A journey into Badge Life

During the madness that was Defcon 30 many of the team were introduced to “Badge Life” for the first time, and this was when we decided to finally join the Badge Life movement and culture ourselves. Our objective was clear from the beginning; the first CovertSwarm badge should have been prepared for the next Las Vegas con, Defcon 31.

Another thing that was clear from the beginning was the level of our skills in designing and producing working electronic circuits: it was NULL.

The Start: September 2022

Our journey started in September 2022. From a few brain-storming sessions the team came up with some ideas, such as an interactive drum-roll badge (Luke would have been proud of it), an RF based device that allows owners to communicate and play together, a hardware CTF.

As you may know if you’re a regular reader of our blog, CovertSwarm have already spoiled our choice of badge theme in a previous blog post; the first CovertSwarm badge was going to have been to be a CTF to introduce people to the world of HW hacking.

With zero knowledge and a great idea we embraced the challenge and started putting our minds on paper (virtual paper actually). We started by throwing ideas at the wall, to build a pool of “cool” things we could implement. Everyone got very excited but the list got long. We knew that from these very early work-flow diagrams we would need to remove a ton of potential features such as the compass, the RF communications, the display, and we also removed a few challenges like the binary exploitation just to meet our deadline. Everything that could make the creation process excessively complex was deleted.

The following steps focused on coding the first firmware version and creating the schematic for the device. The first was an easy one, since we already knew the functionalities to be implemented, the latter wasn’t. It was the first time I’ve ever used the opensource PCB and Schematic software KiCad.

I’ve no screenshots of the very first schematics, but I can guarantee they were a mess (not less than the first hardware prototype! I’m not very proud of how it looks, but I couldn’t not show you a picture of it.)

Time Flys: March 2023

This initial phase of designing, coding, and prototyping lasted longer than we expected, and we presented the PoC for the first challenge, and the badge project itself, only during the SwarmCon in March 2023. In addition to DEFCON and as part if its culture, CovertSwarm has its own Con, dubbed SwarmCon. During these Cons the world wide Hive comes together to build on and share the collective Knowledge of the Swarm.

We knew we were on the right path because of the enthusiasm and reaction of the entire company while we were presenting. As you can imagine, a ton of new ideas were proposed during the Q&A at the end of the presentation, and the “Incredibly awesome Badge” team (that was not the real name of us) spent a ton of hours filtering out all those proposed features that could compromise the project because of the time required to develop and integrated them.

An additional issue we faced was the change from the original CovertSwarm logo to the new and much cooler one, which involved the entire redesign of the PCB. This process required a few weeks as we had to change both the appearance and the components position.

The final design is effectively an Arduino nano shield, shaped like our CovertSwarm logo, which exposes hardware section to be attacked during the challenges, fancy NeoPixels LEDs and all lot can be powered by 3x AAA alkaline batteries.

Final Designs & Production: July 2023

July 2023, with a last-minute change we added a S.A.O. socket to the board, then we placed the PCBs order on JLCPCB, the components order on Mouser, and we waited until everything arrived (surprisingly) the week after.

Another issue (a scary one this time) due to my inexperience was identified when I opened the Mouser’s package: 0603 sized components? Really?

A note for everyone (included the me of the future): Do not ever purchase components smaller than 0805, especially if you planned to hand solder all the boards.

Even if I was scared and demotivated at the beginning, soldering experience was fun and took roughly 30 hours with my slow and cheap hot air soldering station. The main challenges here were to correctly place the LEDs (again, picking bigger components would have helped) and cleaning the excess of flux on each Badge. I tried different methods, such as Isopropanol Alcohol or other solvents, nothing worked efficiently, so apologies to everyone who received a not-that-clean Badge. Ultrasound washing machine it’s on my list to buy.

Lessons Learned

• Timelines: We found that this project took a little longer than initially expected, however this was a good thing as it allowed us to Learn new Skills such as KiCad.
• Scale: Set realistic targets, can always add more if time.
• Production Issues

Conclusions

I avoid mentioning many details that can be touched on future blogs around the theme of this CovertSwarm badge. I can recommend everyone to embrace this experience, or just get into the basics of hardware hacking. The hand-on practice required, and the unconventional way of attacking physical electronic devices will really help your approach to any other IoT, Software or whatever target. At least, it did it for me.

In future blogs we’ll also release details about both the challenges and the lore behind the wise Slanders and the majestic Buke.

Author: Allesandro Griso