Announcement

Collapse
No announcement yet.

DEF CON 29 Badge Hacking

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #46
    Originally posted by raven_coda View Post
    What kind of cable should we bring to connect badges together at the con? USB-A to USB-A?
    USB-A to USB-C

    Comment


    • #47
      Maybe this is too obvious for everyone, but most of the pictures on the back are scenes from movies:

      1. ET
      2. Hackers (?)
      3. Max Headroom
      4. THX 1138
      5. Independence Day (?)

      Does that look about right?

      Comment


    • #48
      Also what may be obvious is there's a couple of 'test points' aligned with the graphics, such as where the fingers touch together and the centre of a rotor? there's also what looks like a trace that can be cut or an SMD component soldered in place to the 'billboard' showing the binary code, and another in the bottom left next to the plastic pin.

      Comment


      • Sens
        Sens commented
        Editing a comment
        That right one (the rotor looking thing) has a 3.3v signal on it, left one (ET fingers) is tied to ground. I only had a few minutes to quickly look over the badge as it arrived just now but will hook it up to my scope later and play more.

    • #49
      Next to the USB-A connector on the back there's 10 small contact pads - 10-pin ICSP header I'm guessing? Has anyone tried it yet?

      Comment


      • Case
        Case commented
        Editing a comment
        I was wondering about that myself..

    • #50
      Has anyone been successful getting the badge to show up as mass storage device in Kali Linux?

      sudo tail -n 0 -f /var/log/syslog

      Plug in badge

      Output:

      Jul 31 18:31:04 kali-laptop kernel: [ 3116.673294] usb 2-2: new full-speed USB device number 8 using xhci_hcd
      Jul 31 18:31:04 kali-laptop kernel: [ 3116.849325] usb 2-2: New USB device found, idVendor=dc29, idProduct=dc29, bcdDevice= 1.00
      Jul 31 18:31:04 kali-laptop kernel: [ 3116.849332] usb 2-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
      Jul 31 18:31:04 kali-laptop kernel: [ 3116.849335] usb 2-2: Product: DEF CON 29 Badge
      Jul 31 18:31:04 kali-laptop kernel: [ 3116.849339] usb 2-2: Manufacturer: MK Factor
      Jul 31 18:31:04 kali-laptop kernel: [ 3116.849342] usb 2-2: SerialNumber: 12345
      Jul 31 18:31:04 kali-laptop kernel: [ 3116.865396] cdc_acm 2-2:1.0: ttyACM0: USB ACM device
      Jul 31 18:31:04 kali-laptop kernel: [ 3116.877813] input: MK Factor DEF CON 29 Badge Keyboard as /devices/pci0000:00/0000:00:1c.7/0000:26:00.0/usb2/2-2/2-2:1.2/0003:DC29:DC29.0007/input/input34
      Jul 31 18:31:04 kali-laptop kernel: [ 3116.938321] input: MK Factor DEF CON 29 Badge Consumer Control as /devices/pci0000:00/0000:00:1c.7/0000:26:00.0/usb2/2-2/2-2:1.2/0003:DC29:DC29.0007/input/input35
      Jul 31 18:31:04 kali-laptop kernel: [ 3116.938613] hid-generic 0003:DC29:DC29.0007: input,hidraw0: USB HID v1.11 Keyboard [MK Factor DEF CON 29 Badge] on usb-0000:26:00.0-2/input2
      Jul 31 18:31:22 kali-laptop ModemManager[633]: <info> [device /sys/devices/pci0000:00/0000:00:1c.7/0000:26:00.0/usb2/2-2] creating modem with plugin 'Generic' and '1' ports
      Jul 31 18:31:22 kali-laptop ModemManager[633]: <warn> Could not grab port (tty/ttyACM0): 'Cannot add port 'tty/ttyACM0', unhandled serial type'
      Jul 31 18:31:22 kali-laptop ModemManager[633]: <warn> Couldn't create modem for device '/sys/devices/pci0000:00/0000:00:1c.7/0000:26:00.0/usb2/2-2': Failed to find primary AT port

      lsusb

      Output:

      Bus 003 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
      Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
      Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
      Bus 002 Device 008: ID dc29:dc29 MK Factor DEF CON 29 Badge
      Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
      Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
      Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

      sudo screen /dev/ttyACM0 9600

      Produces a blank terminal with no greeting messages. However it still accepts commands i.e. 1, 2, 3, and anything invalid.

      No storage device in File System.

      Tried a few things with no luck including...

      https://itectec.com/ubuntu/ubuntu-co...t-tty-ttyacm0/

      Thanks.

      Comment


      • #51
        Originally posted by green01 View Post
        Has anyone been successful getting the badge to show up as mass storage device in Kali Linux?
        ...
        Jul 31 18:31:04 kali-laptop kernel: [ 3116.865396] cdc_acm 2-2:1.0: ttyACM0: USB ACM device
        ...
        Jul 31 18:31:22 kali-laptop ModemManager[633]: <warn> Could not grab port (tty/ttyACM0): 'Cannot add port 'tty/ttyACM0', unhandled serial type'
        ...
        sudo screen /dev/ttyACM0 9600

        Produces a blank terminal with no greeting messages. However it still accepts commands i.e. 1, 2, 3, and anything invalid.

        No storage device in File System.

        Tried a few things with no luck including...

        https://itectec.com/ubuntu/ubuntu-co...t-tty-ttyacm0/

        Thanks.
        It looks like your path for the serial device may be incorrect.
        ls -l /dev/ttyACM0
        Does it report no file found?

        Try instead:
        ls -l /dev/tty/ttyACM0
        or
        find /dev -type f -name \*ACM\* -print

        Make sure the device file you are trying to talk to as a serial device has the path you are telling "Screen" to attach to.

        Once you find the path to the serial device, check the UserID owner and GroupID and "mode" permissions. Does the user launching screen have read-write access to the device special file and read/execute access to all directories leading to it? Are you running with a kernel and system using SE Linux and MAC? Consider "ls -lZ" and "chcon" to address.

        Originally posted by green01 View Post
        sudo screen /dev/ttyACM0 9600

        Produces a blank terminal with no greeting messages. However it still accepts commands i.e. 1, 2, 3, and anything invalid.
        Press "return" a few time and see is anything appears.

        Consider changing your "terminal type"
        vt220, vt100 are pretty common. ANSI/ANSI-color are uncommon. If you are at console type:
        echo "$TERM"
        If it reports something like:
        xterm-256color
        try changing to xterm or vt220 or vt100

        If you are using "xterm" try "gnome terminal" or a different terminal application.

        If that fails, many linux distros provide a "real" terminal/dialup client called "minicom" which allows you to specify baud rate, bits, parity, stop bits and more. You can tell minicom which serial device you want it to talk to and save profiles for each serial device. (see man page.)

        My first guess, however, is one of path/permissions to the added serial device and second is a guess on terminal emulation you are using.
        Last edited by number6; July 31, 2021, 17:03.
        6: "Who is Number1?"
        2: "You are number6"
        6: "I am not a number!..."

        Comment


        • #52
          Thank you number6 for the reply and suggestions.

          $ ls -l /dev/ttyACM0
          crw-rw---- 1 root dialout 166, 0 Jul 31 19:21 /dev/ttyACM0

          $ ls -l /dev/tty/ttyACM0
          ls: cannot access '/dev/tty/ttyACM0': Not a directory

          $ sudo find /dev -type f -name \*ACM\* -print
          No results
          *seems odd that didn't find anything...

          Permissions on the /dev directory appear fine ( using sudo after all )
          drwxr-xr-x 19 root root 3720 Jul 31 19:06 dev

          Permissions on the special device file appear fine
          crw-rw---- 1 root dialout 166, 0 Jul 31 19:21 ttyACM0

          $ echo "$TERM"
          xterm-256color

          After setting up minicom:

          Click image for larger version

Name:	minicom-defconbadge.png
Views:	1879
Size:	60.3 KB
ID:	238803
          I will keep trying. Thanks again.

          Comment


          • number6
            number6 commented
            Editing a comment
            Since you are using minicom from a graphic console using xterm-256color, try launching minicom from that terminal like:

            sudo minicom --color=on -D /dev/ttyACM0 -b 9600

            or instead of 9600 bps, you can try another speed.

            Another option, try altering your graphic terminal color selection and invert the foreground and background colors then try screen from there. (Maybe the session is color-coding the text/font/characters/symbols to display in terminal to be the same as the background color of your terminal making them not invisible.)

            Another item, before launching minicom or screen, try typing "reset" at the command line to reset your terminal.

            Another item, when connected with screen or minicom, try sending "control-L" which is common for "refresh screen" in terminal and terminal emulators.
            Last edited by number6; July 31, 2021, 18:35.

          • green01
            green01 commented
            Editing a comment
            Update:

            To get past this error in syslog:

            Jul 31 18:31:22 kali-laptop ModemManager[633]: <warn> Could not grab port (tty/ttyACM0): 'Cannot add port 'tty/ttyACM0', unhandled serial type'

            systemctl disable ModemManager.service
            systemctl stop ModemManager.service

            sudo tail -n 0 -f /var/log/syslog

            Unplug/replug badge.. new logs:

            Jul 31 20:55:31 kali-laptop kernel: [11783.241807] usb 2-2: new full-speed USB device number 13 using xhci_hcd
            Jul 31 20:55:31 kali-laptop kernel: [11783.417098] usb 2-2: New USB device found, idVendor=dc29, idProduct=dc29, bcdDevice= 1.00
            Jul 31 20:55:31 kali-laptop kernel: [11783.417105] usb 2-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
            Jul 31 20:55:31 kali-laptop kernel: [11783.417109] usb 2-2: Product: DEF CON 29 Badge
            Jul 31 20:55:31 kali-laptop kernel: [11783.417113] usb 2-2: Manufacturer: MK Factor
            Jul 31 20:55:31 kali-laptop kernel: [11783.417116] usb 2-2: SerialNumber: 12345
            Jul 31 20:55:31 kali-laptop kernel: [11783.433173] cdc_acm 2-2:1.0: ttyACM0: USB ACM device
            Jul 31 20:55:31 kali-laptop kernel: [11783.445762] input: MK Factor DEF CON 29 Badge Keyboard as /devices/pci0000:00/0000:00:1c.7/0000:26:00.0/usb2/2-2/2-2:1.2/0003:DC29:DC29.000C/input/input44
            Jul 31 20:55:31 kali-laptop kernel: [11783.506617] input: MK Factor DEF CON 29 Badge Consumer Control as /devices/pci0000:00/0000:00:1c.7/0000:26:00.0/usb2/2-2/2-2:1.2/0003:DC29:DC29.000C/input/input45
            Jul 31 20:55:31 kali-laptop kernel: [11783.506888] hid-generic 0003:DC29:DC29.000C: input,hidraw0: USB HID v1.11 Keyboard [MK Factor DEF CON 29 Badge] on usb-0000:26:00.0-2/input2

            sudo minicom --color=on -D /dev/ttyACM0 -b 9600

            Same blank screen will appear.. do not press any key except "=" (equals sign). If any other key is pressed first, need to unplug & retry.

            Menu appears (tada):

            Welcome to DEF CON 29!
            Note: This badge is running very limited firmware. The full firmware will be available when DEF CON starts.

            Choose an option:
            [1]: Change LED Colors
            [2]: Change Keymap
            [3]: Reset EEPROM
            Enter Number:

            Maybe good enough..

            Still working on figuring out why it wont show up as a storage device. May need to use other OS for now to update firmware when the time comes.

          • number6
            number6 commented
            Editing a comment
            congrats on the progress!

        • #53
          I'm also having troubles getting it to register as a mass storage device in Kali. It may also be that I don't know where to look (but I tried doing a find on"UF2" since that's part of a firmware file name). However, I am able to access the interface via the screen service. I was just hoping to see the firmware too.

          I've tried a combo of Windows and a Kali VM, and switched back and forth between USB and Battery while plugged in. I noticed that either way, my system was recognizing the device yet it seemed to see it differently depending on the switch position. Also, it seems like it might be possible to stop the boot process by pressing a key within the first couple seconds of turning the device on, based on the fact that if I do so, then I can no longer use the keys as a keyboard.

          Comment


          • #54
            Ah, ok got it. I saw the message about having to hold a button down while powering on. My observations from before still stand however.

            Comment


            • #55
              Originally posted by pRs3k View Post
              I'm also having troubles getting it to register as a mass storage device in Kali.
              Hold the bottom right switch down when plugging in USB for MSC. You should have a single red LED pulsing under the top left switch.

              Comment


              • #56
                Originally posted by bugs View Post
                Next to the USB-A connector on the back there's 10 small contact pads - 10-pin ICSP header I'm guessing? Has anyone tried it yet?
                It's a TAG-connect 10- pin. https://www.tag-connect.com/product-.../10-pin-target
                Usually used for programming/JTAG/UART.

                Comment


                • #57
                  My human badge has a broken J3 connector, found it inside the bubble wrap. Is this part of the puzzle? Or should it have come connected?a defcon 29 badge, male connector, and lanyard

                  Comment


                  • moldavia
                    moldavia commented
                    Editing a comment
                    One of mine was broken off too. Wasn't too terrible to solder back on, but the exposed pads are a bit small.

                • #58
                  wow..mine is still on the way. hopefully, I can get it before the conference.

                  Comment


                  • #59
                    I seem to be having issue with intermittent functionality. The lights blink with every button press, but they don't always do their function on the computer (using Apple MBP). Sometimes will mute/unmute, play/pause, or adjust the volume, but far more often does nothing. 1/20 clicks does something, and it'll tend to work for a couple seconds at a time then go back to not working.

                    Comment


                    • pyllyukko
                      pyllyukko commented
                      Editing a comment
                      My badge does the same :/ I hope it's only because of the "limited firmware".

                    • wyatt_earp
                      wyatt_earp commented
                      Editing a comment
                      Can confirm the same. I think it's a timing thing in the current firmware.

                  • #60
                    Anyone looking at the badge under blacklight or using an ir sensor powered off/on?

                    Comment

                    Working...
                    X