The security conference LayerOne 2018 took place this past weekend in Pasadena, California. A schedule conflict meant most of our crew was at Hackaday Belgrade but I went to LayerOne to check it out as a first-time attendee. It was a weekend full of deciphering an enigmatic badge, hands-on learning about physical security, admiring impressive demos, and building a crappy robot.
In case you haven’t heard, the best hardware conference in the world was last weekend. The Hackaday Superconference was three days of hardware hacking, soldering irons, and an epic hardware badge. Throw in two stages for talk, two workshop areas, the amazing hallwaycon and the best, most chill attendees you can imagine, and you have the ultimate hardware conference.
Already we’ve gone over the gory details of what this badge does, and now it’s time to talk about the perils of building large numbers of an electronic conference badge. This is the hardware demoscene, artisanal manufacturing, badgelife, and an exploration of exactly how far you can push a development schedule to get these badges out the door and into the hands of eager badge hackers and con attendees.
The good news is that we succeeded, and did so in time to put a completed badge in the hand of everyone who attended the conference (and we do have a few available if you didn’t make it to the con). Join me after the break to learn what it took to make it all happen and see the time lapse of the final kitting process.
DEF CON is starting right now, and this is the year of #badgelife. For the last few years, independent hardware wizards have been creating and selling their own unofficial badges at DEF CON, but this year it’s off the charts. We’ve already taken a look at Bender Badges, BSD Puffer Fish, and the worst idea for a conference badge ever, and this is only scratching the surface.
This is also a banner year for the Hackaday / Tindie / Supplyframe family at DEF CON. We’re on the lookout for hardware. We’re sponsoring the IoT village, [Jasmine] — the high priestess of Tindie — and I will be spending some time in the Hardware Hacking Village, praising our overlords and saying the phrase, ‘like Etsy, but for electronics’ far too much. We’ll be showing people how to solder, fixing badges, and generally being helpful to the vast unwashed masses.
Obviously, this means we need our own unofficial DEF CON badge. We realized this on July 10th. That gave us barely more than two weeks to come up with an idea for a badge, design one, order all the parts, wait on a PCB order, and finally kit all the badges before lugging them out to DEF CON. Is this even possible? Surprisingly, yes. It’s almost easy, and there are zero excuses for anyone not to develop their own hardware badge for next year’s con.
Badgelife is the celebration of independent hardware creators, working for months at a time to bring custom electronic badges to conferences around the world. This year at DEF CON, Badgelife is huge. It’s not just because this year was supposed to feature a non-electronic badge, and it’s not because the official badge imploded last month — Badgelife is all about people spending most of the year designing, and manufacturing hardware, culminating in one very special weekend.
[Garrett] owns Hacker Warehouse, a store providing all kinds of neat hacker tools ranging from software-defined radios to lock pick sets to side channel analysis toolkits. This year, [Garrett] decided he wanted to branch out his business and get involved in a little bit of hardware creation. He’s been curious about this for some time and figured a limited edition DEF CON badge made sense. What he wound up with is a beautiful little badge with games, blinkies, graphics, and potential to cause a lot of wireless mischief.
The design of the Hacker Warehouse badge is surprisingly simple compared to the Bender Badges and puzzling crypto badges that are also part of this year’s Badgelife hardware celebration. On board is an ESP8266 with a custom PCB implementation that includes a larger Flash chip. The other side of the board is loaded up with four tact switches in a D-pad arrangement. On top is a 96 x 64 pixel full-color OLED display, and blinkies are provided by fourteen mini WS2812 RGB LEDs. Power is provided by two AA cells and what looks to be a nice fancy switching regulator. This is real hardware, not just a few modules thrown together with a bunch of LEDs.
Oh, what wireless fun
This badge is built around the ESP8266, a very interesting WiFi-enabled microcontroller that has more features than it should. [Garrett] is using the ESP as a WiFi scanner of sorts, allowing anyone with this badge to monitor WiFi channels, APs, packets, and — this is important — deauth packets.
Over the last year, there have been a number of projects around the Internet that take an ESP8266 and spew deauthorization frames into the spectrum. These frames cause a WiFi client to stop using an access point, and basically shuts down all the WiFi in an area. It’s well documented, and people have been doing it for years, but the ESP8266 makes deauth attacks so very, very easy. We’re going to see a lot of deauth frames this year at DEF CON, and the Hacker Warehouse badge will be able to detect them. It can also generate these frames, but that capability is locked for now.
Blinking and glowing
Onboard the Hacker Warehouse badge are 14 RGB LEDs, programmed with 46 different patterns that are certainly bright enough to annoy someone. This is what you need for a badge, and it’s beautiful.
This is a truly fantastic badge that’s also a great development board for the ESP8266. Everything you need for portable WiFi gaming fun is already there — you have blinky LEDs, an OLED, what seems to be a fairly nice power supply, and enough buttons to do something interesting. All you need to do to program this badge is attach a USB to serial adapter to the pre-populated header and you really have something. It’s a great badge, and we can’t wait to see the hacks for this great piece of hardware next week at DEF CON.
There are only a handful of people who can say they’ve built several successful electronic badges for conferences. Voja Antonic is not just on that list, he’s among the leaders in the field. There are a lot of pressures in this type of design challenge: aesthetics, functionality, and of course manufacturability. If you want to know how to make an exposed-PCB product that will be loved by the user, you need to study Voja’s work on the 2016 Hackaday SuperConference Badge. The badge is completely open, with all the design files, firmware, and a manual on the badge project page.
Between travelling from Belgrade to Pasadena and guiding production of 300 badges across the finish line before the conference deadline Voja took ill. He made it to the conference but without a voice he asked me to give his badge design talk for him. You can check that talk out below but let’s touch briefly on why Voja’s design is so spectacular.
What does it take to go from concept to dropping a finished product into the hands of the end user? Gather ’round for a story that pulls people and parts from around the world to make one killer piece of hardware art.
Although I’ve been to several DEF CONs over the past few years, I’ve never found time to devote to solving the badge. The legendary status of all the puzzles within are somewhat daunting to me. Likewise, I haven’t yet given DefCon DarkNet a try either — a real shame as the solder-your-own-badge nature of that challenge is right up my alley.
But finally, at the Hackaday SuperCon I finally got my feet wet with the crypto challenge created by [Voja Antonic]. He developed a secondary firmware which anyone could easily flash to their conference badge (it enumerates as a USB thumb drive so just copy it over). This turned it into a five-puzzle challenge meant to take two days to solve, and it worked perfectly.
If you were at the con and didn’t try it out, now’s the time (you won’t be the only one late to the game). But even if you weren’t there’s still fun to be had.
Thar’ be spoilers below. I won’t explicitly spill the answers, but I will be discussing how each puzzle is presented and the different methods people were using to finish the quest. Choose now if you want to continue or wait until you’ve solved the challenge on your own.