Compiling and Running code using Propeller Tool

Posted by yakhack on August 6, 2012

A few people have asked me to explain how to go about building the POV code and getting it running on their badge. I decided to make a quick walk through explaining the steps.

What you need:

Propeller/Spin tool (http://www.parallax.com/tabid/832/Default.aspx)
USB Mini-B cable (http://www.newegg.com/Product/Product.aspx?Item=N82E16812196249&nm_mc=KNC-GoogleAdwords&cm_mmc=KNC-GoogleAdwords-_-pla-_-NA-_-NA)

You’ll first need to go and download the Propeller Tool from the link above. Install it and run it, you will see a screen similar to this.

You will see that it automatically opens up a new file and names it ‘Untitled’ this is an empty .spin file where you actually write your code. There are several simple tutorials online that show you how to do the ‘hello world’ style first program, and other things to get you going. Many can be found here. http://www.gadgetgangster.com/tutorials/293

For now we will just load the POV app and load it onto the badge. Go grab the source code from http://pastebin.com/Ubv7qRii. The best way is to just copy and paste the raw code from the bottom of the page directly into the Propeller Tool. It should look like this.

Once you have the code in the tool feel free to save the file (File->Save). This will allow you to name it something.spin so you can load it up easily next time.

You now have to decide if you want the code to be temporarily on the badge, or permanent. Those are the only two options.

RAM only: This will compile the code and load it into the device ram, once the device is reset, the ram will be cleared, and the code will be gone. If you decide to do it this way you will probably want to remove the ’600′ from the ‘repeat 600′ line in the ‘PUB main’ function. Other wise it will only seem to work for a couple minutes and then stop.
EEPROM only: This will compile the code and load it into the device EEPROM. This will allow you to reset, remove the batteries, and do just about anything without erasing the code. If you do this, you will erase the original Defcon 20 game that was on the badge. There are ways of recovering it, so don’t worry that you broke your badge.

Once you decide which one you want to do, go to Run->Compile Current->Load RAM (F10) or Run->Compile Current->Load EEPROM (F11). This will compile and load the software on your badge.

Your badge should now be running the new code. In the ‘PUB main’ section I included a couple different patterns for drawing. You can comment out the DEFCONXX line by putting a ‘ in front of it, and uncomment one of the other lines.

I’m currently working on making it more stable when drawing using an accelerometer, but I’m still waiting for it to arrive in the mail. If you modify the code, I’d love to see what else people get it to do.

Hope this helps.

Defcon 20 Mystery Challenge and Badge Pinout

Posted by yakhack on August 3, 2012

Defcon 20 Mystery Challenge

Yesterday Lost posted a very detailed wiki page outlining the solution to the Defcon 20 Badge challenge. I read through it and the only thing I can say is bravo to the team that solved it. There are a lot of parts, and each one requires thinking outside the box more than the last.

http://1o57.wikispaces.com/DC20+Badge+Contest

I think next year I’m going to try to find a team to work with and focus some time on the badge challenge. I love thinking outside the box and trying to find solution to strange problems. The challenge is very interesting to me

Defcon 20 Badge Pinout

Ken Gracey over at the Parallax forums posted a schematic of the badge which labels all the pins along the top. This is much better than my hacked together version of just the left side pins from a couple days ago. I’m just happy the pins that I labeled match the actual values on the schematic. I guess I’m not totally stupid.

http://forums.parallax.com/showthread.php?141494-Article-Parallax-Propeller-on-DEF-CON-20-Badge-Start-Here!&p=1115400&viewfull=1#post1115400

Accelerometer

Yesterday my ADXL335 arrived from Amazon.com and I got it all wired up how I thought it should work. It turns out I have no idea what I’m doing, and didn’t get a single useful signal from the device. I was hoping it would be easy to interface with, but it looks like the MMA7455 will be much better. I did get some pretty cool pictures of the device though.

Defcon 20 Badge POV

Posted by yakhack on July 28, 2012

Yesterday I planned on going to several Defcon talks, and got to the convention center a little bit early to make sure I got a seat. To kill time I decided to go hang out in the Hardware Hacking Village and tinker around with the propeller tool for the badge. I didn’t really know what I wanted to do with it, but thought there must be something cool I can do with this thing.

The night before I had my badge infected by a goon and it began flashing a pattern on the LEDs. I began waving my badge in the air thinking that it must be some sort of POV (Persistence of Vision) or something. Turns out it appears to be completely random, so nothing was ever spelled out.

I decided to try to make the badge spell something out when I waved it in the air. I have never used the spin language before so it took me quite a while to get something that would even compile and run on the badge. It also took me a while to figure out what the IDs of the LEDs that I was trying to manipulate were… 16-23 duh! Anyway after defining a bitmap for a couple letters, I was able to flash the individual lines of the letters in sequence and produce a pretty clear ‘D’ in the air. I spent a little bit more time defining the rest of the letters in DEFCON and by noon had the badge writing ‘DEFCON’ in block letters as I waved it around.

People began to flock toward me and ask me about what I had done. I showed them the dirty code I threw together to get it to work, and was pretty embarrassed by the way I was individually writing each letter one line at a time. I ended up taking someones suggestion and changing it to say ‘DEFCON XX’ and then people just started asking me to flash it on their badges! I won’t lie, I felt like a celebrity for a couple minutes there. One guy even suggested I find the documentary crew and get them to film what I had created. I tried, but the film just didn’t capture it well.

Needless to say I didn’t leave the HHV until around 5PM and missed all the talks I had planned to attend. It was totally worth it, met some awesome people, and got to feel slightly famous for a couple hours.

X spacing was off, but it took me 54 shots to actually capture it. I fixed the bug, but I’m not going to try to capture it again.

The video doesn’t really do it justice since the framerate screws it up, but here is the video anyway.

If you want to load this on your badge, just use the propeller tool and the code below.

http://pastebin.com/Ubv7qRii

Defcon 20 Badge Mystery Challenge

Posted by yakhack on July 28, 2012

Yesterday I missed the first talk I wanted to go see at Defcon 20 because it was too full, but instead I went and hung out by the Hardware Hacking Villiage (HHV) before it opened. Eventually, 1 hour late, it opened and people rushed into a pretty much empty room with tables and chairs. I didn’t notice that there was a pile of hardware on the table in the corner and everyone was grabbing up soldering irons and wire. I sat down anyway and met some really cool people, got some info about the badge, and even was able to borrow a USB cable and check out the info that my badge had collected.

The badge has an IR LED, and an IR receiver, so it can communicate with other badges at the conference. As your badge sees each other type (goon, press, vendor, etc.) it sets a flag in the EEPROM and then when you hook up to the PC it gives you a rating and shows you the type of people you have interacted with. The first time I plugged mine in it said I had seen a human and a vendor, so 2 out of 8 possible. Not good… As I played around with the software on the DVD provided (thanks to the girl next to me) I had to laugh as she though it would be a good idea to program the included files into the EEPROM to see what happened. Well, her badge stopped working, that is what happened. I didn’t really know how to help fix it, so I just sat quietly and worked on my own thing.

I was able to write a couple simple programs and write them to the ram on the badge and control the blinking of the LED and other simple stuff like that. This dude named Dan on the parallax forums was able to write some code to allow reading and writing the EEPROM. Once I got that I dumped my badge and saved the file off for safe keeping, and then started messing with it. While I was sitting on the floor playing with it another guy came up to ask me if I could check the status on his badge. I told him yes, but only if I could dump his badge as well. He gave me a strange look, but eventually said yes. Interestingly enough the only difference in the binary dump was at 0x00007F00 which appeared to directly map to the flags which displayed which badges have been seen. By simply flipping those bits, I was able to make my badge look as though it had seen all of the other badge types.

I had already skimmed through the dump so the status line wasn’t super interesting. It was cool to have a badge that said I had seen everyone though. I assume Lost must have thought of this, and there is probably something else that needs to be done that proves you really did see them all. What I need is a dump from a non-human badge. The code that is displayed just happened to be part of several clue urls that give a little bit more data to help you figure the whole thing out.

http://defcon.org/1057/10571089/

http://defcon.org/1057/LosTisFound/

I don’t really know what to make of these, but the lanyard one is pretty clear. I need to find all the lanyard types and somehow together they will help me solve the next stage. There were a couple people that I talked to yesterday that knew what the code on the lanyard was called, but I can’t remember what they said it was. Maybe I’ll find some people today that are looking at it and see if I can get some more information.

Floor puzzle… Murderous Cipher?

Posted by yakhack on July 26, 2012

I was playing around with those numbers I found on the floor at defcon 20, and decided to make a simple tool that would roll through the numbers and assign a letter of the alphabet to each one. I figured this was a good place to start since the highest number was 26. I originally started with A=1…Z=26, but that didn’t yield anything interesting so I shifted over by one and tried again. When none of those showed anything that looked like special I tried shifting the other way and there it was.

A=26…Z=1
ayenameyerpathonceyouremovemurderouscipheryouhavefoundtheproject
aye name yer path once you remove murderous cipher you have found the project

I have no idea what it means yet, sounds like something a pirate would say.

0       zbvmznvbvikzgslmxvblfivnlevnfiwvilfhxrksviblfszevulfmwgsvkilqvxg
1       acwnaowcwjlahtmnywcmgjwomfwogjxwjmgiysltwjcmgtafwvmgnxhtwljmrwyh
2       bdxobpxdxkmbiunozxdnhkxpngxphkyxknhjztmuxkdnhubgxwnhoyiuxmknsxzi
3       ceypcqyeylncjvopayeoilyqohyqilzyloikaunvyleoivchyxoipzjvynlotyaj
4       dfzqdrzfzmodkwpqbzfpjmzrpizrjmazmpjlbvowzmfpjwdizypjqakwzompuzbk
5       egaresaganpelxqrcagqknasqjasknbanqkmcwpxangqkxejazqkrblxapnqvacl
6       fhbsftbhboqfmyrsdbhrlobtrkbtlocborlndxqybohrlyfkbarlscmybqorwbdm
7       gictgucicprgnzstecismpcuslcumpdcpsmoeyrzcpismzglcbsmtdnzcrpsxcen
8       hjduhvdjdqshoatufdjtnqdvtmdvnqedqtnpfzsadqjtnahmdctnueoadsqtydfo
9       ikeviwekertipbuvgekuorewuneworferuoqgatberkuobineduovfpbetruzegp
10      jlfwjxflfsujqcvwhflvpsfxvofxpsgfsvprhbucfslvpcjofevpwgqcfusvafhq
11      kmgxkygmgtvkrdwxigmwqtgywpgyqthgtwqsicvdgtmwqdkpgfwqxhrdgvtwbgir
12      lnhylzhnhuwlsexyjhnxruhzxqhzruihuxrtjdwehunxrelqhgxryisehwuxchjs
13      moizmaioivxmtfyzkioysviayriasvjivysukexfivoysfmrihyszjtfixvydikt
14      npjanbjpjwynugzaljpztwjbzsjbtwkjwztvlfygjwpztgnsjiztakugjywzejlu
15      oqkbockqkxzovhabmkqauxkcatkcuxlkxauwmgzhkxqauhotkjaublvhkzxafkmv
16      prlcpdlrlyapwibcnlrbvyldbuldvymlybvxnhailyrbvipulkbvcmwilaybglnw
17      qsmdqemsmzbqxjcdomscwzmecvmewznmzcwyoibjmzscwjqvmlcwdnxjmbzchmox
18      rtnerfntnacrykdepntdxanfdwnfxaonadxzpjcknatdxkrwnmdxeoykncadinpy
19      suofsgouobdszlefqoueybogexogybpobeyaqkdlobueylsxoneyfpzlodbejoqz
20      tvpgthpvpcetamfgrpvfzcphfyphzcqpcfzbrlempcvfzmtypofzgqampecfkpra
21      uwqhuiqwqdfubnghsqwgadqigzqiadrqdgacsmfnqdwganuzqpgahrbnqfdglqsb
22      vxrivjrxregvcohitrxhberjharjbesrehbdtngorexhbovarqhbiscorgehmrtc
23      wysjwksysfhwdpijusyicfskibskcftsficeuohpsfyicpwbsricjtdpshfinsud
24      xztkxltztgixeqjkvtzjdgtljctldgutgjdfvpiqtgzjdqxctsjdkueqtigjotve
25      yaulymuauhjyfrklwuakehumkdumehvuhkegwqjruhakerydutkelvfrujhkpuwf
-0      ayenameyerpathonceyouremovemurderouscipheryouhavefoundtheproject
-1      zxdmzldxdqozsgnmbdxntqdlnudltqcdqntrbhogdqxntgzudentmcsgdoqnidbs
-2      ywclykcwcpnyrfmlacwmspckmtckspbcpmsqagnfcpwmsfytcdmslbrfcnpmhcar
-3      xvbkxjbvbomxqelkzbvlrobjlsbjroabolrpzfmebovlrexsbclrkaqebmolgbzq
-4      wuajwiauanlwpdkjyaukqnaikraiqnzankqoyeldanukqdwrabkqjzpdalnkfayp
-5      vtzivhztzmkvocjixztjpmzhjqzhpmyzmjpnxdkczmtjpcvqzajpiyoczkmjezxo
-6      usyhugysyljunbihwysiolygipygolxyliomwcjbylsiobupyziohxnbyjlidywn
-7      trxgtfxrxkitmahgvxrhnkxfhoxfnkwxkhnlvbiaxkrhnatoxyhngwmaxikhcxvm
-8      sqwfsewqwjhslzgfuwqgmjwegnwemjvwjgmkuahzwjqgmzsnwxgmfvlzwhjgbwul
-9      rpverdvpvigrkyfetvpflivdfmvdliuvifljtzgyvipflyrmvwfleukyvgifavtk
-10     qoudqcuouhfqjxedsuoekhuceluckhtuhekisyfxuhoekxqluvekdtjxufhezusj
-11     pntcpbtntgepiwdcrtndjgtbdktbjgstgdjhrxewtgndjwpktudjcsiwtegdytri
-12     omsboasmsfdohvcbqsmcifsacjsaifrsfcigqwdvsfmcivojstcibrhvsdfcxsqh
-13     nlranzrlrecngubaprlbherzbirzheqrebhfpvcurelbhunirsbhaqgurcebwrpg
-14     mkqzmyqkqdbmftazoqkagdqyahqygdpqdageoubtqdkagtmhqragzpftqbdavqof
-15     ljpylxpjpcaleszynpjzfcpxzgpxfcopczfdntaspcjzfslgpqzfyoespaczupne
-16     kioxkwoiobzkdryxmoiyebowyfowebnobyecmszrobiyerkfopyexndrozbytomd
-17     jhnwjvnhnayjcqxwlnhxdanvxenvdamnaxdblryqnahxdqjenoxdwmcqnyaxsnlc
-18     igmviumgmzxibpwvkmgwczmuwdmuczlmzwcakqxpmzgwcpidmnwcvlbpmxzwrmkb
-19     hfluhtlflywhaovujlfvbyltvcltbyklyvbzjpwolyfvbohclmvbukaolwyvqlja
-20     gektgskekxvgznutikeuaxksubksaxjkxuayiovnkxeuangbkluatjznkvxupkiz
-21     fdjsfrjdjwufymtshjdtzwjrtajrzwijwtzxhnumjwdtzmfajktzsiymjuwtojhy
-22     ecireqicivtexlsrgicsyviqsziqyvhivsywgmtlivcsylezijsyrhxlitvsnigx
-23     dbhqdphbhusdwkrqfhbrxuhpryhpxughurxvflskhubrxkdyhirxqgwkhsurmhfw
-24     cagpcogagtrcvjqpegaqwtgoqxgowtfgtqwuekrjgtaqwjcxghqwpfvjgrtqlgev
-25     bzfobnfzfsqbuipodfzpvsfnpwfnvsefspvtdjqifszpvibwfgpvoeuifqspkfdu

DEFCON 20

Posted by yakhack on July 26, 2012

Today I waited in line for over an hour and a half to get into Defcon 20… Totally worth it! This is my first time at Defcon, and already I’m loving it. The people are great, the opportunities are endless, and the talks are very interesting and entertaining. Today was mostly welcome stuff for new people, but even that was funny. One of the talks had a completely drunk speaker who didn’t really make any sense, but you could tell he was having a good time anyway.

I think I’m way outside my skill set here, the badge itself is a hacking challenge, and sadly I don’t even know where to begin. I wanted to hook the thing up to my PC and see what type of data I could gather. I’m dumb though and don’t have any cables or anything with me so I guess I’ll have to wait until I get home to tinker with it.

There are several crypto related things around the conference area that people are already starting to note down and try to figure out. Here is one that I thought looked fairly simple, but I haven’t yet started to decode it. There is a huge sticker on the floor, and the following numbers around the outside of it.

26 2 22 13 26 14 22 2 22 9 11 26 7 19 12 13 24 22 2 12 6 9 22 14 12 5 22 14 6 9 23 22 9 12 6 8 24 18 11 19 22 9 2 12 6 19 26 5 22 21 12 6 13 23 7 19 22 11 9 12 17 22 24 7

Tomorrow the real conference starts and I’m looking forward to spending some time learning about lock picking and finding some interesting people to chat with. So many people everywhere I’m sure I’ll learn a bunch of new things.

I think the best part of the day was when during one of the presentations there was a woman asking a question to the speaker and he started making jokes about chloroform and his prom. She yells out “cool it with the rape jokes or the women in here are going to rise up and kill you!” at that point the crowd started yelling out “NEXT” until she stopped talking.

YakHack

Who designed this thing?

Category Archives: Defcon 20