So when the world presents you with an internet of useless things...you hack them. I mean, we bring burner phones to DC anyway, so why put apps on those phones when your badge can do the work for you? Actually, this IoT booze is pretty damn cool. Medea Vodka has a bottle which is decorated with circuitry and an IoT Bluetooth controlled flexible PCB LED Matrix. You typically download their app and it allows you to scroll messages on the bottle. The Medea phone app allows you to connect to anyone's bottle, but you are only supposed to connect to and scroll messages to bottles you own. Great party item. In fact, you should buy one and bring it with you to Vegas. ;)

We got some by just calling our local BevMo and special ordered it for just $32 (free shipping). Medea has a store locator too, but again, we've been successful going through BevMo and even seeing it at CostCo. The vodka isn't bad either, make some hacker mules or screwdrivers. We attribute our sudden lack of progress at times to having bottles of vodka all around the workshop.

Integrating with these bottles was actually quite easy. At first we were capturing traffic with an Ubertooth and a Bluefruit BLE Sniffer, combing through the PCAPs in Wireshark to see how the thing talks. As it turns out, it didn't even require that. It uses an unencrypted iBeacon. Simply load up the hand dandy nRF Connect App and you can view all of the bluetooth characteristics and attributes.

Turns out it has super sophisticated 4 factor authentication built in (the secret 4th factor of authentication, something you drink)....okay you just tell it you have a MEDEA Service UUID and you're in. So we authenticated with the device as the interface was designed.

MEDEA_SERVICE_UUID{0xfb,0x34,0x9b,0x5f,0x80,0x00,0x00,0x80,0x00,0x10,0x00,0x00,0x00,0x00,0x00,0x00} /** Little endian **/

Our code will have the details in it, but in general, if you ever find yourself developing an IoT device, authenticating purely based on the value of service UUID is a little like this:

In fairness, this is transmitted in the clear and anyone can see it. And we only use it for bottles of Medea Vodka we own, which is why our function on the badge clearly lists which device you are connecting to and you dont make the mistake of connecting to someone else's bottle...(write down your MAC) More importantly, we are telling you to GO OUT AND BUY MEDEA VODKA CUZ THE BOTTLE IS F#*ING COOL AND THE BOOZ3 ACTUALLY TASTES GOOD. Now if you dont want to lug a bottle of booze around with you at a the CON (not sure why), here's a side project for the mechanical engineer in you: First get some elbow grease, a butter knife, garden pruners, and some clamps...

• WE TAKE NO RESPONSIBILITY IF YOU BREAK THIS OR HURT YOURSELF. ITS ALL ON YOU. AND AT THIS POINT, IF YOU WANT TO HACK HARDWARE YOU SHOULD BE COMFORTABLE WITH THE FACT OF HAVING A LOT OF DEAD BROKEN ELECTRONICS AND SCARS ON YOUR HANDS DUE TO EXPLORATORY LEARNING FAILS. ITS HOW WE PROCEED IN LIFE. IF YOU FAIL, THEN HOPEFULLY YOU LEARN FROM YOUR MISTAKE AND IN ADDITION YOU NOW HAVE AN EXCUSE TO BUY MORE VODKA!
• Pry off the scrolling plastic enclosure from the bottle with the butter knife (It's barely attached and should pop right off).
• Next tighten the clamps on the top and bottom of the scroller, very VERY slowly until the plastic cracks. If you cant make it work this way, apply some elbow grease bending it in the middle if you are so brave. It should crack the plastic open.
• Finally take some garden pruners and snip along where the front and back of the plastic enclosure meet. Its just glued together. Eventually you'll make it around the perimeter and then you are finally #winning.

Now you have a nice flexible LED matrix. Get some velcro and attach it to yourself, your backpack, maybe you want some weird blinged out choker necklace. Who knows? You can never have enough bling. Makes a nice companion to the badge in addition to 750ml of booze.