skip to main content

DEF CON Hacking Conference

The Badge

This page is dedicated to the awesomeness that is the DEF CON Badge! If you have other great hacks or interesting uses for the DEF CON badge, send them over to Neil {at} defcon ]dot[ org


DEF CON 23 Badge



From LosTboY in the DEF CON 23 Program:

The general attendance badge this year is a 7” vinyl record. They are fully mastered and playable, not simply cosmetic. There, you came to DEF CON, and now you have a record. You can quote me on that. ;)

As is par for the course, I had to do something special for the über badges this year. My personal studies this year have brought me to feel a close kinship with Richard Feynman- who was a great hacker. This year’s über was inspired by him.

The base of the über badges this year are Lichtenberg sculptures- essentially lightning “fossils” preserved in time. Originally discovered by Georg Christoph Lichtenberg (1742-1799), the physical principles involved in forming Lichtenberg figures evolved into what is now modern-day plasma physics. The über bases are polymethyl methacrylae(PMMA) that have been put through a Dynamitron, a 5 million volt, 150 kW particle accelerator. This irradiates the PMMA with electrons traveling at somewhere between 98.5% and 99.6% of the speed of light. Charging to just below the point of dielectric breakdown, after which an insulated metal spike is used to force focus a discharge. The result is an avalanche breakdown that takes place within approximately 120 nanoseconds. (It is believed that dielectric avalanche breakdown inside a charge- injected solid is the most energetic chemical reaction known, including high explosives.) The resulting patterns left in the PMMA are fossil patterns left by these miniature lightning bolts. These patterns are self-similar, or fractals. I got some great stories from the retired physicists I interviewed about these processes, some of which I’ll be sharing in the opening ceremonies presentation, including how the U.S. Air Force holds a patient on the process for fabricating these sculptures...

Speaking of the Air Force, (because chemical reactions that have more kick than high explosives just weren’t enough) I decided to also go nuclear- as each of the points on the über badge houses a different form radioactive material. The first corner holds a glass, Uranium doped marble. These were made by adding Uranium to glass while it was still in a molten state. Each marble contains 3% Uranium 238 (by weight). Just for fun, I put coarse granular Europium phosphorescent powder underneath each piece of glass, which can be seen from the underside of the badge. This powder should glow for approximately 30 hours after 10 minutes of exposure to light.

The second corner holds a small vial of tritium, housed inside a small crystal skull. Tritium is a weak beta emitter, and these vials will glow (without exposure to light) for approximately 20 years. Tritium is commonly found in exit signs and on watch faces or gun sights. Tritium vials are not approved for sale in the United States (ownership is ok- and you CAN buy them in the UK), so be sure to stop by opening ceremonies if you want to hear more about the sourcing story here... And just for fun under the tritium skulls are Uranium ore samples (consisting of Carnotite, Uraninite, Gummite, Pitchblende, and Uranophane).

The third corner holds a Trinitite sample, underneath a second crystal skull. These samples are collected from the Trinity test site in New Mexico, where on July 16, 1945, the first atomic bomb was detonated. The blast was the equivalent of 18,000 tons of TNT, producing a half- mile diameter fireball. Temperatures at the site exceeded 10 million degrees Fahrenheit (hotter than the Sun). Feynman, Fermi, and Oppenheimer were among those present that day. Feynman is believe to be the only person to witness the explosion without protective goggles. The samples on these badges have been tested and are from approximately 76 meters from ground zero of the Trinity explosion. All of the sources of radiation are safe to handle and to be in contact with. The Trinitite has measured gamma activity of 1183.29 CPM ± 5.43 CPM (thanks to Hunter Scott for independent testing). This is two orders of magnitude less than normal background dose radiation, for perspective, if you kept the Uber badge 1 cm away from you for a year. (Radiation exposure from eating a banana is about 0.1μSv, if you care to calculate the equivalent banana dose...)

Finally, for those unaware, the contest surrounding the badges every year is fierce, and one of the most difficult to complete at DEF CON. It is structured to be solved in groups, so I encourage you to introduce yourself to someone new, and try your hand at the contest.

Ryan “1o57” Clarke
@1o57

Badge Challenge Walkthrough by Team Potatosec: http://potatohatsecurity.tumblr.com/post/126411303994/defcon-23-badge-challenge

DEF CON 23 badge contest walkthrough by Elegin: http://elegin.com/dc23/

Hackaday.io project on the DEFCON badge hacking: https://hackaday.io/project/7087-defcon-23-badge-hacking


DEF CON 22 Badge



From LosTboY in the DEF CON 22 Program:

With all of the issues surrounding the badges each year, one might come to believe that there might be a curse. I remember Joe talking about working on the badges on his honeymoon, and not being one to break with tradition I too had the dubious honor of working on the badges on my honeymoon.

eChan and I met through her participation in the MysteryBox challenge (she is a gifted cryptographer and code breaker) so she was very forgiving of the work I had to do on the badges in the midst of the temporal demands a wedding creates. Even so, knowing how busy life would be I called in a huge favor from my longtime friend Jonny Mac, without whose help I would not have made it in time for DEF CON 22. The folks at Parallax (KenG) were also amazing, and I’m happy to tell you that the badges were made in the U.S.A.

The “They Live” theme of this year drove the design and direction we decided to go with the badge. Every effort was made to encourage experimentation and use of the badge long after the conference ends. The circular pads with center-connecting trace are ‘modpads’, that allow parts to be disconnected from the circuit by cutting the middle with a razor blade, or added back by simply soldering the two pad halves back together. We also went with standard spacing on the breakouts for the I/O to make it easier to create shields, add-ons, and for general use. You can load experimental code to RAM, leaving the EEPROM untouched – so please have a go at changing around the code. Having a multi-core processor on your controller means no fussing with interrupts.

As usual, I can’t give away too much – as the badge challenge is an Uber -badge contest – but I do have some cool news — Parallax is announcing that they are open-sourcing the Propeller at DEF CON this year.

We will be awarding prizes for cool and interesting badge hacks, so have fun modding…if you’ve got something especially neat be sure to stop by the 1o57 room.

-R.D. “1o57” Clarke

DEF CON 22 badge contest walkthrough by Elegin: http://elegin.com/dc22/

DEF CON 22 Badge hacking discussion in DEF CON SubReddit: https://www.reddit.com/r/Defcon/comments/2cwgnr/badge_hacking/

DEFCON 22: Badge: Code, Schematics and Info by Ken Gracey (Parallax badge resource page): http://hackvault.blogspot.com/2014/08/dc22-badge-source.html

__red__'s Defcon 22 "Hack the Badge" write-up (Parallax Forum): http://forums.parallax.com/discussion/156862/red-s-defcon-22-hack-the-badge-write-up


DEF CON 21 Badge



From LosTboY in the DEF CON 21 Program:

A hacker in the Vegas desert…sounds crazy, no? But here at our little conference you might say every one of us is a hacker. Trying to scratch out a leet, simple 0day without breaking too much crypto. It isn’t easy. You may ask, why do we stay up all night coding if it’s so difficult? Well, we stay up because we’re hackers. And how do we keep our focus? That I can tell you in one word…predisposition!

Because of our predispositions, we’ve kept our focus for many, many years. Here at Defcon, we have predispositions for everything. How to sleep. How to eat. How to work. How to wear clothes. For instance we always keep badges around our necks and always wear black t-shirts. This shows our constant devotion to gaining knowledge. You may ask, how did this predisposition get started? I’ll tell you. I don’t know.

But it’s a predisposition, and because of our predispositions, every one of us knows who he is…

Ok enough personal fun- this year I went for a non-electronic-electronic badge. Fabricated printed circuit boards that are stand-alone art/crypto puzzle. I’m going for a tick-tock, every other year electronic badge cycle. Most of the feedback from last year requested another non-electronic badge and badge challenge. (Believe it or not we had much more participation in the badge contest the titanium year than last year’s badge.)

It was quite a challenge getting PCB layout software to function as graphic design software, and the fab house didn’t quite know what to make of the gerbers I was sending to them. I love using systems for things other than their intended design like that. The mechanical watch movements in the Uber badges this year are homage to my grandfather, who was a watchmaker. I hope we can all approach our craft of security with as much precision, skill and honor as grandpa had.

Also, with DT’s permission, I’ve decided to break with a few Defcon traditions this year. If you’d like to know what those deviations are, come to the opening presentation- but here’s a hint: forewarned is fore armed.

Just to get you started:
www.defcon.org/1o57/dc21/ ?
(Was the hint above shaky enough? Have fun, and talk to some people. Break your predispositions!)

—Ryan “LostboY/1o57” Clarke

DEF CON 21 badge contest walkthrough by Elegin: http://elegin.com/dc21/

DEF CON 21 badge contest walkthrough on hackerspa.com: Part 1, Part 2, Part 3, Part 4


DEF CON 20 Badge



From LosTboY in the DEF CON 20 Program:

My goal last year with the badges was to foster communication amongst attendees. There was phenomenal participation in the 'mysteries' tied to the badges and the conference, and I hope that everyone had fun. Helping build the hacker global community is a great side benefit that I always hope I can be a part of.

This year I decided to try and combine the awesomeness of the legacy of electronic badges Joe had set, with the well-received badge challenge from last year, but with a twist - rather than handing you a purposefully designed circuit for hacking, I've tried to give you a development platform. A platform that hopefully you'll take home and use.

I went with the Propeller ucontroller for a number of reasons. It's no secret that I used to work for Parallax, and as such have experience with their chips. All of the software for programming the Propeller is free, and there's quite a variety; C, ASM, SPIN- and if you're feeling nostalgic a Z80 emulator and a C64 emulator in the works as well. The chip itself has 8 32-bit processors, so the pains involving interrupts and timeslicing are non-issues.

Fabrication of the badge was all done in the US this year as well, to avoid all the import issues DEF CON has encountered in the past. The VGA and PS/2 connectors were left off of the build intentionally, so that the badge is lighter while you wear it at con- but everyone got them as encouragement- either to visit the Hardware Hacking Village and attach them here, or to solder on at home. Now you have an excuse to finally learn to solder if you haven't before. Drop by the HHV, they'll teach you. You can power the badge via the USB connection or batteries, either one.

The USB connector can be used with a serial terminal (some output may already be there on boot, hint hint), and I've broken out I/O pins (on the top) for your hacking pleasure.

The badge challenge this year is actually two challenges in one- the 'crypto-mystery' game, AND hardware hacking/development/modification. Teams completing the game will require a 'modification' as part of their 'conclusion', and those wishing to submit a hardware mod need to do so with a team with the appropriate 'codeword' discovered in the game. Now you have to talk to each other ;)

Hints for the game will be forthcoming from my twitter account (#1o57), but here's your first one:
www.defcon.org/1057/??????????

Happy 20th DEF CON. Thanks DT.

LosT's Site with links to the firmware: http://lostboy.net/defcon-20-badge

Short Video on the manufacture of the DEF CON 20 badge: http://www.youtube.com/watch?v=Fhf_YTGrl58

How to guides for getting started with the DEF CON 20 badge, by Parallax, the manufacturers: http://forums.parallax.com/showthread.php/141494-Article-Parallax-Propeller-on-DEF-CON-20-Badge-Start-Here!

"How did you hack your DEF CON Badge" thread on the Parallax forum: http://forums.parallax.com/showthread.php/141567-How-did-you-hack-your-DEF-CON-20-Badge

1o57 Wiki, a wiki dedicated to the DEF CON 20 Badge and Contest by xtat: http://1o57.wikispaces.com/DC20+Badge+Contest

POV Hack by yakhack: http://yakhack.wordpress.com/category/hacking/defcon-20/

TV Remote/Lockout hacks and write-up on The Dust Bath Blog: http://thedustbath.blogspot.com/2012/08/the-defcon-20-badge.html


DEF CON 19 Badge



From LosTboY in the DEF CON 19 Program:

So you’ve arrived at Defcon. You stood anxiously in line for reg, wondering what the badge will be like this year. Finally it’s your turn. Your heart races as you hand over your money and are handed your badge. But something is amiss! Where’s the gameboy on a string you waited all year to receive?

That’s right, Defcon’s not doing electronic badges this year.

Electronic badges are so common place at security conferences now it has become passé. So DT asked me to try something different. Percentage wise relatively few people participated in the hack the badge competitions when they were purely hardware based. This year I hope to change that. As a hardware person myself I would have enjoyed creating an electronic badge, but if we did electronic again my good friend Joe may as well have continued with his awesome designs. Moving to a puzzle based reality game will open the playing field to a larger percentage of attendees. As is typical in my contests, each stage has multiple levels of difficulty, from the pretty easy to the “how the hell did they figure that out”. Above all I hope the game is enjoyable, and fosters meeting and talking with others.

Made from 0.040" thick Commercially Pure titanium, each Badge weighs approximately .05 ounces. Sheets of material (produced by the Kroll process) were stacked four thick, and fabricated via waterjet (think squirt gun from hell, cutting via erosion). Ti has a linear coefficient of thermal expansion approximately 50% that of stainless steel, making it ideal for use in aerospace and missile applications. The cut pieces were then deburred via tumbling and antiqued/oxidized by raising their temperature to 1000 degrees in an industrial kiln. The antiquing effect was intended to make the metal look old and worn in support of badge game ambience. All production was done in the United States.

The number of badge designs is not being released as but suffice it to say it is much larger than the standard seven, namely (G)oon, (P)ress, (V)endor, (C)ontest, (S)peaker, (H)uman, and (U)ber. See how many variants you can find.

I’ve hired a professional actor for the reality game to perform throughout the conference, and added little puzzles here and there for everyone’s amusement. Easter eggs accompany all of the mini-puzzles, and overall score will be adjusted in proportion to easter egg difficulty.

Have fun everyone!
Ryan “1o57” Clarke


DEF CON 18 Badge



From Joe Grand in the DEF CON 18 Program:

A lot has happened since DEFCON’s first electronic badge five years ago.

The badges have blinked patterns of LEDs, allowed you to create your own custom scrolling text messages, turned off your television, transferred files from a SecureDigital card over infrared, and pulsed to music using Fast Fourier transforms. People have hacked their badge to become a flame thrower, an audio VU meter, a password generator, an amusement park game, an anti-surveillance system, a blue box, and a polygraph, just to name a few. One group even turned my Ode to the DEFCON 15 Badge poem into a rap song.

We’ve used technologies like capacitive touch sensors, jumbo LEDs, RGB LEDs, MEMs-based microphones, and microcontrollers ranging in size from tiny 6-pin devices to powerful 64-pin behemoths. We’ve used small coin cell batteries and large camera batteries. We’ve supported accelerometer and 802.15.4/ZigBee wireless features along with a bunch of hidden and secret modes that most people never took advantage of.

Badge development has happened on airplanes, in shuttle buses, on my honeymoon, in hotel rooms, and while on safari. Badges have arrived with plenty of time before DEFCON and twice they’ve arrived the first day of DEFCON, much to the chagrin of thousands of people who had to stand in line to exchange their temporary paper badge for the real deal. And, we’ve run out of badges every time (contrary to popular belief, estimating the number of people who will be coming to DEFCON is not a trivial matter).

The DEFCON 18 Badge is a culmination of prior years’ experiences, both good and bad.

The pièce de résistance is a 128-by-32 reflective cholesteric LCD by Kent Displays. This module was originally designed for use in Verbatim InSight USB Portable Hard Drives and has since been made available to other customers. A key feature of the display is that it requires no power to retain the image on the screen, making it ideal for battery-life challenged applications like the badge.

A Freescale MC56F8006 Digital Signal Controller (http://tinyurl.com/mc56f8006-info/) serves yet again as the heart of the unit. For those keeping score, these are the pieces we tried to get through Chinese Customs last year for DEFCON 17 after our original quantity was detained. These were also held, but eventually released to me two months after the conference. Firmware development is done with CodeWarrior for 56800/E Digital Signal Controllers Special Edition (http://tinyurl.com/mc56f8006-dev/) and on the DEFCON CD).

In our quest to create a never-been-done-before artistic element, we laser engraved the DEFCON 18 artwork onto aluminum substrate printed circuit boards, a feat questioned even by e-Teknet, our trusted fabrication and assembly facility. We avoided Customs delays by shipping through Macau, a special administrative region with different rules and regulations than mainland China. We reached out to the DEFCON community to invite people and groups to hide functionality or chunks of data within the badge. We’ve listened to your comments and provided a USB connection for simple firmware reprogramming via static bootloader, a JTAG footprint for those who accidentially brick their badge during hacking, and a command-based API for controlling the LCD to make it easier for non-hardware people to get involved in badge experimentation.

My Making the DEFCON 18 Badge presentation covers the entire design and development process of the badge, along with details of badge functionality. All engineering documentation, including schematics and source code, is available on the DEFCON CD and my web site (http://www.grandideastudio.com/ portfolio/defcon-18-badge/)

Whether this is your first time at DEFCON or you’re a seasoned regular, I strongly encourage you to poke around and see what your badge can do. Modify it, break it, learn something new with it. Participate in the Badge Hacking Contest where the most ingenious, obscure, mischievous, or technologically astounding hacks will win prizes and fame. Use it to teach your friends or your kids about electronics. Design a new product with it. Sell it to someone else. Just don’t let it go to waste.

A lot has happened since DEFCON’s first electronic badge five years ago. Within the hacker community, conferences and parties using electronic badges have become the norm. What used to be a unique exception is now the rule. As one who doesn’t like to follow trends, I don’t know what next year will bring. Just expect the unexpected.


DEF CON 17 Badge



From Joe Grand in the DEF CON 17 Program:

Audio input
Affects LED output
Sound and light combined

Upload new firmware
With serial bootloader
Voltage reassigned

Puzzle of seven
Badge-to-badge interfacing
Using I2C

Hack badge for prizes
Clever modifications
Can you impress me?


DEF CON 16 Badge



From Joe Grand in the DEF CON 16 Program:

Insert battery.
Badge starts up in Receive Mode.
Press button to change modes.
Next mode is Transmit Mode.
If no SD card inserted, enters TV-B-Gone Mode.
Turn off all TVs in range.
Hack IR LED for wider propagation and higher brightness.
Next mode is Sleep Mode.
Zzzzzzz.
Wake up with button press.
Insert SD cards into two badges.
SD card must be formatted as FAT16.
Desired file to transmit must have read-only bit set and in / directory.
Maximum file transfer size intentionally limited to 128KB.
Hold one badge up to another badge.
Enter Transmit Mode on one badge.
Transfer data via IR at a speedy 776 bits per second.
When progress bar finishes filling or emptying, transfer done.
The further away you are, the less likely it will work.
Transfer will abort if bad CRC, no data received, or button pressed.
Trade warez with other hackers.
Enter Badge Hacking Contest.
Look at source code, schematics, and other badge inf0z on DEFCON CD.
Modify firmware.
Modify hardware.
Modify badge.
Impress Kingpin to win prizes.
Spend time in the Hardware Hacking Village.
Own hotel TVs or control your BSODomizer with infrared.
Battery will last way longer than DEFCON does.
LEDs make nice patterns.
Goto www.kingpinempire.com.


DEF CON 15 Badge



From Joe Grand in the DEF CON 15 Program:

170 Hours of total time spent
2 Nights of my honeymoon (oh, how I lament!)
3 Circuit board revisions to get it all right
863,600 Total components bring them to light
6,800 Hackers wearing the badge in all its glory
If you want to learn more, please read this fine story

A matrix of 95 leds (5 columns by 19 row)
Two coin cell batteries make the current flow
Six text cutouts and soldermask colors to show
If you’re a human, speaker, goon, vendor, press, or uber bro

On power up the badge will not make a peep
But fear not, that’s by design, it is only asleep
Touch the top icon (it’s a button, really)
And get a scrolling text message intended for thee

Touch the top icon yet again (just trust me)
And you’ll move to the next mode for custom text message entry
Hit the bottom icon to begin your noble quest
Then use either icon to cycle through the list
Tap both icons to save a character to your queue
16 Letters long is the maximum we can do
When you’re all done, seek out the solid block
Tap both icons again and on the screen your message will walk

The next mode sets the speed of your inscription
You can change it like a baud rate or a doctor’s drug prescription
Select the scroll velocity between the numbers 1 and 5
Which goes from slow and boring to a thrilling autobahn drive
(Remember to tap both icons for the badge to come alive)

Next we arrive at our last badge state (finally)
A special treat known as persistence-of-vision or pov
Wave the badge in front of your eyes in one direction
And a secret message appears magically like the morning’s first erection
If all you see is a jumbled mess of bright lights
Try hiding in the darkness, squinting your eyes, or changing those hard-coded bytes
(When your badge is not in use, set the mode back to snooze)

The source code is open and the schematics are free (as in beer)
So now you can be a hardware hacking engineer
Unpopulated footprints for a wireless transceiver and accelerometer
If you don’t like how the badge acts, then hack it and make it better
(You might even win some development tools, a t-shirt, or a scarlet letter)

For the blood, sweat, and tears behind the scenes of the defcon badge
Come to my talk on friday morning, it’s sort of like the hajj (ok, not really)
Business in front, party in back (yeah, that’s a mullet)
I’m joe grand aka kingpin from the l0pht, a hacker not a poet

This year’s badge is based around a freescale mc9s08qg8 microcontroller and contains a matrix of 95 surface-mount leds (5 columns by 19 rows) to allow user-customizable scrolling text messages. It requires two cr2032 3v lithium coin-cell batteries. Optional circuitry (fully designed, but unpopulated on the final badge circuit board) supports a freescale mma7260qt triple-axis accelerometer for motion-control applications and mc13191fc 2.4ghz rf transceiver for 802.15.4 Or zigbee applications. It’s completely hackable. Wear it, use it, modify it, break it, learn from it.

Complete source code and schematics are on the defcon cd and also available at: http://www.Grandideastudio.Com

The software development environment, codewarrior development studio for hc(s)08 microcontrollers, is available for free (up to 16kb) from: http://www.Freescale.Com/codewarrior

Hardware debugging can be done with the spyder08 module (http://www.Freescale.Com/webapp/sps/site/prod_summary. Jsp?Code=usbspyder08) or p&e micro hcs08 multilink usb-ml-12 (http://www.Pemicro.Com/products/product_viewdetails.Cfm?Product_ id=33)

The top three most obscure, obscene, mischievous, or interestingly hacked badges will be recognized and awarded at the defcon award ceremonies on sunday. Yes, it’s purely subjective and I’m the judge. If you want your hack considered for the contest, show me your submission by 2pm on sunday. We’ll have a table set up in the vendor area with a soldering iron, tools, and extra components for your hardware hacking pleasure, a development station set up for your firmware hacking pleasure, some folks from freescale and e-teknet for your engineering support and social interaction pleasure, and some t-shirts for your styling pleasure.

See you there.
Kingpin


DEF CON 14 Badge




DEF CON 13 Badge




DEF CON 12 Badge




DEF CON 11 Badge




DEF CON 10 Badge




DEF CON 9 Badge




DEF CON 8 Badge




DEF CON 7 Badge




DEF CON 6 Badge




DEF CON 5 Badge




DEF CON 4 Badge




DEF CON 3 Badge




DEF CON 2 Badge




DEF CON 1 Badge