DEF CON 29 Badge Hacking

Update:

To get past this error in syslog:

Jul 31 18:31:22 kali-laptop ModemManager[633]: <warn> Could not grab port (tty/ttyACM0): 'Cannot add port 'tty/ttyACM0', unhandled serial type'

systemctl disable ModemManager.service
systemctl stop ModemManager.service

sudo tail -n 0 -f /var/log/syslog

Unplug/replug badge.. new logs:

Jul 31 20:55:31 kali-laptop kernel: [11783.241807] usb 2-2: new full-speed USB device number 13 using xhci_hcd
Jul 31 20:55:31 kali-laptop kernel: [11783.417098] usb 2-2: New USB device found, idVendor=dc29, idProduct=dc29, bcdDevice= 1.00
Jul 31 20:55:31 kali-laptop kernel: [11783.417105] usb 2-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Jul 31 20:55:31 kali-laptop kernel: [11783.417109] usb 2-2: Product: DEF CON 29 Badge
Jul 31 20:55:31 kali-laptop kernel: [11783.417113] usb 2-2: Manufacturer: MK Factor
Jul 31 20:55:31 kali-laptop kernel: [11783.417116] usb 2-2: SerialNumber: 12345
Jul 31 20:55:31 kali-laptop kernel: [11783.433173] cdc_acm 2-2:1.0: ttyACM0: USB ACM device
Jul 31 20:55:31 kali-laptop kernel: [11783.445762] input: MK Factor DEF CON 29 Badge Keyboard as /devices/pci0000:00/0000:00:1c.7/0000:26:00.0/usb2/2-2/2-2:1.2/0003:DC29:DC29.000C/input/input44
Jul 31 20:55:31 kali-laptop kernel: [11783.506617] input: MK Factor DEF CON 29 Badge Consumer Control as /devices/pci0000:00/0000:00:1c.7/0000:26:00.0/usb2/2-2/2-2:1.2/0003:DC29:DC29.000C/input/input45
Jul 31 20:55:31 kali-laptop kernel: [11783.506888] hid-generic 0003:DC29:DC29.000C: input,hidraw0: USB HID v1.11 Keyboard [MK Factor DEF CON 29 Badge] on usb-0000:26:00.0-2/input2

sudo minicom --color=on -D /dev/ttyACM0 -b 9600

Same blank screen will appear.. do not press any key except "=" (equals sign). If any other key is pressed first, need to unplug & retry.

Menu appears (tada):

Welcome to DEF CON 29!
Note: This badge is running very limited firmware. The full firmware will be available when DEF CON starts.

Choose an option:
[1]: Change LED Colors
[2]: Change Keymap
[3]: Reset EEPROM
Enter Number:

Maybe good enough..

Still working on figuring out why it wont show up as a storage device. May need to use other OS for now to update firmware when the time comes.

I'm also having troubles getting it to register as a mass storage device in Kali. It may also be that I don't know where to look (but I tried doing a find on"UF2" since that's part of a firmware file name). However, I am able to access the interface via the screen service. I was just hoping to see the firmware too.

I've tried a combo of Windows and a Kali VM, and switched back and forth between USB and Battery while plugged in. I noticed that either way, my system was recognizing the device yet it seemed to see it differently depending on the switch position. Also, it seems like it might be possible to stop the boot process by pressing a key within the first couple seconds of turning the device on, based on the fact that if I do so, then I can no longer use the keys as a keyboard.

Since you are using minicom from a graphic console using xterm-256color, try launching minicom from that terminal like:

sudo minicom --color=on -D /dev/ttyACM0 -b 9600

or instead of 9600 bps, you can try another speed.

Another option, try altering your graphic terminal color selection and invert the foreground and background colors then try screen from there. (Maybe the session is color-coding the text/font/characters/symbols to display in terminal to be the same as the background color of your terminal making them not invisible.)

Another item, before launching minicom or screen, try typing "reset" at the command line to reset your terminal.

Another item, when connected with screen or minicom, try sending "control-L" which is common for "refresh screen" in terminal and terminal emulators.

Thank you number6 for the reply and suggestions.

$ ls -l /dev/ttyACM0
crw-rw---- 1 root dialout 166, 0 Jul 31 19:21 /dev/ttyACM0

$ ls -l /dev/tty/ttyACM0
ls: cannot access '/dev/tty/ttyACM0': Not a directory

$ sudo find /dev -type f -name \*ACM\* -print
No results
*seems odd that didn't find anything...

Permissions on the /dev directory appear fine ( using sudo after all )
drwxr-xr-x 19 root root 3720 Jul 31 19:06 dev

Permissions on the special device file appear fine
crw-rw---- 1 root dialout 166, 0 Jul 31 19:21 ttyACM0

$ echo "$TERM"
xterm-256color

After setting up minicom:


I will keep trying. Thanks again.

It looks like your path for the serial device may be incorrect.
ls -l /dev/ttyACM0
Does it report no file found?

Try instead:
ls -l /dev/tty/ttyACM0
or
find /dev -type f -name \*ACM\* -print

Make sure the device file you are trying to talk to as a serial device has the path you are telling "Screen" to attach to.

Once you find the path to the serial device, check the UserID owner and GroupID and "mode" permissions. Does the user launching screen have read-write access to the device special file and read/execute access to all directories leading to it? Are you running with a kernel and system using SE Linux and MAC? Consider "ls -lZ" and "chcon" to address.

Press "return" a few time and see is anything appears.

Consider changing your "terminal type"
vt220, vt100 are pretty common. ANSI/ANSI-color are uncommon. If you are at console type:
echo "$TERM"
If it reports something like:
xterm-256color
try changing to xterm or vt220 or vt100

If you are using "xterm" try "gnome terminal" or a different terminal application.

If that fails, many linux distros provide a "real" terminal/dialup client called "minicom" which allows you to specify baud rate, bits, parity, stop bits and more. You can tell minicom which serial device you want it to talk to and save profiles for each serial device. (see man page.)

My first guess, however, is one of path/permissions to the added serial device and second is a guess on terminal emulation you are using.

Has anyone been successful getting the badge to show up as mass storage device in Kali Linux?

sudo tail -n 0 -f /var/log/syslog

Plug in badge

Output:

Jul 31 18:31:04 kali-laptop kernel: [ 3116.673294] usb 2-2: new full-speed USB device number 8 using xhci_hcd
Jul 31 18:31:04 kali-laptop kernel: [ 3116.849325] usb 2-2: New USB device found, idVendor=dc29, idProduct=dc29, bcdDevice= 1.00
Jul 31 18:31:04 kali-laptop kernel: [ 3116.849332] usb 2-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Jul 31 18:31:04 kali-laptop kernel: [ 3116.849335] usb 2-2: Product: DEF CON 29 Badge
Jul 31 18:31:04 kali-laptop kernel: [ 3116.849339] usb 2-2: Manufacturer: MK Factor
Jul 31 18:31:04 kali-laptop kernel: [ 3116.849342] usb 2-2: SerialNumber: 12345
Jul 31 18:31:04 kali-laptop kernel: [ 3116.865396] cdc_acm 2-2:1.0: ttyACM0: USB ACM device
Jul 31 18:31:04 kali-laptop kernel: [ 3116.877813] input: MK Factor DEF CON 29 Badge Keyboard as /devices/pci0000:00/0000:00:1c.7/0000:26:00.0/usb2/2-2/2-2:1.2/0003:DC29:DC29.0007/input/input34
Jul 31 18:31:04 kali-laptop kernel: [ 3116.938321] input: MK Factor DEF CON 29 Badge Consumer Control as /devices/pci0000:00/0000:00:1c.7/0000:26:00.0/usb2/2-2/2-2:1.2/0003:DC29:DC29.0007/input/input35
Jul 31 18:31:04 kali-laptop kernel: [ 3116.938613] hid-generic 0003:DC29:DC29.0007: input,hidraw0: USB HID v1.11 Keyboard [MK Factor DEF CON 29 Badge] on usb-0000:26:00.0-2/input2
Jul 31 18:31:22 kali-laptop ModemManager[633]: <info> [device /sys/devices/pci0000:00/0000:00:1c.7/0000:26:00.0/usb2/2-2] creating modem with plugin 'Generic' and '1' ports
Jul 31 18:31:22 kali-laptop ModemManager[633]: <warn> Could not grab port (tty/ttyACM0): 'Cannot add port 'tty/ttyACM0', unhandled serial type'
Jul 31 18:31:22 kali-laptop ModemManager[633]: <warn> Couldn't create modem for device '/sys/devices/pci0000:00/0000:00:1c.7/0000:26:00.0/usb2/2-2': Failed to find primary AT port

lsusb

Output:

Bus 003 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 002 Device 008: ID dc29:dc29 MK Factor DEF CON 29 Badge
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

sudo screen /dev/ttyACM0 9600

Produces a blank terminal with no greeting messages. However it still accepts commands i.e. 1, 2, 3, and anything invalid.

No storage device in File System.

Tried a few things with no luck including...

https://itectec.com/ubuntu/ubuntu-co...t-tty-ttyacm0/

Thanks.

I'm also attending virtually and would love to collab.

Next to the USB-A connector on the back there's 10 small contact pads - 10-pin ICSP header I'm guessing? Has anyone tried it yet?

I think the back of the neck barcode may be from Dark Angel - https://darkangel.fandom.com/wiki/X-Series

Thank you for sharing! Just printed mine.

Thanks for posting this. The firmware has the same hash as the human one so it looks to be no different.

Also what may be obvious is there's a couple of 'test points' aligned with the graphics, such as where the fingers touch together and the centre of a rotor? there's also what looks like a trace that can be cut or an SMD component soldered in place to the 'billboard' showing the binary code, and another in the bottom left next to the plastic pin.

Maybe this is too obvious for everyone, but most of the pictures on the back are scenes from movies:

1. ET
2. Hackers (?)
3. Max Headroom
4. THX 1138
5. Independence Day (?)

Does that look about right?

USB-A to USB-C

Goon firmware as shipped: https://kallahar.com/defcon/2021/Def...as_shipped.zip

UF2 Bootloader v3.13.0-9-g2fd0593-dirty FAO
Model: DEF CON 29 Badge
Board-ID: SAMD21G16B-dc29-v0