Defcon 20 Badge POV

Yesterday I planned on going to several Defcon talks, and got to the convention center a little bit early to make sure I got a seat. To kill time I decided to go hang out in the Hardware Hacking Village and tinker around with the propeller tool for the badge. I didn’t really know what I wanted to do with it, but thought there must be something cool I can do with this thing.

The night before I had my badge infected by a goon and it began flashing a pattern on the LEDs. I began waving my badge in the air thinking that it must be some sort of POV (Persistence of Vision) or something. Turns out it appears to be completely random, so nothing was ever spelled out.

I decided to try to make the badge spell something out when I waved it in the air. I have never used the spin language before so it took me quite a while to get something that would even compile and run on the badge. It also took me a while to figure out what the IDs of the LEDs  that I was trying to manipulate were… 16-23 duh! Anyway after defining a bitmap for a couple letters, I was able to flash the individual lines of the letters in sequence and produce a pretty clear ‘D’ in the air. I spent a little bit more time defining the  rest of the letters in DEFCON and by noon had the badge writing ‘DEFCON’ in block letters as I waved it around.

People began to flock toward me and ask me about what I had done. I showed them the dirty code I threw together to get it to work, and was pretty embarrassed by the way I was individually writing each letter one line at a time. I ended up taking someones suggestion and changing it to say ‘DEFCON XX’ and then people just started asking me to flash it on their badges! I won’t lie, I felt like a celebrity for a couple minutes there. One guy even suggested I find the documentary crew and get them to film what I had created. I tried, but the film just didn’t capture it well.

Needless to say I didn’t leave the HHV until around 5PM and missed all the talks I had planned to attend. It was totally worth it, met some awesome people, and got to feel slightly famous for a couple hours.

X spacing was off, but it took me 54 shots to actually capture it. I fixed the bug, but I’m not going to try to capture it again.

The video doesn’t really do it justice since the framerate screws it up, but here is the video anyway.

If you want to load this on your badge, just use the propeller tool and the code below.

http://pastebin.com/Ubv7qRii

Defcon 20 Badge Mystery Challenge

Yesterday I missed the first talk I wanted to go see at Defcon 20 because it was too full, but instead I went and hung out by the Hardware Hacking Villiage (HHV) before it opened. Eventually, 1 hour late, it opened and people rushed into a pretty much empty room with tables and chairs. I didn’t notice that there was a pile of hardware on the table in the corner and everyone was grabbing up soldering irons and wire. I sat down anyway and met some really cool people, got some info about the badge, and even was able to borrow a USB cable and check out the info that my badge had collected.

The badge has an IR LED, and an IR receiver, so it can communicate with other badges at the conference. As your badge sees each other type (goon, press, vendor, etc.) it sets a flag in the EEPROM and then when you hook up to the PC it gives you a rating and shows you the type of people you have interacted with. The first time I plugged mine in it said I had seen  a human and a vendor, so 2 out of 8 possible. Not good… As I played around with the software on the DVD provided (thanks to the girl next to me) I had to laugh as she though it would be a good idea to program the included files into the EEPROM to see what happened. Well, her badge stopped working, that is what happened. I didn’t really know how to help fix it, so I just sat quietly and worked on my own thing.

I was able to write a couple simple programs and write them to the ram on the badge and control the blinking of the LED and other simple stuff like that. This dude named Dan on the parallax forums was able to write some code to allow reading and writing the EEPROM. Once I got that I dumped my badge and saved the file off for safe keeping, and then started messing with it. While I was sitting on the floor playing with it another guy came up to ask me if I could check the status on his badge. I told him yes, but only if I could dump his badge as well. He gave me a strange look, but eventually said yes. Interestingly enough the only difference in the binary dump was at 0x00007F00 which appeared to directly map to the flags which displayed which badges have been seen. By simply flipping those bits, I was able to make my badge look as though it had seen all of the other badge types.

I had already skimmed through the dump so the status line wasn’t super interesting. It was cool to have a badge that said I had seen everyone though. I assume Lost must have thought of this, and there is probably something else that needs to be done that proves you really did see them all. What I need is a dump from a non-human badge. The code that is displayed just happened to be part of several clue urls that give a little bit more data to help you figure the whole thing out.

http://defcon.org/1057/10571089/

http://defcon.org/1057/LosTisFound/

I don’t really know what to make of these, but the lanyard one is pretty clear. I need to find all the lanyard types and somehow together they will help me solve the next stage. There were a couple people that I talked to yesterday that knew what the code on the lanyard was called, but I can’t remember what they said it was. Maybe I’ll find some people today that are looking at it and see if I can get some more information.

 

Floor puzzle… Murderous Cipher?

I was playing around with those numbers I found on the floor at defcon 20, and decided to make a simple tool that would roll through the numbers and assign a letter of the alphabet to each one. I figured this was a good place to start since the highest number was 26. I originally started with A=1…Z=26, but that didn’t yield anything interesting so I shifted over by one and tried again. When none of those showed anything that looked like special I tried shifting the other way and there it was.

A=26…Z=1
ayenameyerpathonceyouremovemurderouscipheryouhavefoundtheproject
aye name yer path once you remove murderous cipher you have found the project

I have no idea what it means yet, sounds like something a pirate would say.

0       zbvmznvbvikzgslmxvblfivnlevnfiwvilfhxrksviblfszevulfmwgsvkilqvxg
1       acwnaowcwjlahtmnywcmgjwomfwogjxwjmgiysltwjcmgtafwvmgnxhtwljmrwyh
2       bdxobpxdxkmbiunozxdnhkxpngxphkyxknhjztmuxkdnhubgxwnhoyiuxmknsxzi
3       ceypcqyeylncjvopayeoilyqohyqilzyloikaunvyleoivchyxoipzjvynlotyaj
4       dfzqdrzfzmodkwpqbzfpjmzrpizrjmazmpjlbvowzmfpjwdizypjqakwzompuzbk
5       egaresaganpelxqrcagqknasqjasknbanqkmcwpxangqkxejazqkrblxapnqvacl
6       fhbsftbhboqfmyrsdbhrlobtrkbtlocborlndxqybohrlyfkbarlscmybqorwbdm
7       gictgucicprgnzstecismpcuslcumpdcpsmoeyrzcpismzglcbsmtdnzcrpsxcen
8       hjduhvdjdqshoatufdjtnqdvtmdvnqedqtnpfzsadqjtnahmdctnueoadsqtydfo
9       ikeviwekertipbuvgekuorewuneworferuoqgatberkuobineduovfpbetruzegp
10      jlfwjxflfsujqcvwhflvpsfxvofxpsgfsvprhbucfslvpcjofevpwgqcfusvafhq
11      kmgxkygmgtvkrdwxigmwqtgywpgyqthgtwqsicvdgtmwqdkpgfwqxhrdgvtwbgir
12      lnhylzhnhuwlsexyjhnxruhzxqhzruihuxrtjdwehunxrelqhgxryisehwuxchjs
13      moizmaioivxmtfyzkioysviayriasvjivysukexfivoysfmrihyszjtfixvydikt
14      npjanbjpjwynugzaljpztwjbzsjbtwkjwztvlfygjwpztgnsjiztakugjywzejlu
15      oqkbockqkxzovhabmkqauxkcatkcuxlkxauwmgzhkxqauhotkjaublvhkzxafkmv
16      prlcpdlrlyapwibcnlrbvyldbuldvymlybvxnhailyrbvipulkbvcmwilaybglnw
17      qsmdqemsmzbqxjcdomscwzmecvmewznmzcwyoibjmzscwjqvmlcwdnxjmbzchmox
18      rtnerfntnacrykdepntdxanfdwnfxaonadxzpjcknatdxkrwnmdxeoykncadinpy
19      suofsgouobdszlefqoueybogexogybpobeyaqkdlobueylsxoneyfpzlodbejoqz
20      tvpgthpvpcetamfgrpvfzcphfyphzcqpcfzbrlempcvfzmtypofzgqampecfkpra
21      uwqhuiqwqdfubnghsqwgadqigzqiadrqdgacsmfnqdwganuzqpgahrbnqfdglqsb
22      vxrivjrxregvcohitrxhberjharjbesrehbdtngorexhbovarqhbiscorgehmrtc
23      wysjwksysfhwdpijusyicfskibskcftsficeuohpsfyicpwbsricjtdpshfinsud
24      xztkxltztgixeqjkvtzjdgtljctldgutgjdfvpiqtgzjdqxctsjdkueqtigjotve
25      yaulymuauhjyfrklwuakehumkdumehvuhkegwqjruhakerydutkelvfrujhkpuwf
-0      ayenameyerpathonceyouremovemurderouscipheryouhavefoundtheproject
-1      zxdmzldxdqozsgnmbdxntqdlnudltqcdqntrbhogdqxntgzudentmcsgdoqnidbs
-2      ywclykcwcpnyrfmlacwmspckmtckspbcpmsqagnfcpwmsfytcdmslbrfcnpmhcar
-3      xvbkxjbvbomxqelkzbvlrobjlsbjroabolrpzfmebovlrexsbclrkaqebmolgbzq
-4      wuajwiauanlwpdkjyaukqnaikraiqnzankqoyeldanukqdwrabkqjzpdalnkfayp
-5      vtzivhztzmkvocjixztjpmzhjqzhpmyzmjpnxdkczmtjpcvqzajpiyoczkmjezxo
-6      usyhugysyljunbihwysiolygipygolxyliomwcjbylsiobupyziohxnbyjlidywn
-7      trxgtfxrxkitmahgvxrhnkxfhoxfnkwxkhnlvbiaxkrhnatoxyhngwmaxikhcxvm
-8      sqwfsewqwjhslzgfuwqgmjwegnwemjvwjgmkuahzwjqgmzsnwxgmfvlzwhjgbwul
-9      rpverdvpvigrkyfetvpflivdfmvdliuvifljtzgyvipflyrmvwfleukyvgifavtk
-10     qoudqcuouhfqjxedsuoekhuceluckhtuhekisyfxuhoekxqluvekdtjxufhezusj
-11     pntcpbtntgepiwdcrtndjgtbdktbjgstgdjhrxewtgndjwpktudjcsiwtegdytri
-12     omsboasmsfdohvcbqsmcifsacjsaifrsfcigqwdvsfmcivojstcibrhvsdfcxsqh
-13     nlranzrlrecngubaprlbherzbirzheqrebhfpvcurelbhunirsbhaqgurcebwrpg
-14     mkqzmyqkqdbmftazoqkagdqyahqygdpqdageoubtqdkagtmhqragzpftqbdavqof
-15     ljpylxpjpcaleszynpjzfcpxzgpxfcopczfdntaspcjzfslgpqzfyoespaczupne
-16     kioxkwoiobzkdryxmoiyebowyfowebnobyecmszrobiyerkfopyexndrozbytomd
-17     jhnwjvnhnayjcqxwlnhxdanvxenvdamnaxdblryqnahxdqjenoxdwmcqnyaxsnlc
-18     igmviumgmzxibpwvkmgwczmuwdmuczlmzwcakqxpmzgwcpidmnwcvlbpmxzwrmkb
-19     hfluhtlflywhaovujlfvbyltvcltbyklyvbzjpwolyfvbohclmvbukaolwyvqlja
-20     gektgskekxvgznutikeuaxksubksaxjkxuayiovnkxeuangbkluatjznkvxupkiz
-21     fdjsfrjdjwufymtshjdtzwjrtajrzwijwtzxhnumjwdtzmfajktzsiymjuwtojhy
-22     ecireqicivtexlsrgicsyviqsziqyvhivsywgmtlivcsylezijsyrhxlitvsnigx
-23     dbhqdphbhusdwkrqfhbrxuhpryhpxughurxvflskhubrxkdyhirxqgwkhsurmhfw
-24     cagpcogagtrcvjqpegaqwtgoqxgowtfgtqwuekrjgtaqwjcxghqwpfvjgrtqlgev
-25     bzfobnfzfsqbuipodfzpvsfnpwfnvsefspvtdjqifszpvibwfgpvoeuifqspkfdu

DEFCON 20

Image

Today I waited in line for over an hour and a half to get into Defcon 20… Totally worth it! This is my first time at Defcon, and already I’m loving it. The people are great, the opportunities are endless, and the talks are very interesting and entertaining. Today was mostly welcome stuff for new people, but even that was funny. One of the talks had a completely drunk speaker who didn’t really make any sense, but you could tell he was having a good time anyway.

I think I’m way outside my skill set here, the badge itself is a hacking challenge, and sadly I don’t even know where to begin. I wanted to hook the thing up to my PC and see what type of data I could gather. I’m dumb though and don’t have any cables or anything with me so I guess I’ll have to wait until I get home to tinker with it.

Image

There are several crypto related things around the conference area that people are already starting to note down and try to figure out. Here is one that I thought looked fairly simple, but I haven’t yet started to decode it. There is  a huge sticker on the floor, and the following numbers around the outside of it.

26 2 22 13 26 14 22 2 22 9 11 26 7 19 12 13 24 22 2 12 6 9 22 14 12 5 22 14 6 9 23 22 9 12 6 8 24 18 11 19 22 9 2 12 6 19 26 5 22 21 12 6 13 23 7 19 22 11 9 12 17 22 24 7

Tomorrow the real conference starts and I’m looking forward to spending some time learning about lock picking and finding some interesting people to chat with. So many people everywhere  I’m sure I’ll learn a bunch of new things.

I think the best part of the day was when during one of the presentations there was a woman asking a question to the speaker and he started making jokes about chloroform and his prom. She yells out “cool it with the rape jokes or the women in here are going to rise up and kill you!” at that point the crowd started yelling out “NEXT” until she stopped talking. 🙂