Leader: welcome to the 27th DefCon! Since many of you are here for the first time, I will tell you about some of the foundational moments of our community. One of them is that we doubt everything, and if you hear or see something you don't understand, just ask a question. The whole point of DefCon is to learn something - to drink, to meet friends, to do nonsense.
It's the kind of experience that I didn't fully appreciate until I spoke to a friend two or three years ago. He said that this time, instead of sending his team to the BlackHat conference, he decided to send them to DefCon. I asked him what is the difference? The friend replied that he had a really good, intelligent and experienced team, and he sent them to BlackHat in order to make them a little smarter, like they do with a sharp knife, updating the sharpening. But when he sends them to DefCon, he wants them to learn to think better. I said, "God, I should think about it"! This is really the place where people come to learn.
You know that there is an unofficial opinion - if you are engaged in information security, stay away from hacking. Infosecurity is a great place to work, to make money, but getting money and knowing how to make it is different from the joy of being an explorer, the pleasure of making unexpected discoveries, solving problems, and experiencing failure. Failures that you should not be afraid of, because here you are surrounded by friends. I think this is the difference - because if you just work in information security, you should be afraid of failure.
Joe Grand: Indeed, working in Infosec does not make you a hacker, and if you are a hacker, this does not mean that you are engaged in information security! The world of hacking is more than just information security.
Leader: yes, and we try to accept it. If you remember, a year ago, as an experiment, we held DefCon in China. This was the first time the conference had been held outside the United States. That year it became one of the biggest IT security events for Chinese hacking. An interesting story happened there. When I asked how much money we should charge for hosting the conference, we were told "no one ever charges any fees for hosting conferences, it's a marketing expense, so everything is free." When I asked if it would be better to hold the conference on weekends to attract more students, or better on weekdays to attract company representatives, we were told that no one had ever held conferences on weekends before. I said that we wanted to bring DefCon t-shirts with us, and asked how much they usually sell them, I was told: "no one has ever sold t-shirts at conferences before."
Then we had our second DefCon in China and I went to Kingpin and asked him to make something cool, some special Defcon badges.
Joe Grand: yes, you were very persuasive, and it had to be really something very cool, in line with the essence of DefCon.
Leader: we had an idea to make not a simple badge, but some kind of technological, electronic badge, and Joe took this idea with great enthusiasm and decided to make something completely unusual, which had never been before.
Joe Grand: many people make real works of art out of badges, so I doubted that I could even make something like those community badges that first appeared 9 years ago at DefCon 18. At first I was very worried, but then I thought that I would just create my own style and not trying to compete with anyone, like I always did, and people liked it.
Leader: one of the reasons for creating these hardware badges was that neither in the BlackHat community nor at DefCon did I notice such hacking skills that Kingpin and a few others have. However, if we want to protect ourselves from bad things like robots or clandestine government activities, we must have hacking skills. It was sort of a covert attempt to draw the attention of our community to hacker hardware, and we succeeded.
Joe Grand: people who receive such badges, even though they seem to know what to do with them, will still ask questions, and this will somehow arouse their interest in such things.
Leader: when I asked Joe to make badges for China, we wanted something completely new.
Joe Grand: I have a slide showing the evolution of our icons. On the right side of the bottom row, you see the China 1.0 Badge for the first China conference, which is a flexible printed circuit board.
This badge depicted our community in the form of a tree, the branches of which symbolize different tasks, as the LEDs flash as they are completed. This uses a simple Raspberry Pi development environment that you would easily code for. But it was a thing that our community created, and for China, it embodied a new hacker culture. We had to explain to them what the electronic badge is for and what it does, it was amazing, and the way the Chinese took this thing inspired me to design a new badge for the second conference.
Leader: I think it was quite difficult to make.
Joe Grand: yes, only 2 or 3 manufacturers agreed to mess with such a fragile part. It's a flexible little circuit board, the printer rides back and forth on it and can easily break it, so these badges were quite expensive to make. You can see that the PCB has been painted white, a coat of paint has added some thickness to it and given the badge a bit of strength.
Of course, this was not some kind of technical breakthrough, but from the very beginning we did not want to make ordinary badges. There is a story associated with each of them, which can be found in the Community Media Library. Little by little, we tried to introduce new technologies, new components and new manufacturing methods. At DefCon 18, after which I retired from badge making, an aluminum badge with laser engraving on the front was introduced. I remember our conversation in the hotel room when we had to submit a sample badge to the community council for approval. I said it was a risky idea, and you said, βSo what? Let's try it and see what happens."
Leader: there have also been setbacks when, for example, our e-badges were damaged during international shipping. But let's get back to the badges for China - are they equipped with LEDs?
Joe Grand: yes, on the reverse side of the printed circuit board, and when they lit up, thanks to a special substrate, the light was scattered through the board, and this was perceived not as an LED glow, but as some kind of ornament on the branches of a tree.
Leader: The main feature of the badge for China was the possibility of its physical connection to the visualization station and the display of branches-routes in 3-D space. You could see in symbolic form how the community solves problems, how the solution process is displayed as a tree branch, and how success is accompanied by a flash of light.
Translator's Note: Video testing programmable badge China 1.0 Badge can be viewed at the link .
We can consider that our badges are a tool of social engineering. We use the icon to create an opportunity for you to meet other people, interact with each other. It immerses you in a kind of role-playing game, and we spent quite a lot of time to figure out how to implement this idea in a real device.
So, back to today's conference, which is one of the largest in the history of DefCon. We have occupied as many as 4 hotels, and probably will not be able to give equal attention to all participants, but if you have any problems, please contact us, we will help you solve them. If your badge is having problems, we have a workshop here with the necessary toolset. And now I give the floor to Kingpin, who will tell you about this year's badges.
Joe Grand: never thought I'd have to come back here to talk about badges. I stopped making badges because I felt like I had played my part. From year to year, I seemed to compete with myself, doing the same thing, just using new techniques and technologies. So I decided to give my place to someone else, let DefCon grow without me and let the new person get the opportunity to come up with badges for our community. But I always said that if DT called me, I would come back and make badges again.
It's great to see how DefCon has changed, it's nice to see a lot of new, different people able to cover a lot of different areas of the community. Actually, I made my badges in anticipation of the day when I can finally talk about them and reveal all my secrets. You know, for the last half a year I have been thinking only about this, and my wife and my children are no longer able to talk to me about this topic.
The main purpose of creating these badges was not to please techies and people who understand a lot about electronic devices. I wanted this icon to reach as many people as possible and you don't have to be a hardware hacker to use it. I wanted him to be a kind of guide to take you through DefCon. Therefore, the main goals when creating badges were: to come up with a game that would encompass the entire DefCon experience, use technology that would unite our entire community, and make a thing that would satisfy all DefCon participants.
This game, or DefCon quest, has pretty simple rules, as shown on this slide, that everyone who hacked their badge yesterday starts crying when they see it.
I didn't embed any puzzles into the icon. The puzzle is a badge quest. There are a lot of puzzle icons out there, and I didn't even try to make something like that. I decided to create a single common task, the search for a solution of which would unite many people, and the icon would serve as an indicator of the completion of this quest.
After you turn on your icon, it starts flashing slowly. This is what I call the attraction mode, the state of readiness for solving problems. There are many different icon indication states that you need to go through in order to reach the final goal. I know people who have already tried to reverse engineer the badge, but it's useless as there are several quests you'll need to complete during the conference, that's how the badges are going to instill some kind of DefCon experience in you. The purpose of the badge is not so that you can bypass these tasks by trying to crack the badge and automatically achieve victory, but to instill in you the experience of solving them together. As you progress through this quest, you meet new people, learn new things, and it's fun.
The next slide shows what the "stuffing" of the icon looks like. At the top left is the antenna, at the bottom is the NFMI chip, which provides communication based on near-field magnetic induction, as opposed to traditional RF. We will talk about this in more detail later. Today I noticed that many of those present seem to be βkissingβ with their badges. Badges are indeed similar to magnets, since the magnet has a magnetic field, and our badge generates it. But you don't need to connect them together, just a foot or a little more distance is enough for the badges to communicate freely.
However, the badges don't leave RF signatures, so there's nothing a hacker who specializes in hacking badges based on SDR radio can do with them, unless he equips himself with some kind of magnetic sensor and gets between me and Jeff. This is a very short range, allowing you to make "undercover communications" outside of DefCon, such as sitting in class exchanging cheat sheets with a friend. This thing helps to tie all of you together, exchanging information, but without giving you the ability to extract any data, which will be very frustrating for many hackers.
The icon also contains a microcontroller, an LED driver, and a piezoelectric speaker. I tried to keep the hardware design simple, which turned out to be not easy at all, although it looks pretty simple on the outside. I want to draw your attention to the possibility of wearing this badge. It's easy to say "let's try it and see what happens", but when you create something new, you have to imagine how it will work and come up with a use case. We came up with a new method of fastening. Normally you just take a badge and clip it to a string, but our badge mounts allow you to move it around the ribbon to attach a carabiner to it, wear it on your wrist strap like a watch, or even on a hairband or headband. In addition, it can be used as a piece of jewelry - a brooch or an amulet, hanging around the neck. So we decided to come up with something new and see what people would do with it. This badge is as much a piece of jewelry as it is a badge.
The next slide shows a block diagram of the device. I don't want to go into details, just show you the basic working elements.
The badge's circuit board contains an NXP ARM Cortex-M0 processor. This is a general-purpose microcontroller, but powerful enough and capable of providing the functions we need.
By the way, you can see earlier versions of this scheme and the details of the icon development on the DefCon media server or on my website.
The badge has an LED driver and an NFMI radio, which is an NXP chip. A couple of years ago, I had to add another battery holder to my badge at the last minute, because I misunderstood the instructions, a year ago I used CR123a batteries in badges, and in this badge, to save space, I decided to use a miniature βpillβ holder with voltage 3 B. The next slide shows the hardware details of the system.
It manages the LED driver, radio communication, handles quests and represents the elements that are present in every electronic device. There is an NXP chip on the KL27 platform, an ARM-CORTEX MO+ processor, and such a cool thing as NFMI. This is a short-range magnetic induction system that has been used for a long time, but in reality it can only be found in high-tech electronic products. There are probably a million companies that don't even know this technology exists. If you are a simple hacker or an engineer of a small company, then you will have to work on using it. We came up with the idea of ββusing this technology through my previous work with the guys at Freescale, I still have contacts of one of these guys who still works for NXP. I called him and explained that I wanted to make an unusual badge for DefCon. He advised me to contact the NFMI specialists, a small group within NXP who could help me.
I sent them an email telling them about DefCon and how cool it is to distribute new technologies to our community, and they agreed to cooperate. These few guys from the Belgian company NFMI really helped me. In NFMI technology, a lot depends on the location of the receiver and transmitter antennas, as shown in the slide on the right. If the antennas of the receiver and transmitter are perpendicular, the signal cannot be received. This technology provides directional transmission of data or audio at high speed over a distance of up to 1 m and is used, for example, instead of Bluetooth in a headset. It is based on the production of a magnetic field, that is, in fact, we have an air-core transformer. This does not create a common radio field between devices, where your signal can interfere with the other person's device, as when using Bluetooth.
This connection is similar to air HiFi. The bandwidth of the communication channel is 596 kbps at a carrier frequency of 10,58 MHz. This connection is faster than the one provided by your modem.
I was impressed with the use of NFMI for microphones and headphones in a headset for firefighters and other emergency services, which is much more efficient than Bluetooth communication and does not interfere with other radio devices. The cool thing is that this chip is able to really help the communication of the DefCon community by taking it to a new technological level.
An NFMI radio actually consists of the NFMI itself and an ARM chip, so we have 2 microcontrollers on board - one for the radio code and one for the game code. NXP specifically dedicated an engineer to write the code for this radio chip that makes the broadcast function work, because it would take me a very long time to write such code.
Interestingly, there are many companies with amazing technologies, but their technical documentation is not subject to disclosure. But NXP was so interested in working with DefCon that we came up with a solution - not to release any documentation, so our badge radio is a "black box", we just use it to send data. There is a certain custom code that is loaded into the radio chip when the badge is connected to the network and serves for preliminary configuration. You can see that the LED glowing sequentially goes through stages 3-2-1 - this is code loaded from KL27, several packets passed through KL27, which it processes after reading.
The next slide provides information about the composition of a packet of 8 bytes, which will be of interest to those who like to hack everything.
I'm deliberately not posting packets of the different states of the icon's operation, I'll probably post it next Sunday, so for now I'm showing the packet that is sent and received by each icon in range on the broadcast link. There is a unique icon identifier here - a number consisting of 9 or 10 digits, I donβt remember exactly, the type of icon, the magic token flag, game flags and an unused byte. Therefore, if you hack this firmware, you will not be able to transfer your badge data, but you will be able to transfer other data. If you have the right sensor, then you can probably do something else with it, like partner with this whole package and create your own content, because the code is managed by us. You can send any data you want to the radiochip, and it will be transmitted through broadcasting.
Another important part of the badge filling is the LED driver with automatic power saving mode. All LEDs are individually addressable and independently change their brightness. Most of these devices work on a point-to-point basis or network cells, but we use a non-random time generator where each icon transmits and each icon receives data, and then goes to sleep. In this case, a situation of transmission βone to allβ or βall to oneβ may arise. We don't even know how many badges can communicate at the same time, but it's more than 10 anyway.
In fact, we get a group chat in which data is exchanged. If your badge's LEDs start blinking, it means it's talking to someone. If you are in the right place and at the right time, then the badge detection time will be about 5 ms, otherwise it can reach 5-10 seconds depending on the number of badges βcommunicatingβ at the same time - the more there are, the more time it may take to reaching the final of the game stage. In any case, a joint group chat is required to complete the quests.
This LED driver supports different types of icons: for speakers, for presenters, for the rest of the audience, while the gem on the icon glows in the same color as the LEDs. Light indication allows the presenter to identify those present at the conference by the color of their badges, but this was not easy to do.
28:00
Some ads π
Thank you for staying with us. Do you like our articles? Want to see more interesting content? Support us by placing an order or recommending to friends, , a unique analogue of entry-level servers, which was invented by us for you: (available with RAID1 and RAID10, up to 24 cores and up to 40GB DDR4).
Dell R730xd 2 times cheaper in Equinix Tier IV data center in Amsterdam? Only here in the Netherlands! Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - from $99! Read about
Source: habr.com