We are very pleased to announce that Capital One is the 2017 sponsor for our very cool badges! Please stop by and say hi to their representatives in the Capture the Flag room.
We are very pleased that Hack.RVA will be the masterminds behind our badges once again! They have been with us since the very beginning and this makes it the 5th conference in a row. We know just how much work is involved with this project and we are privileged to have their creations at our conference!
We recently spoke with Morgan Stuart and Paul Bruggeman about the badges:
(RVAsec) The badges have always been a huge hit at RVAsec. Can you tell us a little about the badges and the process over the years?
For us, the goal of the RVAsec badge has always been to make something that gets the conference goers talking and engaging with each other. That means puzzles, games, and usually some way to screw with each other.
This year, like the past years, the badges have all been built by hand, right here in RVA by a bunch of crazy HackRVA members. We start from bare copper boards, etch out our custom design, place surface-mount parts, hand-solder through-hole components, and flash them with our own firmware. This removes any manufacturing cost, which frees up some green to stuff the board with cool features and components. It also gives the badges a unique look that you won’t find anywhere else.
This will be the fourth RVAsec badge that Paul and I have organized out of HackRVA, and each year we try and find ways to improve on the end result. It’s been challenging, but everyone is proud of the progress we make each year. We’ll have all the past year’s badges on display at our booth, so newcomers and nostalgia-seekers should come check it out.
(RVAsec) What are the plans for the badges this year? What are the new features?
We really liked last year’s hardware, and felt that the design could stick around at least one more year. Still, we reworked the layout quite a bit to help prevent the hardware failures we were seeing and improve some of the functionality. Since we didn’t have to redesign the hardware from scratch, or implement drivers for new components, we could procrastinate bit more on the whole project. In all seriousness, we’ve used the extra time to involve more people and start thinking a little bigger with software. We have a lot more people cranking out code, including some special attention to power management. We’re looking forward to the inevitable commit/merge frenzy in the final days.
(RVAsec) How is the badge build process going this year?
We’ve etched, placed parts, and performed an initial QC on over 350 Badges. Now we’re soldering on the final through hole components and doing a more thorough QC pass on every board.
(RVAsec) It was rumored the badges played a part in the CTF last year. Can you tell us more?
It wasn’t a secret – last year we had a wide range of challenges for people to complete on the badge that would net them points in the conference CTF. Difficulty ranged from following simple instructions within the badge’s menu, to parsing through the raw firmware, to decoding low-frequency serial transmissions. And yes, there will be more badge CTF challenges this year!
(RVAsec) If someone wanted to hack them, what would they need to do?
The badges will again have standard USB, which can be used to re-flash the firmware or even call many of the core routines.
(RVAsec) Can you give attendees any other hints about the badges?
We’ve always enjoyed adding some nostalgia-factors to the badge, and this year will be no different. Also, this year’s badges should match almost any outfit…
(RVAsec) Anything else?
Obviously Paul and I are not doing this alone, we’ve had amazing help from some very dedicated volunteers out of HackRVA. We start in the fall with hour-long meetings each week and we slowly ramp up to 4 hour build sessions in the spring. It’s quite the commitment and support grows every year. Quick shout-out to some of those that have been contributing:
We are very excited to see the badges this year and know RVA5sec attendees will love them again!
If you have time to visit one of their Thursday night Open Houses that occur every week, like tonight, you should go check them out!
Paul Bruggeman from HackRVA provided us with an update on the badges!
The printed circuit board, or PCB, is the backbone of any circuit board. It supplies the physical strength and fundamental wiring for the board. It also determines the minimum size.
The circuit design artwork is drawn, usually with special software but hobbyists sometimes just draw them by hand. The gEDA software suite has a component called “pcb” that was used to draw the badge.
The PCB board is fiberglass-reinforced epoxy laminated with a thin copper sheet which is etched away using ferric chloride to recreate the artwork.
One goal of this year’s badge was to use a professional process to cover the boards with the acid resist. Attempts last year worked but were not consistent.
Once the boards are etched they have to be cut down to final size. PCBs are tough material to cut.
The addition of a sheet metal cutter this year has made it much easier to do. The steel blade is 1/2″ thick and the whole thing weighs 60 lbs!
With the boards cut down, the next process is to put the surface mount parts on. Most of the 50+ parts are surface mount. This means they have no wires to solder, because they have metals pads that melt and attach when heated to 510F degrees.
The process of installing the parts is called “pick and place.” Not very complicated, but it can be tedious to do, especially 350 times!
First a solder paste containing thousands of beads of tin is drawn across a stencil that leaves the sticky grey paste where the parts will be placed. This stencil is etched copper foil. Stencils can also be plastic or steel.
The board then makes its way down the volunteer assembly line where parts are carefully placed on the solder paste. We have had the help of over a dozen HackRVA people so far this year.
The solder paste has to be melted or “re-flowed” to electrically connect the parts to the PCB. This currently is not very hi-tech: $20 donated ovens. A volunteer last year built a micro- controlled unit but the heating element died on it.
The manual ovens require attention. Failures are usually of the distracted human type. We had a board last year survive a 5-hour session underneath the oven, and it worked fine–though it looked like burnt toast!
The last things to go on are the hand- soldered parts: infrared transmitter and receiver, piezo buzzer, USB connector, USB detection wire, and the LCD panel.
If you plan on doing any software development we recommend the reset button option (red in picture) which can be soldered across the middle and far right pin on the lower center 5-pin programming header.
Design: Paul, Morgan
Etch: Paul, Jon, Aaron
Pick+place: Jon, John, Bill, John, Yijie, Sidney,
Thad, Tony (so far)
So if you want to dust off your C compiler to make these things do even more, or want to read the code to see what they can do… head over to the GitHub repo to check it out!
Just a few more weeks to get RVAsec tickets at regular price–only $100!
And if that’s not enough incentive to purchase your tickets early, and you still want to attend, you had better pull the trigger soon! We have already sold approximately 85% of all available tickets for the event!
Don’t forget all the things you get with registration, including 2 full days of talks, parking, meals, snacks, drinks, after party, reception, prizes, a capture the flag contest, t-shirt & swag!
We only have a few badges from Hack.RVA that are not accounted for at this point. For everyone that has signed up already, we should have you covered but the sooner you register the higher up the list you are to get an amazing badge from Hack.RVA.
So, to recap, we are closing in on selling out already, badges are almost all spoken for and the conference prices are as follows:
For the first two years of RVAsec, our friends at hack.rva have come up with two awesomely interactive badges for attendees. Planning for the 2014 badge started right after the 2013 conference, and since June is coming quickly we caught up with Morgan Stuart to get some info on what they are planning.
The 2013 badges were a huge hit–can you tell us a little about them?
Morgan: Last year’s design focused on a large feature set. The badge included 8 LEDs, infrared transmitter and receiver, piezo buzzer, 3D printed button, and it even had USB support. This meant that these badges could talk back and forth to each other wirelessly, you could tap, turn, and shake for input, and you could plug it up to your laptop and compose some tunes with your keyboard. The “game” on the badge consisted of seven stages, where we progressively introduced a new feature of the badge in some puzzle. By the second day, we had many people’s badges partaking in the “game of death.” Your badged counted down your health with the LEDs (in base 2 of course), forcing you to scavenge for food. HackRVA’s table had a beacon on it that would occasionally emit some “food” over IR, but most importantly you could attack other players. When a player died, they’re respawn downtime included about a minute of transmitting food to nearby players. Eventually we introduced a patient zero for “zombie mutation” (thanks Ron) and things got pretty crazy.
Morgan: There was a lot we took away from last year’s experience. Most important is getting the manufacturing of these devices down tight. We ran into a lot of unforeseen problems that we are trying to avoid by starting early with refined processes. Still, there are plenty of areas that could use improvement. For instance, the past few weeks we’ve been working out a photo etching method. It still needs work, but it will remove a lot of difficult-to-control variables that last year’s toner-transfer method had. There was also quite a bit of difficulty getting the accelerometer soldered on the board correctly, this lead to about half the badges not having an accelerometer, which was a big let down for everyone. We’re avoiding these kinds of small and sensitive components this year.
The design’s other biggest limitation was the restricted user I/O; we don’t think a button and accelerometer were enough input and the 8 LEDs with piezo could only say so much. We want interfacing with the badge to be enjoyable and intuitive, not frustrating or complex.
Due to the issues manufacturing last year, much of our focus was put on getting our hardware numbers up late in the build. The badges we ended up with had a great hardware feature set, but we just didn’t quite have the time we needed to fully exploit them with the software. HackRVA’s space has grown a lot in the last year, and we have some new and very responsible members who can help lift some of the weight off our shoulders when it comes to managing the fabrication of all this year’s boards. This means more time for software.
The good news about last year’s badge was that a lot things worked very well. Our design of the software and hardware was really founded on getting the attendees to interact with one another and we felt it did that in a big way. The badge became a great avenue to spark up a conversation or just geek-out with someone. Oh, and we’ll be sure to have a way to turn the sound off this year.
What are the plans for the badges this year?
Morgan: I first want to say that this year’s badge has again been redesigned from the “copper up,” but it’s undoubtedly the successor to last year’s badge. The badge games will again focus on getting the attendees to interact and think. Using them will be a whole lot of fun.
If someone wanted to hack or modify them, what will they need to do?
Morgan: Last year you needed a PicKit to modify the firmware–this is a piece of hardware that can cost as much as $30 or $40 for older versions. This year, we are aggressively pursuing a boot loader option which means you’ll simply need a USB cable and some free (as in beer) software to hack away.
Can you give attendees any other hints or teasers about the badges?
Morgan: One of the earliest changes we had in mind has really forced us to rethink the design and placement of every component. I won’t say much else other than we think lanyards are pretty lame…
Morgan: We would like to thank everyone at RVAsec, including Jake and Chris, for letting us do this these past few years. It’s challenging, but a whole lot of fun.
Thanks Morgan, we look forward to seeing this year’s badges!
If you are interested in helping out hack.rva with the badges, software or hardware, they have Thursday night open houses. More information can be found at http://hackrva.org/.
RVAsec will be held on Friday and Saturday, May 31st and June 1st at the Commonwealth Ballroom at VCU’s University Commons. Training classes will be held on Thursday, May 30th.
The conference is only $75 and includes two days of talks, electronic badges from hack.rva, breakfast/lunch/snacks, more coffee this year, swag bag, parking at VCU, two receptions and an after party sponsored by Rapid7!
The 5/15 deadline is rapidly approaching (and we ordered more badges so they are still available)–so register now! Due to catering demands we cannot take any registrations onsite or after the deadline.
On Thursday 5/30 we have four training classes available at the lowest prices we can swing: Lock Picking with Schuyler Towne, Forensics Readiness with Glenn Dardick, SANS Information Security for Business Executives with Chip Greene, and Introduction to Malware Analysis with Tyler Hudak. Classes are almost full, if you are considering a class please register now!
Chris Wysopal – Keynote
Gus Fritschie & Andrew Du
Alex Hutton – Keynote
We are pleased to officially announce that Hack.RVA will be making badges for RVAsec again this year! In order to be GUARANTEED that you get a cool badge you MUST be registered by 4/1. We spoke with Jamie Duncan about the badges:
(RVAsec) The badges were a huge hit at last year’s at RVAsec. Can you tell us a little about them?
(Jamie) We had an incredible time getting together! Last year was our first effort as a group at a project of that size (we delivered 105 badges that morning!). They were pretty simple devices, with a small LCD and four buttons for inputting text and finding little easter eggs hidden around certain keywords. We had the circuit boards printed up, and then built them out ourselves in addition to writing the firmware that was running on them.
(RVAsec) What did you learn from doing the badges last year?
(Jamie) Time is your greatest enemy. Hack.RVA is an all-volunteer effort that is incredible in the respect that we have a large base of willing people who use these badges and a teaching and learning experience. It can get tricky when the more experienced users have to work late or lives simply get in the way. But that is honestly one of the fun things about hack.rva, or any other Open Source – style project.
(RVAsec) What are the plans for the badges this year?
(Jamie) In a word, Crazy. There is no comparison with what we were able to do last year. We started the design process just after the new year, and have gone through 7 (at least) development revisions and prototypes. We are building them almost 100% in house. We’ll be etching the circuit boards, building and testing the components, and even doing the graphics work to make this year’s badges more easily identifiable. A huge effort, and wrapping it up is going to a blast. Spear-heading our board design has been one of our ‘senior hackers’, Paul Bruggeman. While that has been going on one of our youngest hackers, Morgan Stuart (VCU Senior) has been working on the initial firmwares with Paul’s help (among others).
(RVAsec) Do you plan to make them interactive?
(Jamie) MASSIVELY. This year’s edition will have the ability to send and receive communications, be touch sensitive, and communicate to the world in two completely new ways as compared to last year.
(RVAsec) If someone wanted to hack them, what would they need to do?
(Jamie) That’s the best part. These are designed to be hacked. We want, and plan on you to hack them to do all sorts of things. To get started? Simply plug it into the usb port on your laptop. 🙂
(RVAsec) Can you give attendees any other hints about the badges?
(Jamie) Secrets!? While there are no secrets (these will be fully open source hardware and software projects), we want the users to find all of the little games and tricks and easter eggs we have planned for them. Isn’t that half the fun?
(RVAsec) When do you need to know the number of badges we need?
(Jamie) ASAP. We’ve been spec’ing out prices @200/300. The final BOM has a few tweaks, but it’s close.
(RVAsec) Anything else?
(Jamie) Thanks again to RVASec for allowing a group like hack.rva the incredible fun of essentially doing whatever we want to come up with something awesome for the conference attendees and staff.
Due to the badges be custom made we have to place an order for parts in the next few weeks. In order to be GUARANTEED that you get a cool badge you MUST be registered by 4/1. Yes, APRIL FOOLS DAY. This is no joke–if you are not registered by 4/1 then you run the risk of getting not getting one of these amazing badges. Seriously, last year we had to print up “I registered late for @RVAsec & all I got was this lame paper badge with string”. Don’t be that person.
Thanks to Hack.RVA members for all of their efforts. Please help us in the planning efforts by registering prior to 4/1.