Friday, October 26, 2012

The ToorCon 14 Badge

I designed an electronic badge for ToorCon again this year. It features a CC1111 sub-1 GHz wireless transceiver IC with USB connectivity. This chip has the same radio as the CC1110 in the popular IM-Me. While the badge is certainly hackable hardware-wise, I hoped that it would allow people to explore radio applications without having to heat up any soldering irons.

The ToorCon 14 Badge shipped with RfCat firmware and a USB bootloader installed, so conference attendees were able to start experimenting with just a USB cable, a laptop, and the RfCat software. Although I am a fan of software defined radio, sometimes a wireless transceiver IC is all you need to do some interesting things, and RfCat is the easiest way I know to get started.

The badge is designed to be similar to and firmware compatible with the CC1111 EMK (aka "Don's Dongle"), but it has a few extra goodies. Most notably, it shipped with RfCat firmware and CC Bootloader installed. It also features a GoodFET compatible programming header and a row of test points that would have been compatible with the GIMME had I measured correctly. (Oops! Aren't you glad there is a USB bootloader?) The badge also has an option to install an external antenna connector, allowing better performance across the whole frequency range of the CC1111 than previous designs.

I held a badge hacking contest and was happy to see several people working on interesting ideas at the con. One group blew everyone else away: the Root the Box team built a multi-user wireless chat system. They implemented their own network protocol, user interface, and even HTTP tunneling from the ground up using RFCat's rflib Python library. (in two days!) Check out my video of the demonstration they gave me. They even posted the source code for their winning entry.

These were the same guys who won the ToorCon 13 badge hacking contest by implementing a simple game with 2.4 GHz wireless connectivity. Check out their Root the Box CTF event coming up in January!

There were a few extra badges made. Look for them to go on sale soon at HakShop and Ada's Technical Books.

8 comments:

Victor said...

One more reason to regret not visiting the ToorCon! Though the beta version of HackRF is even more attractive!

I will try to load RfCat to my own CC1111 dongle I wrote you about sometime ago, but it totally misses the cool factor of yours!

atlas OfDoom said...

the rootthebox guys did an awesome job using the toorcon badge! <3

Boyd said...

Will the HackRF transceiver support openbts?

Thanks.

Michael Ossmann said...

OpenBTS support would be tricky and would probably require two HackRF units, one TX and one RX. It isn't something we are working on at this time.

Matt Nottingham said...

As they haven't appeared in either of the shops you mention, do you know when this is likely to occur?

Anonymous said...

what about openbts support now?

Agen Bola Terpercaya said...

good website Agen bola terpercaya

Agen Bola said...

Agen Bola