Tweet
URL2=https://hackaday.com/2019/08/08/firs...ngpin-is-back/
Their Title 1: First Look At DEF CON 27 Official Badge; Kingpin Is Back!
by: Mike Szczys August 8, 2019
Badge puzzle/hacking thread: https://forum.defcon.org/node/229539
Originally posted by URL1
First Look At DEF CON 27 Official Badge; Kingpin Is Back!
8 Comments by: Mike Szczys August 8, 2019
The first big surprise Vegas had in store for everyone is that the DEF CON badge is an electronic badge this year. It’s traditionally been the DC practice to alternate years between electronic and non-electronic badges. Last year we had a fantastic electronic badge designed by the ToyMakers, so I had expected something more passive like the vinyl LP badge from a few years ago. What a pleasant surprise to learn otherwise!
Second up on the surprise list is the badge maker himself. The design is a throwback to days of yore as Joe Grand steps up to the plate once again. Veterans know him as Kingpin, and his badge-making legacy runs deep. Let’s jump in and take a look.
Hardware
There were 26,500 total badges manufactured with a 99% yield by a US-based fab house because of the complexities of the build. The timeline was incredibly tight, with Joe Grand’s turnaround from alpha prototype (no bodge wires!) to production in just seven days. He had to write and verify all low-level drivers in this time, and go to production without first testing the inevitable board revisions.
The shape of the badge is simple enough, just a small PCB disc about 3 inches in diameter. The defining visual factor for this badge is the thick diffuser. This is quartz crystal from Brazil, cut and polished specifically for the badges by a gem and jewelry company in China. For Human badges (the regular conference attendees) it’s just a white disc, but the rarer variants look a bit fancier.
On the back of the PCB you’ll find all the goodies. There’s a microcontroller and LED driver (Kinetis KL27, and TI LP5569) off to one side which power the reverse-mounted LEDs. To the other side of the board there’s a chip that provides badge interactivity. Place two of these badges near each other (about 2 feet away) and they’ll transfer data. You don’t need to physically connect them, which sometimes proved troublesome with last year’s badges as the connectors had an unpleasant tendency to break off.
Power is provided by a single CR2032 coin cell. Two LDOs on the board provide the 1.3 V and 1.8 V necessary to power all of the chips. There are six reverse-mounted LEDS (some are multicolor, some single color, depends on the badge variant) and Joe assures me there’s more than enough juice to keep them running all weekend long. The Magic of Wireless that’s Not
Badge-to-badge communication uses a magnetic field, not radio frequency! The radio chip is something special, the NXH2261UK from NXP uses near field magnetic induction (NFMI) to both receive and transmit from the coil that’s on the board. This is wireless communications, but it’s not emitting radio frequency — you can’t listen in on it with an SDR. The concept is a rarity in consumer goods, most commonly you’ll find it incorporated in hearing aids. This chip-scale BGA is the smallest package Joe has used in a design. A Lanyard Connector of a Different Color
There’s a novel take on connecting lanyards this year. Rather than rely on a hole in the board, there are two lugs soldered onto the board. These parts are normally used as jumpers in high-voltage applications. You’re meant to thread the lanyards through these two lugs, leaving the actual hook on the lanyard for unofficial badges. Joe Grand may not have included a header for “shitty” add-ons, but he’s still managed to fully embrace custom hardware badge culture — of course he played a large part in the genesis of this culture. Puzzle
The first obvious part of the puzzle is the unlocks you get by holding badges up to different varieties like those issued to Goons, Speakers, Artist, Press, etc. I assume this causes firmware unlocks that slowly reveal the puzzle.
People are already hard at work unlocking the secrets within. [charliex] discovered the serial pads which are an alternating footprint for SMD 0.1″ pin header. He reports a UART (1.8v logic levels) and reveals on his Twitter account some of the dump from the terminal. He’s also posted a dump of the firmware, which I’m told is the same on all badges, and excellent closeup images of the hardware on his GitHub.
Solve this Badge!
It takes a village to hack a badge. Click this magic link to automatically join the badge solving project on Hackaday.io. You can view the project here.
Make new project logs for each challenge you’re trying to solve on the badge. Jump into the public chat to discuss what’s going on. All are welcome, you don’t need to be here to take part. Ask for more info from people who have a badge in hand and tackle the challenges the come to mind! Just make sure you’re posting back new info as fast as you can find it.
Posted in cons, Featured, SliderTagged badge life, DEF CON, defcon 27, hardware badge, joe grand, official badge
8 Comments by: Mike Szczys August 8, 2019
The first big surprise Vegas had in store for everyone is that the DEF CON badge is an electronic badge this year. It’s traditionally been the DC practice to alternate years between electronic and non-electronic badges. Last year we had a fantastic electronic badge designed by the ToyMakers, so I had expected something more passive like the vinyl LP badge from a few years ago. What a pleasant surprise to learn otherwise!
Second up on the surprise list is the badge maker himself. The design is a throwback to days of yore as Joe Grand steps up to the plate once again. Veterans know him as Kingpin, and his badge-making legacy runs deep. Let’s jump in and take a look.
Hardware
There were 26,500 total badges manufactured with a 99% yield by a US-based fab house because of the complexities of the build. The timeline was incredibly tight, with Joe Grand’s turnaround from alpha prototype (no bodge wires!) to production in just seven days. He had to write and verify all low-level drivers in this time, and go to production without first testing the inevitable board revisions.
The shape of the badge is simple enough, just a small PCB disc about 3 inches in diameter. The defining visual factor for this badge is the thick diffuser. This is quartz crystal from Brazil, cut and polished specifically for the badges by a gem and jewelry company in China. For Human badges (the regular conference attendees) it’s just a white disc, but the rarer variants look a bit fancier.
On the back of the PCB you’ll find all the goodies. There’s a microcontroller and LED driver (Kinetis KL27, and TI LP5569) off to one side which power the reverse-mounted LEDs. To the other side of the board there’s a chip that provides badge interactivity. Place two of these badges near each other (about 2 feet away) and they’ll transfer data. You don’t need to physically connect them, which sometimes proved troublesome with last year’s badges as the connectors had an unpleasant tendency to break off.
Power is provided by a single CR2032 coin cell. Two LDOs on the board provide the 1.3 V and 1.8 V necessary to power all of the chips. There are six reverse-mounted LEDS (some are multicolor, some single color, depends on the badge variant) and Joe assures me there’s more than enough juice to keep them running all weekend long. The Magic of Wireless that’s Not
Badge-to-badge communication uses a magnetic field, not radio frequency! The radio chip is something special, the NXH2261UK from NXP uses near field magnetic induction (NFMI) to both receive and transmit from the coil that’s on the board. This is wireless communications, but it’s not emitting radio frequency — you can’t listen in on it with an SDR. The concept is a rarity in consumer goods, most commonly you’ll find it incorporated in hearing aids. This chip-scale BGA is the smallest package Joe has used in a design. A Lanyard Connector of a Different Color
There’s a novel take on connecting lanyards this year. Rather than rely on a hole in the board, there are two lugs soldered onto the board. These parts are normally used as jumpers in high-voltage applications. You’re meant to thread the lanyards through these two lugs, leaving the actual hook on the lanyard for unofficial badges. Joe Grand may not have included a header for “shitty” add-ons, but he’s still managed to fully embrace custom hardware badge culture — of course he played a large part in the genesis of this culture. Puzzle
The first obvious part of the puzzle is the unlocks you get by holding badges up to different varieties like those issued to Goons, Speakers, Artist, Press, etc. I assume this causes firmware unlocks that slowly reveal the puzzle.
People are already hard at work unlocking the secrets within. [charliex] discovered the serial pads which are an alternating footprint for SMD 0.1″ pin header. He reports a UART (1.8v logic levels) and reveals on his Twitter account some of the dump from the terminal. He’s also posted a dump of the firmware, which I’m told is the same on all badges, and excellent closeup images of the hardware on his GitHub.
Solve this Badge!
It takes a village to hack a badge. Click this magic link to automatically join the badge solving project on Hackaday.io. You can view the project here.
Make new project logs for each challenge you’re trying to solve on the badge. Jump into the public chat to discuss what’s going on. All are welcome, you don’t need to be here to take part. Ask for more info from people who have a badge in hand and tackle the challenges the come to mind! Just make sure you’re posting back new info as fast as you can find it.
Posted in cons, Featured, SliderTagged badge life, DEF CON, defcon 27, hardware badge, joe grand, official badge