Image: Daniel Oberhaus/Motherboard

A History of Badgelife, Def Con’s Unlikely Obsession with Artistic Circuit Boards

Inside the obsessive circuit board culture at the heart of the world’s largest hacker conference.

|
Sep 18 2018, 2:00pm

Image: Daniel Oberhaus/Motherboard

I hadn’t been at Def Con for more than five minutes before I was mobbed by hackers asking to see my conference badge. I had just left the press registration room at one of the world’s largest hacking conferences, but the attendees lurking outside the door weren’t concerned about my journalistic cred. Instead, they were all trying to solve an elaborate puzzle that implicated every attendee—and as I soon found out, I was one of the few people who could help them solve it.

My press badge looked more or less the same as the other attendees’ badges, except the drawings on the badges were different. When I inserted the batteries that came with my badge and the badge lit up, the LED patterns were inscrutable to me. But to the hackers that had surrounded me, they told a story.

“That green light there is your character,” one of them told me. “The red guy is a goon [Def Con slang for conference support staff]. Now watch what happens when we connect our badges.”

He clipped a port on his badge to a port on my own. A few lights flickered to indicate that the badges were interfacing and then he disconnected. He pointed to a few lights on the bottom of his badge that had changed from red to green, suggesting he had made progress in the puzzle. Before I passed my badge to the other hackers I looked at the character on my badge and noticed it had moved. I handed my badge to another attendee. “I have no idea what the hell is going on,” he said as he pondered the flickering lights on our connected badges.

I couldn’t have said it better myself.

At Def Con, attendee badges are never just a token of admission to the conference. Each year’s conference badge is a printed circuit board (PCB), the same type of mini computers you’ll find embedded in most modern electronics. For more than a decade, these circuit boards have served as a ticket to an underground social club whose members are all obsessed with solving the puzzles baked into the badge’s hardware. The stakes of the game are high—the first attendee to crack the puzzle wins an “uber badge” that will grant them free access to Def Con for life. But according to most of the attendees I spoke to, it’s the social aspect of the badges, not the prize, that drives their obsession.

Over the past few years, attendees have started to craft their own circuit board badges, and for some, collecting these unofficial badges has become the main reason to attend Def Con. The elaborate designs of the unofficial circuit boards now rival the complexity of the official conference badges and have spawned an entire culture at the intersection of electronic hardware, art, and cryptography.

Some attendees use these badges as an outlet for their artistic impulses or as an excuse to learn a new hacking skill. Others use it as a way to fund their trip to Def Con or raise money for causes they care about. At Def Con, badges tend to sell for upwards of $100 apiece and some of the more popular ones do runs of several hundred badges each year. No one is going to get rich off selling badges, but creators can still earn tens of thousands of dollars each conference.

The Florida Man badge doubles as a breathalyzer created by Jonathan Singer (@jonathansinger). Image: Daniel Oberhaus/Motherboard

Over the course of a weekend in Las Vegas at this year’s Def Con I spoke with dozens of people making and collecting hardware badges in an attempt to understand what compels attendees to drain their bank accounts on circuit boards and race through the labyrinthian halls of Caesar’s Palace in a mad scavenger hunt for rare badges. To an outsider, these hackers seem to have succumbed to madness, but now I know better. This is no badge sickness—it’s badge life.

THE EARLY DAYS

When I first met Joe Grand, he had just finished teaching an eight-hour hardware hacking workshop where attendees learned how to put together a circuit board that used an optical receiver. The workshop had gone about an hour over schedule, but Grand stuck around to help attendees put the finishing touches on their devices. For someone who had just spent the last eight hours talking about circuit boards, he was still full of energy as he told me about the origins of badgelife.

Grand has been attending Def Con since 2001, five years before electronic badges were even a thing. Grand etched his first board when he was seven and started doing hardware design professionally in his teens, but in the early days of Def Con, software hacking was in vogue and messing around with hardware was considered a niche hobby. In an effort to bring hardware hacking skills to a greater audience, Grand led a hardware hacking class at Black Hat, Def Con’s sister conference, in 2005. The success of Grand’s class attracted the attention of Jeff Moss, the founder of both Def Con and Black Hat, who suggested Grant should do something similar at Def Con the following year. At that point, Moss had another idea. What if the conference badges themselves were circuit boards?

The original Def Con circuit board badges from 2006. Image: Joe Grand

So Grand was tasked with designing the first ever electronic badge, which premiered at Def Con 14 in 2006. The first badge didn’t include any games or puzzles, but was meant to be a sort of platform that would allow people to familiarize themselves with hardware hacking and put their own spin on the badge’s functionality. That year, Grand hosted a badge hacking contest and invited attendees to put the badge to a creative use. Only a few dozen entered the contest out of the roughly 7,000 Def Con attendees, but Grand was impressed with the creativity entrants brought to the table. The winner was a DJ named Shagghie, who used the pseudo-random patterns generated by the badge’s LEDs to manipulate his synthesizer to make music.

“Those early badges were very simple,” Grand told me. “My goal was giving somebody what they need to do something further.”

Grand continued to design Def Con’s electronic badges for the next four years and challenged himself to put a new spin each time. It wasn’t until Def Con 16, in 2008, that a social element started to creep into Grand’s badge design. That year, the badge included an infrared sensor that allowed anyone to pass small bits of information—a business card, some text, or a small image—from badge to badge.

The following year, Grand created different badge formats that were distributed to people with different roles at the conference: attendees, press, speakers, “goons,” organizers, and vendors. This badge design also included a social component that required badge holders to interface with all the different badge formats to unlock special features.

Although Grand switched up this design in 2010—his final year as badge designer—the format he pioneered at Def Con 17 has been replicated nearly every year since.

The Hack for Satan badge. Image: Daniel Oberhaus/Motherboard

After Def Con 18 in 2010, Grand told me he found himself “bored with having to one up myself each year.” It was time to pass the torch and Grand had no problem finding a replacement. A hacker called “LosT” eagerly accepted the role of Def Con badge czar, which he held until 2017.

Inevitably, the changing of the guard meant a change in the nature of the badgelife. LosT was already running a puzzle challenge at Def Con and he rolled his love of puzzles into his first badge, setting a precedent that continues to this day.

“It’s a different mindset today,” Grand said. “Now there’s a lot more complex boards and people have lots of crazy puzzles and I think that’s okay. It’s because people know how to work with hardware now and they want to do more with it.”

Middle finger shitty add on badge by @ElJefeDSecurIT. Image: Daniel Oberhaus/Motherboard

Grand said he couldn’t pinpoint when badgelife took on a life of its own. By the time he passed the torch to LosT, he said small, custom batches of electronic badges had already started cropping up at some Def Con parties and had even been seen at other security and hacking conferences around the US. Looking back on it now, he said he had no idea badge culture would ever become such a big phenomenon.

“It's amazing to see what it's become, I would’ve never predicted it,” Grand told me. “Jeff [Moss] probably did. He has a vision and can sense what people are gravitating towards. I was just doing it because I loved designing electronics and contributing to the conference in that way.”

Grand attributes this explosion in large part to the quality of tools that have become available to hackers in the past 12 years. When he was starting out, hackers had to have a good grasp on electrical engineering and circuit board design to make a badge. These days, however, there are companies such as Osh Park and MacroFab that will go through circuit board designs with their customers, which makes badge manufacturing accessible to those with hardly any hardware hacking skills.

Minion and Nic Cage shitty add ons created by @awkwardai. Image: Daniel Oberhaus/Motherboard

One thing that hasn’t changed over the years, however, is the community-oriented nature of badge culture and the headache of going from design to a functioning circuit board.

MADE IN CHINA

For many of the badge makers, designing and manufacturing a custom circuit board for Def Con is a yearlong project. For AND!XOR, the hacker collective behind one of the most coveted badges at Def Con—the “Bender” badge, so called because each iteration riffs on the robotic character from Futurama—the process of creating the next badge begins the day after Def Con ends.

According to Hyr0n, the mathematician who designed the text-based game on this year’s Bender badge, the AND!XOR crew begins the design process by coming up with a list of ideas for badge functionality and then designing a “kitchen sink” PCB prototype that has as much hardware on the badge as possible.

The Chameleon badge. Art by @nyaanase and circuit by @dorkengine. Image: Daniel Oberhaus/Motherboard

Then the crew starts scaling down, usually because of compatibility issues or simply because it would be too expensive to include a particular feature. Each of these prototypes is assembled by hand, but once they have a final design, the prototype is handed over to a PCB manufacturer in Texas who uses it as a template to mass manufacture the badge. (This year AND!XOR made 600 badges, which they sold for $140 apiece.)

“The late nights, last minute scrambles, endless shipping delays from China, the wrong parts being ordered—that’s badgelife."

AND!XOR’s decision to manufacture its badges in the US is rather anomalous in the badgelife community, but it saves the group a lot of headache. Most other badge makers source their custom PCBs from China, which can lead to supply chain issues and almost always seems to result in weeks of delay. For example, many badge makers will order bulk PCB components and then ship them to the PCB manufacturer in China—even though the components themselves are usually made in China.

Whitney Merrill, an attorney at Electronic Arts and the founder of Def Con’s Crypto and Privacy Village, knows this all too well. Merrill founded the Crypto and Privacy Village in 2014 and after its initial success she received an email from a fellow hardware hacker Jorge Lacoste, who wanted to discuss the possibility of designing a badge for the Village in time for Def Con 23.

A Sputnik badge from NSEC 18 conference. Image: Daniel Oberhaus/Motherboard

A few weeks later, Merrill received the long awaited badges from the manufacturer only to discover that all the LEDs were soldered backwards, a fluke she described to me as “a thousand dollar mistake.” Not to be deterred, Merrill and Lacoste ordered a second set of badges and with the help of a small team of volunteers stayed up all night before Def Con in 2015 assembling them by hand. Despite the mishap, Lacoste ended up liking the process so much he joined the AND!XOR crew.

Merrill realized that there was a large group of badge makers out there who had experience that she and other newbies could draw from. But they needed a way to communicate. In 2016, she launched a chatroom for badge makers that is now frequented by dozens of hackers throughout the year. Indeed, it’s the closest thing Def Con badge makers have to an official meeting spot. When Merrill recounted her manufacturing issues to the group, everyone sympathized. George Louthan, who designs badges for Queer Con, a mini conference within Def Con, described the endless parade of difficulties as “badgelife.”

“The late nights, last minute scrambles, endless shipping delays from China, the wrong parts being ordered—that’s badgelife,” Merrill told me. “It’s something we could all relate to and the name stuck.”

The car hacking village badge made by Robert Leale II (@carfucar)

Sometimes the collaboration among badge makers exacerbates their manufacturing issues since many of them end up using the same suppliers and can end up competing for parts. Queer Con, which runs in tandem with Def Con and organizes one of the conference’s biggest parties, started producing its own badges in 2013, but the popularity of the badges soon made it difficult to source components. Two years ago, for example, the Queer Con badge called for 15,000 cyan LEDs, which resulted in the badge makers buying every last cyan LED available in the world according to its designers.

“We were going to use the cyan LEDs on the 2015 badge, but we couldn’t get the number we needed in time, so at the last minute we switched to ultrawhite ones,” Evan Mackay, who designs the PCB for the Queen Con badge, told me. “The next time we succeeded by ordering them much earlier than usual and by the time we finished ordered the 15,000 we needed, the manufacturer and supplier were out. Fun times.”

Each of the seven different Def Con 17 badges could be connected to create new effects. This marked the beginning of a social component being baked into the official badge design, a trend which continues to this day. Image: Joe Grand

One of the trickiest parts of badgelife, however, is sourcing the components for the official uber badges. These batches are given out to the winners of a handful of official Def Con contests and grant the winners free access to the conference for life. This means that these badges have to be designed in such a way that they are nearly impossible to replicate, which requires sourcing exotic parts. This year’s official uber badges were designed by Toymakers, a small company in Minnesota that makes electronic kits, a task it described as a “unique challenge.”

“Uber badges are some of the most coveted objects in hackerdom,” Whisker, one of the founders of Toymakers, told me in an email. To prevent counterfeit uber badges cropping up, they said they turned to “vacuum tubes and parts salvaged from old time missile telemetry equipment” for their design, but wouldn’t go into further detail. “Best to leave an air of mystery around them,” Whisker said.

A press badge from Def Con 2018, designed by the Toymakers. Image: Daniel Oberhaus/Motherboard

Even for badge makers who aren’t working with missile-related components, however, things are expected to get more expensive and confusing now that the Trump administration is pursuing aggressive tariffs against China. In fact, next year the cost of some of their components could increase by around 20 percent and new regulations could add to shipping delays. Moreover, since chip manufacturers operate on razor thin margins many are phasing out a number of popular, older pieces of hardware from their production lines in what some hackers I spoke with described as “a race to the bottom.” This will require badge makers to to completely overhaul their designs in the future to accommodate new standards and chip sizes.

BADGELIFE TODAY

Everyone I spoke with said the late nights, confusion, and stress was worth it in the end. For AND!XOR, one of their favorite parts of producing a badge is distributing them through impromptu scavenger hunts. Most unofficial badges are only produced in batches of 400 or 500 at most, a relatively small inventory given that Def Con attracts over 20,000 attendees.

The 2016 Queer Con badge with a hat add on. The cyan LEDs can be seen in rings around the squid eyes. Image: Evan Mackay

Although anyone selling anything at the casino technically needs to register with the conference so that they pay sales tax on their wares, most badge makers flout this rule and sell their badges out of a backpack—if you can find them. This turns the entire enterprise into a weekend-long scavenger hunt, with some badge makers posting cryptic references to their location on Twitter.

“We like to like to challenge people with puzzles on the badge or flash dance parties,” Zapp of the AND!XOR crew told me. “Last year we stood in middle of the Caesars pool and made people get their daily bath by jumping in the pool and racing to get the badge. That’s the best part of it.”

The 0 day @banana_sec add on. Image: Daniel Oberhaus/motherboard

It’s not always fun and games when it comes to running badges at Def Con, however. When Brian Benchoff, a writer for Hackaday and the designer of the coveted “Mr. Robot badge,” arrived in Las Vegas a few days before this year’s Def Con, conference security informed him that the FBI wanted to talk to him about his badge.

According to Benchoff, the Caesars hotel had been hit with several de-authorization attacks, in which hackers used specialized hardware to knock devices off the internet. The FBI, involved because the hack was considered a cyber attack, settled on the badges as a probable cause, likely due to their unfamiliarity with the hardware. (Although many badges include the capability to wirelessly access networks, few come with the hardware necessary to launch serious cyber attacks.)

“The hotel and FBI were freaking out about things,” Benchoff said. “I had been kind of vocal on Twitter, so they went for the easiest target. As it turned out though, it was just some jackasses using rooted phones to de-auth the hotel WiFi.”

The 2018 Mr. Robot badge. Image: Daniel Oberhaus/Motherboard

The earliest days of badge culture were mostly cultivated by a few hardware hackers such as Grand and LosT, toiling in solitude on a labor of love. Their mistakes were their own and each new entrant to the game had to make the same mistakes, on their own. Merrill’s idea to bring all the badge creators into a central chat room has given badgelife something of a public face and made it easier for newbies to seek advice on everything from circuit design to sourcing parts.

It’s also opened the door for large-scale collaborations among badge makers, such as the “Shitty Add-On Standard” to most badges at this year’s conference. The cheekily named standard is a four-pin hook up that allows people to design small badges that can be hooked up to and powered by the larger badges that serve as their base. In a testament to the unofficial badge culture’s influence at Def Con, the “Shitty Add-On Standard” got included on official Def Con badges.

Only 23 Illuminati badges were hand-made by @_kredence. Image: Daniel Oberhaus/Motherboard

Add-on badges can be traced back to Queer Con 2015. Although Queer Con has been making its own badges for years, its 2015 badge— a neon squid—featured a connector that allowed people to connect smaller badges that looked like hats or unicorn horns. According to Louthan, who does software design for the Queer Con badge, these add ons arose out of necessity.

Queer Con usually makes a handful of its own “uber” badges to recognize people who are instrumental in organizing the event. This is usually done by making badges with different colors, but sometimes the manufacturing process limits the types of colors that can be used. Add-ons were a way to differentiate badges while sticking to a standardized manufacturing process. Nevertheless, the idea was a huge success and the following year saw a number of other badges making space for add-ons.

The problem, of course, was a lack of coordination—every badge was using a different type of connector for add-ons, which meant that there was next to no interoperability between small add-on badges. That all changed this year when Benchoff drafted up the “Shitty Add-On Standard” that’s been adopted by almost every major badge maker at Def Con.

The impact of this standardization was huge. This year, Def Con attendees created well over 100 different badges and add ons, dwarfing the numbers seen during previous years.

“A lot of these groups really pour their time and energy into these badges,” Zapp told me. “There's a lot of people here to consume, but this is actually making something. In that sense, badgelife is the last thing from the original Def Con. In fact, it’s one of the last demoscenes. People spend all year working on something just so they can show it off for four days in the desert. That, I think, is pretty cool.”

By the time I left Def Con to head back to New York, I was hardly any closer to understanding the game baked into my press badge. Even though the lights were as inscrutable as ever, I had gained a newfound appreciation for the art and science of circuit board design in the process of trying to understand it. The enthusiasm for badgelife among makers and collectors was contagious and as my plane departed from the Las Vegas airport I found myself dreaming up circuit board designs. If time permits, I might take a crack at designing a badge or at least a shitty add on for the next Def Con. This is a project idea that wouldn’t ever have crossed my mind a month ago, but then again piquing attendees’ curiosity about hardware hacking was the point of electronic Def Con badges all along.