 Ladies and gentlemen, the dark tangent excellent. I don't know. Has anybody seen Joe yet? I hear he's given a talk in here pretty soon Yeah, he's on the FedEx truck Yeah, I mean I just saw him he's around here somewhere Yeah, so the bad he's gonna tell you a big long bad story And I'm just gonna give you the really short version of it But first I want to welcome you guys to come into DEF CON 17 Yeah You guys made it. I was totally fearing that nobody would show up because of this whole economy thing and Instead I got totally screwed like too many of you guys showed up too quickly and We ran out of everything and as usual we we plan to make a bunch of badges and you know how last year It was kind of screwed up or thinking okay We'll just order them really early like in January or February or something so we design all these badges I come up with all these ideas is it gonna be a mechanical puzzle is it gonna be this multi-part? Badge is it gonna be a mystery challenge? What's it gonna be? Hey Joe? I said just talking about your badge And and after a while we settled on we settled on this kind of smoother more Sleek-looking badge one that won't tear your shirt up And can run the whole weekend without having five pounds of batteries on it or bursting into flame Yeah, and so so we came up with this design and Joe showed it to me working. He did a lot of work on the on the Triggers that trigger to move into different states and I remember you called me in this weird panic. I figured it out I Got it to work and not go super slow and eat all the battery Well, anyway, it goes to China and what you'll see the nitty-gritty details But it's our parts that in Chinese customs for almost two and a half months And yeah, that's a big boo, and so I'm thinking okay There's still enough time. I'll just order all the parts all over again enough parts to make another whole complete set of badges So we order those up And they get stuck in customs So now I have enough parts to make like You can guess what processor we're using next year on the badge Not gonna be a big secret And Then at the last pause so then we were preparing to make these temporary last-minute badges and all of a sudden It clears customs after sitting for like two and a half months It clears customs and then it races to the factory floor and it's anyway Some of you guys have badges the last 22 or 2300 more just arrived at the Riv And they're gonna be starting to get probably handed out during this talk And then I just learned though from Joe the it's totally fucking plagued Another box is missing of another about 550 So we're gonna hunt that down and then once that last box is distributed all the badges are out and it's great I've already heard the craziest shit about this badge. Did you know Joe? That if you shine an ultraviolet or infrared light It causes it to reset Did you know that and then if you touch the corner supposedly they synchronize all Wendertwin style It's like I didn't design that did you design that Yeah, that's synchronizing thing I think it's uh, that's a that's a rumor But the infrared whatever that was ultraviolet. Yeah, that's cool. I Didn't know that So I'm gonna let Joe kick it off. We've got you obviously survived Thursday How many people here think Thursday was kind of an okay idea start a little earlier? Yeah Wait scream scream scream mumble. Well, okay. I had to give Okay, so we're gonna be doing that again next year probably with some changes I Mean we'll probably still start in the afternoon, but actually have it start Properly Also, how many people here are following the Twitter pound a hashtag for Def Con? Isn't that crazy? I find myself walking down the hallway in Def Con looking at what's going on at Def Con There's something seriously wrong here, but it's the only way I can find out where all the parties are Also DC TV dot Def Con org if you haven't discovered that yet You can reach it from outside the network or inside the network. You can upload your videos Yes, somebody looks at them before we make them go live So no goat see makes it through Or maybe some if the people like the goat see really creative artistic goat see And there's also DC 17 dot Def Con org and that's gonna replace our home page And that's this awesome scrolling schedule update quick video feed Twitter update everything all in one page that we've created So DC 17 dot Def Con org is also up and running to get your info this weekend So I got a couple new things there and also we're gonna be uploading each day a couple of videos of the key talks of the day Maybe five or six. We'll try to get up the next day. So the hottest talks like maybe Joe if he's cool Well has to be good. Yeah We'll upload that for the people who didn't make it and then we'll get all the videos and everything online In probably a couple of months. So we have to have some incentive for you guys to buy videos to pay for the video recording But if you can't afford it, you don't want it just wait a couple of months It'll all be available online for free. Also All the content from the CD is uploaded It's gonna be linked in and live today and then any presentation updates will happen throughout the weekend So if you need to download the new stuff, it'll be there in a couple of days. Okay, so enough delay I'm gonna kick it off You're sending the tracking number for the last box. Okay, you do that first That's a that's more important So without any further ado any questions from anybody I'll take one question from that guy What's that I Don't know if I got enough badges for everybody because we don't pre-register here at Def Con How many people signed up yes because there's no sign up for Def Con you just have to show up Oh now that I don't know We made about 6,000 human badges right around there. He's got all the exact numbers What like 50? 5844 and then we have over 500 helper staff press this that the other And so we figured with the way that black hat tracked down and the way the economy was doing and other cons We're doing that we were gonna be down 20% or so and I don't know if that's true now. It doesn't look like it So I don't know where you guys came from but That's a really good thing We also played around with the scheduling of all the tracks to try to make human flow a little easier So we're trying to get sign set up telling you which doors to go out of and which doors to come in to try to prevent the giant clusterfuck of between sessions and Then also we've got the new organizers for CTF this year go check them out I Don't know if they sprung their surprise yet, but there was a little surprise there that we were keeping secret for the last four or five months I don't know if they've sprung that trap yet or not, but I'm not gonna let it out now But go check out the CTF area and then check out the freak the Vax have you seen the Vax lab in there Does anybody seen it? We've got a retro computing lab where these guys carted in a u-haul full Vax 11 I think 1170s We got the three-phase power in there. They got the lava lamps the side burns They got it all going on they've got the whole beanbag everything and just bring your 1170 zero-day and put it on the punch card Because it's ripe for the root and you just got to figure out how to punch those cards So they got that there. It's a really cool retro lounge right next to the team fortress to video game contest So we got some really cool shit this year. Thanks for coming. Here's kingpin All right Has it been a year already? I feel like we were just up here doing this How's everyone doing? Good. Yeah, are you as excited as I am? I Don't I don't know if you are All right. Well, my name is Joe Grand some of you guys might know me some of you guys might not I'm an electrical engineer hardware hacker and new daddy for those of you that were here last year Thank you Yeah, for those of you that were here last year know that my wife was extremely pregnant when I was up here giving the talk and And she called and I'm like, oh my god. She's going in the labor right now But she wasn't but eventually she did And made one of those so that's been He will be here one of these years and he's probably gonna start designing the badges when I get tired of it Or when dark tangent gets tired of me But yeah, so a lot of people have asked me about that So he's here and he's already playing with phones and he likes computers. So he's nine months old by the way All right, so here we go the making the DEF CON 17 badge yet again I'm just gonna run through a bunch of stuff introduction to what the badge does give you a little bit of info But I'm not giving you everything this year and wired magazine isn't either so It's up to you guys to figure out and Hopefully you're gonna find a lot of fun stuff with it I'll go through some hardware design for more stuff manufacturing issues that we ran into I don't know some other things, but first a haiku Two years ago, I think it was two years ago. I wrote a poem And I decided to write another because I missed writing poems So here we go. This is in the this is in the program. It might give you a little idea of what this badge is about But um, yeah, check it out. It's really a haiku. Oh Wait, he wants to live-stream me whatever that means Should I wait Okay, so let's see what else how many of you guys are actually wearing real badges right now Yeah, all right, cool. So you all came yesterday Because there's about 5,000 people in line outside and only I guess 2,500 are getting badges Is that thing on yet? Okay, are we live streaming? What's up to the internet? All right, so here's the haiku. It's a 575 format DEF CON 17 haiku Joe Grand aka kingpin electronic badge audio input affects LED output sound and light combined upload new firmware With serial boot loader Voltage reassigned Puzzle of seven Badge-to-badge interfacing using I2C Hack badge for prizes clever modifications Can you impress me? There we go the end There's some clues in there All right, so um, I'm not showing the front of the badge because The back I think is more exciting There's a few parts on this board. It's a lot Simpler and a lot cleaner than previous badges that goes along with the whole DEF CON theme for this year Stark and simple and elegant and that's so that's what I was trying to go for here So there's really three major parts microprocessor microphone RGB LED and I'll show you some details of those Here's the badge operation. This is all I'm going to say really about what each mode does Except the boot loader which I'm going to talk about later There's a boot loader mode when the badge first powers on so if you want to hack the badge load new firmware You can do that in the first 10 seconds party mode quiet mode sleep mode and maybe other modes I'm going to start off with the timeline and talk about some of the customs issues And I know dark tangent went over some of this, but there's probably a lot of people outside really pissed off Which sucks to be them But I don't know I figure I'll explain it anyway So we started this in December 2008 after recovering from from the melee of DEF CON 16 We started this in December had some initial design some part selection DT and I were on the phone a lot with black beetle with with Neil the DEF CON artist trying to figure out What can we do? What cool stuff can we show off? Are there like new parts we can use or you know, maybe free scale wants to give us something really cool So we just started picking out parts got an initial design going January 2009 we already had prototype hardware set using the development boards and I'll show you pictures of that later and We were way ahead. I mean everything was going smooth. No real technical problems. There was some challenges with with Designing the hardware, but that's all sort of standard. There was nothing that that really kicked us in the ass The goal for February was to go to black hat DC and meet up with dark tangent and and show the prototype PCB design. So What you see now is actually design and completed in February So we're like, yeah, we actually um, I don't think I'm going to show the video because I haven't sanitized it but DT black beetle and I received this package at black hat DC with all of the prototype badges One of each and we'd never seen it before only you know only showing Screenshots of like the PC board design tool so this package arrives and we run into the supply closet in the middle of black hat DC and there's you know people everywhere and like three of us disappear into this little closet and we each shut the door and DT pulls out his camera and he's Taking a video you weren't live streaming that though Taking a video and like we're all opening, you know each have a corner and we're opening the envelope and stuff We pull them out. We're like, oh my god These things are so cool. We got all excited. Someone tries to come in and Jeff's like, no Slams a door shut and it was awesome. And then we all walk out of there with smiles on our faces, which is a little bit weird Sort of you know flushed in the face But so we thought we were pretty pretty much set all I had to do at that point is write the firmware Which could have been a problem because I kind of suck at coding if you look at the source code You'll see that But we were pretty well set so March comes around we order all the components. We get the parts programmed Totally set April I finished the firmware after after meeting again with DT at black hat Amsterdam He found a bunch of bugs in my code. So I had to go back and fix those grudgingly And then May we started shipping everything to China. We're like, there's no way anything could go wrong We have so much time and then of course we're waiting for components To arrive blah blah blah Wait wait wait and then July comes around and the parts come through customs and they were manufactured and they arrived here One day earlier than they did last year Except yeah, I mean my my palms got just as sweaty But they made them So let me just give you an example. This is the the China versus ups who sucks more contest and And Yeah, okay, so this is this is like one portion of the entire Process list or whatever you call it Apparently ups only keeps on their database like the top 20 entries or something like that The beginning of this is June 1st So we're missing almost an entire month of other crap that they're making excuses about and you know waiting for customs Documentation abandoned package actually right when I shipped the package like two days afterwards on the thing It said package exception like returning to deliver to sender or something I'm like what so I should have known right then that there was gonna be big problems So anyway, yeah That was a big fail So I don't really know who to blame, but I'm gonna blame Chinese customs again. Yes, they're doing their job But I just think they don't like Def Con And here's another one that this was the latest delivery so you can see shipped mate 21st delivered July 22nd. What is it now July 31st? So nine days to manufacture 6700 badges and get it back here is pretty impressive. Oh Yeah, and then okay, so I can't just pick on UPS. I'm gonna pick on FedEx, too They get they get a little bit of a frown. I Don't know if you can see that but it says delay beyond our control Has anybody ever seen that excuse before on a on a shipping page? Some one person oh Thumbs down. Yeah, I mean it's like they're Their whole job is to deliver the package. They should be in control of the package the whole time So so this one was funny because we saw that and this was during black hat or like oh my god So like like everything's done and now the package is coming back from China And it's there's some delay beyond our control So I had I had a person call up FedEx and they're like, oh, yeah, no, it's a weather. It's a weather problem You know bad weather in China, so I do a search for bad weather in China and I didn't see anything And the weather has to be really bad for airplanes not to take off. So I'm like, I don't know. That's just weird So I had so that was someone in the US who called FedEx I had the factory in China call FedEx and I get an email and they said oh, well actually the real truth is that um FedEx overpacked their airplane And yours was one of the boxes they left off the plane So sorry, it's not coming until the next day So I don't know that sounds like a delay within their control Correct me if I'm wrong But anyway, this stuff made it here a few days later than we had expected, but they're here Is that on a napkin? No, it's on a piece of paper Which I use a lot to write things down on I Also use a thing called a pen It's sort of like this one, but black All right So we're getting into a little bit of the hardware now This is the final block diagram of what the system looks like the free scale digital signal controller microprocessor I'm going to get into details of the major components on the next slide But there's stuff like the microphone as I mentioned the RGB LED We wanted to go with a CR2032 coin cell like we used for DEF CON 14 and DEF CON 15 We had to use two of them there The battery last year was cool and big and awesome looking But we wanted something a little a little more streamlined. So went back to the coin cell, which I like a lot There's a bunch of other stuff on the badge. That's cool different interfaces JTAG serial bootloader Badge to badge communication and I'll get into all of that so free scale The MC 56F 8006 digital signal controller for those of you guys who have been here for the past few years free scales Been one of the companies that have been just really really helpful and they love the hacker community Which is a shock to see a big company actually enjoy coming here and supporting this community and We actually have one of the co-designers of the chip We're using here at DEF CON in the third row of this center column So So not only is free scale giving us discounts of stuff because they like the hacker community Their engineers are coming and enjoying DEF CON and it turns out He's actually an old old hacker from MIT from 1971 and he's a good lock picker and everything So you never know where you're gonna find find good people Anyway, I was talking to free scale and I said, all right, you know, it's time for DEF CON 17 What can you do and they're like well? We have this new new part that's coming out You know, it's really cool We want to show it off and we'll give it to you for for really really cheap and I said Well, how cheap is really really cheap and they're like well, how much do you want to pay? So I said like one dollar and they said, okay So, you know for them, it's just a cool way to show stuff off and for us It's a cool way to experiment with new technologies I've never worked with a digital signal controller or DSP before so, you know It's a great way to work to work with with new things and experiment with new things using other people's money So we got the part the part actually hadn't even been released when we started designing with it It was just released recently. I think in the past month or so ish So we started working in with it in November 2008 or December 2008 And we had some alpha samples and some some basic in initial runs of the silicon So it was cool and we were we were encountering things that free-skill hadn't seen before And they were sort of helping us and we were working together to you know, put together some code So it was actually really cool The product page is up there now. There's all sorts of information up there There's also information on the DEF CON CD, but it's just a really interesting part And there's a lot of functionality and a lot of power and a lot of resources on the part that I'm not using and that hopefully somebody here will take advantage of that and Of course for the bad tracking contest This is a hard slide to see but what's really cool about this part is typical microprocessors You have a fixed set of what each pin does. Maybe it's an IO line. Maybe it's an A to D. Maybe it's a I don't know PWM output, but with this part and actually the whole 56 F Family a lot of the pins are completely interchangeable. So say, you know pin one might support I to see SPI IO and PWM, but then pin four might also support I to see an SPI So if I want pin one to do something I can point the module to another pin and use the similar module So it's just very cool Which let me actually with the circuit board design keep everything really slick and route everything on the back side of the board Because I could just move modules to work on other pins That was fun. So there's all sorts of stuff on here that we're not using like an SPI or Actually using the yeah, no SPI interface. There's a bunch of extra timers. We're not using a to D's delay blocks Yeah, really cool stuff, but check it out check out all the data sheets All right, so that's the microprocessor. We had that in place. We had the brains We sort of knew what we were gonna do. We wanted to have some some kind of LED Do something with audio So LED was our next thing to figure out and it's not really that easy to just say oh, we're gonna use an LED and just grab an LED We had to find something that looked cool. That was affordable that that actually would work with CR2032 so it didn't draw too much current So there's just a bunch of pictures and like I put together some prototype things to send over to DT so he could evaluate it with his his people and we settled on a king bright part and This one's really cool because it's rear mounting So if you look on your badge and you realize that the LED isn't on the front of the badge like if you look at most products LEDs are just mounted right on the top of the board in this case It's rear mounting. So we don't have to put anything on the front side of the board I'd never seen that before that was sort of cool and I don't know. It's just a it's just a nice RGB LED and of course we got a good price So that was helpful Yeah power consumption was okay So it's actually a really efficient part and the higher the efficiency And the higher brightness typically the more expensive the part. So we had to find something that was relatively bright but Not overly bright because then that would be too expensive and we also didn't want something too bright It'd be really annoying with like everybody in here with really really bright LEDs. So there's some trade-offs that we have to look into Oh, yeah, okay. So the other thing is there's two different types of green I don't have the actual wavelengths, but it's I think it's like 570 and 550 your 540 nanometer something like that There's two different types of green one of them was like the true green that you see on like a traffic light or I don't know like that guy's t-shirt or that guy's t-shirt Sort of a real green and then there's more of a yellowish green like a paler green that is a lot cheaper to manufacture Which one do you guys think we went with? and The cheaper green looks fine, you know, it actually looks great. So That was that yeah, I was like half the price Not that you guys aren't worth, you know spending money on For true green But we figured you wouldn't notice the difference All right, so the next next part we use is a nose acoustic microphone. I Really suck at like analog design and dealing with microphones and stuff. So this one was interesting to me I basically went on to digikey and did a search for microphone And there's all these vendors that came up and there's a lot of like the standard through-hole electorate like Sort of boring cylinder looking top-mounted Microphones and I'm like well, that's not gonna work because those look really ugly We already knew that we were gonna use the rear-mounted LED We already knew that we had the microprocessor on the back and that we were able to get everything else onto the backside So I wanted something that was rear-mounted. I didn't know if it existed so I ended up calling a bunch of vendors and One company called me back right away Which is a surprise because when there's one guy working on a project a lot of times You don't really get calls back that often even if you say you're working on the Defconn badge Sometimes it works though. So anyway, this company called me back and I ended up talking to the to the sales marketing guy About the company and I told him about Defconn. He's like, oh, that sounds really cool And you know, it's like all these people had never heard never never heard of hackers never heard of Defcon And never heard of just our whole community and it was pretty wild You know, they were just like free-scale and they're like wow, you know, what can we do to help? And and they did help but they told he told me a story about how nose acoustic came about And I thought it was kind of a neat one to share as far as like using new technologies and how how humongous this company is These guys were the first one to develop a balanced armature receiver for hearing aids I don't really know what that is But he told me that so I put it in the slides And I haven't had internet access in about a week, so I couldn't like go check it out They also developed the first MEMS microphone in 1988 so MEMS bait MEMS meaning really really small on silicon In 1940 that is that 19 for down even though whatever the moon landing was I Know there's an anniversary recently When was it anyway like 1902? 59 all right 69 blame it on the marketing guy. I told you I haven't been able to check this stuff Jason Scott's yelling at me in the corner. I like your sideburns by the way Noob Yeah, I know I can design electronics, but I don't really know anything else Anyway when he landed on the moon Whenever that was He was wearing a plantronics headset with a nose microphone. So these guys have been around since 1940 That's what was the 40 year anniversary See, I'm not that stupid Okay They've sold almost a billion of these MEMS based microphones. That's a lot of hamburgers. I mean a lot of microphones They're using laptops cell phones headsets the in-ear things and Yeah, they're used all over the place So for a company that sells like 300 million of these microphones a year to want to even deal with somebody like me to give us or to sell us 6700 is a real surprise. So I was very very honored that they at least wanted to do that So it's a rear mounting microphone, which is very cool. It's amplified. So I don't have to deal with a lot of the initial Amplification externally which means the signal is going to be better because I'm not going to have to bring a really low-level analog signal out of the microphone process that externally and then bring it into the Into the microprocessor, which actually the microprocessor does have some internal Gain amplifiers programmable gain amplifiers, but I didn't want to take the risk of committing to the hardware design and then Realizing later that there was going to be some design problem with the firmware So having the internal amplification is really cool and that also means that you can take that signal Routed out to whatever else you're working on and not have to deal with with any of that either So it's really tiny This that's also the only part on the board that can't be hand soldered if you look at it There's no pins around it at all. It's sort of this BGA ball grid array type of device. So it has to be has to be mounted By reflow, so it's a little harder to hack Here's the initial development hardware. I had a free-scale demo board and some custom circuitry just to verify my hardware design and Make sure everything was good. There's the schematic all the stuff is on the CD bill of materials not a lot of parts So the bad shape con concepts one of the things we really want to do as I mentioned as DT mentioned is make this thing look cool have this puzzle piece sort of thing where the badges all connect together So we went through a few different concepts The picture behind that blue thing is what they all look like when they go together Do you guys want to see a picture of them all together? Yeah, too bad That's for you guys to figure out. It's in the program. Oh Man, that's lame What page page to Here's a close-up with the assembly assembly drawing of the of the of the main circuitry There's a bunch of test points around there. I'll get into what those are, but they're actually test points their pads They're small you have to solder to them boohoo. That's gonna make batch hacking harder But given that this is the fourth year of the batch hacking contest. You should be able to solder by now Some power measurements for the different modes Not very exciting here's some estimates that I made based on the power consumption DT has meant had mentioned that this this badge will last all weekend. It won't Well, it might Yeah, so let me let me let me explain something These estimates are based on like typical def con attendee use Right, so you're up for a long time and maybe you sleep a little bit I actually put in here 12 hours of sleep Per night because when the badge detects that there's no sound it goes to bed That's why sometimes you look at your badge and it's off. It's not broken. It's sleeping But just yell at it and it'll wake up again So we did some estimates saying okay, even 12 hours of sleep with the LEDs and all these different modes around two two and a half days But That's all right. We'll see what happens when the battery starts dying It might be interesting so Development environment. Oh, yeah, okay, so that's all the hardware stuff We're gonna just quickly move into the to the firmware stuff for the dev environment If you're interested in hacking your badge the we're using another version of free seal code warrior That is again free on their website on the CD up to 16k of flash This device has 16k of flash If I remember correctly, so everything's free And yeah, the tools are on the CD this time as opposed to last time where they were left off The the development environment is sort of standard you program and see There's a bunch of source code examples available on the free-skill site And then there's obviously the source code of the badge you can look at But one cool thing is the processor expert, which is sort of a GUI to help you configure all the peripherals on the badge because there's a lot of them And you need to select which pins they want to go to and all of these different functions You could do it all in source code if you want to all on your own changing register values But I tried that and you might as well just use this trust me. It's there for a reason It's a very very powerful part And it also Generates all of the code required to use that module so say with the serial port if you're messing with that you set the bar rate you set your your parody and everything your your pins and Then there's another tab that actually sets which functions is going to generate like send character get character All the things that you would normally have to do on your own. So that's a very useful For the For the signal processing of this badge if you notice while I'm talking you look down the badges is pulsing sort of along with my voice that was intentional and That is using a fast Fourier transform so without getting into the math of it, which I don't understand Basically, this the function is taking in input signals from the microphone and then breaking it out into discrete bins or frequency elements In our case, I think it's like there's there's three different bin or sorry Seven different bins based on input frequency and then I look at the power of those and figure out how to set the RGB LED color and brightness Here's is that video actually running. Yeah, so here's a tone sweep that I ran Showing the FFT on in the oscilloscope and you can barely see it But there's one high peak of power that's moving across and that's the main frequency and you can't hear the tone at all But trust me it's going up. Oh, it's over. Yeah, I know I'm a noob Hey, that's the same slide. Here we go. I don't know if you can hear that or even see the little purple line, but It's kind of neat. What's that? The sound is making the badges cycle. Oh, okay. That's good. So I don't have to show a video of that Yeah, so, you know, try to try to run a tone sweep on your badge and watch the LED change color and brightness It's sort of cool batch to batch communication. Yes, this thing's a puzzle. Yes They they connect together, but it's not only visual it uses I2C and all of the badges can communicate with whatever else is connected onto that bus Using SEL SDA and ground which are conveniently all located right next to each other The human badge is always the master and all the other badges are slaves So when you connect them together The master is going to start sending data and the slaves are going to respond to that data and set their LEDs accordingly The master only checks for slaves on power up So what you want to do is install batteries into all the slaves first and they'll just go into their regular mode Plug in the master and it's going to control them all. What's that? One badge to do them all. Yeah, that was his joke. I don't even get it Yeah, yeah that movie came out in 1940 All right, so each of the badges is individually addressable You can have all seven badges connected at once Or you can have all seven human badges connected at once if you change the address of all of the other human badges Because each badge type is set with with three different resistor values on on three of the lines. So Check out the schematic to see which one means what and then the the data format that we're sending through I2C is just an address So you send the address of the badge you want to communicate with and then you send your RGB values to the badge and It will respond actually here's a Here's a view of the data that's being sent as Soon as it detects that there's other badges. So it's sending lots of data in this case. I'm sending data up to pulse through different colors But it's kind of neat And then if you want to load on your own firmware, it's a little harder this year than previous years There's no connector right there for you boo That was intentional It's a serial static bootloader previous years We had to have like custom drivers and we had to use some custom hardware this year All you need is a serial port and a terminal program. I Put hyper terminal because it it seemed to work really well You can use whatever you want so what you do with your with the code you modify the user code You recompile it you have to make some changes to the code once it's compiled to make sure that your Reset vector when the when the badge starts up Points to the bootloader and not to your user code because if it points to user code You're never going to get back to the bootloader to reload new stuff. There's a comment in cpu.c So if you're interested in that look through and there's a step-by-step on how to do it It's it's actually really easy But you have to work a little harder to load firmware onto this badge The bar has been raised a little bit You do need a level shifter because the badge is outputting a zero to three volt TTL Level serial and you need to interface that so hardware hacking village kit has has some of those available I posted on the DEF CON forums a few weeks ago About that so I know some of you guys brought them But there's a few floating around and here the settings is a 19.2k Setting pretty straightforward So here's a small little video just so I don't have to actually explain how it works All you have to do is you get your hex file that was compiled from Code Warrior and then Upload that text file through the terminal program. Let's see if I can start this video I'm new at this Cool So when you compile the code it creates this text file, so all you have to do is Go and send text file. So now I'm going to send the The firmware to the badge So this would be something if the if the person wants to modify the badge and add Their own firmware and stuff. They don't need any special hardware at all, which is really cool So I'm going to pick the file and Now it's loading it load load load load We're going to take a little while But as I mentioned if the person doesn't load The file within 10 seconds and the badge goes into the regular mode So this bootloader mode only happens on power-up. So most people won't see that All right, there we go download complete starting user application Then we jump to the actual DEF CON badge functionality, which is there welcome to DEF CON 17 badge All right, that that whoa that video was was for dark tangent by the way, but um, so it's kind of cool In case you totally brick your badge There is a JTAG port on board and the pinouts are there, but there's no JTAG connector on board boo That was also intentional Yeah, well they they they cost money and it also looks really ugly So I built a little board To help in the process if you do brick your badge is going to be up in the hardware hacking village And it's just a pogo pin thing that plugs on in place. What's that X mean? Okay, I'm done. Here's some pictures of The badge assembly this this presentation is going to be online Pictures of the badge assembly in China as they're being manufactured. They're sort of cool with the pick-and-place machine There's a bunch of uber badges the black badges Cool And here we go badge types are sixty seven hundred almost um Time-wise it took 186 hours mostly firmware this time as opposed to hardware and then a bunch of other stuff and How long did it take to build the slide about a minute? I'm a pro at keynote Okay, and then the badge hacking contest. This is it Give me submissions by Sunday 2 p.m. In the hardware hacking village check out the links on the side for previous Contests and and what you should sort of set your status and set your submissions to be um, oh No, it's right there. It's on the left and it's a black badge contest now. So so Come prepared and I just need to thank again free scale e-tech net DT black beetle Neil Keely and Ben for dealing with me again and That's it. So thanks for coming enjoy the badge and we'll see you at the award ceremony