 So, welcome DEF CON 21. Last year was DEF CON 20. This is 21. Welcome. We thought about calling it DEF CON 20 plus plus. So, last year, surrounding the badges, there's always this little bit of panic here. So you guys aren't getting any audio, are you? So this is me saying basically this is my empty lanyard. This was Wednesday afternoon last year right before the conference started and me holding up the lanyards and saying, yeah, where's my badges? Where are they? That's the kind of stress and panic that usually surrounds the creation process with the DEF CON badges. We try and keep pretty tight security because every year we have people that try and figure out where we're going to fabricate. We've had people contact the PCB FAB houses that we've used before and actually social engineered them into making a set of badges for themselves pre-CON. We've had people contact the PCB houses post-CON and get Uber badges fabricated. So it's been quite an adventure trying to maintain security just around the badges themselves. And with a security conference, it's kind of, you know, it's not really malicious per se. It's more of a trophy and a demonstration of skill. But it's, you know, it's fun stuff. So this year, I've had quite a few discussions with Jeff, dark tangent. For those of you who are not familiar with some of the traditions and things surrounding DEF CON, how many of you have been to DEF CON for more than five years? So the noobs outnumber the seasoned vets here by quite a number based on the hands that you guys have been raising. So one of the things that you'll notice with the DEF CON iconography is we've traditionally had a series of three what I call pips associated with us, which are the rotary dial. Those of you in high school, you know what that is, right? Yeah. So if you see the goon badge, the rotary dial actually is a brass knuckle. But so hello. So the rotary, are you getting this? It sounds like when I talk, it cuts out. The rotary dial was part of our culture because back in the day when we didn't have yield internets, we were all using BBSs and phone lines. And as a poor kid on a Commodore 64 with a 300-bot modem, the only way you could connect to anybody else was to dial up. And so it suddenly became valuable to get these sprint and MCI codes to be able to reach out and touch your friends, you know, on, you know, phytonet and all these other BBSs. So it became a really big part of hacker culture to be able to get free long distance. The smiley face with the skull and crossbones has kind of become kind of ubiquitous with DEF CON as well and kind of our traditional symbol kind of ties into the whole piracy security aspect. And then of course the floppy disk and again all you high school guys out there, you know what that is, right? And then it's a later disk. Oh wait, I mean zip disk. You guys don't remember those, right? How many of you have a pile of somewhere in like a back closet? Yeah. Anybody still using one? Yeah. I'm sorry. So I was talking to Jeff and I said, you know, we've got these symbols that are on our lanyards, they're on our programs, they're on everything and haven't really kept up with the times. It's more just a tradition. We need a fourth. We need to round out the trifecta here. And so I asked Jeff's permission to introduce a new symbol that will become part of the DEF CON iconography. And I did this pre all of the Snowden garbage that's going on right now which is really scary that it happened on the timing. And so I've introduced the keyhole. Now when I went to Jeff with the keyhole I said, I think it's timeless. And it fits in several different aspects of our hacker culture. I said first of all, we've got physical security. We do the lock-picking stuff. The lock is indicative of that. Locks and keys and keyholes are also usually represented to represent cryptography. So I think that we've got the crypto aspect. And I said there are also a lot of times peeking through the keyhole, listening at the keyhole. A lot of mystery novels you'll see will have the magnifying glass and then a keyhole in the guy, you know, up there or you'll see the eyeball peeking through. So I thought that it was appropriate to introduce. And so from this point forward, when we do all of our designs and everything else, instead of the three circle symbols, we will have the fourth. So you guys are really quiet. So another tradition that I'm going to break. Oh, and side tangent. So I kind of pictured this year as you know those magicians famous secrets revealed where the dude wore the stupid hockey mask and told how all the magic tricks were done on like a cable show. And he did that so that the same magicians couldn't keep reusing the old crap over and over again. This year with this breaking of traditions was kind of my foray into, okay, I've been doing a lot of the stuff for many, many years for DEF CON now. But my personal challenge is to try and best myself every year with badge design, crypto, game design and all the things that I touch. And one of the ways I'm motivating myself to do some really good things moving forward is to do this as kind of my DEF CON's greatest secrets revealed so that I can't keep pulling the same old stuff out and keep retreading because I think it's a cop out. So one of the things that we also never do every year is we always hold the Uber badge and information regarding the Uber badge back until the last day of the conference on Sunday when they're awarded. How many of you have no concept of what the Uber badge is at DEF CON? Okay, so when you attend DEF CON you get badges that basically say I paid for the conference. They say what level you are and you'll hear us say human and inhuman. That's because the general attendants and populists are referred to as humans and everyone else are inhumans. That would be vendors, the press, the speakers, I'm getting there with the press, just wait. And so you have the human and the human but you also have a very special badge every year that is known as the Uber badge. Now we like DEF CON to be a very interactive conference. It's a put up or shut up place. It's like everybody talks about a big game. Everybody is hacked to Gibson. Everyone has trained with Bruce Lee that does martial arts, right? So we like to have audience participation. We have more contests than I believe any conference at different points we have between 40 and 80 contests running. Some of them are incredibly difficult and challenging. Some are just for fun and you'll see them going on as we go. You may have noticed some of the crypto that's involved on the graphics on the floor out and in the program and in your lanyards. So if you come to DEF CON and you compete in what we call a black badge competition which means a competition that warrants enough effort and skill, you are awarded a black Uber badge and that is free entrance into DEF CON for the rest of your life. To give you an idea how rare they are, last year we had roughly 15,000 people attend and we gave out about 15 Uber badges. So it's a very elite club to have a black Uber badge. It's more bragging rights in the community than anything. But it's kind of a token of appreciation for people who share or demonstrate skill. But the Uber badge, because it's awarded at the end of the conference, you usually don't get to see them or know anything about them until Sunday at the closing ceremonies. And you'll see people that have Uber badges will often wear them from that point forward. So you'll see some folks that have badges that look like they don't match within the theme of a year. That's probably an Uber badge from previous years. Excuse me, I'm going to grab some water. So breaking with another tradition, I said, hey, Jeff, I want to show the Uber badge on Thursday. And he's like, man, what are you doing to me, Ryan? He's like, you're adding key holes, you're going to want to show the Uber badge, you didn't dye your hair this year, you're not wearing a hat. He's like, the world is changing, I guess. So if you've noticed on your map, there is a room listed as 1057. That is the room that I will be in and I will have Uber badges on display for people to handle and look at. And we'll get more into what they are later on. Before I move forward in that, the final interest, I'm getting feedback here. So the last thing that I asked Jeff, and this is a doozy and I just thought, man, there's no way in hell he's going to go for this. So those of you came here expecting an electronic badge this year. This is kind of my, it's electronic but not electronic. I wanted to do a TikTok cycle on badge design where I do a year electronic and a year non-electronic. So this one is kind of faux electronic in some ways. It is a PCB. But the reason I want to do that is it becomes passe. You go to other conferences now and everybody's got a damn electronic badge. We started with the Blinky LEDs and we moved up from there all the way to last year where we had a processor with 832 bit cores on a single dye with a propeller chip. So I don't want it to get people come expecting, oh, where's my electronic badge? Because for my competitions, if you know what to expect, it gives you an unfair advantage to those who are new. And ironically, the year that I did the titanium badges that were non-electronic, I had far greater participation by the attendees in the competition than I did last year with the electronic badges. And I asked people that and it appears as though people just don't want to mess with the electronics at the conference. It's a very small subset, about 10 percent. Because if you're not familiar with an architecture or the language or the tool chain for a new chip, you don't want to come to DEF CON and use up your three days here, you know, sitting at a laptop trying to figure that out. So I went to DEF CON and said, you know, one of the really iconic parts of DEF CON is the badge. And we keep it secret every single year until the conference starts. And I go, I want to tell them about DEF CON 22's badge at DEF CON 21 so that they have a year to prepare. And he didn't get back to me for a while. He said he had to think about it. And he said, you know what, let's give them partial information. Let's give them a little bit of information because next year's badge will be an electronic badge. The games will be every bit as intense as they are this year and as they were last year and the year before. But we want people to be able to get exposure to the tool chain and the chip and the architecture. So we're also going to release a monthly blog that's kind of a mini how-to on how to develop or program for those of you who are just straight coders for what the badge will be next year. We won't give you the details and specs on what it does. I had prepared to announce what the architecture was today. However, I was told and it was actually pretty exciting because it's a processor that is not yet released. And I was going to be able to say, hey, we're going to be one of the first groups to get our hands on this new architecture. I've just been told that based on their last engineering run, they're not quite sure they will be able to deliver chips to me in time to get next year's badge produced. That being said, I've got to wait to tell you what that architecture is because if they can't get me that architecture before next year, then obviously I can't do it. So I can either confirm nor deny that. So I've actually kind of set a deadline that by December this year, if that information hasn't been really ‑‑ if they haven't told me that they can source that chip for me by December, then I'm just going to pick a different architecture. And I can tell you that my fallback architecture will most likely be an MSP430 or something in that series from TI. So anyway, secret information, you're already seeing where it's kind of like my doc dump. You guys have like hacked into my system and you're getting all the secrets in my information. So I'm going to have to go back and rethink my security cycle like us. So here on the screen you'll see some of the CAD work that was done for the Uber badge this year. And I normally use Altium for my design stuff, for those of you who are familiar with the toolchain. But I wanted to use software that would be able to be accessible for free to everyone. So all of the badges this year were actually designed on the free version of Eagle. And for those of you who do design work, you know that's like that's in a door over and over again. It wasn't fun. And I found some really cool errors in Eagle. Like there's an error that comes up occasionally that says too many pixels in the Y direction. What the hell does that mean? It's like a PC load letter. And being a hacker, and it was also in German underneath. So being a hacker I took obviously my work and I rotated it because I wanted to see if there was too many pixels in the opposite direction. There's not. I still don't know why I got that error because I couldn't reproduce it just by because then of course you start reducing at a time to find out where that extreme is, right? So this year's badge, the Uber badge specifically is an homage to my grandfather. My grandfather was a watchmaker. He told me that when he was in watchmaking school they would basically hand them raw metal stock and they had to make a watch. That included making the screws, the springs, the case, everything. Since this is something I just started doing since last DEF CON, I didn't have that level of skill or the equipment to do that. So I ordered some of the parts preassembled but then assembled those parts for those of you familiar with watchmaking. I couldn't possibly do the hairspring to the balance wheel myself so those came assembled. If you look at the graphic that's on the bottom there, most mechanical watch movements only have five main components and I had this whole cool spiel prepared to show how we could map security and hacking using the watch to move that forward but then I decided I can't share that with you yet because it will ruin some of the badge that is happening this year. But if you go across the bottom you've got basically a mainspring and then your gears to transfer the energy from the mainspring then you've got your balance wheel and your escapement which control how that energy is released so that's kind of like your firewall and then at the end the five and the six are displayed to show you the time. So all of the glass that's on the Uber badge is an actual, they're actual watch crystals on them on the front and the back. I don't know so it's really hard to sleep when you have 30 of these ticking in your room. And I'm getting to the point now where I've just started blocking the noise out because I've been working on these for so many months I just tick tick tick tick all the time. So there's some of the movements out with the PCB on top, one of my desks. Thank you somebody clap. Yeah, they were just a little bit of work. So all of them were hand assembled by myself for the Ubers and that's why I can only do the Ubers like this because there's no way I could possibly get 15,000 badges done for all you guys, sorry. There's a few more pictures and I'm going to leave that one up there for a minute in case anybody is participating in the badge challenge because I thought they might want to get a picture of the code that's on the back there. Geez you guys are quiet. This is AFKON. You know, the people that are new here you're supposed to make noise and yell at me and throw things and yeah, thank you. This is not Black Hat. I mean this is not an infomercial or a trade show. What's that? Are you done? No? Yes? 10 seconds. By the way, the copper that's underneath the solder mask doesn't quite show up in the picture but it does. Some of you may have noticed that on your own badges. There's some... We'll get to that in a minute. One of the other things we did this year more variations on the badge than ever. Up until the time I started doing the badge design we always did here's your human badge, here's your press badge, here's your speaker badge and there was only one human badge. I started because I'm a masochist I guess doing multiple human variant designs and variety and flavor and it gave me more of a palette space for the crypto challenges that I was creating for you guys. So this year there are more I won't tell you how many because that's part of the game is for you to figure that out. There are more human variations than we have ever had. In addition to that there's us doing some of the sorting of badges then to make sure that when we distribute them there was a mixture because one year last year actually the registration desk we're taking the boxes as they came in and of course even though there were multiple designs they came grouped together so all of a particular badge were going out like on Thursday and all on Friday and it prevented people from moving forward in the game because they couldn't find the other variants. So we actually hand mixed up all of the badges this year. So like I mentioned before we have these things we call non-human badges. You will notice that all of the non-human badges this year are in fact face cards with the exception of one. That would be the press badge. The press badge is a deuce. And for the slow kids in the audience that is my fuck you to the press. Oh deuce, I get it. It's spelled differently. So the one on your left is the vendor badge that's why he has the bitcoin. The one in the middle you got to figure it out but the base behind him is a G and L base. So I added two new card types because no poker game would be complete without the ability to get the hack hand. So I introduced the hacker card and the crypto card in place of the two jokers. So now if you get the hacker the crypto and ace and a king you have the hack hand in your playing hand. So the intent there was to add some variation to other card games and things like that. By the way, those of you who have purchased some of those decks they came with two hackers in them because they did a misprint because everything I do seems to get screwed up in production somehow. We actually got the crypto cards printed and overnighted and we have them. I'm going to have them in my 1057 room. So if you bought one of those decks bring it in there, show me the deck and I will give you one of those crypto cards. So there's your hack hand. Is that one? Yeah. Limited number. I think we made like 2000 or something like that so there's not very many. In fact if you guys like them we may just do a blank run for next year or whatever. So big things in store for next year. So I've already been talking with Neil and we've been talking with DT. We think we've got a theme picked out. I won't release what the theme is but I was very excited that Jeff actually gave me permission to tell you guys that we're going to release information about the badges and it feels kind of wrong and kind of dirty to be breaking tradition like that that we've been doing this for so long. But I also think it's time to move forward on some things. And just like in this security field if we don't continue to innovate and move forward we'll stagnate. And I think that's starting to happen in some areas. So I really think we need to push the envelope and I hope that's what we do here at DEF CON as well as you do when you go back to your respective schools and places of business. So, well, thanks. People are finally clapping for me. Yeah, come on. Innovate. Aren't you going to start a shit being broken? Come on. So if you take a look at your badges some of them, not very many but some of them are four layer boards not two. And I won't tell you which ones they are but they are the ones generally the general populist badges are a two-layer PCB with exposed copper and a solder mask and we're designed in eagle the artwork could be done as vector art in free program like Inkscape. So technically the entire process of fabricating your own creation which is what I'm hoping to inspire you to do those of you who've never even thought of it you can go download free tools basically crank out a circuit board like the one you have around your neck a circuit board which is what they are they're printed circuit boards, PCBs maybe there may be other things it's copper you can solder to it just because it doesn't look like a pad doesn't mean it might not be so anyway you guys like them? You guys make the cotton for me you do I put a crap ton of work into the stuff that I do it's a unique challenge to design cryptography puzzles that are designed to be broken with the temporal space of about three days four smart people like you because you're all smarter than I am and you are I'm just like this retard in my closet with a solder and iron and I slap stupid crap together and I come here to DEF CON and I barf it out onto you guys and you actually solve this stupid crap that I put out there every year and I'm amazed every single year somebody solves a piece of the puzzle in a way that I had not even thought of and that's why this is a hack ton that's why these are my people that's why I can come here and do stupid crap like that one time a year this is my one time a year I can go in a large group like this and not feel like that odd duck or like I have to explain my t-shirt or I have to explain why I did what I did and I hope you all feel that way too and the hope for you guys that are new to DEF CON everything that I do in these contests is designed to make you interact with each other because I know most of us tend to be introverted based on personality types that gravitate towards certain fields like aesthetics, I'm not I'm used to looking at my own shoes I encourage you to talk to each other you have an icebreaker around your neck you have an excuse to say I haven't seen that bad yet in order to see that you have to be close to someone you have to interact I encourage you to do that I also encourage you to do that because it makes solving the puzzles easier and it's actually impossible to solve the puzzles this year without looking at other people's badges in the year before that because to me the most important thing that comes out of DEF CON are the relationships that are built here that then produce other fruits that might not otherwise be out in the world because I think there's too much wrong with what's going on there's too much wrong in security we've seen a lot of bad stuff coming out in the news lately and you all understand we're odd we're the odd folks if you go out and you think about you have somebody on the planet and it's kind of frank so anyway I'm glad you're all here welcome to DEF CON 21 to be more lively than this for your other speakers this is just the opening ceremonies but the speakers here enjoy it you'll have speakers up here that will be drinking while they present they're going to want to talk to you and if somebody starts talking bullshit in one of their speeches call them on it okay so welcome have a great time do I release the hounds now what do I do oh you guys want to hear the TSA security story so I hand carried the ubers in several of the badges and I had them in a box wrapped up and duct tape shut with black duct tape probably not the best choice and I took it in my carry on because I was like there's no way in hell that I'm going to check this because I mean this is real glass these will break and so I checked the box and the lady's looking at me and she looks at the screen she looks back at me and I see her eye kind of raised and she looks back at the screen and then they do the whole call someone else over you know according to Bruce the security theater began curtain rows and acts one started so the TSA had another gal come over and look at the screen the other side of the X-ray sir is this your bag yes it is would you mind because it was in a box inside of my carry on so she goes I'm going to take it out and I was like go ahead please be careful it's fragile so so don't ever tell TSA something's fragile because they take that to mean explosive I guess I don't know because so they open up my bag and once you open the bag then you can start to hear the ticking noise that's going on TSA doesn't like little boxes wrapped in black duct tape that tick that show up with extreme amounts of metal in the X-ray not good especially when there's a big fucking skull on it it was fun and I'm glad I made my flight how's that and consequently that's not the first time this has happened to me coming to DEF CON I've had the mystery boxes declared as bombs at least four separate times coming to DEF CON and we've had hotel security here as people competing in the mystery challenge here carrying these metal boxes with mercury tilt sensors on them so they're balancing them very precariously because if they tilt them the box begins to wail because I'm a jerk I'll give you this one and then I'm going to let you go I had these thick steel boxes that were made out of a tube and they had locks on the top and bottom and I put the mercury tilt switch inside so they couldn't tilt the box but they had to pick the bottom lock first so they've got these big ass heavy boxes that they can't tilt and they have to go up through the bottom so you've got people holding these boxes that weigh like 50 pounds over the head of some guy who's underneath trying to pick the lock from the underside and so here's security walks by and here's these guys and there were blinking lines on the outside look like a bomb so anyway yeah those are the kinds of stories that I will never forget about DEF CON anyway thank you very much have a great conference