 If Phil Zimmerman's in here, you can feel free to talk while we're setting this up if you want to go first so people don't have to wait even longer. Hello. Hi, I'm Phil Zimmerman and I'm kind of doing a last minute substitute talk, not a substitute talk but a steel 20 minutes of his time talk. Thanks for letting me do that. So I just wanted to give you a quick little update on my project for secure VoIP Z-phone. Last year I was here, was that a year ago? Must be. Anyway, I demonstrated a prototype written in Python and that was just for proof of concept to see if the protocol works. But now I actually have some real software you can download from the website. It's written in C, not Python. And it's not a standalone VoIP client. It's sort of a plug-in for whatever VoIP client you prefer to use, except for Skype, not that one. But if you have a standard VoIP client like Xlider or Ibeam or Gizmo or SJ Phone or any number of others, then you can run my Z-phone software that will go into the IP stack and encrypt the phone call by detecting the VoIP-related packets and interceding at the beginning of the call, at the beginning of the packet stream of media packets and doing the Diffie-Hellman exchange and setting up the keys and then encrypting the rest of the call. It's got its own separate little GUI that tells you if the call is secure. It's got a couple of buttons on it, go secure and clear, you know. And it uses Diffie-Hellman to set up the keys. It displays a short authentication string to tell you that there is no man in the middle. And it doesn't involve any public key infrastructure. It doesn't involve the SIP servers. It doesn't involve the VoIP service providers. It doesn't involve any third parties at all. And the reason why I designed it this way is because I felt that architecture has a lot of impact on, you know, whether your call is going to be secure. I just felt that, you know, the other encryption schemes for VoIP all involve the signaling. They all involve the participation of the SIP servers, the participation of the VoIP service providers, the participation of the telephone companies. And it just seemed to me that somehow it just, it appears that the phone companies don't always have your best interest in mind. And so there's a whole bunch of other VoIP encryption standard proposals that all involve the participation of the phone companies of the VoIP service providers. Mine doesn't, and I think that matters a lot. We presented this to the IETF. John Callis, Alan Johnston, and I presented an internet draft of the IETF. And there's been a lot of discussion about it there, comparing it to the other schemes that are currently under consideration at the IETF, the ones that all use the signaling. And, you know, the proponents of the other schemes are, they view this as a layer violation because I'm doing the key exchange in the media stream, which is highly unorthodox in their view. Well, you know, the media stream is how they always used to work in the public switch telephone network in the old days of secure phones. It works just fine there. Nobody called that a layer violation. And that didn't involve the phone company. So I thought it would be a good way to do it here. So there's no persistent key material. The keys are created at the beginning of the call and they're destroyed at the end of the call. There's perfect forward secrecy. There's also something else. You remember I mentioned that you read aloud and compare a short authentication string with your partner to see if there's any man in the middle attack. That's a kind of a substitute for a public key infrastructure. Well, not everybody's going to do that. I mean, there's a lot of nerds in this room that would do it, but your mom's not going to do it. So what do you do for those cases? Well, it has another thing. It uses key continuity, sort of analogous to SSH. In other words, if the man in the middle is not there to attack in the very first call, he's locked out of all future calls like SSH. This is one audience that I don't have to ask for a show of hands of how many people here have used SSH. It's not the same approach as SSH. It doesn't involve persistent public keys for signatures. Instead, it retains a shared secret from the earlier call. It hashes it and retains a hash of it so you can't work backward to recover the old one. And on the next call it does a fresh, stiffy helmet like it always does, but then mixes in the reshared secret from the earlier call. So you have key continuity. So if you don't check the short authentication string for many, many phone calls, maybe you call someone 100 times using this scheme and you're unbelievably lazy and you just don't check the short authentication string. After 100 calls you decide that today we're really going to talk about very secret stuff and so you check the short authentication string and it matches. Well, that proves not only that there's no man in the middle in this call, but it retroactively proves that there never was a man in the middle all the way back to the very first call. That's a nice security property and it's all without any public key infrastructure and the servers don't even know you're doing it. The SIP servers are not aware that you even did a key exchange. So of all the various encryption schemes for VoIP, this one I think is the most politically congruent with the values of the people in this room. And I think that it will prevail in the long run competitively over the other VoIP encryption schemes for the same reasons that PGP has prevailed against PEM in 1991, MOSS in the mid-1990s and even SMIME today, which has an enormous deployment advantage over PGP and yet no one uses it. Architecture matters and the activation energy for PGP is much lower than it is for SMIME and that's why people use it. That's part of why they use it. They also trust it more. And the activation energy for this is much less. You don't have to build a PKI. So if you go to my website philzimmerman.com right now or tonight and download it, you can get the third public beta. It's been out since March but now a few days ago I just did a new public beta. It's a third one. You even have a Windows one for the few of you, the five or six of you in this room that use Windows. And it's the second public beta of the Windows so it's more stable. I'm told that the engineers have fixed the blue screens of death and it even has an uninstaller. So I think it's going to become the de facto standard for VoIP encryption. I think it's going to change things. So any questions? I'm relying on the short authentication string for that. You're going to have to use your common sense, your ordinary brain. How do you know your mom's not a Martian? We always manage to solve that problem with the public switch telephone network and nobody got upset about that. I just wanted to make sure that that's what it was. Well, all right, maybe I'm done early. Everybody download it. And by the way, something I need, I've been doing my code development in the Ukraine because I'm paying for it out of my own pocket. This is not a venture capital funded enterprise here. This is my own little private project. And so I need people to beat up on this thing. And I don't know, is there anybody here that's good at that? Is this the kind of conference where I might find somebody that could do that? So please download it. You can get the source code for the Linux version. Actually, you can get the source code for all the versions, but the website, you can immediately download the Linux source code. I need to do, not the crypt analytic breaks, I don't think you're going to be able to get very far with that, but I would like people to beat up on it on the more traditional buffer overflow attacks and malformed packets and all the things that you're already good at doing for breaking into systems. Of course, it's going to depend on what kind of VoIP client you have hooked up to it, but that's not my problem. Now, in the long run, this thing is going to be inside of VoIP clients, integrated inside of VoIP clients. That's the best way to do it. In the meantime, though, we're doing this IP filter approach, and I recently signed an agreement with a Canadian company called BorderWare that makes a VoIP security gateway, and they're going to put it in that. So you can have an office with 100 VoIP phones all connected to the VoIP security gateway that will apply the ZRTP protocol, that's the protocol that is in Z-Phone, out to the cloud. So the last 10 or 20 meters will be not encrypted, but it's better if it's inside the phone, but this is also pretty good. So anyway, I'd like people to try to attack it. So please. And by the way, if you do break it, send me an email about it before you announce it. It's in beta. I expect there's bugs in it. I just wanted to thank you for your work with PGP and continuing to work in this space and using your talents here, even in the face of the adversities you've faced. Well, thank you. Thank you for saying that. I'm hoping this will be my Act 2. I'm getting a little old for an Act 3, so this one's got to be good. Yeah, it's letters and numbers. Later on, I'm going to add the word list that we use in PGP. Actually, that word list was originally developed 10 years ago for PGP Phone. So it was originally developed for the same product, pretty much. Yeah, I don't think the rich little attack is not going to work. The rich little attack. Oh, you guys are too young for that. Rich Little was an impersonator in the 1960s. He did Ed Sullivan and Richard Nixon, and he did almost everyone. And so I call it the rich little attack. The rich little attack is not a realistic attack against this. There's too many ways that you can thwart that. The attacker doesn't know when you're going to read the short authentication string. He doesn't know how you're going to do it and what form you're going to do it. I mean, there's so many ways to trip him up. So, remember, the attacker is trying not to be detected. He's not going to risk it. So you just read like, what, four characters. Four characters and it's base 32 right now. Later, we'll change it to words. Then you'll just probably read two words. If you read two words and it's one byte per word, then eight bits per word, then the attacker has only one chance and 65,000 of success. Ah, I got five minutes. So make this, you know, do stuff with this. Put it in, you can download the source code and write to me about putting it into VoIPliance. You're probably going to get it in, what? So the question is, is this subject to Kalea? PGP doesn't have any back doors in it. That's pretty well established. PGP is not subject to Kalea and neither is this. And the reason why this is not subject to Kalea is because Kalea governs the behavior of the service providers. Kalea requires the service providers to cooperate with the government to hand over whatever they've got, which would typically be either keys or if it's not encrypted, the packets themselves. In the case of the ZRTP protocol in Z-Phone, the two parties that are doing the conversation, Alice and Bob, they're the ones who work out the keys between them without the participation of the service providers. The service providers are not in a position to provide any keys. So Kalea is actually sort of irrelevant. I didn't mean that in a pejorative way. I'm just saying it doesn't technically apply, you know? Although I'm sure that plenty of people would also look at it in a pejorative way. Yes, I'm using AES. In fact, the low-level packet encryption uses a protocol called SRTP, which is also used by the other schemes that I've been trashing in the last few minutes. It's actually a very good way to encrypt the voice packets. SRTP is a great protocol. In fact, it looks just like the protocol I developed 10 years ago for PGP Phone, except it's actually even better because they put an authentication tag on each voice packet. I didn't do that then. The threat models changed over the years. So, all right, there's plenty of technical information on the website. There's an FAQ page. There's the internet draft. There's source code. And I can even give you a documentation for the SDK if you want to look at that. So there's plenty of stuff to look at. So send me an email, philzimmermann.com, spelled with two Ns, the German spelling. There's another guy named Phil Zimmerman with one N, so don't go to his website. All right, thanks. So I want to introduce Joe Grand, the man who's responsible. That must be Spacerogue, the one guy I haven't seen in about eight years. Yeah, I hear you back there. Whatever happened to hackernews.com? Hey, so this is Joe Grand, the guy behind the badge. We've been thinking of doing these badges for four or five years. And every year the cost came down, the cost came down. It got easier and easier to do. And finally, it fell within our budget. So it's not that we don't have cool badge ideas. It's just that we can't normally afford them. Joe figured out how to make that work. So he's going to tell you the story behind the badge, sort of all the technical challenges he had. And also I just want to say, hey, thanks for toughening it out this morning with us for this whole safety inspection thing. And you guys are cool about it. So anyway, with that, take it away, Joe. Oh, and he's going to be competing in the mystery box challenge. If you guys have followed any of that, it's a fucking cool contest. You should just at least go over and look at the mystery boxes because they're cool. Wow, thanks. God, I love having Spacerogue here. Cool. Thanks everyone for coming and sitting outside and everything. I'm Joe, as you already know. Some of you guys might know me as Kingpin, the old man from the loft back in the day. I'm going to pretty much run through a lot of this stuff kind of quickly and just get to some of the fun stuff since I only have about half the time. Check out the story in the DEF CON program for a little bit, another view of what's going on with this badge. But basically, if you do have questions, I'm going to run off afterwards, off the stage. I have some questions about this. Basically, the development process of this badge was sort of fun. If you are new into product development or you want to get into hardware hacking or anything like that, here's sort of the steps that I took for it. And we're going to run through pretty much all of that. When DT and Ping, basically, as he just said, he had this idea of doing a badge for a while. So now is the time to do it. We made 6,055 badges, which anybody who's had any sort of manufacturing experience, that's a lot of badges. That's just a lot of anything. The chances of things going wrong without amount of quantity when boards are being built by hand in China in a factory that I can't physically go and watch is pretty scary, but luckily everything worked out because you guys have the badges. We needed to keep the cost under $5, which is even expensive for a DEF CON badge, but we thought it was cool enough to just do it anyway. Obviously, DEF CON logo, all these things that I had to design into this thing. Here's the concept sketch right as I got off the phone with DT and with Ping. You can see just sort of, we had a bunch of different ideas of stuff to do, and that was the original kind of idea. So after some discussions, we figured, all right, we're going to have the DEF CON logo, the icons on the top copper layer of the board. So if you guys aren't familiar with PC board design, that's okay. For this particular printed circuit board, we have two layers, the top layer and the bottom layer. Those layers that are covered by this colored thing, which is called a solder mask, is actually copper traces, copper layer. So we wanted the icons and the DEF CON logo, as you see on the top layer. Crossbones and the smile were actually to be cut out, which also was done. That's a difficult thing for printed circuit board design. Most times printed circuit boards aren't actually designed to be like artistic elements that are actually shown around and made to look cool. So getting the factory to say, okay, to have them understand that these aren't going to be shoved inside of a box somewhere was kind of interesting. Different solder mask colors. Some of you guys have blue. Some of you guys have white. Human badge is white. I'll show you all the different colors that are out there. Some of us have gold. Different colors for different clientele. The button you guys have probably already figured out goes through these different modes. No, that random pseudo random mode is actually not any sort of subliminal message. It's no Morse code. For those of you guys who spent hours looking at it yesterday, sorry. But if you do find something out of that, let me know. Here's the preliminary schematic that I put together, essentially like an electronic roadmap of the circuitry, and later on you'll see the actual final one, which might be a little easier to read. But we ended up using a microchip pick 10F device, which was a new Saat 23 package. Just six pin, tiny little microcontroller if you look on the back. You can see it. It's the only black chip on there. I was looking for an excuse for the past few weeks to actually experiment with that device. It was a perfect opportunity to do it. Basically just have two LEDs, a switch, and some power going to it. So really a really simple type of device. And you'll see I have a little star programming port accessible for hackers. That's accessible for you guys, and I'm going to explain the contest a little later on. But if you look on the board, the five pins at the top is a programming port. It's not JTAG for those who have wondered, but I'll get into that a little later. So the first thing that I needed to do was put together some breadboards, test out some of the circuitry, make sure everything's working before I actually started designing a board. So we went through evaluating different types of LEDs. I basically just picked up a ton of different LEDs from DigiKey, laid them all out, took some pictures, and sent them off to DT and Ping so they could tell me which ones they like. After that, wrote some code for the processor, fine-tuned, tweaked it. Once it worked the way I wanted, then I ended up working on the board. So I'm going to skip over some of the basic electronic stuff. I'll talk about that later if you want. Here's one picture. This was the LED they liked the best. Here's another view of... What you can see here is on the right side is the DIP package, the dual inline package of the microchip pick processor, which was a little easier to work with for prototypes. I just had the button and the LEDs, so easy stuff. For the code development, some of you guys are more on the software side, firmware side of things. I use CCS PCM, dozens of compilers available for pick processors. Also used MPLAB 7.3 for the IDE, which integrates with CCS PCM pretty well. But you can also write stuff in assembly and in other versions of C. So you can grab some development tools off of the microchip website if you're interested in hacking these. The state machine is basically a simple state machine, right? So we either go through the steady, blink, alternating and the state is sleeping. So you should be able to last at least the length of DEFCON with the one battery. Here's a view of an IDE if you guys have never seen an IDE before, which I find highly unlikely. Here's the final schematic, something a little nicer that I drew up in ORCAD, which is my schematic capture tool that I use. It's a lot better to just be able to visualize something nice. It's basically the same thing as you saw on the hand-drawn sketch. And this is what I ported over to the board. So if you are interested in hacking this board, take a look and you can see everything you need here. You don't have to start probing stuff out with a multimeter if you don't want to. In the interest of time, skipping over drawing schematics, but I should mention if you do want to get into drawing schematics and don't want to pay $10,000, check out GEDA running on UNIX platform's first schematic capture for PC board layout. Pretty cool to get started with that. Next thing that we had to come up with, so we had the circuitry working, we had to end up designing in parts that we could actually get thousands of pieces of within a few weeks to be able to send out to the factory. Again, we had to keep the thing under $5. DigiKey and Mauser are two good electronics distributors, so if you guys want to get parts pretty quickly, they have just about everything. You don't even have to leave your house, which works out well. So once we got those parts, we ended up using a company called Future Electronics where we gave them find second sources, find cheaper stuff, which would enable us to get down below that $5 unit. And Future, larger distributors are about 30% cheaper than Future, or than DigiKey in the online sort of distributors, so that was pretty cool. Here's a full bill of materials, which is hard to see from probably in the back, but I believe this presentation's on the CD. All the parts break down and costs and everything. Again, I'm going to skip this stuff, but let's see. Make Magazine issue two, Make is a sort of new do-it-yourself magazine by O'Reilly Publishing. They have a really good article on etching your own printed circuit boards. You can buy some equipment at Radio Shack if you do want to etch your own. You're not going to get precision like you do with an actual professional fabrication, but it's a great way to start, so I will mention that. I'm going to skip all this boring stuff. I'm going to do a little bit of static, which I did. Output and Netlist, which is basically a text description of how every component connects to every other component, so it's going to say U1 pin 1, which would be the microprocessor, is connected to R1 pin 2. Just all text. Import that into a PC board design program. In my case, I used Protel DXP, which is a fairly expensive package, but I designed boards for a living, so it was sort of worth the money. And Gerber plots are basically a binary or text vector description of how the board is actually laid out, where you can send Gerber files. It's an industry standard thing, so you can send it to any board house just about anywhere in the world, and they can make your boards. So designing the actual PCB, here's the process that I used. I had to verify the size, make sure that this thing wasn't going to look huge when somebody's walking around with it. Created the mechanical outline, I wanted them to sort of be in one general area. Import the net list, route the board. I wanted to keep all the traces on the bottom side, so if you look on the top side, there's no actual electronics at all. Everything's on the back side, all the connections are on the back, so it sort of looks nice from the front. Run some tests, output the plots, send everything to a company called eTechNet, which is actually exhibiting in the other room, and I'm going to talk about them a little bit. Work with those guys to make sure So here's a screenshot of the actual circuit board layout program where I'm doing the mechanical design first, laying out the shape, and then I can start adding components. And the hardest part, again, was to mention these cutouts and make sure that the cutouts were actually being cut out properly and that they actually look nice and everything. Working on the top layer, the bottom layer, and you see here the bottom layer is in reverse, because with most PC board design programs, you're looking at the bottom layer through the top layer, so you're always kind of looking at it upside down. So if you end up do working on boards, make sure you reverse your text so you don't get boards back with all the text the wrong direction. Doing a little mock-up, making sure everything worked out right before I ordered a prototype. And prototype boards, what's cool about making your own boards right now is you can get boards done for maybe even $20 for single one-off printed circuit board. So it's gotten to the point where pretty much anybody can go order printed circuit boards, either collecting cans to get the money or work a few hours. So what I first did is ordered a few bare boards from eTechNet. Make sure the board layout was good, make sure the cutouts were right, hand assembled those, sent those off to DT and Ping for the final sign-off, which I assume they liked. Ended up doing some current measurements, so I wanted to just verify the electronics. One of the limitations, or at least one of the requirements, is we needed to make sure that the battery would last at least throughout the length of the conference to turn it off. So we're well within that range, and here's all the different current measurements based on the different functions. So current consumption is going to change whether you have both LEDs on all the time, which draws the maximum amount of current, or if you have the blinking or alternating, it's a little bit less. And the numbers in red are the actual current values for this thing, with the two blue LEDs. So with some calculations, it turns out in the random mode, these things will last for 10 and a half days, ideally. Sometimes you might get more, sometimes you might get less. If it's steady on, just the two LEDs on, 4.6 days, so still longer than DEF CON, which would be okay. Luckily the batteries are cheap, so if they do run out, you go buy another one for a dollar. I really just wanted to put this in because I'm proud of the Big Mac hat that I found at a flea market. So this was actually the first time we got the board working, and I was pretty stoked. So finding the parts ended up being the hardest part of this process. Designing the board was, you know, it's a pretty simple design, but it did have its challenges. But getting enough parts to make sure that 6,000 badges could be built was not an easy task. If we didn't get the parts, we wouldn't have the badges, and I would have looked really bad, and Jeff would probably not talk to me again. So again, you know, I mentioned that we used future electronics, which is good because their prices are really cheap because they have good vendor contacts, but it's bad as you'll see because we ran into a lot of problems. And then I also used Digikey, which has a service now that they can actually program parts for you. So if you don't have a device programmer or if you don't want to program 6,000 parts by hand, you basically send Digikey the program code, the firmware that you want to program into a device, they'll program it for you for a little bit of setup charge and send it right back to you. I think they charged me 25 cents a piece of my microchip pick parts. So it's a pretty good deal. Some of the issues that I had with future electronics, some misquoted lead time, so we built in a lot of extra time for this project to make sure that we were going to have everything ready. So I ordered parts probably 12 weeks before we actually needed them. Turns out that one of the sales guys I was working with at Future said, oh yeah, they'll be here in three weeks. They didn't arrive until after six weeks, and by then the factory is like, a little bit frustrating. Lost parts out of 12,000 LEDs that we ordered, somehow only 500 of them were shipped and the others were lost. I don't know how you lose 12,000 LEDs or 11,000 LEDs, but that's a lot of boxes. Slow shipping, basically, I tell the guy, I need this stuff soon, ship it directly to the factory, and of course he doesn't do it, ships it by ground to the wrong address. Late though I was upgraded to a sales contact that actually knows what she was doing, so Future isn't necessarily all bad, just beware. I just wanted to mention this because this is part of the product development process and you run into issues like this all the time. Luckily they were resolved, we got the badges and all of them were actually made. An interesting thing is out of all of the 6,055 that were produced, built by hand, again in a factory in China, only 34 of them didn't work on the line, which is pretty impressive. I think that's like a half percent yield or half percent failure, which is pretty good. Here's the sheet and this is sort of the hell I had to go through for a few weeks of keeping track of what part went where and who had what. Sort of a nightmare. So again, placed the order, got all the parts, sent everything over to e-TechNet, worked with them. They actually had sent me a first article of each color board, the first board that they built and manufactured. They send those to me, I can say, okay, this is perfect, pull the trigger on the entire board, so that's what we did after the first article was approved and the rest of the boards were being made. Choosing the colors was sort of fun because we knew that we needed to have different color badges, of course the goons are always red, VIPs typically are black, so we wanted to do some fun stuff here and so we were experimenting with a lot of colors and typically if you look at circuit boards well green is sort of boring unless you're pressed, press gets green. So, whether that means anything or not I'm not sure. But we wanted to experiment with just whatever other colors were available for solder masking. A lot of the other colors are difficult to work with during the PC board process as far as the temperature requirements, storage requirements, the way they dry. So we basically just talked to the factory and said give us every single possible color that you have and then we ended up picking the ones that we liked. So here's some pictures of the gold and white and black and a few of the samples that the factory sent they didn't even cut them out of the board, they just lathered the solder mask on top basically like silk screening a solder mask right on top of the board. And that solder mask by the way protects all of the traces on the board. So if you try to scratch off a trace it's not going to work. The solder mask is just a protective layer but we use it to look cool. Here's what we ended up with for the final colors. How many did we have? 1, 2, 3, 4, 5, 6, 7. 7. Humans obviously are white. We had 5,185 of these. So actually here, this is a good list so you can see how rare your badge is. The goons were red, presses green, speakers were blue, vendors are purple, VIP black, and then I made one panel of circuit boards in gold because I'd always wanted to work with gold. Hey, someone's actually calling me. That's really weird. It's space rogue. You can't get enough of me. I guess I'll turn it off. Or maybe we should talk to him. It's funny, no one ever calls me on this phone. There's my phone. It's old. So I made 20 of gold because it was sort of a color that I'd never seen in printed circuit board manufacturing before. The factory was like, yeah, we can do gold. So of course it took them a few weeks to actually find the gold and experiment with it because they'd actually never worked with it as far as I know. So the gold here, there's 20 of them made. I'm wearing one of these. Dark Tangent and Ping have the other somewhere. No, I don't have any extras. This is the only one I do have, but I thought it was cool. I don't know if it actually gets me in anywhere, but I thought it was neat. So one other thing is part of the assembly process, I needed to create a parts placement diagram to send to the factory so somebody who has completely no idea about the board at all can still assemble it. This is the top drawing of the parts placement. Of course we have the two LEDs, that's all there is. Bottom parts placement just shows the parts with actually part designators that match up to the schematic. So on this, you can't really see, but U1 is the microprocessor and then I have R1, C1, R2. That's so somebody can visually look and see what the parts are. If you look on our board, we don't have that information printed. That was because I think it sort of looks ugly. It also, you might see this sometimes in products so people are hoping that hackers won't actually be able to reverse engineer their products by not having part designators, but in this case it just looked bad with having them on there, but we at least had to specify those parts so whoever was building this knew what they were doing. And then of course a test procedure. I didn't want these boards coming all the way from China and not working, especially with 6,000 people. So that was a little bit stressful. The hard part about doing test procedures is making sure that the factory is actually testing the boards. I've heard a lot of horror stories about companies having a test procedure hanging up on the wall in the factory and then getting boards with no chips actually soldered on them. And that's happened. So the test procedure is basically insert the battery, hit the button, go through all of these things and I included a little video that I sent to the factory so they'd be able to understand exactly what was going on. Here's the front of the first article approval when they all came into me all the different flavors in the back. So it might be cool if you can actually create your badge with other people or something. Okay. Badge hacking contest. What I'm actually up here to talk about. Basically we decided since this thing was electronics and it was sort of fun and people might be interested in poking around on it we decided to have a little DEF CON badge hacking contest. What can you guys do? What sort of interesting things can you modify to the board? Basically the coolest thing that we decided, whether it's whatever, anything goes and we're going to award something at the award ceremony on Sunday. What I'm going to say is I need to, I guess have a decision on which board to give an award for before that time. So if you are interested in hacking your board I'll be at the contest area at 12 o'clock on Sunday and bring your hack there and show it to me and if you guys don't mind I want to show a few at the award ceremony so we can show what kind of cool stuff's been done. Microchip development tools so if you do want to take advantage of those five pins the Microchip in-circuit debugger pin out is right there for you if you look on the schematic you'll be able to see what those connections actually are. We're going to have one development kit available, I'm going to leave it at the E-TechNet booth you're going to still have to install some software and everything but I'll leave that at E-TechNet and there's a few others for sale in the store pretty much at cost and you'll need the actual ICD-2 debugger unit and then you're going to need an adapter which is the smaller box that comes with the kit to work with the PIC-10F device so it is sort of fun yeah that's what's on sale at Main Def Con there's only four of those there I think it's like 350 bucks I know all of you guys have that much cash in your pocket maybe they take credit cards I don't know but it is fun and the good thing about those development tools is it works on any Microchip device that's out there pretty much even doing some hobbyist electronics and designing products you'll be able to reuse it and not just hack the badge and then be done and I think one of the awards of the hacking contest for the badge is we're going to give away one of those development kits which I guess by then you might already have one but actually so I sort of wanted to show you guys mine and what I did to my hack just because we have time I call this like the squirting flower and I figure people are going to expect me to do some sort of electronics thing but instead I just have it squirt except when it leaks in your pocket that doesn't really work yeah I know emulating the water without the development kit was pretty hard but you can get creative so I guess that's it thanks a lot enjoy the show and come find me if you have questions