.com/category/features/new-products/near-field-magnetic-induction-used-for-sony%27s-wireless-earphones
Reports of very happy Tag-Connect salesmen since the only way to use the programming header is to mangle your Tag-Connect locator pins (they’re blocked by the rock)
Hey, are you at the con? Hope our paths cross.
I talked to charliex about this and he had to remove his diffuser using some dental floss to make room for the tagconnect alignment pins.
I’m not, but practically everyone I know on Earth seems to be there!
Well damn. I was hoping I’d bump into you. Glares in RGB.
A few years ago I was looking at making my own but the NFMI from NXP will be a easier solution especially for the size constraints.
Is that metal lanyard clip about to short out the +ve terminal of the battery?
I’m pretty sure the metal loops are not grounded, definitely shorted them a couple times with the clip and no issues
Thanks guys for some uses. I read up a ‘little’ via the internet on the subject and I wonder why we aren’t seeing hats or devises that allow comm through this technology for people to play with like blue tooth or zigbee…. Seems like a secure way for devices to communicate with each other when they cross into each others ‘bubble’ since they aren’t radiating a far signal. Low power too. Short distance is the only downside. But one meter seems good enough for input devices such as keyboards, mice, buttons, or any small device in range (little robots?)… Seems popular in security/military applications already. A patent problem? Just pondering…
http://www.freelinc.com/technology
Wacom has been making inductive pens for a very long time.
https://www.youtube.com/watch?v=oKVCwPn6OPI
How the hell were you able to buy NXH2261UK’s?
I’ve been watching this part ever since it came out & I still don’t have a data sheet!
Nxp rep was at defcon :)