The spread of coronavirus has affected our Practical Cybersecurity Conference OFFZONE 2020. It had to be postponed until better times.
Unfortunately, this means that the textolite badge that we have been developing since December will not take place in its current form. This article is a kind of epitaph of his concept. Under the cut, we tell how we fought for ergonomics, mined components with closed borders, uncovered DIY magic against scarcity and what circumstances were stronger than us.
Concept: Main Secret Badge
A little earlier, we managed to open the veil of secrecy over what the badge of the OFFZONE 2020 conference should have been like. In short, this:
- PCB as a carrier of information about the conference participant,
- OFFCOIN wallet identifier,
- some integration with the DIY soldering zone,
- the ability to upgrade the appearance by installing Shitty Add-on’s.
But these are not all the secrets! We thought about the main badge when we learned that the final round of the CTFZone practical cyber security competition will be held as part of the OFFZONE 2020 conference. Many were going to follow this tournament: a victory at CTFZone determines who will go to DEFCON CTF and fight against the strongest teams in the world.
“And let’s broadcast the current state of affairs on CTF to each visitor of the conference!” – the team of badge developers suggested. “Nobody has done that yet.”
In the CTF competition 10 teams participate. Constantly someone is attacking someone, someone is defending, someone is waiting for the right moment. If all teams select one RGB-LED on the board, then each such interaction can be expressed in color equivalent. This will result in a system of 10 RGB LEDs, the state of which unambiguously determines the current alignment of forces on CTF.
The idea came to everyone, and we set to work.
Prototype: from layout to working model
After a short stage of spaghetti engineering (prototyping on debugging) for ten days, the badge turned into the first prototype on a textolite.
It was during prototyping that the idea arose to supplement the badge with the possibility of customization with Shitty add-on connector and home-made add-ons. The participants of the conference would all go with unique badges, beauty!
For those interested, we will describe the component base of our PCB.
- The heart of the badge is a rather thin, but proven MK STM32F070R6P6 (ARM Cortex-M0 48 MHz, 32 KB Flash, 6 KB SRAM, TSSOP20 package).
- Responsible for the light music is a dozen RGB WS2812B LEDs.
- The NRF24L01 transceiver module accepts radio messages.
- Some power supply circuit and a band of resistors-capacitors.
- Well, by tradition, everything is powered by 4 AAA batteries.
The capabilities of MK STM32 were just enough to implement the functionality of an OFFCOIN wallet, control LEDs and process radio messages.
The prototype turned out to be more than working and inspired joy in our souls with a cheerful winking of LEDs. Next to each LED on the PCB are the logo of the CTF member team: the red LED is on – this command is attacking, the green one is defending, the blue one is hiding and getting ready for something. All this was ready by the beginning of February …
… When we learned that due to the non-proliferation measures of COVID-19, 2 foreign teams will not be able to come to us.
Well, unpleasant, but not scary. We decided not to change the final badge design, but to give the absent teams a VPN and the possibility of remote participation in CTF.
Software and industrial design: pogo pins are great
Despite the disturbing news, in general, work on the badge went according to plan. It’s time to start writing software and creating infrastructure.
We will not particularly talk about software. Not because of the mystery, but because there is nothing interesting there. On a badge, a HAL driver without an RTOS, WS2812B is controlled by a timer and PWM generation, an OFFCOIN wallet is implemented through PKI, some kind of NRF24 driver. Nothing interesting. Believe me.
But with the infrastructure we are confused.
Task 1: make a convenient wallet out of a badge. The first big task that needed to be solved was to provide a quick and convenient recharge of the balance of your OFFCOIN wallet.
At OFFZONE 2019, the transfer of the OFFCOIN wallet ID was non-contact: we used the IR receiver on the reader and the IR transmitter on the badge. This system worked, but slowly, and only with a battery or USB badge and only if the user correctly selected the angle of inclination of the back and the amount of bending of the neck with respect to the IR receiver. Speed and convenience – this was not about last year’s badge.
This year, all the more serious! The payment system has become contact and can itself provide power to the badge. The wallet interface is now UART, and the physical connection itself is cleverly designed: the contact between the reader and the badge board is pogo-pins.
Pog-pins are such convenient spring-loaded contacts that are usually used to establish a temporary electrical connection. On a specially designed reader board, 4 such contacts are installed, and on the badge itself 4 contact pads are made: TX, RX, 3V3 and GND. So now, to connect to the reader, it’s enough to place the badge card on the pins and hold it in this position for a little while.
We also recharged a couple of clever articles on industrial design and invented our own housing for the reader. The first design minute was thrown on a piece of paper at lunch time. Next up is half a dozen iterations on a 3D printer and hotmelt, in the best traditions of prototyping.
Here I had to torment fairly with the selection of the size of the gaps and wall thickness of the case. Why? Because the design from the paper had to be immediately transferred to CAD and the human drawing, and not sculpted on the go to Tinkercad. He pushed one hole, forgot another … But now we have a mountain of prototypes and the final design of the case.
The case turned out pretty comfortable. Now you don’t have to bother with the reader: you insert the badge into the case, it itself centers the board as needed, and reliably holds it in itself. Two grip limiters and a board that follows the outline of the bottom of the board are responsible for this. And thanks to the UART interface, which is much more reliable and faster than IR, the wallet data exchange process itself now takes a split second.
Objective 2: Ensure maximum coverage for NRF24. We had a floor plan and we had data on how efficiently the room transmits and receives NRF24. We were required to calculate where and how to poke transmitters so that there were no dead zones on the conference territory and badges always broadcast the latest information about CTF.
It turned out to be easy. As a transmitter, we chose a single-board Raspberry PI and the same NRF24. In order not to produce two dozen raspberries with breadboard wires and NRF, we made our own shield. It is designed to connect all kinds of types of NRF24 modules and has a pair of LEDs to indicate the status of raspberries. It only remained on the spot to check the coverage area of the transmitters and, if necessary, correct the calculations.
Component procurement: what to do when everything goes wrong
Up to this point, the preparation of the badge was generally smooth. Everything changed when we started to purchase components and order production of circuit boards.
Problem 1: Coronavirus in China. From the experience of the previous year, we remembered how important it is to agree in advance with suppliers and factories. We agreed.
And then something-about-everyone-know happened. Due to export restrictions and production downtime in China, half of the suppliers of electronic components apologized and simply made a helpless gesture without naming any deadlines. The second half drew × 2— × 3 from a suitable time for us.
The same story with the production of circuit boards: two months or so on production and delivery. Given the installation for OFFZONE 2020, we did not have time …
On the advice of fellow engineers, we tried to contact one factory in Latvia through intermediaries. But there they said the affectionate “nē” (“No” in Latvian)as soon as we learned that we need to produce 40+ square meters of PCB.
The clouds were gathering. Precious days went in search of a plant that would make us a series of boards, for communication with suppliers who constantly shifted the deadlines. The likelihood of a fail grew.
In the twentieth round of calling all the possible contractors, at the cost of the enormous moral and moral suffering of the BI.ZONE personnel, at the cost of the bearded engineers, we were able to agree on the production of printed circuit boards and the supply of almost all components so that we would be in time for OFFZONE 2020. Back to back, but in time!
Problem 2: The Elusive NRF24L01. Alas, with the purchase of radio modules NRF24L01 we were not so lucky.
However, the counterparty, which assumed delivery obligations, merged at the last moment. In order not to break the installation, it was necessary in 5-6 days to find a new supplier – or come up with something else.
Desperate times require desperate measures. We did not dare to hope only for the success of the searches and at the same time took advantage of the first commandment of the DIY-schika: there is something missing – do it yourself! Well, or copy from the one who is smarter. In the context of NRF24 smarter than the engineers of the Nordic Semiconductor itself, hardly anyone is. In the datasheet on NRF24L01 we found an example of recommended circuitry and PCB.
The same example was easily found in the form of the Altium PCB project. We quickly changed the connection type from header 2 × 4 2.54 mm to the 8 metallized half-holes of 1.27 mm we needed. Components, polygons, transitions, conductors, etc. were left strictly unchanged.
So, while some colleagues cut off phones to electronics suppliers, others in the scalded cat mode ordered the production of PCBs and components for a dozen home-made modules. A few days later they all got into their hands and gathered. Surprisingly, it worked as it should! 3 out of 3 assembled boards showed excellent results in tests for reception and transmission.
The results were clearly no worse than those of purchased products. Dr. Dew wouldn’t have smoothed his nose. And this is even taking into account some simplification of the technological process: in the name of speeding up production, we refused the recommended coating of boards with emission gilding.
Although I still had to torment with the assembly of modules. For reasons unknown to us, Nordic engineers did not use a tamper in the mask, but three vias, as a contact to the earth’s pad (the case on the QFN20 transceiver chip). Yes, and look at the footprint of the liability: soldering components 0402, the contact pads of which are located back to back without a gap of the solder mask, is still a pleasure.
However, it would not be for us to solder a large batch, but soulless machines in production.
… If not for one circumstance: at the last moment there was a supplier from Belarus who helped us out with the necessary number of NRF24L01 mini modules.
All in vain
An engineer can handle a lot. Even the lack of key components, as it turned out, will not stop him. But when the product concept itself becomes meaningless, the engineer has no choice but to start from scratch.
Watching the development of the spread of COVID-19, we made a difficult decision: OFFZONE 2020 needs to be rescheduled. But CTFZone, as the qualifying stage of DEFCON CTF, cannot be postponed (and we will conduct it online in late April).
Unfortunately, this buries the idea of a badge that translates the actions of CTF commands.
The textolite has already been made, and now we have 10,000 electronic components and glands in our hands. On the way another 1,000,000. Alas, they will never see the light.
Something ends, something begins
Cheer is not our style. The badge development team drastically changed from burning mode to cooling mode, but only in order to take on new powers to generate crazy badge ideas for OFFZONE 2020 v.2.0!
What it will be, we have not decided yet. One thing is certain: we will continue to develop the idea of shitty connector and try to make it interactive.
If you have any ideas or wishes, then share them – we will try together to bring them to life. Stay tuned and don’t sneeze!