Embedded - 251: I Agreed at the Time
Episode Date: June 29, 2018This week, we spoke with Addie (@atdiy) and Whisker (@whixr), the Toymakers (@Tymkrs). Their latest CypherCon badges included a complete phone system. For more information, check out the user document...ation at hackthebadge.com or the related Reddit post. There is a video of Joe Grand’s 2018 CypherCon talk if you’d like to watch him talk about his juvenile delinquency. In our last episode with Addie and Whisker (#205), we talked about the CypherCon 2017 badges and their Tindie store. Tindie module for phone The "Drew" mentioned is Drew Fustini (@pdp7). Though only Whisker supports accosting him to talk about OSH Park board colors.
Transcript
Discussion (0)
hello and welcome to embedded i am alicia white alongside christopher white and we are joined
by the toy makers addy and whisker to talk about badges and life and phones. Phones. Welcome back to you both.
Thank you, thank you. Good to be back.
Yeah, it's been a
quite a long year
but it feels like we were just here.
And it has only
been a year because it's about the same
time frame where last
year we talked about the CypherCon badges and we
wanted you to come back and talk about this year's
CypherCon badges.
Whether or not you want to. Last year we talked about the CypherCon badges, and we wanted you to come back and talk about this year's CypherCon badges. Woohoo!
Whether or not you want to.
What else have you done in the last year?
Besides badges?
Whisker?
We used to do things, but this past year, the badges that we produced were kind of a little, there was a lot of feature creep involved, and it kind of sucked up 12 months of brain power of at least five brains, and I don't even know how many helpers doing assembly and building of various things.
Yeah, I think we've officially burned out a few members of our hackerspace.
I think they don't want anything to do with badges anymore.
And then the other ones are ready to ask us what next is coming.
At what point do you just become BadgeCorp?
Yeah. what what next is coming so at what point do you just become badge corp uh yeah uh i think we are de facto already that uh there um even though we say we're the toy makers but uh i think essentially
we could be called the badge makers and that would be a fairly accurate representation of what we're up to these up to these days so
you've always had a pretty big educational component to the toy maker activities have you
considered doing more teaching other people how to do the badges and write a book on 10 of the best things you can do for badges yeah uh step one don't start no just kidding
um actually yeah i i think i think i would like to do that you know when we decide to
stop doing badges i think uh writing a book would probably be pretty cool because I know we've definitely learned a lot
of lessons about not only design thought processes, but also parts procurement and
the supply chain between China and all the different options that you have in the States, as well as the PCB fab, of course. And I think they're, they're all lessons like the minutiae is,
is not often shared, I guess. It's just suffered through.
So some of it is just small volume manufacturing problems.
Sure.
But the design, what advice would you give for people who are looking to design badges? remember if we mentioned this, but from our first year badges, we realized that there's got to be different stages of engagement that the client or that the person has with the
badge. So stage one would be, or tier one would be just the lights and the blinky, right? Like
at the very basic level, everybody can appreciate that it looks good. So you have to have at least that.
And then the second stage would be, okay, so if they're willing to plug it into their laptops, right?
Like, can they easily access it?
Can they easily do something with it, even if they're not, quote, hackers?
Right.
So for our cube badge, for example, that was the game, the text adventure game.
And for the phone badge, I would say that would be the ability to dial somebody
using the telephone company or dial your cell phone or have somebody call you, right? Just use it as a phone.
That's something that everybody knows, but it's slightly more difficult because it's in the format
of a badge. Then tier three would be, okay, so you're in the system. Can you actually
use the tools that we've given you in the system to maneuver around. So in the cube badge,
that would be, um, can you operate a time-sharing operating system, right? Can you type help space
question mark, you know, can you type color red or whatever to change different features on your
badge? Um, and then i guess what what tier
like what would it be what would you consider tier three whisker for the phone badge oh probably
using it as a modem uh to connect to digital services on the network that we brought with us
sure that kind of stuff sure um and then tier four is tier four or five it's for the more
hardcore folks so for the cube badge that would be um can you go from your badge to another person's
badge take get root and then compromise their badge maybe write a worm for these badges as they communicate to each other
using the Turing-complete programming language that, you know, Whisker created to cause havoc,
right? And then, and what would the equivalent be then in the in the phone badge for that war dialing carriers on the
telephone network and like starting to break into systems and escalate privileges um but you know
that very quickly turns into tiers four and five where you're using your phone badge to dial up the
we put addy's badge on a on a modem out on the phone network this year
from her cube badge from last year. So they could dial up Addie's cube badge and beat her text
adventure and escalate their privileges and dig deeper into the network by knowing the year before's badge really well.
So it very quickly gets deep.
But I think the three most important ones
are those first three tiers.
People need to think it's really striking,
like it looks good,
and then it needs to be usable for everybody
in an easy way if they want to,
and then something for the more industrious people who aren't going
to be satisfied with just something that blinks right i i should have um remembered that not
everybody may have heard your your parents last year or may not have any idea what we're talking
about with respect to badges uh maybe we should take a few steps back.
These are conference badges.
There's CypherCon in Wisconsin,
and it's a conference that encourages programming,
but often programming with the hacker edge.
And these are the conference badges.
Just as though I were to go to a technical conference about embedded systems,
they would give me a badge that had my name and an NFC chip that identified me to vendors.
You should have them contact us.
We can up their game a bit.
Yeah, so these badges that we specifically put way too much sweat, blood, and tears is, like you said, for the CypherCon conference in Wisconsin.
And it's an InfoSec slash hacker conference.
And we've been doing their badges since year one.
So year one, we had a, what is it?
XOR.
Okay, you're just going to have to say it whisker because it was a uh 7400 logic implementation of a three-bit xr stream cipher that you could
manually clock using clicky switches from mice uh yeah it was super nerdy and fun right that sounds so simple what well
compared to building your own phone network right so this is the dilemma of trying to one-up yourself
and design better you know as you go along or design make a design that matches or at least outdoes the design you did before.
It's easier to use linear improvement instead of exponential.
I think there are a lot of conference badges that I've seen that are,
here's a, you know, it's got a microprocessor and a screen
and you can do what you want with it.
You can make your name flash. You can make your name flash across it.
You can make your name flash. You can get onto it
and program it with some tools.
What you both seem to do
are to make the electronics
equivalent of those
really strange magic puzzles.
You know, the boxes that you can't quite
figure out how to open and
there's all these tricks and things.
You push three corners and one little drawer comes out but you should actually push that in instead of taking it out
so there's a lot of there's a huge puzzle aspect to these that i think
the normal that don't exist in the normal sort of nerdy badge space sure and i think part of
that is actually having to do with uh us wanting there to actually be an educational component to these badges. people who have dealt with just the digital realm. I think we wanted to teach them basic encryption, right?
Using a very simple three-bit encrypting method.
And to show them how it's done, like at the very lowest level, right?
And have them practice it and have them be exposed to it. And then the second
year, uh, whisker wanted to expose them to like a time, a timeshare operating system, right? You
know, to get into the mindset of, oh, hey, computers back in the day didn't just used to be
these things that magically turned on. there was paper tape there was uh
you know crazy mechanical things that needed to be put together in order to
in order for the computer to function and then this year we wanted to expose, you know, 500, 700 hackers to the world of phone freaking,
right? The thing that all young hackers from our age group essentially probably tried when the
internet was just a little baby, right? And like, when else do you get a chance
to phone freak legally, right?
So.
Okay, let me read this description of the badge.
The attendee badge for this conference, CypherCon,
was a functional telephone slash modem
slash lineman's handset.
The toy makers built a 96 line telephone exchange populated with various toys bbs ticker signs previous years badges etc
that were all available services that attendees could dial up from their badge
that's a lot of stuff was this the first time you had to build backend infrastructure?
Yeah.
How was that?
Please don't cry.
It was very enjoyable because I'm just at that age where the BBS world was around when i was very young but i wasn't really old
enough to have really played with it at the time so i i saw my dad logging into bbss but i didn't
get to do that kind of stuff much because it's just too young right and i'm doing the two previous years at this conference.
The people who get us the most amped up to do a really good job are the younger folks that attend because they read about all this stuff and they have a great amount of nostalgia for a period of time that they can't actually remember. Because there's so many cool
stories about back in the day, Waz hanging out in the garage making blue boxes and all this kind of
stuff. They hear these stories, and they really wish they would have been there. But they'll never
have a chance to play with any of it so doing the back-end infrastructure for this while
it was a total pain in the butt to like write a bbs that can run on a microcontroller
it was worth it to see a bunch of 20 something year old infosec people, hackers, normals, engineers, all these types of folks, all attacking it at once
and sharing tips and looking up data sheets and taking intricate photos of the telephone system
that was encased in acrylic so you could see all of the wires. They spent hours just running their cell phone cameras
up and down it, taking videos so they could figure out how everything was wired together
to just have a better idea of how to attack the system. It was so glorious.
I remember pictures that you posted with racks and racks of looked like old US robotics,
56K modems. Where did you source all of all that stuff
uh there is an ebay seller who still has some up by the way if anyone's into sportster modems
uh for four dollars a pop i'm in volume it's new old stock right uh buyer beware it's 30 you know year old modems and the plastic
shells the plastic is very brittle so when you take them apart to mod them which we of course
had to do to get everything ttl level um all of the screw uh posts inside of them all broke off
and we basically had to rebuild the shells to get
it to look right but you know um four four dollars a pop 10 modems not bad right
that's really i mean they're useless of course they're four dollars a pop
but i remember being so excited to get uh i think a 24 baud modem at one point. So fast!
So fast!
So fast, I can, you can almost, you know, you can almost read as fast as the text is coming by.
You know, everyone always asks about those 10 modems, and they don't ask about the 500 modems that went in the badges themselves.
Right, right. Which was a much, much harder thing to accomplish,
to source, to get here,
and to implement into a mobile, battery-powered,
not-going-to-catch-on-fire, beautiful package, right?
To me, that was a much harder engineering challenge
than going on eBay and scoring 10 Sportsters, right? To me, that was a much harder engineering challenge than going on eBay
and scoring 10 Sportsters, right? How do the phones work? I mean, these aren't just,
you buy a cell phone and it works. How do you, what's inside the phone, like electronics wise? Electronics-wise. So it has two picks in it.
One is principally just driving all of the LED animation sound.
Essentially, it's the output to the user pick, right?
And the other one is doing the USB stack
and doing all of the bytes in and out.
The modem is a module that we found from a Tindy seller based in Korea. And it basically just has an RX-TX TTL serial
connection that you can talk to. So the second pick there that's doing the USB stack is also
hooked up to those serial pins. So it can act as sort of just a serial pass-through when the badge is in the mode of IMA USB modem attached to your USB port.
But of course, we have to shift it into IMA telephone when it's not plugged in so that you can use the dial pad, the touch-sensitive pad on the face of it, to make calls or interact with the operating system on there. You can reprogram
your lights, you can reprogram your ringtones to quite a deep extent. By the way, you can write
full musical compositions with like three voices of audio. Of course course it does seem like feature creep the the the lights are
actually a procedural animation system with particles that are bouncing from lights to
lights and you can set up the particles so that they'll affect just the red channel just the blue
channel or all rgb and set it to affect whatever light it's on in a triangle waveform or a sawtooth waveform.
And with just two particles dancing around the badge,
you can get pretty interesting and deep procedural lighting effects on it pretty quickly.
You can change the scrolling messages,
and there's a bunch of different modes to that
where it can scroll one character at a time
or six characters at a time across the seven segment displays,
which allowed us to do things like have little,
almost like ASCII eyes drawn on the display.
And because it's jumping six characters forward
into the string at a time you
can make the eyes look left look right look up look down get some pretty fun effects that way
uh yeah a lot of time and thought went into getting all of those details just dialed all the and the modem was very difficult because uh the what chip set is it that's on there a connectant
addy one of those you know big chip manufacturers that does these you know industrial control
sort of stuff uh the company got purchased uh after we had ordered the modem modules.
The chip manufacturer had been purchased.
And they locked out sales of the chips
to all of the manufacturers, right?
So the person that we had just ordered
500 modem modules from
couldn't get the chips that's exciting yeah
and there was no substitute module and so when we said okay well we have 150 of the
modules already uh we need you know the 300 another 350 please uh she was like that's great
it's gonna cost about 140 percent more yeah so there went our profits
um there went our design fees and uh that uh delayed everything by several months it did because they couldn't you know even
when they could get the chips they they raised the price but it was a really big delay between
the time when they could get the chips again so by the time they could get the chips and we forked
out you know more than twice as much money as we were expecting to to get them here then it was uh the lunar uh new year right
and korea celebrates that pretty heavily so all of the shipping and manufacturing and all that
was locked down for most of the month and oh my uh that uh lunar new year this year was what uh not stressful at all what time of year was it it
was like march march and the conference is in april yeah not like i said not stressful at all
so we couldn't start badge assembly until we had the modems again also not stressful at all
and the conference was April.
Yes.
So, I mean, I just wanted to make sure that it wasn't like, oh, you got them in April.
You had until now, you don't eat April.
Yes.
Yeah. So, we had
our whole hackerspace
came to the conference,
which was awesome. We love you guys.
But
essentially that also meant that I ended up having them work for us
throughout the night before the conference,
just soldering like crazy and troubleshooting like crazy.
Cause these badges were hand soldered again because we had originally wanted
them to be done in a fab.
But because of that price increase with the modem, we couldn't, you know, hand soldered again because we had originally wanted them to be done in a fab. Um,
but because of that price increase with the modem,
we couldn't,
you know,
we just didn't have the funds to put towards the manufacturer.
So we had to hand solder,
hand place all 130 components,
um,
on this badge.
And,
uh,
yeah,
that was fun, crazy, mildly masochistic.
So what anachronistic part are you going to source in massive quantities next time?
Yeah.
What was the first thing people did when they got their badge i mean i just want to like did they exchange telephone numbers and immediately call each other or was that
more hidden oh i you know i don't know that they knew what to do with it i think they thought that
it wasn't a phone like that it just looked one. And that it was kind of heavy for something that just looks like a phone.
But most people didn't know that it was a phone until...
They flip up, see the bottom has an RJ11 jack on it, and they're like,
Really? You guys, really?
And then when we told them that they actually had a telephone company within the conference that they could call into and route their calls through, then people started just dialing the operator.
So we set up one of our friends as the operator.
And, you know, everybody's cool with dialing zero, right?
It's fairly harmless.
You're not going to accidentally call somebody who doesn't want to be called.
What happened when they dialed 911?
I just need to know.
Oh, no.
Did we set that up?
I think I wanted to, but...
No, the number range that was active was 601 through 696.
Yeah.
So 911 just wouldn't have connected to anything.
But zero did.
Zero did.
Yeah, zero would ring all the operator assigned lines for sure.
And were the operators very gregarious people
who wanted to talk to everyone?
Our operator this year was Maddie, who helped us out a great deal she
actually flew in from around brisbane australia to come help out for the conference so we had an
australian telephone operator with a very snarky sense of humor um yeah yeah so she would pretend like she was she was an operator in australia yeah oh it would be
so tempting to yeah you've reached australia yeah outside my window i can see a koala that's right
so she did do that to a few people she'd pretend you know she would adopt the accents of other
countries and she'd say she's from other places and they'd hang up right away.
Oh, right.
Because they didn't want to, you know what I mean?
Yeah, they didn't want to incur any charges, of course.
And then it got to the point where she just had a lot of fun.
She was just like, okay, this is the operator.
What's the password?
And they're like, crap, i need a password yeah it's funny because a lot of people
now don't like talking on the phone and they certainly don't remember having you know a
landline phone where you know you spend an hour talking to a friend or something just randomly
instead of texting or or emailing or social mediaing.
So were people reluctant to kind of use it as a phone because they weren't used to it?
Or was it just, this is really novel and cool?
The operator phone, I was fairly close to it.
It was ringing off the hook for two days straight, basically.
So I think people were having fun.
I think Maddie was a big part of why they were having fun
with the voice-to-voice dialing stuff.
My focus was more on the dialing up carrier modem stuff
and monitoring the situation as warring bands of hackers
were battling over control of the network stuff.
But I heard a lot of giggling over there,
and that phone was ringing a lot.
And she had the one phone that supported caller ID on it,
so they would call her and request the operator to find out their number.
Yeah.
And then they would have their number,
and then they would tell other people what their number was.
And then they would do things like set up a service at that number.
So you could dial up to their service.
It became a greater thing than what we brought.
What kind of services did they set up?
I didn't have too much time to figure it out.
One of the services I had attached to it was we had gone down and visited John S.A.Z.,
who I believe is, you know, everyone should kind of know who he is.
Oh, John Shook.
Yeah, John Shook.
He's got a big pile of junk in his backyard.
That's because he goes to those...
He likes auctions.
I've always seen on Twitter and he's got pictures of, I'm going to buy this.
I bought an industrial lab autoclave.
Yes.
So we were walking around the junk pile, right?
And I spotted a high school scoreboard sign.
And I was like, John, are you going gonna do anything with that he's like no take it
i'm like okay throw in the trunk we're bringing it home so we got this scoreboard and we gutted it
and we made a new driver board for it that could hook it up to a modem and we ran a small little command line interface on it so that you could dial into
the sign and change the scrolling messages on the sign and in the middle of the conference i look
over at this scrolling sign built into the rack and people are numbers their services are at on my scrolling sign.
That's a good plan.
What do they do?
I have no idea.
I was too busy.
I guess we didn't call.
I guess we didn't call.
Yeah, I was so busy answering questions.
I didn't have time to play, of course.
Were there other unexpected things people did did you should tell them the story
whisker the story the story how of how it almost caught on fire oh that's yeah oh yeah we're gonna
need that one so the the telephone company itself we built a uh and i know this is already over the top and whatever we we went to the lumber yard and got
black walnut and built a walnut and brass lexan front and back walnut sides six foot tall
display piece of a telephone system so it was just like it looked like steampunk meets 1989
you know what i mean it was this weird beautiful combination but you could walk up to the telephone
company and right in the middle of the top section you've got Addy's cube badge next to my cube badge. And as some of
you listeners might recall, our badges, the cube badges, talk to each other over IR. So they're
sitting right next to each other. They're obviously lined up so that they can talk to each other.
But there's a piece of wood in between them attached to a linear
actuator and the linear actuator is attached to one of joe grand's uh j tagulator boards
which is attached to a modem in the in the rack of modems inside the rack so they kind of got the idea early on that it's a really big goal to somehow gain control of that linear actuator over the phone lines to get it to drop down And it's obviously connected down to the telephone network,
but nobody could seem to figure out how to get to it from the outside.
And the only way they could see was that you get to it from Addy's badge.
And they eventually traced out which extension my badge's modem was hooked up to.
And it was the extension that can reprogram and control the PBX itself.
Then they were really excited.
They're like, okay, we need to get this trapdoor out of the way
so we can get into Whisker's badge and shenanigans.
I like the visualness of this, that you made it clear
what the goal was just visually. you didn't have to explain it
yes and even so i ended up stuck next to it answering questions for two days straight
did anybody move the block of wood uh yes eventually uh there was some interesting stuff
that they had to do to get there so and this is all kind of
technical and some of it's a little old-timey and weird and without context for the cubes it's a
little bit weird to understand but they found addy's badge it's it's extension phone number
they would dial up into there they beat her text adventure they get into the time sharing
operating system which is the the next tier up after the text adventure and then they can telnet
over ir into my badge but it isn't there because there's a piece of wood in the way
so they need to go back out onto the telephone network and dial around. They dial around and they eventually find the telephone number for
Joe Grant's JTAGulator. And as far as it looks from the outside, it's a completely stock
JTAGulator. The purpose of the JTAGulator is to automatically scan for UARTs, JTAG ports, stuff like that when you're
working on equipment. We got together two nights before the conference, Joe and I, and we redid his
firmware for the JTAGulator to look like the real JTAGulator firmware, but to not actually be the real JTagulator firmware.
That's just mean.
A bunch of tricky hardware little hacks to it as well to get it to do what we wanted it to do.
JTagulators aren't out of the box designed to answer telephones, for example.
And they're not out of the box designed to be able to control h bridge motor controller stuff
so we had to modify it a bit and we were doing that uh wrapped it up the night before we left
uh threw it in the back of bruiser's truck drove to milwaukee unloaded it and uh we're like okay
hopefully that all works because we had three hours to do it and it's really complicated and
we had to do the limit switches backwards on the linear actuator so if there's a problem this is
gonna go badly yes okay so maybe you see where the fire comes in they they dial up the j tagulator
and they're playing around with all the different features because
the JTagulator does a bunch of stuff that's not really related to the puzzle and they don't know
what aspect of it we're taking advantage of for the puzzle. So they're just playing with everything
and none of these guys have ever used one really in person before. So they're just kind of having fun with it. And they discover that if you set the target voltage in the firmware of the JTAGulator to zero volts, that the, what chips are those?
He uses some sort of intermediary between the IO pins and the outputs just some sort of buffering chips where
you can control the voltage on them if you set it to zero we happen to be using those lines for our
modem lines so you get locked out of the j tagulator because you just set your plus and minus
your your ones and zeros to zeros and zeros and you lose connectivity to the thing you were talking
to right so they lock themselves once out on accident and they don't know why and i don't know zeros to zeros and zeros and you lose connectivity to the thing you were talking to, right?
So, they locked themselves once out on accident and they don't know why and I don't know why.
And I like, okay, I reset it, right? I'm nice, I'll reset it. And then they did the same thing again and then they knew what it was. And they're like, okay, now we know that we can't do that
anymore. And I thought about it for a minute. And I was like, you might have just discovered a useful tool for your overall goal here,
if you think about it.
And I didn't tell them what I was thinking.
But they're really smart kids.
And they thought about it for a minute.
And they're like, oh, yeah, if we use the JTAGulator to drop the linear actuator,
and then set that voltage level to zero it's going to disconnect
us but it's going to keep everyone else from going in there and putting the gate back up while we're
trying to go from the cube edge to the cube edge and they're like we're geniuses this is the best and i agreed at the time at the time yeah so i had music here
the the sneaky sneaky sneaky thing we did with the j tagulator is it runs on a parallax propeller
which is an eight core processor and it only uses a couple of the cores to do its job so there's a
bunch of cores just sitting there doing nothing.
So we built a command line interface into one of those cores.
And JTagulator, when you're using it,
one of the things you often would do with it is to scan for UARTs.
So we had the JTagulator octopus to itself
so that you could JTagulate the j-tagulator to find the hidden serial connection
and get into the second cli that was buried deep in there which was the control for the linear
actuator and it took these kids two days to find it uh which i'm proud about uh but when they did
they were super super super excited and excited. And they're like,
they understood the universe and it all clicked. And they're like, Whisker, you're evil.
Sitting next to Joe at the conference and we're both giggling like kids.
They eventually got in there and they got into the controller for the motor controller and they
dropped the gate and the gate starts coming down. There's like 30 people
standing around this beautiful rack sitting in the middle of the room. They're all watching
as this thing just slowly goes down and they're like, yeah, cheering, except for the guys over
there who are like, man, we were trying to do that. And it's going down, it's going down it's going down and then the person who's in there sets the voltages to zero
to lock everyone else out of it so no one can put it back up on them and uh last minute we had blown
up an h bridge so we had to use a different h bridge that didn't have the limit switches on
it so we had to do the limit switches and software and the io pins that are have the limit switches on it so we had to do the limit switches and software
and the io pins that are reading the limit switches and software are on those chips that
they just changed the voltage on so now ones are zeros and the limit switches are like everything
is fine this is fine and the linear actuators moving down and down and to make sure everything
looked great it was glued to the end the wooden piece was glued to the end of the linear actuator
and this is like an industrial big linear actuator it's like three feet long you know it's overkill
and it's going down and then it starts ripping off limit switches,
and it gets to the end of its travel,
and the H-bridge asks the limit switches what's up,
and they're like, this is fine.
We're fine.
And the H-bridge starts warming up,
and then Ethan, who was helping me on site,
and I start calmly taking all of the cap screws off of the acrylic,
and we start placing this giant sheet
of acrylic off to the side and everyone's cheering because things went down and ethan and i are
looking at each other going we've got about two seconds before this catches on fire let's unplug
this we're smiling put the cover back on the rack and everything's like why do you guys take that
off it's like we're not telling you there's secrets to this.
This is a puzzle guys.
Don't cheat.
Super important stuff that we planned.
This was around the same time that that guy was trying to get.
Yeah.
To get into Addy's badge,
you have to go into the USB port through the original design. We didn't have enough room on the propeller during doing the cube badge to fit all the strings in for the text adventure. So we offloaded some of them to the PIC, which was doing the USB port in. So I couldn't just hook a modem to the propeller on that thing. I actually had to go into the USB port. So to accomplish getting
a modem attached to that USB port, we put a Raspberry Pi Zero in the back of the rack.
So that was hooked to a modem. You dial up the Raspberry Pi Zero, which I had already
logged into and started a PicoCom terminal session into her cube badge
so that it would just be transparent that Raspberry Pi Zero wasn't part of the game.
So every time I booted up the rack, I would just log that in so that when they dialed that number,
they would just instantly be on Addy's badge without ever seeing that the pie was even there but there
is a bug in the cube badge if you run some t-bass code in the t-bass interpreter on it in just such
a way or maybe it's something with the emulator for the year one badge i forget but there's a
bug where you can actually get the cube badge to shut itself off like crash it hard enough that
it turns off and this this other guy who was battling the hackers who did all that other stuff
um was in addy's badge while everyone else was playing with the linear actuator
and he got addy's badge to crash and shut off, which ended the PicoCom terminal session,
like pipe broken, sort of,
it no longer has connectivity down the USB port
because Addy's badge just shut off.
But I had run PicoCom sudo,
and it was still an active sudo when her badge shut off.
So he's dropped to a Raspberry Pi terminal with sudo powers,
and the first thing he does is change the root password on me.
You deserved that.
This is the fun of like, okay, you're going to design this overly complicated thing and then put it in front of 500 hackers and say, here, play with this.
Shenanigans are going to occur.
Addy spent the entire conference sitting in a chair fixing badges.
Soldering.
Yeah.
That's the problem with getting them done so late.
Having so many manufacturing issues is that it's going to have to require some repairs.
Yep. So, I mean, essentially every badge had a bridge on their two picks.
So we were fixing bridges on every badge. It was terrible.
It was terrible.
But we actually managed to still keep up the pace with
the number of people that were coming in.
I don't think any of the conference goers ever noticed that we were
soldering for our lives
yeah you have to keep the magic up yeah exactly exactly uh it it was a bad night but it was an
amazing night uh the night before the conference uh we just didn't have enough time to assemble
these things right because of the modem
you know not being there in time and all that uh so we are still doing debugging of all of the
assembled badges the night before the conference and this isn't that odd of a thing for conference
badges because it's such a short timeline. It's really, really difficult to nail the deadlines in an efficient and, you know,
sometimes you just have to pull all-nighters to make it happen.
And a lot of people from our local makerspace here that we run came with us out to Milwaukee this year.
And a lot of the folks from the conference and from Milwaukee and a few other places got together the night before to test and flash firmware on the badges that weren't quite ready yet.
And we were doing it in our hotel room.
It was like 15, 20 people.
Yeah.
In like this small hotel room.
It was getting hot. It was getting hot and hard to breathe.
It was really hot.
And Trenton came up, and he does the Capture the Con thing for that conference.
And he was like, oh, this isn't, yeah, I'm going to go talk to management.
He goes down and he talks to hotel management.
It's like at night.
It's 11 o'clock at night or something.
And it must have been even later than that actually when it started.
It was really late.
So he goes down there and he convinces the management to let us take over the hotel bar and the hotel bar in this particular hotel is essentially a ballroom with like
80 foot ceilings crystal chandeliers massive marble tables and before you know it we've got
25 soldering stations flashing stations, testing stations.
It was a beautiful sight to see electronics manufacturing happening under crystal chandeliers for the first five hours.
Then it got bad.
They had jazz music playing.
Was the bar still open?
No, no, but they kept bringing us food and sodas and stuff.
Wow.
Yeah, they took good care of us that night.
We were very thankful for it, too.
And totally delirious by the end of it.
Did you get to have any fun at CypherCon?
Did you get to see any talks?
I don't know that we've seen a talk.
No, I've never been to a talk.
I've never actually been to the con.
Yeah, no.
I don't know.
I was actually, you know, I asked Peter,
who is our engineer um
who did a lot of the hardware on this and i said in a in a like post-con debrief right
i was like did you enjoy sitting there and soldering and and debugging because that's
one of the concerns is you know ideally of course we would have liked to have all the badges done perfectly before the conference so that we could just walk around, you know, see what people are doing, you know, tease people when they're not getting things right, whatever. I think he and I both, we actually were really, I think we actually enjoyed soldering.
And I think we enjoyed troubleshooting and getting the badges working because they were like mini reach goals, right?
You know, because we went into the conference with 165 finished.
Out of 500?
Out of 500.
That's ambitious.
Right. out of 500 that's ambitious right and and and we were like we are so screwed on so many levels right now but we are going to manage to get all the badges that these people need um and we did
which was just like my mind is just slightly blown from that.
But despite that, I think we were, it was adrenaline, right?
And we got them done.
And there was, like, nobody noticed, really, or nobody complained complained to us at least about about the pace
that the badges were coming out um and people liked them so in some ways in a masochistic way
like i think we i think we we still did enjoy the conference right um even if we didn't get to see the talks although as of today joe grand's talk is up and he has
done a lot more sketchy things than i thought he he's ever done joe grand did kind of um
share his dirty laundry i know and i was like whoa joe like i. I think this is okay to say.
He came here to hang out with us right before the conference,
and we all rode together over to Milwaukee.
So we had a few hours in the car with Joe,
and it was a few hours of him on the phone with different lawyers
from different organizations that people would recognize to make sure that he was
not going to get in any trouble for telling the stories it was hilarious to listen to
the lawyers are like wait you did uh what let me look up the statute of limitations on that
that's exactly yeah that's exactly right so yeah so actually whisker and i just uh was yesterday actually because it was released
yesterday i finally got to see it yeah we finally got to got to watch him we're like i don't and
probably for the best because i probably would have scolded joe and been like, you were a little punk.
But now he's like an upstanding member of society.
Yeah, he definitely is someone who thinks that hacking and reverse engineering is important,
not for the benefit you get, but for the benefit you can give.
Right, right. Yeah, exactly.
So back to the badges.
The phone system doesn't exist anymore.
Can people still do things with the badges?
The badges did a lot of stuff that didn't require the phone system. We felt that that was important, that it would still be useful after the fact.
You can still program music into it.
You can still program the scrolling stuff into it.
It has a full version 2 programming environment
of the T-Bass programming language,
which now there are multiple GitHub projects out there
of folks who have written their own debuggers and interpreters for.
So it's actually kind of a usable, serious language now
because there's real tools out there for it, which was weird.
Yeah, how do you feel about that?
And why didn't you name it after yourself?
It's named T-Bass.
One of our developers that helped me work on it,
getting it dialed in for the Cube
and a lot more this time around.
When I was first working on it for the Cube,
I was trying to figure out what to call it.
And it's based on a Turing-Tarpit type of language,
which are very painful to use.
And he jokingly said,
"'Tis but a scratch."
You know, Monty Python referenced the Black Knight.
Yeah.
So T-Bass it became, right?
And anyone who's used it for any amount of time
pretty much feels like the Black Knight.
So it works. Yeah. The guy who changed the root password on the Raspberry Pi was wearing a
tis but a scratch sweatshirt. So I should have paid closer attention to that guy.
Should have spotted that. I think we still don't know the password at this point too so
that card got wiped as soon as it got home um yeah so there there's a lot of fun that can still
be had with just the badge but to say that the telephone company does not exist anymore is
not true the telephone company still exists because we always over order parts so we ordered
50 extra modem modules and are presently in the process of building a 50 modem pool
internet accessible bank of modems so you can come in over telnet pick up a modem on the system and dial around
inside the telephone network and play with all the toys do you think you'll be taking that
system next year for people who return and bring their um 2018 badges well it's six feet tall, and
no. It's got wheels, doesn't it?
No. No.
You should miniaturize.
You got the little modules now?
I think we gave the bellhop a $40
tip.
Yeah.
No, I think next year,
it's funny because Michael Getsman, head of CypherCon, came last night to thank everyone in the hackerspace for their work on CypherCon.
And we started talking, of course, of next year's badge, which we have like three ideas for. is for uh and i think we may go in a slightly different direction one where we're not soldering
the day of yeah yeah and i i jokingly told him i said pink flamingos that's the badge you guys
are getting next year that's it just a board it's got pink flamingo. Y'all figure out what it's going to do.
I think you should put some connectors on it.
You know, USB connector, Ethernet connector, but not have them attached to anything. This is great. You've built up this legend that these badges are these deep, complicated things with discovery.
And so, for your final badge, when you finally decide to give it up,
you should have something
that that looks like it does a lot but does absolutely nothing right yeah all the connectors
and a microcontroller and then you can spend the whole con watching people try to do something
watching the students just bash their heads i think i figured the password out
well and it's and it's funny because last year uh we had a a lunch of all the
village heads um and and michael gutsman and uh we brought the prototype cyphercon cube badge
where all it was was the sides because we just wanted to make sure that the tessellization of
the sides actually worked um without any parts and so we brought that we're like this this is the secret badge
and so we had like all these village heads looking at it and they were like
seriously examining it you know they're shaking it they're like trying to figure out whether it was like rfid is there something
in it is it and i just i pretty much lost it and um one of the guys was like oh hey uh you know
like can i take a hammer to it i'm like you do whatever you want to do like you want to take a
hammer to it i'm i can fix it and uh he's like dang it I don't have a hammer. And the waiter brought a hammer.
We were like, dude, best waiter ever.
Yeah.
So, we've...
I wonder how long it would take the first really, really smart person to figure out they've been had.
I'm thinking about a rock with a wire, just a single wire.
That's too obvious.
Well, they embedded all the electronics
in this rock well we've been tempted to make like badge kits where you have to like mine your own
um metals you know here's your fiberglass your resin and your copper powder go you know you
didn't have to do all the soldering you couldn't do that part of the badge
that's that's true first step it's an educational it's an educational moment for people to learn
how to solder smt components there you go and debugging debugging hardware it's it's that's
right that's right mini escape room you see all these bridges this is part of the fun
next year it's just a pile of components well that's what he said just a pile of raw ore
yeah here's here's where you can smelt it
it'll be the minecraft of badges dude we could totally do that. And it would actually kind of
fit into the narrative, right?
You know, you go from a cube
badge, right?
And like in Minecraft, it's all cubes and such.
Yeah.
This is good. I'm digging this.
Yeah, me too.
I think you guys have a future in badge making.
We run out of town on a rail
you said villages and i only recently came to understand that this is sort of like tracks and
other conferences or or communities of similar interests birds of a feather whatever right can you tell us more about how conferences like this
are structured it's not all just talks and talks and networking right so at least for cypher con
there's uh two main tracks of talks um from my understanding uh you know, since we haven't actually gone to that.
Exactly, right?
And then all throughout the conference, you know,
regardless of who's talking in these tracks, you have these villages.
So you might have like an Internet of Things village.
You might have Whisker's favorite.
Is it the Vintage Village?
Yeah, Mike.
Yeah, Vintage Village, vintage village where he
had like, I don't know, 10
or 15 old computers that
were all functional, had games
on them, etc.
There was the hardware hacking village.
They had their own little
mini badge that people could solder and learn
how to solder on.
What other
villages are there, Whisker uh there are a lot um i didn't get
a chance to go check any of them out because i was kind of standing next to the thing that might
catch on fire at any moment you didn't know that initially oh i definitely knew that initially
they they caught fire once yeah uh yeah not there here in the office yeah
in the pre-testing yes right so i wasn't walking away from that thing uh yeah there's a there's a
bunch of them i did get to meet all of them uh because when we set up the telephone network we
built uh these little station boxes each one of them has four phone jacks on it
and we gave each of the villages their own set of stations and wired up the whole pavilion you know
the the whole giant room with uh every different every table in there had multiple telephone lines
right and yeah asked their permission and got to know them a little
bit it was nice yep but yeah so so these villages are essentially just uh more topical you know
people with more topical interests uh more specific interests um so if you wanted to learn
more about hardware hacking then you would just sit down at the hardware, you know, with the hardware hacking village and learn how to solder, ask them questions, things like that.
This is pretty tough.
I mean, you have to plan a conference, tell people about it, get your speakers, which is all, that's the normal part of the conference and then you have the villages which
require space and time and advertising as well it seems like a more difficult way to run a conference
i don't know why i'm asking you this but no no i mean i i think i think part of it is because of how DEF CON has been run, I guess.
Because, per my understanding, DEF CON probably started the idea of villages.
So they have the crypto village.
They have, again, hardware hacking.
They have all these different villages.
I think there's even one this year, like a marijuana villagers. I, you know, there's some pretty like out there, take a little bit of DEF CON with them,
and that's how they kind of mirror
their own conference setup.
That makes sense. If I did a conference setup, I probably would have some
aspect of unconference to it, because that's conferences I like to go to.
Have you ever been to defcon no we have not we are going for the first time this year though so that should be exciting
we hear that vegas is is the best of humanity and the worst of humanity uh so so that should be interesting
i haven't heard the first part
maybe maybe i should say the best of america is that is that how it was said best of america and
worst of america so that's part of what was said that's not all of what was said and we can't repeat the rest of it yeah right um like best of america in terms of like architecture opulence
you know it's the fanciest stuff that america has to offer right uh but then you know you're looking apparently uh in under the luxor pyramid you may see like
a homeless guy puking on your shoes right so best of america worst of america um
yeah so i i don't know i don't know what to expect a lot of people are telling me
that i will pretty much want to run away after three days.
But I'm going in with an open mind.
Expect smoke.
Yeah, I hear that.
Yeah.
So I guess they still allow folks to smoke in the casinos.
Yeah, and they do.
Yeah.
But why are you saying that?
You've never been.
I've never been.
I've been to Vegas. No, to DEFCON. Well, I mean, DEFCON's never been. I've never been. I've been to Vegas.
No, to DEF CON.
Well, I mean, DEF CON's in Vegas. We were talking about Vegas.
Oh, all right. All right. All right. All right.
Yeah. Yeah.
So, I mean, maybe the air quality will improve, like, if there are fewer DEF CON goers in the casinos. You know, I don't know.
That's logical yes right yeah yeah so we're actually improving vegas by bringing a bunch of hackers right i mean your internet systems may
be completely borked but that's okay the internet's not all it was cracked up to be anyway that's
right that's right at least you can breathe easier right it is going to be really interesting seeing the culture differences between a bunch of
midwestern wisconsin you know cheesehead hackers versus the gritty
defcon experience from what i hear yeah i feel like this is some sort of, this should be made into a musical like West side story.
I'll work on my snapping.
Okay.
Okay.
Back to,
back to the idea of a book or tutorial about building badges.
Yeah.
Do you have any advice for people who are considering it?
I mean, is the advice just run away, run away?
Or is it more along the lines of set your manufacturing up early?
Well, I mean, is there a lot of opportunity for people to get into this?
I guess there's small conferences and things that we could start at.
Right.
So there are a lot of smaller conferences that don't have badges that, you know, certainly folks could get started at. And the thing about it is, if you end up getting to know the founder or whatever of the conference, and they realize that they can trust you with their finances, then you pretty much have a relationship for life right um where they don't people don't
necessarily like to change change designers and in the middle of the course of their conference
right from year to year you do a good job and people are going to want to keep you
right yeah i mean that's pretty basic but let's clear here. While it's fun to do an unofficial badge,
like you're doing 50 for your friends
or doing a little Kickstarter to do it,
it isn't fun to do a badge for a conference
because the budget is going to be minuscule per badge.
The conferences have to build it into the ticket price.
And while the ticket price seems big,
that also has to cover the catering, the venue, blah, blah, blah.
So there's not much left at the end of the day for badges.
Therefore, it's not profitable, and it's not fun,
and there's a deadline.
And if you don't deliver,
they don't have security badges for the conference
to show that people have bought their tickets.
So you really can't fail.
You have to do it.
And I mean, I should say, like, I'm a goal-oriented person, so I find that kind of thing fun, right?
Whereas it can be a lot of pressure, right?
So obviously take it with a grain of salt.
If you are a workaholic like I am, you may enjoy it. And the other thing is for folks just
getting started, certainly like the unofficial DEF CON badges or even doing unofficial badges
for other conferences is a great way to kind of dip your toes into making badges. So you can
kind of figure out the kinks right like what works with your personality what
works with your design aesthetic um how much is your design aesthetic going to cost uh how much
time is it going to actually need uh so if if you wanted a conference badge in time for cyphercon
but you realize oh man like this is just not possible. Maybe you need to think about having that badge be debuted at ThoughtCon
instead or at DefCon instead.
And this year actually DefCon, the unofficial badge community,
their hashtag badge life.
They have this, it's called a shitty add-on.
What's the word,
whisker?
It's a standard.
Is that?
Yeah,
I guess I could,
I guess we could call it that.
A shitty add-on standard where really you could just make a little mini
badge with two LEDs on it with four holes, and there's a two by two pin header on there and it's power
ground and i squared c lines right so people are making little badges that just plug on to that
so the the bigger run badges are going to be the carriers for all of these little inexpensive for
people who just want to sort of dip their toe in but not end up in a situation
where you're on the phone with china every day like we are or packages are showing up at your
front door that we're supposed to go across town in shenzhen but for some reason somebody sent it
to minnesota you know if you just want to keep it fun, that is a really good thing to look into.
Because then you can work on PCB art,
you can experiment with the different layers of your PCB
and kind of get into that.
And it's cheaper, too, for the people who are buying them
because I think most of the prices that we've seen
for this year's DEF CON, at least,
the little mini badges are like
20 bucks right which are much much much more palatable than uh like the 250 dollars and to
reiterate those little tiny badges that they're selling for 20 dollars 20 dollars is more budget
than you would get for doing an official badge for a conference just to hammer that point home right less fun and yet 20 probably would cover my costs if we did
like an embedded fm badge way more that would light up and have our our logo on it oh yeah i
mean i like i think if you had like what two leds okay and you you did that little non-badge standard um your cost
would probably be maybe a dollar per badge so twenty dollars you're making you're making profit
yeah yeah yeah so i mean they are small right but that's kind of the quantity makes it expensive
right right well i mean i'm mentally adding an accelerometer and a small
processor so i've gone way over the two leds you already know how to do this feature creep
yeah exactly yeah the heck with two leds let's throw some neopixels on there
yep yep yep so and and so therein is the rabbit hole, right?
Well, it'd be okay with just LEDs, but...
But we could do better.
Right.
It could be more interesting.
Yeah, I can see how the badges would get way out of control.
And I do see them more often, even at smaller conferences. And the idea that you give them away to your friends and they wear them in addition to the official badge.
This idea that there's going to be sort of like an Arduino shield system, although much smaller.
Connector is a great idea because it does free you from having to think about power, which is always a pain.
Yeah, neat is always pain. Right.
Yeah. Neat.
Alright. Now I have more ideas and yet
I'm not going to do any of them.
I'm going to do the other things that I have ideas about.
I think an embedded FM
little mini badge would be
super cool. What have you done?
Except I'm not going to DEF CON.
No, we just need to steer it into
a modular synthesizer
embedded.
Exactly.
That's how you get Chris
on board.
Oh man, now I have ideas.
Yeah, you could hold hands
and then you connect modules
and then you could make a synthesizer out of people.
And would you
touch the people or would it be whoever
was holding hands? Well, you'd have to have connectors on.
You'd have to have like a, yeah.
No, I mean you just put little metal pieces on
everybody's hand. Yeah. And then
if you and I are touching, we're playing C
but if I'm touching Addy
we're playing D. You'd be a filter and somebody else
would be an oscillator oh I see
excuse us listeners
we have to go off and design some things
Addie, Whisker, are there any thoughts
you'd like to leave us with?
you first, Whisker
I gotta think of something
profound
I think this badge stuff is really fun if you keep it You first, Whisker. I gotta think of something profound.
I think this badge stuff is really fun if you keep it contained to a really small run and it's not terribly complicated.
I can't say I recommend it above that level. It's like a job. It's not like a job. It is a job, right?
So if you're looking for fun and you like building circuits that aren't necessarily useful, then these things can be a lot of fun. Just don't let it turn into something that is work.
Because I think that's a little bit not the point. When Joe Grand did the first one of these for DEF CON many,
many years ago, it was to spark creativity in people to say, okay, this isn't just a little
piece of paper that says you paid. This is something you can interact with and that can
teach you something. And it's art, which is cool, right? And if we keep it that and try to keep it not being work,
I think we'll end up in a better place at the end of the day
for keeping that spirit alive of what his original idea was.
I think that's the important thing.
I'm not allowed to, but everyone else, take that advice.
And then I have two messages, I think.
One is to next year's CypherCon folks.
We're making a pink flamingo for the badge.
Just accept it.
Get your shrimp ready.
That's right.
And then the second message actually is to my dad who uh he got really
excited when he heard about this badge and he's he wanted to change out his phone like his landline
phone and hook this badge up uh no dad it doesn't have caller id and uh dad it's a toy you know don't treat it like an actual
phone it's just use your phone and and those are my messages
we finally got to meet drew in person. PDP seven.
Oh yes.
Yes.
He's great at CypherCon this year.
So I'm going to reveal this pro tip for all of you makers out there who,
who need to be,
you know,
making PCBs and don't necessarily want to spend a lot of money.
I've spent years tweeting at him complaining that they only have purple boards.
Not in a very serious way, because I understand why they do that. But for years now, I've been
working on them, working on them, working on them. And of course, you can get whatever colors you
want if you order a full panel. But when you're just doing a little prototype, they're always
purple. So I complain at him at him right if you complain to him
in person about the purple colors he will give you coupons for free boards just to get you to shut up
so everyone when you meet drew in person join the battle to try to get multi-colors at
do you know how many people listen to the show poor drew go up to drew and say thank you he to try to get multicolors at OSH or Osh Park.
Poor Drew.
Go up to Drew and say thank you. Drew has been great for the show.
He's always wonderful about
retweeting us. He's a sweetheart.
I'm just going to keep
on it. Maybe if you guys
tell him that this was part of the
ending of the show, he'll send you guys some coupons
to cut it out.
Yes, exactly.
I'm not sure that, yeah.
Last time I saw him, he just gave me a board.
It's not extortion, right?
I think maybe he's prepaid.
Our guests have been
Addie and Whisker, the Toymakers.
You can find them on various sites by taking all of the vowels out of Toymakers.
T-Y-M-K-R-S.
That includes Twitter, Tindy, YouTube, and their own Toymakers.com.
Thank you for being with us, Addie and Whisker.
Thank you.
Yeah.
Thank you. But it was a phrase coined in 1982 by Alan Perlis in the epigrams on programming, number 54.
Beware of the Turing tar pit in which everything is possible, but nothing of interest is easy.
Embedded is an independently produced radio show that focuses on the many aspects of engineering.
It is a production of Logical Elegance, an embedded software consulting company in California.
If there are advertisements in the show, we did not put them there and do not receive money from them.
At this time, our sponsors are Logical Elegance and listeners like you.