badge to do something interesting right out of the box if the
user didn't insert an SD card into the socket. I decided to
incorporate "TV-B-Gone" functionality into the badge and
take advantage of the infrared components that would
already be in place. The original TV-B-Gone (
tv-b-gone.com) product was designed by Mitch Altman of
Cornfield Electronics. The unit simply transmits all known
television remote control power-off codes one after another,
allowing you to turn off practically any TV in North America,
Asia, or Europe. Depending on how the TV-B-Gone is used,
it can be quite mischievous and I thought it would be
suitable for a hacker conference where people are used to
taking advantage of and pushing the bounds of technology.
Above and beyond the engineering design goals, there were
some fundamental requirements:
• Aesthetics. The badge needed to look nice and be as
non-intrusive to the wearer as possible. From the graphics to
the routing to the parts placement to the circuit board
traces, every aspect of the badge design was considered.
• Low Cost. The badges had to be cost-effective. The
goal was a $7 total BOM (bill of materials) cost per unit
including components, programming, PCB manufacturing,
assembly, and testing for 8,500 pieces. Meeting the badge
budget has been a major challenge in previous years.
• Hackable. The badge should be completely "hackable"
in nature by providing source code, schematics, and development resources for those who wanted to modify their
badge to do something different and out of the ordinary.
Although any product can be hacked without provisions to
do so, I wanted to make the badge welcoming to hackers
and foster the hacking spirit so prevalent at DEFCON.
• Continued Use. The badge should be designed to
provide a general-purpose development environment or
reference platform that attendees can build on and learn
from after the conference.
With the design goals in mind, I first put together a
system-level block diagram — basically a high-level
conceptual drawing to help me visualize the overall design.
The design is based on a Freescale Flexis MC9S08JM60
eight bit microcontroller (
sps/site/prod_summary.jsp?code=S08JM) and has
interfaces to the SD card socket, infrared transmission and
receiver circuitry, USB port, and debug/programming
connector. The JM60 microcontroller has 60KB of Flash,
4KB of RAM, a 12 channel, 12 bit ADC, USB 2.0 full-speed
device support, two SPI (Serial Peripheral Interface)
modules, two SCI (Serial Communications Interface)/UARTs,
two timer/PWM modules, eight keyboard interrupts, real-time clock, internal reference clock, and 51 general-purpose
I/Os. It's a powerful part and has lots of on-chip functionality
that I could take advantage of. A set of eight LEDs on the
front of the badge is used as status and mode indicators. I
had over 68,000 LEDs leftover from last year's DEFCON 15
■ FIGURE 1. Freescale's DEMOJM evaluation board with an
added SD card socket used for my initial development.
badge and wanted to do something with them.
The next step was to start developing with actual hardware. I used Freescale's off-the-shelf DEMOJM evaluation
board (Figure 1;
prod_summary.jsp?code=DEMOJM) and Code Warrior
Development Studio for Microcontrollers — which is freely
available for up to 32KB of code (
webapp/sps/site/prod_summary.jsp?code=CW-MICROCONTROLLERS) — to get the basic firmware and
state machine environment set up. Then, I added an SD
card socket to the DEMOJM's expansion header and continued with the firmware development until I was comfortable
that the intended functionality of the badge would succeed.
After that, using the block diagram as a rough guide, I
built a custom circuit board with only the specific hardware
that I wanted to have on the badge. I also designed in
provisions for a few elements that I hadn't yet completely
decided on, like how to support the infrared transmission
and reception (discrete components or an IrDA-compliant
module) and battery selection (AAA or something else). The
hardware and firmware designs were finalized on this board
before moving to the next step, which was a true-to-form
pre-production prototype. Using an intermediary board like
this allowed me to not only verify my schematic, but also to
easily make changes to component values and take
measurements of various signals to aid in troubleshooting
and diagnostics. The majority of hardware and firmware
development was done on this platform before moving to
the "form and function" pre-production prototype.
With the hardware and firmware completed, the final
task was to lay out the actual badge circuit board and build
a few pre-production prototypes to verify the entire system
before kicking off the production run. I ordered a few bare
boards with yellow soldermask and red silkscreen, hand-soldered them, and ran through my test procedure to verify
that the individual aspects of the badge worked as desired.
This step was the last chance for me to correct any mistakes
before committing to many thousands of dollars of circuit
boards and components. I also used these prototypes as
samples for DEFCON to approve.
Using two hand-soldered pre-production prototypes let
March 2009 55