The Internet at DEF CON 33 (and BOM to make your very own)

 And it came to pass that the Pope of the Church of Wi-fi, yeah, even Renderman, didst bless and consecrate The Internet in this the 2025th year of the common era (and 35 years after Tim Berners-Lee invented it) on August 8th, the second night of DEF CON 33.

And lo, DuncanYoudaho didst capture the consecration thereof in an image. In the self-same breath as the consecration, the Pope did also pronounce a holy quest upon him as a teacher doth chastise the student that readeth not the book but kind of fumbles through the book report anyway.

Yeah, he was admonished with much reproachment to not share the graven image of the consecration until such time as the quest was fulfilled. That all the world wouldst see and hear and follow in the path. And this was the quest:

"DuncanYoudaho, if ye be a loyal servant of The Internet, teach those who see the image of this blessing how they also might obtain an Internet of their very own. Yeah, promulgate and proclaim the BOM that thou didst fulfill when making The Internet."

And so if thou wisheth to make this Thine Internet, obtain the shards of circuitry, and resistors, and switches, and hookup wire, and make ye an earthly copy of what is now The Blessed Internet!

Instructables

I made The Internet thanks to a great Instructable. The parts list has atrophied a bit with time, so I’m reproducing a BOM here with more modern selections. When in doubt, they’ve probably got better step by step instructions, so head there. What I did not do (and wish I did) is take the advice to make curly LED hookups and stand-offs.  Making the wires as tight as they are has lead to almost every solder joint breaking. The Internet has required constant maintenance which various users have graciously done and received stickers in return, most recently, Chip from Aviation Hacking Village.

Parts List

• Hammond 1591XX Series enclosure in a chosen size (Mouser/Digikey) or a similar looking enclosure - The plastic enclosure of The Internet uses a Radio Shack ABS project box. As these are no longer available in large quantities, I found a similar project box in the Hammond 1591XX Series enclosures.  These come in black, have a detachable bottom with rounded exterior edges, and come with PCB mounting holes inside the case for easy attachment of the strip board components.
• Red LED inside chrome-plated enclosure (Mouser/Digikey) - Pay particular attention to the voltage. Higher voltage LEDs will need more batteries.
• NE555 Timer (Mouser/Digikey) - The through-hole TI model is linked here. This is the grand-daddy of them all. The IC that birthed all other blinky lights. Kneel and say thanks. And provide at least 4.5V to power it.
• Resistors: 330Ohm, 2x 1M Ohm - The 330Ohm resistor can be changed to tune the blink to your liking.
• Battery Holder(s) for at least 6V power. 
• Hook-up Wire, Solid Core.
• Strip Board sufficient for mounting the components and attaching inside the case.

Equipment

• Wire Strippers
• Soldering Iron and Solder
• Double-sided Tape
• Screw Driver for case and PCB Screws

Steps

• Get circuit working on Strip Board or Bread Board.
• Cut 8mm hole in case for light
• Cut hole in case for switch. I put mine on the side of the box 
• Make stand-offs and long curly q's for LED, switch, and batteries
• Make final solder joints to hook everything up
• TEST IT 
• Screw down the Strip board to the box
• Affix the batteries to the strip board (I had to wire the 4x AA holder down as it kept breaking loose)
• Close it all up and test it again
• Get it demagnetized by the Elders of the Internet, or find another Pope of the Church of Wi-fi to bless it for you. 

Pinout stolen from NE555P Datasheet

 

Circuit Design

 

Pictures of The Internet

 

And the Lord did grin...

Currently, The Internet was handed off to members of DC404 for an East Coast Adventure. If Flat Stanley returns to DEF CON 34, I'm sure it will come with plenty of stickers. 

The Legend of the Murder Hobos

Spoiler alert: The real prize is friendship.

At R00tz Asylum, an official DEF CON event for kids, Facebook’s security team was running a CTF. The scene matched most rooms at DEF CON: intense staring at screens, poking at punny challenges, and no one really talking to each other. We chatted up our neighbors, Sodapop and p0wnyb0y about the con, the badge, and the contest. We realized the organizers encouraged teams, but no one else was talking. Pooling our resources, a 7 and 9 year old shot to the top of the leaderboard and took home the prize: 2 Chromebooks, and a con-friendship.

A chat at Toxic BBQ in 2018 lead to another team-up. Tinribs and I were Vegas locals looking to change up our DEF CON experience.  We took on the inaugural Dungeons@DEFCON with our 12 year old kids. Styled as the Murder Hobos, we won the Psychoholics-lead, D&D themed, CTF-style classic crypto challenge through cooperation, luck, and shenanigans, and we came away with the win and a black badge for our team of four. As far as we can tell, the kids are the youngest black badge holders in history. Grifter commented to The Dark Tangent during closing ceremonies, “What I like about a couple of kids winning a black badge is how much it’s going to cost Jeff. For life, baby!”

But we had a problem: only 4 of the 6 Hobos had a black badge, and so the next chase began. The very next year, family obligations took me away from DEF CON, so the Murder Hobos stormed Dungeons@DEFCON again but fell to the inimitable Fellowship of the Token Ring. Post-Covid, another run at D@D (with FOTTR contributing puzzles and CrookedFingers our Dungeon Master) ended with a second place finish. FOTTR decided to host their own contest, and Spy v Spy was born. With a thrilling finish, CamelCase bested the Murder Hobos by unlocking the dead drop minutes before P0wnyb0y arrived. Victory was elusive, but we couldn’t give up.

At DEF CON 33, I was trying to play it cool and relax. When we absorbed ourselves in a contest, we’d look up on Sunday afternoon at closing wondering where the weekend had gone. I was thinking I should take it easy. But it was not to be so. Spy v Spy had returned, and it had a compelling hook: souvenir slabbed playing cards when you completed incremental challenges. Sodapop and P0wnyb0y registered right away, and we were at the top of the leader board the most of the con. We cracked crypto, fabricated loaded dice with other teams, and chased dead drops for two days.

When the final round started, we made the cut, but didn’t know what we were up against. It was rumored one team had 12 people! So we unwrapped the challenge code book and got cracking. Sat at the disused Warlock Gamez booth, we were right in the walkway and kept getting interlocutors asking what we we’re working on (some of whom, we found out later, were actual spies from other teams), and they got a gruff reply. It was serious. Tinribs and Sodapop cracked numbers stations, P0wnyb0y decoded RTTY, and we found the spy. The final answer was phoned in over Discord while I walked back from the other end of the conference.

As I approached, I saw a confluence of people around the contest table. Tinribs was walking towards me shaking his head.

“Too late, we were a minute too late.”

Crestfallen.

“Just kidding. We got it.”

Elation. Joy. I screamed several expletives at him.

Around table was an excited mix of teams and organizers asking about clues and solves, tips and congratulations. Fox from the Whiskey Pirates may have teared up a bit, but so did we.

These contests and conferences are largely excuses. To get us off screens and in front of each other. Make friends and build community. Share skills that are weird and unique and unavailable in any concentration. Sometimes through competition, but also cooperation and conversation. With the win in hand, there was one final question.

The news came the next day: be at the main stage at 3pm. Victory, finally, after a 6-year chase, the Hobos all had black badges. After a whirlwind weekend, we were back on the main stage. None of the kids are children anymore. But we’re already planning our next escapade rather than retirement. FOTTR wants us to make our own contest. And I really want to share how we got here again. And maybe hang out with other puzzlers outside of one weekend per summer.

Cheers,

DuncanYoudaho

New Year, New DEF CON

During the DEF CON 26 DC101 Panel, someone (probably highwiz) asked one of the n00bs they brought on-stage, "What makes you a hacker?" In the past, it has been used by bad actors as an aggressive question.  Thoughtful types and artists have used it as a prompt.  But here it was dripping with curiosity.  "Why do you go to DEF CON?"

I'm more than a year out from a move that took me far from my hometown of Las Vegas to an adventure into the Pacific Northwest.  Budgets, family and time being what they are, I too had to ask myself, "What makes you a hacker?  Why should you go to DEF CON, again?"  Obviously, moving two states makes it harder to go.  Plane tickets are cheap enough in cattle-class, and I'm lucky to have family and friends in town upon which I can rely for lodging.  But family illness and obligation are also considerations, and this feeling in the pit of my stomach topped it all off: the idea that I no longer belonged.

Ironically, this security-focused community is affected by deep insecurities.  Concerns of legitimacy, competence, and belonging haunt us collectively, as do public examples of snake oil, burnout, and depression.  Discussions of Impostor's Syndrome are almost cliche in their frequency.  As is the mouth-agape disbelief following one of our rock stars admitting they second-guess themselves.  This loose band of social misfits and punks emerged from in our cocoon of BBSes and IRC to be famously dysfunctional. We have had to exorcise #MeToo demons, and our unhealthy relationship with alcohol keeps many away for fear of their own safety.  As a late-comer to DEF CON, I have not been personally affected by loss of friends in the community, but there's a reason Amber Baldet gave a talk on Suicide Interventions at DC21.  Hackers in my cohort are maturing as well.  Some of us are on their third career since the demoscene, and it has veered wildly away from any Information Security role.  There has to be something that keeps us coming back to the desert in August.  It sure ain't the unmistakable fragrance of Sunday morning talks.

It is a bit of a balancing act to maintain a conference that keeps drawing more and more people.  As of this writing, DC28 is scheduled to use almost 400,000 sq. ft. of conference space in a brand new facility.  Almost 30 villages with both broad and niche topics have formed, and each is a mini-con in and of itself.  Along with this widening scope, there were public and repeated attempts by The Dark Tangent to reestablish DEF CON as a Hacker event and set it apart from the Information Security industry where so many of its attendees find employment.  In the past, DT has publicly disinvited the Feds, and the run-up to DC27 saw another public clarification that while individual villages arrange their own sponsorship, DEF CON maintains no corporate sponsors.  You can see the push and pull of "What makes you a hacker?" at the highest levels.

And so we approach a new year and a new DEF CON.  Since DC19, I've grown with the conference.  I started managing Toxic BBQ with the help of friends and this will be our fifth consecutive kick-off barbecue.  People just show up to create an inviting space from scratch for anyone that can find it.  I won a Black Badge with my son at DC 26 by solving crypto puzzles and have tried to contribute in equal measure since then. And yet there's this nagging feeling...

Ultimately, I've decided the gate-keeping question is not an important one to answer.  What I give to and get from DEF CON keeps me going.  I'm comes down to a desire to think things I have never thought before.  I may not be able to show off like some, but I can gawk with the best of them at the Hacker Carnival.  DC28's theme, Discovery!, is right out of my high school years when the internet promised the sum-total of human knowledge at our fingertips and all that we could do once those barriers dropped.  Maybe we can celebrate by shedding our insecurities.  Just for the weekend.

Dan Moves North

Plenty has gone on in the past year. Here's a quick rundown:

- Learned how to quilt. 104 patches from my tour-guiding days on a lap quilt.

- Learned how to Black Badge at DEF CON 26. Shout out to my fellow Murder Hobos, PunkAB, and the entire Dungeons@DEFCON team for this kick-ass experience.

- Learned how to move across country through forest fires and with cats

- Learned how to survive a leg infection possibly from a cat scratch (not pictured; it was pretty gnarly)

- Learned how to not buy board games. I finished a 10x10 (play ten games ten times or more) without buying any new games in between. Moving thinned the collection, but it still takes up an entire linen closet.

Wristband Teardown from Amazon's #FireTVSDCC Event at San Diego Comic Con

A friend returned from San Diego Comic Con 2018 with an RFID bracelet used to track users in the Amazon Fire TV experience (on Twitter, #FireTVSDCC).  This is a teardown of the bracelet after the event.  At this time, I was unable to read from the bracelet.

The bracelet is fairly simple with a cloth band and plastic/paper tab threaded through.  The closure is plastic and one-way.  It bites into and mangles the cloth band if you attempt to remove, but you could probably shim it with tools and practice.  Might be a fun thing for the Tamper Evident Village if it turned out events were trying to use this for access control like plastic self-destructing wristbands.

The back contains a serial number.  I would like to see if this serial number would match the data read off the tag.

Separating the badge by prying them apart, I  spot the prize: an adhesive RFID tag placed between the glossy plastic covers.  It appears to have a model number of "CXJ-040" in the center of the tag.  It uses a circular antenna.  CXJ is the initials of Shenzen manufacturer Chuangxinjia.  Their product pages show many similar wristbands in a few different frequencies.

The tag didn't respond to my Android phone, so it is not a Mifare or similar.  Hopefully I can find a reader at the local Hackerspace or DEF CON 26.

Quotes from Dan Kaminsky's Keynote at DEF CON China

Above is Dan Kaminsky's keynote at the inaugural DEF CON China.  It was nominally about Spectre and Meltdown, and I thought it was immediately applicable to testing at all levels.  Here are some moments that jumped out at me:

On Context:

"There's a problem where we talk about hacking in terms of only software...What does hacking look like when it has nothing to do with software." 1:55

"But let's keep digging." Throughout, but especially 5:40

"Actual physics encourages 60 frames per second. I did not expect to find anything close to this when I started digging into the number 60...This might be correct, this might not be. And that is a part of hacking too." 6:10

"Stay intellectually honest as go through these deep dives. Understand really you are operating from ignorance. That's actually your strong point. You don't know why the thing is doing what it is doing...Have some humility as you explore, but also explore." 7:40

"We really really do not like having microprocessor flaws...and so we make sure where the right bits come in, the right bits come out. Time has not been part of the equation...Security [re: Specter/Meltdown] has been made to depend on an undefined element. Context matters." 15:00

"Are two computers doing the same thing?...There is not a right answer to that. There is no one context. A huge amount of what we do in hacking...is we play contexts of one another." 17:50

[Re: Spectre and Meltdown] "These attackers changed time which in this context is not defined to exist...Fast and slow...means nothing to the chip but it means everything to the users, to the administrators, to the security models..." 21:00

"Look for things people think don't matter. Look for the flawed assumptions...between how people think the system works and how it actually does." 35:00

"People think bug finding is purely a technical task. It is not because you are playing with people's assumptions...Understand the source and you'll find the destination." 37:05

"Our hardest problems in Security require alignment between how we build systems, and how we verify them. And our best solutions in technology require understanding the past, how we got here." 59:50

On Faulty Assumptions:

"[Example of clocks running slow because power was not 60Hz] You could get cheap, and just use whatever is coming out of the wall, and assume it will never change. Just because you can doesn't mean you should...We'll just get it from the upstream." 4:15

"[Re: Spectre and Meltdown] We turned a stability boundary into a security boundary and hoped it would work. Spoiler alert: it did not work." 18:40

"We hope the design of our interesting architectures mean when we switch from one context to another, nothing is left over...[but] if you want two security domains, get two computers. You can do that. Computers are small now. [Extensive geeking out about tiny computers]" 23:10

"[RIM] made a really compelling argument that the iPhone was totally impossible, and their argument was incredibly compelling until the moment that Steve Jobs dropped an iPhone on the table..." 25:50

"If you don't care if your work affects the [other people working on the system], you're going to crash." 37:30

"What happens when you define your constraints incorrectly?... Vulnerabilities. ...At best, you get the wrong answer. Most commonly, you get undefined behavior which in the presence of hacking becomes redefinable behavior." 41:35

"It's important to realize that we are loosening the assumption that the developer knows what the system is supposed to do...Everyone who touches the computer is a little bit ignorant." 45:20

On Heuristics

"When you say the same thing, but you say it in a different time, sometimes you're not saying the same thing." 9:10

"Hackers are actually pretty well-behaved. When hackers crash code...it does really controlled things...changing smaller things from the computer's perspective that are bigger things from a human's perspective." 20:25

"Bugs aren't random because their sources aren't random." 35:25

"Hackers aren't modeling code...hackers are modeling the developers and thinking, 'What did [they] screw up?' [I would ask a team to] tell me how you think your system works...I would listen to what they didn't talk about. That was always where my first bugs came from." 35:45

On Bug Advocacy

"In twenty years...I have never seen stupid moralization fix anything...We're engineers. Sometimes things are going to fail." 10:30

"We have patched everything in case there's a security boundary. That doesn't actually mean there's a security boundary." 28:10

"Build your boundaries to what the actual security model is...Security that doesn't care about the rest of IT, is security that grows increasingly irrelevant." 33:20

"We're not, as hackers, able to break things. We're able to redefine them so they can't be broken in the first place." 59:25

On Automation

"The theorem provers didn't fail when they showed no leakage of information between contexts because the right bits went to the right places They just weren't being asked to prove these particular elements." 18:25

"All of our tools are incomplete. All of our tools are blind" 46:20

"Having kind of a fakey root environment seems weird, but it's kind of what we're doing with VMs, it's what we're doing with containers." 53:20

On Testing in the SDLC

"We do have cultural elements that block the integration of forward and reverse [engineering], and the primary thing we seem to do wrong is that we have aggressively separated development and testing, and it's biting us." 38:20

"[Re Penetration Testing]: Testing is the important part of that phrase. We are a specific branch of testers that gets on cooler stages...Testing shouldn't be split off, but it kinda has been." 38:50

Ctd. "Testing shouldn't be split off, but it kinda has to have been because people, when they write code, tend to see that code for what it's supposed to be. And as a tester, you're trying to see it for what it really is. These are two different things." 39:05

"[D]evelopers, who already have a problem psychologically of only seeing what their code is supposed do, are also isolated from all the software that would tell them [otherwise]. Anything that's too testy goes to the test people." 39:30

"[Re: PyAnnotate by @Dropbox] 'This is the thing you don't do. Only the developer is allowed to touch the code.' That is an unnecessary constraint." 43:25

"If I'm using an open source platform, why can't I see the source every time something crashes? ...show me the source code that's crashing...It's lovely." 47:20

"We should not be separating Development and Testing... Computers are capable of magic, and we're just trying to make them our magic..." 59:35

Misc

"Branch Prediction: because we didn't have the words Machine Learning yet. Prediction and learning, of course they're linked. Kind of obvious in retrospect." 27:55

"Usually when you give people who are just learning computing root access, the first thing they do is totally destroy their computer." 53:40 #DontHaveKids

"You can have a talent bar for users (N.B.: sliding scale of computer capability) or you can make it really easy to fix stuff." 55:10 #HelpDesk

"[Re: Ransomware] Why is it possible to have all our data deleted all at once? Who is this a feature for?!... We have too many people able to break stuff." 58:25

A) Original Twitter Thread
B) Thread Unroll from @threadunrollapp

The Glowhawk: OFBC Gaiden

Update: Plume added, rebuilt using thread and pipe cleaners to keep it upright and separate strands, removed plasticard sticks and zip ties.  Also pulled the EL Wire which is being repurposed in my son's EL Hoodie.

We were only able to print a few OFBC 2.0 cases before DEFCON 26. The leftover parts would have sat in my toolbox for quite a while if not for a serendipitous mistake: I ordered the wrong color LEDs from Sparkfun. This plus a little construction advice from a seamstress helped me cobble together the glowing headgear that is The Glowhawk

My courage and thinning hair prevents me from getting a mohawk while at DEFCON, but I've always wanted one. Instead I started to create one with a networking theme. Pipe cleaners in the color of Cat6 twisted pair served as a thick mane anyone could be proud of. This was wired onto a hat as a test. It looked OK, but it was kind of stubby to wear all on its own.

The LED driver for the OFBC is overdone. A single charge can last 10 hours on the original model. I wondered how much it could handle in terms of output, and a little breadboarding showed me I could wire several of the LED modules together as long as they were in parallel. Now how to use them?

The LEDs are these 3W green modules with attached heat sink. Direct eye contact is not recommended (hence the pains we took to use momentary buttons on the OFBC). On the beer light, we diffused the over-bright light so it could be sculpted by the drink it passed through. I was inspired by a fiber optic dress I saw elsewhere and found fiber optic table centrepieces for dirt cheap on Amazon. Some hot glue joined the disassembled fiber optics to the bright LED. The mane of glowing green was born!

With this fresh take in hand, DEFCON was upon us. I packed my things and thought I might take a crack in the evening. The Richard Cheese show was the perfect venue to solder everything together. The_bozo and I found a better place to work where the hot glue gun could run safely. I transferred the existing Cat6 mohawk to a bright green John Cena hat from Goodwill. Inside the channel that ran between upturned pipe cleaners, I hot glued the modules and fiber optics. Zip ties kept the fiber bundles from flopping around too much.

I consider the Glowhawk a great success, if a tad impractical. It lasted about 2 hours on a charge, and I was able to walk around wearing it with the mobile party crew for that long before it got uncomfortable.  A photo of me wearing it hit the DEFCON Closing Ceremonies, and my son keeps trying to steal my remaining fiber optics for a lamp in his room.

Future improvements include better internal support, googly eyes to cover the logos, and a fifth plume to fill out the front. See you next year!

OFBC 2.0

For Toxic BBQ 13 (DEFCON 25), we returned to the OFBC to see if we could improve the design and add some needed table decorations.

The first step was to simplify the PCB creation. I created a new layout in Fritzing that reduced whitespace. It also moved off-board components like batteries and the LED modules to use JST connectors for easy installation and swapping.  OSH Park did a great job with the PCBs. I was able to directly convert the Fritzing designs to printable format. Each board was less than 2 bucks by the time we finished. Never again will I make my own PCBs by hand. 

Sparkfun supplied most of the same components for about 15 bucks per light. Here is an updated BoM for this case:

• Battery: 850mAh Lipo
• Switches: Hinge Lever Micro Limit Switch
• Mosfet: N-Channel 60V 30A
• Transistor: NPN Transistor
• Resistors: 100K and 3.5 Ohm Resistors
• Slide Switches (ensure pitch matches the PCB)
• LED: Cool White, Aluminum Backing

Next, we redesigned the case. Instead of a three piece design requiring glue to assemble, the two pieces would be a base and a lid with a logo. Everything could be screwed into designed posts and covered with the lid. It was a snap. Production was easier with Shapeways. However, this lead to had longer lead times that prevented us from delivering to the barbecue. The prototyping went well and matched the designs, but the mass printings were so delayed that they didn't arrive in time for the barbecue even with expedited shipping. The resin product looked much better than the filament-printed 1.0 model. The cost at 20 bucks or so each was not prohibitive, but it certainly wasn't mass-market ready.

PCB at OSH Park
Case Files on GitHub

Design Pics

Updated Lid Design for Toxic BBQ 2018

Magnetic Bottle Openers

In the tradition of doing something snazzy for the DEF CON Toxic BBQ, I created a bottle opener that would both mount magnetically as well as catch bottle caps with the same force. 

Amazon had a selection of sturdy bottle openers by Starr X, and a particularly helpful blog post by K & J Magnetics helped me pick out the featured magnet.  I'm relying on the interesting grain of the Indian Rosewood to give the piece character as I didn't have the tools to do a fancy profile, and my router bits are incredibly lacking, so I just went with dog-eared corners and a chamfered edge.  The burning visible on the below pre-finishing shot (accompanied by my favorite Wasatch brew) was due to the bit I used.

The magnet was epoxied in place after I cleared out a spot for it.  In order to prevent the opener from sliding on slick surfaces, I added slightly inset tiny rubber feet.  This also set the opener off from the fridge by just enough that you can get your fingers behind it to pry it off with ease. Lots of sanding from 100 to 600 grit made a great smooth base for some stain and spar urethane.  After three days of curing time, I plopped it on the post at the Toxic BBQ and had a pile of at least 50 caps by the time the night was through.  A great first run!

R00tz Asylum 2014

I took Ethan to the event run in parallel with DEF CON, R00tz Asylum.  I think he had a blast as they covered a lot of traditional hacker topics at multiple levels of complexity.  The highlights are below.

Structure

The event was held in the Crown Theater at the Rio.  It was about a 10 minute walk from DEF CON proper.  The separation was nice as it made for a more quiet and contained experience.  The stage was occupied by a speaker almost all the time.  Spread around the perimeter (mezzanine?) were tables with activities that changed every day.  Kids could choose to listen, play or work on challenges.  Most activities stayed the entire day, though some were more transient.

This setup was advantageous for my son.  He has little ability to focus on any one thing for an extended period of time, so the variety of activities was nice.  Much like its parent conference, R00tz Asylum did well when it focused on hands-on learning.  Toool, Google and Wickr held contests and learning opportunities that pushed attendees and their parents to participate together.  In particular, Ethan loved the puzzles, and I finally got him to solder something.  He did a bang-up job.

Speakers

The speaker experience was less than optimal with a few notable exceptions.  The stand-outs were Gene Bransfield's hilarious "Weaponizing your Pets" and Meredith Patterson's engaging activity "The Telephone Game" about Man-in-the-Middle attacks.  Special mention goes to @muffenboy and Esau Kang for being kid attendees and speakers.  For the rest, it would be good to learn that speaking to children is not the same as speaking to hackers, and most talks were too technical, lacked a hands-on component, and thus ended up being torture for the little ones.  From speaking with the organizers, I can tell this is something they are trying to focus on next year.

The Gift

R00tz Asylum is the opposite of DEF CON in one respect: it relies on sponsors to add pizzazz and to make ends meet.  One of those traditions that may or may not hold in coming years is the gift of a hackable piece of technology to attendees.  This year brought ASUS Chromebooks care of Google.  My son was enthralled, and I spent most of the conference convincing him to get off the Chromebook and out to the activities.  By the end of the conference, we had Linux in addition to Chrome, and we were running Wireshark thanks to perseverance by Joe and Chris, a father/son team.  This effort won Chris a trophy, even.  My son begged me to put Minecraft on there, but then quickly forgot how to get back to it and reformatted his Chromebook undoing all our hard work.  Hats off to Google, and congrats to Chris on the win.

Hardware Hacking

By far, my favorite part of the conference was the Hardware Hacking table.  Not only did the goodie bag include a HakTeam Throwing Star LAN Tap, but a table full of old equipment was available from which attendees could rip apart and salvage components.  The LAN Taps were used in an activity that taught wireshark and packet sniffing.  The hardware component salvage table was exploited for speakers, LEDs, gears and motors for all sorts of toys.  I am definitely bringing projects for Ethan next year.  I already recommended the salvage table to the official DEF CON Hardware Hacking Village.  Las Vegas thrift shops may see a run on their printers, VCRs and routers before next year's conference.

Lock picking

The one talk and table I was surprised that Ethan was interested in was from Toool.  Their interactive 101 talk caught his attention, and we worked on a lock at their companion activity table.  Though he ended up losing interest before successfully opening a lock, it gave me a clue of the type of activity he could do on his own between conferences.

Going Forward

I would definitely recommend any hacker parent to bring their child to R00tz Asylum.  Its expanding and evolving to be a great summer camp weekend that dovetails with the DEF CON experience.  As the organizers ger more experienced, I expect the content to grow and change to fit the kids and their interests.  We all started somewhere, and I hope R00tz is that start for the next generation.  I started a subreddit for R00tz, though it hasn't taken off.

As for Ethan and I, we are preparing a talk on how to hack Skylanders figures.  We hope it will be a fun combination of encryption, hardware hacking and games that will draw the attention of attendees and inspire them to really dig in and explore the technology that is used around them every day.