DEF CON 29 Badge Hacking

I’m new to hardware hacking and I’d love to learn. I have the in person badge but have no idea how to access the hardware and terminal from my computer. Can anyone point me in the right direction?

Is there an up-to-date place for goon badge firmware to be acquired from? It appears when the updated firmware is pulled from /signal it flashes the default badge back to human rather than goon?

There appears to be a problem with the badges where if you're a goon/speaker/other and you update the firmware, it gets reset to a 'human' badge. There're a couple of people who've had this happen to them as speakers/goons so they don't count on your badge as collecting them all.

It's not clear if this's intentional or not or if there's some other handshake that should happen.

yes, this is consistent behavior, generated a few dozen strings, all 31 characters.

We have a discord server up for those hacking on the badge. https://discord.gg/9DdhhPrV

I found another interesting thing - if I generate several connection requests, a part of the string is static.
The first 16bytes are random, followed by 6 static bytes, followed by 10 random bytes.

Did you try to generate more of those strings?

I think that's the difference between the virtual and the in-person. virtual peeps got a regular lanyard, since it wouldn't be that difficult to acquire a cable at home.

I'm having an interesting problem which I'm not really sure why it's happening

Take a look at the output from the console when I press 4 to generate a connection request


What you'll notice is that the connection request string is 31 characters long, when codes from everyone else are 32 characters long, and thus when I send them to people they return as invalid.

I've flashed the badge with the new firmware (tried re-flashing it too), but nothing changes.
When I generate a response code though, it generates 32 characters properly.

Can't connect to anyone with my badge it seems 😢

This states "The lanyard is a USB-A to USB-C cable. Use it to connect badges to each other or to your computer.". Anyone else have that definitely not be the case with the lanyard they got?

Here is the prominent snippet of running SysInternals Strings against the new uf2 firmware. Looks like the magic number is 20 badge connections.
(all sections with '...' have had junk strings removed by me for better readability)



Blue value:
You have collected all the signal parts!
UF2
...
Now that you have the signal, you must share it with others. Connect to at least 20 people who have not yet collected all the badge types.
Thank you for doing your part to keep the signal going! To continue your journey, go to:
Number of Badges Connected:
UF2
...
Badge Types Collected:
Times You've Shared the Signal:
***Challenge Status***
Would you like to save the color for LED
Enter color values from 0-255 for LED
Press ENTER to continue...
*** Game Stats ***
Simon High Score:
Multiplayer Simon High Score:
UF2
...
Multiplayer Simon Games Played:
Multiplayer Simon Longest Badge Chain:
Send this string back to the person who gave you the request.
Copy this string and send it to fellow attendees. Their badge will generate a reply string for your badge.
Green value:
UF2
...
Choose an option:
Invalid Input. Please try again:
Enter new keystroke for key
You may enter a single character or string of characters.
Modifiers go before the character they affect
Available modifiers: [ctrl][alt][shift][gui]
Media keys: [play][next][b
UF2
...
ack][stop][eject][mute][vol+][vol-]
Other keys: [F1]-[F24] [none] (to disable key)
_____ _____ _____
| | | | |
| 1 | 2 | | 5 |
|_____|_____| |_____|
| 3 | 4 | | 6 |
Which Key would you like to change?
New keystroke:
Which LED wou
UF2
WQ]
ld you like to change?
Badge Menu:
________
Badge / |\/|_/ \
Design | | | \ |
By \_FACTOR_/
Badge successfully connected!
New badge type collected!!
[1]: Change LED Colors
[2]: Change Keymap
[3]: Reset EEPROM
[4]: Generate Virtual Badge C
UF2
...
onnection Request
[5]: Enter Virtual Badge Connection Request or Reply
Red value:
Enter the request or reply string:
Are you sure to want to reset the EEPROM? This will erase all your settings, but will keep your game/challenge data!
Welcome to DEF CON 29!
UF2
...
Signal shared!!!
ERROR: Too long. Please try again:
defcon.org/signal
Yes(y) or No(n):
6-78'
!"#$%&
UF2
...
/10
Human,
Goon,
Creator,
Speaker,
Artist,
Vendor,
Press
ERROR: This string is from your badge.
ERROR: This reply is not for your badge.
ERROR: Already connected to this badge
UF2
...
BEEtAMORP-umE.WWR
B12345
0123456789abcdefghijklmnopqrstuvwxyz
...
UF2
...
UF2
...
MK Factor
DEF CON 29
UF2
...
Badge

Updated firmware for the human badge? Make sure you grab copies and hashes of your original firmware and serials from your badges! Never know if those bootloader are all the same!!!

https://defcon.org/signal/

Here's a loader I made for UF2 files for Ghidra because I'm a weird kind of lazy where I'm lazy enough that I don't want to clone a repo, but not lazy enough that I don't want to write a loader for shits and giggles :)

https://github.com/wyattearp/ghidra_uf2loader

That right one (the rotor looking thing) has a 3.3v signal on it, left one (ET fingers) is tied to ground. I only had a few minutes to quickly look over the badge as it arrived just now but will hook it up to my scope later and play more.

Can confirm the same. I think it's a timing thing in the current firmware.