Building an Unofficial Badge for GrrCon 2024

Building an Unofficial Badge for GrrCon 2024
A tangled mess of questionable badges.

Intro

If you want to skip the rambling and see the list of components, you can jump down to them here.

This year I decided to build interactive badges for roughly the roughly 30 friends I knew who were attending GrrCon, Grand Rapids, MI's premiere cybersecurity conference.

0:00
/0:04

Demonstration of the regular pattern with 3 badges nearby

The behavior of the badge was to animate a pixel on an 8x8 LED matrix. When other badges were in proximity, that pixel would multiply based on the number of other badges using WiFi to see each other. The animation was similar to that of the balls in Breakout or the DVD screensaver. The more badges that were nearby, the more crazy the patterns would get until a certain threshold was hit and triggered a new animation similar to The Matrix. Granted, with only an 8x8 display some imagination is required.

Besides the animation, the code I wrote for the badges would scan for nearby WiFi networks of an expected common SSID. From those SSIDs, it would look for unique BSSIDs to know how many other badges were nearby. This was an easy shortcut to avoid having to program any actual adhoc communication between the badges, and also allows for easy spoofing if your badge is feeling lonely.

Why?

Because it was fun and I like projects that are gimmicks and entertain people. These badges were a great conversation starter and came in handy when knowing if anyone from our extended group was in the bar, restaurant or convention center. Because of the hardware used, these badges will be able to be retrofit and upgrade with future firmware to expand their capabilities. I plan on upgrading the existing badges I distributed in 2024, and having newly built upgraded badges in 2025.

The Backpack

The badges weren't the only thing I built. Since I had so many components, I built a portable hostile access point and victim scoreboard. This all ran off a portable battery pack and attached to my backpack with velcro. The WiFi was simply named "GrrCon WiFi", no password. Each time a unique "victim" would connect to it, the scoreboard would increase by one. The MAC address of the clients were tracked to know how whether they were unique or not. If a the curious victim stayed connected long enough, DNS poisoning would trigger their device's captive portal and redirect to a small internal webserver displaying the message seen below. Just some harmless fun. The total for Thursday & Friday was about 18, but over half of those were from friends and demonstrations.

Due to the orientation of the PCB I used, the 4 LED matrices for the scoreboard were each rotated 90 degrees. This was surprisingly difficult for me to animate or display text using the most common libraries available. In the end, I had to bitmap my own number characters to get things working correctly. A very ugly solution but it works!

Components

Update 11/14/2024: Code and wiring diagrams now available on GitHub for both the badge and the backpack https://github.com/ickfosec/esp8266

These parts and quantities were picked for producing at a minimum of 20 badges. Amazon was used out of convenience, but you can find similar or the same parts on other sites to save money at the expense of shipping speeds. If you were to build 5 or less badges, you can save even more money by buying less quantities of things or going with cheaper alternatives that don't have bulk quantity discounts.

Close-up view

Total cost per badge: $9.44

Battery Life Test

  • Started 3xAA battery pack testing on 7/14 ~1:30PM
  • Died on 7/15 ~10:00pm
  • ~32 hours with minimum load