post

My 3 favorite unofficial DefCon 25 badges

While DefCon has been known to have interesting conference badges, the 25th iteration had an unexpected explosion of intriguing unofficial electronic neck swag. The hunting for and gathering of coveted badges has become a new tradition and this year’s #badgelife built on that tradition. While unforeseen circumstances caused this year’s official badges to be rushed into production, attendees did have a nostalgic combination of throwback badges paying homage to conferences of the past. Fortunately, attendees had many choices to display custom badges that bling, communicate, and even fight from unofficial sources. Often these badges have secret competitions and groups to teach people how to deconstruct and find hidden achievements in their hardware. Although I was far from getting all of these unofficial badges at DefCon, there were three that caught my eye.

1. AND!XOR’s Bender badge

My favorite badge! Last year I fell in love with my little Bender badge after being a winner of the grand elevator rush of DC24. This year’s badge was a huge step up, and it features a full-color LCD screen, a host of LEDs and my favorite character from Futurama mixed with the cult classic Fear and Loathing in Las Vegas. This new badge was a huge step up from last year. The Bender badge has a host of unlocks available to get additional characters, screensavers and a wireless module to interact with other badge owners. They are also cross compatible with many other badges from the regional DefCon groups like DC801. If two compatible badges were near each other, they would flash each other’s logos back and forth between screens. How freaking cool!

A much more well-known feature on the badge was the “Botnet” which allowed badges to fight each other as you develop exploits, patch your badge’s services, and launch attacks. In particular, a successful attack would render the victim badge temporarily unusable as Clippy, BSOD, or a Rickrolling took over for a minute. Suddenly, badge owners were in a race condition with each person trying to hack the other guy first. The loser’s badge sadly broadcasting their shame. The truly devious would launch another attack as soon as the victim cleared the first one.

One hidden feature of the badge is an actual botnet feature that allows the AND!XOR creators to propagate commands across the badges. For example, maybe AND!XOR wanted to start off a Hypno-toad dance party or maybe Rickroll a room. The problem was that DC801 took advantage of this “feature” to hijack the command and control architecture. They were able to infect one badge, which would wirelessly reach out to attack another’s within range and so on. This cascading virus is exciting because there is an IOT mesh net architecture that a virus happily hopped along. Suddenly badges are attacked just by walking through the area! Even after reboot badges just started another iteration of the Matt Damon video clip disabling the user interface for a minute. I am seriously sick of him spinning around. Throughout the weekend AND!XOR and other groups dueled for the control of the botnet and our badges. Fortunately, this seems to have cleared as I got home.

Just take a minute to contemplate this. While users were busy trying to attack each other on an individual level, AND!XOR and DC801 were fighting to control the entire botnet infrastructure.

2. DC Darknet

The DC Darknet is a group of challenges based on the books Daemon and Freedom written by Daniel Suarez. At DefCon, agents of the Darknet fight to gain reputation points as they learn new topics and explore quests ranging from breaking ciphers to building simple exploits. The Darknet badge was one component of these quests.

This badge had a do-it-yourself element. The Darknet badges taught me how to solder, and now I bring a soldering kit to DefCon just to rapidly assemble the Darknet badge. There are a hundred stations in the Hardware Hacking Village but lines quickly form and who has time to wait for a soldering station? A quick 40 minutes after receiving mine it was assembled, flashed, and ready to start speaking with other agents.

A particularly interesting feature on the badges is the IR and RF pairing. After you built your badge, it could be pairing with IR to other agents which would allow for you to send RF messages to them wirelessly. You could state “I would like a taco, ” and that message would be relayed over to the agent of your choice(if they were within range). This feature adds a unique covert method to communicate with your new friends and fits in with the story extremely well.

The dialer aspect of the badge was a refreshing throwback. However, it was somewhat difficult in practice. I felt during one quest requiring a few key numbers (Emergency, Jenny) the touch capacitors would sometimes read incorrectly. Not having a backspace button can be incredibly frustrating when digits sometimes worked and didn’t work.

The team beyond the badge was equally as impressive. The Darknet staff table easily had ten staffers there at all times helping agents trying to complete quests, re-solder badges, or get points from the scavenger hunts. Another particularly nice touch was the rechargeable battery that helped me cut down on AA batteries and the need to charge them.

Although I did not have as much time to devote to the quests, I was able to participate in the boss fight. Working together with a group of people in a hotel room to go through quests was certainly one of the high points of this year’s experience.

3. Mr. Robot

DC Darknet and AND!XOR had both presented badges at DefCon, but the Mr. Robot badge was a cryptic newcomer. There were no official Kickstarter or starting quests to get the badge. Instead, you had to follow a minimalistic twitter page to find out where to purchase the badges and what they even did.

It was pretty amusing how they were handed out. The first batch was distributed out at skeeball which had a feeling that was similar to the show. However, I found out about the drop 4 hours later. I was luckily able to get a badge because I saw a tweet about a sale nearby Caesar’s when coming back from a party. The tweet only stated they were at the Spanish Steps and I stepped it out to get there as fast as I could without running. They were easy to spot because a woman with a large purse was looking around nervously while sitting with three other people. Nobody else had bags large enough to carry the badge. So in what only could have seemed like a drug deal, I approached her, slipped her cash and received my badge.

This badge has a beautiful mask and looks amazing. On the outside, it does not look to be as flashy with LEDs and only had two games (snake and Tetris) on it. Even then the up arrow froze the game. While there was additionally tweets for an ARG, I did not play with them much. Therefore, I was shocked when I suddenly saw a group of open wifi signals while connecting to the network. Later I went back and logged onto these signals to discover a wifi network with https://www.linkedin.com/redir/invalid-link-page?url=192%2e168%2e4%2e1 being the only host. When I unplugged the batteries, the wifi signal disappeared, and suddenly I understood it was coming from the badge!

So I did what anyone at DefCon would do. I logged back in and scanned the network for more devices and open ports. It bizarrely only had one open port UDP 4096 that was open. Despite trying to netcat and run commands against the port, I got nowhere. More discouraging was whenever I saw someone with the badge they knew nothing about the port or how they were carrying around a wireless access point.

Warning FUD and conjecture ahead! There are some rumors that the Mr. Robot badge also had a botnet component to it that would use this port. Once one received the code, it would look for other badges to trigger their code and then launch deauth attacks against other wireless devices in the area. The badge wearers, unaware of they were transmitting wirelessly, would walk around deauthing devices and could be spreading the virus across the conference. Right or not, it sounds like a fascinatingly devious scheme.

But these are just toys?! What does this have to do with security?

The great influx of badges added an interesting IOT component to DefCon. It is easy to forget that these badge designers were able to do amazing things on a tight timeline with relatively cheap devices. As businesses are exploring how they can do more things with the IOT, we will see more and more professionals coming up with outlandish ideas to do many more elaborate things. These are quickly built use cases of how the IOT is both incredibly easy to implement and how the best of intentions could create a raging multi headed botnet if you are not careful.

It was incredible to see the different layers of people coordinating across the country to pull this off, and I am very excited to see what they will put out next year. Who knows, maybe next year I can get a Texas badge put together!

If you want more articles on badges I suggest this one and if you are looking for an audio book I suggest checking my book on Effective Threat Intelligence.