 Okay, so Jerry Myers on CTF Batch. Yep, so you guys can go to this website. Alright, so I'll address this evening's presentations on making a CTF Batch. I would like to start off with some food for thought. The last time I gave a presentation, I talked about I guess balance of constraints. This is really inspired by Bunny Huang's adventures in PCB making, especially for his Burning Man in the Institute. So I'd like you guys to think about these constraints, mainly money, time, manpower, space, the loss of physics and actual loss. And how do these constraints actually play a part in this entire project, and perhaps your own engineering experience. So a little bit of context here. My friends at Greyhats, they pinged me sometime early this year, and they asked me, hey, do you want to create a few badges for the Captured Effect download? And it's called Cross-Faculty Captured Effect, or CTF. And you might have a question. What is Captured Effect? So Captured Effect is an information security competition. And as the name suggests, it reflects, and your job is to capture it to end points. So there are many forms of CTS, but mainly you just grab flags, and in order to grab flags, you have to demonstrate a compromise. So if this site looks very familiar, it's because I kind of adapted it from my friend at Greyhats. Sometimes you actually own the flag, and then you have to sort of maintain a service that has a flag, and other people will attack you. And your job is to defend. So there are many, again, flavors of CTF Captured Effect Downloadments, and these are the general gees of it. You have to capture flags, and sometimes you have to defend your flags from others. It looks something like that. This is a bunch of people in a dimly-lit room with a lot of company power and brains. And yep, river sex is hidden somewhere in the code. And people do network analysis, binary reverse engineering, things like that. It's a really cool stuff. But you might ask, why make a batch? And I guess from an engineer's perspective, you might notice that everything is becoming connected. You want to have total control of everything in our life. And the thing is, when we try to add some smartness to our everyday household appliances, etc., we introduce a new interface, and we increase the service area for vulnerabilities attacks. So I guess there's a growing need for computer security professionals to up the game in hardware knowledge, and this provides a way to do so. And that's why we actually created a batch so that we can introduce contestants to a little bit of hardware hacking with minimal fast. So as most of you might have experienced when you're starting out electrical engineering, you might be afraid of connecting one wire to another because when you connect, either your house is tripped or your computer explodes, and then you lose a lot of money, you know, you may injure yourself and cause a lot of problems. So this again is sort of like a dip your toes into hardware, kind of an experience for the information security people. So, and you can get design really cool stuff. I'll pass this around. Please don't destroy it because it's alone for my friend. So, yeah, this is actually Daphon's batch this year. And as you can see, it's a really cool batch. The microcontroller is prepped back in the Nose Beach, and it's an Intel Quark 3D 2000 microcontroller. So it's the latest and greatest. Integrated accelerometer, gyroscope, plus very low power. So they can power it off a 20-32 mAh battery, and I guess it can last for, I don't know, two days, three days. So, we actually, after a bit of talks, we decided to split ourselves into this few books. So, Yixing here, and I will be in charge of the assembly. Everyone here is in charge of port design, and firmware, which is the actual competition of challenges, is done by these two guys, for a really brilliant electrical engineers. And Yixing has helped us in the assembly as well. We're given about $3,000 to build more hardware batches. So it's kind of quite a bit of money. $30,000 to batch, not batch. One inspiration behind this batch was Saskan's batch. Saskan is another InfoSec conference in Singapore, and I guess it was designed by one of the guys sitting there. So, yes, the guy sitting in the middle. I would just refer to him as Mr Tan. So, I'll pass it on to Yixing to talk about this. So, design, we had supposedly a nice long time to design the batch, and we thought we would need, like, well, okay, here's a complete, here's a photo of the final batch, because then we thought we would need a very short time to complete the batch, obviously that didn't happen. So, when we started designing the batch, we had, like, we needed, like, certain features. So, we had to put in USB serial because otherwise there is no easy way to program the batch. Anyway, we wanted to be also kind of like a dev kit afterwards. So, to implement it, we used this really cheap chip called CP2102. There is plenty of counterfeits on the market, and we thought our first revision boards, 90% of them failed because of the chip. We thought that happened, but in the end it turns out it's because you're bad at soldering. Then, the microcontroller we're using on this project is ESP8266. It's a Wi-Fi-enabled microcontroller. It is very, very cheap for the feature set. So, how much would it cost? About $2, about $2 per chip. Then, we like it also because it has a very open, the creators have a very open development mindset. So, they release the entire API online. And the two-chain is free as well. And of course, it has Wi-Fi. Batch-free. So, we originally tried to use the Defconn-Batch, the same 2032 that doesn't work out because ESP8266, unlike Intel Quark, likes to eat power. It can draw 100 milliamps at maximum transmit power. And that obviously doesn't work out for 2032. You need like five of them at the very least and you still get a ridiculous voltage drop. So, it would reset and die. So, we decided to go with a LiPo at 680 milliamp hours, 680, according to top-up. We never actually bothered to test it because it lasted long enough for our purpose. So, for LiPo, you need a nice charger. You have to put in the charger as well. So, conveniently, since there's a USB-0 thing, there's a micro-USB port on the thing, just touch it with USB. Sure, works. Then, we needed a display because the challenge wanted a display and it had to be a graphical display, not a text display. So, why not use an OLED or one of those nice fancy LCD that have high-res 1-inch power? Not really power. Money. Money more important. It's like a dollar or something or so. It's about a dollar and a half. And finally, of course, it's a nice bonus to be able to have a lot of these pairs as death kits. I mean, who doesn't love death kits? So, here's the photo of the revision one board. It's the one that I handed out from the right side. Yeah. This is the final one as well. The version 3 one is the one handed out on the left side, making it brown. So, we thought we would need one revision prototype and then we could go into full production. So, we thought we had a lot of time and money to do all this. So, the first revision, most of the things worked, except those which didn't, which you would expect. This was the one with less problems, but the LCD, there was one problem with the LCD that we didn't notice that was that there is a pin label, not chip enabled. So, we put it high and it's supposed to be put low. And that's why there's a botch wire going on this other bot. But I didn't wire the other one because that one doesn't have LCD. So, because of that, we had to re-spin the second prototype which caused more problems because someone wanted to save. Once someone thought that a chip was too small and the production yield was supposedly too low and changed to one chip to four extra parts. And one of them was upside down. And finally, after this mishap, we made the third revision, which works very well. So, we started off. This is the one I'll forget about, the one that is too tiny. The chip size is about one millimetre by two millimetres wide. It is ridiculously tiny. You can see on the RAM-1 bot beside the other position there. So, what it is, it's a six pin chip that includes appropriate resistors and two transistors. So, we are using it for the auto-reset function so we can automatically upload code from the computer. So, it was supposedly too small then we changed it to four parts instead. So, two resistors and two transistors. And that transistor is supposed to be upside down. Which leads to this. Upside down really badly. At least it works. So, we decided not to play with that anymore and changed back to the original chip but this time in the bigger package we found that RS was carrying it. We used the hotplate with a lot of flux. So, get a hotplate and a lot of flux. So, three regions, three different things. You bring the band. Okay, USB serial. This chip caused us so many problems in revision 1 and 2 until we figured out how to solder it properly because we didn't put enough flux. The pin pitch on this is ridiculously tiny. It's the smallest pin pitch of everything in there. And then, what was happening was that the parts simply weren't connecting with the board. So, we figured out that in order to solder such fine QFN packages you have to use a lot of flux and a lot of patience and hotplate. Also, you note the nice crooked edge or for the snap-off USB connector because I was stuffing parts into this section there. So, eventually we changed it out for a nicer looking straight edge because I think the PCB manufacturer complained, I think. Did they complain? No, but they took really, really long to send so we assumed that they were having problems with this because I'm pretty sure that you're trying to mill that and some of it is going to just snap. This is really tiny. That's all that's attaching it to the board on top. That's all I have for design. That small little bridge there contains I guess four different wires including six. Four different sort of wires and two power, which is actually broken out here. You weren't tempted to use two bridges? Yeah, we used top and bottom. This is all done in a two-layer box. No, you got one. We could have used two bridges but I wanted to make it easy to snap. Oh, yeah. So, I'll talk about the assembly then. So, we bought a lot of things and Christmas came early for us. We provisioned a room in the school to connect the space and we laid it out realizing and this is to facilitate our production and you're going to see it earlier. I guess the first part to producing your own PCBs especially in volume is to do the stenciling. This is all newly arranged solar pasted. Solar pasted. It's in a grey-coloured gunk. It's okay. Whereas the non-pasted parts are combed. So, this is step one. Step two is to pick and place and I guess I'll skip this video. So, this is supposed to be a YouTube video but the YouTube icon is on the right. It's probably because I'm boogie. Yeah, you dropped out. So, I had H plus there. There's no 4G here. So, due to network disabilities I'll just explain once. Yeah, I'll just describe what happened here. What happened is we had a stenciling portion here. I think it tried to load the video. Alright, we had a stenciling portion here and we took the PCB, placed it down here and put the stencil over it spot a bit of solar paste and then we moved the PCB here where we pick and place all the components. There are like more than 30 components for each board. I can do the math. And then after that we placed it on the hot plate let it reflow add flux to the CP2102 because it's QFN and it went down again. And then after that we took it off and we set it to the programming place. We programmed the chip. This is actually a debugging place so if there are any rejects we'll put it back to the debugging place to see whether or not we can chuck salvage it. This entire part here is a place where we put together the accessory kits. So, because of the complexity of this project we need to make sure that everything works so we had a test harness to make sure that everything works. And we compiled some software again, network issues. I can't show you the video. And the surprising thing is we actually had a backup plan of using coin cells but I took a gamble and I bought this off Taobao. The good thing is there's this thing called easy buy so I'm not advocating easy buy here but it just came through the C-chipping graph and it's kind of cool. I guess the people will be thinking that the customers will be thinking this guy is a handphone repair guy and he needs so many batteries to repair old handphones. And the bad thing is everything comes without the connectors and these are all very shortly pasted so there were a lot of key cells about 10 to 20 percent of the batteries would be on arrival. It came in about 3.7 volts it was kind of painful to put on the connectors like wearing a socks under but in this case it's a lot harder. It was also kind of a pain to charge everything at once I had a lot of leftovers USB connectors from my previous PC so I managed to make some jig like this because again our target audience are non-hardware professionals they have never seen or touched electrical engineering projects before so we had a very good introduction page team which we've printed using a PC printer so we are packed so we made these useful little things here to tell people where to put things so again they had to actually help us do the assembly and the packing of stuff so I actually made this to show that you are not supposed to put the batteries together if not like bad things might happen and the accessory kit that was given up with all boards everything you see there I'll just pass this around let's think of one of the challenges this is actually the first stage of the normal challenge there are two challenges there are two routes in the challenge one is the Game Master route and the other one is just everybody's route so this looks like a randomly generated sequence of display characters but if you stare at it for another 10 minutes you'll see something like that and then I guess what you are supposed to gather from this is to understand that actually but then you enter the flag and then you proceed on to the next challenge it's really cool so I don't want to talk too much about my whole journey I guess if you want to know more you can come find me I'll just leave you guys with some top tips do not ever use Nokia LCD in this case the reason being the way this display connects to the board is through some rubber bendy thing that never works ever we had bought about 200 plus LCDs and we only managed to get about 120 so yeah so that 150 become 3 dollars if you are making more than 5 ports at one go I will highly suggest you get a PCBA if you need any suggestion you can approach Mr Tan that he actually made his box to a PCBA and I think that's a more sane way of doing things yeah Kabul is your friend if you want to do some really cheap programming just go with it I would also like to thank Subniro because I was interning there and Subniro actually gave me the opportunity to work on this while I was interning there really cool company with that yeah I was interning there do you have any questions do we have time remaining do you have any remaining time sorry we can show this is a time-lapse video you can take a look at the clock you can note there are two interesting things the sensor has a dent in the corner from there it arrives like that we don't know why so in order to use it you have to have the edge of the side of the table number 2 is this yummy air purifier located conveniently in front of the hot plate it gets really bad there and the windows open and it stills not horrible so this is the so this is to test the LCD contrast and all the buttons if you notice the hello there actually changes capitalization as the buttons are individually pressed so if this works we know that USB serial upload works the ESP8266 is not being crazy all the buttons work LCD is fine so actually test everything that needs to work except for Wi-Fi but we assume that the module can actually Wi-Fi properly it's a module the first idea was to use the chip itself then we gave up on that because nobody knew of blue antennas nobody talked about it much properly I mean you can download antenna modules you can download some software to like model your antenna but you can actually just this kind of precision you go to some any piece of wire will do possibly also number 2 is smaller than the CP2102 so if you want to know more you can go and check out the ender from Github you can view this presentation here