DEF CON Forum Site Header Art


No announcement yet.

The story behind DEFCON’s hackable crystal electronic badge, ArsTechnica, Sean Gallagher, DEF CON 27


  • The story behind DEFCON’s hackable crystal electronic badge, ArsTechnica, Sean Gallagher, DEF CON 27

    Their Title 1: Badge life: The story behind DEFCON’s hackable crystal electronic badge
    Their Title 2: Original DEFCON hackable badge creator Joe "Kingpin" Grand gives Ars the story behind his comeback.

    Originally posted by URL1
    Sean Gallagher
    Aug 21, 2019 2:47 pm UTC

    LAS VEGAS—There are many things that make the DEFCON conference stand above all other hacking conferences. It's the largest, of course, with over 30,000 attendees, sprawling over four hotels in Las Vegas this year. And there are the Villages, each of them conferences unto themselves appealing to specific security and hacking communities. But the most visible, unifying part of DEFCON is its badges.

    The DEFCON electronic badges—which for a time were used every other year because of the effort and budget that went into them—are typically the delivery vehicle for a unifying game. Last year's badge was a sophisticated puzzle challenge that included a social element and even a built-in text-based adventure. This year's badges, however, were both deceptively simple and cunningly complex, designed to get DEFCON attendees to interact with each other and explore the whole of the conference rather than falling too deeply into a badge rabbit hole.

    Joe Grand, (AKA "Kingpin"), the designer of DEFCON's very first electronic, hackable badges (used for DEFCONs 14 through 18) returned to the task for this year's 27th edition of the event at the request of DEFCON founder Jeff Moss ("Dark Tangent"). Just before DEFCON kicked off, Grand spoke with Ars about this year's badge design and the effort required to put together a real-world electronic quest for about 30,000 friends. Badged for life

    King said Moss "called me out of the blue at the end of December [2018] and he's like, 'Hey, do you want to do the DEFCON badge?' Well, it was a decent amount of time… it would've been better to be like the day after last DEFCON."

    King agreed, as he had spent much of 2018 traveling to speak and teach, "and I wanted to stay at home… like this would be a great opportunity to stay at home, work on a project, I can see my family more, I won't be on the road. Of course, that shows that I'd forgotten the difficulty of actually designing badges." King acknowledged.

    The task of turning out the DEFCON badge "is a full-time effort," Grand said. "That's why they call it 'badge life'."

    Grand told Moss that he wanted to do something simple "that can appeal to as many people as possible, because the puzzles that have been done are amazing, but I didn't want to exclude people. I kind of put myself in that mindset of like, what if I was attending DEFCON for the first time? What would that feel like?"

    Delivery of the badges required for DEFCON 27 came down to the wire, and Grand had to push manufacturing straight from first working prototype to full production. It's a minor technological miracle that the badges had a relatively low failure rate at the conference—and many of those failures were a result of the hacks performed by attendees.

    Grand originally started off designing DEFCON badges as part of an effort "to bring awareness of hardware and hardware hacking to DEFCON," he said. "In the beginning, we didn't know how people would respond, so we did a simple kind of artistic badge. And people really liked it."

    After DEFCON 14, electronic badges began to gradually take on a life of their own. "Little by little, you'd see other badges starting to come up, with people creating their own for their parties," Grand recalled. "And it really was exciting to see this growth. Then every year, I'd always compete with myself. I'm like, 'what can I do better, what technique can I try, what new art thing can I try?' And my design aesthetic has always been, even with professional products that I do, just very simple, effective things. Like I'm not a puzzle, my brain doesn't work like a puzzle master."

    After his fifth year, as "badge life" blossomed in full, "I said I was never going do it again because I... had [already] spoken my mind, right? I had done the artwork that I wanted to do and shared that side of me with other people and whatever. But I'd always said if Jeff ever asked to me again to do it then I'll do it." Magical crystals

    "Jeff sent me a picture of the theme for the conference, for his idea of the theme of 'Technology's Promise'," Grand said. "And it was all pastel colors and clouds and a woman holding a laptop. It was an ad from the '70s about like the future of technology—the good side of technology. Instead of technology owning you, it's if technology helped you. And I saw that picture and I was just like, something was just like crystals. I don't know, it seemed sort of new age-y."

    Moss later posted the image through DEFCON's Twitter account.
    Preparations are well underway for #DEFCON 27. Meetings are being met, plans are being planned, and the #defcon27theme is ready for its unveiling.

    — DEFCON (@defcon) December 13, 2018
    The theme was the flip-side of DEFCON 26's "1983" tone—the "the inflection point between disorder and dystopia," as Moss had put it in a Twitter post. The DEFCON 27 theme, Moss said, would be about "a major-key, blue-sky thoughtscape…a future where we have tamed some of the demons that plague us now, and tech supports and inspires instead of controlling and surveilling."

    That idea of crystals resulted in the deceptively simple design of the DEFCON 27 badge collection: a printed circuit board, itself a work of digital art, joined to a piece of hand-cut and hand-polished Brazilian quartz. For speaker, artist, press, and other "colored" badges, the quartz was dyed; rose quartz squares were used for the red "goon" (volunteer) badges. "Every single one of the 28,500 pieces that we've made is unique because it's hand-cut crystal," Grand said. "The quartz is going to vary in translucency or transparency. And so we put graphics behind it so you can sometimes see it."

    It was the badge as jewelry—the badges could be worn on a wristband sold in DEFCON's "swag shop," or as a headband, or (as I wore it) as a bolo tie. The badge lanyard could be pulled through "straps" that are "actually high current jumpers for industrial electronics" made in Japan, Grand explained. (Some attendees who clipped their badges to their lanyards with the provided metal hooks managed to short their badges out as a result.)
    There was method to this madness. "There's a bunch of badges everywhere," Grand explained, "so [Moss] and I were like, well what if we move up the stack a little bit so the DEFCON badge has a single one and this fits onto the lanyard? So it will be kind of slide it through, and now your badge is up the lanyard so it's more visible."
    Some of the components are fairly uncommon or had never been used in hackable badges before. "I tried to use some pretty ridiculous complex components," Grand said.
    (Page 2)
    Originally posted by URL2
    Sean Gallagher
    Aug 21, 2019 2:47 pm UTC

    Pointing out some of the integrated circuits, he said, "These are a BGA parts—ball grid array… where instead of having pins coming off the sides, the connections are balls of solder underneath the part, which is pretty hardcore. A lot of modern electronics use it ,but badges don't."

    Then there's the communications element of the badges. Instead of using something like Bluetooth to handle connections between attendees' badges—which would have been prone to the radio frequency hacking skills of DEFCON attendees—Grand used a near-field magnetic induction communications chip typically used in hearing aids and other devices that need to communicate at short distances as part of a "personal area network."

    "Your magnetic field is limited to a very small area," Grand explained. "So if you turned this into some covert data communication device, you could go undetected and exchange information. The badges are alternating between sleeping and transmitting information, and they're broadcasting their certain badge information, which is a unique identifier, the current state of the badge quest that they're in, and then the type of badge."

    The radio chip used to drive the badge's communications and the microcontroller driving the whole badge came from the Dutch global semiconductor manufacturer NXP. "Because I had used Freescale for previous DEFCON badges and NXP ended up buying Freescale, I had a few relationships there. And I was able to convince them to let me work with the radio team to use the part for a 30,000-unit build."

    NXP was excited, Grand said, by the opportunity to get their products out in front of a new audience and see the technology used in a different way. "They're actually sending an engineer to hang out in the hardware hacking village," he added.

    The design on the front is deceptively simple, but the workings of the badge itself are the result of a complex bit of coding and engineering. Instead of a puzzle, Grand came up with a "quest" game, "where attendees need to experience different aspects of DEFCON," Grand told Ars.

    This was in part inspired by another task Grand was handed by Moss: the badges for DEFCON China also required attendees to complete tasks. That design required simplicity because "many of the attendees had never been to a hacking event before," Grand noted.

    The DEFCON China badge was another first: it used a flexible circuit board. But it also had a similar quest to complete. "It was a tree where you would, as you completed a task, the roots of the tree would light up," Grand explained. "And as you completed a root part of the branches would light up. And when you complete all of them, the tree sparkles, so more of the same sort of thing."

    "What I learned from that, seeing their community—the DEFCON China community is much younger, newer, and it's almost like they're learning how to be hackers. And I saw how a wide range of people used the badge, and I was like, 'We need to do that for DEFCON.'

    "Part of the quest is for them to see a talk, visit a village, participate in or watch a contest, see a concert or other arts/entertainment thing, and go to a party, among a few other things."

    At the end of each task, attendees would need to find one of the DEFCON volunteers (referred to as "goons") working the area with a special badge to unlock the next step in their quest.

    "If they are at the right state of their badge quest, the Magic Token will advance them to the next state," Grand explained. "All of the tasks require socializing between different attendees at DEFCON, which I thought would be a good way to have people meet each other and work together to solve the quest—it's less of a puzzle where one person wins and more of a community quest where people can help each other reach the final state."

    In the presence of the "special" badges held by a set of goons (including one held by Jeff Moss himself), new levels are unlocked. These badges, called "magic tokens" by Grand, "are basically badges with a special flag set that are distributed to various goons within the speaking area, the party area, all the different tasks."

    Art installations around DEFCON equipped with badge readers showed attendees how far they had progressed in the quests.

    But linking with all the things wasn't the only way to unlock the quests. Using a UART port on the device (and pieces that could be picked up at the "swag shop"), participants could hack into the badges' code. A guide to badge hacking was soon posted on Reddit.
    Don't know where to start with your #DEFCON27 #badge? There's a nice and thorough write up on /r/defcon that will definitely get you moving.

    — DEFCON (@defcon) August 14, 2019
    By Saturday, a number of people had done just that and had turned their badges into "uber badges"—badges that cycled through all the identities, including the "magic token" badges, and could be used to automatically complete the quests of others in just a few moments.

    I completed the unlocking of my badge. But I may have had a little extra help from my friends.

    — Sean Gallagher (@thepacketrat) August 11, 2019
    The joys of badge life

    Working on both the DEFCON China badges and the DEFCON 27 badges resulted in a bit of a production crunch. "I was buying parts for [the DEFCON 27 badge] back in February, and I hadn't even tested them," Grand said. "We had to buy the radio chip and the microcontroller… usually I'll use development boards and I'll build a prototype and test it before I even make a circuit board. But we didn't have the time." So before he had even verified the design for the badge, Grand and his team were ordering quantities of parts.

    Grand sent the design to the factory in China just before he left home to go to DEFCON China. He got the six prototype badges back on June 10 when he returned. "I had seven days to verify that the hardware worked because we had to start the production order for the badge on June 17th. I had seven days and I had no code written at that point. I had to write enough code to make sure things worked. I had it all in my head of what I needed to do to test things."

    Grand said he was working until 4am nearly every night to write enough code to verify the badges before the manufacturing order went in. "The prototype hardware worked the first time, so that saved us—I had to make a few changes, getting rid of some test points and some other things because I wanted this to look a little cleaner, but we didn't have time to test the production version… so we went from six prototypes to 28,000 units, and we didn't even verify the actual board we were making. It was very stressful."

    Amazingly, the production boards came back without a hitch. "There were so many things that could have gone wrong that didn't," Grand reflected. "I feel like it made me a much more confident engineer and a much more confident troubleshooter, to not get stressed out if there's an issue…I always questioned my abilities—sometimes you compare against other people or other badges or whatever—and I felt like this reminded me of like, 'Oh, I am an engineer, right?'"
      Posting comments is disabled.

    Article Tags


    Latest Articles