AND!XOR DC28 Badge

DEF CON may be canceled but we are still doing a badge

Similar projects worth following
Nostalgic Blackberry Keyboard, Bling turned up to 11, and socially distant.

DEF CON was finally canceled due to a pandemic... but that doesn't mean we can't still make a badge and ship drops all around the country for proxy haXors to give them away for free :) This year's badge provides bling, an embedded yet socially distant and inclusive CTF text-based adventure (i.e. if you dont collaborate in Slack you LOSE), and a port of MyBASIC extended to the hardware to make it hackable.

This wouldn't have been possible without our Philanthropist Backers and Generous Sponsors. Show them some love because without them, you hackers wouldn't be getting badges and instead would have to resort to the pool party on the roof:

Project will be open sourced sometime in September.


CTF Public Slack Workspace:

CTF Scoreboard:



  • 1 × PCB Custom Designed - Fab by Macrofab
  • 1 × Acrylic Faceplate Custom Designed - Fab by Ponoko
  • 3 × AAA Battery Holder Keystone 1020
  • 1 × MCU STM32F412RET6
  • 1 × Screen - OLED (common to shitty cell phones) ER-OLED0.96-1.3B-1655

View all 11 components

  • CTF Results & Walkthrough (Part 4)

    Hyr0n08/16/2020 at 05:56 0 comments


    The remaining flags were sprinkled throughout the internet, the badge, and other places throughout the year. Here's what you may have found or missed...I

    Found code: PCB QR Code 

    Go ahead scan it...see what happens...

    Found code: Twitter 1

    Found code: Twitter 2

    Found code: Twitter 3

    Found code: Github

    Do you watch our repository update status? Seems we pushed something to the DC24 badge a couple of months ago...Look at it in it's RAW form...

    Found code: About

    Scroll to the bottom of the About section on the badge menu, it takes a while...

    Found code: BASFUK.BAS

    Did you think the Brainfuck interpreter was broken? Well yes it was, but if you fix the code compared to the original in MYBASIC samples...

    Found code: POST

    Take a close look in the Power On Self Test UART at start up. Normally you were on /dev/ttyACM0, this would be /dev/ttyACM1 (however its quick you may miss it). Better circumvent the RTOS providing middleware and just go directly to the UART breakout...on back... solder some RX, TX, and GND header pins

    Found code: Scoreboard

    Take a look at the source, there's a really weird comment...

    Found code: Release Video

    There's a secret in the TP. Can you find it?


    Found code: Release Video

    We sure do like floppy disks...


    Found code: Release Video

    Damn hipsters...


    Found code: T-Shirt

    Did you look closely at the Shirts or the Sticker Swag included? Check out the print on the black wire...


    In Closing...

    This was probably the largest amount of challenges and easter eggs we've ever done in one of our CTFs. He'll getting some of the badges via drops (which is outside the scope of the CTF obviously) had tons of create juices behind the various drop proxies across the land of hax0r. All that being said to pull this off takes a village. The Matt Damon Village. With that, we will leave you with a view of the header code of BENDER so you can see behind the scenes how this worked. It will be posted to github, but in short the framework for BENDER was made generic and all challenge content is kept in a source file. Here's what it looks like. Enjoy this while we work on the overall project post mortem.

     * Made with beer and late nights in California.
     * (C) Copyright 2017-2020 AND!XOR LLC (
     * Licensed under the Apache License, Version 2.0 (the "License");
     * you may not use this file except in compliance with the License.
     * You may obtain a copy of the License at
     * Unless required by applicable law or agreed to in writing, software
     * distributed under the License is distributed on an "AS IS" BASIS,
     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     * See the License for the specific language governing permissions and
     * limitations under the License.
     * If you find this source code useful in anyway, use it in another electronic
     * conference badge, or just think it's neat. Consider buying us a beer
     * (or two) and/or a badge (or two). We are just as obsessed with collecting
     * badges as we are in making them.
     * Contributors:
     *     @andnxor
     *     @zappbrandnxor
     *     @hyr0n1
     *     @bender_andnxor
     *     @lacosteaef
     *      @f4nci3
     *      @Cr4bf04m
    #ifndef WH_BENDER_H
    #define WH_BENDER_H
    #include <zephyr.h>
    #define URL_LEADERBOARD         ""
    #define URL_SLACK             ""
    #define URL_END             ""
    #define MAP_CHAR_PLAYER         "☻"...
    Read more »

  • CTF Results & Walkthrough (Part 3)

    Hyr0n08/15/2020 at 16:34 0 comments

    What are the Lulz Quizzes?

    These are small point value Q&A. If you get it right +5, if you get it wrong -10. How do you dig out of that hole? Well different flags are provided if you got it "right" vs "wrong." So you reset the badge, re-randomize the CTF, go find them again...grind grind grind... and you can mitigate -10 to -5 worst case. Come out +5 points for each, best case. Some complained that our results for the lulz were subjective. This is hardly the case, because we are right and you are wrong :)



    Flag: hack flag wit 1

    What Did You Learn Today: VIM DUH!


    ~LULZ QUIZ~ Did Carole Baskin kill her OM? (0)Yes (1)No

    Flag: hack flag wit 0

    What Did You Learn Today: Carole Fucking Baskin


    ~LULZ QUIZ~ Pineapple on pizza? (0)Yes (1)No

    Flag: hack flag wit 0

    What Did You Learn Today: Its the best kind of pizza


    ~LULZ QUIZ~ (0)OSX (1)Windows (2)Linux (3)BSD

    Flag: hack flag wit 2

    What Did You Learn Today: Linux > Windows > OSX > Dumpster Fire > BSD


    ~LULZ QUIZ~ (0)Red Team (1)Blu Team (2)Purpl Team

    Flag: hack flag wit 2

    What Did You Learn Today: Your assessments don't mean shit unless you work together to fix it.


    ~LULZ QUIZ~ (0)Spaces (1)Tabs

    Flag: hack flag wit 1

    What Did You Learn Today: Finally this debate has been settled once and for all


    ~LULZ QUIZ~ (0)Drop 0-Day (1)Notify Vendor

    Flag: hack flag wit 1

    What Did You Learn Today: Responsible disclosure


    ~LULZ QUIZ~ (0)Hack (1)Slp (2)Et (3)showR

    Flag: hack flag wit 3

    What Did You Learn Today: Yeah. Shower. For the good of everyone.


    ~LULZ QUIZ~ (0)tst n devlpmnt (1)tst n production (2)dun tst

    Flag: hack flag wit 2

    What Did You Learn Today: YOLOSEC


    ~LULZ QUIZ~ (0)Buffer Underflow (1)Buffer Overflow

    Flag: hack flag wit -1

    What Did You Learn Today: LOLOLOLOLOLOLOLOL


    3d 5f 32 23 5e 46 21 2c 43 35 2b 43 5d 34 32 40 56 26 74 69 41 53 72 57 24 47 41 5c 4f 38 45 62 75 71 3c 40 3c 2d 49 38 42 6c 37 51 2b 2d 36 51 63 3f 45 63 2c 48 21 2b 3d 38 34 4f 44 64 6d 58 2c 42 6d 4f 3f 24 2b 3d 38 34 41 2b 44 75 3d 33 43 68 37 24 71 2b 45 70 53 26 3b 42 52 3b 2f 41 30 3c 57 5d 31 2c 27 68 5b 42 6c 37 52 25 2b 43 65 69 23 41 30 3e 69 22 44 49 64 3c 71 42 6b 26 39 30 42 51 3e 34 60 37 37 4a 43 65 3a 4a 4e 24 56 48 36 3f 5e 2b 44 49 5b 36 6f 41 52 6d 44 47 2f 67 2b 5b 49 44 2e 2e 61 25 2b 45 29 34 31 44 4b 3f 71 2c 2b 3d 38 34 32 2b 43 63 4f 29 40 3c 3c 56 6c 2b 41 73 3e 22 47 39 43 4c 3c 37 34 6f 5d 5f 2b 41 3d 28 73 2b 3e 50 27 62 44 66 51 74 45 40 3c 3f 21 6d 2b 3e 50 27 4c 2b 45 71 61 47 2b 45 56 6d 47 2b 44 47 70 3f 42 6d 4c 6e 32 46 3c 47 2b 26 46 3c 47 64 39 46 43 53 75 2c 42 6d 4c 6e 3c 44 4a 28 29 29 44 66 30 2c 3d 2b 40 4c 2d 5a 46 29 48 28 42 44 2a 55 75 4f 2b 42 33 23 63 45 62 30 3b 37 44 42 4f 25 48 44 27 33 5e 3d 41 30 3e 3c 22 44 65 21 33 6c 48 23 52 68 39 2f 67 2b 29 32 2b 42 39 50 29 46 60 26 66 61 2f 67 2a 47 4b 42 35 29 2d 50

    When your completion is at 100% (All Main & Lulz Challenges) a link appears.

    HEX -> BASE85


    DEF CON MUD Bonus Challenge

    EvilMog was quite a sport and we collaborated a bit between BENDERPISS and the MUD. If you head to the and follow instructs, you can play the DEF CON MUD which is amazing. BENDER draws a lot of its roots from text based adventures and MUDs.

    The flag is simple, yet difficult. Head to the woods in the north where you have a quest to hunt animals in the woodland maze. There you will find... hyr0n the gerbil!

    "A small light brown furry gerbil. He has a white tummy, and very sharp claws. He is very cute, and quite friendly but scared of strangers. He will probably run from you if you come near him."

    Don't fight him, he'll kick your ass! Just look and you will see a flag tied to him. Oh, and he's kinda...

    Read more »

  • CTF Results & Walkthrough (Part 2)

    Hyr0n08/15/2020 at 05:20 0 comments


    Challenge 4 - Hardware Encoding Morse

    A lRg comms tower itz n not powered, a PIGEON_HOLE gap exists whch needs somTIN4 cndctvity. l%kin awA U notic som CLOUDS. c%d DIS b d coz of it aL. d rona?

    Description: So when one completes the tool/target combo, the badge lights up and blinks. Fast. REALLY FAST. Some people just recorded it with their phones and slowed it down to watch the pattern. Others...actually read what it said "woah, d bIrb ComplEtd d cIrcuit! a vanilla iCe trak starts playin &lyts r flashin waaa t% fst. nEd 2 lit'rally netflIx & Chill 2 slothngz dwn b4 i git a hedakE"  Let's think about this. Blinking fast, need to "chill" and slow things down. Well if one used the MYBASIC editor they would have noticed there was a TEMP.BAS which describes the location of the thermistor temperature sensor on the badge. Guess what happens when you chill the sensor down? It slows the blinkies down. Do that, and you should notice the dot and dash pattern, which is morse encoding. There's also other hints when you look at the clouds "R thOs clouds? problE not, thOs R chem trails.Dey put a hex on U morse so thN U tink." Anyway, decode the morse and this translates to 5GT0W3RZDuH.

    ...-- .....  ....- --...   ..... ....-   ...-- -----   ..... --...   ...-- ...--   ..... ..---   ..... .-   ....- ....-   --... .....   ....- ---..

    Tool unlock: hack PIGEON_HOLE wit BIRB

    Flag: hack flag wit 5GT0W3RZDuH

    What Did You Learn Today: That sometimes embedded systems used peripheral sensors for entropy. And if you have access to hardware you can control that entropy. Which lets you control the logic, such as blink speed or encryption keys...

    Challenge 5 - HARDWARE Encoding RS232

    u c Mt BER cn, sobr thotz :( mAbE U cn cure d rona by putn smTIN inside yo slf.U scratch BUTT whIl tinkiN bout it.

    Description: This one is very similar to morse encoding, only we encoded it with good ol' RS232 Serial. Because one should know those serial UART adapter blinkies mean something. More importantly this should teach you about how to interpret reading serial on a logic analyzer. The initial description doesn't help much, but once the tool/target hack is completed (which should be obvious because COVID can be killed by inserting a UV Light in you somehow somewhere) you will be told "Yor gutz lite ^ & blink. Itz supa serial 2 stRt tink bout lEst & mstsigNfict tNgs thN stop, cuz DIS mA b d wrng cure."  

    I'm Super Serial! - ImgurSuper Serial? Think about the least and most significant things? C'mon what better hints could we have given you? Now if you've never worked with serial a quick google on how the protocol works will teach you that charachters are turned into binary, it pads a 0 as the start bit, it INVERTS the LSB/MSB order (so its received correctly), then the end is appended with a 1 as the stop bit. The blink pattern shown would translate to...

    0100011001 0011100101 0000100101 0000000101 0001100101 0110011001 0001100101 0100110101 0101011001 0000011001 0111011001

     So you remove the start and stop bits, invert the binary, and the result is: 1NH@L3LY507

    Tool unlock: hack BUTT wit UVLIGHT

    Flag: hack flag wit 1NH@L3LY507

    What Did You Learn Today: How serial encoding on hardware actually works.

    Challenge 6 - PHREAKING Elevator

    U entR a building & wiLCaruana runs awA az U apRch an OpN elvt0r. Yln he hz a:X & dropz a CELL. Thr iz l0kd CALLBOX bElO d flOr btNz.

    Description: Good ol' Will Caruana. This gentleman is a curator of shenanigans and a dear friend. So we thought we would team up and simulate some elevator phreaking in the form of a badge CTF challenge. The callbox is locked, so unlocking it..calls for a lock pick. Once you get it open you see "Bt hW u caL? Etchd w wot wz problE a hevE gauge wire U c ZXh0LjQxNzc=" also the other item is the cell which Will drops "Therz only 1 fone # n d recnt caL lst 312d3333372d4d41542d492d4f4245592e2e2e4d6179422064726f7020442059"

    Translate those encodings... You get...

    Read more »

  • CTF Results & Walkthrough

    Hyr0n08/14/2020 at 01:44 0 comments


    132 Players on the Scoreboard / 5 Fake Hacked Players / 60 Flags Possible

    21 Main Challenges

    3 Bonus Challenges 

    36 Easter Eggs


    Our CTF has never been about cutthroat competition, its about exploration, learning, and being a hacker. You can take whatever route you want, if you are just trying to bag points, and that makes you happy, then you do you. The BENDER CTF (BENDERPISS variant this year), is multidisciplinary in approach. We always want people out of their comfort zone and having to learn something new, which hopefully drives them to visit villages and learn. Beating a dead horse, its not a demonstration of skill sets you have, but rather giving you an opportunity to acquire some new ones and frendz along the way. That being said, the scoreboard can be misleading, seeing someone in first place and thinking "they won." We've never flat out said the person in first "won" the CTF, rather we take time to watch what people are doing, hide some land mines to detect those who take the easy path of point gathering, but also watch how the participants react to those land mines, as well as socialize withing their new community. We also take this approach, because participants have the badge in hand. What are land mines? Flags hidden in the firmware which could only be obtained by dumping it from the MCU or extracting from the patch. If you entered any of these (which we mix with the actual challenge flags), we know that's what you were doing because there's no other way to get them. Some were negative (-1000) some were positive (+10). We know what u did last summer. You can mitigate this at times with additional hardware security, but its hardware. If you have physical access to hardware there is NOTHING you can do to protect it, firmware can be dumped or even GDB used to step through in real time. Additionally we had to post a necessary patch during the CTF, which some instantly went straight to reversing and string dumps to find flags. Doing this doesn't disqualify one from the CTF, in fact it makes it harder because each land mind awards you -1000 points. 

    That being said, there are a few categories which we will give shout outs to those who stood out, based on the types of flags they submitted and generally how their discovery went in chat. 

    Category Champions

    TLDR: These few will receive DC29 AND!XOR badges and a beverage in Vegas (if DEF CON isn't canceled).

    S@g@n++: Based on discovery, learning, and not taking the easy path. The 3 persons with the most correct flags submitted, without any land mines, and completing the challenges as designed.

    • Night [xxxaf6] & 5p0rk[xxxa85] & Babint[xxxa16]
    • Comments: Additionally Night used some python wizardry to map a PS4 and DDR floorpad controller,  hacked it into the control input, then used it to for the grind of exploring the 8-bit ASCII world overlay.

    S@g@n--Based on discovery, learning, and not taking the easy path. The 3 persons with the most correct flags submitted, without any negative land mines, and dabbled in some firmware RE.

    • Down [xxx128] & Bearto[xxxa1c] & Yawg[xxxb92]
    • Comments: Completionist, social butterfly on the frendz scale, enough said. 

    H@x0r: Based on learning the CTF system, exploiting it, and overcoming the negative score. The person with ALL flags submitted (i.e. including the positive and negative land mines & reset), highest score in the positive.

    • teHbrw [xxxab0] with a score of 1293
    • Comments: You may think with all our concept rant about learning and challenges, we would disqualify those who string dumped the firmware? No, praise actually. This is a different challenge. teHbrw was actually at the top of the score board before firmware was every available, then quickly dropped to the bottom. In the negative of thousands! Most would give up at this point. But they kept at it, learned there was a back door to reset ones score to zero, and re-completed the challenges....
    Read more »

  • RTFM

    Hyr0n07/25/2020 at 17:07 0 comments

    Read The F-ing Manual

    Made with beer and late nights in California.

    TLDR: This year's badge provides bling, an embedded CTF text-based adventure, and a port of MyBASIC extended to the hardware to make it hackable.

    AND!XOR (@andnxor)
     * @zappbrandnxor
     * @hyr0n1
     * @bender_andnxor
     * @lacosteaef
     * @f4nci3
     * @Cr4bf04m

    Artwork for PCB Silkscreen, Acrylic, Bandanna, & Lanyard: Doc

    VOIP Service Puzzle, Greetings, and Lulz: Alethe Denis (@AletheDenis) at Penguin

    Puzzle Design & Intern of the Month Award Jun: Will Caruana (@WillCaruana)

    Puzzle Design & Beta Testing: Kur3us (@kur3us)

    Filming & Editing: Mike Laan (@mlaan)

    Sponsors: Urbane Security, Penguin, inspectAR, & Philanthropists



    Badge Hardware

    Hardware information about the badge


    * PCBA: MacroFab 
    * Acrylic Faceplate: Ponoko
    * MCU: STM32F412RET6
    * Screen (OLED): ER-OLED0.96-1.3B-1655
    * Screen (TFT): ST7735 128x160
    * LEDS: APA-102C-NEW
    * Keyboard: Blackberry Q10 (BBKB)
    * Keyboard Connector: BM14B(0.8)-24DS-0.4V(53)
    * 8 MHz Crystal (STM32): X50328MSB2GI
    * USB-C: TYPE-C-31-M-12
    * Battery Holder: Keystone 1020

    Inspect AR

    Want to inspect the badge without disassembling the acrylic faceplate?
    We've partnered with InspectAR to leverage augment reality to just do that. 
    * Website:
    * Google Play Store:
    * Apple App Store:
    * Nokia Sidekick Store:

    After installing the app on your phone, login and select "Sponsored" projects, search for "AND!XOR DC28," and download.

    Badge Interface Usage

    * Move Up: SYM+W
    * Left: SYM+A
    * Down: SYM+S
    * Right: SYM+D
    * Quit/back: SYM+Q
    * Delete: ALT+Backspace
    * Use ALT to type alternate characters _(e.g., ALT+B == !)_
    * Special Characters
      * { : SYM+U
      * } : SYM+I
      * \ : SYM+G
      * = : SYM+L
      * [ : SYM+T
      * ] : SYM+Y
      * % : SYM+P
      * ~ : SYM+V
      * & : SYM+$
      * ^ : SYM+C
      * < : SYM+N
      * \> : SYM+M
      * | : SYM+F
    * Bling Rager Mode: SYM+R (while in bling app)

    Capture The Flag Scoreboard

    AND!XOR Public Slack

    Over the past couple of years, hackers engaged in the CTF have setup slack environments to collaborate and learn from one another. We think this is awesome and decided to setup an open slack to support this. There will be channels dedicated to each badge, i.e. DEF CON 28 (WHICH IS CANCELED, THE SAD LOLZ!) is under #dc28. We ask that you abide by only a couple cardinal rules:

    * Rule 0 - Don't be an asshole
    * Rule 1 - No spoilers...

    So Rule 1 is kind of an extension of Rule 0, but it's the grey area. You're going in to slack for many reasons (which will be explained below, see BENDERPISS "frend"), and one of them may be to ask for hints because you want to learn. If you are gonna just spoil it and another wants to know how you completed a challenge, do the world some good and direct message them. Use the channel to be Socratic, answer questions by asking questions leading in the right direction, critical thinking is key to building your hacking proficiency (but if you just want to give it away, be kind enough to use direct messaging). It's a CTF with a scoreboard, so if you just dump an answer into a chat channel, you're only hurting your own score :P

    AND!XOR Public Slack Sign Up:

    Badge Enabled Non Directive Enigma Routine Portable Interface SyStem (BENDER~PISS) 

    A variant of the BENDER CTF has been created such that it can be played standalone with the BBKB, on the badge, without the use of a serial terminal client. However, the back-end magic MITM wizardry which exists allows you to do both, as whatever you do in BENDERPISS is mirrored over the RS232 connect and vice versa. In...

    Read more »

View all 5 project logs

View all instructions

Enjoy this project?



Similar Projects

Does this project spark your interest?

Become a member to follow this project and never miss any updates