Hack your badge at QuahogCon 2010

Home Technology
Hack your badge at QuahogCon 2010

quahogcon-badge-r1.jpg

In a proud tradition of hackable badges at hacker conferences, the fancy folks behind QuahogCon 2010 have designed a really cool looking conference badge. They’ve blurred out some of the key information to help prevent people like you and me (yes, I will be attending!) from getting a head start with writing code for the badge. What I can see is pretty intriguing. There is a PCB antenna, an FTDI chip, and a handful of LEDs. Looking at the I/O pins and the fact that this chip is wireless, I’ve narrowed down the processor to a few options. Can you guess what the are?

I’m not going to reveal my hypothesis, but I am going to reveal another less secret bit of news about the conference. If you register, use the code MAKE20 to get a 20% discount.

The conference is April 23-25 in Providence, Rhode Island. Be sure to try out johnnycakes while you are here!

14 thoughts on “Hack your badge at QuahogCon 2010

  1. alex says:

    the mc1322x SOC (arm7) looks exactly like the one they’re using down to the slightly oversized qfn-with-pads-on-the-bottom package. This chip has an 802.15.4 PHY with integrated matching and balun so you can connect it’s unbalanced output straight to an antenna without an external balun. ITs the only chip i’ve seen on the market with this feature for 802.15.4. from the looks of the PCB they simply have pads for a filter near the antenna not a full balun or pads for a SMT balun on a chip.

    http://mc1322x.devl.org/
    http://www.freescale.com/webapp/sps/site/prod_summary.jsp?code=MC13224V&fsrch=1

    http://redwirellc.com/store/index.php?route=product/product&product_id=53 fo devkits.

  2. Scott D says:

    Don’t forget stuffies and coffee milk too!

  3. Shadyman says:

    Ouch, looks like the airlines’ AI has already picked up on those dates as hot-travel dates for the PVD airport.

    The drive would definitely be cheaper for me, coming from YOW.

  4. Shadyman says:

    +1 for that being a Zigbee antenna. Note the last presentation on the speakers list: http://quahogcon.org/speakers/

    QUOTE:
    KillerBee: Practical ZigBee Exploitation
    Josh Wright

    ZigBee is a vital component of several emerging technologies including smart grid systems, bridging the devices in your home with the electric utility. With the rush to deploy this technology, few organizations have examined the security threats in this suddenly “critical infrastructure” wireless protocol. Over the past 9 months, Josh has been assessing various implementations of ZigBee technology while building a tool suite designed to exploit these networks. In this talk, the author will present several findings regarding the vulnerabilities in ZigBee networks, demonstrating the KillerBee attack framework designed to exploit ZigBee networks.
    /QUOTE

  5. Mike Coles says:

    Reverse engineering of the badge is ongoing at http://blips.net/pentest/quahogcon-2010-badge trying to figure out the chip by its pinout. Please leave your comments if you can identify the functionality by pin.

  6. Shadyman says:

    The crystal (24Mhz) seems to support Alex’s hypothesis.

    One thing that would help prove or disprove it being an MC1322x would be loading capacitors on the crystal. The MC1322x claims it has internally programmable loading capacitors, so none are needed on the outside. The ATmega128RFa1 on the other hand needs loading capacitors. However, the ATmega has the RF I/O on pins 8/9, which doesn’t seem to coincide with the picture.

    Header pins that I can make out in the silkscreen include:
    SCL, SDA, SCK, MISO
    ADC0, ADC1, ADC2, VREF1L, VREF1H, VBAT
    #TCK
    ?D43 (Connected to one of the LED/resistor sets)
    ?CTS

    I fully expect someone to make a PoV greeting using the larger array of LEDs.

    I totally expect some kind of uber mesh network thing to go on, though. Maybe share signal strengths to other readers to calculate distance, then pass that information over the mesh? Or maybe some kind of P2P packet network?

  7. Shadyman says:

    Regarding the notion on Mike Coles’ blog, I don’t think the last empty spot is for a switch. The switches are denoted S1-S3. The empty spot is marked L1 and has no casing support for a switch, so it’s likely some kind of inductor.

    There are also pads for 2 capacitors (unpopulated in this photo).

Comments are closed.

Discuss this article with the rest of the community on our Discord server!
Tagged

Kipp Bradford is a technology consultant and entrepreneur with a passion for making things. He is the Senior Design Engineer and Lecturer in Engineering at Brown University, where he teaches several engineering design and entrepreneurship courses. Kipp is also on the Technical Advisory Board for Make Magazine.

View more articles by Kipp Bradford

ADVERTISEMENT

Maker Faire Bay Area 2023 - Mare Island, CA

Escape to an island of imagination + innovation as Maker Faire Bay Area returns for its 15th iteration!

Buy Tickets today! SAVE 15% and lock-in your preferred date(s).

FEEDBACK