I tried my best to see every badge and speak with every badge maker at DEF CON 26. One thing’s for sure, seeing them all was absolutely impossible this year, but I came close. Check out the great badges shown off in volume 1 and in volume 2 of this series. The game is afoot, and if you are headed to a hacker conference there’s never been a better time to build your own hardware badge — whether you build 5 or 500!
All right, let’s look at the badges!
As is always the case with a significant hacker camp, we’ve been awaiting the official badge announcement for the upcoming Electromagnetic Field 2018 hacker camp with huge interest. These badges, for readers who may have been on Mars for the past few years, are part of a lively scene of wearable electronics at hacker conferences and camps, and can usually be expected to sport a fully-fledged computer in their own right along with other special functionality.
The announcement of the 2018 badge, dubbed the TiLDA Mk4, does not disappoint. We’d been told that there would be an on-site GSM network for which the welcome packs would contain a SIM, and the well-prepared among us had accordingly dusted off our old Nokia handsets alongside our DECT phones. What we hadn’t expected was that the SIM would be for the badge, because the Mk4 is a fully-fledged hackable mobile phone in its own right. The network will be fully functional for calls and texts within the camp, though since it does not explicitly say so we expect that external calls may be an impossibility. Afterwards though it will remain a usable device on any GSM network, giving it a lease of post-camp life that may see more of them staying in use rather than joining the hacker’s dusty collection in a drawer.
Beyond the party-piece phone it appears to follow the lead of its 2016 predecessor, with the same Python environment atop a TI chipset including an MSP432E4 ARM Cortex M4F microcontroller running at 120MHz with 256kB of internal and 8MB of external RAM, a CC3210 WiFi processor, and the usual battery of sensors, LEDs and GPIOs. Importantly, it also has a Shitty Add-on connector. The 2016 badge was remarkably easy to develop for, and we expect that there will soon be an impressive array of apps for this badge too. If any reader would like to put together a Hackaday feed reader app, we can’t offer you fortune but fame such as we can bestow awaits.
We’ll bring you more information as we have it about the TiLDA Mk4, as well as a hands-on report when one lands in front of us. Meanwhile you’d like to see a retrospective of past EMF badges as a demonstration of where this one has come from, have a read of our coverage of the 2016 and 2014 badges.
When you show up at a party wearing this bare PCB watch, there are effectively two possible reactions you might receive from the other people there. Either they are going to snicker at the nerd who’s wearing a blinking circuit board on their wrist in public, or they are going to marvel at the ridiculously low part count. We’ll give you one guess as to which reaction you’d likely get at any event Hackaday is involved in.
Designed and built by [Electronoobs], this extremely simple watch consists of a ATmega328P microcontroller, a dozen LEDs with their associated 200 Ω resistors, and a battery. There’s also a single push button on the front which is used to not only set the watch, but turn the LEDs on when you want to check the time. Short of dropping down to one LED and blinking out the time, it’s hard to imagine a timepiece with fewer components than this.
You’re probably wondering how [Electronoobs] pulled this off without an external clock source for the ATmega328P chip. The chip actually has an internal 8 MHz oscillator that can be used, but you need to flash the appropriate bootloader to it first. Accordingly, the backside of the PCB has both SPI and a UART solder pads for external bootloader and firmware programming.
As you might expect, there’s a downside to using the internal oscillator: it’s not very good. The ATmega328P spec sheet claims a factory calibrated accuracy of ±10%, and [Electronoobs] has found that equates to a clock drift of around 15 seconds per day. Not exactly great, but considering the battery only lasts for two days anyway, it doesn’t have much of an impact in this case.
Compared to other “analog” LED watches we’ve seen, the simplicity of this build is really quite remarkable. The closest competitor we’ve seen so far is this slick binary watch.
There were so many amazing unofficial badges at DEF CON this year that I can’t possibly cover them all in one shot. I tried to see every badge and speak with every badge maker — like a hardware safari. Join me after the jump for about fourteen more badges that I saw at DEF CON 26!
If you missed the first batch, check those badges out too — there’s even a Badgelife Documentary that you need to add to your watch list. Okay, let’s dig in.
I was always a sucker for art classes in my early days. There was something special about getting personal instruction while having those raw materials in your hands at the same time. Maybe it was the patient voice of the teacher or the taste of the crayons that finally got to my head. Either way, I started thinking: “I want to do this; I want to teach this stuff.”
Last year at Hackaday Superconference I got my chance. Hardware workshops with real hardware were so rare; I just had to bring one to the table! What follows is my tale of joys and woes bringing together a crew to take their first few steps into the world of cable-driven animatronics. If you’re thinking about getting your feet wet with teaching your own hardware workshop, read on. I’ve packed this story with as much of my own learnings as I could to set you on a path to success.
The good news is that Supercon returns every year. I you want to take part in some epic workshops like this one, grab a ticket for this year’s conference now. If you want to host a hardware workshop, the Call for Proposals is still open! Okay, let’s dive in.
Continue reading “Getting Kitted To Teach Your First Hardware Workshop”
Every year we host Breakfast at DEF CON on the Sunday morning of the largest hacker conference in the United States. I think it’s a brilliant time to have a meetup — almost nobody is out partying on Sunday morning, and coffee and donuts is a perfect way to get your system running again after too much excess from Saturday evening.
This year marks our fourth Breakfast and we thought this time it would be completely legit. Before we’ve just picked a random coffee shop and showed up unannounced. But this year we synced up with some of our friends running the Hardware Hacking Village and they were cool with us using the space. Where we ran afoul was trying to wheel in coffee and pastries for 100+ people. The casino was having none it.
But to their credit, we were forbidden from bringing the food into the conference center, not into the greater casino. We ended up squatting in a restaurant seating area that wasn’t open until 5pm. The awesome Hackaday Community rolled with the venue change, and a fantastic time was had by all! For what it’s worth, this ended up being the best space for a Breakfast yet! There was plenty of room with many tables, and we had no problem filling all of the space.
Tindie and Hackaday were sponsors of the SMD Challenge this year (a timed soldering challenge going all the way down to 0201 packages that was also judged for quality). Jasmine announced the winner live at the meetup, that’s the image at the top of this article. I thought the award the Solder Skills Village made for the Most Dropped Parts was pretty epic. It’s a round pendant with a piece of carpet and a bunch of components that was on display during the meetup.
The number one piece of hardware people brought with them was badges. Since we’re doing in-depth badge coverage I won’t go into that here. But I’d like to mention that for the second year in a row, Brian McEvoy brought some epic hardware. Last year it was an OpenSCAD controller demo, this year it’s a custom mechanical keyboard design system.
Taking wide shots of crowds is frowned upon at DEF CON so what follows are posed shots. I made sure to ask all involved before snapping the image. DC27 is a long way away, I’m hoping to see many of these awesome folks much sooner than that when Supercon gets going this November.
It’s been at least a month or two since the last vulnerability in Intel CPUs was released, but this time it’s serious. Foreshadow is the latest speculative execution attack that allows balaclava-wearing hackers to steal your sensitive information. You know it’s a real 0-day because it already has a domain, a logo, and this time, there’s a video explaining in simple terms anyone can understand why the sky is falling. The video uses ukuleles in the sound track, meaning it’s very well produced.
The Foreshadow attack relies on Intel’s Software Guard Extension (SGX) instructions that allow user code to allocate private regions of memory. These private regions of memory, or enclaves, were designed for VMs and DRM.
The Foreshadow attack utilizes speculative execution, a feature of modern CPUs most recently in the news thanks to the Meltdown and Spectre vulnerabilities. The Foreshadow attack reads the contents of memory protected by SGX, allowing an attacker to copy and read back private keys and other personal information. There is a second Foreshadow attack, called Foreshadow-NG, that is capable of reading anything inside a CPU’s L1 cache (effectively anything in memory with a little bit of work), and might also be used to read information stored in other virtual machines running on a third-party cloud. In the worst case scenario, running your own code on an AWS or Azure box could expose data that isn’t yours on the same AWS or Azure box. Additionally, countermeasures to Meltdown and Spectre attacks might be insufficient to protect from Foreshadown-NG
The researchers behind the Foreshadow attacks have talked with Intel, and the manufacturer has confirmed Foreshadow affects all SGX-enabled Skylake and Kaby Lake Core processors. Atom processors with SGX support remain unaffected. For the Foreshadow-NG attack, many more processors are affected, including second through eighth generation Core processors, and most Xeons. This is a significant percentage of all Intel CPUs currently deployed. Intel has released a security advisory detailing all the affected CPUs.
