One more badge post for the night

Sorry, guys. I've been obsessed with this thing all day, and while I don't plan on entering the badge hacking contest (I have NO developer skills at all), I would like to get as much info out there as possible. I hope that when the next wave of badges gets released, this helps some people get up and running ASAP. In theory, you should be able to read this and get your SD card ready ahead of time.

My last post had a bit of speculation to it when it came to the file transfer part. With some black-box testing between Shawn Moyer's badge and my own, and some help from Ryan Russell looking at the source code that Joe Grand put on the DefCon CD, I finally have some more solid information on how the file transfer feature works with the SD card inserted.

  • When you push the button on the back, it will power the badge on. The LEDs will scan (and remain in "look at me, for I am glitzy" mode)
  • When you push the button again, the LEDs will sweep from the center out, then the IR will try to handshake while a progress meter sweeps.
  • If a handshake is initiated, the LED bar will briefly alternate one LED on, one LED off, then as the transfer happens, the progress bar appears.
  • The SD Card has to be formatted FAT16
  • The file you wish to transfer must be named in 8.3 (README.DOC, 12345678.TXT, AUTOEXEC.BAT, etc)
  • The file you wish to transfer must be read-only
  • The file you wish to transfer must be smaller than 128k. There's a limit in the code for this (likely easy to remove) which supposedly minimizes the possibility of a transfer error. Ryan seems to think that's also a way to protect badge-to-badge exploits.
  • The files are transferred at speeds not unlike those used by a TV Remote. In other words: It's very slow. The files are read, written, and transmitted byte-by-byte in a loop. Simple but effective.
  • There's a hand-written FAT16 driver in the default code, and it will walk through the FAT and transmit only the first file (per the allocation table) which meets the criteria.
  • If the filename exists on the target SD card, it will replace the last character with a number (0-9)
  • The file that's created on the recieving end will NOT be marked read-only and this will never be re-transmitted without manipulation.
Basically, cram 128k or less of data into a file on your SD card and start copying it to others. Maybe it'll be a virus. Maybe it's your vCard or photograph. Perhaps it's an autorun file. You decide.

I must really give it up to KingPin this year. Just tinkering with this badge has made today a really social day for me and I've hung out with some people who I was really hoping to get to meet. It's been an ice-breaker of a project already. If you see me, I'll send you my goodies. :)

Keep an eye on the HiR Twitter page if you aren't following it already. I'll be live-blogging more Badge stuff in the morning from the keynote, and probably from other events as well. I'll attempt to stitch the mess of tweets together into coherent full HiR posts for some of the talks if time (or content) allows.

blog comments powered by Disqus