SparkFun Electronics gave me a free pass to SAINTCON, a networking security conference in Odgen, Utah. How did I receive this? Well, social media addiction has its rare benefits and I was the first to respond to a tweet.

SAINTCON hosted a Hardware Hacking Village (HHV) this year and as the recipient of a SparkFun-sponsored ticket, I felt I should check out the HHV immediately. I sat down, soldered my badge, and then proceeded to complete all five hardware challenges; I was the first to complete hack the badge. That’s what happens when a SparkFun social-media-addict goes to a conference.

Completed badge with the blinky kit.
Completed badge with the blinky kit.

What is SAINTCON?

Prior to SparkFun’s tweet, I had never heard of SAINTCON. At the conference (con), I asked around and it seems that this was the second public year. Apparently, it had been hosted for several years prior, but was somehow restricted. The con is more then just talks. Although there were plenty on the schedule, there are also numerous side events. The HHV is the place to solder and tinker with electronics. The Lock Picking Village is where you can learn how to let yourself into your own house when you forget your key. Tangential to the talks and the villages was the Hacker’s Challenge, a series of puzzles, in various topics, with one global scoreboard for SAINTCON participants.

Just your standard locking picking kit.
Just your standard locking picking kit.

For regulars of Information Security conferences, like DEFCON, this conference format will feel familiar. The challenges have become so popular at DEFCON that attendees blow off most of the talks just to hack the challenges.

There were some interesting talks. I went to the EFF’s talk on Privacy Badger, which I highly recommend you install, and a talk on RFID hacking. It turns out, there is a device that can read RFID tags from up to 3 feet away. Once read, it can then spoof said tag. Needless to say, if you are only using RFID as a means as access control, you probably want to re-think you program.

Grainy cell phone photo of the privacy badger talk in action.
Grainy cell phone photo of the privacy badger talk in action.

In your faithful correspondent’s humble opinion, the best thing going on at SAINTCON was the HHV.

HHV

Luke Jenkins and Matt Lorimer were the two main organizers of the HHV, although there were a few other volunteers staffing the village, whose names I unfortunately missed. The small conference room was lined with soldering iron stations around the outside and on a center table. From open-to-close each day of the conference, the HHV was packed with a queue of participants waiting to enter. Running a HHV is an operation. With 35 soldering irons, set between 650 and 750 degrees, in the hands of novices, the HHV staff are constantly engaged.

A packed SAINTCON HHV.
A packed SAINTCON HHV.

Primarily they are there to make sure you don’t injure yourself or others. After that, they are there to make sure you have fun and learn. As I assembled my badge, I was surrounded by people who looked at electronics as a kind of black magic. I watched them and occasionally offered some tips as they completed the kit, to which there were no instructions. The only hint was the silk-screen of the printed circuit board they wore on their neck.

The Badge

What was everybody soldering? They were assembling a badge that was designed by Luke Jenkins and Klint Holmes. Every SAINTCON participant received a badge and a bag of components on registration. The badge is essentially an Arduino clone, inspired by SparkFun’s RedBoard. If you are experienced with electronics or the Arduino community, then you would instantly recognize the design. But imagine finding a person off-the-street, handing them a kit, and saying, “go build this.” Building this badge, for a complete beginner, is a significant accomplishment — one that people were proud to wear around their necks.

The unpopulated badge and kit that came with the registration bag.
The unpopulated badge and kit that came with the registration bag.

This is not a DEFCON badge. LosT, the creator of the DEFCON badges designs some wicked challenges where people blow-off the con just to hack the badge. The DEFCON badge is on a completely different level. I mean, the DEFCON 22 badge can act as a Bitcoin miner. The SAINTCON badge was designed to be approachable, teachable, and hackable for beginners.

My DEFCON 22 Badge and CHUCKWAGON. I have not hacked this badge.

Given that the board is an Arduino clone with FTDI-cable headers (the cable came with your registration)1, it is instantly ready to accept any Arduino UNO sketch. But if you immediately re-programmed it, you’d wipe the five hidden hacker challenges built into the firmware. Of course, the badge is open source hardware.

Closeup of the MCU portion of the badge.
Closeup of the MCU portion of the badge.

Hack the Badge

After you build your badge, you could attempt the first challenge.

Challenge 1

After you’ve burned your fingers, and hopefully not too many components, and all the right LEDs light up; plug the USB to TTL serial cable into your favorite computer and launch a terminal emulator. 115.2kbps and 8N1 are the settings you’ll need. The badge has a built in menu system, check out the HB100 menu option for the code for the Hacker Challenge game board to earn your points. > > Hurry on to HB200, as supplies for the HB challenges are limited!

Arduino and avr-freaks would not be stopped by this challenge, but “talking to hardware” is a very cool first step for those who have never done it. In fact, for each of these challenges, no software was needed apart from a terminal and FTDI drivers. For those new to the Arduino/AVR ecosystem, using the IDE is significantly more complicated than a dedicated terminal menu. Besides, retro is cool. 😉 Once you connected to the badge, it gave you a code and unlocked the next challenge.

Challenge 2

For this challenge you’ll need to show an unlocked HB200 menu on your badge to to a HHV volunteer to get a Vishay TSOP382 IR Receiver Module. You will need to install this on your badge, using the A0 pin for the output of the IR Receiver. Make sure you remove all power from your badge before doing any soldering. Once you have completed installing the receiver, go into the HB200 badge menu and ask for a HHV volunteer to verify your work. If you are successful, the badge will provide you with a Hacker Challenge code for the game board. > > Get going on HB300 right away, as we only have a limited supply of parts for the HB challenges.

This challenge required installation of the IR receiver on the badge. It’s a three pin package, also available from SparkFun, where there is a ground, power, and output pin. As the instructions state, you need to connect the output to pin A0 and then power and ground the component. Once completed, one of the HHV staff would come around and with their special badge, flash an IR message to your badge. If done successfully, your badge reveals the code and unlocks the next challenge.

Challenge 3

Now that your badge can receive IR, wouldn’t it be cool if it could also transmit? Show an unlocked HB300 badge menu to a HHV volunteer to get a Vishay TSAL4400 IR Diode. Check the data sheet, figure out the way to install it on your badge without burning out your badge or the diode (resistance is not always futile), use pin D3 to drive the LED, and have fun! Once you’re confident in your work, get back into the HB300 badge menu and call over an HHV volunteer to have them check your work. If you are successful, the badge will provide you with a Hacker Challenge code for the game board. > > Supplies are still limited, so continue on to HB400 quickly.

This challenge required bi-directional IR transmission. Once you’ve received the IR LED, it should be quick work to add it to the board and move on to the next challenge.

Challenge 4

For this challenge you’ve got to add an analog sensor to your badge. Show an unlocked HB400 badge menu to a HHV volunteer to get a Thinking Electronics Industrial Co., Ltd. NTC 10k Thermistor. Make sure to do some research on how to interface this one, as it is a bit harder than the HB challenges you’ve already done. Put the thermistor on the 3.3v side of the circuit, and use pin A1 to read the output. The HHV volunteer didn’t give you everything you need for this challenge, but you’re a resourceful hacker so you should be able to find the missing part. > > Once you’ve got it installed, pull up the HB400 menu and give the thermistor a squeeze. The HB400 menu will give you a temperature reading. Get this baby up to 88 (degrees Fahrenheit) and the HB400 badge menu will provide you with your HC code. > > Supplies are very limited for HB500, only the first 100 hackers will get the parts for this one.

The trick here is that you need to add a resistor to create a voltage divider, as explain in this tutorial. There was a bug in the code that would allow the firmware to reveal the code without the thermistor, but it was more fun to solder the components before moving on to the last challenge.

Challenge 5

You’ve interfaced two badges, you’ve gone analog, now you’ve got to go digital. Show an unlocked HB500 badge menu to a HHV volunteer to get a Microchip 24LC01B I2C EEPROM. You know the drill by now, do some research, power down your badge, add that little puppy and any friends it might need, and then check out the HB500 menu for your code.

This last challenge requires installing an I2C EEPROM on your badge. I2C is four wires: VCC, GND, SDA, and SCL. The badge conveniently had a breadboard-like split on it so you could solder the EEPROM and still access the pins. The badge firmware would write to the EEPROM and read it back to complete the challenge.

Designing a badge, creating the firmware, AND having it ready for a conference of 400 plus attendees is no easy task. Luke, Matt, Klint, and many others who worked on this badge really pulled off a great experience. As of the last day, 123 participants completed the first challenge. I’m sure many more were happy enough just to have completed that badge. Out of that 123, 59 had completed all five challenges, with your correspondent being #1. 😉

Moar hacking

However, there was still more to the badge. Participants could buy a $15 expansion board that attached to their badge. This was an additional kit that contained two TI Pulse Width Modulation (PWM) drivers, eight tri-color LEDs, and some additional passive components. The resultant board attached to the female headers on the badge. Matt wrote the initial “blinky” code that would flash the LEDs in various patterns and colors. On day 2 there were several hardware hackers that had the complete badge plus daughterboard assembled and were independently working on the next natural project: implementing a cylon pattern.

The blinky daughterboard.
The blinky daughterboard.

At the end of Day 2, y.f.c. had the beginnings of the cylon pattern working but, due to a mis-wired LED and the bug of mis-managing the hand-off between the PWM drivers, the cylon pattern looked more rainbow-ish. It would take another hacker, spending the night fixing the code to complete the ordeal.

Summary

The badge design was solid, but it would not of been a success without the additional volunteers in the SAINTCON HHV. They not only ensured that everybody was proceeding safely, but they cultivated a learning and collaborative environment. The word quickly spread as evident by the line — people wanted to be in the HHV. Additionally, Luke and Matt both led breakout-sessions covering digital bus sniffing and an introduction to the Arduino.

If you are in the Ogden area and have an interest in network security, hardware, locking picking, or hacking, you should check out SAINTCON next year. As a new-ish con, it has that friendly, approachable, and relaxed vibe. If you can’t make it to SAINTCON, the DEFCON HHV is the place-to-be. It’s just that my liver hates it when I visit Las Vegas.

If you are coming from out-of-state you don’t need to rent a car to get to Ogden. Utah has the next revolution in transport, one that is the next Uber killer. It’s called trains and buses. There is an infrastructure of ride shareable vehicles that arrive on-time and often to multiple locations in Ogden, including next to the conference. There’s even an app for it.

SAINTCON and the SAINTCON HHV were simply a good-time. It was encouraging to see new faces tinkering with electronics who abandoned their fear of the soldering iron. I’m not sure how the HHV crew defined success, but in y.f.c.’s eyes, it was a flawless execution.


  1. I’m not getting into the FTDI drama here. 
Advertisements

9 thoughts on “Hacking the SAINTCON Badge

  1. Was fun to meet and talk with you. Thanks for coming and participating (and this great write-up). Hope to see you next year.

Comments are closed.