AND!XOR DC25 Badge

Project Logs

Collapse

DC25 Badge Post Mortem
Hyr0n • 09/07/2017 at 05:03 • 5 comments

The Start

Our DC25 project started immediately after DC24. On the car ride home we started brainstorming bigger and better ideas for the badge. Many were rejected but after the response we got with our first badge, we were motivated to do the next time. We added two new members, @bitstr3m and @hyr0n1 to the team as well bringing our member count up to five.

After some discussion and false starts we determined our high level goals were to ditch Arduino, pay for assembly, produce a lot more badges, and improve badge to badge comms. Our first decision was on an MCU. After some encouragement from @rushan of DC801, we selected the BMD-300. This became the core of the badge and would be our development environment for the next 9 months.

The Hardware

BMD-300

We can’t say enough about how great this little module is. Based on the Nordic NRF52, it gave us plenty of head room flash-wise (an issue in our DC24 badge) and in ram to do everything we needed. DMA was simple and once we had it tuned properly the bling animations on the display looked silky smooth.

TFT Display

Without a flashy screen what good is bling? We did a group buy with DC801 on the Crystalfontz CFAF128128B. This is a 24-bit 128x128 TFT display with single backlight that can operate in 4-wire SPI mode. The BMD-300 is limited to an 8mhz SPI bus but through the blast processing magic of DMA our custom driver and graphics library netted us about 24 FPS.

LEDs

Let’s just put this out there, we hate WS2812B A.K.A. Neopixels. Never again. Sadly we had to fall back to these during prototyping due to our original choice, APA102 being unable to handle lead-free solder profiles. Next year we will work on something completely new for LEDs. On a high note, our custom WS2812B driver uses a SPI bus with DMA to communicate with the LEDs. Hackers gonna hack.

Voltage Regulator

Early in design we selected the PAM2301 from Diodes Inc. Very simple design, fixed voltage, and very reliable during prototyping. But this little part caused a lot of drama. Just as we placed the order for the first 396 badges, Mouser and Digikey got low on stock. We immediately bought all 450 we could find on Octopart and consigned them to Macrofab. Crisis averted. Then we decided to add another 100 badges and PAM2301 is now out of stock with a 6 week lead time 5 weeks before DEF CON. After plenty of datasheet reading we found the MCP1603LT from Microchip which only differed in the current rating, we directed Macrofab to utilize these on the white badges.

The Firmware

With the Nordic Softdevice S132 as our base, we continued by rolling our remaining OS and features. Nearly 11k lines of code. Here are the features we threw together.

Activation

We wanted to keep features secret until DEF CON, even more so we couldn't let the Kickstarter backers gain too much of an unfair advantage weeks ahead of time. To curb this, our badge leveraged a code system for unlocks and with that we implemented an activation code "RHAC6+7X” The instructions were simple: Scroll down the main menu to the “A” icon.

Bling

Blinky LEDs and animations galore. Just so there’s no confusion our definition of bling includes an animation displayed on the screen alongside an LED blink mode. With their powers combined...it is Bling. The main bling menu has modes devoted to our f1l7hy 400lb h4ck3r ph1l4n7hr0p157 Kickstarter backers, credits thanking everyone who supported us in this endeavor, as well as dozens of hand crafted blinkies to make u the center of attention. In addition, custom mode comes with 94 animations : 30 LED patterns, for 2,820 different bling modes. If that isn’t enough, import your own via Bring Your Own Bling (BYOB) by reading the log on our hackaday page.

Games

Our single player games included a clone of Ski Free, clone of Flappy, and a CHIP8/SCHIP Emulator supporting 64+ public domain ROMS (included)! Be sure to read the instructions before launching the game. We have no speaker, so instead of beeps we blink...
Read more »
The AND!XOR Conference Badges Are Part Of An IoT Botnet
Hyr0n • 06/25/2017 at 17:34 • 0 comments
Botnet

The hackers at AND!XOR have full command and control over all badges in our ad-hoc wireless badge-net. We may dictate the badges send lulz, gifts, ransom-booze-ware, or unleash DDOS havoc on all of our badge holders if they are jerks. Depends on our level of drunkenness...

But oh, you're telling yourself, "There's no way they could do that, those AND!XOR dudes are somewhere in the casino getting hamski'd." Well those badges are acting as badge-net layer 2/3 repeaters. Once you're infected, you're contagious, and a mobile mesh network node executing instructions we have commanded for a duration of time. Given the density of badges in the population and expected foot traffic, we have high confidence we can reach most participating in the game unless they are hiding under a faraday blanket. That's all we are willing to say about the implementation so folks don't figure out how to abuse the system with an SDR or crack our encryption with a ChipWhisperer. Challenge poker chips and beer if you do, unless you're part of some uber fantasy hacking team composed of Mike Ossman, Joe Grand, Colin O'Flynn, and Joe Fitz (which is no fair).

By activating the badge (WE WILL PIN A TWEET WITH A CODE @ANDnXOR) you enable connectivity and consent to participate in the badge Botnet game. If not, please go to settings and enable Airplane mode once the badge has been activated if you did it by accident (or just don’t activate it, your loss)

For those who have concerns, don't forget we rolled our own custom firmware, executables, and packet structure for the badges. These badges cant be used to harm any *real* systems, since the payloads can only be interpreted by the AND!XOR badges (its absolute garbage to any other OS). This is a safe hax0r friendly environment for you to play in. Hope you have fun, we know we will!

So why would we do this? Control complex for one, but more importantly, to inject chaos while our badge holders play a little game...

Game

BOTNET: The AND!XOR feature multiplayer badge game for the security minded. Congratulations you are the new grey hat sys admin of your very own badge! Take the time to assess your badge, find its vulnerabilities, secure it, and exploit those vulnerabilities on other badge holders before they lock it down. All the while a massive botnet attack is keeping you occupied.

Basic Rules
- You must protect the badge from all the l337 hax0rs out there. To do this, it will cost you points.
- You earn points based on how many services you have accessible.
- You do NOT earn points for a service if it is disabled or blocked by a firewall rule.
- You can spend points on enabling, disabling, and patching services.
- You can spend points on modifying firewall rules (allow/deny).
- You can spend points on security research and upgrade of exploits.
- You earn experience (XP) when you successfully attack another badge.
- Service's attack surface increases over time unless patched.
- Exploits strength decreases over time unless upgraded.
- To attack another badge you must use an exploit payload on a service your victim has running, which isn’t blocked by your firewall or theirs.
- If you earn enough XP you will level up and perhaps unlock more features on the badge…
Details

This is the main screen the sys admin will see at botnet. Here's an explanation of the various fields...
- Name
  - The name you set to your badge is also your player name. Other badge holders will see this when you attack and when they attack you.
- Level
  - Your overall level, it increases as you gain XP
- Points
  - The total point pool used for modifying services, firewall rules, patching, or performing security research of exploits.
- XP Bar
  - The total experience gained thus far per level. When it fills up you will level up.
- Exploits
  - The total number of exploits in your payload cache.
- Avatar
  - The avatar people will see when they try to attack you. This can be changed in settings.
- Nearby
  - Shows how many AND!XOR badges are nearby for you to attack.
- Service Status
  - The inner vertical...
Read more »
Smartphone Integration
Hyr0n • 06/25/2017 at 17:34 • 2 comments
Perhaps you don’t like graphical user interfaces and the soothing green monochrome glow of the command line just gives you warm fuzzies. Some of the badge can be managed via terminal over Bluetooth. Head to the Google Play store, search for “AND!XOR” and use the companion app. If you use iOS, the Nordic nRF Toolbox is “compatible” with its BLE UART applet. However it is more verbose than we like and sometimes buggy, you may have to force close. We recommend making friends with an Android user, find one and buy them a beer…or get yourself an Android burner phone for DEF CON (Per @Viss a real burner phone is one you can fit in your butt). Note that this smartphone integration feature isn't available until the badge has been activated...DO NOT EMAIL US ASKING WHY IT DOES NOT WORK IF YOU HAVE NOT ACTIVATED YOUR BADGE.
- Organic AND!XOR Android Application
  - https://play.google.com/store/apps/details?id=com.andnxor.android.bender
- Nordic nRF ToolBox (iOS)
  - https://itunes.apple.com/us/app/nrf-toolbox/id820906058?mt=8
- Nordic nRF ToolBox (Windows Mobile)
  - https://www.microsoft.com/en-US/store/apps/windows-phone?rtc=1
The terminal can be used for many lulz, utility functions on the badge, discovery of unlocks, and modification of <REDACTED> to support <REDACTED>. We've also included a script kiddie toolbox so you can quickly execute commands at the tap of a button (but you have to program it yourself). A note to those who are wary of application permissions, the app will ask for the ability to access location services. We are NOT tracking you, the Android environment bundles Bluetooth with location services. If you don't enable it, the app can't use BLE to communicate with the badge.

Reminder: While you are logged into the maintenance terminal, the badge is in "MAINTENANCE MODE" (e.g. you are offline and other Bluetooth services are disabled)

Organic AND!XOR Android Application Quick Start Guide
1. Launch App
2. Tap Terminal
3. Tap Connect
4. Select a badge from the list to connect to (we only show AND!XOR badges)
5. Swipe Right (giggity...)
6. Type "help" at the terminal for a list of available commands
7. Swipe Left and disconnect when done (or it will timeout with 2 minutes of inactivity).
Mo@R Info and Pretty Pictures
- Main Application
  - This is the view of the main application. Tapping the top left menu brings down links to our individual Twitter accounts. We HIGHLY RECOMMEND YOU FOLLOW US AND LOOK AT ALL ACCOUNTS FREQUENTLY because we will be releasing hints to easter eggs throughout the con. Top right menu contains information regarding open source software licenses as well as a help link to this page for reference. To launch the Terminal and get hacking, tap the green Terminal Applet in the corner.
- Terminal App
  - Terminal Screen
    - Once you launch the Terminal applet, you'll be presented with the Script Kiddie Toolbox (see next section) and a Connect button, tap that button (1). It will launch a scanning pop up showing all available AND!XOR badges within proximity advertising the name used during badge setup (or the one you changed it to through settings). Select the badge of choice (2). Once it connects, swipe right (giggity...giggity...). You'll now be at the command line of the badge. Type 'help' for a list of commands in the input field (3). You are limited to 20 characters. Begin exploring.
- Script Kiddie Toolbox
  - After a while you may find yourself typing the same command over...and over...and over... and think to yourself, "I need to script this." That's what the Script Kiddie toolbox is for on the main Terminal Applet screen. Tap EDIT in the top right and then one of the nine buttons you want to map your script to. Type whatever command you want scripted in the input field (20 character limit). Leave Active checked (this keeps the script button active). Leave EOL selected as Line Feed (LF). Pick a number to represent a reference icon for your script, we recommend using the number corresponding to the cell in the 3x3 matrix. Hit Okay. Then hit...
Read more »
TCL-ish Scripting
Hyr0n • 06/25/2017 at 17:32 • 1 comment
```
                       `. ___
                        __,' __`.                _..----....____
            __...--.'``;.   ,.   ;``--..__     .'    ,-._    _.-'
      _..-''-------'   `'   `'   `'     O ``-''._   (,;') _,'
    ,'________________                          \`-._`-','
     `._              ```````````------...___   '-.._'-:
        ```--.._      ,.                     ````--...__\-.
                `.--. `-`   AND!XOR             ____    |  |`
                  `. `.                       ,'`````.  ;  ;`
                    `._`.        __________   `.      \'__/`
                       `-:._____/______/___/____`.     \  `
                                   |       `._    `.    \
                                   `._________`-.   `.   `.___
                                                      `------'`
```
We wanted to build upon what we did at DC24 with an even more hackable badge. But we’re taking a different route from last year. No POS Arduino IDE, no specialized STM32 framework, no USB, or special drivers. This year the badge is scriptable. We didn’t want hackers spending their con configuring an arcane build environment. We want you to hack the badge on day 1, share you hacks during the con, and show us all the great things you can do. So what have we done? We’ve embedded a scripting engine. Not only that but we’ve created basic, easy-to-understand APIs for almost everything in the badge. As much as we could come up with. We looked at Python but was not impressed with anything out there. We even had a Javascript engine running on the badge at one point, but it used 25% of the flash space, we needed that for bling. We ended up adopting a very limited TCL engine. Your favorite TCL scripts won’t run on the badge, that’s not the point.
Badge TCL Language Support
- Badge supports command grouping with double quotes “ ”, braces { }, and brackets [ ].
- Badge also supports variable substitution with $.
- Badge does not support regular expressions.
- Note that some commands are executed in RPN (Reverse Polish Notation)
The following commands are supported:
- set
- subst
- puts
- proc
- if
- for
- while
- return
- break
- continue
- Mathematical expressions
  - + , - , * , / , > , >= , < , <= , == , !=
Special Commands
- cls
  - Clears the screen
- delay <ms>
  - Pauses execution for specified milliseconds
- incr <variable>
  - Increments the given variable by 1
- io_read <pin>
  - Returns 1 for high or 0 for low
- io_write <pin> <HIGH|LOW>
  - Sets the given pin to high or low
- led_set <index> <red> <green> <blue>
  - Sets RGB value of the given led
- led_set_hsv <index> <hue> <saturation> <value>
  - Sets HSV value of the given led. Where hue, saturation, and value are 0-100.
- play <path/to/raw/file>
  - Plays the given raw file once.
- print <x> <y> <message>
  - Prints the message coordinates x,y
- rand <max>
  - Returns a value between 0 and max.
- set_color <color>
  - Sets current color for printing text
- circle <x> <y> <radius> <color>
  - Draws a circle with radius at x,y and given color
- image <x> <y> <width> <height> <path/to/raw/file>
  - Draws raw file at x,y with given width and height
- line <x1> <y1> <x2> <y2> <color>
  - Draws a line x1,y1 to x2,y2 and given color.
- rect <x> <y> <width> <height> <color>
  - Draws an empty rectangle with given width and height at x,y
- fill_rect <x> <y> <width> <height> <color>
  - Draws a filled rectangle with given width and height at x
- pixel <x> <y> <color>
  - Draws a single pixel at x,y and given color.
- scroll <message>
  - Scroll the message once
- triangle <x1> <y1> <x2> <y2> <x3> <y3> <color>
  - Draws empty triangle at x1, y1, to x2, y2, to x3, y3 with given color
- up
  - Returns 1 if up button is currently pressed
- down
  - Returns 1 if down button is currently pressed
- left
  - Returns 1 if left button is currently pressed
- right
  - Returns 1 if right button is currently pressed
- action
  - Returns 1 if action button is currently pressed
- button_clear
  - Clears current button state, useful for preventing button holding
- button_state
  - Returns state of all buttons as a 8-bit mask
- button_wait
  - Blocks execution until any button is pressed
Color support
Graphics and fonts support 8 bit color. Format is RRRGGGBB. See:
https://en.wikipedia.org/wiki/8-bit_color
Some examples:
0: Black
3: Blue
28: Green
252: Yellow
224: Red
GPIO
Basic GPIO io_read and io_write commands have been implemented. The PCB has a total of five IO exposed. This was all that was left after all the bling was done. Each IO is referred to as 0 through 4 in the TCL code. Note 3.3v power is also provided for addons if you desire.
Examples
There are examples included on the badge,...
Read more »
Accessorize! 3D Model FTW
Hyr0n • 06/25/2017 at 17:32 • 0 comments
Ever wanted to dress up your DEF CON badge with some sunglasses or a beard? Or maybe even an LED top hat similar to Marc Newlin's. Maybe you want to encase your badge in plexi-glass case of emotion.
Or nothing at all. Your choice.
But we know hackers are creative and we want to enable that. Today we're releasing various 3d models of the badge to the world. These aren't the gerbers so don't plan on making your own badge but you can print your own PLA or paper badge now.
Scoot on over to the files section of this project and download away.
Here is what's inside:
- VRML model of the badge with some models for components
- SVG model with layers for copper, soldermask, and silkscreen
- Simple DXF model of edge cuts
Caution
Do not rely on the cutout above his eyes. This used as a pass through for the LCD ribbon cable. We will likely cover the cutout by the LCD, however, the LCD can be shifted vertically to clear space.
Stop talking and show me some pictures!
VRML
SVG
DXF
One more thing...
Just like last year, we've exposed some pins. Five GPIO pins usable by TCLish scripting (more on that later), 3.3V, and GND. Make your own blinky hat or power another badge. Have fun with it.
Hack All The B00z3, Drink All The Things
Hyr0n • 06/11/2017 at 06:38 • 0 comments
&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;span id="selection-marker-1" class="redactor-selection-marker" data-verified="redactor"&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/span&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;
So when the world presents you with an internet of useless things...you hack them. I mean, we bring burner phones to DC anyway, so why put apps on those phones when your badge can do the work for you? Actually, this IoT booze is pretty damn cool. Medea Vodka has a bottle which is decorated with circuitry and an IoT Bluetooth controlled flexible PCB LED Matrix. You typically download their app and it allows you to scroll messages on the bottle. The Medea phone app allows you to connect to anyone's bottle, but you are only supposed to connect to and scroll messages to bottles you own. Great party item. In fact, you should buy one and bring it with you to Vegas. ;)
We got some by just calling our local BevMo and special ordered it for just $32 (free shipping). Medea has a store locator too, but again, we've been successful going through BevMo and even seeing it at CostCo. The vodka isn't bad either, make some hacker mules or screwdrivers. We attribute our sudden lack of progress at times to having bottles of vodka all around the workshop.
Integrating with these bottles was actually quite easy. At first we were capturing traffic with an Ubertooth and a Bluefruit BLE Sniffer, combing through the PCAPs in Wireshark to see how the thing talks. As it turns out, it didn't even require that. It uses an unencrypted iBeacon. Simply load up the hand dandy nRF Connect App and you can view all of the bluetooth characteristics and attributes.

Turns out it has super sophisticated 4 factor authentication built in (the secret 4th factor of authentication, something you drink)....okay you just tell it you have a MEDEA Service UUID and you're in. So we authenticated with the device as the interface was designed.
MEDEA_SERVICE_UUID{0xfb,0x34,0x9b,0x5f,0x80,0x00,0x00,0x80,0x00,0x10,0x00,0x00,0x00,0x00,0x00,0x00} /** Little endian **/

Our code will have the details in it, but in general, if you ever find yourself developing an IoT device, authenticating purely based on the value of service UUID is a little like this:

In fairness, this is transmitted in the clear and anyone can see it. And we only use it for bottles of Medea Vodka we own, which is why our function on the badge clearly lists which device you are connecting to and you dont make the mistake of connecting to someone else's bottle...(write down your MAC) More importantly, we are telling you to GO OUT AND BUY MEDEA VODKA CUZ THE BOTTLE IS F#*ING COOL AND THE BOOZ3 ACTUALLY TASTES GOOD. Now if you dont want to lug a bottle of booze around with you at a the CON (not sure why), here's a side project for the mechanical engineer in you: First get some elbow grease, a butter knife, garden pruners, and some clamps...
- WE TAKE NO RESPONSIBILITY IF YOU BREAK THIS OR HURT YOURSELF. ITS ALL ON YOU. AND AT THIS POINT, IF YOU WANT TO HACK HARDWARE YOU SHOULD BE COMFORTABLE WITH THE FACT OF HAVING A LOT OF DEAD BROKEN ELECTRONICS AND SCARS ON YOUR HANDS DUE TO EXPLORATORY LEARNING FAILS. ITS HOW WE PROCEED IN LIFE. IF YOU FAIL, THEN HOPEFULLY YOU LEARN FROM YOUR MISTAKE AND IN ADDITION YOU NOW HAVE AN EXCUSE TO BUY MORE VODKA!
- Pry off the scrolling plastic enclosure from the bottle with the butter knife (It's barely attached and should pop right off).
- Next tighten the clamps on the top and bottom of the scroller, very VERY slowly until the plastic cracks. If you cant make it work this way, apply some elbow grease bending it in the middle if you are so brave. It should crack the plastic open.
- Finally take some garden pruners and snip along where the front and back...
Read more »
An update on SW
Zapp • 05/05/2017 at 15:09 • 0 comments

Software development is in full swing with as much of our free time as possible going to coding. Last week we wrapped up v0.6 software which was focused on new features. In v0.6 we closed 105 issues, far more than any previous build on this badge. Starting May 1st we migrated our git and issue tracker, it worked surprisingly well.
Focus now is on v0.7 which is intended to polish existing features and fix bugs. We have 92 issues as of today in the tracker and that will grow. This is the build that we will demo at Layer One in Los Angeles May 27th and 28th. Come to our talk, see a demo, and drink a beer with us.
Secret Component & Feature: SD Card & BYOB
Hyr0n • 04/27/2017 at 04:29 • 2 comments
So our first technical detail update in a while, but here it is: Micro SD-Card and Bring Your Own Bling (BYOB).
We're starting off a bit EZ on the feature release and a lot of it stems from this one component. So for todays update, lets focus on why SD card and the whimsical magic that is BYOB.
Chalk it up as lessons learned from DC24 to start with. Last year we leveraged NAND which is really easy to work with from a programming perspective, but a complete PITA when it comes to updating resources (configuration, images, etc) because you have to recompile the firmware and flashing in a really annoying way (Just ask Yaakov). Plus we had so many neckbeards ask us at DC24 how they could put their own images on the badge right then, and we had no "easy" answer without custom rolling a dev environment. So to be good software engineers as well as hacker friendly (not typically a good thing, but this is for DC hacking goodness) we made much of our software purely functional, reads specific resources, and parses it via an interpreter function. If you read our CHIP8 update, you would have noticed that each game comes with a config file, thats so when it loads, metadata is appropriately parsed and the menus get filled out.
Security Side Bar: This is for making a "hackable" badge. Keep in mind with real life projects, parsers are the absolute devil for code injection.
BLING works in a similar way. We have a specific folder in which we store the bling files and we added a "custom" bling mode where you can select any raw file on the Micro SD Card, pair it with a pre-made blinky light pattern, and there you go! So if you are just unsatisfied with the 100 preloaded bling modes we will provide, BYOB! Now you cant just drop an animated GIF (pronounced "jiff" or GTFO) because we use RAW format. Without getting super technical (you can f-ing google it there are well written programming articles on this topic), RAW is easier to work with than GIF in terms of overhead, which is great for embedded programming. If we just loaded plain GIFs we would have to put the entire image in memory to play it (which we are extremely limited on). Rather, using RAW format (RAW 16-bit 565 Big Endian uncompressed), we can stream the bits over SPI and straight to the screen. End result: more efficient, better FPS, less overhead, m0@r l337. @Zapp gets IPA tokens for this win. If you have criticisms, make your own embedded system con badge that has a full color screen and can display animations with only 64k of memory where each frame requires 33k of RAM...yeah we're THAT kind of efficient.
So that means to BYOB, you need to convert your files ahead of time. Here's how...
1) Find an animated GIF
2) Crop the GIF to a 1:1 Ratio
Our screen is a square and will convert the final animation to 128x128. Just make sure your crop is relatively "square" or the image will look skewed. There are many websites that will do this, we just use one at GIFGIFs
3) Convert the file to RAW
FFMpeg is your friend. Use it. Because we are going to give you the command line instructions to get this job done. There are GUI programs which do this as well, but...we are hackers. We use Linux. Deal with it. The INPUT.gif is the name of your file, the OUTPUT.RAW is what ffmpeg will save the conversion as. Make sure the filname is 8.3 length (e.g. no more than 8 charachters . RAW)
```
ffmpeg -i INPUT.gif -r 22 -f rawvideo -s 128x128 -pix_fmt rgb565be OUTPUT.RAW
```
Below is an example output. You'll see a lot of info from FFMPEG, dont worry thats normal.
4) Mount the SD Card in to your computer and copy the newly created RAW file in to /SDCard/BLING/
.
5) Safely unmount the SD Card, put back in the badge, turn on the badge and go to...
Bling Menu -> Custom Bling
You will find the RAW file you just added alphabetically. Choose it and dance the night away! (forgive the video quality)
That's about it. We have some other features we'll release as the 'con gets closer. Enjoy!
We're rolling
Zapp • 04/15/2017 at 03:57 • 0 comments

It's been awhile since our last post, if you've been following us on Twitter you'll know that this week our Kickstarter campaign finished (thank you everyone!) and we placed our final order for hardware.
We've done 4 rounds of prototyping up to this point under the code name "MAN BEAR PIG". The MBP4 was our final prototype and validated the design. To keep the turnaround time minimal we had a Chinese company produce the PCBs with next day shipping. We reflowed one PCB and everything worked so it's go time.
A last second issue popped up while placing the final order. Our switching buck regulators were suddenly out of stock. There are plenty of fixed buck regulators out there that meet our specs, but none in at TSOT-25 footprint with matching pin outs. For some reason the pins are non-standard on our regulator. We were either stuck with a 16 week lead time (if it's not discontinued) or a re-design of the power supply. To avoid a MBP5, we bought out all stock from Digikey and Mouser and will consign those to the fab. As of this evening we have tracking information for both packages, catastrophe avoided!
CHIP8 & SCHIP Game Emulation
Hyr0n • 02/12/2017 at 04:25 • 1 comment

So reveal Numero Uno just got released for the badge: Game System Emulation. There was good thought behind this too. As much as we love making games, its a different kind of challenge. That's logic and procedural coding, which is fun. But hacking hardware, learning, sticking your hand right up there and grabbing it by the OPCODEs and making some obsolete processor your bitch? Yeah, that's what its all about.

But this served a variety of purposes.
One: Should we spend hours on hours coding, debugging, debugging, debugging, debugging, compiling, running, debugging 5-6 games? Or put that effort into creating emulators for systems which have a strong community backing and rich retro history? The latter obviously. Then you get to play all the awesome homebrew public domain games out there.
Another important reason, the theme of DEFCON 25. Its retro and throwback to early hacking years. Don't believe me? What better games to include than 8-bit blocky, time sensitive, thumb smashing ROMs that give us so many pleasant member berries. Check out the DC25 retro awesome artwork thus far to put you in the mood:

And most importantly, the reason we chose the emulator we did, was for you hackers out there. Stackoverflow did a study in February about what coding languages are most looked up on weekdays and weekends. During the week, its the bleh... Sharepoint, VBA, stuff. But on the weekend...Assembly! Woot! So you DO love hardware.
This is where it gets good. No, GREAT. We want to teach you how to fish. Not give you a fish, but point you to the pond, give you some pointers, and if you feel up to it and want to code a game in CHIP8 or SCHIP, we will GLADLY throw it on the badge (I trailed off on the fishing reference, but you get it) There's no point in us re-writing CHIP8 tutorials when there are hundreds of them out there, but we will lead you in the right direction and provide guidance so we can easily integrate it . The best part, there are tons of emulators that run on your Linux, PC, Mac, Android, iOS already. So you can write and test an application without even having the badge yet.

Step 0 - History Lesson
Before you go making a game for a system, learn about it. Most of the documented knowledge on the web about CHIP8 and SCHIP stems from David Winter. It has the history, technical, screen shots, etc. You owe David Winter this if you wish to proceed. He has a beautiful website, I wouldn't change anything.

STEP 1 - Play Some Games
Get a feel for the system. Have some 8-bit fun. Look at whats already out there and think about how or what you could add to the community. And you are in for a surprise because the pad layout was a 16 key Hex set.
http://mir3z.github.io/chip8-emu/

STEP 2 - Learn the OPCODES & Technical Specifications
Dont get scared now, this is where it gets fun. There's only 35 OPCODEs!
http://chip8.sourceforge.net/chip8-1.1.pdf

http://devernay.free.fr/hacks/chip8/C8TECH10.HTM

http://mattmik.com/files/chip8/mastering/chip8.html

(especially pay attention to Matthew Mikolay's details on the PROPER use of 8XYN OPCODES, most people do SHR and SHL wrong. In the vein of hacker jeopardy - DONT F*CK IT UP)

STEP 3 - Get The CHIPPER Assembler & Some Source to Practice
Back to David Winter's page, at the bottom is a download link with the games, assembler, and documentation. Don't fret, there is an .exe and .c file in the CHIPPER directory.. Throw away the .exe, all the best hacking is done under linux anyway.
Try mwales GitHub site he has some excellent homebrew games and ASM files
Once you have a test ASM file, the syntax is pretty easy but first you need to compile CHIPPER.
## Compiling
gcc chipper.c -o chipper
Then grab an assembly ASM file and execute with the following pattern:
## Assembling ROM
./chipper output_file.rom input_assembly_file.asm
Grab your favorite CHIP8 or SCHIP emulator and play that ROM!!!
Also if you just want to try messing around in a browser based environment, try this:
http://adrianton3.github.io/chip8/src/assembler/assembler.html...
Read more »