“The PCB badge that was never meant to be” or “How to lose on a home straight”

OFFZONE
10 min readApr 3, 2020

--

Hey, Medium! Interesting times we are living in: deepfakes, trade wars, political games, Greta (bless her) Thunberg, and if that wasn’t enough for you, have some fun with the coronavirus infection COVID-19.

The coronavirus pandemic has also taken its toll on our Conference on Practical Cybersecurity OFFZONE 2020. It had to be postponed until better times.

Unfortunately, this means that the PCB badge that we had been developing since December will not take flight in its current form. This article is a kind of epitaph of its concept. The following is a true story of how we fought for ergonomics, mined components with closed borders, uncovered DIY magic against scarcity and what circumstances were stronger than us.

The Concept: the secret of the badge

A little earlier, we managed to lift a bit of the veil off what we imagined the OFFZONE 2020 badge to be. In short, it was this:

· PCB with information about the conference attendee,
· function as an OFFCOIN (OFFCOIN is our internal conference currency) wallet,
· some possibility to upgrade your badge in DIY soldering zone,
· the ability to upgrade and customise using Shitty Add-on’s.

But these are not all the secrets! We thought of the main badge tag when we learned that the final of the CTFZone competition will be held as part of the OFFZONE 2020 conference. We expected many eyes to follow this tournament: a victory at CTFZone determines who gets to go to DEF CON CTF and face off against the strongest teams in the world.

‘How about we broadcast the CTF to each visitor at the conference!’, suggested the team of developers involved with the badge ‘Nobody has done that yet’.

The CTF competition consists of 10 teams. The rate of the tournament resembles a constant battle. Someone is always attacking someone else, all the while being under attack and trying to defend their resources, some are in the trenches waiting for the next right moment to strike. If all teams assign one RGB-LED on the board, then each such interaction can be expressed in a colour equivalent. This will result in a system of 10 RGB LEDs, the state of which uniquely determines the current relationship of forces.

Everyone liked the idea, and we were set to work.

The Prototype: from a blueprints to a working model

After a short spaghetti-engineering (prototyping on the go) phase, which lasted about ten days, we had our first prototype of the badge on a PCB.

It was during prototyping that the idea arose to supply the badge with customisable features using the Shitty Add-on Connector and home-made add-ons. Each conference attendee would have their own unique badge! Amazing!

For those interested, we will describe the component base of our PCB.
· The heart of the badge is a rather thin but tested MCU STM32F070R6P6 (ARM Cortex-M0 48 MHz, 32 KB Flash, 6 KB SRAM, TSSOP20 package).
· Dozens of WS2812B RGB LEDs for light music.
· The NRF24L01 transceiver module accepts radio messages.
· Some power supply circuit and connection from resistors-capacitors.
· Well, as is the tradition, everything is powered by 4 AAA batteries.

The capabilities of MCU STM32 were just enough to implement the functionality of an OFFCOIN wallet, control LEDs and process radio messages.

The prototype ended up exceeding our expectations and had us mesmerised by twinkle of the LEDs. Each LED on the board is labelled with the logo of each participating team: the red LED means that team is attacking, green is defending, blue is testing the waters and getting ready to make their move. All this was ready by the beginning of February …

… When suddenly we learn that because of the measures to fight COVID-19, 2 foreign teams would not be able to attend.

Well, unpleasant, but not scary. We decided not to change the final badge design, but to give the absent teams a VPN and the possibility participate in the CTF remotely.

The Software and Design: pogo-pins are simply great

Despite the disturbing news, in general, the development of the badge went according to plan. It was time to start writing software and creating infrastructure.

We won’t be talking about software, specifically. Not because its classified, but because there is nothing interesting to see there. The badge has a HAL driver without an RTOS. WS2812B is controlled by a timer and PWM generation, the OFFCOIN wallet is implemented through PKI, and some kind of NRF24 driver. Nothing interesting. Believe us.

The infrastructure on the other hand sowed confusion.

Objective 1: Make an easy-to-use wallet out of the badge. The first big task that needed to be solved was to provide a quick and easy way to top up the balance of your OFFCOIN wallet.

At OFFZONE 2019, the transfer of the OFFCOIN wallet ID was non-contact: we used the IR receiver on the reader and the IR transmitter on the badge. This system worked, but slowly, and only with a battery-powered or USB-powered badge and only if the user bent over backwards and tilted the head a little to the east with respect to the IR receiver. Speed ​​and convenience was not at all about last year’s badge.

This year, all the more serious! The payment system has become contact-based and can now itself power the badge. The wallet interface is now UART, and the physical connection is cleverly designed: the contact between the reader and the badge board is provided by pogo-pins.

Pogo-pins are these convenient little spring-loaded contacts that are usually used to establish a temporary electrical connection. On a specially designed reader PCB, 4 such contacts are installed, and on the badge itself there are 4 contact pads: TX, RX, 3V3 and GND. So now, all you need to connect to the reader is place the badge card on the pins and hold it in position for a bit.

We had also filled up on a couple of clever articles on industrial design and invented our own case for the reader. The first design was drafted in less than a minute on a piece of paper at lunch time. Next up is half a dozen iterations on a 3D printer and hotmelt, in the best traditions of prototyping.

Here, the selection of the size of the gaps and wall thickness of the case was torture. Why? Because the design from the paper had to be immediately transferred to CAD and in physical blueprints, rather than sculpted on the go to Tinkercad. Pushing one hole, meant messing up the others… But now we have a mountain of prototypes and the final design of the case.

The case turned out pretty spot-on. Now you don’t have to grumble in front of the reader: you insert the badge into the case, it centers the board as needed, and holds it securely in place. Two grip limiters and edges that follow the outline of the bottom of the PCB make this process possible. And thanks to the UART interface, which is much more reliable and faster than IR, the data exchange process for the wallet itself now takes a fraction of a second.

Objective 2: Ensure maximum coverage for NRF24. We had a floor plan and we had data on how efficiently NRF24 receive and transmit data inside of buildings. We were required to calculate where and how to place transmitters so that there were no dead zones on the conference territory and that the badges could continuously broadcast the latest information about CTF.

It actually turned out to be easy. For the transmitter, we chose a single-board Raspberry PI and the same NRF24. In order not to produce two dozen raspberries with a bunch of wires and NRF, we have decided to make our own shield. It is designed to connect all kinds of NRF24 modules and has a pair of LEDs to indicate the status of raspberries. The only thing that remained was to check the coverage area on the spot and, if necessary, correct the calculations.

Getting the Components: what to do, when plans go haywire

Up to this point, the preparation of the badge was generally pretty smooth. Everything changed when we started to purchase components and commission the production of the circuit boards.

Problem 1: Coronavirus in China. From the experience of the previous year, we remembered how important it is to agree in advance with suppliers and factories. And so we did.

And then happened something that by now everyone knows about. Due to export restrictions and production downtime in China, half of the suppliers of electronic components apologised and simply made a helpless gesture without naming any deadlines. The second half was offering us 2– 3 times our acceptable deadline.

The same story with the production of circuit boards: two months or so on production and delivery. Given the installation for OFFZONE 2020, we simply did not have time …

On the advice of fellow engineers, we tried to contact one factory in Latvia through intermediaries. But there they gave us the affectionate “nē” (“no” in Latvian) as soon as they found out that we needed to produce 40+ square meters of PCB.

The clouds were looming overhead. Precious days went in search of a plant that would make us a series of boards, and for negotiations with suppliers who constantly shifted the deadlines. The likelihood of failure grew.

In the twentieth round of calling all the possible contractors, at the cost of our enormous moral suffering, at the cost of our bearded engineers and their tears we were able to agree on the production of printed circuit boards and the supply of almost all components so that we would be in time for OFFZONE 2020. Back to back, but in time!

Problem 2: The Elusive NRF24L01. Alas, we were not so lucky with the purchase of radio modules NRF24L01.

Initially, we laid down the possibility of using two different NRF modules with a PCB antenna in the PCB project: the standard form factor and its compact version NRF24L01 mini.

However, the counterparty, which assumed delivery obligations, merged at the last moment. In order not to break the installation, it was necessary to find a new supplier within 5–6 days — or come up with something else.

Desperate times require desperate measures. We did not dare to place all hope in the hands of the searches so, at the same time we took from the first commandment of DIY: if there is something missing — DIY! Well, that, or copy from someone who is smarter. In the context of NRF24 there is hardly anyone smarter than the engineers of the Nordic Semiconductor itself. In the datasheet on NTF24L01 we found an example of recommended circuitry and PCB.

The same example was easily found in the form of the Altium PCB project. We quickly changed the connection type from header 2 × 4 2.54 mm to the 8 metal-plated semi-hollows of 1.27 mm. Components, polygons, transitions, conductors, etc. were left strictly unchanged.

So, while we were all fighting for components off electronics suppliers, others were biting heads off trying to order the production of PCBs and components for a dozen hand-made modules. A few days later we got our hands on all of them. Surprisingly, everything worked as planned! 3 out of 3 assembled boards showed excellent results in tests for reception and transmission.

The results were clearly no worse than those of purchased products. You couldn’t find a flaw if you tried. And this is even taking into account some simplification of the technological process: in the name of speeding up production, we decided to do without the recommended coating of boards with emission gilding.

The assembly of modules added weight to our shoulders. For unbeknownst reasons, when grounding the pad, the engineers at Nordic used three vias for contact (The Transceiver was in the QFN20 package) rather than openings in the solder mask. Yes, and look at the grind: soldering components 0402, the contact pads of which are located back to back without enough clearance for the solder mask. It’s all far from being a pleasure to say the least.

In either case, it would not have to be us to solder a large batch of PCBs, but soulless machines in production.

… If not for one circumstance: at the last moment we found a supplier from Belarus who helped us out with the required number of NRF24L01 mini modules.

Hopeless

Engineer can handle a lot. Even the lack of key components, as it turned out, is not enough to stop them. But when the product concept itself becomes meaningless, the engineer has no choice but to start from scratch.

Watching the development of the situation with the COVID-19 pandemic, we made a difficult decision: OFFZONE 2020 needed to be rescheduled. But CTFZone, as the qualifying stage of DEFCON CTF, cannot be postponed (and we will conduct it online in late April).

Unfortunately, this kills the idea of ​​the badge that broadcasts the CTF battles.

The PCB has already been made, and now we have 10,000 electronic components on our hands. And another 1,000,000 on the way. Alas, they will never see the light of day.

Every end is a new beginning

We are not ones to hang our heads. The badge development team drastically changed from burning to cooling mode, but only to take on new ideas to generate crazy badge ideas for OFFZONE 2020 v.2.0!

What it will be, has not been decided yet. One thing is for sure: we will continue to develop the idea of the Shitty connector and try to make it interactive.

If you have any ideas or wishes, then share them with us — we will try to bring them to life together. Stay tuned and healthy!

--

--

OFFZONE
OFFZONE

Written by OFFZONE

International community conference for cybersecurity researchers and professionals. No suits, no business — only hardcore research.

No responses yet