Photo of the MCH2022 badge's screen, showing the "Hack me if you can" app's start splashscreen, saying "Service is accessible on IP ADDRESS : 1337"

MCH2022 Badge CTF Solved, With Plenty To Learn From

Among all the things you could find at MCH2022, there were a few CTFs (Capture The Flag exercises) – in particular, every badge contained an application that you couldĀ  try and break into – only two teams have cracked this one! [dojoe] was part of one of them, and he has composed an extensive reverse-engineering story for us – complete with Ghidra disassembly of Xtensa code, remote code execution attempts, ROP gadget creation, and no detail left aside.

There was a catch: badges handed out to the participants didn’t contain the actual flag. You had to develop an exploit using your personal badge that only contained a placeholder flag, then go to the badge tent and apply your exploit over the network to one of the few badges with the real flag on them. The app in question turned out to be an echo server – sending back everything it received; notably, certain messages made it crash. One man’s crashes are another man’s exploit possibilities, and after a few hacking sessions, [dojoe]’s team got their well-deserved place on the scoreboard.

If you always thought that firmware reverse-engineering sounds cool, and you also happen to own a MCH2022 badge, you should try and follow the intricately documented steps of [dojoe]’s writeup. Even for people with little low-level programming experience, repeating this hack is realistic thanks to his extensive explanations, and you will leave with way more reverse-engineering experience than you had before.

The MCH2022 badge is a featureful creation of intricate engineering, with the ESP32 portion only being part of the badge – we’re eager to hear about what you’ve accomplished or are about to accomplish given everything it has to offer!

DOOM Runs On The EMFCamp Tidal Badge

If it’s got a chip and a screen, someone’s trying to run DOOM on it. The latest entry in this fad is from [Phil Ashby], who figured out how to get the game running on the EMFCamp Tidal Badge as seamlessly as possible.

The badge is based on the ESP32-S3. It’s the latest version of the ESP32, which can run the iconic shooter pretty easily. However, [Phil] set himself a trickier challenge. He wanted to port DOOM to the badge while having it remain compatible with the MicroPython platform already on it. Plus, he wanted to be able to distribute it easily with the TiDAL Hatchery, a platform for sharing apps for the badge.

In the end, it took some deft hacking to make the game run on a microcontroller platform that isn’t really set up for running “applications.” It took some tricks to scale the video output and get the colors right, of course, but it’s there and working.

The state of the art is now so advanced that they managed to port DOOM into DOOM so you can DOOM while you DOOM. Video after the break.

Continue reading DOOM Runs On The EMFCamp Tidal Badge”

Badges Of 2022: EMF TiDAL

As we slowly return to a summer of getting together in fields for our festivals of hackery, it’s time to look at another of this year’s crop of badges. The UK’s Electromagnetic Field, or EMF, is normally a two-yearly event, but its return this year comes after a four year absence due to the pandemic. The EMF 2022 badge is a departure from previous outings, gone is the handheld game console form factor and in its place is a svelte USB-C stick with a nod to the first generation of EMF badges in its wave shape.

Physically the badge is formed of two PCBs that plug together with the LiPo battery sandwiched between them, the upper one carrying the display and battery while the lower holds the ESP32-S3 MCU and the various peripherals. These include a QMA7981 accelerometer, a QMC7983 magnetometer, and perhaps most intriguingly, an ATECC108A cryptographic accelerator. This last component gives it the potential to be a 2-factor authentication key, which we think is probably a first for a badge.

In use, the TFT display and joystick interface is usable, but hard to read for a Hackaday scribe whose eyes maybe aren’t as sharp as they used to be. Programming is via MicroPython, using an app format through the same online hatchery system that will be familiar to owners of other European badges. There are already quite a few apps, which we hope will help this badge have some longevity.

This is just the latest of a long line of EMF badges, of which the 2016 version is probably our favourite.

Badges Of 2022: BornHack

While the rest of the world’s hacker camps shut their doors through the pandemic there was one which managed through a combination of careful planning and strict observation of social distancing to keep going. The Danish hacker community gather every August for BornHack, a small and laid-back event in a forest on the isle of Fyn that has us coming back for more every year. They always have an interesting badge thanks to the designs of [Thomas Flummer], and this year looks to be no exception as they’ve dropped some details of the upcoming badge.

In short, it’s a beautifully designed hand-held games console with a colour screen, powered by the ubiquitous-in-the-chip-shortage RP2040 microcontroller. On board are the usual interfaces and a prototyping area plus CircuitPython for easy coding, and we expect it to sprout some addictive and playable gaming action. It’s the sort of PCB that we could imagine coming as a product from the likes of Pimoroni, but for now the only way to get your hands on one is to go to the event. We’ll being you a review when we have one. Meanwhile you can take a look at a previous year’s badge.

Ride DIY Or Die This Badge-Less Suzuki

A few years ago, [Charles] picked up a sweet Suzuki motorcycle that checked all the boxen: it was in good shape, bore a few useful upgrades and a box of spare parts, plus the price was right. Though he assumed that he had pored over every picture on the classified site before buying, it wasn’t until later that [Charles] realized that something was indeed missing from the bike — a piece of chrome that does little more than to cover the tee in the brake line and bear the Suzuki brand. Once he saw the problem, he couldn’t un-see it, you know? And at that point, he just had to have that little piece, even if he had to make it himself.

That wasn’t the original plan, of course, but bike parts are expensive to begin with and only get worse as size, condition, and rarity increase. [Charles]’ quest to find this piece was halfway successful; he found a reasonable-but-rusty facsimile of the right part, although the emblem portion was long gone. Then he remembered the wife’s vinyl cutter.

Now, let’s stop right there. If you know anything at all about these vinyl cutters, you know that they are basically glorified 2D plotters with a knife attached where a pen would be. Send it any 2D file and you’re good? No, no; of course not. These things are locked down by the manufacturers.

Fortunately, [Charles] found inkscape-silhouette, which makes light work of sending SVGs to the machine. After much back and forth and maybe a bit of coin-flipping, [Charles] settled on the classy, stylized ‘S’ version rather than the full-on Suzuki badge. We think it looks great, and we’ll never tell anyone.

While this isn’t quite the type of badge we’d normally talk about, it’s a great project nonetheless, and it’s always nice to hear about projects that open up otherwise closed-source hardware.

The MCH2022 Badge Has Landed!

As spring slowly slides into summer here in Europe where this is being written, the warm weather is a reminder that on the horizon are the summer’s crop of hacker camps. The largest European one this year will be the Dutch MCH2022 near the end of July, and to whet our appetite they’ve made public some details of their badge. And true to the past form of Dutch camps, it’s rather an impressive build.

Since this is another piece of work from badge.team it has the expected ESP32 module, but alongside it on the elegantly-designed PCB there’s an RP2040 and a Lattice ICE40UP5K FPGA. The ESP is there to run the badge team firmware which even includes backwards compatibility with the original SHA2017 badge, the RP2040 ties everything together and provides a multitude of USB peripherals, and the FPGA is there to run user code. From the front, the badge has a Game Boy Advance-style form factor with a large colour TFT screen and the usual joystick and buttons. Other peripherals include a brace of addressable LEDs, a pair of nifty sensors from Bosch, and a 16-bit stereo audio channel that even powers a small onboard mono speaker when no headphones are connected.

The hardware may be slick, but it’s the badge.team firmware that makes this as special as all their previous offerings. It offers the chance to easily write apps either in MicroPython for the ESP32, or as payloads for the FPGA, and what makes it special is that it comes with an online app store from which all the apps can be downloaded. We’re told that it will be able to run a range of emulators out of the box, so we’re really looking forward to seeing the final version at the event. Meanwhile they’ve released a demo video that you can see below the break, and if you’re curious you can take a look at its SHA2017 badge ancestor.

Continue reading “The MCH2022 Badge Has Landed!”

The 555 Gives The CarolinaCon Badge Life

For the electronic badge enthusiast, these last two years have seen something of a famine. While the pandemic may not be over yet, we’re learning to live with it in 2022, and there’s the prospect of a flush of new badges even if not all events are in-person yet. First to reach us is the Carolinacon Online 2 badge, a fairly simple affair which naturally has us pleased as punch because it incorporates the only chip that’s guaranteed to get you through the semiconductor shortage, an NE555 timer. It’s got everything, a flashing LED, and, well, that’s it because with the best will in the world a 555 is no powerhouse on its own. As a memento and a way to support the event it fits the bill, but it’s fair to say that this is no electronic tour de force.

Carolinacon Online 2 launches on Friday 29th of April, and features a schedule of talks and a set of merch including the badge. If you’re thinking of previous Carolinacon badges, this event has always taken the simple-but-effective route. The version they produced in 2021 for example had a hidden message behind the silkscreen, revealed through clever placement of LEDs controlled by an ATtiny microcontroller.