║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
╟┐ ┌╢▐
║ After two years of remotely running the Hardware Hacking ║▐
║ Village (HHV) Capture the Flag (CTF) competition due to ║▐
║ COVID-19, this was my first year back in Las Vegas, and an ║▐
║ opportunity to revamp the HHV CTF. I had learned a lot over ║▐
║ the past two years while creating remote-friendly CTF ║▐
║ challenges, and I was excited to apply those learning to ║▐
║ in-person content. ║▐
║ ║▐
║ Following the improvements of the previous years, the CTF ║▐
║ continued to be Jeopardy style competition over 2 days ║▐
║ (Friday and Saturday). The event was hosted on CTFd and ║▐
║ most of the challenges required interfacing with physical ║▐
║ hardware we had available in the HHV. ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ I have enjoyed pushing the boundaries and applications of ║▐
║ the Shitty Add-On (SAO) standard since its conception; ║▐
║ while brainstorming challenge topics for DC30, I had an ║▐
║ idea to enhance the SAO feature in a new (and evil) way, ║▐
║ digital rights management (DRM). The goal was to create a ║▐
║ series of access control challenges that would prevent ║▐
║ add-ons from receiving power from an electronic conference ║▐
║ badge unless they passed various authentication checks. ║▐
║ ║▐
║ Enabling this new SAO feature was a 'custom MCU' called the ║▐
║ HHVDC30, designed specifically for controlling electronic ║▐
║ conference badges. ...Realistically, this was an ESP32 ║▐
║ module that was being disguised as new technology, and the ║▐
║ CTF electronic conference badge design further played up ║▐
║ the custom IC lore by artfully exposing leads for the chip ║▐
║ on the PCB. The display on the ESP32 module was used to ║▐
║ convey an orientation marker, IC name, and manufacturing ║▐
║ date on the default screen, and there was a custom ║▐
║ datasheet outlining the HHVDC30's pinouts and features. ║▐
║ ║▐
║ SAO power access was regulated by a load/power switch to ║▐
║ the 3V3 pin of the SAO header. Once an add-on was plugged ║▐
║ in, the badge would enable power to the SAO port for a ║▐
║ short period of time to check/request authentication from ║▐
║ an add-on, and if the authentication was successful, power ║▐
║ would remain enabled, otherwise, power would be disabled. ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ Only one add-on was completed in time for DEF CON 30, but ║▐
║ it supported two challenges. One challenge required ║▐
║ reworking the add-on to get the LEDs working, and the other ║▐
║ challenge required participants to reverse engineer the ║▐
║ analog authentication method. Each participant was given ║▐
║ their own add-on to hack on since I wanted participants to ║▐
║ be able to take away something from competing. Giveaways ║▐
║ always attract attention, and I couldn't think of an easier ║▐
║ way to get people to learn how to solder. ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ In addition to the SAO DRM challenges, the custom ║▐
║ electronic conference badge featured a handful of hidden ║▐
║ flags on various interfaces. As a hint to these interfaces, ║▐
║ the datasheet for the HHVDC30 had a table outlining the ║▐
║ capabilities for each pin. ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ ║▐
║ While I would have liked to have had more SAO DRM ║▐
║ challenges ready for DEF CON 30, I was still pleased with ║▐
║ the final CTF results. There was enough content to keep ║▐
║ contestants busy over the two days of the CTF, and the ║▐
║ difficulty of the of the challenges seemed balanced and ║▐
║ approachable given the number of first-time solderers I ║▐
║ witnessed and talked to! ║▐
║ ║▐
║ More details about the DC30 HHV CTF can be found on the DC ║▐
║ HHV challenge website, including a solutions write-up! ║▐
╟┐ ┌╢▐
╟┐ ┌╢▐
║ Part hardware hacker, part creative technologist, and part ║▐
║ human-centered designer thriving at the cross-section of ║▐
║ engineering and design. ║▐
║ ║▐
║ Led to engineering through my love for music, art, and ║▐
║ math, I hold degrees in electrical, computer, and music ║▐
║ engineering. Following a stint in academia, I joined IDEO ║▐
║ as a senior electrical engineer where I contributed ║▐
║ creative problem solving and prototyping fluency to a ║▐
║ breadth of projects ranging from vehicles of the future, to ║▐
║ life-changing medical equipment, to innovative children's ║▐
║ toys. Most recently, I was at Delve and now Sundberg-Ferar, ║▐
║ diving deeper into engineering for production, and working ║▐
║ on bringing ideas and prototypes to reality. ║▐
║ ║▐
║ Outside of work, I enjoy creating rotoscopes and ║▐
║ illustrations, reverse engineering electronic toys, and ║▐
║ taking a break from screens by running, biking, and camping ║▐
║ in the great outdoors. ║▐
╟┐ ┌╢▐
║ -=≡≡≡≡≡≡≡≡ MS in Electrical and Computer Engineering ≡≡≡≡≡≡≡≡=- ║▐
║ School .... University of Delaware, Newark, DE ║▐
║ Grad year . 2012 ║▐
║ ║▐
║ -=≡≡≡≡≡≡≡≡≡≡≡≡≡≡ BEE in Electrical Engineering ≡≡≡≡≡≡≡≡≡≡≡≡≡≡=- ║▐
║ School .... University of Delaware, Newark, DE ║▐
║ Grad year . 2011 ║▐
╟┐ ┌╢▐
║ -=≡≡≡≡≡≡≡≡≡≡≡≡≡≡ Senior II Electrical Engineer ≡≡≡≡≡≡≡≡≡≡≡≡≡≡=- ║▐
║ Company ... Bresslergroup / Delve, Philadelphia, PA ║▐
║ Key roles . Developed embedded hardware for diagnostic devices ║▐
║ . Developed embedded firmware with precision-timing ║▐
║ . Designed for manufacturing ║▐
║ Years ..... Nov '20 - Apr '22 ║▐
║ ║▐
║ -=≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡ Senior Electrical Engineer ≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡=- ║▐
║ Company ... IDEO, Chicago, IL ║▐
║ Key roles . Specialized in rapid hardware prototyping ║▐
║ . Developed embedded and front-end software ║▐
║ . Designed human-centered solutions for clients ║▐
║ Years ..... Sep '14 - Oct '20 ║▐
║ ║▐
║ -=≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡ User Experience Intern ≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡=- ║▐
║ Company ... Shure, Niles, IL ║▐
║ Years ..... Summer '13 & Summer '14 ║▐
║ ║▐
║ -=≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡ Graduate Research Assistant ≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡=- ║▐
║ Company ... Univ. of Miami, Music Eng Dept, Miami, FL ║▐
║ Years ..... Aug '12 - May '14 ║▐
║ ║▐
║ -=≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡ Co-Founder and Shop Manager ≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡=- ║▐
║ Company ... Newark Bike Project, Newark, DE ║▐
║ Years ..... Oct '11 - Aug '12 ║▐
║ ║▐
║ -=≡≡≡≡≡≡≡≡≡≡≡≡ Undergrad/Grad Research Assistant ≡≡≡≡≡≡≡≡≡≡≡≡=- ║▐
║ Company ... Univ. of Delaware, Elec/Comp Eng Dept, Newark, DE ║▐
║ Years ..... Feb '09 & Aug '12 ║▐
╟┐ ┌╢▐
║ -=≡≡≡≡≡≡≡≡ Languages ≡≡≡≡≡≡≡≡=- ║▐
║ C, C++, Obj-C HTML, CSS Spanish (int) ║▐
║ Basic Assembly Javascript Japanese (beg) ║▐
║ Matlab Python ║▐
║ ║▐
║ -=≡≡≡≡≡≡≡≡ Software ≡≡≡≡≡≡≡≡≡=- ║▐
║ Adobe CC Autodesk Fusion Microsoft 365 ║▐
║ ║▐
║ -=≡≡≡≡≡≡≡≡≡≡ Other ≡≡≡≡≡≡≡≡≡≡=- ║▐
║ Screen Printing Bike Mechanic Furby Technician ║▐
║ Sketching Illustrating ║▐
╟┐ ┌╢▐
╟┐ ┌╢▐
╟┐ ┌╢▐
