Hacked the DEFC0N27 Badge

Hacking the DEFC0N27 Conference Badge

DEFCON one of the world’s largest hacker conventions, held annually in Las Vegas, Nevada, with the first DEF CON taking place in June 1993. Many of the attendees at DEF CON include computer security professionals, journalists, lawyers, federal government employees, security researchers, students, and hackers with a general interest in software, computer architecture, hardware modification, and anything else that can be “hacked”.


Every year they have a challenge on who can hack the conference badge. This year my team and I (consisting of @Halcyonic, @mlaerten, and myself)

This year’s DEFCON Badge challenge involved social interactions with an RF Badge. A regular attendee is challenged to find and touch badges with 10 different badge types (including Sponsors, Vendors, Goons, and even Press). This becomes super challenging when you have to find one of the 20 individuals out of a 30,000 person conference with a Black “UBER” badge (an exciting but non-trivial task). It was much easier for us to figure out how to flash the DEFCON27 badge to do three things:

  1. Automatically complete the “touch 10 different badge types” challenge
  2. Easily help our fellow attendees by unlocking their badges with one that can act as a chameleon, emulating all other badge types.
  3. Profit ???

    That’s what the Jackp0t badge does. It automatically puts you in a “COMPLETE” (or win) state on boot and emulates all the different badge types to complete other attendee’s badges in a matter of seconds.

    Check out our demo video
    How Did you Become a Village?
    Quality Rick Roll

    Check out our full writeup here!

    We also got some pretty great publicity for being one of the first teams to publish our findings!

© 2019. All rights reserved.