Defcon 20 Badge Mystery Challenge

Yesterday I missed the first talk I wanted to go see at Defcon 20 because it was too full, but instead I went and hung out by the Hardware Hacking Villiage (HHV) before it opened. Eventually, 1 hour late, it opened and people rushed into a pretty much empty room with tables and chairs. I didn’t notice that there was a pile of hardware on the table in the corner and everyone was grabbing up soldering irons and wire. I sat down anyway and met some really cool people, got some info about the badge, and even was able to borrow a USB cable and check out the info that my badge had collected.

The badge has an IR LED, and an IR receiver, so it can communicate with other badges at the conference. As your badge sees each other type (goon, press, vendor, etc.) it sets a flag in the EEPROM and then when you hook up to the PC it gives you a rating and shows you the type of people you have interacted with. The first time I plugged mine in it said I had seen  a human and a vendor, so 2 out of 8 possible. Not good… As I played around with the software on the DVD provided (thanks to the girl next to me) I had to laugh as she though it would be a good idea to program the included files into the EEPROM to see what happened. Well, her badge stopped working, that is what happened. I didn’t really know how to help fix it, so I just sat quietly and worked on my own thing.

I was able to write a couple simple programs and write them to the ram on the badge and control the blinking of the LED and other simple stuff like that. This dude named Dan on the parallax forums was able to write some code to allow reading and writing the EEPROM. Once I got that I dumped my badge and saved the file off for safe keeping, and then started messing with it. While I was sitting on the floor playing with it another guy came up to ask me if I could check the status on his badge. I told him yes, but only if I could dump his badge as well. He gave me a strange look, but eventually said yes. Interestingly enough the only difference in the binary dump was at 0x00007F00 which appeared to directly map to the flags which displayed which badges have been seen. By simply flipping those bits, I was able to make my badge look as though it had seen all of the other badge types.

I had already skimmed through the dump so the status line wasn’t super interesting. It was cool to have a badge that said I had seen everyone though. I assume Lost must have thought of this, and there is probably something else that needs to be done that proves you really did see them all. What I need is a dump from a non-human badge. The code that is displayed just happened to be part of several clue urls that give a little bit more data to help you figure the whole thing out.

http://defcon.org/1057/10571089/

http://defcon.org/1057/LosTisFound/

I don’t really know what to make of these, but the lanyard one is pretty clear. I need to find all the lanyard types and somehow together they will help me solve the next stage. There were a couple people that I talked to yesterday that knew what the code on the lanyard was called, but I can’t remember what they said it was. Maybe I’ll find some people today that are looking at it and see if I can get some more information.