By default I had a look at binwalk to see if there was any particular known formats in the firmware:ġ91962 0x2EDDA MySQL ISAM compressed data file Version 2ġ240538 0x12EDDA MySQL ISAM compressed data file Version 2Ģ289114 0x22EDDA MySQL ISAM compressed data file Version 2ģ337690 0x32EDDA MySQL ISAM compressed data file Version 2
2017 defcon badges code#
Hurrah! We have a bin of the code uploaded to the badge, now we can start digging through the firmware. We do this at a baud of 74880 (you can push it higher, but this was most reliable for me).
This will essentially pull off everything from the flash, even though most of it is not used (instead we get many copies of the firmware). esptool.py -port /dev/tty.usbserial-A106AUUX -b 74880 -c esp8266 read_flash 0 0x400000 badge_firmware.bin Next we dump the firmware with the ESPtool as follows: Using the different buttons will put it into different modes and you can read about the ESP modes over at, however holding the UP button while booting will put it into a stable 1,7 which is what we are looking for. This looks a lot better! However our badge is constantly rebooting, and we need to get it to stop doing that so we can pull the firmware. You can of course use anything else like putty/minicom/screen/etc :)
2017 defcon badges serial#
For this I just used the arduino serial monitor, its easy to change the baud and I wasn’t sure what speed the badge would be running at. Next we want to connect to the serial port to see whats going on with the badge (Maybe there are more secrets setec astronomy). Esptool is the tool from espressif that allows you to upload firmware (as well as download) from ESP devices. Now that the cable is connected we have to grab esptool from their github, so you can just run git clone. Vendor ID: 0x0403 (Future Technology Devices International Limited)
2017 defcon badges mac#
Next we want to make sure it is connected and working, on OSX you can use system_profiler SPUSBDataType and on lsusb on linux, on my mac the output shows that I have the cable connected: Next I connected it up to my FTDI cable, its important to look at the colouring for yours but this was how I did it: The first part was of course wiring up to the ESP, in this case the hackerwarehouse guys had nicely left the pins exposed as well as labelled for us! Soldered up some breadboard jumpers as they are easier for me to connect to the FTDI cable and I was away. Before digging further into the firmware the code was actually released so I didn’t pursue it further :) Connecting to the Badge So this is how I got the three basic unlock codes. I found that using UP, UP, DOWN, DOWN, LEFT, RIGHT, LEFT, RIGHT gave you the text konami, but that was it. Initially I tried getting high scores in the snake game, using various keypresses in the ‘echo keypress’ and other parts of the badge. So I wanted to try and unlock these features.
However when trying to use these the text “locked” appears on the screen. The hacker warehouse badge (even on hackaday) was really awesome for me, the design was cool, the LEDs, and old school snake game and more! And by more I mean the “mischief”, which included wi-fi deauth, Pineapple lite and more. strings original_contents.bin | grep -B 15 -A 15 LRLR Put the badge into firmware mode by booting and holding the down button Make sure the device is found ( lsusb on linux and system_profiler SPUSBDataType on OSX ) Connect the wires up correctly to TX and RX Get an FTDI cable ( the hackerwarehouse badge is 3.3v and I have one similar to this: ) I didn’t end up going into the firmware beyond strings since they released it on github eventually and there were no other unlocks, but the basics of doing it were as follows: I was lucky enough to get one of these really cool badges and I wanted to figure out the lock codes from the hardware/firmware rather than trying to use the interface. Defcon every year has many many different electronic badges that you can play with / hack / blind your friends with.
0 kommentar(er)
