Announcement

Collapse
No announcement yet.

DEF CON 29 Badge Hacking

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #61
    Also, if you change the system clock to the date/time when defcon starts, does it behave differently?

    Comment


    • MisterE0x00
      MisterE0x00
      Cybersecurity Engineer
      MisterE0x00 commented
      Editing a comment
      Tried it, didn't do anything different. It's not an onboard firmware unlock. We'll be given new firmware to upload to the device in replacement of what's there.

  • #62
    Here's a loader I made for UF2 files for Ghidra because I'm a weird kind of lazy where I'm lazy enough that I don't want to clone a repo, but not lazy enough that I don't want to write a loader for shits and giggles :)

    https://github.com/wyattearp/ghidra_uf2loader

    Comment


    • #63
      Updated firmware for the human badge? Make sure you grab copies and hashes of your original firmware and serials from your badges! Never know if those bootloader are all the same!!!

      https://defcon.org/signal/

      Comment


      • #64
        Here is the prominent snippet of running SysInternals Strings against the new uf2 firmware. Looks like the magic number is 20 badge connections.
        (all sections with '...' have had junk strings removed by me for better readability)



        Blue value:
        You have collected all the signal parts!
        UF2
        ...
        Now that you have the signal, you must share it with others. Connect to at least 20 people who have not yet collected all the badge types.
        Thank you for doing your part to keep the signal going! To continue your journey, go to:
        Number of Badges Connected:
        UF2
        ...
        Badge Types Collected:
        Times You've Shared the Signal:
        ***Challenge Status***
        Would you like to save the color for LED
        Enter color values from 0-255 for LED
        Press ENTER to continue...
        *** Game Stats ***
        Simon High Score:
        Multiplayer Simon High Score:
        UF2
        ...
        Multiplayer Simon Games Played:
        Multiplayer Simon Longest Badge Chain:
        Send this string back to the person who gave you the request.
        Copy this string and send it to fellow attendees. Their badge will generate a reply string for your badge.
        Green value:
        UF2
        ...
        Choose an option:
        Invalid Input. Please try again:
        Enter new keystroke for key
        You may enter a single character or string of characters.
        Modifiers go before the character they affect
        Available modifiers: [ctrl][alt][shift][gui]
        Media keys: [play][next][b
        UF2
        ...
        ack][stop][eject][mute][vol+][vol-]
        Other keys: [F1]-[F24] [none] (to disable key)
        _____ _____ _____
        | | | | |
        | 1 | 2 | | 5 |
        |_____|_____| |_____|
        | 3 | 4 | | 6 |
        Which Key would you like to change?
        New keystroke:
        Which LED wou
        UF2
        WQ]
        ld you like to change?
        Badge Menu:
        ________
        Badge / |\/|_/ \
        Design | | | \ |
        By \_FACTOR_/
        Badge successfully connected!
        New badge type collected!!
        [1]: Change LED Colors
        [2]: Change Keymap
        [3]: Reset EEPROM
        [4]: Generate Virtual Badge C
        UF2
        ...
        onnection Request
        [5]: Enter Virtual Badge Connection Request or Reply
        Red value:
        Enter the request or reply string:
        Are you sure to want to reset the EEPROM? This will erase all your settings, but will keep your game/challenge data!
        Welcome to DEF CON 29!
        UF2
        ...
        Signal shared!!!
        ERROR: Too long. Please try again:
        defcon.org/signal
        Yes(y) or No(n):
        6-78'
        !"#$%&
        UF2
        ...
        /10
        Human,
        Goon,
        Creator,
        Speaker,
        Artist,
        Vendor,
        Press
        ERROR: This string is from your badge.
        ERROR: This reply is not for your badge.
        ERROR: Already connected to this badge
        UF2
        ...
        BEEtAMORP-umE.WWR
        B12345
        0123456789abcdefghijklmnopqrstuvwxyz
        ...
        UF2
        ...
        UF2
        ...
        MK Factor
        DEF CON 29
        UF2
        ...
        Badge

        Comment


        • #65
          Originally posted by wyatt_earp View Post
          Updated firmware for the human badge? Make sure you grab copies and hashes of your original firmware and serials from your badges! Never know if those bootloader are all the same!!!

          https://defcon.org/signal/
          This states "The lanyard is a USB-A to USB-C cable. Use it to connect badges to each other or to your computer.". Anyone else have that definitely not be the case with the lanyard they got?

          Comment


          • TechGirlMN
            TechGirlMN
            Member
            TechGirlMN commented
            Editing a comment
            I think that's the difference between the virtual and the in-person. virtual peeps got a regular lanyard, since it wouldn't be that difficult to acquire a cable at home.

        • #66
          I'm having an interesting problem which I'm not really sure why it's happening

          Take a look at the output from the console when I press 4 to generate a connection request


          Code:
          Welcome to DEF CON 29!
          ________
          Badge / |\/|_/ \
          Design | | | \ |
          By \_FACTOR_/
          
          defcon.org/signal
          
          ***Challenge Status***
          Number of Badges Connected: 0
          Badge Types Collected:
          
          Badge Menu:
          [1]: Change LED Colors
          [2]: Change Keymap
          [3]: Reset EEPROM
          [4]: Generate Virtual Badge Connection Request
          [5]: Enter Virtual Badge Connection Request or Reply
          Choose an option:
          Copy this string and send it to fellow attendees. Their badge will generate a reply string for your badge.
          17B31DDEF9AE1FB1B16122526575C83
          Choose an option:
          What you'll notice is that the connection request string is 31 characters long, when codes from everyone else are 32 characters long, and thus when I send them to people they return as invalid.

          I've flashed the badge with the new firmware (tried re-flashing it too), but nothing changes.
          When I generate a response code though, it generates 32 characters properly.

          Can't connect to anyone with my badge it seems 😢

          Comment


          • #67
            Did you try to generate more of those strings?

            Comment


            • Xachero
              Xachero commented
              Editing a comment
              yes, this is consistent behavior, generated a few dozen strings, all 31 characters.

          • #68
            I found another interesting thing - if I generate several connection requests, a part of the string is static.
            The first 16bytes are random, followed by 6 static bytes, followed by 10 random bytes.

            Comment


            • #69
              We have a discord server up for those hacking on the badge. https://discord.gg/9DdhhPrV

              Comment


            • #70
              There appears to be a problem with the badges where if you're a goon/speaker/other and you update the firmware, it gets reset to a 'human' badge. There're a couple of people who've had this happen to them as speakers/goons so they don't count on your badge as collecting them all.

              It's not clear if this's intentional or not or if there's some other handshake that should happen.

              Comment


              • #71
                Originally posted by compukidmike View Post
                Hello from MK Factor! We hope you enjoy the badge!
                Is there an up-to-date place for goon badge firmware to be acquired from? It appears when the updated firmware is pulled from /signal it flashes the default badge back to human rather than goon?

                Comment


                • #72
                  I’m new to hardware hacking and I’d love to learn. I have the in person badge but have no idea how to access the hardware and terminal from my computer. Can anyone point me in the right direction?

                  Comment


                  • cmdk
                    cmdk commented
                    Editing a comment
                    For anyone who has not found it yet, you can access the badge through a serial terminal. For example, on mac you can use 'screen /dev/cu.usbmodem123451'

                • #73
                  The lanyard is a USB-A to USB-C cable. Use it to connect badges to each other or to your computer.
                  Did those of us who went virtual this year get stiffed on a lanyard cable? I got a fabric one.

                  Comment


                  • #74
                    Just got my badge the other day .. issue, my wife threw the packaging away that had the code. Is there a way to reset it? Or are the codes all the same?

                    Comment


                    • #75
                      Originally posted by sateng View Post
                      Did you try to generate more of those strings?
                      I'm in the same boat!

                      Comment

                      Working...
                      X