Our First #badgelife at DEF CON 26

After a few days in DEF CON recovery mode, Team Blinkerydoo thought we’d talk a bit about our experience on the other side of #badgelife this year…

First and foremost, we want to thank everyone who bought a badge – we sold out (close to 190 badges) by Saturday, raising a total of $3,820. We’re donating it all to Hackers for Charity – an organization that, in their own words, “highlights the good work of the hacker community, participates in altruistic projects and flattens the learning curve for those wishing to get involved and in the process changes the misconceptions about our great community.”

Top Nine Lessons

In our original announcement post before DEF CON, we mentioned having learned a lot during the design and development processes. That learning continued through the entire week at BSides, Black Hat, and DEF CON, and we’re almost excited to start brainstorming for next year.

Before we start on that journey, however, we can safely say that we’ll probably be making a few changes…

1. Don’t sell (every badge) as a kit

In a TED talk about product design, Tony Fadell, one of the co-inventors of the iPod, talked about an observation that Jobs had made early on: users who excitedly go out to buy the latest electronic gadgets were usually bummed out when they unboxed a product only to find a, “charge before use” sticker.

While some people don’t mind a bit of light soldering (and we’re not Apple), many were looking forward to seeing some blinky action right out of the box, and we were only selling our badges as kits.

While our design only involved fairly straightforward through-hole soldering and most beginners were eager to learn at the soldering stations we had set up during the day at DEF CON, we definitely appreciate things that work right out of the box.

Next year, we’ll strongly consider the balance of assembled badges to kits in hopes that we can satisfy both crowds (and our patience for self-assembly).

2. Spend more time on power management, charging, and QA

Speaking of charged batteries, our 400 mAh LiPo batteries were not quite big enough to power our badges for as long as we had hoped 🙁

While we had implemented periodic sleep (both personally during the conference and in our badge code), this was not sufficient to keep our badges going for the full few days, especially for the super-determined Snake players who had the 8×8 matrix constantly running. We replaced the batteries for anyone who asked about their dead badge, but we could have solved the problem by including more easily replaceable AA/AAA batteries and/or charging circuitry.

3. Moar Shi**y Add Ons

As this was our first year making a badge, we hadn’t discovered the wonders of SAOs until seeing some for ourselves:

@famo rigged his own SAO clock that always told the wrong time, but it would have been awesome to distribute or trade our own SAOs as well as support the standard 2×2 SAO header.

We’ll be on the lookout for add-on ideas for next year, as well as communities where we can learn about similar cross-badge features in the future.

4. Sell in random places and at random times

Because nothing beats watching people excitedly ask, “DO YOU HAVE A BADGE?” while looking into crowded elevators full of mostly random casino goers not present for the con.

5. Hone Your Publicity

When you’re selling badges to raise money for charity, it’s important to keep up the sales volume. At one point Dan and Famo stood across from the main circle bar in Caesars with a big cardboard box and waited for the influx of customers. It wasn’t until they wrote “BADGE $20” on the box and attached a decorative balloon that the hungry buyers started flowing in.

6. Learn About LiPo Restrictions

Unless you want to unnecessarily drive to Las Vegas (as Famo did), work out whether or not it is legal to fly with 300 LiPo batteries.

After doing some investigation, apparently carrying 3.7v 400mAh batteries in your carry-on is A-OK, however unless you’re carrying them in a LiPo safe bag (to prevent fire and smoke filling the cabin in the event of an explosion), it probably isn’t a good idea to show up at check-in with 300 batteries.

7. Think about the badge challenge

While we mentioned periodically that there was a challenge with cash prizes (and started providing some hints during DEF CON), we only had a few people really digging into it. As our human badges were all sold as kits, many may have not had the time to assemble them and work on the challenge all while enjoying other aspects of the con (and the multiple other awesome badge challenges).

Since we’ll likely be getting most of our human badges assembled next year and will have far more time to work on a challenge, we’ll start thinking about how we can introduce the challenge earlier, and more directly incorporate the hacking skills that are core to Bugcrowd and its researchers.

As for this year’s challenge, no one has solved it to our knowledge. As we’ve been asked about it by a few people post DEF CON, we’re officially extending the deadline for solving it (for prizes as we originally promised) to Saturday September 1, 2018.

Aside from the starting hint we had tweeted above, we’ll start by also adding that it’s impossible to solve some of the challenges without collaboration with other (yellow) badge holders 🙂

Once you believe you’ve solved all of the challenges, email all of the challenge URLs in order as well as the final message to badgelife@bugcrowd.com.

8. If You Set Up A Soldering Station, Be Prepared To Desolder A LOT

Overheard by @n0tkat: “The red wire goes to the negative”.

If you set up a soldering station to help badge builders construct your badge, make sure you’re good at desoldering DIP packages. Luckily we’re not too bad at reworking components and all of the mess-ups were solvable by snipping the components off completely and removing all of the legs from the board. @n0tkat’s slumped shoulders when hearing “another upside down MAX 7219 chip” were a little hard to see.

9. Work as a Team

You know what they say, teamwork makes the dream work. We won’t say anymore than that apart from making sure you always share a drink at the end of the night.

Kat, Famo and Dan

Say hi!

We’d love to learn more tips from some of the awesome badge creators out there – please reach out to badgelife@bugcrowd.com if you have any suggestions!

Also, anyone who interacted with a Bugcrowd Badge this year, what did you like/dislike? Did you enjoy soldering it together? What kind of badge challenge do you enjoy most? Feel free to email us or tweet @bugcrowd or (@famo, @n0tkat, @dantrauner) with your feedback.