Hey there neck beards! AND!XOR here to tell you about the indie badge we are making for DEFCON 25.
So who or what is AND!XOR? We make stuff. We drink beer. In no
particular order. This includes Zapp, Lacostaef, Andrewnriley, Bitstr3m, and Hyr0n. Were a hacker group that focuses on hardware, firmware,
software, and overall security research. Most of all, we love blinky conference
badges...and booze...but mostly making badges while enjoying booze.
If you don't know
what we mean by conference badges....Most security conferences
come with some kind of electronic printed circuit board badge that you wear
with a lanyard. Way better than the stupid "Hello My Name Is" sticker. It usually has blinking LEDs, games, crypto puzzles, something
that our hacker crowd loves. And the epicenter of these events is at Las Vegas
every year: DEFCON.
DC has their own official badge crafted by LosT (a super human
crypto PCB god among 400lb basement hackers), and every year, #badgelife hacker groups like
us have an unofficial match to show off their hardware hacking skills and
roll their own badges.
We did this last year at DC24. Started a hackaday page (this is last years, dont confuse with this year).
Got some followers. Made about 175 of these Bender badges to sell off and drink booze with all
of you...lots of booze. And then we had hundreds of people show up and we sold
out of them in like, 10 minutes. We were overwhelmed by your response and
couldn't feel more humble about the experience. You guys really have no idea.
So for this years con, we got some feedback from the interweb tr0ll5 and we here's what we are planning, for the badge known as Bender:
Bender has better, hackable comms: were running a Rigado BMD300
SoC, based on the Nordic Nrf52 architecture. It supports Bluetooth Low Energy (BLE), giving you the
power to interact with other badges and roll your own analyzer. Make a stop at
the IoT village and give Mike Ossman a
beer while you are there.
Bender has more LEDs, more bling, and a color screen: we're
running a beautiful color screen at twice the pixel density delivering over 100
color animations to the badge. In addition to adding more color LEDs, last
year’s RGB neopixels have made a resilient return. This delivers better
performance and color, allowing you to look stylish as you stand in line.
Bender has more games:
to fit the retro hacker theme of DC25, we decided to custom roll a CHIP8(COSMAC-VIP) and SuperCHIP (HP48SX) emulator with 2^6 public domain roms included (thats 64 incase you
were drunk in math class).
There will also be a
major badge to badge multiplayer game planned as well, but the details of that
we’re keeping under wraps until the con gets closer.
But more importantly,
the best feature, more Benders: Since we sold out of these last year so fast and we want to make sure more people get a chance to have one and put these badges in your hands ahead of time...err
around your neck..whatever. Gotta free your hands up for beer and hacking. DC25
is expected to have 30,000 in attendance this year so less than 1% of folks
will get these. Our goal is to try and make an awesome hackable conference
badge, filled with games and bling, many easter eggs, and extra features (which
we are keeping close to the vest for now)
So where are we now?
We have a silkscreen and PCB design which we feel is very Vegas with its Hunter
S Thompson theme, very Bender, and very DEFCON.
The prototypes are in and
working great. And we'll be finalizing our software baseline over the next few
months. But we need your help. Producing these is an economy of scale. We have
to make so many of them to get the cost down, but we can’t afford to do this by
ourselves. By helping us reach our goal, you can make this badge a reality and
guarantee you get one if you back us with AND!XOR 3@rly 8!rd 8@dge or f1l7hy 400lb h4ck3r ph1l4n7htr0p157. Whether it’s in between conference talks, hacking in the
villages, beard competition, freak show, or just boozing wherever, we’ll want
to hang out and know what you think.
Help us get these to
DC25 before it gets cancelled and make it special. Thank you.
BADGE HARDWARE SPECS
- Rigado BMD-300 SoC
- Nordic NRF52, ARM Cortex M4F
- Blast Processing
- 512kb flash, 64kb ram
- BLE 4.2, ANT, NFC
- Integrated Antenna
- 128x128 1.44” color LCD
- 19 FPS video over 8 Mhz SPI bus (and maybe m0ar?)
- 15X WS2812B LEDs AKA “Neopixel”
- Tilt and Ambient light sensors
- 30% better power management (so far 30mA draw during Bling mode)
- SECRET - COMPONENT (WILL REVEAL LATER)
Note: Prototype displayed has test points and soldered headers. The final version will not have test points or JTAG headers, but the footprint will exist. Also the actual components are subject to change by final production, equivalent functionality, but we may find improvements which require a swap (e.g. in the video we show APA102C Dotstar LEDs, and we decided to go with the NeoPixels instead).
Help us get to $7000 and all backers receiving a badge reward (AND!XOR 3@rly 8!rd 8@dge or f1l7hy 400lb h4ck3r ph1l4n7htr0p157) will also get a ceramic poker chip! A great way to remember our special badge for DC25...before its cancelled.
Misc Details & Errata
(Q) July is pretty close to DC when will these ship?
(A) We are planning the week of 3 July, with USPS flat rate 2 day shipping. It should be in your hands 2 weeks prior, which for those who attend Blackhat as well, means you will have it in time for both!
(Q) Will you still sell these in Vegas?
(A) Yes. The KS campaign helps us get the manufacturing off the ground so we can produce more of them and sell some in person. We prefer that anyway because we like meeting everyone and crackin' a b33r.
(Q) What will they cost outside the KS campaign?
(A) We're unsure yet. That's dependent upon how much funding we raise through backers. They will be a bit cheaper in person. But you again run the risk of not being able to get one. Which is why we are asking you back us in an exchange for a reward instead. Also the extra cost is helping us get production off the ground to make these exist in the first place.
(Q) Where will updates be posted?
(A) On our Hackaday page, but we will post on KS linking to the updates. You should follow the project on Hackaday as well, check out the history of the project thus far.
(Q) What OS are you running?
(A) Ummm..none. Aside from the Nordic softdevice and an open source library for (SECRET), we wrote all the firmware, apps, GUI, etc ourselves.
(Q) Will you open source this?
(A) Of Course! Right after the con is over source code, gerbers, and supporting scripts will go up on GitHub.
(Q) I think you're full of BS, why are you keeping the majority of the features a secret?
(A) Your mom's full of BS. Like we said, the badge-makers are all trying to cook up their own unique surprise for everyone. You don't want to show your hand this early (poor Vegas pun, we know). We will release them over the next few months as the con gets closer. All we can promise is this, it will be in line with the retro throwback theme of DC25...
Shout Outs & Thanks Thus Far
Risks and challenges
In general, you could bucket the challenges and risks into two categories for our project: Producing Electronics and Kickstarter.
1) Producing Electronics
-To be blun7 about it, this ain't our first rodeo. Despite being successful at our endeavor last year, there were MANY lessons learned that we incorporated into this years badge design. The more components, the more risk of failure. Also while our comms looked cool, they malfunctioned and we also didnt anticipate the amount of spectrum noise in a Vegas casino. Which is why we opted to go with an all up system on chip (SOC) from Rigado. We simplified our badge design and component count greatly. So no need for late night soldering sessions (again) in the Vegas hotel room. Also this means we are running at 2.4 Ghz BLE for the communications and well face a lot less problems than we did running at 433Mhz.
-We started earlier. Like 2 weeks after DEFCON24 earlier. That amount of time has allowed us to work out the bugs and get the hardware to a point where the design is nearly completed pending minor tweaks. But we've had a functioning hardware prototype since November 2016.
-To avoid international shipping delays and the poor manufacturer back and forth you normally get with..."overseas PCB companies" (https://www.youtube.com/watch…)... we went domestic with a great company called Macrofab. We can upload our KiCad design right into their computer system, pick in house parts, and even send them parts to hold on consignment for pick and place. Our badges will be built domestically in Texas! So no need to track the boat and hope the shipping container doesn't fall into the deep blue or get held up in customs.
-A lot of people (including ourselves) have backed campaigns on KS and gotten burned. So let us publicly shame these folks. Its due to their poor planning 99% of the time. If you noticed, all of our badge quantities are limited. We arent doing this to get rich, its a hobby, and we just want to have a great time at DC25 with everyone. By limiting the quantity, we can guarantee being able to produce, flash, inspect the badges, and not end up with one of those "OH SHIT I RAISED $3M" moments where your reward shows up 2 years later.
Tieing all of this together, comes with a bit of boring, yet relevant background about us @ANDNXOR. We have day jobs. We work as engineers and scientists, with backgrounds in EE, ComSci, IT, Cybersecurity, Mathematics, and Systems Engineering. We work and manage technical projects, surrounded with risks and challenges every day. Managing risk, tracking cost, and schedules all to hit a goal is in our blood. We have boring as hell spreadsheets and gantt charts we've thrown together to make sure we can get this project done in time for DC25 ensuring all of our dependencies are known up front and planned for. Planning is key. Despite it being boring, we bring it up as an important detail: we're not a bunch of n00bs begging for money without the slightest clue as to what we're doing. We love this stuff, just like we love booze and hacking. However there's just a single variable left we cant control, the funding. Which is why we are asking for your help. Trust us and you wont be disappointed.
Learn about accountability on Kickstarter