 Hey, so welcome to the 27th DEF CON. Let's hear it. Woo! Are we that old? Yeah, we're 27. I don't feel old. We're really old. People ask me why I'm so young. It's just like I suck the blood out of young IT interns. I have my own little blood boy. OK, so what we're going to do is just going to talk a little bit. Like, we already saw a show of ants. How many of you are new? Let's kind of want to reiterate a couple of basic points. One is we question everything. And if you hear something or see something you don't understand, ask a question. That's the whole point of DEF CON, is that I want you, us to learn, drink, meet friends, break shit. Like, it's an experience that I didn't fully appreciate until maybe two or three years ago I was talking to a friend. He's like, oh, well, I'm not sending my team to Black Hat. I'm sending them to DEF CON. So that's really interesting. Why would you? What's the difference? He's like, well, my team's really sophisticated. You know, their experience. And so I would send somebody maybe to get specific training on specific technology to get like a little bit smarter, like sharpen the edge of the knife a little bit more. But then I send people to DEF CON to learn, to become better thinkers. That's like, whoa. Like, I hadn't thought of that. And so once you start realizing that's how other people see us. It's like, well, that's the place I go to send people to learn. It's like, well, OK, what are they learning? And it's like, that's sort of crept into the theme for this year, which is unofficially, you know, keep InfoSec out of hacking. Because I think InfoSec is great at getting new jobs. You got to get paid. But getting paid and having the skills to get paid are different than the joy of exploration, the joy of discovery. Spontaneously, you know, learning something, challenging something, failing, being OK to fail. Not being afraid to fail. And to do it in a friendly environment. And challenge each other. And I think maybe that's different. Like, if your job is online in InfoSec, maybe you are afraid to fail. Well, it's also, yeah, just because you're in InfoSec doesn't necessarily make you a hacker. And just because you're a hacker doesn't necessarily mean because the hacker world is so much more than that. And I didn't realize, I didn't really think about that either until like a few years ago, where it really is kind of started from that same nugget, you know, of people, but it's not like that now. And DEF CON has a feeling that other places just don't have. Right, yeah. And so we're really trying to embrace that. So over the last few years, we're using like, well, is it hacker enough? It's like, sort of like if you're watching Metapocalypse, you know, it's like, ooh, that's metal. It's like, ooh, is that, is that hacker or not hacker? That would be cool, but that doesn't necessarily mean we will put it here. That would go great somewhere else. More cowbell. Is it cow? Is it hacker cowbell enough? So two years ago, if you remember, we tried an experiment. We went to China for the first time. We took DEF CON outside of the United States for the first time ever. And it was really an experiment to see, one, does DEF CON travel? Like, are our beliefs or our skills transferable? And it turned out to be hugely popular. In the first year, we were the largest kind of security event in China for hacking. And I just told this funny story, which was, when we were first going to China, it was, well, how much money should we charge for the conference? And like, well, nobody's ever charged money for a conference. It's all like, as a marketing expense. It's all free. I'm like, OK. Should we do it on the weekend to attract students? Or maybe on the weekday for companies, you know, people? Like, who's going to come? I'm like, hmm. Nobody's ever done a conference on the weekend before. I go, right. No, OK. Now, t-shirts. We want to sell t-shirts. How much do t-shirts normally sell for? Oh, nobody's ever sold t-shirts before. I'm like, OK. You know, we're just going to go in there and see what happens. So we had our second DEF CON China. And at the time, I was really trying to do something special. So I contacted Kingpin, kind of trying to hypnotize him and get him to come back and make some badges and do something cool. And Joe, you're like, well, it has to be something cool. Well, you're also a hard guy to say no to. He was very convincing. But it had to be something cool and new and different because that's what DEF CON is about. So for those of you not around back then, you know, when we had the idea of a hardware badge, we went to Joe. Joe made the first badge life badge. I mean, that was Joe. And so he's gotten to see his little nugget explode. And so it's a little bit of like, well, now you're coming back, you don't want to just do the same thing over. Right. Well, it's overwhelming, too, because the resources have gotten better. So many people are creating this amazing artwork and badge life community and all of this stuff. So when I came back into it, I was like, how can I even compete with what has happened over nine years since DEF CON 18? And there was a lot of worry at first. And then I was just like, well, I'll just kind of do what I do and not try to compete. Just do my style like I've always done and hope people like it. Well, and it worked. And the original story, I don't know if this really came out, but the original story why we did that hardware badge back then is I didn't see in the community at Black Hat or DEF CON, I didn't see a lot of hardware hacking skills. There was like Kingpin and a couple people, but the skills were very limited in a few people. And I always remember thinking that if I was going to have to take over the world or overthrow the government or whatever, defend myself against the robots, we need more hardware hacking skills. And so this was a secret backdoor attempt to get the community more involved in hardware. And now it's, it worked. It worked, yeah. I mean, we didn't know, right? It was sort of like, are people even going to, they're going to get this thing and even know what to do with it or what's the response going to be. But Dark Tangent, like he just had this, I mean, this happens a lot. Like you sort of knew what, where the direction of things were going or like what people wanted. And it turned out okay. And the conference was much smaller then, but then it's just sort of ramped up. Yeah, yeah. So when I did attract Joe to come and do the badges for China, like we wanted to do something new. And so you want to just talk briefly about the, here, I'll just throw up the slide I have of kind of the history of stuff that I've done and the China one is the lower right, which is a flexible circuit board. And with some artwork on the front, sort of representing a tree. And the thought there was to build community, sort of like you're planting a tree. So you do different tasks at DEF CON. And the root LEDs will turn on, depending on what task you do, which is very similar to this badge, as you'll see. And it has a very easy development environment so you can write some code for it. So it was something to build community and to see DEF CON China, especially as this new kind of culture of hackers, kind of take that. And we had to explain to them what is an electronic badge, like what's the purpose of even doing it, was pretty amazing. And that actually, some of the response from DEF CON China is what kind of inspired me to make the US badge as it is. And so yeah, and so like we said, it was flexible. And I think at the time you were saying there's like two or there's only a handful of manufacturers. Yeah, there's not many and it's costly. And usually you see small pieces that are, you know, for inside of a printer moving back and forth or something and we're like, what can we do something that's paper thin, that has electronics on it, that the electronics are going to pop off when you bend it. But it was just something, you know, something new. Well actually, see the badge is white. The paint alone on the badge. Yeah. Yeah, added to that. It added, it gave it a little bit more thickness so it wouldn't kind of break around. And then, you know, you can see the other ones like they're definitely not as complicated as a lot of the badge life badges. The resources for even designing circuit boards and then getting them fabricated was a whole other story. You can always watch those talks. I think they're all on the DEF CON media server. But little by little we always tried new techniques, always tried new fabrication techniques, new components. So this bottom one was an aluminum. Yeah, that bottom middle one, DEF CON 18, was the last one I did before I retired. And that was an aluminum substrate with all the components on the backside, laser engraved on the front side. Just trying crazy stuff. And I remember having a conversation in a hotel room with you where we had to get the boards ready and then send them out. And it was like, do we want to take the risk of doing it? And it was like, let's just try it and see what happens. Yeah, so that's the sort of... And you've been unfortunately on the receiving side of sometimes when we try something and it fails like international shipping and customs. Some of you might remember those days. Yeah, badges arriving a little bit late or pieces falling off them. Not my badge. Actually, no, this year maybe. So yeah, so on the China badge it was like what, back lit LEDs? Yeah, so we had reverse mount LEDs that were diffused through the circuit board substrate. So each of those little dots, actually, that picture is a prototype, but the production one had the substrate, which is sort of a brownish color. So as the lights lit up, they'd diffuse. So you wouldn't really see it was an LED. It just looked almost like an ornament or something on a tree. And I think maybe the one thing to segue into this year's badge is the China badge, you would take it and physically plug it into a visualization station. And the visualization station, the art installation would then take essentially your leaves and your roots and it would give you representation on this 3D immersive space. And so you could see the community solving problems and challenges and watching the actual tree of the whole con grow. And I was like, man, that is so cool. Yeah, we've got to try to see if we can do something remote. Yeah, and it started as just bare tree and then, you know, later on again. Over the course of the con, as people accomplished more things. And that's always the, I mean, that's always the goal with every badge, with every project, every village. We sit around and social engineer, like how do we use the badge as a point for you to meet other people, you to interact or you have something that they need or an excuse to interact. And so that's half the other part is we're trying to figure out, well, is it a game? Are the games like you're infected and you're a zombie and then there's a doctor. But then it's competitive, right? We didn't want competitive, we wanted collaboration. Yeah, and so we spent a lot of time just trying to figure out how do you make it so like one person doesn't flash the instant killer badge around and wipe out everybody, you know. We have to contemplate a little rogue actors. Yeah. Okay, so just a little bit then about DEF CON, this will be our largest DEF CON ever. We're in these four hotels. We want feedback. We know we're not going to please all the people all the time, but we try to. So if you have a problem or you've got feedback, please let us know. If your badge does fall apart or something goes wrong, there's a soldering skills village. You're going to talk about some of the people are here. Some of the resources available for if you want to try to fix your own stuff. That's towards the end. Yeah. Okay, so with that I want to pass it over to Kingpin and he's going to kind of talk about this year's badge. All right, man. I never thought I would be back up here I just kind of felt like my role was done and I was kind of just competing with myself every year and sort of doing the same thing over and over, even with different technologies. And I was like, all right, well I should just step back, let DEF CON grow, let somebody else do the badge and see where it goes. But I'd always said like if DT calls me, then I'll do the badge again. And lo and behold, he did. So yeah, definitely never thought I'd be up here. It's an honor to be back. It's really great to see how DEF CON has changed and just the number of people and the variety of people and to work at such a high volume. Like I've always, I've been basically designing the badge for this day. So I can finally talk to people about what it is because it's been a secret for, I don't know, six or eight months or something and my wife doesn't want me to talk about it anymore and nobody wants to, you know, my kids don't want to talk about it anymore. So finally I could talk about it. For my type of badges, I like them to be simple, kind of unobtrusive, but have some things that, you know, hardcore badge people can work with and electronics people, but that's not the main point. The main point of this one is to appeal to as many possible people that we can because DEF CON, a lot of times, you know, you don't have to be a hardware hacker to use the badge for this and I really want people to sort of use it as you'll see kind of as a guide to how to deal with it. My thought about this was like, alright, if this is my first time at DEF CON, there's so much going on, so overwhelming, like what do I even do, where do I even go? So this badge is part of that where the actual gameplay is very simple and this is the slide where everybody who's been hacking on the badge yesterday starts crying. I didn't build puzzles into it. The puzzle is the badge quest. There's so many amazing puzzle badges out there and not XOR badges, just all the badge life stuff and that's like I mentioned I can't even think that way. I can't come up with a puzzle. My stuff is all about just trying to keep it simple, single task to appeal to lots of people. So when you power up your badge you might notice that the lights kind of blink in a slow pattern. That's what I call the attract mode and that's just the pre-state that you have to go through to achieve the final state. I'm not going to give away too much. I know people have done some reverse engineering but there are a number of tasks you have to complete around the conference and it basically the badge is to get you to experience DEF CON. So I think somewhere later on I'll mention the tasks but it's not something you can just go run around and automatically win but it really is to get you to try new things and sort of experience things because even I haven't done everything at DEF CON it's impossible to do everything but at least if you can try to do the different tasks. You meet new people, you learn new things and it's just kind of fun. So there are some hackable aspects to it but it really is more to encourage people to get out there and to celebrate that and again build community and have it be hidden for other people. So here's what the hardware looks like. I will get into the details of that but I want to at least clarify the main functionality. This is what the hardware looks like and there's kind of a few main subsystems. Probably the coolest thing is the antenna upper left NFMI on the bottom. We call that infamy because I can't actually say NFMI very fast. It's like one acronym tongue twister. So that infamy chip is near field magnetic induction and it's actually a communication mechanism that uses magnetic induction instead of like traditional RF where you're propagating RF. So I'll talk a little bit more about it later but what I want to mention I've seen a lot of people sort of kiss their badges together like magnets and there is some similarity because a magnet has a magnetic field and this badge is generating a magnetic field but you don't have to touch them together. You can be maybe up to a foot maybe a little bit more and the data is still going to communicate but it doesn't leave an RF signature. So all of you you know RF, software defined radio, badge hackers trying to hack on the communication you're not going to be able to do it unless you have some magnetic probe and you're standing right between me and Jeff or something like it's very short range which means that one of the possibilities outside of DEF CON is you can make some sort of covert communication message passing thing instead of passing papers in class you can walk by your friend with a badge or something. But it's cool. I think it has some cool covert conversive uses which actually ties back into that theme of using technology in a way that helps us and not just harvest all of our information and all of our data gets sold to everybody which is super frustrating. We have the microcontroller LED driver piezo but I tried to keep the design really simple and it actually wasn't simple but in appearance I thought it was somewhat simple. I also want to mention this the mounting options. This is something that like DT said we like to try doing new things with the badge and it's great to say that and it's easy to say let's try something new and see what happens but you still want to plan and hope it works because if we tried something new and it completely failed like that would suck. So we wanted to try this new mounting method because normally you have your lanyard you clip your badge onto the lanyard but what we thought is what if we move up the stack and bring our badge up onto the lanyard so now we free up the actual lanyard clip for badge life stuff because there's so many other blinky badges out there instead of crowding everything like you have some space and it's like the uh what is it like the Bolo tie I'm going to try this. You can like you know bring it up and be like check out my badge man so and it's like who knows what people are going to do with it right and that was actually I'm going to leave it this way hold on I just don't want to strangle myself but that was sort of the intent of like something new and see what people do with it and what's funny is most people actually just clipped it on to the clip it onto here and it was like no that's not what we wanted so we tweeted out like you know here these are lanyard straps you can mount them to different things um so I would recommend besides the normal mounting method like this which you slide the lanyard the lanyard through what I call the lanyard straps which are actually high current jumper uh bars bus bars um you can do other creative stuff so we actually made watch bands this year so if you go to the swag area I think they're five bucks or something like that and you can wear your badge like a watch or I saw somebody who made a like a neck I don't know what they're called neck jewelry around their neck and like that's cool or maybe as a pin or you wear it on your head I wanted to make a headband but I don't know how to do that um you know just something different right because that's sort of like the physical changing the physical aspect to see what I thought that was sort of fun because this is really like a piece of jewelry as well as the badge and some people might not want to go and figure out the electronics you just want to show it off and like that's kind of cool so here's a block diagram for the system um I'm not going to go super into details yet because I want to tell the story of of how we even figured why we're doing all of this stuff in the first place um but we have a um an NXP ARM Cortex uh M0 as a microcontroller which is a KL 27 that's a general purpose microcontroller as far as letting us reconfigure pins to to be different functions and that helped a lot when we were doing our layout um this information by the way these slides are a slightly earlier version of these slides and some of the badge design details are on the DEF CON media server already uh some of the firmware is there as well if you want to look through that I will post on my website the final actually an expanded version of these slides uh plus some other details whenever I can actually get to my room and do it um so we have uh the LED driver we have the infamy radio which is also an NXP chip and I'll get into the details of those um but I had you know had to have some blinky lights on there because every badge should at least blink maybe a little bit so we put some lights on there as sort of some indicators and then we have some two uh low dropout linear regulators that takes the 3.3 volt battery and then drops it down even more um that's one of the things I really like is trying to trying to get electronics working with a single coin cell that's sort of lightweight extra coin cell at the last minute uh because I didn't read the manual properly and uh one year we used like a CR123A but having these small ones makes it I think just a little little more comfortable oh I do have the details here okay so microcontroller um this really is just the heart of the system so this controls communicating to the LED driver to the radio um processing the the badge quest and uh it's just something that you need in a system um it is an NXP chip but the coolest thing again is the uh is the infamy chip and this is something where typically you see this this technology has been around for a long time but you only really see it in super high volume products um when I'd first yeah like at least a million volume um or most companies won't even acknowledge that you exist and that's a problem when you're a hacker or when you're a small company or a small engineer trying to work on something um but the way we found out about this is uh I had previously worked with FreeScale on some of the earlier badges and they had a great team of people that would sort of you know help us out and show us what's going on um NXP ended up purchasing them and one of our one of our contacts still works for NXP and I called him up and said hey I'm doing the DEF CON badge again he's like what you are and uh he said um I said what cool technologies are there he said you should check out this infamy stuff um but it's a small group of people within NXP so you're gonna have to convince them that you can they should even bother you know supporting you which I totally get because they're a huge company and we're just a small conference um so I wrote them an email basically begging them and explaining them about DEF CON and all the audience and how cool it would be to kind of share a new technology with people and um they wrote back and they're like yes we want to do it and there was like eight people or seven or eight people in this group in Belgium that was the infamy team and they they helped out a huge amount I'll get into that but the actual technology itself um is usually in hearing aids kind of body area network types of things so short range because that magnetic communication is with the magnetic field and it basically is you have a transformer we're kind of creating a transformer with an air core so normally we have a transformer with um kind of a material in the middle that kind of routes the magnetic flux to the other side of the transformer but ours is sort of an air transformer so I think about the communication as like an air high five right so like you're like hey man and uh I'm just wearing this one on my wrist but like hey man cool and you don't have to be like right in their face so I thought that was kind of cool um there are some antenna related things not that we really have to worry about for this application but the oh yeah the bandwidth where'd I put that one um oh that's on the uh where'd I put that I don't know it's somewhere um yeah here it is so the bandwidth is five hundred and ninety six kilobits a second pretty fast you know it's like uh faster than your typical modem and uh but it's actually like for hearing aids what it's used for is to transfer audio from one side you know one hearing aid to the other side to synchronize audio we do see these also there's a few applications for consumer um headphones like high-end consumer headphones so you have ear to ear and then you have ear to bluetooth which is kind of cool but the coolest one that I saw when I asked NXP about what applications are there was this like tactical communications thing for firefighters and and other kind of public service where there there was a tooth microphone like a molar microphone and that would transmit through infamy to some other piece on your body and then that would transmit over radio so like super spy stuff uh yeah so really you know this badge wouldn't have gotten done without a lot of a lot of people's help and I'll also mention that later but NXP really stepped up here um you know to help us really to help the community and that I thought was really cool the infamy radio is actually the infamy chip plus an arm core inside so you actually have two microcontrollers on this board one of them is running the radio code and then one of them is running the game code you know the defconn code uh so NXP actually assigned an engineer specifically to write the code for that radio chip uh that would be the broadcasting functionality because if I had to write that from the beginning forget it it would be not a six month eight month project it would have been a one of the interesting things is their documentation as a lot of companies that have pretty amazing technology is they usually require like a non-disclosure agreement to be said and and you know you can't release the information and uh but they they were so interested in defcon that we kind of came up with this solution where we don't have to release all the documentation and the radio becomes this black box that we can just use to send data to and that's all we need it for like we don't really have to dive too deep into it um so there is some custom code that is loaded onto the radio chip on power up and that's why when you plug in your badge it plays a little tune uh you'll see the lights kind of go from three two one that's as the code is loaded from the KL27 which has like a just a binary blob of the firmware for the radio chip and that's as it's loading so it's kind of it's kind of a neat technology there and we basically just have a few pins going back and forth like there's a UART interface between the two so if there's a valid packet that you read that gets sent over to the KL27 and then we can process it so here's a few of interest if you're if you're hacking on things um I intentionally did not release sort of the the different states of things but I will probably on Sunday um but this is the packet that actually gets sent that gets broadcast from every badge and then gets received from every badge if you're within range so there's a unique identifier um there's the badge type so there's like a ten nine or ten I can't even remember so like crazy about this there's some large number you can look in the code and figure it out um magic token flag which I'll get to game flags and there's an unused byte also so if you end up hacking this firmware you can not only transmit your own badge data but you can transmit other data right if you add a sensor or if you add something else and make some other thing with it or you can just clobber this whole packet and create your own stuff because the code is there on our control side you can just send whatever data you want into the into the radio chip and then that's going to start broadcasting it so we have the LED driver as well this one was sort of crazy this was like oh oh yeah ok right how many people can be in the area yeah so that's great so a lot of radio you know you have point to point or you might have a mesh network or something the way that this thing works is that we basically have a pseudo random generated time where each badge is transmitting and each badge is receiving and then it sleeps the rest of the time and I'll show you what that power cycle looks like at the end um so it can be a one to many or a many to one sort of situation and that can be communicating at the same time but it's more than 10 which is cool for like a group sort of chat thing to trade data between them which is kind of cool and you know NXP as they designed it like we've never done it with this many and that's part of the fun of like who knows what's going to happen and in that situation you know you can just all stand together and see if there's if the lights are blinking on your badges you know they're communicating and that's kind of cool oh yeah I'm just remembering all these worthy things um so yeah because it's pseudo random that the detection time can vary from like 5 milliseconds if you just happen to be at the right state at the right time where it might take a few seconds um which I think is maybe why people are moving closer and closer to each other as they're doing the communication and then it finally works um but the more badges you have the more potential there are for data collisions and then it waits it's you know some random number of time and does it again take and that actually comes into play for the final stage uh which I'm not going to tell you anymore than that but multiple chat group chat is required um so this LED driver you might notice the different different badge types so human, speaker, goon the ones that have colored gemstones have matching colored LEDs uh and that was a way for goons out in the conference to be able to easily identify people but that's a hard thing to do like having red and green LEDs are easy like blue, purple um and even the green the green that we have is a high forward voltage and you can't normally run that very well off of a coin cell for very long especially if you're doing multiple of them so this was a last minute edition this TI LP 5569 that takes in through I squared C a common internship communication protocol um the data to drive each LED and it has a little boost converter in there so it can take our coin cell down to about 2 volts and still drive the LEDs so it really is a very, very low power system that we have here uh and this saved us because now we can have different colors like we originally were just going to have a single color kind of pulsing and we're like that's kind of lame so here here's the fun stuff these are mostly pictures I think from this point on um some of our early concepts uh I went up to Seattle to meet with with DT um and some of the other guys and we're like what can we do when I first saw the the picture um that Jeff sent of the woman holding the laptop colors and the happiness like that just hit me so hard I was like we need something like this you know like we normally are wearing all black and I couldn't find any colors to to wear up here so I have to buy some but you know it's like DEF CON themes have been dark and this was just uplifting and I saw that and like for some reason I was like gemstones right like gems are so cool and uh we're like how can we integrate something soft natural material because technology is so much like hard and um so we were like how can we get a gem and we're like okay let's go to the gem store and buy some gems and see what works and we knew nothing about this like you know I sit in in my lab and design electronics like I don't know about jewelry um but we wanted to figure out how to make it work because it just seemed to make sense so there's some of the drawings like sticky sticky note drawings was that oh yeah that's right that's Jeff's watch we're sitting in the um we're sitting in that was that the Mexican place like if you think I'm wandering around now that was a funny meeting because I could not stop talking and um we we grabbed this and like the watch was the electronics and then the cup was supposed to be the gemstone and we're like oh well just drill through the gemstone and put the electronics inside not knowing that that's really hard because gems are like you know rock and they're hard you might have noted that but I didn't really think about that I was like they have drill bits like just drill through the thing um but didn't quite didn't quite work like that so over time we started hunting for the treasure parks that's pretty fun um but here's some of the other kind of pictures of the development process this is something that started in January um we started ordering components for this project January February before we could even verify that anything actually worked and that was scary because we're spending DEFCON's money and taking this huge risk basically on you know on the word of what people were working with of NXP who had developed this technology so if we have a microcontroller it should connect to the radio like that makes sense um we did have evaluation boards for the radio and for the LED driver just to evaluate with our computer and with some of their boards um but it was a huge huge risk and I definitely got more gray hair over this for sure um but we started with like on the left is just a milled out circuit board to simulate the badge and had some different color LEDs you can see my schematic which is like a roadmap of how the electronic circuit is designed started off as one thing and then as I start refining things and scribble and it becomes a mess and then it gets refined again this picture is of the circuit board layout I'm using Altium Designer here he's been a big supporter of me for a long time which has been great because it's an actual tool that we could do some crazy stuff with and especially with this circuit board I don't know if you've noticed but those parts are really tiny right they're like really tiny um doing layout for a system like that there's a whole bunch of crazy stuff I'm surprised not this one but we have things called Via and Pad which are little interlayer circuit board communications underneath the chips um uh our circuit board connections and it's just a very difficult manufacturing process so this this tool has saved me for sure here's some other pictures of when we got the prototypes back um so basically like we went to DEF CON China the day before we left for DEF CON China I had to get the prototype sent out to fab so when we got back from DEF CON China two weeks later we had the prototype I had seven days to write enough low-level firmware to make sure that the system worked so we could order 28,000 of them a week later literally seven days later um highly not recommended like don't do that it was really it was really really hard and there was knights of just like oh yeah don't do that um and so we went from six prototypes to 28,000 units without even being able to verify the final changes I made for production um which was really nerve-wracking because there was a lot of money even we got a great deal on manufacturing but this stuff costs this stuff cost money and I didn't want to be responsible for like the downfall of DEF CON by spending all this money on something that doesn't work so there's sort of that that stress of trying to please people and then also be within budget um which I actually went way over budget by the way so I'm going to tell you on the stage so you can't like strangle me I'm just warning you now like the ball's rolling so fast that you can't go backwards right and it was like we had to get things done for this day so we had to pay to get it done and I'm glad I'm glad it made it so part of the fun part was learning about gems and this is really I think we're kind of the hacker spirit helped out of like going into this industry going into this world of how the hell do we find a place to get essentially 30,000 units actually it was 30,000 units of a of a gem like this is even going to work so I happen to be on a trip to Texas and oh right so we have a local gem store like a new age store near near my house I'm in Portland so there's like a new age store in every block um so I went in there and like picked some stones and they were awesome like found found ones I think might work and I talked to the guy and I'm like so you know you have a few out there like can you guys get me 30,000 of something and he's like that's a lot he's like even we can't do that and I'm like well what do I do and he said well there's this show called the Tucson Gem show that's you can sort of think about think about it as like a gem show you know like DEF CON but for gem people of all levels and I see some people nodding their heads have you been to the Tucson gem show it's like it's crazy yeah gems so um it's 50,000 people over two weeks going to this event collectors retailers wholesalers mine owners everything along the way and we had 36 hours to figure out what to do um I happened to be in Texas doing some work and uh I call up Jeff I'm like hey there's this gem show he's like just go there on the way home I'm like alright so I booked a hotel in what in what turned out to be you remember like old DEF CON days where the hotels were super shitty this was like this was one of those um but it happened to be that had a bunch of vendors well actually all of them had vendors in it but this one had vendors that actually helped out um which was really good it was a good starting point and um so I got there dropped all my stuff in the presidential suite I don't have a picture of it but it said presidential suite and then there was like all this stuff tore off and you go in and it's just it looks like um uh Alexis Park or something yeah it was like wow gems um oh yeah so this was like the first picture I go down I go to the I try to find a retailer right somebody that has the connections to wholesalers to sell stuff so this this picture here is who would sell to the the local stores so your local gem store would buy from a place like this I walked in there and was like holy shit like look at all those gems and it went on and on and on for miles all around all around um Tucson so I sent this picture to Jeff and I'm like I don't know what we're gonna do so I waited even harder is I went to talk to the owner of this company and I was like yeah I'm doing this thing for DEF CON it's a hacker conference and any time you say that they're like hackers that's scary why do you want gems I'm like I'm not really sure yet something to do with lasers I don't know uh so but that's how you get their attention and it actually worked so I was like we need 30,000 he's like we can't do that I'm like holy oh my god what are we gonna do he's like but you should talk to this guy he's like you know walk down a mile sort of like walking down the strip but it's empty you go to this other building you find this other guy you say this guy sent me and um but it is very incidental like all these people know each other so it's a lot of personal connections so I ended up finding this wholesaler um but then they couldn't help out but I learned how most gemstones are shifting these giant um what are they the oil drums like you had in DEF CON China giant oil drums wrapped in paper so it's like you see you know you go to your new age store and it's like mystical you see with whatever but like they don't really care they're just shifting these massive things like they're not that special they're stones um and that really like that kind of ruined me you know because I really wanted to believe and um I don't know it's just one of many things that ruined me in this project so anyway I found a place I walked by a local place called Norcross Madagascar that's a huge company that makes a lot of like the carvings that you see of things you know different carvings that comes um and I went into they're a local company in Tucson I went in and I said uh hey I'm working on DEF CON and they look at me like who is this guy and um I ended up meeting with the president of the company the owner of this company who I don't know maybe it's fate had the same last name as me except that D was a T and people always get that confused grand and grant so that was it we like connected to that and um he was awesome so I basically sat down with him for an hour and he owns a mine in Madagascar that makes it so I'm trying to figure out we don't even know what material we're going to use yet by the way so I started talking to him and he was basically my mentor for that one hour of like you can't do it this way you know you're not going to be able to get it done you can't use glue because you have to do this and it really helped me but he was like I don't think we're going to be able to get this done in time for you I think we had six or eight weeks or something to order them um he said but you need to talk to this guy and that was it like I had 15 minutes to get to this I had a business certificate so I could get in he said you got to talk to this person there like get on WhatsApp and do it and I'm like what's WhatsApp because I don't use technology I design it I don't use it so I load WhatsApp on my phone while I'm waiting for the taxi to come and I get over there and I rush through and I run back there and I'd already texted WhatsApp whatever whatever you call it texted sent a message and said I'm on my way you know Robert that's the end because a lot of large factories you can't just walk up and say hey can you build something for me um so I went over there and met with Miss Rainbow and she like totally hooked us up I was like Defcon we have 15 minutes and she sent me samples of what we wanted and then from there it was just like to the races so pretty pretty crazy um that we were able to pull that off and I don't know why I put this in there's just like beautiful stuff right it's like even if you don't like appreciate right like earth is sort of beautiful if you get rid of the humans um or yeah you put robots instead that's gonna yeah that'll work um so oh by the way so that thing on the right that's just like a hundred million year old like masasaur fossil just in there right so you can get like crazy stuff we originally were gonna use agate so that's like dyed agate um but there's too many variations in the material to make it work so we ended up using hand cut crystal from uh from Brazil I didn't know it was gonna be hand cut I'll get to that um and as you notice every single gem is different right every badge is unique just like all of you haha I've been waiting to say that for like six months haha but it's true right like haha it's true like we really are all different and the gems are too like you know some of them have cracks right some of you got them and they were already broken that's life that's natural haha but you can actually go and fix them we have extra extra materials don't worry um anyway so the strength varies depending on the thing but it starts in the mine lower left is a picture of the mine where these gems came from middle one are are the gems in their natural habitat before we rip them up and destroy them and then on the right you can see the size of like a quartz crystal that we used about this big and heavy like rocks are heavy too by the way so I hooked up with Eon which was this um gem huge gem and jewelry manufacturer we did all of this site on scene based on the trust and the reputation of you know of Robert from from North Cross um but when the project was done when we were in Defcon China I said hey I'm already in the area can I visit the factory and they said sure so I got to actually go to the factory they already had all 30,000 gemstones done in huge boxes so got to take a picture with that which is cool but then they said let's show you how the gems were made because I thought that would be like the actual useful part of this for you to see um and mind blowing because it's not technology but it's still very technical very skilled and this is where I found out that somebody is actually cutting them by hand not like drilling them out it's very manual process um so you start with this big uh this big gem block you cut that then you put it in another machine you cut that and you make slices um that are the same width as what we want millimeters and then somebody sits with the slices and draws the outline of the badge with a pencil and then this is the cool part so here's a video of one of the one of the people there one of the um jewelry manufacturers taking a really sharp disc and then just hand cutting and look like no gloves yeah you could say I was a little clenched watching him but it's it's fascinating like to see this world and to see like this is how you know all the fancy jewelry is made somebody is actually making it every little ball of a of a bracelet or of a necklace is handcrafted and that that was pretty eye opening so the discs are made then they're they're kind of sanded a little bit more to be shaped hand shaped and then put into these super loud vibrating machines I should have taken a video with audio just to blast your eardrums out but it's a whole room full of these things that polish the gem and then some of them were dyed depending on the on the badge color um so there's me with the team that that helped out and they were the management for all of the all of the staff underneath but it was actually cool to see to see a lot of the workers and and wave to them because they're working but like they knew who I was because they were you know had made all of these for us and it was like really really cool um they're all the boxes and these are the pictures of the first dyed gemstones that really was a fascinating sort of experience and we didn't know like how would the light shine through like how would the variation be um but it was worth you know worth trying anyway and I think it turned out all right so as far as the code of the system um it's a 64 kilobyte flash device the KL 27 so we're using a lot of it and and that's with optimization turned on without optimization I was over the over the the amount of memory and and I got really scared until I realized I didn't turn I hadn't had optimization on so now I do and it's good it's just hard to debug because when you optimize code it's you know you're you're going all over your program count is going all over the place um the actual number of source lines for the project is three thousand just for the badge main main dot c basically all the library functions and all of that stuff is separate so if you look through the code just remember like I'm a hardware guy um I'm not a software developer I can write low level code and um you know previous DEFCON years I would actually apologize in my code but I don't apologize anymore just look at it and change it and you know make it do something cooler so the development environment um is also these development tools are on the DEFCON media server so if you want to set up your your project and start hacking on the code you can do it we use MCU express so which is just the standard NXP um development environment totally free we use the KL 27 SDK and that consists of some of the low level libraries that you need for different interfacing um but the badge really is a you know general purpose environment with a radio and with LEDs um so you could create some cool blinky functionality or do some other radio communication like I talked about and really expand on that for hardware hackers uh there's two different connections the first one is the more complicated one this is SWD serial wire debug which is a um subset of the JTAG standard so sort of for programming and debugging interface you need some sort of programmer so the LPC link too is what I used as the hardware interface um the black magic probe um by Peter Esden is uh also usable open source people have already been using it and hacking on it hacker warehouse has those for sale uh but you do need this tag connect cable which we have some of this hardware by the way in the hardware hacking village also um and I'll I'll get to that uh pretty soon and you plug this connector onto those test points and that will communicate you could load new code in you could extract the code if you wanted to but you already have the code on the media server modify the code loaded in and have it do other stuff you know maybe change your change your data packet to unlock everybody's badge or something um but I think for the end more entry level people who are curious about hardware hacking but haven't done it this UART interface is the place to start and this is a standard sort of communication interface used for debug outputs sometimes on devices you find it and you get dropped into a root shell a command based interactive menu so you can control different aspects of the badge see the state when you read someone else's badge it dumps the packet information so it's a cool way to kind of learn what's going on when you actually complete the entire quest um this mode enables some extra commands that are sort of artsy and hacky and like there's some neat things you can do there so um oh and this is something too this is a 1.8 volt UART most people that are hacking on things 1.3 volts or 5 low power systems like what we're using 1.8 volts and it's sort of good practice I was like well it's kind of annoying because it's lower voltage but that's part of progressing with hacking is like let's figure out how can we use different tools to do the same job black magic probe will work for this um the JTAGulator will work if you set the target voltage to 1.8 volts use the pass through mode um the bus pirate should work uh any FTDI or USB to serial adapter that supports 1.8 volts 1.2.3.4 here's a few pictures of fabrication um of the boards being made I think this one has some videos this is the assembly so if you've never seen circuit boards being assembled before uh it's cool like robots right so um here's some robots putting components on the boards there's 12 badges per panel so we made 28,000 pieces so someone do the math 2,000 panels or something I don't know it's a lot so this thing's putting the components on and then it then it shoots out of that and goes to this machine that's called an AOI automated optical inspection that optically does some computer vision to make sure that the components are right it compares it to a known good like a gold standard so this is checking every single every single board one by one to make sure the parts are on there properly um and if they're not then you'll see a big fail like a big red box fail I think this one actually says good um and this is something that's required because every step of the way there's variations in the process like the reels of components that come from the manufacturer you would expect all of them to be perfect but they're not sometimes components are upside down or whatever so this machine will test will test for that look for it and they can fix the issue before it goes into this reflow oven which is like a giant cookie making machine uh that one by one the boards come out and this is full speed so can you imagine making 2,000 of these sitting here like okay we can almost look at it now like it's almost there but then watch this it gets really fast it's like yeah it's like a pizza right and there's actually at engineering trade shows you'll see people who sell these machines and they'll put cookies through or put pizza through or something so now it comes out and then it like shoots along this rail and you're like stop like don't go don't go over the edge and it comes out and like keeps going and it's like oh my god it's going to go over the edge and then it stops so that has to happen over and over again then it goes through the testing and all of that so it really is like a long term process what's cool about this Fusion EMS is the company that I used to do this local factory that was another big decision of staying local so I could drive to the factory and say hey we're putting gems on things and they're like okay we've never done that but we can we can figure out how to do it and uh you know I was there a lot and I think every time I went there they're like oh god Joe's back um but we got it working we got the process working and here's some x-ray images of it just to show little DEF CON logo hidden on an inside layer of the circuit board that you can't see from the outside so I thought that was a cool trick yeah you need x-ray eyes that would be like maybe that would be a DEF CON 54 by the time that happens um and then final assembly we had the factory this is why we're over budget by the way the factory had to hire 20 temp workers like high school students and college students who are interested in engineering um to work at the factory to do some of this labor of putting this the adhesive on the gemstone putting the it's double sided tape by the way putting the adhesive onto the gemstone putting the gemstone on for the final assembly um and they learned a lot and I got to talk with them and talk about DEF CON and hacking and everything so it was like kind of satisfying here are the final numbers uh mostly human of course and then there's all the other ones if you want to collect them all some of the gemstones are more see-through than others so we wanted to put some cool artwork underneath so depending on the variation of the gem you can still see it uh so these are different colors and the artwork under there before we put the gems on okay if you're doing the badge quest this is important um these are the tasks that you need to complete at DEF CON the first task you do is you just communicate with somebody and I didn't mention this but it was in the slides the LED pattern of the state you're in actually indicates what state you're in so you might be like oh they're just doing something but those those states the LEDs tell you what state you're in sitting with a friend or anybody then the next five states have to be going and doing DEF CON so you go to arts you go to a show you go to a talk you go to a village you participate in a contest or you watch a contest you go to a party and that um there it's not it's not a person who has a speaker badge the goons within those different groups that are working those areas have the magic tokens they have the types and they have the flag that when you communicate with it it advances the state and the intent there was there's so many people working behind the scenes at DEF CON you cannot even imagine um like I'm in one little communication group just for the badge and there's 10 or something of us but I don't even know how many hundreds how many goons and stuff are there behind the scenes people yeah so 500 goons and then all of the DEF CON staff artists this would be a cool way to like interact with the volunteers and say thank you um and then you know give them an air high five and get your uh your flag so um I thought that was kind of cool battery life should last four days depending on what mode you're in this is amazing because the radio turns on transmits goes to sleep and it's 0.61 mA average while the radio is communicating that's very very small it's like sipping power it's pretty wild um and the LEDs are what take up the most power so if you're in the attract mode the whole time your battery is going to die sooner but we hope it should still last through the conference because four days is 96 hours and if we bring the battery down to 2 volts 2.3 mA per average and that should be okay we have extra batteries in case you know you need them and then one little extra thing that was a last minute DEF CON exclusive um because we liked the artwork in China so much interactive component we thought let's add some interactive component here besides just the communicating with each other like let's build some some crazy project and we had Zebler Studios who's done a lot of cool um uh video mapping and other stuff all around DEF CON that you see oh yeah right here stuff so cool where you look at it you're like how are they even doing that and it's stuff that's all around DEF CON that they're doing that again it's one of those things you don't even consciously notice it's just like so those guys were going to kill us because a week before DEF CON we're like oh by the way we need some artwork and what they pulled it off I built a little bit of hardware on the left that would take the badge and then process the data in an easier way for um for David to work on one of the guys working on this project where it was just an easier packet that went into Raspberry Pi and then he basically created these packets that would affect their video manipulation software which is this Resolume software and what you end up seeing is this display in the chill out lounge you go there you scan your badge it's going to show you your progress it will show you your badge type um and you know you might get some crazy things if there's any bugs in the code who knows what that's going to do right so like hack on it if you change the firmware see what it's going to do it's going to make the Zebler guys go crazy um maybe you'll break the reader but like might as well try it right it's DEF CON um yeah so there were a lot of challenges I'm not going to go into them all but what I really learned um is that you know every big project no matter how big it is like you can actually get through it in little chunks and um this really exercised like every aspect of my soul and for engineering like it made me a better engineer and it made me a more confident engineer because once you realize like all problems you can find the root cause you can fix them even though it might take a lot of a lot of time lots of uses for things if you uh you know want to hack on your badge that's cool and this is where I have to thank everybody because um you know I'm standing up here giving the talk but I don't really deserve the credit as much as everybody else who backed it who supported me um because it you know this stuff doesn't happen in a vacuum uh I'm just the one that happens to to to receive the thanks but a lot of other people should be thanked so um I do want to thank um NXP of course the DEF CON staff DT Nikita for listening to a lot of stuff because I couldn't actually talk to anybody for six months um Fusion EMS Kingbright who had the LEDs Altium and NXP of course because they had huge support um future electronics and you know it's a global effort right there's stuff all over the world actually flew to Belgium also to meet with that team there and it turns out one guy did most of the code of that team and it was like mind boggling so you know we are a global community right that sounds sort of cheesy but it's actually true and like we couldn't get stuff done if it was just us alone in our room so resources this is it final slide if you want to hack on your badge go to the hardware hacking village if your badge broke if a connector fell off if a battery fell off there's no better time than DEF CON to learn how to fix something um there's a real life engineer from NXP in the hardware hacking village actually he's not there yet he's here um guy named Anthony you should stand up so he can help you and and so he can help you get up and running load the tools hack on it I'll be around but the intent really is to let you guys go free and do this like there's no hidden puzzles that you need me for right like just go out enjoy DEF CON have a good time try stuff and thanks again it's really been an honor and maybe I'll see you next year