DEF CON 29 Badge Hacking

stanto · August 6, 2021, 03:57

> When you say the can't generate a reply code, is it that their badge rejects the request or your badge rejects the reply?

I make a request
They generate a reply
reply is invalid. 31 characters

They make a request, it's 32 characters
I make a reply
the reply is accepted on their badge.

compukidmike · August 6, 2021, 03:24

I can't see any way that there would be an option to change extra LED colors.

When you say the can't generate a reply code, is it that their badge rejects the request or your badge rejects the reply?

compukidmike · August 6, 2021, 03:20

It's only used for connecting to other badges.

chapinb · August 6, 2021, 03:17

Hey all - redirected here from the discord. Looks like the USB-A port was broken during shipping. Does anyone know it it has functionality beyond joining to other badges? I am remote, so I am trying to figure out if I need to buy a soldering kit/try to learn soldering before playing with the badge.

stanto · August 6, 2021, 03:01

Originally posted by compukidmike

Here's the new firmware that fixes the 31-character issue. I've asked the defcon webmaster to upload it to the signal site. I'll post an update here when that's done.
This forum won't let me upload .uf2 files, so change the file extension to .uf2 after downloading.
NOTE: Uploading new firmware will NOT reset your challenge/game stats.

I've been trying to exchange codes with someone who's using this new firmware.

They can generate a 32 char code and send it to me, which works and they can accept my reply (I'm signal level at this point).

But they can't generate a 32 character reply code to requests I give them.

Also some people report they can change the LED colours of two extra buttons, which are apparently the volume control.

number6 · August 6, 2021, 01:55

Thanks!
For anyone else downloading this firmware image, here is the sha256 checksum hash of 113664 byte long file named "DC29Human2.txt" which you should expect:

Code:

aeb728d194e66a404f9245cb30bf223395577aacbffc01a080631e045387ac14

If the sha256 hash for this file does not match the above, consider downloading from the main website.

To download direct from the main website, check out:
https://defcon.org/signal/

Which has a link to:
https://defcon.org/signal/DC29Human2.uf2

For firmware updates, it is a good idea to make sure the file you download is identical to the one on the server and not damaged, truncated or corrupt before you try to install it!
I computed the sha256 hash of "DC29Human2.uf2" on the main web server ( https://defcon.org/signal/DC29Human2.uf2 )
(Ideally, it would be great to use a cryptographic signature for a file, shipped with a file, which would confirm a private key from a developer signed the firmware as officially being from the vendor/provider, but without such a check, at least being able to verify you have the same thing as the server is a minimal precaution before installing.)

If the sha256sum does not match, for this file named "DC29Human2.uf2" length 113664 bytes, it is probably a *bad* idea to try to flash the firmware you have downloaded to your badge.

How to compute an sha256 hash for files on various OS or systems:

MS Windows 10, in cmd.exe try:

Code:

certutil -hashfile FILENAME sha256

Linux in sh, bash, csh, tcsh, etc. try:

Code:

sha256sum FILENAME

BSD variants in sh, bash, csh, tcsh, etc. try:

Code:

sha256 FILENAME

Using openssl on other:

Code:

openssl dgst -macopt sha:256 FILENAME

compukidmike · August 6, 2021, 01:54

It works here (Win 10). I did a binary comparison and the files are identical.

number6 · August 6, 2021, 01:40

This may not work as you expect. Now that you have uploaded as text, it may be downloaded as 7-bit text. If there was any 8-bit content, it could be lost or translated. Would you try downloading what you just uploaded by clicking the link and then sha256 hash it to see if the same content you downloaded matches what you uploaded? If so, please let people know either way, if it works or does not. (The forum uses UTF-8 for content where possible, but text/plain still has 7-bit risks ans loss of 8th bit or translation for CR/LF and EOL.)

compukidmike · August 6, 2021, 01:12

Here's the new firmware that fixes the 31-character issue. I've asked the defcon webmaster to upload it to the signal site. I'll post an update here when that's done.
This forum won't let me upload .uf2 files, so change the file extension to .uf2 after downloading.
NOTE: Uploading new firmware will NOT reset your challenge/game stats.

Attached Files

DC29Human2.txt (111.0 KB, 275 views)

zevlag · August 6, 2021, 00:55

https://discord.gg/Zvd9cebRMM Try that.

zevlag · August 6, 2021, 00:53

Originally posted by slash128

Tried joining the Discord channel https://discord.gg/9DdhhPrV but it says invalid invite?

Try this one, it should work.:
https://discord.gg/Zvd9cebRMM

qumqats · August 5, 2021, 17:47

https://defcon.org/signal/

BannanaJoe · August 5, 2021, 17:38

Does anyone have a link to the updated firmware? I blew mine away and all I have is the original crippled release.

StackingAces · August 5, 2021, 16:24

Has anyone tried anything with the Independence Day image on the back? when the lights are on it's red and the centre of the UFO?

0xRoM · August 5, 2021, 16:17

I Modified JRWR's code.

https://rossmarks.uk/git/0xRM/DC29BadgeBot

it's now automated. The bot joins an IRC channel, all the bots in the channel all share each others codes.
the longer you wait the more bots their are the more codes get shared around :D

DEF CON 29 Badge Hacking

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment: