Thursday, September 5, 2024

30,000 badges and still no hack?

No one has managed to break the security on our new chip yet. If you’re interested in collecting a bounty, scroll to the last section.

In early 2024, the stars aligned, and we got the honour of helping make a DEF CON badge. This is all thanks to our design partner friends at Entropic and the fantastic badge team at DEF CON for trusting us to get silicon ready in time to build 30,000 badges. It was tight… but we made it happen!

This image shows a translucent handheld gaming device shaped like a cat's face, featuring LED lights and a small screen displaying a retro-style game. The device has a clear casing, allowing the internal circuitry to be seen, and the buttons on the device are lit up with purple-pink LEDs. The screen shows a game with a maze-like design, and the text "DEFCON ENGAGE" is displayed at the top, indicating the theme or event associated with the device. The word "HUMAN" is prominently printed in gold at the bottom of the device, and "DEFCON" is also written along the right side. The device is resting on a wooden surface, with a keychain loop attached to it, indicating that it might be worn as a badge or accessory. The design and context suggest that this is a custom electronic badge, possibly from a DEFCON event, known for its creative and interactive conference badges.
The RP2350-powered DEF CON badge

The launch was amazing. We were able to give 30,000 DEF CON attendees zero-day access to our brand new chip, RP2350, as well as a really cool gaming badge that runs a bare-metal GBA emulator made by our talented friend Dmitry Grinberg.

Double your embedded CPU architectures, double your fun!

RP2350 is a dual-CPU, dual-architecture microcontroller. It has both Arm and RISC-V processors, allowing users to choose which CPUs they run code on. This gives CPU enthusiasts and people wanting to learn and experiment with RISC-V very affordable, easy-to-use access to this up-and-coming CPU architecture.

The RISC-V cores are called Hazard3 (get it?!), and they were designed by a very proficient member of the Raspberry Pi ASIC team called Luke Wren. Luke designed this in his spare time, documented the process, and then published the designs with a permissive licence!

The image shows a man standing behind a large, decorated podium on a stage, likely giving a presentation or speech. The podium has a distinctive design featuring a large, illuminated smiling face with crossbones, reminiscent of a skull and crossbones but with a friendly expression. The design is highlighted by neon lights, giving it a vibrant and playful look. Behind the man, there are several screens displaying colorful graphics and icons that appear to be part of the event's theme. The stage is dimly lit, with the focus on the speaker and the podium. To the right of the podium, there's a small side table with a microphone and a potted plant, adding to the decor of the setup. The overall atmosphere suggests a tech or gaming conference, possibly with a hacker or cybersecurity theme.
Keep an eye on DEF CON’s YouTube channel for a video of Luke’s presentation

The DEF CON badge team gave us another huge honour by inviting Luke to be part of their badge talk, where we got to address the audience about RP2350 and its Hazard3 cores. A big thank you to the badge team, and the DEF CON audience!

Does it Doom?

What kind of gaming device would it be if it didn’t run Doom well? Our very own embedded software wizard, Graham Sanderson, got his cool RP2040/RP2350 Doom port up and running on the badge (with high frame rate!), and we helped some attendees to program it onto their badges. Go here to see Graham’s Doom port.

The image shows two handheld gaming devices, each running a classic first-person shooter game that appears to be "Doom." The devices are transparent, revealing their internal circuitry, and are connected with a multi-colored cable. The device on the left is yellow, and the one on the right is blue. The yellow device has "VILLAGE" written at the top, while the blue device has "DEFCON" and "ENGAGE" written on it. The screen of each device displays the game in progress, with visible health, ammo indicators, and the classic "Doom" heads-up display (HUD). The hands of a person are seen holding the yellow device, interacting with its controls. The devices are resting on a wooden surface, and there are lanyards attached to them with various designs, including one with hearts. The overall setup suggests that this is part of a custom or experimental gaming setup, possibly related to a tech conference or event.

Since DEF CON, Graham has kept on tinkering with Doom on the badges, enabling multiplayer by making them talk to each other via the SAO connector (SAO = sh!tty add-on — the de facto standard in badge add-on silliness).

Challenge (still) accepted!

When we launched the chip at DEF CON, we issued a challenge to anyone with an RP2350 to see if they could hack around our security features and tell us the secret that has been programmed into the secure on-chip storage.

Currently, the security is still unbroken, and the $10,000 prize uncollected. The challenge was only due to run until September, but we’ve decided to goad the bounty hunters by doubling the prize money and extending the deadline to the end of the year. If you think you can hack it, be our guest.

The image shows two RP2350 microcontrollers. The chip on the left features the Raspberry Pi logo, a stylised raspberry with a leaf. The chip is on a stylised sky blue background with what look like thin white cloud wisps darted through it.
Hack me!

This was the first official microcontroller bug bounty developed in partnership with the excellent humans over at Hextree.io, including their co-founder Thomas Roth (of Stacksmashing fame). Thomas has said lots of lovely things about the “ready-to-glitch” chips we brought to the conference, but these were our favourites:

“Advanced hardware attacks such as fault-injection have moved from only being possible in a professional lab to being available to essentially anyone with some basic skill. RP2350 is the first microcontroller that reacts to this fact, integrates active countermeasures against hardware attacks, provides well designed secure-boot, and provides a bug-bounty for anyone that finds bugs in it.”

“I have never worked with a company that was so open and receptive about chip security. At every point it was clear that Raspberry Pi wanted us to find issues so that they can fix them and be transparent about them. Allowing us to bring their chips ready to glitch to the world’s biggest hacker conference attests to that!”

Roll credits

We are so thankful for the opportunity to collaborate with DEF CON on this badge, it was an absolute honour — we had an amazing time, and look forward to working with TEAM CATBALL again!

TEAM CATBALL:

  • MAR WILLIAMS: Concept, design, and coordination
  • BONNIE FINLEY: 3D modelling, game art and development
  • CHRIS MALTBY: Plug-ins and game development
  • NUTMEG ANNE: Game development
  • WILL TUTTLE: Concept and narrative collab
  • ADA R-W: Cool dragon
  • RASPBERRY PI: Hardware
  • ENTROPIC W/ DMITRY GR: Hardware development, firmware, emulator
  • JOE GRAND: Hardware support and production testing
  • LEGION303: Music and sounds
  • ICSN: Manufacturing

We’d also like to thank Trevor Stevado and the rest of the Embedded Systems Village team. Thank you for making our first DEF CON so enjoyable and successful.

The post 30,000 badges and still no hack? appeared first on Raspberry Pi.



from News - Raspberry Pi https://ift.tt/QghFq4K

Labels: ,

posted by Yogesh Dangi @ September 05, 2024   0 Comments

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home