 Okay, so I'm going to kick off DEF CON 16 and on time. No, I had to make it late. I had to make it late So it's a crazy year this year. We've got the whole space. You probably noticed that We've rearranged a couple of things to try to get some better flow going on and we spent a Lot of time trying to come up with these really cool badges this year For all those with the paper badges. They're not quite as cool. Are they? No, they're not But there's a story about it so you can Take solace and hearing a really interesting story about the badges and Joe will give you all the nitty-gritty details, but So the next 3666 badges cleared customs through Alaska yesterday, and they'll they'll arrive here in 20 minutes and And so we'll be substituting out all the paper badges for real badges So once they're all in we'll start making announcements and people can get in a line and swap out the paper and get the real ones And then tomorrow another several thousand badges arrive and then we'll have plenty of badges and then the idea is Because every year Joe tries to get a badge hacking contest going and not everybody wants to beat up their badges So we're gonna have extras this year We hope and we'll sell them at the end of the con and then you can beat those up and keep your other ones In pristine condition or maybe you can combine three of them into some kind of transformer-esque, you know cyber work But you'll figure something out and then when you come next year you're gonna have some pretty crazy creations that will show off and I Don't know if I should tell them Secret okay, okay, you'll they'll figure it out though because they're smart And Then we also have the guy for more games if you didn't follow this on the forums Lightman the character that the lightman character was model after of in-war games is here And we're gonna be screening in war games tonight And then afterward we can pick the brain of the guy that the hacker was model after and he's a pretty interesting character So he'll be there if you run out and buy copies of the DVD. I'm sure he'll sign them for you We've got a fantastic lineup. We've got a network double the bandwidth. We're at 20 megabits this year and If you try to put up an SSID of Def Con I think we'll Doss your machine store your MAC address and destroy it for the rest of the weekend. So don't do that We've got this really cool chill-out lounge, which is new It's where the black and white ball was last time but this time we've paid a designing lighter to come in set up All this really cool lighting effects. We've turned it into a chill-out lounge Which should run between now and the end of the con we've got Wi-Fi in there now It's the only place at the con you're going to see a Wi-Fi access point called war zone If you connect the war zone you get allowed to connect to anybody else assigned to that access point So if you want to trade your zero-day Juarez, you can do it on the war zone But also know that other people can attack and scan you there as well Otherwise if you stay on the Def Con access point The way the firewall rules are set up. You won't be able to talk or see any other attendee You'll only be able to talk to the gateway So that's how we try to get a little bit more security What else we got going on I'm going to hand it off to King pin Joe grand aka But you have to first I have to call your phone. I gotta call your phone. Oh Yeah, turn your phone back on and Joe can finally talk about a secret project if you were at the closing ceremonies last year I accidentally let the cat out of the bag. I sort of let the cat They're not allowed to block wait these guys are not allowed to blog about it if we talk about it right now Okay, okay, they can publish anything that's available you can publish anything that's on the interwebs, okay I'm calling Joe right now. Okay, this is what his phone sounds like Joe Grant. No, that's not what it says your phone didn't ring There's some network latencies. This is how I'm going to introduce him Verizon the winning badges song from last year And with that I want to hand it over to Kingpin that's going to tell you the long and tortured story of Last year to this year. Oh Man, all right, what's up everybody? My name is Joe grand aka Kingpin That's me on the screen, but could we put the slides up please? It's probably more interesting to look at those That's good. There we go. All right We had 1000 badges 1000 human badges arrive Yesterday and there's a thousand of you guys that have them everyone else has the pretty looking lime colored badge I'll explain that problem later, but you will get real badges I'm going to get just right into the details of making this badge I don't know. I haven't actually gone through these slides yet. So I'll just kind of make it up that I go along All right, so the process like last year we wanted to make something that was cool and hackable You know this one has some bling you guys can add your own bling But really just do something that that would get people excited about modifying hardware about playing with their badges Whether they're they're attacking the firmware side whether they're adding shit to the front whatever it is We want to just do something. I felt last year was a little over engineered I had a lot of functionality in there that nobody ever took advantage of things like the optional accelerometer The optional wireless interface a lot of you guys Went and got components for me and nobody did anything with them so Lost said he did but I haven't seen it yet Next year. Yeah, two years later. We'll see something Anyway, so that was a lot of work on my part for no real benefit in the batch hacking contest So I wanted to make it more simple Where people can just look at the badge there's minimal components, but there's a lot you can do so that was the intent This is the my first sketch. Let's see January February March April 14th of 2008 is When we first started discussing this badge After all the problems we've been through this year. It's gonna be January 2009 when we start this time I think if not like next Monday So this year I have a microprocessor. It's a free-scale jam 60. I'll get into all the details It's another low low low and low-cost 8-bit micro Let's see got a secure digital card socket some LEDs the red LEDs were left over from last year's badges I had like seven hundred thousand left over or something so And I still have a few thousand more people want to play with them I have infrared transmitter infrared receiver and I don't know some other stuff. So that's basically the first drawing. I put together kind of high-level conceptual drawing Here's some details in case you guys couldn't figure it out the little ninja. I is the infrared transmitter In Fred receiver LEDs blinky lights you got to have blinky lights because people like those And I wanted the badge to do something if there was like, you know, nobody actually wanted to mess around with the badge At least it would flash lights like night rider So yeah on the backside there's some stuff I have some new things I added this year last year in the year before The only way that you could add new firmware to the badge and program and debug the badge was through the actual Like proprietary programming or debugging interface so two years ago Defcon 14 I used a microchip pick part. So you needed to have the MP lab ICD-2 debugger We had a few of those but it was sort of a pain for all the people that wanted to participate And then last year we had the free scale QG8 part and I had this BDM connector Which was their standard for programming and for debugging through code warrior the six pin header But you still needed specialized hardware. So that was sort of a pain We only had a few programmers that we could give away. So this year. I added a bootloader And through the mini USB port you can run a GUI on your PC only sorry and Load firmware directly through your bootloader onto the badge with no specialized hardware So now now no one has any excuses It's also that USB port also serves as a debug connector and I'll I'll get to that later Here are the iterations of going through the process right after I did the block diagram And I talked to free scale inside all right What part do you guys want to show off because they've been really helpful with the the Defcon badges? One of the guys is actually going to be in the hardware hacking village one of the product managers for free scale Given Texaco support about the badge giving out some swag They've been super cool last year and this year as far as like just giving support and helping us Get parts that are affordable. So I went to them and said okay What what part do you guys want to show off and they said well? We just have this new? Flexis 9so8 jam 60 part is really cool It was a little bit expensive. I'm like well, it's a little too expensive for us. Can you give us a discount? They said sure so they sent us 8,500 parts at a gigantic discount So I use that part So the first thing I did is using there just off the shelf development board this thing called the demo jm Just got like the basic firmware stuff set up Added on the SD card connector and just made sure that just the basic functionality would work And then after that I just developed a custom board with only the specific hardware that I wanted to have on the badge so removing a lot of stuff from the development board that I didn't need and I finished all of my firmware design and everything on that little demo board and then went to the final badges So I do have a few of those Bareboards with no parts on them upstairs, and I'll carry a few around it in case you guys want them to like mess around with Sort of cool collectors items All right schematic. It's impossible to see But trust me it's cool. Oh, yeah, all of this stuff by the way is on the Defcon CD the schematics the bill materials the firmware Free scale all the the code worry development tools. I'll get to everything, but yeah for everything you need is on that CD Bill of materials, so there's quite a few parts. Most of them are just discreet A lot of resistors and LEDs This is the first drawing I got back from the dark tangent When we started designing the badge and they said make something that looks like this And I said okay the one thing I like about working with these guys is the dark tangent is and ping our Artists, they're artisans and They don't make PC boards So when they say make a PC board that looks like this They're saying it because it looks cool, and they want to make the badge look cool So it pushes me to try PC board fabrication techniques and manufacturing techniques that just haven't really been done before So, you know detailed cutouts Routing over solder mask and just crazy crazy stuff That you know it's kind of fun So it pushes you know they push me to try new things and that's why every year We just try to make the badge look cooler and cooler which is fun So they came back and said here's here's what we want to look like and then it was a back and forth of like Well, we can do the background in the solder mask. We could have the ninja's face be silk screen and stuff like that This is what the final PC board layout looked like front and back. I don't know just kind of cool looking Assembly drawings if you're hacking the badge you'll probably want these and these are also on the CD As you can tell on the back. There's no part designators I left everything off because I just thought it would look really ugly if there is part designators all over the board So if you are hacking the badge and you want to know what's what and what you're tampering with you'll need the assembly drawings So after some firmware development, which I get to firmware next Design the board which took forever Hand routed everything and the prototypes arrived in mid-June. So we were still on schedule. It was like alright cool The boards look good no mess ups And I had everything done in the same color because it was cheaper and quicker And this was the yellow with the red Soat screen, which was the contest badge and we'd never seen yellow circuit boards before I personally think they look really ugly So sorry to all the contest goons that have them But but that's part of trying stuff that's never been done before and just experimenting and you know I don't know some people like them The first few boards I had to build two of them as you'll see because there's some functionality in there that requires two badges So hand built two of them All by myself it was really fun I don't know. I just scan that in that's like a to-do list of all the stuff that I had to do All right, so some of you guys might be wondering like why there's this gigantic battery on the back This was a big problem dark DT and I spent I don't know how many hours on the phone Discussing battery chemistry. I don't know how many of you guys have done that before but it's a thrilling conversation So If you remember last year, I used two lithium coin cells a CR 2032's Which are cool because they're really small, but they're not cool because they don't like how high power consumption anything above like 10 milliamps these things just start sagging really badly of course, I didn't do all of my power measurements and calculations beforehand last year and The badges for people that were using them all the time didn't even last the weekend So I was pretty bummed about that and a lot of people were walking around like how come my bad It wasn't work and guess the batteries were dead But it's funny because for everything else any other electronic product you have if something stops working You always check the batteries, but here everyone's like just pushing on it and like what's wrong with my badge at a hacker conference? No one figured it out So I didn't tell them But yeah, that's the reason so check your batteries from last year Anyway, so I wanted to do something that that would last the entire conference if not more and The functionality that we were adding to the badge this year required a larger battery because we have secure digital SD cards are notoriously unpredictable for the amount of current that they draw And that's just based on how old they are the newer ones draw less power But it's just one of those things you can't control it's out of our hands because it's different manufacturers different parts So we needed something like the max was 300 milliamp for reading and writing an SD card So I needed to be able to support that in case someone put one in The weight was also an issue We had a choice between at this point between a CR one CR 123 a and three triple a batteries Those way a lot I Wanted to try to do it with one triple a which would have been really cool But with the boost converters I looked at they just couldn't still handle that high-peak requirement of current And then it would add a lot more parts a lot more complexity And I wanted to just do it as simple as possible one battery with no linear regulator no protection at all So make sure you plug it in the right way And someone actually came running up to me yesterday, and they're like oh, I just burned my hand I put the battery in backwards I'm like well There's a little indicator on the battery holder to put it in the right way That sounds like user error So he got no sympathy Anyway, I did it was either three triple a batteries or one CR 123 a And believe it or not We actually settled on the three triple a batteries first and that's why if you look the the components are sort of in this triangle Because I was gonna have three triple a batteries in a triangle and then put all the circuitry inside And that was because it was actually cheaper to get three triple a batteries Oh, someone's calling me. I Forgot to turn my phone back off Okay, this is really gonna suck. This is my wife who's pregnant at home. And so that's why she's not here Everyone say hi to Keely She says hi I'll call you back Bye I Think that happens every year All right, I'm gonna turn my phone off. Thanks Jeff Okay, so Cheese, where was I? Oh, yeah, okay three batteries So we're gonna do that and have a linear regulator in there because I thought that the CR 123 a was just too big but when I started to look around and try to buy 20 26,000 triple a battery holders the manufacturer was like, yeah We'll get back to you in three months So I couldn't find stock and then we ended up settling on the CR 123 a which I think is a better choice anyway It's lighter. It cost 77 cents. It's a little bit bigger, but it will last forever And they're still pretty common and I thought it would like interfere with the bouncing around But I think it's totally fine. So Anyway, we ended up with that battery And I took some current measurements just to show that it would last a long time and the slides hard to see Because I wrote it by hand On average when you're transmitting it's like 27 milliamps. Oh, no, I'm sorry. It's like 9 milliamps if you plug in USB I automatically clock up the processor to 48 megahertz and it's a little bit more, but this battery is good The dev environment for this year is free scale codeware 6.1 for MCUs If you have the tools loaded from last year, I'm pretty sure you can use those. I was like version 5.5 But free scale was cool enough this year to give us the professional edition Which is the full un-uncrippled version 60k of flash support, which is what these processors do Valid through August 20th 2008, which is well well enough for the DEF CON bad jacking contest and Their free version is available that supports up to 32k of max code. So Anyway, there the version they gave us is 2,000 bucks Normally, so that's pretty nice of them. Yeah, you can clap if you want Thank you free scale So just a little a little hardware background on on some of the stuff that this supports Infrared if you haven't noticed the ninja eye is infrared. That's why it doesn't turn on. You can't really see it You can see it with some cameras And I have I have something I want to try for the award ceremony if if I Get to get the nerve to do it Anyway, so infrared, I don't know how well you can see that top slide But one of the things I did I had no idea about how to develop infrared at all. I'd never use infrared For any sort of file transfer data transfer Universal remote controls use them TV remote controls use them all sorts of stuff for those of you that attended major malfunctions talk Last year, I think hotel systems use infrared So we thought it'd be cool to have that as part of the badge And I'll get to what it actually does later But what I'm doing the first thing I want to do is just make sure that the infrared circuitry that I designed worked So I was like alright, I'll try to just turn off my Sony TV because the Sony TV power off codes are easily accessible And that would be a good just a good exercise The way it works is I'm generating a 38 kilohertz carrier through one of the timer PDW PWM modules So that's all in hardware and I'm just turning on and off that carrier to meet the spec And like the Sony spec is let me see in the next slide It's like 1.2 milliseconds on and Or one point yeah 1.2 milliseconds on and like 0.6 milliseconds off for one and then it's 0.6 on and off for a zero or something like that It's in the code but you're basically just turning on the carrier when you want it and turn it off when you want it and That's what the Sony TV power off code looks like and it ended up working fine And I could run around the house and like turn off the turn off my TV, which is really cool And then I thought about you know, we're having this SD card socket on there And I haven't said what it what it's about yet, but it requires an SD card if you want to actually do anything So I'm like all right. We have infrared But what if people don't want to bring an SD card? What if they don't you know read the forums to know they have to bring one? I decided to just add some basic functionality to the badge So if you don't have an SD card you can still use your infrared for something And that is this The TV be gone suitable for a hacker conference I think The original TV be gone product was designed by a friend of mine Mitch Altman who maybe is here. I'm not sure And he's been selling tons of these things and he just released an open-source version of the of his product So it's a little bit of it's a kit You can build it up and load in all the code with all the power off codes turn off TV is all over in North America and Asia And in Las Vegas Yeah, right for those of you that that heard about the CES thing with the who wanted gizmodo I don't remember who went there because gizmodo guys went there and turned off all the TVs and like really mess with people That was the TV be gone. I think that's that was really mean by the way, but I feel really bad for all those booth babes So what I did is I took his open-source code I took his All of the defines for the TV power off codes Move those over into my source tree and then just created the the code for the jam 60 to handle go through Them all and turn off all the TVs So I just thought that would be a fun thing to do You know for people to mess around with stuff the IR LED that I picked on here is a It's a high power, but it's a low beam width because I want I didn't for the for the actual file transfer Which is what the badges designed to do. I didn't want to have it interfere with other people's transmission So it's very narrow If you want to use it in TV be gone mode for anything further than like three feet away from a TV Which you'd probably get in trouble for if you're standing there like this you Can put on like a high brightness Widely dispersed in Fred LED you can go to fries and get one or something so I expect to see some of those By the end of the weekend. Oh Yeah, okay, so the hardware hacking village has some in Fred LED Transmitters emitters. Okay. They have about a hundred Infrared LEDs in the hard-wrecking village Find lost the guy with the blue hair and the sexy smile All right, so this video is demonstrate ignore that you don't want to hear that. It's really bad So now I got infrared working I could turn off TVs What we wanted to do next was transfer files Something that that that DT had a really good point about when we were trying to figure out What we wanted to do for the badges make it so people can customize it in some way, you know Last year we had the scrolling text message. That was cool. So we wanted to do something like that where people can You know make it their own so this year We have the infrared file transfer mode and I'll get into more details in a few slides, but The first step since I knew I had to transfer data was figure out a way to do it And I basically just took the Sony protocol for the for this really slow remote control and made it send data instead So there's an example of it The oscilloscope was measuring the the bytes as they would buy and displaying stuff on hyper terminal just sending stuff serially through the infrared so that's That's that but to send files is a lot different Because you need a lot of overhead structure to make sure you got your file size right your file name, right? error checking if you If you're skilled enough to implement that which I'm not So I needed a way to design the Rest of the system the SD cards side of things to be able to read the SD cards Which is gonna have the file they want to transmit Luckily free scale had designed some sample code which I took And modified to read your digital cards and also read the fat file system because you can read SD cards And that's fairly easy. It's just a standard SPI interface. It's a serial interface Very easy to read read the card like the the actual data on the card But to have it interface with PCs and with max you got to have the fat file system on it And that is a complete pain in the ass So I worked with free scale Using their development code and then just went back and forth with them to kind of tweak everything to get it working So now SD cards have full fat 16 support not fat 12. That's why the cards have to be greater than 32 megs And what you do is you take your SD card you load your file That you want to transmit onto the card you set it as read only that way the badge will know that That's the file you want to transmit and not a file that you've received from someone else and then you Walk up to someone and transmit it and I'll get into that more details later But this is the this is what the file transfer thing looks like a Decrement and turn off one by one. I can say that stuff So it's a little hard to see but you take one badge you turn it into receive mode Which is that the first mode with the LEDs going back and forth like a night rider because I love David Hasselhoff and kit So one badge is in receive mode you have your SD card in there the other badge you set to transmit mode Which is the second mode where you have your LEDs sort of like Star Trek or something I don't even know some space movie like every space movie has LEDs like that You hold your badges near each other and the data transfer will happen First you first we're sending the file name and the file size and this is like a totally budget file transfer protocol Because I'm not a software guy at all sends a file name file size and Just starts serially transmitting data 771 bits a second whopping speed For those of you who remember acoustic couplers anybody It's like that in the air in the air checking is just as bad There's a CRC sent every 512 bytes because the 512 bytes is a block size for the SD card So I figure I'll just read the entire block send it and then do a CRC check on it And if it matches good if not it just aborts the entire thing And you'll know that because the LEDs like alternate in a pattern and then the thing goes to sleep So maybe someone can make this a little more robust or faster or I don't know but it works and That is that oh, yeah, I set an intentional 128k By file transfer limit because if you're gonna transfer more than 128k at 771 bits a second I don't know. I don't even know what to say All right, so some details about the bootloader and the debug and the free-scale BDM The debug port is a USB HID CDC class a communications device class standard sort of like a Almost like a USB serial port Slightly different so you need a special driver for it instead of like the standard FTDI driver that you see a lot for devices That driver is on the DEF CON CD if you load that you'll then get a virtual COM port you can go into hyper terminal or Z term or whatever and Hook up your USB device and maybe see some debug messages. I forget what I left there So I don't know but I had I would have kept it secret except for the fact that you need a driver So I didn't want to be too mean The bootloader the driver. I think is installed when you install the bootloader GUI installer 1.1 And then you should be set to go you plug your badge in you compile your code You load your s19 record into the bootloader and you load it up Through the USB port so that's cool And then I mentioned this earlier the free-scale BDM I have one multi-link cable that will be up in the in the hardware hacking village and the free-scale guy might bring Some stuff so if you totally bone your device and like erase the bootloader and totally mess things up We can use the other six pin header on the other side to reload everything One thing that was cool is I wanted a way to have the badge run at with as low power as possible When there was no USB connected because most of most people here probably won't attach the USB So normally it's running at 12 megahertz and that's fast enough to do to do the SD card. It's actually Well beyond what's needed to be done to do the SD card and all of the functionality, but I liked it When it's also a multiple of 48, which is what we need for or of which is what we need for USB So USB has to run at 48 megahertz in order for the USB module inside the part to run So when USB is plugged in the system automatically clocks up to 48 megahertz. I thought that was cool All right, so now the problems all the technical stuff worked fine this year last year It was like a total pain in the ass and we had all sorts of problems this year. It went fairly fairly smoothly I got approval from from DTE July 11th on the firmware and the badges had already been fabricated at that point. So we were pretty pretty well long Part procurement was a big problem Trying to find 8,500 of anything is hard Especially when you need stuff right away and there's a lot of people that are coming to a conference on a date That isn't going to change. I don't know how stressed out you guys get about stuff like this But I was really stressed out about it So I used digikey for as many parts as I could just to get them in hand as quickly as possible So basically if digikey didn't have it in stock I tried not to order the part and I'd redesign with another part So most of the stuff we got early enough. That was fine Two parts that didn't show up right away were the SD card socket and the programmed microprocessors Which are sort of important for a badge And I'll get to that in the next few slides Some delays and customs as well. I talk about this they they get a big thumbs down for me So I'll get into that but they held some of our stuff for five weeks And we were about this close to setting up a goon assembly line to hand solder the rest of the parts that Didn't arrive in time in China Or we were actually gonna have you guys do it As you got your badge So pretty much I mean no matter how much you plan in advance There's always gonna be problems and yeah this year we didn't plan it as much in advance as we could have Which is why next year we're gonna try but next year there's gonna be a different problem I don't know what it's gonna be, but there will be one. I can guarantee that So the Lamer of the Year award. This is a new award that I've designed and Someone's gonna get it every year and in this year. We have three people that just sucked The first one was 3m These guys we needed their secure digital socket. It was half the price of anybody else Did you key had a little bit of stock but they promised that they'd work with the manufacturer? They'd work with 3m get everything we needed in six weeks, and I ordered these in May So it was like oh cool six weeks That's like plenty of time so that will be mid mid June or the end of June and there'll be a month to manufacture the badges And the manufacturer even said yes six weeks guaranteed no problem piece of cake As soon as we place the order they said oh now it's actually gonna be like eight to ten weeks And I'm like oh man eight to ten weeks But I looked on the schedule and I talked to the factory who's manufacturing the badges, and I'm like yeah, I guess that's okay You know it's gonna be closed, but we can do it so eight to ten weeks pass I'm sitting there with my thumb on my ass thinking everything's gonna be fine, and I get a phone call on July 16th, and they say the badger the sockets aren't done And I said why and they said I don't know And July 18th came and they called me and said the badges are gonna ship tomorrow I said grrr the sockets are gonna ship tomorrow. I'm like great the next day the badges haven't shipped why I don't know So there's this whole just miscommunication of I don't even know what happened But they say the order got lost and I don't know how you lose an 8,500 piece like if it's 83 cents What's that like a $6,000 order for SD card sockets? I don't know how you lose something like that But apparently they did or at least that's what they say and I'm gonna find out later and maybe maybe next year I'll talk about what actually happened when I find out, but um so Eventually they call up and say okay. We figured out the problem the order got lost We're gonna have the parts for you on August 8th What's today? Yeah, it's August 8th right okay, so that that didn't work and oh by the way while all of this was going on I was at a firefighter training facility in the middle of Modesto, California Which was like 110 degrees and firefighter gear on the phone with digikey and 3m trying to get parts It was just really strange so anyways spent a week just being a dick on the phone and The global product manager the guy that is in charge of global products globally Called me up and said I got it handled I'll get the parts here right away And apparently they had the stock sitting somewhere in Singapore And just never sent it out So we got all the parts 10 days before DEF CON that's pretty close, but that's nothing as you'll see Lamer of the year award number two. I put force electronics, but I actually think it's source electronics I don't know if the if the vendor was trying to mislead me with their name, so it might be source But these guys were selected to program the microprocessors I don't remember if I mentioned it last year But we had a little bit of a problem programming the parts last year because no programming house in the United States Had the proper socket to program the part and without programmed parts. We'd have no flashy lights So I talked with free scale and I talked with future electronics the guys that I was using to buy the parts through and said You know, we have to avoid this problem. They're like, yeah, yeah, we'll avoid the problem We'll have all the parts programmed, you know well in advance no problem free scale sent all the parts to future Weeks in advance so they were sitting there as soon as I approved the firmware We kicked off the programming process and they're like, yeah five days no problem It's you know, it's not that many parts they do it in a gang programmer anyway so five days goes by and Nothing shipped so I call up and say why didn't anything ship and Someone said oh yeah, there's some bad parts that didn't program so I'm like why didn't you ship the rest and they said? I don't know So Had to make a lot of phone calls and talk to a lot of people and made them ship at least the 6000 parts that they had programmed to write away and then there was a balance that they had to program So they sent those but they sent those to the wrong address. They sent them to me at my house Instead of to the factory where they were supposed to go and I don't know what I could do with that many parts So that took another few days to get that figured out And it turns out they shipped everything except 45 pieces which were bad 10 days before DEF CON and at that point we're like, oh my god We're so screwed. We only have 10 days to manufacture 8,500 badges, but it gets worse The the the largest the biggest lamber of the year award number three goes to Chinese customs If I think the Olympic start today and Apparently that was a really big problem for shipping stuff into China and getting stuff out of China Everything was being looked at and when you're sending $50,000 worth of parts through China they want their tax they want to get paid and We didn't necessarily want to pay it We had one box that was stuck in custody since June 30th It's been like five weeks already with two key parts the infrared transmitter and the infrared receiver That's sort of like the whole point of the badge and of course no one told me that it was stuck in customs until July 28th, I Don't know why but it's like, oh, yeah, all the other parts are in yeah We got the SD card sockets and we got the program parts. Oh, by the way, we're missing a box is in customs So that was stuck in custody we couldn't get that through So I placed another did you key order and tried to send that directly to China that one got stuck They wanted like $7,000. Oh, no $1,000 in tax So we didn't pay for that one. That's still in customs And I sent another box from did you key with the same parts luckily they had enough stock to eat tech net in the US who is our manufacturer and They cut it all up into smaller pieces and sent it in all sorts of smaller boxes to try to sneak it through customs and Monday morning Or actually with Monday morning China time Sunday morning our time during a black hat press reload on my tracking numbers, which I've been doing all week and magically they passed through customs we fooled them and Eat tech net now had all parts four days before dev con So the past few weeks have just sucked Anyway, so Starting Monday the manufacturers been going pretty good They had a few technical problems that we were able to work out and that's why badges are coming in in small batches because there's people there That are still manufacturing them and still testing them and sending them over but at this point right now all the badges 8500 of them except for the 16 that I took for myself and sent home Are all in the air coming from China and like what dark tangent said a few 3700 something are coming today and then another 2000 are coming tomorrow and as far as I know everything is past customs coming in So that's good, and I'm happy and I can sleep now Yeah So don't hate me because of that now that you know the story I felt really bad seeing all these green cardboard badges everywhere All right, so this is just some pictures of the parts that came in There was a lot of parts and they were all shipped to my house first and then I had to repackage them and send them out That's my front door with all those did you keep boxes like you could hardly get in the gate But I thought that was a fun picture. There's a okay, so the badges they work they could be manufactured But I needed a way to make sure that they are tested And put together a little test procedure something really simple That's basically a basic stamp that has an infrared receiver when you turn on the Defcon badge It sends the Sony TV power off command a few times And what this test unit does is just captures that make sure that it's receiving the data properly turned to green light on That way the people at the factory can just run this thing and say okay the badge works the badge works the badge works They don't test the SD card interface because it's just an SD card interface and the lines go from the socket directly to the part But this is just a pretty basic test The all of the parts for this the components lost and yeah, oh, it's in the vendor area Okay, there are 80 sets of components if you want to put together your own little test unit and use your badge to Control things because there's also a little MOSFET transistor circuit in there so you can have it receive your infrared code and Turn on something or open a door or lock somebody out of something. So I don't know it's kind of neat Here's a little test procedure video Put the battery in watch it transmit and the LED turns green and that's it So number of badges every year we're making more and more the first year 6500 badges last year 6800 this year 8500 that's a lot of hackers and that's really cool Hopefully it's all hackers and not just like more feds have come But I like you guys too as long as I can like get I can spot you and get your shirt So we did all these different types different solder mass colors different silkscreen colors 7500 human It's just a lot of badges Here's what they all look like Human Let's see the order is human speaker vendor contest in the bottom row is a Press goon staff uber this one The only one that exists right now until you guys win some contests And there's a backside It took about 200 hours this year versus 170 hours last year of development time That doesn't include the all of the time afterwards dealing with the supply chain stuff dealing with the factory dealing with the problems dealing with FedEx But did the technical part of things? 160 hours of engineering and then the rest of Meetings and writing and stuff so I don't know I thought that would be cool to visualize that to actually show how much work went into it It was a lot. It was all nights and weekends too And badge hacking contest again, we're doing it I leaked some information on the DEF CON forums a few weeks ago about the badge about the development environment Wire.com leaked some information on Tuesday about the badge. There is no excuse For not being ready for the badge hacking contest. We have some cool prizes that aren't being given out anywhere else including cool t-shirts like this and Let's see you can get everything you need on the DEF CON CD Submissions are due 2 p.m. At the hardware hacking village, which is in a skybox. I'll be floating around all day All weekend if you have questions the guy from FreeScale is going to be there to support you guys And we'll have we'll have some soldering irons and some other things set up If you want an idea about what people have done for previous badge hacking contest if you haven't been here Take a look at the two links on the left side on my website so Yeah, even though I'm up here giving this talk this obviously didn't happen in a vacuum like any pretty much anything else You need to work with other people And in this case there is a few people that saved my ass and really helped out with getting this thing done FreeScale obviously for giving us the processors and the support we needed e-tecnet our manufacturer that made DEF CON 14 and 15 badges just the stuff they're doing is insane Unbelievable and they don't complain about it And then Keely my wife who now you all know is at home creating our backup unit Do September 25th 2008 so we'll have an Thank you, so we'll have another hacker in the family and then of course to DT ping KS who Happens to speak Chinese very well and talk to the factory every night Which is good for to go and lost and and everyone else pretty much a black hat and DEF CON for having to deal with this problem and Doing it in a way that seems to be graceful and and not piss too many people off So That's it Let's see I Have like a few minutes So I'm gonna talk about one thing that I'm doing if you look on the back of the badge You see little kingpin logo kingpin empire comm I've started in a parallel line for a number of reasons But primarily it's to Raise awareness of the hacker community to kind of spread the word to the masses about what's going on And all of the proceeds of stuff that I sell a portion of that goes to various charities like the ACLU like the EFF Health related charities things that have helped me and my friends stay out of trouble and stay alive and You know really support the hacker community and the next generation of people who are getting involved in the hacker scene Make sure that people stay out of jail and can continue to do what we do so Kingpin empire comm everything's out of stock right now, but I have a few shirts and Shirts and hats and stuff just you walk around and people are like oh, that's cool kingpin. Yeah, what is it? What what's a hacker and then you can go and you know explain it and stuff because that's really we need to educate everybody who's not in this room Pretty much doesn't know what a hacker is so we need to explain that to them And I think giving back to the community is very important and I've spent my entire life in this community So I want to make sure now that I have an opportunity to to give back You make sure a grifter's son is gonna stay out of jail and can be a hacker Make sure my son can say out of jail and be a hacker So that's what I'm doing. You can check out the website if you want And I guess that's it. So I'll see you guys on Sunday with some badge hacking results Thank you