Rob Rehrig - Ox-Vox: Hacking Con Badges Before the Con

so thanks everybody for coming out this will be a talk about my adventures in hacking a couple badges before conferences or as I like to put it give my speaker notes but as I like to call it doing too much in too little time so let me see alright now I'm good so I'm Rob rare aka medium rare I'm from Chicago but this is my first time in Portland and I'm loving it hopefully I can make it out here more in the future I'm an electrical computer and music engineer I work for it as a global design firm called IDEO where I get to do fun stuff like hack cars and build medical equipment and

children's toys so I like that the ability to keep widening whatever I'm working on so this talk kind of starts with DEFCON 24 and the end not the end not X or bender badge I discovered this project on Twitter and hack a day and as I was kind of looking through it it seemed like fun and they said they wanted people to repurpose it I wanted a free badge so to me that sounded like I could probably trade something in exchange if I did a cool hack they announced what dev board they were using and like the microcontroller family the stm32 family and it seemed like a good place to start with getting maple mini which they recommended or at

least they said they started developing on so I had an idea for for what I could do for DEFCON but what would it actually be and that's when I started to think about what would complement bender the the badge is based around this personality and how could I complement that but also I take advantage of some of the microcontroller capabilities and first thing I thought about was bender is he likes partying so he probably Kiev con he likes music he likes drinking and he likes smoking cigars and that cigar stood out to me seems simple enough and then the music aspect I like going to like I I love the all the buzz around Def Con

there's so much music and activity and I kind of a way to visualize that and I wanted to do something reactive for a while to audio that was going on at Def Con so I thought this would be a perfect opportunity to do a live spectrum analyzer going from twenty to twenty K Hertz but how could I do it and that's when I kind of broke it up into two main parts which is I need to make sure I could get the audio into the board and I needed to make sure I had a way to quickly process it so my first proof of concept was making sure the preamp worked I mean I can't really

start analyzing anything until I have the audio coming in so I got that up and running just a simple preamp for the microphone so I could adjust the audio to voltage levels that would be a bit more resolution than just like one bolt or whatever is giving me the next was to write an FFT fast Fourier transform which is how I you kind of go from the audio spectrum to more of a frequency spectrum and for that I had to I had two ideas my preferable idea would be to have it implemented in software and I kind of got lucky with this one where SD micro doll ready written their own FFT library for the stm32 so I could take

advantage of that and that was really nice because I did not want to jump to the assembly for that process but I did have a back-up plan which was to do this all with a chip I was like a five dollar of graphic equaliser chip what clay didn't have to jump to that but the importance was I had to have this proof of concept because if I was gonna use that chip then it was gonna change how my board is gonna be laid out before I send it out to fab the next question it kind of brought up was what's the size of this what should this size of this board be and the best image I could find

at that time was this image of a couple prototypes of the badge so what I did was think about how I would size this up properly and this arbitrary thing how big is it but if you kind of take a look at it you can notice that screen up top is a pretty standard size and I had a few laying on my desk so I measured what the dimensions were and then I distorted the image in Photoshop so that I had like clean horizontal and vertical lines on it and from there I was able to have a pretty good guess of what the size of this badge was gonna be so that I could design the board for it with all that

set I sent out the board for fabrication got it back and build a couple up had to do a little bit debugging but more or less had it ready to go the night before Def Con as everything happens you kind of prolong it until the last minute and then you don't sleep before Def Con but it turned out really cool I'm gonna try to play this see if I can use the mic a little bit but this is and then more the audio [Music]

I'm only holding out because the audio like the singing yeah you can kind of see it a bit more there so from all of that I kind of boiled it down to find out there's a method behind this madness and there's a process that I could follow if I want to do this again which I think I decided to do it again but this mess this nessa method method this method came down to four easy steps one inspiration so I love the time before at Def Con and before other conferences where people are getting so hyped with making stuff and they're posting their stuff to Twitter and it's kind of like everything is coming together and just feeding off

of that energy because that gets I want to I want to live in that buzz and that's like my most inspired time so for this for this part of my method I like to take to Twitter and start to see what other people are doing and find projects that I can contribute to something where I can compliment the work that's being done and complement the work that other people have put so much of their year into and not take away from that and like the two weeks that I'm gonna put work towards it but it's often hard to figure out what to do so that comes to ideation and this part tends to take the

longest for me is thinking about all right so I this project seems really cool and for the bender this is like understanding the personality of the badge or like the person you bought the personality behind the badge the bender character and what might be natural for him or as I'll give an example or as I'll show later on talking about the Ox Fox complimenting what is the theme of the badge that's kind of being presented I want my I want my creation to to have its own to have its own personality as well next is proof of concept you have to kind of break down everything that you're doing into the most important parts that are required to have this

thing work and to be real so for the bender badge it was making sure I could have the preamp that piped audio into into the microcontroller and then also having the FFT working if all I had was that and I could quickly and I had a board that was prototype for it and I was able to do it then I was fine like if I couldn't get the hardware done in time I at least had that that working and that was all that's needed and lastly is development and that's kind of where you filled in these details and you don't have to once you have those core parts working you can kind of just smooth it out and the

more you get done great but you have the basics there already so you can at least show it off you're not just talking about oh yeah I wanted to do this now it's like I did it and now I'm just making it a little bit better each time I have every hour I have more to spend on it so fast forward to DEFCON 25 my original plan was to hack on the bender badge again but after watching a year of the ANA explore guys work on this project I felt like I'd be doing this service if I was to rewrite my own firmware for it and I didn't have time to go through and decompile their

firmware and try to add to it so I had a change sights to something else that's when I saw this tweet from Joe Fitz and I was like oh that seems like fun and the only problem was this was eight days before DEFCON so I had my work cut out for me but I was pretty excited and I was really happy that I noticed this which is an NR 52 microcontroller on there which I had bought the dev board for when I originally planned on hacking on the DEFCON 25 vendor badge so I was like dev board check and then I noticed something else there looks to be two GPIO or it looks to be two sets of like

GPIO s which I would suspect her for a joystick and you can't probably see it from your seat but if you look closely at this picture you can notice in the top left of those two Pat of those two sets of pads it looks like that top left pad is a ground pad so I was like all right so there's probably internal pull ups for these and the rest I'm guessing or or at least I'm hoping and that was good enough for me and it's like 10 GPIO s I've got the dev board for the NR 52 now what should I do and I will omit it took me a little while to realize what the

theme of the badge was it wasn't until a friend of mine kind of pointed out that it's a group of hackers from Oregon and it's the 503 Trail that I put together that it must be an Oregon Trail themed badge but that was also when I realized it's a wagon and the Oregon Trail has an ox where the hell is the ox and I figured well I'll add an ox to it because it needs one the only problem is how are you gonna attach an ox with cuz it requires that whatever the attachment to attach it at the cart so like well I guess I have to do to the cart as well or at least the base of the cart and

with the base of the cart what uh what am I gonna put in all that open space there's this long horizontal space so that kind of made sense to me as an area for a keyboard I don't know I don't know if you're seeing a theme but I'd like to put audio stuff in the hacks that I do so I saw this long horizontal space and it seemed like the perfect space for an eighth or like a full octave eighth key keyboard especially if I have ten GPIOs available to me I need one for the audio and I need ten I need 8 to control the keys now the question was if I'm gonna make something that

goes on top of this badge what's the size of it so here I was able to capture or at least I documented in my own internal files what I did for measuring and it's a little cut off at the bottom for measuring the badge so I took that one image by Joe and then I started to stored it and made sure everything kind of like lined up on the outside so if you notice that top part are like the two most topmost parts are just line up horizontally in the bottom most parts line up horizontally and then vertically on the sides as I expand it I then looked at the at the headers on the side

these top and if you know I'm guessing it's typical header spacing so tenth of an inch and I was able to scale that image based on that and I came across the dimensions for it to be around three by four I was like you know that's good enough to guess it's probably three inches by four inches so I round it up to that and that was it I had the size of the badge and I knew I had an idea for how things would line up how I'd be able to have something that would hook into all of those different parts expecially or and to the vias to get VCC and ground and that was good enough to move forward so

as I said breaking it down into the kind of proof of concept phase and there was a few things I needed to figure out here one idea to do a quick amplifier circuit but - I need to make sure I could generate a sine wave with that so after a little bit of work I was able to get a sine wave out of the dev board that I was working with the NRF 52 dev board and the only problem was Here I am you can't see this I just noticed that all of my dates that I've been trying to point out aren't actually visible I'm sorry about that so this the date on this was then four days before Def Con

so I'd already killed half of my time but I know things were looking up I had a proof of concept for the saw for the firmware and I had a proof of concept for the hardware the only question was how was I gonna route it out to be a knock shape because what's the point of doing this hack if it doesn't actually look like an ox to add on to this badge and it just I mean I guess there was a point to it but I want to go for that coolness looking like an ox addon factor so I decided to find or I looked around our shop at work and we had this tiny

CNC we have an industrial one - but I went for the tiny CNC it seemed a little less daunting and I attempted to cut out the Ox shape good news it worked so I had the prototype roof of concept for cutting out the ox and that was it I had my three had my three parts of the concept ready to go I could generate sine waves I can use the my audio amplifier worked and now I was able to use the CNC so with that going forward I set out to make my boards this was the night of that I was at this stage so with that in mind I decided eight would probably be a good number of bad is to

take to Def Con and I started out by taking a two sided blank PCB or like a copper to copper on both sides I spray-paint at both sides I've kind of been lucky that I've been doing this sort of prototyping for the past year so I was able to go through this kinda quick which would otherwise not be possible in a night I then lays it off all the areas where I didn't where I wanted to get etched away by the PCB etchant and then I kind of have this before and after where the bottom is what it looks like after I dropped it in the laser etching and then the top one is after I dropped it into the PCB

etchant and then a visual of the back my alignment wasn't the greatest I've had better luck with doing two-sided boards and just doing alignment but this was not one of those good days and then now it's like time to do the more industrial CNC attempt unfortunately I broke my small as a bit on the first go so all of I was able to cut things out but all of the button holes are like vias that I had to do I had to do by hand and that ended up adding a lot of time so another night of not sleeping before Def Con but I had the hardware and the software or the firmware could then be done at Def

Con the important part was the hardware the hardware was in hand I had the parts digi-key came through by delivering their awesome overnight shipping and I was ready to head off to Def Con where a buddy of mine started to help me write some more the firmware build it out I want to give a big shout out to my friend Ben without his help I probably wouldn't have gotten anywhere close to where I did before or by the time of Def Con because as I was hacking away the firmware he was finding a way to the the he was dumping what was on the badger already reversing it so he could get the understand what GPAs were being

used and then I could use that information for my controls he had a hell of a time with it only to learn that it was in our DNA do we know sketch that was uploaded to github later on damn boot loaders so I I also was pretty excited because when I all of this was happening without any with just like okay this is fun it'll probably be cool to show off but lo and behold DC 503 came through and offered a badge hacking competition like oh well I've already put some time into this but it doesn't really it doesn't really work if you don't get there on time so the party started at well they're doing the the

judging at 9:00 p.m. and then I saw that we uh the tweet at 9:05 and said hold up I'm on my way I got there after it was over and my badge was shot early put together it only still ran off the dev board and it only played a single key but it worked and it was enough to impress Joe and he offered he said well why don't you come out - besides PDX and talk about it which then gave me another two months to work on this if only I would have spent two months working on it but I did spend some time and I did I did I did use that time to fabricate

some a nicer version of the Ox box so this is the front and back of my little add-on that I've created as you can see the eight keys up top and then the amplifier on the aux itself with a speaker coming out of the wheel I guess axle where the axle would be and I don't know if you guys saw me yesterday but I was still working through some of the challenges the pinout changed a little bit so I had a quickly roll some new firmware and then there were other challenges like somehow disabling my well I created some complication in my display it's not working now it might be hardware I think it's hardware but I

have this beautiful ox now with the badge and let's see if it's gonna work if not I have a backup video it was a challenging time but it all came through and I'm up here and able to present it now it had some cool visuals to go with it maybe I'll get them working by the time this is over I don't know but I had cool letters that would pop up as you press the buttons but as my display is not working and I've run into a lot of power issues I think I broke it when I was trying to solve some my power issues the amplifier and the amplifier is a little under watt and I don't even know

the display but it once I combine the two it quickly drained a lot of battery but I'm pretty excited for where this came obviously I have a million other ideas for how this could be improved like I would I think at Def Con I want to do something where you could collaborate via Bluetooth and people could play different different pitches at the same time and kind of have multi keyboard input but as with most things time just escapes me so thank you all for listening to my journey as I like to get inspired and kind of understand how these things work and how I can contribute to fun projects and maybe get some stuff for free out of it I think

yeah the need for getting for trading and finding ways to get free stuff is always there but yeah thanks for coming out if you I'm gonna publish I'll make all my stuff open-source and I'll show some of the of postable files and the firmware once it's cleaned up and perfected a little bit more well shouldn't say perfected but improved a little bit more feel free to reach out if you have questions or if you want to make one of your own or figure out how to get it work if you get one but thanks [Applause]

you