Well, here we are again! For the 3rd year in a row, I've had the honor of designing the DEFCON badge. And, for the 3rd year in a row, DT has been gracious enough to let me host a contest around hacking the badge. This is the first year that it will be an official contest announced in advance, etc., as previously we've kept the whole thing under wraps until the first day of the con.

Here's a little description of the contest...

The DEFCON Badge Hacking Contest awards the top 3 most ingenious, obscure, mischievous, obscene, or technologically astounding badge modifications created over the weekend. No longer just a boring piece of passive material, the badge is now a full-featured, active electronic product, and it exists for your hacking pleasure.

We've had some amazing hacks in previous years. For info on the past badges and badge hacking contest entries, check out:

http://www.grandideastudio.com/portfolio/defcon-15-badge/

and

http://www.grandideastudio.com/portfolio/defcon-14-badge/

I can't release much information on the particular badge design until the first day of DEFCON, for various security purposes, but I'll be posting some clues and information in this forum every once in a while to make sure you guys (and girls) are prepared for the contest and don't have to waste the weekend installing tools and messing with drivers (like people had to do in previous years).

Unlike last year, where I staged a "badge hacking table" in the corner of the vendor area (complete with a real-life engineer from Freescale providing support), this year people are more than welcome to use the Hardware Hacking Village up in the Skybox area to hack the badges. There will be some equipment there for public use and I'll be spending much of my unused time there hanging out, helping out, etc. So, even if you don't bring your own soldering iron, multimeter, or whatever, lots of tools and resources will be available to you.

As for prizes, no black badges as far as I'm aware, but we'll still have some cool swag that you can't get from any other contest. Plus, bragging rights that can earn you "cool" points all over the world (somehow).

That's it for now. More later.

-Joe Grand (Kingpin)
http://www.kingpinempire.com (will be up by DEFCON)

Some questions to help start off this for people that would want to compete:
1) Do you have suggestions of online resources for novices that will want to read before going to Defcon?
2) Do you know of locations in Las Vegas that are close to the Riviera, helpful or cheap or a desired mix of these, when parts are desired?
3) What tools should a person looking to compete bring with them to Defcon? (You provided an answer to this above:) "people are more than welcome to use the Hardware Hacking Village up in the Skybox area to hack the badges. There will be some equipment there for public use and I'll be spending much of my unused time there hanging out, helping out, etc."
4) Will expansion kits be offered again this year? If so, where?

Hey! Maybe we can put the Q in a new FAQ for you.

Some questions to help start off this for people that would want to compete:
1) Do you have suggestions of online resources for novices that will want to read before going to Defcon?
2) Do you know of locations in Las Vegas that are close to the Riviera, helpful or cheap or a desired mix of these, when parts are desired?
3) What tools should a person looking to compete bring with them to Defcon? (You provided an answer to this above:) "people are more than welcome to use the Hardware Hacking Village up in the Skybox area to hack the badges. There will be some equipment there for public use and I'll be spending much of my unused time there hanging out, helping out, etc."
4) Will expansion kits be offered again this year? If so, where?

Hey! Maybe we can put the Q in a new FAQ for you.

Answering Number 2 above, there is a Fry's Electronics store a little way past the Luxor way at the end of the strip. It's this HUGE ass warehouse looking building, go around back and you'll see the big FRY's sign in red.
anything and EVERYTHING you'd ever need is in there and is certainly worth the trip just to check it out if you've never been to a Fry's before..


Exibar

What color is the PCB solder mask for the various type of badges this year?

Also are you sticking with 0603 LEDs?

I can neither confirm nor deny the existence of soldermask colors on the PCB.

Yes, there are a few 0603 LEDs on board. I had a bunch leftover from last year so I designed them in :)

Joe


What color is the PCB solder mask for the various type of badges this year?

Also are you sticking with 0603 LEDs?

* The most important thing to take from this post is that this isn't a hardware hacking contest, it's a badge hacking contest. Modifications can come in all sorts of shapes and sizes. If you look at the previous year's entries and winners, you'll see that the more varied your hacks, the better. The further away from the obvious and the more people say "Damn, that's cool," the more likely you are to win.

* The design this year is based around a Freescale Flexis MC9S08JM60 processor. Other notable features include a SecureDigital socket and infrared transmitter and receiver.

* The DEFCON CD will contain all of the development tools, a licensed version (valid through August 20, 2008) of Freescale Codewarrior 6.1 for MCUs Professional Edition with unlimited code size (which normally costs $1995, but the folks at Freescale were kind enough to give DEFCON attendees a free license in order to promote badge hacking and microprocessor experimentation), and source code, schematics, etc.

* If you want to set up the IDE in advance to save time, you can get the public, freely available version of Freescale CodeWarrior 6.1 Special Edition, which is limited to 32KB of code space and can be downloaded from:

http://www.freescale.com/webapp/sps/site/homepage.jsp?nodeId=012726

* Bring an SD card for maximum enjoyment and benefit (minimum 64MB, *must* be FAT16 formatted)

* There will a USB bootloader available on the badge, so all you need is a PC and the Freescale bootloader software/GUI (available on the DEFCON CD, I can't seem to find it online anywhere) No special debugging or programming hardware is required as was in previous years. A Freescale BDM port is still provided if you do have such tools, which will give you the benefit of single stepping and debugging. I use a P&E Microsystems HCS08 Multilink, but the SPYDER08 modules we gave out last year for the Freescale MC9S08QG8 *might* work with a little finesse and hacking around.

* The only "expansion hardware" we will be giving away this year are USB connectors and some 2x3 headers for the BDM port.

* If you have hacked the DC14 or DC15 badges over the past year and want to submit those to the contest, I'll award one as an Honorable Mention.

* Other than what I am posting publicly to this forum and what might be leaked via the media a few days before the con, no details of the badge will be released until my talk at the opening of DEFCON.

The Hardware Hacking Village will also have some supporting materials available....

LosT

* The design this year is based around a Freescale Flexis MC9S08JM60 processor. Other notable features include a SecureDigital socket and infrared transmitter and receiver.

Thank you for the heads up. Skimming the datasheet, there are at least two particular features of that processor that could be a lot of fun... (This is so much easier than the PIC. *shudder*)

As for the infrared, I'm curious. I know an obvious thing to do (beside the assumed functionality), but I'll have to think about the non-obvious applications. I'm all a-tingle at the prospect of an intentional buffer overflow. :wink:

* If you want to set up the IDE in advance to save time, you can get the public, freely available version of Freescale CodeWarrior 6.1 Special Edition, which is limited to 32KB of code space and can be downloaded from:

Windows-only, huh? At least PCs are now fast enough to run VirtualBox (which allows USB pass-through). (Just a heads-up in case someone reading the forums is waiting for the Defcon CD to start work.)

Thanks for the heads-up. I'm working furiously on a 65C02 project at the moment, but I hope to have enough prep work in place that I don't spend all my time at Defcon playing with the blinking lights. And, yes, I know it doesn't have to be technical, but why aim low?

Windows-only, huh? At least PCs are now fast enough to run VirtualBox (which allows USB pass-through). (Just a heads-up in case someone reading the forums is waiting for the Defcon CD to start work.)

Yeah, the development tools are PC only. I'm not sure if they're planning on porting to any other platforms. All of my firmware development was done on a MacBook Pro running VMWare Fusion with a Windows XP SP2 install, which worked great, even with the USB-based P&E Multilink BDM.

Joe

noob question: Does one receive the DEFCON CD with the badge at registration?

noob question: Does one receive the DEFCON CD with the badge at registration?

Yup. All of the info will also be on my website here on the first day of the con:

http://www.grandideastudio.com/portfolio/defcon-16-badge/

Joe

Another suggestion: could we leave the instructions for the badge out of the program this year? I was really excited when I got my badge, played with it, figured out the behavior, and then started sharing with others what I had found out. It was a fun puzzle, and it encouraged communication with new people.

When I found out a few hours later that the instructions were in the program I was disappointed. The badge wasn't a fun Defcon-themed puzzle; it was a toy.

Perhaps if people were encouraged to "feel out" the badge a bit more they might become emotionally invested. The process of figuring out the badge may lead them to paths of what they imagine the badge could do. Knowing that help and the tools are available (courtesy the HHV), they could then implement that potential.

Just a thought.

You can propose that to DT, but in reality, only a small percentage of the thousands of DEFCON attendees will ever really get "emotionally invested" in the badge and most have other things at the con that they're interested in (and just want a quick peek into how the badge functions). So, I think there needs to be a basic user guide. Otherwise, many of the features I spent dozens of hours designing in will never be taken advantage of other than the mighty few who feel like poking and prodding at the badge.

So, if the "user manual" ends up in the program, just pretend it's not there...

Joe


Another suggestion: could we leave the instructions for the badge out of the program this year? I was really excited when I got my badge, played with it, figured out the behavior, and then started sharing with others what I had found out. It was a fun puzzle, and it encouraged communication with new people.

When I found out a few hours later that the instructions were in the program I was disappointed. The badge wasn't a fun Defcon-themed puzzle; it was a toy.

Perhaps if people were encouraged to "feel out" the badge a bit more they might become emotionally invested. The process of figuring out the badge may lead them to paths of what they imagine the badge could do. Knowing that help and the tools are available (courtesy the HHV), they could then implement that potential.

Just a thought.

So, I think there needs to be a basic user guide. Otherwise, many of the features I spent dozens of hours designing in will never be taken advantage of other than the mighty few who feel like poking and prodding at the badge.

That could be the case, and if it were my baby, I might feel the same way. All that work and nobody doing anything with it?

On the other hand, Defcon attendees should be more curious about the electronics they are forced to carry with them. I wonder how many other people deciphered that damn binary stream that ran across every page of the program last year.

So, if the "user manual" ends up in the program, just pretend it's not there...

My will is weak. If I know the instructions are at hand, I'll use them. I'll save my time for reverse engineering information that isn't readily available. :smile:

Thanks, Joe.

Some questions from w1nt3rmut3:

1) Will some kind of reflashing of the bootloader be readily available if we really trash the uC?

2) If my hack works out (I am prototyping now), it would be useful to have a decent oscilloscope around, > 20Mhz sampling. Will something be available?

thanks,
-mut3


#1: Yes. If you accidentally kill the bootloader, I'll have my P&E Multilink BDM with me and we can reload the entire badge firmware.

#2: I'm not planning to personally provide any oscilloscope, but there might be one in the Hardware Hacking Village. A good portable, personal scope would be the USBee (http://www.usbee.com/) or Parallax Oscilloscope (http://www.parallax.com/Store/Microcontrollers/BASICStampModules/tabid/134/txtSearch/oscilloscope/List/1/ProductID/46/Default.aspx?SortField=ProductName%2cProductName)

-kp

I will have scopes in the village.

LosT

Assuming these things are battery powered (as opposed to some manner of nuclear reactor), could we possibly learn the battery type and count, or overall supply voltage ahead of time so we can bring appropriate wall warts?

Why don't you just bring a few, and/or appropriate Vregs? I mean there can't be *that* many options, right?

Bring a 7805, 7803, etc... and hack your own (true hacker spirit!)

LosT



Assuming these things are battery powered (as opposed to some manner of nuclear reactor), could we possibly learn the battery type and count, or overall supply voltage ahead of time so we can bring appropriate wall warts?

That or places sell adjustable wall worts for universal adapters. I know radio shack has one that does a nice decent range one for like $20.

Or bring regulators like suggested. If you really want to "hack your own"...bring some diodes and reverse bias a few ;)

Why don't you just bring a few, and/or appropriate Vregs? I mean there can't be *that* many options, right?

Bring a 7805, 7803, etc... and hack your own (true hacker spirit!)

LosT

Spoiler alert!!!

For this wishing to get a pretty in-depth peek at the badge:

http://blog.wired.com/27bstroke6/2008/08/exclusive-defco.html

And, yes, it includes the battery type. :wink:

Interesting. Definitely seems to be a simpler circuit this year. This is listed as a prototype, 'eh? Any bets on whether the circuit has changed?

This is why I hate, and love, Defcon. Everything is a puzzle. The mysterious message in the article, when decoded, appears to give a valid message but the results aren't too useful (I don't want to give away too many details). I'm wondering if it is a part of a contest that hasn't gone live yet...

Interesting. Definitely seems to be a simpler circuit this year. This is listed as a prototype, 'eh? Any bets on whether the circuit has changed?

Assuming the circuit hasn't changed, I'm wracking my brains trying to figure out what the different modes might be. So far, my prep work doesn't look like it will work out because the output appears so limited, but then why include the infrared components?

Oh, and I'm really hoping the SD card is there so that we can easily load our own software onto the badge (without soldering on the USB connector). The on-chip flash is in-application programmable. Any bets on whether the SD card will be writable?

Oh, and I'm really hoping the SD card is there so that we can easily load our own software onto the badge (without soldering on the USB connector).

I'm pretty sure the USB connector comes soldered on already.

I'm pretty sure the USB connector comes soldered on already.

I was basing that on the article:

Keep in mind that the badge in the photo is a prototype, the actual badges will be a different color, won't have the USB and debug ports soldered on nor include an SD card (so bring one, seriously).

Whoops, my bad! I read in one of the original posts in this thread that it would be included and just assumed it would be on already, sorry.

Ok this is just a guess from looking at the badge, components and design.
I have nothing to back this up. You load files onto the sd card using a laptop ect,
adding a usb port would allow using the badge as a card reader without needing
one on your laptop. The badge can then beam files to other peoples badges,
maybe the card will have a incoming and outgoing folder. Modes on the badge
could be, "require confirmation before accepting files" so that you have to stand
in front of someone and press a button. Or maybe "accept all incoming connections"
where the badge tries to negotiate with anyone in proximity and exchange files/photos
ect.. Led's on the front could indicate sending and receiving of files, or possibly IR
connection strength. Something similar to the beam business card function on a PDA.

OO0

You'll know if you figured it out. Thanks for that little treat, it got me in the mood for Defcon.

-b

By mysterious message, do you mean the barcode or something else?

By mysterious message, do you mean the barcode or something else?

I meant the barcode. Unless I'm missing another, even deeper message obscured by the first hidden message...

Oh good, phew. ;)

Any suggestions for barcode readers for the PC? My crummy old phone doesn't seem to support any. I'm trying to compile google's zxing and running into some problems as well, and I don't even know if that app will do it for me anyway.

Any suggestions for barcode readers for the PC?

Generic, all-purpose barcode readers? I haven't found any free applications.

1-D barcode readers? I spent forever and a day attempting to decode the Toorcon badge and I still don't know what the code said (if anything). The problem here is that all the barcodes look similar but actually encode differently.

2-D barcode readers, as in this case? I assumed it was the freely available Datamatrix barcode by its shape/look and then used the simple (and open source) libdmtx.

I haven't seen zxing before, but I'll give it a try.

1) Visit a library
2) Be friendly to a librarian
3) Explain what you are trying to decode
4) Ask if you can use their PS/2 or USB keyboard wedge barcode scanner.
5) Hook it up to your computer
6) Launch a text editor and make edit space the foreground field/selected
7) scan the barcode
8) save the content of your editor to disk for later review

Though there are many bar code standards, many libraries use keyboard wedge barcode readers that can read a huge number of different barcode formats. Keyboard wedges are exactly as their name implies -- they usually sit between your keyboard and the computer.
Attempts to scan a barcode result in the decoded data from the barcode getting passed to the computer as though a user typed it (really fast.)

Another option is shipping departments in medium to large organizations.

HTH (Hope this Helps)

So, based on that clue, I am guessing the chip has a game on it... Interested in getting my hands on it now to see what is going on inside.

Hrm, this is something I had not anticipated. I didn't bogart the barcode scanner from my rig at work because "Why the hell would I need that?"

Of course libdmtx came through. Cute. Why do I get the feeling the matrix on the production model is different?

Oh well. Now that I've seen the badge, I have some glorious ideas. Not sure I'll be able to find time at con to actually make them happen, though - may need to be a "I'll bring it back next year" thing.

That was easier then last year I think???,you'll know if you figured it out. Thanks for that little treat, it got me in the mood for Defcon.

Did you change the page? If so, I'm jealous. I didn't even consider write access, and either you've changed it so I can't touch it or my fu is too weak.

Also, what do you mean "easier than last year"? Last year was a binary-encoded message, but I don't recall it being associated with further riddles.

Will a regular barcode reader read that type? I have like 6 somewhere, Radio Shack had those CueCats a couple years ago that they were giving away.

;97890']Will a regular barcode reader read that type? I have like 6 somewhere, Radio Shack had those CueCats a couple years ago that they were giving away.

No, the CueCat won't do it. In fact, I'm surprised the barcode readers at the library will. Or maybe TheCotMan simply lives next to more technologically advanced libraries than I do.

No, the CueCat won't do it. In fact, I'm surprised the barcode readers at the library will. Or maybe TheCotMan simply lives next to more technologically advanced libraries than I do.

Maybe university Libraries have better technology. :-)
Because Inter Library Loan exists and there are so many different bar codes in use at different library locations, ILL Departments often have scanners that can read bar code formats used in libraries from around the world.

UNLV has some pretty decent tech in their library. They probably have scanners that can do 1d and 2d and support many bard-code formats.

I had the info decoded about 5 mins after the article went up :) you'd be surprised how many 2-d decoding apps there are for cell phones. :)

Had to manually redraw the barcode to get it working.

Took a while for me - its pretty clear that quickmark for windows mobile is the way to go. The weird japanese qrcode reader didnt work, nor did .. scanlife? .. some other qr code scanner for windows mobile.

muahaha!


oo0

That was easier then last year I think???,you'll know if you figured it out. Thanks for that little treat, it got me in the mood for Defcon.

-b

You don't need a scanner to figure out the barcode. CNET scaned it for you.

For the record, I used this tool (based on libdmtx) http://libdmtx.wiki.sourceforge.net/space/showimage/delphidmtx_0.5.0.zip
to read the barcode DIRECTLY out of cnet's image (well, actually out of a BMP copy of it)

OO0 Purdy... Nicely done, guys. I'm looking forward to this more and more as the days get closer.

For the record, I used this tool (based on libdmtx) http://libdmtx.wiki.sourceforge.net/space/showimage/delphidmtx_0.5.0.zip
to read the barcode DIRECTLY out of cnet's image (well, actually out of a BMP copy of it)

Thanks Wing, easy peasy. I tried about 10 different software packages yesterday trying to scan this thing, and my stupid phone doesn't support any of the cool scanner pacakges. I was about to go get a new phone just for this! :)

Ah, yes, the puzzles have begun. It's so tempting to say more, but that would spoil the fun... :)

See everyone at con!

Joe

To echo what Joe said, don't make any assumptions and just have a good time.

See you all when you get here.

1057

Bonus points for anyone who can find 'mini Joe Grand' at Defcon.

LosT

* The only "expansion hardware" we will be giving away this year are USB connectors and some 2x3 headers for the BDM port.

When and where will you be giving away the USB connectors?

The weird japanese qrcode reader didnt work, nor did .. scanlife? .. some other qr code scanner for windows mobile.Probably because it's not in qrcode ;)

I really wish there was a working datamatrix online decoder. Or at least a win32 executable.

You will just have to wait and see....

1057

When and where will you be giving away the USB connectors?

Damn, and I had my TV-B-Gone code all ready to go... Guess I'll have to think of something better.

Oh, and reading the damn instructions is killer on eyeballs. Visiting the forums just after reading those columns, I thought someone had changed the classic theme to "ugly striped".

Oh, and reading the damn instructions is killer on eyeballs. Visiting the forums just after reading those columns, I thought someone had changed the classic theme to "ugly striped".

Those that don't wish to lose their vision can find a much more readable version on the CD in plain text format. (Well, I guess readable depends on the font settings in your text editor, but you got me.)

Since the new badges were delayed, we made our own hackd badge (that is open source): http://www.youtube.com/watch?v=agra7hyBv3k

I've been trying all day to download the devkit from media.defcon.org, and I can't pull down more than about 150 MB of it because the server disconnects me and doesn't support byte-range transfers. Does anyone have a copy they could put on a server that doesn't suck?

Hi, I don't know what I am doing wrong, the HHV is closed for the night and I just got my mini-usb connector soldered on.

I can't seem to get the "Freescale JM60 GUI" working (the usb symbol has been red). I've been able to get some output from the badge by connecting through hyperterm:
Welcome to the debug terminal...

Entering TRANSMIT mode.
Sending TV-B-Gone power off codes.
Sending TV-B-Gone power off codes.
Power off code list complete. Repeating!

The port being used is COM6 (or 5)... I can't find any settings for the Freescale software so I don't if the software is looking at COM1 or something, any help would be cool, I think I'll go party hard now

did you put the badge in bootloader mode by holding down the button and inserting the battery(it'll want to install the new drivers which are on the cd ) the two outer leds will light

Since I was one of the unlucky ones who is stuck with the 'uncool' badges, is it going to be possible to get one of the 'cool' ones? I am happy to pay shipping...

:evil:

did you put the badge in bootloader mode by holding down the button and inserting the battery(it'll want to install the new drivers which are on the cd ) the two outer leds will light

Yeah, I did try that, the computer will pop up an un-recognized USB device bubble from the system tray. The only time XP asks for drivers is when it is in 'normal' operation mode. It also doesn't open a serial port when in bootloader mode (BTW).

Since I was one of the unlucky ones who is stuck with the 'uncool' badges, is it going to be possible to get one of the 'cool' ones? I am happy to pay shipping...

:evil:


I am also one of the people still sporting the cool 'temporary' badge. I don't need no stinking blinky badge, but it sure would complete my experience of my first BH/DC. I'm wearing THE Adobe On Air shirt (it was free).

Yeah, I did try that, the computer will pop up an un-recognized USB device bubble from the system tray. The only time XP asks for drivers is when it is in 'normal' operation mode. It also doesn't open a serial port when in bootloader mode (BTW).

it'd be the drivers in this folder for bootloader mode


(Default path)
C:\Program Files\Freescale\Freescale JM60 GUI\JM60 USB Driver

Thanks charliex, I talked to a couple guys in the HHV on sunday (maybe it was you :P) and got the location of the driver and a copy of code warrior.

I'll probably get an instructable on how to get the badges working, now time to figure out how to program this thing...

I remember that some people were passing a USB stick with updated software around. What was that about ?
Is there a gcc toolchain available for programming this without having to purchase Freescale's CodeWarrior version? Link ?

Whew! Hope everyone made it back to the real world in one piece. I'm in the process of writing up all the badge hacking contest entries, putting up the page with pics, documentation, etc. I'll come back when I'm done :)

-kp

Whew! Hope everyone made it back to the real world in one piece. I'm in the process of writing up all the badge hacking contest entries, putting up the page with pics, documentation, etc. I'll come back when I'm done :)

-kpJust got back to the Bonz-o-plex.

Here's the Front Row Badge source: http://github.com/bkerley/dc16_badge
And a video demonstration: http://www.youtube.com/watch?v=gPQHFCoAvgE

I got codewarrior installed, removed TV-B-GONE source, and made some room to work w/ that 32k limit on the freescale demo program. I got some cleaned up Firmware uploaded to the badge, and now I am ready to put some neat LED things in there as different modes...

Before I do, I still want to retain the InfraRed TX/RX...

I am no coder, but It seems like the file TX bug is in FAT.C. Has anyone patched their FAT.C to actually return a file to the DC16_TX_File routine?

(debug output...
Entering TRANSMIT mode.
No valid file found.
Going to SLEEP
...)

Alright, I spent most of last night poking around the code... Keep in mind I am a total code n00b... It seems like there is a bug in the routine that sends the filename to the DC16 file transfer handler.

If you have a read-only file with a FULL 8x3 FILENAME without a archive/system/hidden attribute set, the badge will work; possibly.

I modded my code to ignore the system/archive/hidden and I got the file transfer to work with a 8x3 filename; OMGHELLO.TXT

The problem seems to be in the code in FAT.C that sends a name to the gau8Minicom buffer. If the filename isn't 8x3 It looks like the code can't handle it, or process it correctly. I have tried variations of a few different things that all seem to pass the incorrect name to the buffer.

I hard set the short filename in the gau8Minicom buffer and it read OK, but thats not what I want, If I was going to have to name my file something every time, why not just give it a full 8x3 in the first place.

So, would somebody else confirm that if you set your attribs to == R and != ASH (lol i suck at C) and give your file a UPPERCASE 8x3, see if you badge works.

Thanks
-Kajer

There is a codewarrior with a temporary license for defcon, i think there a few days left on it, it was downloadable from the media.defcon link, but you have to manually copy the license.dat.

gcc doesn't support HC08 that i'm aware of, its HC12 support is not that great anyway.

i've been looking at SDCC which has a couple of ports to HC08 but its code generation has been questionable, and no C++ support which isn't really an issue with the badge that i recall and if there was anything it's probably small stuff.

i haven't looked at the transfer bug, since i wasn't aware of it til the closing ceremony, FAT16 doesn't support LFN's (without a patented extension) so its probably not expecting anything else, i'll take a peek sometime.

I gave a sample of the code to my buddy Snuggles...

He gave me this...

UINT8 FAT_LS(void)
{
UINT8 u8Counter, i;
root_Entries *sFileStructure;

GetPhysicalBlock(u16FAT_Root_BASE,ag8FATReadBuffer );
sFileStructure = (root_Entries*)&ag8FATReadBuffer[RootEntrySize];

// look at each file in the root directory to find the first one with only the Read Only attribute set
while(sFileStructure->FileName[0]!=FILE_Clear)
{
if (sFileStructure->FileName[0]!=FILE_Erased) // if the file isn't erased (since FAT doesn't really erase the file, only flag it as erased...)
{
i = NibbleSwap(sFileStructure->Attributes);
if ((i & AT_READONLY) && !(i & (AT_VOLUME | AT_DIRECTORY))) // the attribute is set
{
// copy the filename into the gau8Minicom buffer
i = 0;
for(u8Counter=0;u8Counter<8;u8Counter++)
{
if(sFileStructure->FileName[u8Counter]!=' ' && sFileStructure->FileName[u8Counter] !='.')
{
gau8Minicom[u8Counter] = sFileStructure->FileName[u8Counter];
++i;
}
}

gau8Minicom[i] = '.';
++i;

for(u8Counter=0;u8Counter<3;u8Counter++)
{
if(sFileStructure->Extension[u8Counter]!=' ')
gau8Minicom[u8Counter + i] = sFileStructure->Extension[u8Counter];
}
return (1);
}
}

sFileStructure++;
}

return(0);
}

The badge gave me this...
Entering TRANSMIT mode.
HELLO.TXT
File name: HELLO.TXT
File size: 0000001131 bytes
Starting IR file transmit.

CRC16 = 0x1814

CRC16 = 0x1455

CRC16 = 0xEF43

CRC16 = 0x0000

IR file transmit successful!
Going to SLEEP.


The DC16 badge will now use a filename that is shorter than 8x3 and ignore the archive / system / hidden attributes... However, the routine will not work unless your filename is UPPERCASE... There is a step in DC16_TX_File to make the gau8Minicom into uppercase, but from the terminal strings I have my badge output, it looks like the FAT.C can't read lowercase filenames. When I changed hello.txt to HELLO.TXT, then it worked.

Any Ideas?

I'm a tad bit disappointed that our efforts to reverse engineer the bootloader USB protocol, write a Linux software for flashing firmware via USB, and beat sdcc into compiling software for the target, giving a 100% non-Windows, non-CodeWarrior development solution, didn't even result in an honorable mention at the Ceremony.

Still, here's the perl code for flashing. Use at your own risk, YMMV, consult your health care professional. Only flashes on of the two flash regions. Doesn't verify. Doesn't blank check after erase. Etc.

sdcc hackey will follow soon.


#!/usr/bin/perl -w

use strict;
use Device::USB;

my $big = "\000" x 0x10000;

my $timeout = 10000;
my $VENDOR = 0x15a2;
my $PRODUCT = 0x0035;
my $CFG = 0x0;
my $i;

my $usb = Device::USB->new();
my $dev = $usb->find_device( $VENDOR, $PRODUCT );

printf "Device: %04X:%04X\n", $dev->idVendor(), $dev->idProduct();
$dev->open();
$dev->set_configuration( $CFG );

printf "Erasing Flash!\n";
for ($i = 0x1960; $i < 0xfc00; $i += 0x200) {
&erase_flash($i, $i + 0x1ff);
}

printf "Writing Flash!\n";
&parse_s_record();

for($i=0x1960;$i<0xfc00;$i+=8) {
my $buffer = substr($big, $i, 8);
&write_flash($buffer, $i);
}

sub parse_s_record {
while(<>) {
chomp;
if (/^S1(..)(....)((..)*)(..)/) {
my $buffer = pack("H*", $3);
my $address = unpack("n", pack("H*", $2));
unless ($address > 0xfc00) {
substr($big,$address,length($buffer)) = $buffer;
}
}
}
}

sub erase_flash {
my $buffer = "";
my $from = shift;
my $to = shift;
if ($from < 0xfc00 && $to < 0xfc00) {
my $res = $dev->control_msg(0x40, 0x82, $to, $from, $buffer, 0, $timeout);
if ($res < 0) {
die "Error erasing!\n";
}
&execute();
}
}

sub write_flash {
my $buffer = shift;
my $from = shift;
my $length = length($buffer);
my $to = $from + $length - 1;
if ($from < 0xfc00 && $to < 0xfc00) {
my $res = $dev->control_msg(0x40, 0x81, $from, $to, $buffer, $length, $timeout);
if ($res < 0) {
die "Error writing!\n";
}
&execute();
}
}

sub verify_flash {
my $buffer = shift;
my $from = shift;
my $length = length($buffer);
my $to = $from + $length - 1;
my $res = $dev->control_msg(0x40, 0x87, $from, $to, $buffer, $length, $timeout);
if ($res < 0) {
die "Error verifying!\n";
}
&execute();
# FIXME: check actual return of command
}

I'm a tad bit disappointed that our efforts to reverse engineer the bootloader USB protocol, write a Linux software for flashing firmware via USB, and beat sdcc into compiling software for the target, giving a 100% non-Windows, non-CodeWarrior development solution, didn't even result in an honorable mention at the Ceremony.


This is awesome! I found sdcc during the con, but hadn't yet tried anything with it. I will be looking forward to see what you have.

Andreas, nice going and its shame you didn't get a mention, definitely earned though.

Thanks for posting the protocol too, the JM60 bootloader on windows is annoyingly bad so it'll be nice to replace it..

Looking forward to seeing your SDCC, i found an offshooted port off the freescale forums but haven't played around with it.

cheers.

Looking forward to seeing your SDCC, i found an offshooted port off the freescale forums but haven't played around with it.


Yeah, we've been playing with both the mainline sdcc, and the hc08 branch that's floating around. The latter has been worked on using cygwin, and it's in a sorry state with regard to building it on Linux. The former misses quite a number of libc functions, and it's not possible to override the init sequence (crt0.o, if you will), which is needed to make it play nicely with the existing bootloader.

I'm still at the airport, but will contact the other Andreas (a.k.a. "count") as soon as I'm home, he's got the sdcc hackery on his computer.

If you have JTAG access, and can live with overwriting the original bootloader, the following linker script might get you somewhere with the stock sdcc (assuming you have compiled a main_test.c to main_test.rel):


-mxsu
main_test
-b CSEG=0x1960
-b DSEG=0xb0
-g __sdcc_external_startup=0x0000 ; bug, but silence
-g __PTAD=0x00000000
-g __PTADD=0x00000001
-g __PTBD=0x00000002
-g __PTBDD=0x00000003
-g __PTCD=0x00000004
-g __PTCDD=0x00000005
-g __PTDD=0x00000006
-g __PTDDD=0x00000007
-g __PTED=0x00000008
-g __PTEDD=0x00000009
-g __PTFD=0x0000000A
-g __PTFDD=0x0000000B
-g __PTGD=0x0000000C
-g __PTGDD=0x0000000D
-g __ACMPSC=0x0000000E
-g __ADCSC1=0x00000010
-g __ADCSC2=0x00000011
-g __ADCR=0x00000012
-g __ADCCV=0x00000014
-g __ADCCFG=0x00000016
-g __APCTL1=0x00000017
-g __APCTL2=0x00000018
-g __IRQSC=0x0000001B
-g __KBISC=0x0000001C
-g __KBIPE=0x0000001D
-g __KBIES=0x0000001E
-g __TPM1SC=0x00000020
-g __TPM1CNT=0x00000021
-g __TPM1MOD=0x00000023
-g __TPM1C0SC=0x00000025
-g __TPM1C0V=0x00000026
-g __TPM1C1SC=0x00000028
-g __TPM1C1V=0x00000029
-g __TPM1C2SC=0x0000002B
-g __TPM1C2V=0x0000002C
-g __TPM1C3SC=0x0000002E
-g __TPM1C3V=0x0000002F
-g __TPM1C4SC=0x00000031
-g __TPM1C4V=0x00000032
-g __TPM1C5SC=0x00000034
-g __TPM1C5V=0x00000035
-g __SCI1BD=0x00000038
-g __SCI1C1=0x0000003A
-g __SCI1C2=0x0000003B
-g __SCI1S1=0x0000003C
-g __SCI1S2=0x0000003D
-g __SCI1C3=0x0000003E
-g __SCI1D=0x0000003F
-g __SCI2BD=0x00000040
-g __SCI2C1=0x00000042
-g __SCI2C2=0x00000043
-g __SCI2S1=0x00000044
-g __SCI2S2=0x00000045
-g __SCI2C3=0x00000046
-g __SCI2D=0x00000047
-g __MCGC1=0x00000048
-g __MCGC2=0x00000049
-g __MCGTRM=0x0000004A
-g __MCGSC=0x0000004B
-g __MCGC3=0x0000004C
-g __MCGT=0x0000004D
-g __SPI1C1=0x00000050
-g __SPI1C2=0x00000051
-g __SPI1BR=0x00000052
-g __SPI1S=0x00000053
-g __SPI1D16=0x00000054
-g __SPI1M=0x00000056
-g __IICA=0x00000058
-g __IICF=0x00000059
-g __IICC1=0x0000005A
-g __IICS=0x0000005B
-g __IICD=0x0000005C
-g __IICC2=0x0000005D
-g __TPM2SC=0x00000060
-g __TPM2CNT=0x00000061
-g __TPM2MOD=0x00000063
-g __TPM2C0SC=0x00000065
-g __TPM2C0V=0x00000066
-g __TPM2C1SC=0x00000068
-g __TPM2C1V=0x00000069
-g __RTCSC=0x0000006C
-g __RTCCNT=0x0000006D
-g __RTCMOD=0x0000006E
-g __SPI2C1=0x00000070
-g __SPI2C2=0x00000071
-g __SPI2BR=0x00000072
-g __SPI2S=0x00000073
-g __SPI2D16=0x00000074
-g __SPI2M=0x00000076
-g __USBCTL0=0x00000080
-g __PERID=0x00000088
-g __IDCOMP=0x00000089
-g __REV=0x0000008A
-g __INTSTAT=0x00000090
-g __INTENB=0x00000091
-g __ERRSTAT=0x00000092
-g __ERRENB=0x00000093
-g __STAT=0x00000094
-g __CTL=0x00000095
-g __ADDR=0x00000096
-g __FRMNUML=0x00000097
-g __FRMNUMH=0x00000098
-g __EPCTL0=0x0000009D
-g __EPCTL1=0x0000009E
-g __EPCTL2=0x0000009F
-g __EPCTL3=0x000000A0
-g __EPCTL4=0x000000A1
-g __EPCTL5=0x000000A2
-g __EPCTL6=0x000000A3
-g __SRS=0x00001800
-g __SBDFR=0x00001801
-g __SOPT1=0x00001802
-g __SOPT2=0x00001803
-g __SDID=0x00001806
-g __SPMSC1=0x00001809
-g __SPMSC2=0x0000180A
-g __DBGCA=0x00001810
-g __DBGCB=0x00001812
-g __DBGF=0x00001814
-g __DBGC=0x00001816
-g __DBGT=0x00001817
-g __DBGS=0x00001818
-g __FCDIV=0x00001820
-g __FOPT=0x00001821
-g __FCNFG=0x00001823
-g __FPROT=0x00001824
-g __FSTAT=0x00001825
-g __FCMD=0x00001826
-g __PTAPE=0x00001840
-g __PTASE=0x00001841
-g __PTADS=0x00001842
-g __PTBPE=0x00001844
-g __PTBSE=0x00001845
-g __PTBDS=0x00001846
-g __PTCPE=0x00001848
-g __PTCSE=0x00001849
-g __PTCDS=0x0000184A
-g __PTDPE=0x0000184C
-g __PTDSE=0x0000184D
-g __PTDDS=0x0000184E
-g __PTEPE=0x00001850
-g __PTESE=0x00001851
-g __PTEDS=0x00001852
-g __PTFPE=0x00001854
-g __PTFSE=0x00001855
-g __PTFDS=0x00001856
-g __PTGPE=0x00001858
-g __PTGSE=0x00001859
-g __PTGDS=0x0000185A
-g __FIFO0=0x00000081
-g __F0BADDR=0x00000082
-g __F0SIZE=0x00000083
-g __F0CTL=0x00000085
-e


Andreas

Thanks Andreas,

I picked up the P&E BDM yesterday, so it should arrive today, i've got almost everyone they've got now, people keep picking chips i don't have the BDM for, i expect with my luck next year Joe will use a renesas processor....

Have a safe TSA free flight.

Can anyone recommend a VERY beginner kit to learn how to work with these MCUs/boards? This DC was my first time soldering anything, ever(yay got my USB port on) ;) and I'm really interested in learning more, but I don't have a big electronics background so I'd really like to learn from the ground up. I'm planning on taking a basic electronics course through my JC but I also want to be able to learn hands on in the meantime, get my soldering skills up, etc.

The badge is a pretty good beginner board, it just lacks some switches and interface stuff.

Freescale sell a starter board which is pretty good.

However if you are just starting in electronics, but do have a background in programming, i'd got to frys or radio shack/tandy, or whatever your local electronics place is and pick up a basic stamp kit that you have to put together, they're cheaper and don't need extensive dev tools, once you've got the hang of those, the freescale dev boards would be next, or if you want to stick to the basic stamp but play around a bit more with electronics, i really like the comfile CB220/280 dev kit stuff, again reasonably priced but you can do a lot with it, and the dev kit has lots of switches, dials and leds to play with.

if you want something bigger than that, go with one of the Mikroe EasyPIC/ARM/AVR boards, they're awesome ,but they're pre made (as are the comfile boards)

the freescale dev boards are fairly simple to play with as well as easy to obtain, it also mostly matches the badge.

HC08 dev kit
http://www.freescale.com/files/abstract/misc/HCS08DEMO.htm

Comfile's CUBLOC ( different processor, its based on the ATMega, but its a fun and easy board with a ladder logic or basic style language, and it comes complete, all you need is an rs232 to upload code, and you can make production pieces very simply with their proto board, they have displays and all sorts of stuff, spi,i2c etc. Their forums are a little bit inactive with some of the tougher questions, but there is a fair few sample apps on there too.

http://cubloc.com/product/01_05.php


Mikroe maybe overwhelming choice here, i have an EasyPIC4 for fast prototyping.
http://www.mikroe.com/en/tools/
HC908 based, so freescale, similar to the badge
http://www.mikroe.com/en/tools/easyhc908/ (not out yet)

Sparkfun etc have some little dev boards to play around with, but they're not the best for beginners, as they usually just sell you the part and you're on you own, they do supply some stuff, sometimes, but it seems like its aimed more at the more advanced user. http://www.sparkfun.com

Also for simplistic development with sensors, inputs and so on, can't really go wrong with phidgets, but it gets expensive quickly and you're ultimately limited by their system.
http://www.phidgets.com/

Personally i like to teach with the basic stamp kits from places like frys, then move to the comfile, then to the mikroe and then to the freescale kits etc.
http://shop1.frys.com/product/5229937
http://shop1.frys.com/product/5229667

Dependant on where you're located, you'll have different options, but most electronic places carry the little kits that you have to solder up, make radios or small processor circuits with basic stamps.

mouser and digikey carry most of the large OEM development kits.

Best of luck

The downside to the DC16 badge is most of the CPU pins are unused...

And if you did develop code that would take advantage of extra pins on the CPU, you'd have to micro slober some wirewrap wire directly to the cpu...

Going the way of a dev kit or basic stamp is the way to go if your starting out.

I was thinking about adding a few extra features to the DC16 badge of mine, but right now it looks like i have to slober from the LED2-7 because those are PWM outputs, and I wouldn't have to wire off the CPU.... plus I dont have a iron w/ a tip that small or eyes that can see that small

unless i made some cock up in the code, my badge has no PWM on LED's 3/4. (and i can control pwm on all the other leds)

Wow, thanks so much for all the info, charliex(and kajer). I'm going to get one of those beginner kits from Fry's and also check out my local electronics supply place(HSC (http://www.halted.com)) as well. I have taken a few semesters of C++ and also learned a bit of Perl and Python on my own, so I should be able to figure out the programming aspects, but I'm clueless as far as hardware. Looks like both those Frys kits come with a book, so hopefully that'll give me a good introduction. Thanks again!

yep the parallax stuff is pretty straight forward BASIC code and there are probably 1000's of web sites with demos and stuff, if you get stuck, just shout out.

unless i made some cock up in the code, my badge has no PWM on LED's 3/4. (and i can control pwm on all the other leds)

The CPU is plenty fast enough do to 8bit or more of software PWM if you want to do a knight rider type thing. I had my badge doing fade in/out random patterns on all LEDs (no soldering required). I'll post the code up when I dig out the laptop I used, but the basic idea is to do a for loop, each iteration compare vs your brightness and set the LED pins (or just call the LED display function). this makes a constantish pulse frequency with a width linear to your brightness.

Running continuously, this loop only needs to be fast enough to repeat 40+ times per second to fool the eye.

yeah i wrote a little language for the sequencing of the LED's for the girlfriends badge, she wanted the PWM on so i spent some of the wee hours adding it, only to find that it wasn't the outer edges.

you can use the interrupts to manually modulate the led's instead, they you can set the rates easily without worrying about software timers, even though its not really a problem on the badge.

I tried the data logger firmware that freescale provides as a demo and was surprised that the temperature sensor returned a constant value. Does it require any extra components ? From the data sheet it looks like it is built in and should work out of the box.

[QUOTE=Demo;98280}...also check out my local electronics supply place(HSC (http://www.halted.com)) as well...[/QUOTE]

HSC is the shit!

I try not to make a habit of it, but Weirdstuff -> HSC -> St.Johns for 1/2 price burger day on saturday, and HRO right next door if your into that sort of thing... It gets a little costly...

Has anyone started a web page or Wiki to track all that we have found out about the badge?

Just a quick rundown from many sources on the web:

1) From a You tube video: Cut one of the resistors for more IR output power. The strange thing about the You tube video is that the IR sender in the eye of the badge showed up blinking in the video.
2) Format the SD card for FAT16. Microsoft will do this for SD's over some size. A small SD card gets formatted FAT12.
3) the file on the SD needs to be 8.3 format and read-only.
4) the button on the back has three modes: receive, send, and sleep
5) holding down the button on the back and put the battery in and it is in Firmware update mode. (I think?)
6) I just went out to Freescale website and could download a 30-day trial of the software. So, after our License key expires we should still be able to update the badge. Congrats, to the gang that got the Firmware upload working under Linux.
7) http://defcon.org/OO0/ is what is encoded on the badge.
8) under where the USB port goes is: 10000100001:21ADDDEC1024
What else.

I really would like to see other peoples code.

I plan to mod this and bring it next year.

HSC is the shit!

I try not to make a habit of it, but Weirdstuff -> HSC -> St.Johns for 1/2 price burger day on saturday, and HRO right next door if your into that sort of thing... It gets a little costly...

Except for St. Johns (Clarke's in Mtn. View FTW!), and missing a very important step in the morning, you just described my Second-Saturday-Of-The-Month morning and afternoon. Ahh, the eFlea. I don't get to make it up there as often as I would like. (I live about 200mi south.)

I'll give Clarke's a try one of these days, but what is this eFlea you're talking about??

Too bad you didn't get one of our uController kits at con- it was designed specifically for people in your situation.

LosT


Can anyone recommend a VERY beginner kit to learn how to work with these MCUs/boards? This DC was my first time soldering anything, ever(yay got my USB port on) ;) and I'm really interested in learning more, but I don't have a big electronics background so I'd really like to learn from the ground up. I'm planning on taking a basic electronics course through my JC but I also want to be able to learn hands on in the meantime, get my soldering skills up, etc.

I'll give Clarke's a try one of these days, but what is this eFlea you're talking about??

Clarke's, on El Camino just south/east of Castro. Best burgers on the planet. But I digress..

The Electronic's Flea Market (affectionately known as the eFlea) is at De Anza college in the north east corner parking lot every second Saturday of the month between March (April?) and September (October? They've moved the start and end months a few times and I can't remember where it is now.) Lots of good junk, and a few good gems. A fun time to meet up with fellow nerds, if nothing else.

(This is in Cupertino, CA, for those who are out of the area and are wondering what the heck we're talking about. This should probably go out-of-band. DM me if you have any further questions.)

8) under where the USB port goes is: 10000100001:21ADDDEC1024
What else.


There is an US Bee on a badge at http://www.defcon.org/OO0

The USB port on the real DEFCON badge has two numbers:

10000100001 binary == 1057 decimal == LosT in leet
1024 DECimal ADDed to 21 hex == 1057 == LosT in leet

Beyond that, I'm "lost."

) From a You tube video: Cut one of the resistors for more IR output power. The strange thing about the You tube video is that the IR sender in the eye of the badge showed up blinking in the video.

Not strange, cameras are IR sensitive, thats the second thing i did with the badge after reading the datablock with my n95, flip it around and see if it was transmitting IR.


3) the file on the SD needs to be 8.3 format and read-only.

FAT16 is always 8.3, its the VFAT extensions where people are running into trouble i bet, they always used to be stored in uppercase too, that was an old protection hack to go in with a disk editor and rename the files to mixed case.

5) holding down the button on the back and put the battery in and it is in Firmware update mode. (I think?)

yep, the two outer LEDS will light too.


the two led's that aren't PWM enabled are 3-4.

there is freescales version of SPI on the BDM which is on the other side of the board from the USB, should be able to bit bang SPI on it though if needed.

PE Micro sell the BDM (costs around $250 with flashing software) but there are a lot of places you can either build or buy for a lot cheaper.

SDCC can be used with some work.



make your own BDM
http://www.ingdubatti.com.ar/eng/index.htm


these guys have cheap BDMs (around 29 euros ) but site seems to be whacky at the moment
http://www.easydev.de/

phew managed all that without putting BDSM.

) From a You tube video: Cut one of the resistors for more IR output power. The strange thing about the You tube video is that the IR sender in the eye of the badge showed up blinking in the video.

Not strange, cameras are IR sensitive, thats the second thing i did with the badge after reading the datablock with my n95, flip it around and see if it was transmitting IR.

What we didn't say in the video is that once you chop that resistor, you don't need a camera to see it light up (it's a really dim red to the naked eye).

Yeah i saw the same thing. I am thinking it could burn it out after awhile.

The "21ADDDEC1024" was also part of the Mystery Challenge. We had to add all the digits in that string, which is 55 in hex (a palindrome), and 1010101 in binary (also a palindrome). The 1010101 was the key to the next stage in the challenge.

...that guy has some serious numerology in his handle, it's crazy.

The downside to the DC16 badge is most of the CPU pins are unused...

And if you did develop code that would take advantage of extra pins on the CPU, you'd have to micro slober some wirewrap wire directly to the cpu...

Going the way of a dev kit or basic stamp is the way to go if your starting out.

I was thinking about adding a few extra features to the DC16 badge of mine, but right now it looks like i have to slober from the LED2-7 because those are PWM outputs, and I wouldn't have to wire off the CPU.... plus I dont have a iron w/ a tip that small or eyes that can see that small

Yea, noticed that as well. It would have been nice if there were some traces that ran to some pads we could easily solder to.

Yeah i saw the same thing. I am thinking it could burn it out after awhile.I'd be more concerned about battery life. If it burns out, its easy enough to replace with something bigger and clunkier :) Before we messed with the resistor Critta tried about three different LEDs in his (don't tell the Riv)

If people are going to replace the standard IR LED with a higher brightness or higher power LED, I'd highly recommend keeping a current-limiting resistor in line and not just jumping the resistor. It might work for a while, but you may be exceeding the maximum output current of the port pin and/or damaging the IR LED. If your IR LED is emitting a visible red color, that's not ideal.

Joe


Yeah i saw the same thing. I am thinking it could burn it out after awhile.

Maybe next year, but it's a fine line between adding lots of extra functionality and test points versus keeping the design slick and clean for the majority of people who are just going to wear the badge and not mess with it. I've had a lot of people come up to me this year and ask for test points to make it easier to solder onto the pins. I personally think making it so easy for people to mess with it ruins the fun, but I'll consider it for next year :)

Joe


Yea, noticed that as well. It would have been nice if there were some traces that ran to some pads we could easily solder to.

Are you using the actual data logger/USB-to-SD Card demo hardware from Freescale? The code may execute on the DC16 badge with minimal modification, but there's no temperature sensor on-board so the A/D would just read in nothing.

Joe


I tried the data logger firmware that freescale provides as a demo and was surprised that the temperature sensor returned a constant value. Does it require any extra components ? From the data sheet it looks like it is built in and should work out of the box.

Maybe next year, but it's a fine line between adding lots of extra functionality and test points versus keeping the design slick and clean for the majority of people who are just going to wear the badge and not mess with it. I've had a lot of people come up to me this year and ask for test points to make it easier to solder onto the pins. I personally think making it so easy for people to mess with it ruins the fun, but I'll consider it for next year :)

Joe


As much as I would like to see a micro-controller with extra slober pads, I have to agree with Joe too. The USB port caused enough of a traffic jam in the HHV. I also have my reservations about how n00bs were taught to slober the USB port. IMHO you shouldn't need anything but some flux, resin-core solder, and a wet sponge... NO WICK... Don't solder pins together that you don't want soldered together... I could go on all day.

Besides, if the badge hacking is going to be a black badge event, it shouldn't be too easy.

I think the best thing this year was having the badge specs released a few days early. That way, the few lot of us that really want to do some serious hacking can stock up on parts from HSC and not have to bring the whole kit...

<pipe dream="1">
Too bad some of us bay area folk can't get HSC to bring a nice supply up to the vendor area... </pipe>

Who won the Badge Hacking Contest?

Could we see pictures and their code?

Anyone live in the SFO Bay Area want to get together for some post DEFCON badge hacking?

As much as I would like to see a micro-controller with extra slober pads, I have to agree with Joe too. The USB port caused enough of a traffic jam in the HHV. I also have my reservations about how n00bs were taught to slober the USB port. IMHO you shouldn't need anything but some flux, resin-core solder, and a wet sponge... NO WICK... Don't solder pins together that you don't want soldered together... I could go on all day.

That's generally the method I use as well.

Besides, if the badge hacking is going to be a black badge event, it shouldn't be too easy.

True, but there is a difference between having to do some surface mount soldering, and having to solder wires directly to a SMB chip with maybe .25mm spacing between pins.

...but there is a difference between having to do some surface mount soldering, and having to solder wires directly to a SMB chip with maybe .25mm spacing between pins.

I know about cpu soldering. Never modify radios while a bit loaded... I took out a perfectly good trace on my yaesu FTM-10R while trying to remove a resistor. I fixed it by soldering 30ga wirewrap wire directly to the pin of the CPU and again to where ever that trace went. Soldering one wire to the CPU with a radioshack iron was hard enough, let alone multiple wires, even worse if they were next to each other...

(about the radioshack iron, my weller blew up and it was an emergency, i couldn't let a $300 radio sit there after drunken damage)

But, I could tell you right now, that solder blob idea still pisses me off...

--------------------------------------------------------------------------------

What about badge kits / assembled badges?

As in, the people who want to have a badge and forget about it can register like always, but open up a forum so some of us can request out badge in a non-assembled form, and we can put it together ourselves. That way if we want to solder a few wires from the cpu pads, we can do that before the cpu goes down, either that or we can solder a socket on, so we can solder to the socket pins, and not the micro controller.

I dunno, It sounds neat to me.

Besides, if the badge hacking is going to be a black badge event, it shouldn't be too easy.


True, but there is a difference between having to do some surface mount soldering, and having to solder wires directly to a SMB chip with maybe .25mm spacing between pins.


The difficult bit is coming up with a truly original idea for the badge, and figuring out how to implement it. While soldering is certainly a useful skill to have, excluding people from even being possible contenders in the contest, due to lack of previous experience or fine motor skills, seems to miss the point a bit. I know there's amazing hackers out there, but learning to micro-solder doesn't happen in 24 hours, in my opinion.



As much as I would like to see a micro-controller with extra slober pads, I have to agree with Joe too. The USB port caused enough of a traffic jam in the HHV. I also have my reservations about how n00bs were taught to slober the USB port. IMHO you shouldn't need anything but some flux, resin-core solder, and a wet sponge... NO WICK... Don't solder pins together that you don't want soldered together... I could go on all day.


Most of that traffic jam was due to people needing multiple attempts to actually get the USB port working. ah well.



There is an US Bee on a badge at http://www.defcon.org/OO0

The USB port on the real DEFCON badge has two numbers:

10000100001 binary == 1057 decimal == LosT in leet
1024 DECimal ADDed to 21 hex == 1057 == LosT in leet

Beyond that, I'm "lost."


I thought I remember kingpin saying something at the closing ceremonies about there being an additional hidden site, given clues from the OO0 site, but I'm completely lost in that direction. The only clue I can find is the SUM clue, which was apparently part of the mystery challenge. Did I just mishear?

edit:
just found the other thread. still banging my head on oo0, though. :(

The numbers under the USB connector were used TWICE, for two different things- and note they were used in two different ways as well.

Let me know if you still don't get the hidden website.

1057

The numbers under the USB connector were used TWICE, for two different things- and note they were used in two different ways as well.

Let me know if you still don't get the hidden website.

1057

That is a pretty big hint for this stage. Assuming people get this stage, how long will it take for them to get the next stage?

Update:
I am still looking on google to see if anyone has published the answers and a walk through. Having completed these puzzles, I know the answer, so asking google about what can be found in the answer should give me hits to pages that have a walk-through, if they link to the answer. So far, none have been published! Awesome! It is really cool to see people keeping this a secret. :-)

I will abide by Chris' request to not publish the answer(s) and a walk-through, so the puzzles can be saved for other people to solve.

If you have solved it, could you post a follow-up message here, to let other people know that you've done it?

It might just be me, but I wouldn't consider solving the puzzle actual badge hacking. The same numbers could be found on the defcon handout... I would consider badge hacking as simple as changing th code on the micro controller to be locked into continuous goatse transmission to soldering a tapehead and speaker to you badge so you can pass audio tape... Basically using any part of you badge to yield increased functionality. I would not consider zip-tying something to you badge as actual hacking... But thats just me