Among all the things you could find at MCH2022, there were a few CTFs (Capture The Flag exercises) – in particular, every badge contained an application that you could try and break into – only two teams have cracked this one! [dojoe] was part of one of them, and he has composed an extensive reverse-engineering story for us – complete with Ghidra disassembly of Xtensa code, remote code execution attempts, ROP gadget creation, and no detail left aside.
There was a catch: badges handed out to the participants didn’t contain the actual flag. You had to develop an exploit using your personal badge that only contained a placeholder flag, then go to the badge tent and apply your exploit over the network to one of the few badges with the real flag on them. The app in question turned out to be an echo server – sending back everything it received; notably, certain messages made it crash. One man’s crashes are another man’s exploit possibilities, and after a few hacking sessions, [dojoe]’s team got their well-deserved place on the scoreboard.
If you always thought that firmware reverse-engineering sounds cool, and you also happen to own a MCH2022 badge, you should try and follow the intricately documented steps of [dojoe]’s writeup. Even for people with little low-level programming experience, repeating this hack is realistic thanks to his extensive explanations, and you will leave with way more reverse-engineering experience than you had before.
The MCH2022 badge is a featureful creation of intricate engineering, with the ESP32 portion only being part of the badge – we’re eager to hear about what you’ve accomplished or are about to accomplish given everything it has to offer!
If it’s got a chip and a screen, someone’s trying to run DOOM on it. The latest entry in this fad is from [Phil Ashby], who figured out how to get the game running on the EMFCamp Tidal Badge as seamlessly as possible.
The badge is based on the ESP32-S3. It’s the latest version of the ESP32, which can run the iconic shooter pretty easily. However, [Phil] set himself a trickier challenge. He wanted to port DOOM to the badge while having it remain compatible with the MicroPython platform already on it. Plus, he wanted to be able to distribute it easily with the TiDAL Hatchery, a platform for sharing apps for the badge.
In the end, it took some deft hacking to make the game run on a microcontroller platform that isn’t really set up for running “applications.” It took some tricks to scale the video output and get the colors right, of course, but it’s there and working.
The state of the art is now so advanced that they managed to port DOOM into DOOM so you can DOOM while you DOOM. Video after the break.
Continue reading “DOOM Runs On The EMFCamp Tidal Badge”
As we slowly return to a summer of getting together in fields for our festivals of hackery, it’s time to look at another of this year’s crop of badges. The UK’s Electromagnetic Field, or EMF, is normally a two-yearly event, but its return this year comes after a four year absence due to the pandemic. The EMF 2022 badge is a departure from previous outings, gone is the handheld game console form factor and in its place is a svelte USB-C stick with a nod to the first generation of EMF badges in its wave shape.
The text is a little small on the tiny screen.
On the rear is this pattern.
Physically the badge is formed of two PCBs that plug together with the LiPo battery sandwiched between them, the upper one carrying the display and battery while the lower holds the ESP32-S3 MCU and the various peripherals. These include a QMA7981 accelerometer, a QMC7983 magnetometer, and perhaps most intriguingly, an ATECC108A cryptographic accelerator. This last component gives it the potential to be a 2-factor authentication key, which we think is probably a first for a badge.
In use, the TFT display and joystick interface is usable, but hard to read for a Hackaday scribe whose eyes maybe aren’t as sharp as they used to be. Programming is via MicroPython, using an app format through the same online hatchery system that will be familiar to owners of other European badges. There are already quite a few apps, which we hope will help this badge have some longevity.
This is just the latest of a long line of EMF badges, of which the 2016 version is probably our favourite.
While the rest of the world’s hacker camps shut their doors through the pandemic there was one which managed through a combination of careful planning and strict observation of social distancing to keep going. The Danish hacker community gather every August for BornHack, a small and laid-back event in a forest on the isle of Fyn that has us coming back for more every year. They always have an interesting badge thanks to the designs of [Thomas Flummer], and this year looks to be no exception as they’ve dropped some details of the upcoming badge.
In short, it’s a beautifully designed hand-held games console with a colour screen, powered by the ubiquitous-in-the-chip-shortage RP2040 microcontroller. On board are the usual interfaces and a prototyping area plus CircuitPython for easy coding, and we expect it to sprout some addictive and playable gaming action. It’s the sort of PCB that we could imagine coming as a product from the likes of Pimoroni, but for now the only way to get your hands on one is to go to the event. We’ll being you a review when we have one. Meanwhile you can take a look at a previous year’s badge.
As spring slowly slides into summer here in Europe where this is being written, the warm weather is a reminder that on the horizon are the summer’s crop of hacker camps. The largest European one this year will be the Dutch MCH2022 near the end of July, and to whet our appetite they’ve made public some details of their badge. And true to the past form of Dutch camps, it’s rather an impressive build.
Since this is another piece of work from badge.team it has the expected ESP32 module, but alongside it on the elegantly-designed PCB there’s an RP2040 and a Lattice ICE40UP5K FPGA. The ESP is there to run the badge team firmware which even includes backwards compatibility with the original SHA2017 badge, the RP2040 ties everything together and provides a multitude of USB peripherals, and the FPGA is there to run user code. From the front, the badge has a Game Boy Advance-style form factor with a large colour TFT screen and the usual joystick and buttons. Other peripherals include a brace of addressable LEDs, a pair of nifty sensors from Bosch, and a 16-bit stereo audio channel that even powers a small onboard mono speaker when no headphones are connected.
The hardware may be slick, but it’s the badge.team firmware that makes this as special as all their previous offerings. It offers the chance to easily write apps either in MicroPython for the ESP32, or as payloads for the FPGA, and what makes it special is that it comes with an online app store from which all the apps can be downloaded. We’re told that it will be able to run a range of emulators out of the box, so we’re really looking forward to seeing the final version at the event. Meanwhile they’ve released a demo video that you can see below the break, and if you’re curious you can take a look at its SHA2017 badge ancestor.
Continue reading “The MCH2022 Badge Has Landed!”
For the electronic badge enthusiast, these last two years have seen something of a famine. While the pandemic may not be over yet, we’re learning to live with it in 2022, and there’s the prospect of a flush of new badges even if not all events are in-person yet. First to reach us is the Carolinacon Online 2 badge, a fairly simple affair which naturally has us pleased as punch because it incorporates the only chip that’s guaranteed to get you through the semiconductor shortage, an NE555 timer. It’s got everything, a flashing LED, and, well, that’s it because with the best will in the world a 555 is no powerhouse on its own. As a memento and a way to support the event it fits the bill, but it’s fair to say that this is no electronic tour de force.
Carolinacon Online 2 launches on Friday 29th of April, and features a schedule of talks and a set of merch including the badge. If you’re thinking of previous Carolinacon badges, this event has always taken the simple-but-effective route. The version they produced in 2021 for example had a hidden message behind the silkscreen, revealed through clever placement of LEDs controlled by an ATtiny microcontroller.
Regular readers will know that we have covered the world of electronic badges for many years, and nothing pleases us more than seeing an event badge having a life afterwards rather than becoming a piece of e-waste. Thus we were especially pleased to see [Angus Gratton]’s use of a SHA2017 badge as a solar output monitor, over four years after the event.
The SHA badge used an ESP32 as its processor, and paired it with a touch keypad and an e-ink screen. Its then novel approach of having a firmware that could load MicroPython apps laid the groundwork for the successful open source badge.team firmware project, meaning that it remains versatile and useful to this day.
The solar monitor simply grabs time-series information from the database used by his web graphing system and displays it on the e-ink screen in graph form, but the interest apart from the use of the badge in his treatise on MicroPython coding. He makes the point that many of us probably follow unconsciously, writing for full-fat Python and then fixing the parts which either don’t work or use too many resources on its slimmer cousin. Finally he powers the device from an old phone charger, and shares some tips on controlling its tendency to reboot on power spikes.
It’s almost a year ago that we showed you a SHA badge being used as an environmental sensor.
Thanks [Sebastius] for the tip.