 There are no slides for this half hour, but the name of the presentation is we don't need no stinking badges. Did I get that right? Right. And what we're going to do is just have a review of the Monero Village Pico's badge and what it does, what to expect from it, maybe a bit of history, but how to use it. Just the basics. Right. And I can just say that there are three official versions which were produced. I have four here simply because I didn't want to remove one and then have this lopsided all the time. So I made a single green one Christmas Irish Howard version. That's why there's four. And this is kind of the showcase model because I've been kind of demonstrating them and some people want to see the differences. We have carried out most of the pre-sales distribution and there are some more for sale at some time today. So what's the announcement there? We're not sold out of the regular badge. That's this orange one. Don't worry about that. There will be more tomorrow as well. I just have some reworking to do. So if at any time you come and you want to buy a badge and you hear that, oh, there's no more, it just means you need to come back in three or four hours and two hours or tomorrow. And don't worry. I think there's plenty. The other two on top, they are kind of sold out. If you're a community member and you have wanted to purchase one but you haven't contacted me yet, then you should do it immediately because there's just a handful that I've reserved for you. I hope that was clear. And as far as it goes, so I have 20 minutes left. There are, let me show a picture of this. The back of the badge has a QR code on each badge. You can point your camera at that with a QR identifier software. And if I turn it over, we get feedback. And the QR code points to an online web application which was created by our friend SirHack, which is very, very good. I'll show you what it looks like. It's simply this here. Is there something I'm doing wrong? And so this is it. Castello.org specs. And I'll kind of do a shortcut here. This works very well on mobile as well. And then you can choose one of them. The one with no colors here, that's the regular badge. It's quite inexpensive. There's a blue colored one which is called the Alien because we didn't have any more than a dumb name for that. And there's the orange colored badge. It's called the Boss badge because it has kind of an authoritative flashing animation. I'm going to switch microphones. Can I do that? Show it. Is it a good idea if I switch? Okay. All right. We'll keep trying. So there are those three variants. And you can see how they look here. And you can see how SirHack's web application shows up on the screen. You can go to this URL now. It's live. But it's not complete. So I'm just going to click on the regular original badge. That's the one without colors. So up here I think you can zoom in and out with some gestures. It's good enough for that. And here there's a slider. So it's this here. I don't even really know how this works. Okay. And once you click on this, for example, let's move all the way to the bottom. You can see that there are a few different components that are highlighted there. This is kind of nonsense. It's going to be better documentation. But if I click on that row, on that array of LEDs, then it should give me some explanation here. Unfortunately it says no additional documentation for LEDs. It's kind of small. I don't think maybe I can increase the size. Okay. I can increase the size. Maybe it goes off the screen then. So I'm not sure if that's going to be a good idea. Okay. I guess we'll increase the size a bit. So if you go to the left, there's a menu interface here. There's a button which is called the animation button. So if you push that, just watch now. We have the authoritative boss badge style here with the red and white and blue flashes. I'll change the animation by pushing the button, and then it moves to a different animation. I'll change it again. It moves to a different animation. The boss badge is the only one that has this authoritative animation. They're all a bit different. It's controlled by the firmware. And if you find that you have a badge and just push the button and nothing happens, it's because there's a sampling of this button at the end of the animation, which takes about half a second, almost a full second. So if you're not just right on time, you see how I'm pushing that and nothing happens. The same animation is appearing. Well, it's because I haven't pushed it long enough. So I'm just going to push the button for a long time, and then the animation will change to the next one. In fact, it will cycle if I just leave the button held down. So that's kind of the one trick that some people sometimes miss it if they think their button is not working correctly. In some cases, the button really isn't working correctly. You've found some problems with that, and I've replaced all of the boards which have problems with that. But in case I missed one, then you can come up and tell me about that, please. So that's this animation button. There is an antenna, which you can see on the front. It's embedded on the back of the board, but it does show you on the front of the board where it should be. It says NFC there. I can't turn the animation over. The web app over, but I can turn this over, and then you can see the antenna. It's a trace antenna right on the PCB on the back. Works very well. All you need to do to test that, I'll show you how. We're using a real telephone. It's kind of small for you. I apologize for that. But if you just squint, kind of if you're in the front row, so I just have an Android telephone, and I'm going to push one of the radio buttons to connect the E-Prom, which is over here with the antenna. This is a really nice application. So I'm going to push one of these buttons in order to connect this E-Prom, which is called U2, with the antenna. Let's see what happens. First of all, if I do nothing at all, usually when you tap a NFC tag to a device like a telephone, you're registers, right? But I have not connected the antenna to the E-Prom, which is kind of a defense against opportunistic attacks. If you lay your phone down on a table or any NFC tag, especially a passive NFC device, a table may have an embedded, active NFC circuit in it. They will steal your data, whatever it is. This is called an opportunistic data attack, or passive data theft, and we protect against that by forcing the user to actually push onto the button. So now I will repeat the test, and I'll push on the button, and you see at the bottom something appeared there because it's detected that a tag is being placed on the back of the telephone. And because it's a type 4 NFC tag, it really can hold anything. I think there's about 20 profiles, or maybe 15 official ones, and there's an additional five or so which are their application developers. There is a disclaimer paper that comes with the badge. You can read a few things on there, frequently asked questions. It tells you a bit about the NFC standard, what RFID frequency uses and so on. But the basic idea is that you can use the badge with a telephone, for example, as long as it has a built-in NFC circuit. There are a number of other advanced devices. Yeah, well, all over the world that use NFC. Our good friend, M2049, R, I think it's the state M249er, he developed, he implemented it into one of the reasons he implemented it into one of the reasons just to support our badges. So if you really want to experiment, if you really have almost no funds at all, if you're really happy to live on the edge and be a risk user, then you can do some experiments with one of the reasons. So now you know what you can do with the badge. It has a light loop animation. You can affect that by pressing on the animation button and change the animation. And on the other side of the badge, it has the NFC circuit, which you can press on either of those two buttons to selectively connect the antenna to one of the two e-pons. And one e-pon can hold, for example, your e-card and the other e-pons can hold your alipel number or URI. It's up to you. You just have to close that up yourself. If you want to know how to program that, the way I do it, I just use my telephone and I unload an Android app to take something to put the C in there. I'm sure there's quite a lot of them. The one that I've been meeting is C tools. C tools quite a lot. Right. And that's the NFC program. Once you look through it, you're going to see a lot of things that are well documented. There is a power button on the side. I think that's self-explanatory there. The batteries that we're distributing with the batteries are kind of not low-quality, but not high-quality either. It's impossible for us to test them all. So we assume that although a fully fresh high-quality battery lasts for about four days, you're only going to get about two days, maybe even one and a half days worth of life with these batteries. So just be careful with that. If you do want to use this single battery for your entire DEF CON experience, then you probably want to turn it off once in a while, maybe just use it in the evening when the parties or everyone's lit up. But we do recommend that you have a second battery if you really want to make sure you have a backup source of energy in case the battery we supply you with goes out and is drained after, say, Saturday, tomorrow and afternoon. So you should have a second battery, possibly, something you really need. What else can I say about this? There are two programming interfaces. So, by the way, our friend Sirhack doesn't really know what a resistor is, so he wrote transistors on here. There's a few mistakes like that. Don't worry, I'm going to fix them. There's a couple of programming interfaces. If you've ever used the Arduino before, you maybe have been exposed to the ADR 8-bit microcontroller instruction set. And so this is... It's not an AT Mega, but it's an AT Tiny MCU, so it uses an ADR 8-bit instruction set as well, which means that if you want to program it, if you don't like these animations, if you like animations, if you want to put some other, your own on there, you can do that by programming using a Arduino-style connector, which is not populated. It's this one here. Let me see that one. Arduino, if you're an interface, but I don't see it in the list, it must be up here somewhere. Here it is. I don't have a laser, but I think it's clear enough. It's those very large holes. There's six holes. And I actually have some header pins for the more adventurous of you. If you know how to program MCUs and you want to try doing that, then I can give you some header pins and you solder them on at the hardware hacking village or something, and then you can try programming your board. I think tomorrow there is a two-hour workshop. That's where we'll learn how to program our badges. There's not much you can do with them. You can't connect microphones or sensors. You can't do serial exchanges. You don't have serial buses like SPI or I2C. It's a very simple microcontroller what's on here. You have some GPIOs which are digital only, which means they send 3.3 volt signals out square wave or read a 3.3 volt signal. You can do some programming, which is very primitive. And as a last demonstration, because I think we're pretty well under the features, if you don't understand NFC, you've never used it before, then it's nice. There's no risk in using this. Just do the risky things. Start with the cards, URLs. Some people are using this for SSH keys and GPG keys. You can do that kind of the next level. If you lose that data for some reason, if you generate a new GPG key, you start using that. You don't have a backup because you have it on your badge, and if something happens to your badge, it's stolen or you wipe the E-Prom or whatever, then you've just lost your GPG key. It's just not very nice, right? So be careful for the badges. They're powerful. Last thing, I'm not going to make a new program, but I'll show you what I use for a program. Basically, it's called Adam. It's called Platform I-O. Maybe some of you know that. You can program them with the Arduino IDE as well, but I'm more experienced with Platform I-O, so that's what I'm using. And it begins here. It starts here. I'm not sure. I'm sorry. I take that back. I can't demonstrate this because I'm using a different account to present it. I'm using the present account, you see? Yeah. So what I usually do, this will be obvious tomorrow as we do the two-hour workshop. There's no time now, but with two hours we can do quite a bit. We'll do some programming and testing, demonstrations, and you can even program your own chip with your own firmware, if you like. That's the very beginning. This is ID. Start typing some code, you know, hello world and so on, and then manipulate the GPIOs to make me flash on and off. We do some Charlie Plexing so that we can use more LEDs than there are GPIO pins, things like that. And after we have compiled the source code in the usual way, then we flash it using AVRDude, which is a command line program. As you can imagine, there are many methods, but this is AVRDude and this is my favorite method of programming the MCU using firmware that we have compiled using PlatformIO. So that was a world a mouthful. I know it's a bit difficult to understand if you've never programmed a MCU, but that's what the workshop's for tomorrow. I've just basically showed you the first two steps that I do. I use PlatformIO to write the code using GCC AVR because it's not an Intel instruction set so we have to use a different compiler for that. And then once I have the compiled firmware I send it to the device using this AVRDude software and there's a special cable for that as well. And that goes through back to these two interfaces where you connect to the MCU. This is an SPI interface and that's what I said before large holes and the second one which is identical, it's just connect interface. So there's just five minutes left but I would welcome any questions about the badge any questions? Maybe I was very thorough. Well the question is I think you're not talking about profiles. I think the question is how much storage do these badges hold? Is it a megabyte, is it one byte or something in between? The answer is the regular, the ones that are still available they're very inexpensive by the way and that's why we're using low rated chipsets and eProms and ICs for them and that's why they can store only two kilobits of information which means 256 bytes. So some people say oh that's quite a lot for NFC that's all I need, that's a standard amount, but really it's not very much. If you have a URI something you type in the browser that's going to be something like 40 bytes, 20 bytes something like that so it's plenty for that type of application but if you're doing 4096 bit RSA keys and so on, I think it won't work for that. On the other hand the alien and the boss badges have identical NFC and they're much larger they are 64 kilobits so that means you have 8 kilobytes of storage don't forget there's 2 eProms on each batch so you're not going to want to split your data in half but it's common to put more than one type of data, kind of multiplex it on a single NFC tag and you don't have to do that in this case because you have 2 on a batch as far as profiles go you didn't ask a question but I find it interesting so I'm just going to, if I can quickly find an application and see what the profiles are which I was talking about and because you can't see the screen I'll just read them off I'm going to make a new data set and I can choose and these are all standard profiles, text which is agnostic data just in text form URL or URI second profile user defined URI not sure what that is a search I don't know what any of these are a search is a profile social network, video an archive an application URI email contact, telephone number SMS, a place user defined place I'm translating from Germans user defined place an address a seal address a seal address target address a search a location search a street view an emergency information and Bluetooth URI a W Wi-Fi address and data agnostic data so there's all these things you can do any last question before we wrap up do you have a question? can you connect your badges to each other? you care if there are DEF CON badges but okay so the question is can you connect your badges to each other and I think we're talking about the village badge because they are passive NFC circuits they don't have any energy in fact if I remove the battery I can still use the NFC side so if you think along with me then that implies an answer doesn't it? because at least one of the two devices like I demonstrated before the telephone must be powered must have some battery some voltage because it's going to transfer energy the badge to the NFC circuit so that the circuit can work and that means that two badges placed next to each other will do nothing there's no energy anywhere to supply them with energy so that does not work just the same as if you have a library card with the NFC tag inside and your student card with the NFC tag inside you put them next to each other nothing happens it's always one active circuit like a telephone and one library card or whatever else kind of things with the reader always supplies energy wirelessly to the NFC circuit so I think we're out of time thanks so much for coming what's next?