Meeting ON this evening

Meeting at the usual place this evening. Sorry for the late notice. Was traveling, got in late last night, really wasn’t sure what I was up for. But I got hot tweezers and I’m dying to try them out. And some folks who didn’t go to vegas might be interested in badge&stickers show&tell. Also there may be some front-side badge soldering.

Meeting will be hybrid on Discord as well. But you can’t taste Malört through a screen.

Or maybe you can.

If you’re new to the group, hit me up via DM on the Discord or on Twitter if you’re interested in attending. If I met you in LV, mention that. Otherwise, generally we like to get to know people a little bit before inviting them to the private space.

Tree of Life Badge documentation released

Following up with conversations we had with a few acquirors at Defcon, we have opened a public repo for the Tree of Life badge.

It contains hardware pinout documentation, and the stock .UF2 firmware.

This is so that people can feel a comfort level throwing MicroPython on it, or their own home-rolled firmware, and access all of the components, and have a place to come back to if something goes poopy.

We’d love to see what you come up with! I hope we got all the pinouts correct. Feel free to open an issue if you have any questions.

https://github.com/DC540-Nova/DC29-Tree-of-Life-Badge

Boundaries, directions, and taking it farther

I wanted to take a moment to give a little guidance to all of our new followers now that Defcon is over and everyone is resting before catching up on everything. Our twitter followers tripled in the past 28 days, and I realized new followers are coming from all sorts of different angles.

Hi. I’m Baab, sometimes Baabalicious, sometimes just Bob, and sometimes just DC540. I put out feelers for starting this group three years ago. Immediately lured in some quality people who brought intelligence, passion, curiosity and out-of-the-box thinking. The collaboration has been beneficial for all of us, I like to think.

We got the idea for doing a badge probably after DC27. We kind of faded in energy when DC28 was announced as all-virtual, so the badge idea just dragged along. But as DC29 approached and it became clear there would be an in-person component, we became energized again. On May 24, 2021 (yes, just over ten weeks before Defcon opened, we had a planning meeting, wherein we attempted to nail down specifics. The whiteboard at that meeting is attached to this post. We had wanted it themed for Hitchhiker’s Guide, but none of us came up with a structure or shape that really called out to us or that we found compelling, so it was still feeling a bit in question. After everything went home that evening, I sat down to do some reading and kind of had an epiphany.

I realized that the general shape we had settled on, which I was already uncomfortable with just because it didn’t holler “pick me” when I looked at it with my mind’s eye, seemed as if it would perfectly accommodate a Tree of Life arrangement. This made me nervous. I was well aware that some of the members of the group may have come from a religious background that might lead them to feel uncomfortable around such symbolism. So I tended to tread lightly when approaching the group with this idea. I came up with some mockups, and either they were too busy to respond or I can be ridiculously persuasive at times, because I got no pushback, and continued to develop. As usually happens with this type of group project or volunteer/nonprofit organization, the person with the most forward momentum tends to get what he or she wants. At a certain point it had gathered so much momentum that it had to be completed.

And here we are. We have presented to the Defcon community an esoteric artifact, on behalf of a group who mostly has no historical involvement or investment in such esoterica. And it’s been remarkably well-received. It led to a lot of interesting doors being opened at the con, and some great conversations. I suspect the acquirers had varying reasons for desiring this badge. Some because the backlit presentation with a black solder mask created an especially appealing aesthetic; some because they appreciate anything esoteric; some because they gotta have ’em all, and some, well, who had spend considerable portions of their lives in the study of the badge’s subject matter.

What is Kabbalah? Well, it’s a lot of things to a lot of people. And it’s not the same to all of them. The way I like to describe it to people with no background at all is, “It’s a framework for interpreting the world around you.” In Judaism (I’m not Jewish), it’s been around for hundreds of years. It has been adapted by others, probably most notably Aleister Crowley, and you’ve probably noticed it associated with celebrities like Madonna. It’s not my role to attempt to give you a definitive answer, that would take a whole new website, or maybe a whole new career. But if you gave me enough money, I would try. 🙂

I think maybe I was initially attracted because, you know, spooky occult. But I came back to it from a pure hacker standpoint. It’s like when my family bought a sailboat eight years ago. As a hacker, if you love boats, you will love sailing. It’s a hobby where you can learn something new every day you do it. There are lots of techniques, strategies and optimizations to geek out on. Same with Kabbalah. No matter which angle you approach it from, there is an endless amount of knowledge and information behind it. I met several people during con who have studied it for decades.

I will say this. Based on my own personal research, a fantastic and humorous introduction to Kabbalah, also known as the Tree of Life, can be found in The Chicken Qabalah of Rabbi Lamed Ben Clifford: Dilettante’s Guide to What You Do and Do Not Need to Know to Become a Qabalist by Lon Milo DuQuette. (affiliate link) At the very least, this book should give you an idea of whether Kabbalah (also spelled a bunch of different ways, blame Hebrew ambiguity) is something you’d be interested in studying.

How does this connect with, and why does it resonate with, the Hacker community? This question came up during a talk I was invited to participate in during Defcon. (It was a private talk, don’t get your FOMO in a bunch). I think it was actually during that talk that it sunk in, and I mentioned it, that I think the seeds of this interest were planted in the textfile BBSes many of us frequented back in the day. Who remembers “The Occult Technology of Power?” Every textfiles BBS had subcategories. Hardware, phone phreaking, piracy, occult, basically everything us hacker kids felt was suppressed knowledge. So maybe some of us dabbled back then. Maybe some of us deep dived. Either way, here we are.

Going forward. As I mentioned before, the members of this group come from different religious backgrounds, and it’s not fair to them to attach any prejudices associated with this badge to them, so going forward, I’d like to separate this out a bit. This might go even farther in the future, but for now, the official DC540 website (dc540.org) and Twitter (@dc540_nova) will focus on the badge hardware, functionality, software updates, and the game we released. P.S., nobody has won yet!

For deeper conversations on esoteric or related matters, to exchange related resources or suggestions, or to continue friendships made at Defcon, or to get random shitposts now and then, hit me up on my personal account (@dc540baab). I met some very interesting people at Defcon, both badge-related and not so much, and I’d love to the continue the conversations. The general rule is, if it relates to something the group gets behind, it’ll go here. If it’s something I think might be controversial to the group, it goes to my personal. I don’t want to scare new group members away with what are essentially personal pursuits.

OK, enough of my too-long-for-twitter babblings the day after returning from Con.

Monday evening Discord meetup is up to YOU.

Baab will be in the air during this evening’s weekly meetup, returning from LV. But nothing at all is stopping the rest of you from holding a Discord meetup. We’ve picked up a bunch of new friends recently, both from Kevin’s RE courses and from our many, many in-person Defcon interactions.

The normal time is 1830 Eastern. The Discord perma-invite is on the dc540.org website.

We meet in the Monday Meetup voice channel. We are welcoming to new members, we like to get to know people this way before attending an in-person gathering with us.

DC540 ‘Tree of Life’ Games

How to Enter the Answers:
– Once you get the Answer, go to the http://dc540.org/question.html website and enter in the Question number, the answer, and our badge ID. Take the eight-digit number (unique to your badge) and enter that into your badge.
– A couple of notes: even if you put in the wrong badge id or answer, an 8-digit code will be returned, so be careful.
– When entering the numbers into the badge, make sure to lock in each number with the right button and then submit. If the answer is wrong or you didn’t submit correctly, you will be dropped out of the game answer area.
– There is a Discord invite on our main DC540 page but look for the dc540-tree-of-life-badge room.

Game 1: Crossword Puzzle
– There is a Hitchhiker’s themed crossword puzzle on our website or the one included in your bags. Complete the crossword puzzle, snap a picture of the completed puzzle with answers written legibly and send it to us on Twitter or Discord IN A PRIVATE MESSAGE with your badge ID (that 16-digit sequence starting with an ‘e’). You can also deliver it to us in person. Once we verify you completed the puzzle, we will send you the answer code to enter on the badge. Our Twitter Handles and Discord Usernames are at the bottom of this instructions.
https://crosswordlabs.com/view/dc540-2021-badge

Game 2: Lockpicking Challenge
– Go to the lock picking village and learn how to pick locks. Videotape yourself picking the lock and send us the video to our DC540 Twitter with all the hashtags or feel free to also send it to us privately. Once we verify you completed the challenge, we will send you the answer code to enter the badge.

Game 3: DC540 Website
– Check out the ‘History of the DC540 badge’ and enjoy the pictures on our website.

Game 4: Twitter Challenge
– We have hidden some information on our DC540 Twitter Page. Nothing too complicated but check out our feeds, find the information and decrypt.

Game 5: Scavenger Hunt
– Make sure to be courteous and ask for permission before taking pictures of anyone.
– To ensure the following photos are yours and yours alone, make sure you are in the picture. Extra points for creativity.
– Take pictures of ten of the following items, add a hashtag, and post on our twitter page. Make sure to send us a message (to our twitter) with your username when you found ten of the below items and posted on our Twitter:
– A Sheep
– A Carrot
– The “Welcome to the Fabulous Las Vegas” Sign
– A brochure from a wedding chapel in Las Vegas
– A photo of you next to a man/women who has a mullet
– Take a picture of an impersonator.
– A photo of you with a Roman Guard at Caesars
– Poker chips from 3 different casinos
– Green Craps dice
– Post card with the Eiffel tower on it
– A picture with Elvis
– A picture with one of the M&Ms
– A tiger
– A picture of a person wearing socks with sandals.
– A bike “cop”
– Photo of a man with a handlebar mustache
– Ceiling in Bellagio
– Pink Flamingos
– Floppy Disk
– Picture with a DC540 Boss

Game 6: Morse Code Challenge
– Go through the Morse code menu and you’ll find several Morse code challenges. One is the answer, but the rest may prove helpful. For a bit of fun, when you pair with a boss, Morse code will flash. Hurry up and write it down and make sure to let us know what you’ve found. The answer (when input into the generator) will not have spaces, capital letters, special characters, or numbers.

Game 7: What do you know about the Ham Radio?
– The theme of DC29 is “Don’t Stop the Signal” if we do end up in a world where communication becomes more difficult, could you grab a ham radio and know what you are doing? The questions and answers are only displayed once and your answers will not save if you leave the game early. You will get a random set of questions from a larger question bank, Answer 15 of the following questions correctly and pass this challenge. You won’t know what questions you get wrong.  Then maybe go take your entry level Ham Radio license (there is a Ham Radio village at DEFCON).

Game 8: Badge Pairing with another Player
Pair badges with other players and check out some of the default messages or send your own. Be careful, you’ll have several good or bad hints you can send to the other person. You know if the message you sent is helpful or not, but not what the message is. Hopefully, they treat you the same. Make sure to write down the message you receive immediately. It’s not saved anywhere.

Game 9: Hide and Seek Part 1
There will be three DC540 founders at DEFCON. You can put your badge in “Boss Check” under the Phonebooth menu and it will search for our three Boss Badges wandering DEFCON. Your badge will light up when you are nearby a “Boss Badge”. We will occasionally post on Twitter our locations or hints. We maybe wearing DC540 paraphernalia. Find us and to get the code you need by completing one of the following: sing a lullaby/song out loud, show us a talent (idk, impress us), bring us a SAO for our collection or a cool DEFCON sticker or anything else you think would be worthy of winning this challenge (or just bribe us with a beer).

Game 10: Hide and Seek Part 2
Now find the another boss badge.

Bonus: For those coders/badge enthusiasts and all-around tinkers, feel free to explore our badge and make suggestions for code improvements or

Twitter Handles: @skullsinblack and @dc540baab
Discord: ‘Lyra the Damned#5380’ and dc540#3865

Badge Distribution Update

So I just left the badge creator’s meetup. Amazing talking to other badge makers and doing a few swaps, buys and sells.

Right now, I’m taking a much-needed self-care break. I have to recharge my phone, mask and body for a bit, sit with my feet up for a while, and get shower #2 of the day.

My plan for the rest of the day is to be available to hand out preorders.

I’ll leave the room in like an hour and a half or so, and head down to the main chandelier bar on the Paris casino floor next to Cafe Americano, find a comfortable seat and hold court for any pickups. If any of you are really desperate to pick it up before then, hit me up directly (Twitter @dc540_nova) and I’ll give you directions to the room at the Linq. Extra stickers and support points for life if you pick me up a mocha doubleshot from the convenience store on the way up. It’s about $7. I’ll pay you for it.

PINECIL soldering iron for the win!

So I dropped my TS-80 portable soldering iron on the tile kitchen floor last week, and broke the glass covering the OLED. It still works, but it spooked me, because of #badgelife and the upcoming Defcon trip. Very bad timing. I wanted to make sure I had a backup in case we need to fix anything on the fly, or solder new stuff, etc.

I looked into getting another one, because I’ve been pretty happy with it, but then I found some posts touting the PINECIL. At about 1/3 the price of the TS-80, supports open firmware and custom logos just like the TS-80 and TS-100, and pretty well-reviewed.

So I got a PINECIL. It showed up last week. I plugged it into the same battery pack I’ve always used for my TS-80 (since fall 2018!), and it reported low voltage. Looked into it, and it turns out the PINECIL needs more juice than something made in 2018 can push. From multiple sources, the PINECIL really works its magic when it’s getting 60W at 20V. So now I need a new battery to power my new iron.

You should totally buy one. It’s just $35. https://amzn.to/3lqKDlp

I spent a couple hours looking at battery packs, specs, reviews, the whole bit. I finally settled on the EasyLonger model. 65W USB-C PD, 10000mAh. It’s important to stay below around 30000mah if you want to take it on a flight with you.

First test, fires right up, pumps the iron right up to the optimal temperature.

You should totally buy one, it’s about $55. https://amzn.to/2VhXpIj

Also get a high-capacity USB-C cable. The one I got is rated for 5A.

You should totally buy one. https://amzn.to/3xp9CrM

History of the Tree of Life Badge

Our Final Product

It’s time to tell the tale of how the DC540 “Tree of Life” badge came to be and memorialize its compiled history into one grand telling.

The badge had humbled beginnings as all great ideas do. Our crew had long wanted to conceive our own glorious badge. A badge that was both aesthetically beautiful but also offered more. We played around with several different themes that stretched from The Hitchhiker’s Guide to the Galaxy, Lovecraft, an Escape Room to Ham Radio.

One of Our First Conceptions

We quickly learned the importance of identifying which hardware we wanted to use early on. Initially we played around with the ESP8266, found that it wasn’t robust enough for our grandiose plans, moved to the ESP32, and then abandoned all for the pico. Our OLED screen changed quite a bit as well, with us at one point using a 1.8 inch SPI TFT LCD Display module. While lovely, cost and other practical implications kept us from pursuing a larger OLED. We were loath to have the badge burdened down with batteries and needed to keep it light.

The beginning

It was the end of May where we finally got serious. At one of our in-person meetings, the whiteboard came out and we started scribbling. In the next two hours, we had more forward progress than the last 6 months. We made some guesses on how much parts would cost, our general “theme” and some potential games. Shockingly, we were pretty on point with our cost estimations and were able to keep our final product at the $50 mark per badge.

A lesson on hardware

Bob played around with many ideas for the badge design and finally had inspiration with the “Tree of Life” theme, in a fit of creativity, he quickly produced one prototype after another, making each one a bit better. He used KiCad for the board designs and then gave us all a lesson on how he did it. Our imaginations went into high gear as we started planning our future badges and Shitty Add On (SAO) we could make.

Taking a closer look at a suspiciously complex program

Our first prototypes came in unexpectedly quick which was a relief, we were a month in and had little more than a month to finish up the project. Kevin worked hard, rewriting the libraries and code, each time one of us fortuitously had another good idea that resulted in more work for him. Critiques included morse code had too much fade when flashing, the badges didn’t just need to send messages to each other but also have default messages hidden inside, badges had to flash in a spectacular manner when paired with a Boss, and I needed more menus! Oh, let’s not talk about the great hash wars where we debated the merits of each encryption and nearly stopped talking to each other. At one point, I swore Kevin hadn’t slept for a week and had developed an uncontrollable twitch and would yell “no more” every time I spoke up, even when it was just to say hello.

The development of the games was especially frustrating as the goal was for the games to be very achievable by new DEFCON attendees, offer a way for people to interact with each other but still be challenging. I learned a lot about steganography, stegdetect, githubs Steganography online, using WordPress, a member helped by created a Hitchhiker’s themed crossword puzzle, the intricacies associated with morse code (using ‘dah’ and ‘dit’ over ‘dash’ and ‘dot’ and so much more.

The Final Boards

One particularly important lesson was learning to speak “developer”. What made sense in my mind didn’t necessarily make sense to our developer and how he envisioned code. There was many nights of butting heads, exasperated sighs and outright frustration over the lack of communication.

Our product
Final Assembly

Finally we had the boards, now it was just time to solder and assemble them. In these desperate times, we called everyone together and had one large soldering party, troubleshooting any connections that just weren’t right, cursing, and drinking more whisky to sooth our burnt fingers.

I made sure to tweet- from my sweet mountain overlook

Now the last step, playing the games, traversing the rooms in the badge and seeing what would break. I hid away in a the Shenandoah Mountains for a weekend and did nothing but drink more coffee, try and break the badge and code, and debug away. With only five days before we would leave for DEFCON, we had a product we all agreed was magnificent. Our last Monday before we left, we double checked each bag, wrapped them in bubble wrap and carefully placed them in a baggie with batteries, stickers and a lanyard.

Our last task would be to hand them out at DEFCON and enjoy.

Well, except we ordered 50 more badges just a week ago, so it seems we will be packing those up and shipping them out once we get back.

Oh, and our war-torn developer just happened to ask about our next big product…..he’s already got a suggestion and we’ve begun to brainstorm away.

#game3

Post 2: Game Rules for the DC540 “Tree of Life” Badge

****** DO NOT PLUG IN THE BADGE TO A USB IF THE BATTERIES ARE INSERTED ******
If the power switch is off, it is probably fine, but use your judgement.

The DC540 Tree of Life badge has ten interactive games that can be played during DEFCON. The games vary and some can be played on the badge (morse code, ham radio questions) while others are interactive (conducting a scavenger hunt, lock picking, decoding ciphers). An explanation of games and more detailed instructions will be posted on the DC540 website Friday morning August 6th at 00:01.

Overview

The games do not need to be completed in a specific order.

Five of the games will require you to send us proof of completion. These games are:
– Game 1 (Crossword Puzzle)
– Game 2 (Lock Picking)
– Game 5 (Scavenger Hunt)
– Game 9/10 (Boss Pair)

For Games 1, 2, 5, 9, and 10, the game instructions will provide direction on how to obtain the answer but make sure to always include your badge number in your correspondence.

The other five games do not require interaction with a DC540 member to complete. Completing the game will either automatically unlock the badge or provide you with the answer.

Include the following hashtags on anything you post on Twitter when you solve a challenge.
#dc540 #badgelife #dc540scavengerhunt

Alternatively, you can post on our DC540 Discord Channel “dc540-tree-of-life-badge” or message us on Twitter or Discord (preferably both).

Twitter Handles: @skullsinblack and @dc540baab
Discord: ‘Lyra the Damned#5380’ and dc540#3865

As the game progresses, hints and other updates will be dropped on the dc540 Twitter page (and that of the two main characters) if certain challenges are proving too difficult.

When all ten spheres are completed, the badge will FLASH RAPIDLY FOR 5 minutes. Be advised, that it is intense, and be cautious if you are nearby other people as this has the potential to trigger seizures or epilepsy. Send us a picture of all ten rooms lit up from completing the challenges. We will announce winners on our Twitter DC540 Page.

Understanding the Badge:

There are six buttons on the badge.
– The four buttons on the left function are: Up, Down, Left and Right
– The Left Button allows you to erase a previously input character.
– The Right Button will allow you to “lock” in each character.
– Up and Down scroll through the characters and numbers.

Button Assignment

There are two buttons on the right. The top button allows you to submit, and the button has a surprise but IT is also there for you to get creative.

Entering Answers:

When you complete each game, you will get a case-sensitive answer.
– Go to http://dc540.org/question.html, select the question number, the answer, and your badge number.
– You will get back an eight-digit number that is unique to your badge.
– Write down or save that number.
– From your badge, go into that corresponding game, and enter that eight-digit number.  You will need to “lock” in each digit and then submit. If you for the answer correct, the badge will correctly flash and blink for that challenge.

Sample Submission
Sample Output

The answers are case-sensitive. Once you complete a challenge and put the answer into the badge correctly the “room” lights up.

Prizes:
We do have prizes for 1st, 2nd, and 3rd place. More information to come.
First Place: 100K DEFCOIN
Second Place: 10K DEFCOIN
Third Place: 5K DEFCOIN

Maximizing the benefits of castellated edges

When we chose our badge design, we were cocky and full of ourselves, and went with surface-mount pads on our prototypes. Because our badge is based on the RPi Pico microcontroller, and had castellated edges, we figured we would minimize soldering, maximize space for silkscreen artwork, and up the cool factor by mounting on the pads using solder paste with the castellated edges.

Well, that turned out to be too hard. We don’t know what we’re doing, and didn’t have time for a learning curve, and kept running into bridging below the surface, which is hard to correct after it’s soldered down.

So we decided to go back to thru-hole with the finals. We soldered about half of them with thru-hole headers, which, let me tell you, is a pain. 40 header pins soldered to the board, and 40 soldered to the Pico. It’s tried and true, and any screw-ups are obvious and visible, but we were disappointed.

I was assembling the last of batch 1 earlier today, and decided on a whim to try headerless soldering directly to the pads with regular solder instead of paste. I used a 20-pin header temporarily on the left side to hold the pico in place on the board, soldered down the right side, then removed the header and soldered down the left. It worked great. It’s the best of both worlds. It saves wasted time with headers, cuts soldering in half, and keeps unsightly pins from poking out the bottom of the board. Just like regular thru-hole soldering, problems are visible. Bridging is not usually a problem, the solder tends to stick to the pads on the board as well as the generous copper pads on the Pico. All I need to do is make sure there’s a nice ramp from the upper pad, waterfalling over the castellated edges and onto the board pad.

If you ever have the urge to base a PCB around the Pico, consider this option.

Yes, we’re aware you can get the RP2040 chip on its own without the Pico, but one of our members bought a whole REEL of Picos, so it made sense for us to do this.