 So I'm Dennis Brown. I'm here today to talk about zombies and how hackers kill them. Unfortunately, this isn't the kind of zombies that you kill with shotguns, which is fun or the ones that involve people loving Twinkies, although I do. It's about the badge game we had at a conference called Kohakon, based in Rhode Island earlier this year, where we had a zombie game on our badges for the conference, the electronic badges. Let me pull one up here, like this one here. If anyone can see that, probably not. And we had a lot of good fun with it. We had a lot of good data as a result. I'm here to talk about that today, how we did this, what the data we collected was, what people did with the badges, once they got their hands on them, the havoc they created, and other kinds of good stuff. So let's get into it. So what is Kohakon? If you watch Family Guy, you probably have heard of the city of Kohak, Rhode Island. It isn't a real city in Rhode Island, unfortunately, but it's like every city in Rhode Island, if you know the place. It's also the state clam. Yeah, we're strange there. But it was a new conference this year. Regional one, we had a great turnout. It was a lot of fun. We focused on having a lot of info set tracks and having a lot of macro culture stuff, too. We had a wonderful hardware hacking area. The tool guys came to have a lockpick village. It was a blast. It was a lot like a really, really, really small version of DEF CON in some way. So we had a great time. And I'm Dennis Brown. I help organize Kohakon. I also help run the DC 401 chapter. Anyone here from DC 401? Yeah, thanks for coming. That's all of you, I think. And my day job is I am a security researcher at a tenable network security. I do a lot of malware research, or if I talk to anybody who knows tenable at all, I write nasals because that's all anyone thinks. So Nessus plug into us all. So this is kind of out of my element for something, a project to work on. I haven't done a lot of things dealing with hardware. I've never written firmware ever before. So this is a fun project to get involved with. We had a great small team of people working on these badges diligently to really make them fun and usable. And it was a great project to work on. And our goal when we started working on this was have a badge that was hackable, something that you could just sit down, have fun right away, no barrier to entry or anything. And then something we wanted to use after the con was over, so you could take it home, keep hacking on it, and maybe get something useful done with it. And there's actually some great useful things people have done with it after the con, which is awfully nice. We want to include wireless connectivity on the badges because having an LED flash or something that is kind of passive is fun. But we want to have a little more interactivity with the badges because that's just cool, right? So we wanted to also put a game in there, too, because it's fun to have a badge that will like a TV be gone badge. That's fun. It's fun to cause trouble when you're in a bar with guys wanting to watch sports and you turn off on them. But we want to have people have something active to do at the con and interact with everybody else there. So definitely that was one of our main design goals when we started. We definitely wanted to have an open source development environment because it's no fun if you have to go and use proprietary tools or ID that you're not familiar with to get going on it. We ended up using GCC, so that worked out really well for us. And we wanted to make it easy to write custom firmware for. So I'd say out of the four points here, we only hit about three of them. The ease of development or getting people working on at the con was a little bit of a misfire in our part. And I'll talk about that later when we go over the mistakes we made. So the badge design itself was really great. It actually was done for us from the start. We worked with a company called Redwire LLC based out of Massachusetts. They had this product. They called it the Redbee Econo Tag. That's the picture of it there on the projector. It's a really nice device. It uses the pre-scale MC13224 microcontroller, which is an ARM7 microcontroller. It runs at something like 20 something megahertz. I forget the exact number of megahertz. But it's a really nice chip. And the great thing about it, it has a lot of nice features. It has a nice washdog timer to make so you can keep it from crashing when some guy's sweaty shirt touches it and makes the whole badge freak out which happened a few times. It has an AES right on the chip so you can have all kinds of nice encryption with it which we totally did not use. But the feature we used it for was it had ZigBee onboard us. 802.15.4. This was excellent. This gave us pretty much everything we wanted in one package. We started working with the Redbee guys. They helped us expand upon it a bit to really make it what would be great for our conference. Another nice thing it had that we chose to keep was it had a USB connector on it which made this a breeze to flash and write custom firmware for and just expand upon it however you wanted to. This worked out wonderfully for us. The picture on here is the end product we had. And if you notice the middle of the badge is pretty much what we had with the Econotech from the previous slide. And I apologize for missing a few things on the slide there. Hopefully all the good data is there. We took the Econotech design. We changed a few things about it. We ended up with the same interface they had with two buttons and a reset button. The reset buttons on the left. We added five red LEDs on the left side. Like a little bank of five and a RGY red green yellow RGB on the right side. LEDs on the right side. And we made it use triple A batteries which we thought was a good call because if people wanted to do something after the fact they could just go to any pharmacy, any store and pick up some triple A's pop them in the badge and they're rolling once again with whatever they're doing with it. Ultimately we worked with a local manufacturer J&J Technologies out of Foxboro, Massachusetts which we loved working with local fabricators for these. We ended up with about 30 bucks for badge which we rolled into the cost of admission which made this very affordable for us. But the overall admission was $100 so this was right in our budget. It was great. We just rolled it back to the attendees and everybody seemed to enjoy that part of it at least. So the badge was really easy to code for. Like I said earlier it's just used as an arm cross compiler. If you go to the MC1322 development site run by the Red Wire guys they have all the tools in there to build the tool chain, get it all working just properly. Very easy to work with. And there's a lot of fun things you can do with it even after the con when you're not playing with your fellow con mates anymore. Josh Wright at Kohakon used the Killer B tools he developed in order to attack other badges there and really make them freak out quite a bit which was fun. I gave him a few tips on things he should try and he tried all of them and really made people freak out a bit at the conference. There's Kentucky Support. Kentucky is essentially a full system environment for the badge itself which helps you, which abstracts away a lot of the things. It gives you IPv4 access, IPv6 using 6 low pan, a lot of other great utilities for it. Essentially it's like running a full operating system on the badge in some ways. There's a lot of sample code that worked really well that was distributed with the development tools for the badge which people were using to right away write packet sniffers, packet injectors with a lot of great tools. And just the other day Dragorn implemented Kismet support for the badge itself, which I'm going to demonstrate here and I hope it still works. It's a very alpha stage. But what this does is it turns the badge into a ZigBee sniffer. So you could use this or if you purchase the Kono tag from the RedBee guys, go to your next pen test with a KON badge and try to find, maybe if you're at a skate episode they use a ZigBee find vulnerabilities there walking around to your conference badge. I thought that was pretty cool. So I want to demonstrate that here to show the kind of stuff we see. One thing I asked for before this conference, if anybody was reading on Twitter or on the DC4 mailing list or on the Kohakon site to bring your badges so now would be a good time to get them out and generate some traffic for me to actually see with this. Just one second, I'll set this up. So I'll apologize if it isn't too easy to see, but okay so let's see if we can see anything here. Sorry I hit some buttons here. If not I'll fire something else up. So this is the Kismet server we're running right now. The ZigBee, the D15.4 module is a new one in Kismet SBN. It was checked in last night so I'd advise checking it out if you want to see it. Nothing happening I'm guessing. Live demo failure I guess. Oh well. But it was in there if you have something like this or any other device that uses ZigBee, that uses serial ZigBee drivers available for this chipset and some other ones as well. I was talking with Dragarn who unfortunately couldn't be here this year, but he said he believes it'll work with the ninja badges as well this year because they use the same microprocessor so hopefully get some good stuff with this. Is this thing just failing? Absolutely. So supposedly these things have a 600-foot line of sight rates. Let's try it out. Oh hold on, let me try that. Okay so this is absolutely failing. Sorry it's really really early alpha code. But if you have one you want to check it out, just check it out of the Kismet SBN repository. It uses the plugin architecture which is pretty new in recent versions of Kismet so if you haven't used it, it's really just other modules you compile in. You can add them to your home directory, Kismet directory Kismet slash plugins and it loads right up and works fine except not right now when I want it to work of course. So let's get away from that. Yeah that sucks. So like I said earlier with the firmware we wanted to have a game for it and we wanted to be something that attendees could do while they're sitting in talks, while they're chatting with people, just to kind of pass the time, have some fun with and then of course attack in any way they can see fit. So we came up with a bunch of, we had multiple design ideas. The one we got working first and actually had fully implemented in the firmware was a Tamagotchi game which would have been incredibly lame. This was about four weeks before the conference so we were very worried that this wasn't going to pan out and we were going to be stuck with a incredibly lame firmware on the badge. Fortunately that didn't happen. We went through a few iterations and then as we were working on the design for it we landed on the concept of a zombie versus humans game where some people would be humans, some people would be zombies depending on the firmware they got when they registered for the conference and they would have instructions on how to attack the other side or maybe come another side or switch over to the other side. We implemented this in about three weeks which is an awfully short amount of time to implement something for this scale but it was hacked together really poorly. It came out to be about 4,000 lines of code total for the various firmware versions we had and the code is absolutely atrocious but it will be available on the KohoCon website if you want to check it out and criticize and laugh. So that is certainly something you're welcome to do. Next time we do this we like to have more time to implement this. I'd recommend anybody who tries to do a project like this themselves give yourself more time than a few weeks to do it. So the way the game works like I said before humans like to kill zombies which is how things work in nature. They had multiple attack modes so they could do stronger attacks but they could take more damage if a zombie hits them or they could be more defensive and not get hit as hard and not hit as hard. Zombies would kill humans using a charge up style attack where they'd hold down a button and have a more powerful attack the longer they wound up for it. And the speakers and vendors we decided to give them something special in the firmware without having a different badge for it by making them a cleric or a healer where they would heal humans and try to convert zombies back into humans. So this was just fun because we figured the speakers probably were just going to do their talk and meander about maybe not sit around too much to play with it and the vendors are probably too busy doing other things. So we gave them pretty powerful capabilities for these badges here. And then the security people we called them the muscle there and after another type of clam or shellfish where they would be able to attack anyone but they had the weakest attacks possible because they were supposed to be working the whole time and we didn't want them having actual fun. We wanted them to actually work so we put them very weak. So I'm going to do a live demo here with some badges I could use five volunteers actually to come and grab one and give it a shot just come up just come up I don't care over here over here one two three four five that's five that's good wow that's really creepy thank you so grab on the badges here you have a whole kit with some AAA batteries please put the batteries in the right way there's little marks on the inside of the battery thing and there's land use if you want to hook it up and hold it somewhere so what a pleasing design I know the green circuit board design was called how we do this very cheaply so it worked out well for us in that regard so this is the exciting part watch people put in batteries so once they have it in it'll boot up right away and load up into a mode hold yours up there this would be a human badge the one with the white or the whole column of red LEDs lit there that means they're not zombies and they can use the bottom button to change the mode they're in and the top button will then depending on the setting they have it in will send an attack packet out and if another zombie in the area reaches sees it they're hurting and they're not so happy at that point so what we have can you hold your badges around to the front for humans and if we all have humans this is epic fail on my part is that batteries in the wrong way they won't catch on fire so to make this a little more compelling I'm going to fire up one of our schools for this so we collected a lot of packets through the whole weekend we had two packet sniffers running in the various parts of the conference and we captured a whole lot of data here probably have to reset that so I'm going to run this here while people hit the button so you can see the actual Zigbee magic in the air okay so we see on the screen here I hope you can read it coming up there the QZ entries are all various packets going through the one denotes a human attack, two is a zombie, three and four are cleric attacks or heels I guess they are technically so this is what we saw all weekend long just traffic like this flowing in and out the rest of the columns here QZ just denotes the type of packet it is, the type of attack, the third power is the strength of that attack and then the rest of it is actually random data so that's just garbage if you notice one thing here where all the threes and fours always have a 20 after it I'll be talking about that shortly that was a terrible oversight in our part but anyway so his badge is flashing in and out that means he's a dead zombie so you've lost I'm sorry you've lost but you can button mash and then come back to life so zombies had a very nice feature in that regard so this is fun I have this demo with everybody having fun seeing random texts come up on the screen I'm sure okay well that's good you can just keep playing this whole time have fun kill other people yes I like how you're button mashing we'll be talking about that briefly so that's good thank you very much for helping you guys keep your badges you can have a little souvenir on the top thank you very much you're welcome yeah just give yours away because you're a loser okay thank you for the volunteers so that wasn't too uncompelling but that's pretty much what we saw all weekend that was exactly what it was like being there not really so like I said the attacks for the humans and zombies did one to five damage depending on the mode depending on things actually went up to double that if they had certain other conditions the humans are out with 500 health so they have to take hit 500 times and they also had to have defense they had other ways to defend themselves against it too so it took a while to kill somebody zombies had less health but as I mentioned if you button mashed on it you could come back to life so their health kind of didn't matter after the clerics like I said they healed 120 health at a time which was terrible this is an influence of me having played a lot of World of Warcraft back in the day where nobody wants to heal so I figured nobody would want to heal at a conference either there you go that's my priest over there so this was kind of unfortunate we should have made this much lower because there were actually people in the vendor area tweeting saying hey low on health come over to our vendor booth and we'll heal you up which is great advertisement it's a way to get people to your booth but kind of impacted the game where a lot of people didn't die like we wanted them to because I was definitely on the side of the zombies for this so that was pretty interesting and there's also another badge which I don't have a demo of here but it ran in God mode where I could turn people into any mode they wanted me and one other person to have the God mode badge because you didn't want that getting out too much but in the end of the day it ended up being a prize if you're able to hack your badge properly and get to this mode this was really fun to play with actually because once I noticed the healers were having a little too much fun healing and advertising on Twitter and getting really upset if people were trying to attack them where they would be physically running away from people although that doesn't matter guys unless you're really really fast I had one point where I was intent on getting Dan Kaminski who was very happy to be a healer and very upset if people were coming after him following him around trying to turn him into anything but a healer but unfortunately didn't work and there's reasons why so when we roll all this out we made a few predictions okay what are we going to see people doing with this what's the kind of stuff they're going to want to do to really mess with us well the first thing I figured well all the packets we didn't those were unencrypted but all our packets were encrypted and we chose intentionally bad quote-unquote encryption so people would actually crack this and not really have the whole weekend spent saying oh I don't know what's going on or just doing a simple replay attack or something like that but we did expect that kind of stuff we didn't expect replay attacks especially if they cracked the encryption we expected them to actually totally own the game which a few people did we expected hardware hacks people putting like a 555 timer hooked up to their attacking button and just constantly auto attacking the whole weekend long we didn't really want that to happen but it was certainly a possibility to a point and then we knew people would do things we never expected and boy did we miss the mark on some of them so on April 23rd we opened up the con at 5 p.m. start distributing the badges we wanted the about 5% human badges attributed 30% zombie the rest for everybody else and the first day went pretty much as planned the humans there was just so many of them they didn't really care what was going on they hit buttons they wouldn't see anything happen so they just said oh this is great I'm going to go enjoy have a drink and see what's going on the zombies saw things happening and they were very excited because there were way more humans than there were zombies so they went on the attack and really try to get a foothold of more zombies in place than humans so I was certainly encouraging this to telling everybody who could attack as a zombie to definitely attack as a zombie because the humans needed to die so they did so the first day Friday night really went as planned it was a lot of fun we'll see the data in just a moment here but on the second day as soon as people woke up and had some time to play with things really strange things started happening in the data now this graph here I apologize if you can't quite see the top of it is what we saw on the very left hand side you see I apologize if it's hard to read but the very left hand side the big spike you see there are the zombies and those are the people like I was saying get everybody all the zombies need to attack the humans were attacking a little bit they were there but they didn't attack anywhere near the volume of the zombies that they did the next day however if you notice all four colors on this graph spiked all the way to the top and they did a little bit later on in the day that evening too so I looked at this data when I first saw it and I was like this is really strange why would we have all these attacks like that so we had to go through the data dig through and investigate and we came up with a lot of interesting results which I'll get to in a few slides here so one of the things we did see were hardware hacks we saw a lot of neat people trying to do things with a badge to affect the game directly which I thought was great unfortunately outside of predicting that people were going to use like timers to automate their attacks we didn't really provide any good ways to use the hardware to use the game directly and we actually wrote into the firmware a time out so they wouldn't actually be able to automate their attacks because we didn't want people just flooding the network full of packets all weekend long that was no good that would really be detrimental to the quality of service so to speak so we rate limited all the attacks nobody was able to do anything about that and some people tried other people this also prevented people from mashing the buttons like we saw one of the volunteers doing while he was up here where it really didn't matter you could only attack once every five seconds and so people had a lot of sore thumbs as a result for no good reason the buttons were not very friendly on the thumbs but this was great because it stopped many of the automated attacks we saw and everybody just we didn't tell anyone so we had a lot of fun laughing at people the whole time so there were some moderately successful attacks depending on how you define success probably the most impactful event that happened was one guy had a fuzzer he just took some of the sample code we had said well I'm just going to throw random junk out there I know how big these packets are I'm going to throw random data and see what happens and it wasn't entirely predicted by us and we didn't really think someone was going to actually flood the network as much as they could the entire weekend long to essentially shut down the game in a few ways which was quite unfortunate he made people's badges were changing modes really strange things as a result things we didn't really predict and it essentially just turned into a giant denial of service attack on the conference for the entire weekend the badges just did not know how to handle this we didn't do anything smart like check something on the badges so that was really a poor call in our park because every packet was essentially valid and this really confused the attendees and myself for quite a bit so we collected about 30 megs of logs which was the data you just saw on the screen there so 30 megs of just those 10 or so characters is a lot of data and the attacks we saw we saw 39,000 in change successful attacks and this includes a fuzzed attacks and other automatically replayed attacks that were of a valid type but we didn't really differentiate them we couldn't differentiate them from what was actually fuzzed and then we saw one and a half million fuzzed attacks so the people who are doing this kind of stuff they were just firing out packets as fast as possible and really really messing things up you can see afterwards in the data though what we have in the screenshot there is an example of what they were doing the third column there is the actual attack type the valid types were 1 through 4 and 99 for the god mode none of these were valid all the data here was clearly just being randomly generated and this had just such a devastating effect on the badges it was fun to a point so fuzzing aside people did similar things with packet replay which was very successful there were at least two people I know that were at the conference who actually figured everything out started replaying packets and just started impacting the game however they wanted this was great if you want to have an automated attack you just have to make a custom firmware which was very easy to do with the samples start replaying a captured packet that you saw that you knew was a valid attack and just go to town on it and it worked really well for them this got around the rate limiting code we put in place because at this point it's your code you don't really have to apply to ours at this point and some people actually did this to replaying just generating some random data in there but using the proper format and inferring what was going on by watching other packets and they actually accessed the god mode packet these ways but they didn't really understand what was going on they just were replaying what they saw and replaying it a bunch of times and seeing everybody's batch freak out so the way that this got a lot better was when they cracked encryption now we use this very very high tech thing called XOR if we did this intentionally because we wanted to make it fun if the one line there is just a sample of what a packet looked like raw the first byte there actually the second byte in this line is the XOR key itself so every packet that went out we had the key in it so this made it pretty easy to figure out what was going on and then the second and third bytes there were the packet type and the power of the attack or just look into the other parameters that passed through for the function and the rest of it like I said earlier was junk once people started cracking this the whole game opened up everybody just started saying okay what can I send through now what will work I know I can send valid packets of any type I want let's see what happens and this is where people started having a whole lot of fun another way people didn't have some really good luck was by brute forcing as well especially once the encryption was broken we were seeing people just going through trying everything they could to figure out what was going on and they essentially mapped out the entire protocol this way especially if they were in closed quarters without a lot of other people around direct actions of what they were doing on other people's badges so that was a lot of fun we had a excuse me so we had a few obvious attempts of what was going on here I'll show that right here this was clearly one person or maybe multiple people I'm not exactly sure because we just collected the data randomly collecting or just trying anything they could they started replaying the same numbers through the different power fields here this may have had an effect if they weren't using zero as the packet type that was an unused value so this was pretty interesting where people are just firing away at crazy trying to see what they could make it do and then someone smartened up here and said it's probably awfully hard to read but they just went through and iterated through every kind of packet there was to see what would happen trying at first in the packet type column which they didn't know at the time of this they just tried one column at a time then again at the packet power column this was really smart this actually was pretty close to actually breaking the entire protocol for the game and figuring out what was going on and except for the part that having zero as the other value would essentially make all the attacks be of zero power which obviously won't hurt anything oh and then like I said in the slide previous the attack type of zero so that didn't do anything either so whoever this was was just a hair away from cracking everything that was going on and but just didn't quite have it so unfortunate for him but this is definitely the way that people were going through and thinking about how to attack this trying to crack what was going on in these packets figure out what was going on and ultimately people were figuring this out people were generating any kind of packet they wanted out of their badge and including the God mode stuff which was letting people walk around in just nuke entire rooms and turn them into any kind of thing they want even make them all dead which was a lot of fun for everybody so that was definitely the grand prize for the badge hacking that was going on so we learned a lot of things from this here one thing we learned is when you're playing around with something especially something small scale like this in a confined area with people who know what they're doing you really have to prepare for denial of service attacks they really ruined us for the game essentially every time that one guy would walk into the room one guy knew who was doing it walked into the room room pretty much shut down the game was in action for a bit if I think I lost a slide here but go back to this so the big spikes we have here the ones where all the colors are going up the same that was when this one guy would walk into a room with his badge that was constantly fuzzing because of that when everything shut down things were just going nuts and you can tell when he went out for the night to check out Providence when he came back to the hotel around midnight so this guy was a walking denial of service attack so that really sucked we got to make sure we do something about that next year the one thing we really need to do is put checks on the packets maybe we're using a lot of just really fake packets they weren't really valid ZigBee packets or anything at all but it was really just what we got to work in the three weeks we worked on it it would be a little nice if we made something so check for a valid packet make sure replay attacks don't work and make sure fuzzing doesn't work in the future but it's nice it's kind of fun to track people at the same time so that worked out pretty cool sorry about that the one thing that was cool about XR encryption was it was almost good enough for the conference to last about 24 hours from when the first badges went out so people would have to work on it off and on for a day and then actually have something that they could play with based on the data we saw people started really doing strange things and really started doing what looked like brute force attacks after about 18 hours so I don't know I guess that's if you take a sample of 250 people someone will crack XR encryption in 18 hours so I want to quote me on that metric but I thought that was pretty cool one thing we need to do definitely next year is incorporate more hardware hacks into the game this was probably one of the more complicated parts of it sharing down the 5.5.5 timer attack approach was really unfortunate especially since somebody tried it because only one person tried it where maybe nice to have some way to influence it that way that's definitely something we thought would make the game a lot better for next year and really improve upon things quite a bit so but at the same time a lot of people had fun with the hardware it's a really fun platform to work with add things onto it has a lot of extra GPIO pins so you can start putting things on it like you wouldn't anything else really fun I would really recommend checking out this whole hardware platform and doing what you can so I have a little conclusion here but not the finale so to speak in the end the humans did win mostly because the zombies couldn't do anything about it so that was unfortunate but that was the reality of what we saw and we love it just the same because people had a lot more fun with it that way having Zigbee involved in badges like this is a whole lot of fun if anybody is trying to come up with an idea for their own conference their own whatever functionally to have some sort of ID I'd really advise checking it out this chip here is in about the $15 range for the chip itself so you might be able to whip up something pretty low price we wouldn't have anything really fancy here an integrated antenna onto the board and a few other components so you could probably do this even cheaper if you really tried but it was a whole lot of fun and people really really love messing with their fellow attendees they love making problems for other people watching people actually just saying I'm attacking just so I can attack you was a lot of fun and people really got to kick out of the badges they're really functional they really worked out well and we were happy that we had something that people have gone on to use after the conference so that was pretty great this picture pretty much sums up how it all went for us we set up a cardboard box near the exit saying recycle your badge here and all we got was a napkin that said sorry way too cool so that was a nice validation that everything went well at the end of the day and unfortunately we didn't get any badges back so so I have a bit of a spoiler here that we're going to be doing this again next year in Providence, Rhode Island the end of April and then April 29th through May 1st at the same places last year the Hotel Providence which was very gracious to us and we're trying to come up with a badge of sign for next year now we definitely want to do it earlier to give ourselves more than three weeks to code the thing but we're thinking about going to this chip here the ATMega128RFA1 which is based on the Arduino platform one thing we found from doing this contest was when people were trying to do the badge hacking most more people had experienced with the Arduino than they did with the GCC or any other processors out there so we want to enable that and let people help figure that out and start being able to do things while they're just at the con attending and having fun the picture you have there is from a that's from the Dresden electronic company in Germany I forget the exact model number of that chip there but they saw that as about 21 euros right now I think for the price of it so it's about 20 to 25 bucks I guess US but it's pretty cheap the chip itself just for the ATMega chip is actually much cheaper so hopefully we'll be able to do this better and cheaper next year but just like we have with the chip this year hasn't embedded ZigBee components in it we might try to do an LCD but I think the Ninja Networks guys beat us to that this year so that's unfortunate but anyways it's also subject to change so if we find that this is a bit out of our range or things get a little crazy we'll probably just go with the same thing we had this year and do something similar but we hope to see everybody there it's going to be a really great time and it'll be really fun so that's about all I had is some special thanks I want to thank John Duckstuff for being the guy who took care of everything last year we're dealing together Dragorn for his edition with Kismet where if you get your hands on either one of these badges or the red be a Kono tag it's a really great enhancement especially if you're doing anything involving ZigBee at all it's now in SVN so go check it out the redware guys were excellent working with us helping us out getting the entire badge design essentially people have play testing like me and the kind attendees which really made this into a fun experiment for us to figure out what was going on see what kind of attacks people would do and go on from there and we had a lot of fun doing it and everybody seemed to have a good time so I'll take some Q&A now I have a few, I'm a little early here I think the demo didn't go exactly as planned but if anybody has questions we have to answer them now yes over there how many badges did we end up making was the question we made about 250 I just think it was exactly 250 we got them all produced locally in Foxboro, Massachusetts which worked out great for us they cut us a nice deal for helping them letting themselves advertise during the con we were happy to go to the local provider too when we did the initial batch we received about 25% of them were broken or had some sort of flaw with them about a week before the cons that made things really hairy towards the end there we had a lot of emergency soldering and emergency shipping and stuff to do which was a lot of fun but in the end it all worked out pretty well so we had enough for everybody any other questions okay I think that's it thank you oh one back there actually oh thanks we have plenty of time so come on up and yell it and it'll work better oh thank you I'm sorry actually we don't we had very few coming here and we saved them for the demo so it was very very tight at the end everybody kept theirs nobody wanted to share theirs after the fact I think that's it go