DEF CON 27 retrospective: badge life redux
Credit to Author: Jean Taggart| Date: Tue, 20 Aug 2019 16:42:20 +0000
Kickstarter or DEF CON attendee? Be forewarned, this light overview contains some mild spoilers. If you want the purest “Da Bomb” experience with no web-based OSINT hints, read no further. I’m not revealing any earth-shattering secrets here, but figured it was worth mentioning. Also DEF CON is over so…
Defcon is what you make it
Two years ago at DEF CON 25, I acquired the Ides of DEF CON third-party electronic badge.
This was a “non-electronic” badge year, if the loosely-followed rule of one year on, one year off for electronic badges is to be followed. (DC27 is a bit of a weird one, but I digress.)
I wanted some blinky bling to hang around my neck and this badge felt eerily reminiscent of the DEF CON 18 Ninja Party badge. That was one I had lusted over, but failed to acquire.
I can’t help but think that I didn’t get to fully experience the Ides badge. There were too many other blinkies around my neck. The last few years saw my quest skewed toward acquiring as many as possible, and sometimes this was at the detriment of experiencing the full package meal deal that some badges promise.
Concentrate on one
This year, I swore I would not become an ambulatory Christmas tree—again. I concentrated on one badge that promised interesting challenges, an opportunity to interact with strangers who had also purchased the badge, answer questions from fellow con goers about said badge, and to revel in the allure and prestige of having something exclusive.
Enter “Da Bomb”
The “Da Bomb” badge, originating from the same team that made the aforementioned Ides badge is the one I chose.
You can time travel and read the blog of the team behind this badge here.
Encouraged interaction
Suffice to say, “Da Bomb” badge met and exceeded all my expectations. I fought many DEF CON attendees, some that had never had a single match, even quite late into the con. (It looks like my previous experience with the Ides wasn’t so unique after all.)
Every match was an opportunity to engage with a stranger. It might be only some friendly banter and a quick battle; it might lead to an in-depth discussion on the state of the infosec industry with a business card trade at the end. This alone justified the cost of the badge.
Expect the unexpected
I fought a kind stranger that had reversed the firmware and given himself greater speeds, bigger bullets, more health, and had accrued 1,337 points of experience.
Needless to say he trounced me, and then I let him push his custom firmware over the air, badge to badge! This is a feature I’m not even sure the creators of “Da Bomb” know about!
Amazingly, I agreed to this. My hair stood on end while the process was taking place. Luckily for me, this kind stranger had no ill intent. This resulted in my having access to secret ships and the ability to edit values, such as the experience points count.
I had the main badge organizer, @netik flash my badge at the hardware hacking village with a newer firmware to acquire the “doom guy” as well as a bug fix for the game. These guys were still refining the product during the con! They offered support for defective badges, repairs, and help with any issues. They were kind enough to unlock additional LED modes at the same time.
Participant surprise
I was one of the lucky few who got 3-D printed joystick nubs. One of the kickstarter backers had printed a bag of them and given them to the team. Thank you, random 3-D-printing fairy guy/gal. Whoever you are, my thumbs are eternally grateful.
Sh**ty add-ons
The badge came with improved SAO ports for additional bling capabilities. I refrained until the very end with populating these, as battery life was an important factor, seeing as I chose to engage in battle with any and all fellow badge owners. I even camped out at the entrance of the conference halls scouting for bomb badge owners.
The main game
The main battle screen, where your gamer tag and rank are displayed, is also where you can select the menus to engage in battle and peruse other badge capabilities. As you can see, while I did win most engagements, I lost a few as well.
The proximity map is where you can navigate and select from multiple possible enemies for engagements. The prospective opponent name is displayed in the upper left corner.
The special challenge coin that kickstarter backers got as a bonus!
All this, and we haven’t even touched on the cool stickers to decorate your laptop and guarantee the TSA gives you the evil eye, the dial tone generator, the RF spectrum analyzer, LED sign, the video player, the badge to badge radio chat, the Caesar cypher generator, the music player, and THE BITCOIN MINER.
Gamified knowledge acquisition
Aside from the excuse for social interaction, the badge also has a JTAG header and shares many similarities with IoT devices providing a fun way to acquire valuable skills that are directly transferable to IoT research.
The idesteam can be found on twitter here. Documentation for the badge is here and here.
I have only scratched the surface of what this badge can do. Time to “Jtagulate” it and poke at the internals.
Mr. Konami sent his regards. You can reach me @jean_taggart on Twitter.
The post DEF CON 27 retrospective: badge life redux appeared first on Malwarebytes Labs.