Around the badge in 80 days: on the other side OFFZONE
Hello, Habr! Last time we talked about the badge of the OFFZONE 2019 international cybersecurity conference badge and what it is with. Today we will share behind-the-scenes stories: how they came to its creation and what it cost us to invent and produce a series of 2000 devices. Timeline of events, pitfalls of development, procurement, installation and other joys from the world of electronics under the cut. Go!
Each practical cybersecurity conference has interactive badges. In our case, the badge should at least serve as a wallet for the event’s internal currency - OFFCOIN.
Last year, a Java-map coped with this task, to which we screwed up a few tasks, a game of tanks and a sokoban. The same card seemed to be the logical development of the 2019 badge, only now with NFC: here there is continuity, evolution, and a sea of ideas for tasks. And for her there are all the achievements - this is important if you are looking for vulnerabilities in the first shift, and in the second you will organize a conference.
We were slowly preparing for production when the news came from the hardware analysis laboratory: colleagues will present at OFFZONE their overview of attacks on embedded systems. Work chats filled the photos of the prepared boards, side-channel types were discussed in the corridors, the hardware theme didn’t even capture our economists. And we realized that for OFFZONE 2019 we need to file our own device.
So, we had 80 days before the conference, the goal was 2,000 devices and 2 electronics developers. Here's what this epic looked like through the eyes of one of the developers.
The first thing we started with was brainstorming with colleagues and generating badge concepts. Among the ideas were a single board with an interpreter of some basic on board, a badge business card with an E-ink display, something from the world of IoT devices based on ESP32 or a similar module, and a base motherboard prepared in advance for additional equipment with additional modules.
We walk, drink coffee, digest thoughts. Weigh the pros and cons. We read tweeters and see what others are doing .
We had another brainstorming session.
The single-payer idea was thrown back. It turned out to be too expensive due to the abundance of components and installation: there would be more than 30 buttons alone. And not to surprise anyone with such a device - The Supercon Badge and similar crafts are immediately remembered .
A business card with an E-ink display was also dismissed: they could not find an interesting application for it and decided how to attach potential tasks to a badge. And the ESP32 looked somehow frivolous - we would have thought that we were new arduinists! (Although I will return to the Arduino theme.). There was the idea of a motherboard with the ability to understaff it with modules for solving tasks.
A couple of days polished the idea. As a result, we chose the form of a 3.5-inch floppy disk, decided on the main functionality and body kits. As the latter, we took the DIP Switch with 8 switches, an OLED display, an IR receiver, a 13.56 MHz RFID transceiver and a separate 433 MHz receiver and transmitter. The STM32F1 microcontroller, like on the popular Blue Pill board, was assigned to manage this motley zoo .
At the same time, the idea came up to create a Craft.Zone platform on OFFZONE, where everyone can come to smell the rosins and personally equip their badge with electronic components. The soldering zone - that’s another knight's move! Firstly, this is interesting and unusual for an industry conference, secondly, it will enthrall even beginners, and thirdly, this way we will accelerate the installation of the final batch of devices. All parties win!
As a result, in the first weeks we approved the concept, basic functionality and component base of the future device. Then the fun begins.
We managed to make a circuit, dilute, produce and manually mount the first version of the badge board. At this stage, the choice of a power source turned out to be the most painful.
Obviously, the badge must be a standalone device. As a guarantee of this autonomy, a lithium-polymer battery of 0.5 A * h and the corresponding charge control system on a simple controller like TP4096 were asked for. But have you tried to buy a couple of thousand batteries in Moscow without a preliminary order, and even from a trusted manufacturer? We tried - we did not succeed. We did not dare to order from China: the battery is too responsible and a fire hazard, and our guests had to wear it around their necks. It was then that we returned to the good old batteries. Estimated consumption, conducted a series of simple experiments and settled on a configuration of four AAA batteries. They gave 16–20 hours of operation of the device, depending on the activity of use.
They rack their brains over writing firmware. In other circumstances, we would write software using Eclipse (arm-none-eabi-gcc), Keil, IAR, and other human and not very IDEs. However, our team of development volunteers for the most part consisted of forensics and pentesters. It was unreasonable to hope that in their spare time they would quickly master the writing of firmware for embedded systems.
I promised that without the arduins will not do? I did not lie! To simplify the software development process, we used the Arduino IDE. Fortunately there is a good project STM32DuinoWhich out of the box implements the Arduino bootloader for our target stone STM32F1, and the Arduino IDE supports it. In the latter, there is a large part of the libraries we need to work with modules and other joys regarding high-level programming. Of course, not everything is so smooth with libraries, but you can live. To adapt most of them to STM32, it is enough to rewrite platform-dependent functions - and that’s all. But editing a library code is almost like inserting quotation marks!
And now the first version of the board is ready. It came out green, without the necessary milled holes and practically did not work.
Most of the problems of the first version could have been avoided if we had previously assembled the main part of the circuit on a breadboard. We would certainly notice that the receiver and transmitter require different values of the input voltage: 5 V for the receiver and 3-12 V for the transmitter (in the trial version, both modules were powered from 3 V). Would not pass by and sleeping USB. A careful reading of the circuit diagrams of Blue Pill-type boards helped to understand that USB would not work until the USB_P line was pulled up by a 1.5–10 kΩ resistor to a 5 V power supply.
Due to tight deadlines, we had to compromise and work on the principle of “do seven times measure”, but “do-test-correct”. But it is suitable only for stress-resistant enthusiasts - we do not recommend repeating at home.
We fixed problems and produced a batch of badges v2.0. It is still green, but it is almost working. That's what a hand means!
If you look at the photo badge, you will see two barcode curves on the front side (yes, we know about the existence of QR codes, but we decided that we want a warm tube barcode). This was an unsuccessful attempt to put a link to the site on the badge with information about the conference and operating instructions. The barcode did not get into the final version: we could not decide how to position it so that it looked concisely on the board. In a smaller version, it was not read by the application on the mobile, but in the current size it looked too monstrous.
In the second version of the badge, we fixed the USB, adjusted the connection of the modules, correctly created the zones for milling. Also removed the extra components and most of the debugging jumpers - but not all.
Pay attention to the location of the power and ground contacts.
At the same stage, we started the purchase of the main part of the components. The badge required only the popular STM32F1, WS2812B and other consumer goods - we did not expect their shortage and therefore were in no hurry. But it turned out that everything decides the scale. Buying 10 controllers in stock in Moscow is easy, 100 is also not a question. But with 1000 or more difficulties begin. We could not find a single seller in the capital who would deliver 2000 MK STM32F1 for a reasonable time and adequate money. Had to order from Ekaterinburg!
The same difficulties arose with the purchase of 8,000 WS2812B LEDs. The latter flew to us from a European warehouse and lingered at customs, which was a good thing for our nerves.
The only thing that got a little blood was passive SMD components like resistors and capacitors of size 0603. These were in bulk in Moscow warehouses.
Looking ahead, I’ll say that all the components were obtained in 3-4 weeks. But this is luck, we won’t take any more risks.
Party v3.0. The badge is already black and fully functional! There is only a ma-a-a-scarlet nuance. Somehow, an error occurred in the location of the power and data contacts on the 433 MHz transmitter from the first version of the badge.
Because of this error, our colleague, who wrote task on the radio, almost turned gray. On his arduino mockup, the transmission worked confidently for 30 meters, but on the badge - well, if half a meter from the board. A few days, until they found a bug in the wiring, a colleague was tormented and did not understand what was happening. Fedor, forgive us! Although it’s a mystery, why did the device with mixed pins work at all ?!
So, we found a bug, fixed two tracks on the board, for convenience we changed the miniUSB connector to microUSB, crossed ourselves, ordered the final v3.1 for 2000 pieces.
We go, worry about the supply of components from all over the world. Along the way, the guys finish their tasks.
Boards came, components came, we give in installation! We worked with the “M-board", which mounted all 2000 devices in a week.
We take test 12 boards from the installation, check, exhale: everything works as it should.
We actively finish the tasks, along the way we are preparing for the final overcoming of common sense. After all, all 2000 devices we will have to flash manually. To simplify the combat mission, they wrote a python script using the console version of the STM32 ST-LINK Utility and prepared two dozen cheap ST-Link v2.
We take the boards from the installation, turn off the mobile phones, lock ourselves in the office and fill in all 2000 devices in the evening.
There is joy on our faces, but thoughts are far away. What will be the badge next year? Will we prove the idea with E-ink or come up with something completely new? Let's get back to the concept of plastic cards or will we be inspired by the Tokyo Olympics and get paper origami badges washed down? If you have fresh ideas, please comment: it is possible that something from the proposed one year later will be hanged by cybersecurity experts from around the world!
OFFZONE 2019 was held a month ago, but we are still being asked the questions “can I get a badge somehow”. Yes you can! 100 badges will go to those who are the first to write to info@offzone.moscow . We ship to Russia and the CIS. The event will last two weeks from the date of publication of the article and will close on exactly August 2 at 13:37 Moscow time.
Each practical cybersecurity conference has interactive badges. In our case, the badge should at least serve as a wallet for the event’s internal currency - OFFCOIN.
Last year, a Java-map coped with this task, to which we screwed up a few tasks, a game of tanks and a sokoban. The same card seemed to be the logical development of the 2019 badge, only now with NFC: here there is continuity, evolution, and a sea of ideas for tasks. And for her there are all the achievements - this is important if you are looking for vulnerabilities in the first shift, and in the second you will organize a conference.
We were slowly preparing for production when the news came from the hardware analysis laboratory: colleagues will present at OFFZONE their overview of attacks on embedded systems. Work chats filled the photos of the prepared boards, side-channel types were discussed in the corridors, the hardware theme didn’t even capture our economists. And we realized that for OFFZONE 2019 we need to file our own device.
So, we had 80 days before the conference, the goal was 2,000 devices and 2 electronics developers. Here's what this epic looked like through the eyes of one of the developers.
80 days
The first thing we started with was brainstorming with colleagues and generating badge concepts. Among the ideas were a single board with an interpreter of some basic on board, a badge business card with an E-ink display, something from the world of IoT devices based on ESP32 or a similar module, and a base motherboard prepared in advance for additional equipment with additional modules.
79–65 days
We walk, drink coffee, digest thoughts. Weigh the pros and cons. We read tweeters and see what others are doing .
64-60 days
We had another brainstorming session.
The single-payer idea was thrown back. It turned out to be too expensive due to the abundance of components and installation: there would be more than 30 buttons alone. And not to surprise anyone with such a device - The Supercon Badge and similar crafts are immediately remembered .
A business card with an E-ink display was also dismissed: they could not find an interesting application for it and decided how to attach potential tasks to a badge. And the ESP32 looked somehow frivolous - we would have thought that we were new arduinists! (Although I will return to the Arduino theme.). There was the idea of a motherboard with the ability to understaff it with modules for solving tasks.
A couple of days polished the idea. As a result, we chose the form of a 3.5-inch floppy disk, decided on the main functionality and body kits. As the latter, we took the DIP Switch with 8 switches, an OLED display, an IR receiver, a 13.56 MHz RFID transceiver and a separate 433 MHz receiver and transmitter. The STM32F1 microcontroller, like on the popular Blue Pill board, was assigned to manage this motley zoo .
At the same time, the idea came up to create a Craft.Zone platform on OFFZONE, where everyone can come to smell the rosins and personally equip their badge with electronic components. The soldering zone - that’s another knight's move! Firstly, this is interesting and unusual for an industry conference, secondly, it will enthrall even beginners, and thirdly, this way we will accelerate the installation of the final batch of devices. All parties win!
As a result, in the first weeks we approved the concept, basic functionality and component base of the future device. Then the fun begins.
59-50 days
We managed to make a circuit, dilute, produce and manually mount the first version of the badge board. At this stage, the choice of a power source turned out to be the most painful.
Obviously, the badge must be a standalone device. As a guarantee of this autonomy, a lithium-polymer battery of 0.5 A * h and the corresponding charge control system on a simple controller like TP4096 were asked for. But have you tried to buy a couple of thousand batteries in Moscow without a preliminary order, and even from a trusted manufacturer? We tried - we did not succeed. We did not dare to order from China: the battery is too responsible and a fire hazard, and our guests had to wear it around their necks. It was then that we returned to the good old batteries. Estimated consumption, conducted a series of simple experiments and settled on a configuration of four AAA batteries. They gave 16–20 hours of operation of the device, depending on the activity of use.
They rack their brains over writing firmware. In other circumstances, we would write software using Eclipse (arm-none-eabi-gcc), Keil, IAR, and other human and not very IDEs. However, our team of development volunteers for the most part consisted of forensics and pentesters. It was unreasonable to hope that in their spare time they would quickly master the writing of firmware for embedded systems.
I promised that without the arduins will not do? I did not lie! To simplify the software development process, we used the Arduino IDE. Fortunately there is a good project STM32DuinoWhich out of the box implements the Arduino bootloader for our target stone STM32F1, and the Arduino IDE supports it. In the latter, there is a large part of the libraries we need to work with modules and other joys regarding high-level programming. Of course, not everything is so smooth with libraries, but you can live. To adapt most of them to STM32, it is enough to rewrite platform-dependent functions - and that’s all. But editing a library code is almost like inserting quotation marks!
Interesting fact. To implement the badge functionality, we used the following libraries:
- Adafruit_SSD1306 for OLED display,
- MFRC522 for RFID,
- RCSwitch for 433 MHz radio,
- irmp-master for infrared transmitter.
And now the first version of the board is ready. It came out green, without the necessary milled holes and practically did not work.
Interesting fact. The prototypes of the board were ordered at Resonite under the special program “We really need this yesterday”, the components were purchased at retail stores in Moscow, and the installation was carried out on our own.
Most of the problems of the first version could have been avoided if we had previously assembled the main part of the circuit on a breadboard. We would certainly notice that the receiver and transmitter require different values of the input voltage: 5 V for the receiver and 3-12 V for the transmitter (in the trial version, both modules were powered from 3 V). Would not pass by and sleeping USB. A careful reading of the circuit diagrams of Blue Pill-type boards helped to understand that USB would not work until the USB_P line was pulled up by a 1.5–10 kΩ resistor to a 5 V power supply.
Interesting fact. Trying to reanimate USB and poking an oscilloscope into a board, I was surprised to find that although the value of the supply voltage on it is 5 V, the data lines D + and D- themselves are pulled up to 3.3 V. That's the turn!
Due to tight deadlines, we had to compromise and work on the principle of “do seven times measure”, but “do-test-correct”. But it is suitable only for stress-resistant enthusiasts - we do not recommend repeating at home.
Tip. Do not neglect the layout and carefully read the datasheets!
49–40 days
We fixed problems and produced a batch of badges v2.0. It is still green, but it is almost working. That's what a hand means!
If you look at the photo badge, you will see two barcode curves on the front side (yes, we know about the existence of QR codes, but we decided that we want a warm tube barcode). This was an unsuccessful attempt to put a link to the site on the badge with information about the conference and operating instructions. The barcode did not get into the final version: we could not decide how to position it so that it looked concisely on the board. In a smaller version, it was not read by the application on the mobile, but in the current size it looked too monstrous.
Interesting fact. The right barcode in the photo is working and contains an easter egg. Those interested can try to count it.
In the second version of the badge, we fixed the USB, adjusted the connection of the modules, correctly created the zones for milling. Also removed the extra components and most of the debugging jumpers - but not all.
Interesting fact. I had to leave 0 Ohm jumpers for the display, since I2C OLED displays with a diagonal of 0.96 inches have two pinouts that differ in the location of the power and ground contacts. We could not say in advance which version of this display would come to us, and we had to foresee both options.
Pay attention to the location of the power and ground contacts.
At the same stage, we started the purchase of the main part of the components. The badge required only the popular STM32F1, WS2812B and other consumer goods - we did not expect their shortage and therefore were in no hurry. But it turned out that everything decides the scale. Buying 10 controllers in stock in Moscow is easy, 100 is also not a question. But with 1000 or more difficulties begin. We could not find a single seller in the capital who would deliver 2000 MK STM32F1 for a reasonable time and adequate money. Had to order from Ekaterinburg!
The same difficulties arose with the purchase of 8,000 WS2812B LEDs. The latter flew to us from a European warehouse and lingered at customs, which was a good thing for our nerves.
The only thing that got a little blood was passive SMD components like resistors and capacitors of size 0603. These were in bulk in Moscow warehouses.
Interesting fact. Additional modules were ordered for 200 pieces of each type. They came from China - there wasn’t any closer quantity.
Looking ahead, I’ll say that all the components were obtained in 3-4 weeks. But this is luck, we won’t take any more risks.
Tip. If you have to purchase components for 100, 500 or more devices, do not postpone the task in the long box. With such series, take a month or more to purchase, especially if we are talking about microcircuits.
39-30 days
Party v3.0. The badge is already black and fully functional! There is only a ma-a-a-scarlet nuance. Somehow, an error occurred in the location of the power and data contacts on the 433 MHz transmitter from the first version of the badge.
Because of this error, our colleague, who wrote task on the radio, almost turned gray. On his arduino mockup, the transmission worked confidently for 30 meters, but on the badge - well, if half a meter from the board. A few days, until they found a bug in the wiring, a colleague was tormented and did not understand what was happening. Fedor, forgive us! Although it’s a mystery, why did the device with mixed pins work at all ?!
So, we found a bug, fixed two tracks on the board, for convenience we changed the miniUSB connector to microUSB, crossed ourselves, ordered the final v3.1 for 2000 pieces.
29-15 days
We go, worry about the supply of components from all over the world. Along the way, the guys finish their tasks.
Interesting fact. During the development of the Flappy Quote game, one of the colleagues managed to nourish the bot for passing in about half an hour.
14 days
Boards came, components came, we give in installation! We worked with the “M-board", which mounted all 2000 devices in a week.
Tip. If you have 100 or more devices, forget about manual installation and get ready for automatic assembly line. Keep this in mind when designing a PCB. (Consult your chosen manufacturer - they can tell you a lot. There are general recommendations on the Resonita website .)
Tip. The PCB manufacturer can often take on the part of preparing the board for automatic installation. In our case, the plant grouped several boards into one blank, created the necessary technical fields and applied reference points on the boards, and also left all the technical documentation needed to prepare the assembly line in the third organization.
10 days
We take test 12 boards from the installation, check, exhale: everything works as it should.
9–5 days
We actively finish the tasks, along the way we are preparing for the final overcoming of common sense. After all, all 2000 devices we will have to flash manually. To simplify the combat mission, they wrote a python script using the console version of the STM32 ST-LINK Utility and prepared two dozen cheap ST-Link v2.
Tip. The boards could be flashed at the final stage of assembly at the factory and without the heroic efforts of BI.ZONE personnel. We did not use this opportunity just because the final version of the software was not ready by the end of the assembly.
96 hours before the conference
We take the boards from the installation, turn off the mobile phones, lock ourselves in the office and fill in all 2000 devices in the evening.
Interesting fact. Of the 2000 devices, only 2 showed signs of life. The percentage of rejects at the exit from installation is 0.1.
There is joy on our faces, but thoughts are far away. What will be the badge next year? Will we prove the idea with E-ink or come up with something completely new? Let's get back to the concept of plastic cards or will we be inspired by the Tokyo Olympics and get paper origami badges washed down? If you have fresh ideas, please comment: it is possible that something from the proposed one year later will be hanged by cybersecurity experts from around the world!
Instead of a conclusion
OFFZONE 2019 was held a month ago, but we are still being asked the questions “can I get a badge somehow”. Yes you can! 100 badges will go to those who are the first to write to info@offzone.moscow . We ship to Russia and the CIS. The event will last two weeks from the date of publication of the article and will close on exactly August 2 at 13:37 Moscow time.