Defcon 21 Badge

We started looking at the Defcon 21 badge today and noticed the sequence of numbers on the back of each badge is different.

I got the 7 (defcon) badge, and a friend got the King (Disk). We assume there are four suits.

The numbers:

  • 7 (Defcon) 05020707212205071818011614011518190801
  • King (Disk) 050207072122571818010305021514152512220601070522202107

Since all the numbers were below 26, we assumed it was some sort of ROT.  This is similar to the data that was on the ring of the main entrance at Defcon 20.

Writing a quick tool we got the following output

7 (Defcon)

Rot 8: NKPPDENPAAJYWJXABQJ
Rot 9: OLQQEFOQBBKZXKYBCRK
Rot 10: PMRRFGPRCCLAYLZCDSL
Rot 11: QNSSGHQSDDMBZMADETM
    Rot 12: ROTTHIRTEENCANBEFUN
Rot 13: SPUUIJSUFFODBOCFGVO
Rot 14: TQVVJKTVGGPECPDGHWP
Rot 15: URWWKLUWHHQFDQEHIXQ
Rot 16: VSXXLMVXIIRGERFIJYR

King (Disk)

Rot 8: NKPPDENAAJLNKXWXHUEOJPNECDP
Rot 9: OLQQEFOBBKMOLYXYIVFPKQOFDEQ
Rot 10: PMRRFGPCCLNPMZYZJWGQLRPGEFR
Rot 11: QNSSGHQDDMOQNAZAKXHRMSQHFGS
    Rot 12: ROTTHIREENPROBABLYISNTRIGHT
Rot 13: SPUUIJSFFOQSPCBCMZJTOUSJHIU
Rot 14: TQVVJKTGGPRTQDCDNAKUPVTKIJV
Rot 15: URWWKLUHHQSUREDEOBLVQWULJKW
Rot 16: VSXXLMVIIRTVSFEFPCMWRXVMKLX

I’m not sure what to make of it yet. Need to gather the data from a couple other badges first.

::UPDATE::

After posting this I stumbled on some data someone else posted. https://github.com/john-defcon/badge/blob/master/result.txt I’m not sure if it’s all the badges, but it’s a big set of them.

Putting each badge in order by 3 digit binary you get a couple phrases:

The first is the last in the real order the first is the last be exclusive or has it registered that tap at zero and done will be all the feedback you need in the real order.

  • Dial 000 Q THEFIRSTISTHELAST
  • Dial 001 A INTHEREALORDERTHE
  • Dial 010 J FIRSTISTHELASTBEE
  • Dial 011 5 XCLUSIVEORHASITRE
  • Dial 100 7 GISTEREDTHATTAPAT
  • Dial 101 K ZEROANDONEWILLBEA
  • Dial 110 2 LLTHEFEEDBACKYOUN
  • Dial 111 10 EEDINTHEREALORDER

The sky will clear up not in black and white but shade of the bits help you turn this key x.

  • Key 000 2 THESKYSWI
  • Key 001 7 LLCLEARUP
  • Key 010 K NOTINBLAC
  • Key 011 J KANDWHITE
  • Key 100 5 BUTSHADEO
  • Key 101 10 FTHEBITSH
  • Key 110 A ELPYOUTUR
  • Key 111 Q NTHISKEYX

Rot thirteen probably isn’t right but this is fun right though his mind is not for rent don’t put him down as arrogant his reserve a quiet defense riding out the days events catch the mist catch the myth catch the mystery catch the drife,

  • Disk 000 K ROTTHIRTEENPROBABLYISNTRIGHT
  • Disk 001 7 BUTTHISISFUNRIGHT
  • Disk 010 10 THOUGHHISMINDISNOTFORRENT
  • Disk 011 A DONTPUTHIMDOWNASARROGANT
  • Disk 100 5 HISRESERVEAQUIETDEFENSE
  • Disk 101 Q RIDINGOUTTHEDAYSEVENTS
  • Disk 110 J CATCHTHEMISTCATCHTHEMYTH
  • Disk 111 2 CATCHTHEMYSTERYCATCHTHEDRIFE

Rot thirteen can be fun but sometimes leads a stray try something else and you will see that finding answers may take you down paths not often repeated not all who wander are lost.

  • Skull 000 7 ROTTHIRTEENCANBEFUN
  • Skull 001 10 BUTSOMETIMESLEADSASTRAY
  • Skull 010 5 TRYSOMETHINGELSE
  • Skull 011 2 ANDYOUWILLSEE
  • Skull 100 q THATFINDINGANSWERS
  • Skull 101 J MAYTAKEYOUDOWN
  • Skull 110 K PATHSNOTOFTENREPEATED
  • Skull 111 A NOTALLWHOWANDERARELOST

I’m still not sure what the other symbols mean yet. Pi, e, LFSR, and whatever the last one is.

Advertisements

Compiling and Running code using Propeller Tool

A few people have asked me to explain how to go about building the POV code and getting it running on their badge. I decided to make a quick walk through explaining the steps.

What you need:

You’ll first need to go and download the Propeller Tool from the link above. Install it and run it, you will see a screen similar to this.

You will see that it automatically opens up a new file and names it ‘Untitled’ this is an empty .spin file where you actually write your code. There are several simple tutorials online that show you how to do the ‘hello world’ style first program, and other things to get you going. Many can be found here. http://www.gadgetgangster.com/tutorials/293

For now we will just load the POV app and load it onto the badge. Go grab the source code from http://pastebin.com/Ubv7qRii. The best way is to just copy and paste the raw code from the bottom of the page directly into the Propeller Tool. It should look like this.

Once you have the code in the tool feel free to save the file (File->Save). This will allow you to name it something.spin so you can load it up easily next time.

You now have to decide if you want the code to be temporarily on the badge, or permanent. Those are the only two options.

  1. RAM only: This will compile the code and load it into the device ram, once the device is reset, the ram will be cleared, and the code will be gone. If you decide to do it this way you will probably want to remove the ‘600’ from the ‘repeat 600’ line in the ‘PUB main’ function. Other wise it will only seem to work for a couple minutes and then stop.
  2. EEPROM only: This will compile the code and load it into the device EEPROM. This will allow you to reset, remove the batteries, and do just about anything without erasing the code. If you do this, you will erase the original Defcon 20 game that was on the badge. There are ways of recovering it, so don’t worry that you broke your badge.

Once you decide which one you want to do, go to Run->Compile Current->Load RAM (F10) or Run->Compile Current->Load EEPROM (F11). This will compile and load the software on your badge.

Your badge should now be running the new code. In the ‘PUB main’ section I included a couple different patterns for drawing. You can comment out the DEFCONXX line by putting a ‘ in front of it, and uncomment one of the other lines.

I’m currently working on making it more stable when drawing using an accelerometer, but I’m still waiting for it to arrive in the mail. If you modify the code, I’d love to see what else people get it to do.

Hope this helps.

Defcon 20 Mystery Challenge and Badge Pinout

Defcon 20 Mystery Challenge

Yesterday Lost posted a very detailed wiki page outlining the solution to the Defcon 20 Badge challenge. I read through it and the only thing I can say is bravo to the team that solved it. There are a lot of parts, and each one requires thinking outside the box more than the last.

http://1o57.wikispaces.com/DC20+Badge+Contest

I think next year I’m going to try to find a team to work with and focus some time on the badge challenge. I love thinking outside the box and trying to find solution to strange problems. The challenge is very interesting to me

Defcon 20 Badge Pinout

Ken Gracey over at the Parallax forums posted a schematic of the badge which labels all the pins along the top. This is much better than my hacked together version of just the left side pins from a couple days ago. I’m just happy the pins that I labeled match the actual values on the schematic. I guess I’m not totally stupid. 🙂

http://forums.parallax.com/showthread.php?141494-Article-Parallax-Propeller-on-DEF-CON-20-Badge-Start-Here!&p=1115400&viewfull=1#post1115400

Accelerometer

Yesterday my ADXL335 arrived from Amazon.com and I got it all wired up how I thought it should work. It turns out I have no idea what I’m doing, and didn’t get a single useful signal from the device. I was hoping it would be easy to interface with, but it looks like the MMA7455 will be much better. I did get some pretty cool pictures of the device though.

Adding an accelerometer

I ordered two accelerometers today to try to improve the timing of the POV. Amazon had pretty decent prices so I ordered from them.

SainSmart ADXL335 Triple Axis Accelerometer Breakout Module
http://www.amazon.com/gp/product/B006J4G4FQ/ref=oh_details_o01_s00_i00

MMA7455 Accelerometer Sensor Module for SPI IIC
http://www.amazon.com/gp/product/B008BR9IIY/ref=oh_details_o00_s00_i00

I’ve never used one of these before so I didn’t know what to order. I ordered the ADXL335 first, but then after talking to a friend who knows much more than I do, he suggested the MMA7455. So I’ll end up getting both and figuring out which one is easiest to interface with. I believe the propeller can handle both without too much effort based on the examples I’ve been able to find online.

I need to figure out how to hook it up to the badge since I don’t have a real schematic, (the one on the DVD doesn’t show which IO pin is which. I hooked up a simple LED and just ran through some of the pins to see which ones I could label. I came up with this little mapping. Looks like I have 11 pins to work with, and I’ll probably only need 3 or 4.

The first accelerometer is scheduled to arrive tomorrow so I who knows maybe I’ll have it reading data by the end of the day tomorrow.

Defcon 20 Badge Mystery Challenge

Yesterday I missed the first talk I wanted to go see at Defcon 20 because it was too full, but instead I went and hung out by the Hardware Hacking Villiage (HHV) before it opened. Eventually, 1 hour late, it opened and people rushed into a pretty much empty room with tables and chairs. I didn’t notice that there was a pile of hardware on the table in the corner and everyone was grabbing up soldering irons and wire. I sat down anyway and met some really cool people, got some info about the badge, and even was able to borrow a USB cable and check out the info that my badge had collected.

The badge has an IR LED, and an IR receiver, so it can communicate with other badges at the conference. As your badge sees each other type (goon, press, vendor, etc.) it sets a flag in the EEPROM and then when you hook up to the PC it gives you a rating and shows you the type of people you have interacted with. The first time I plugged mine in it said I had seen  a human and a vendor, so 2 out of 8 possible. Not good… As I played around with the software on the DVD provided (thanks to the girl next to me) I had to laugh as she though it would be a good idea to program the included files into the EEPROM to see what happened. Well, her badge stopped working, that is what happened. I didn’t really know how to help fix it, so I just sat quietly and worked on my own thing.

I was able to write a couple simple programs and write them to the ram on the badge and control the blinking of the LED and other simple stuff like that. This dude named Dan on the parallax forums was able to write some code to allow reading and writing the EEPROM. Once I got that I dumped my badge and saved the file off for safe keeping, and then started messing with it. While I was sitting on the floor playing with it another guy came up to ask me if I could check the status on his badge. I told him yes, but only if I could dump his badge as well. He gave me a strange look, but eventually said yes. Interestingly enough the only difference in the binary dump was at 0x00007F00 which appeared to directly map to the flags which displayed which badges have been seen. By simply flipping those bits, I was able to make my badge look as though it had seen all of the other badge types.

I had already skimmed through the dump so the status line wasn’t super interesting. It was cool to have a badge that said I had seen everyone though. I assume Lost must have thought of this, and there is probably something else that needs to be done that proves you really did see them all. What I need is a dump from a non-human badge. The code that is displayed just happened to be part of several clue urls that give a little bit more data to help you figure the whole thing out.

http://defcon.org/1057/10571089/

http://defcon.org/1057/LosTisFound/

I don’t really know what to make of these, but the lanyard one is pretty clear. I need to find all the lanyard types and somehow together they will help me solve the next stage. There were a couple people that I talked to yesterday that knew what the code on the lanyard was called, but I can’t remember what they said it was. Maybe I’ll find some people today that are looking at it and see if I can get some more information.

 

DEFCON 20

Image

Today I waited in line for over an hour and a half to get into Defcon 20… Totally worth it! This is my first time at Defcon, and already I’m loving it. The people are great, the opportunities are endless, and the talks are very interesting and entertaining. Today was mostly welcome stuff for new people, but even that was funny. One of the talks had a completely drunk speaker who didn’t really make any sense, but you could tell he was having a good time anyway.

I think I’m way outside my skill set here, the badge itself is a hacking challenge, and sadly I don’t even know where to begin. I wanted to hook the thing up to my PC and see what type of data I could gather. I’m dumb though and don’t have any cables or anything with me so I guess I’ll have to wait until I get home to tinker with it.

Image

There are several crypto related things around the conference area that people are already starting to note down and try to figure out. Here is one that I thought looked fairly simple, but I haven’t yet started to decode it. There is  a huge sticker on the floor, and the following numbers around the outside of it.

26 2 22 13 26 14 22 2 22 9 11 26 7 19 12 13 24 22 2 12 6 9 22 14 12 5 22 14 6 9 23 22 9 12 6 8 24 18 11 19 22 9 2 12 6 19 26 5 22 21 12 6 13 23 7 19 22 11 9 12 17 22 24 7

Tomorrow the real conference starts and I’m looking forward to spending some time learning about lock picking and finding some interesting people to chat with. So many people everywhere  I’m sure I’ll learn a bunch of new things.

I think the best part of the day was when during one of the presentations there was a woman asking a question to the speaker and he started making jokes about chloroform and his prom. She yells out “cool it with the rape jokes or the women in here are going to rise up and kill you!” at that point the crowd started yelling out “NEXT” until she stopped talking. 🙂