TLDR: Turn the badge ON before charging or otherwise connecting the USB port. Better yet, apply the fix below.

At DEF CON last year, we noticed a small number of badges malfunctioning, with the EFM8 microcontroller becoming extremely hot. While we have not definitively found the root cause, we're pretty sure it's due to what I consider a design flaw of the EFM8 and of the badge itself. We did not encounter this issue with the prototypes, although in retrospect, it may have happened on one that I mistakenly attributed to being clumsy and shorting VCC to GND.

The Problem

The EFM8UB1 has a pin called VBUS which is used to detect the presence of voltage on the USB connector. This can be used to detect the presence of a charger and initiate a charger detection procedure to determine how much current you are allowed to draw. However, charger detection didn't make it in to the final firmware, so we always slowly charge the LiPo whenever the badge is on to avoid drawing more than 500 mA.

The EFM8 runs at 3.3V, while the VBUS could be as high as 5.5V. On many microcontrollers, this would be a problem, as the I/O lines generally can't be driven above the supply voltage. However, the EFM8 pins are 5V tolerant, and can go up to 2.5V above VIO when VIO is at least 3.3V. So, with the absolute maximum voltage on VBUS allowed to 5.8V, we're fine, right?

Wrong.

What we neglected to consider is the fact that the EFM8 is powered from a separate switched-mode regulator, and this regulator takes some amount of time to bring the system voltage up to 3.3V. When the USB port is connected, 5V immediately appears on VBUS while VCC ramps up to 3.3V. This puts VBUS momentarily above its absolute maximum voltage rating and can cause the EFM8 to fail. Oops.

Why do I consider this a design flaw of the EFM8? Well, if you read the datasheet closely, you'll notice that it is impossible to meet both the absolute maximum voltage rating AND the minimum Vih threshold. As the datasheet says on page 38:

"Note: There are two relevant restrictions on the VBUS pin voltage in this self-powered configuration. The first is the absolute maximum voltage on the VBUS pin, which is defined as VIO + 2.5 V in Table 4.19 Absolute Maximum Ratings on page 30. The second is the Input High Voltage (VIH) for VBUS to detect when the device is connected to a bus, which is defined as VIO – 0.6 V in 4.1.14 Port I/O. For self-powered systems where VDD and VIO may be unpowered when VBUS is connected to 4.4 V to 5.5 V, a resistor divider (or functionally-equivalent circuit) on VBUS is required to meet these specifications and ensure reliable device operation. In this case, the current limitation of the resistor divider prevents overstress on the pin, even though the VIO + 2.5 V specification is not strictly met."

Yikes! They also recommend using VBUS detection only in self-powered configurations, so there is no possible way to use this pin correctly. However, we also failed to use their recommended work-around. This has been corrected in this year's badge. (Wait, did I just announce that we're doing another badge this year?)

The Workaround

Turn your badge ON before charging or connecting to USB. This ensures the VCC is at 3.3V before VBUS is connected, keeping VBUS within its absolute maximum voltage rating. If your badge's battery is depleted, you may power it on with another compatible battery, connect the USB port, and swap the original battery back while the badge is on. If you do not have another battery, we highly recommend you apply the fix below before attempting to charge your badge. In any case, we recommend applying the fix to avoid accidentally damaging the EFM8.

The Fix

Simply cut the VBUS trace with your favorite precision hobby knife (sometimes known under the brand-name "X-ACTO".) The trace connects to the right-most pin on the top side of the chip and goes to a via next to the label for C2. Cut perpendicularly across the trace with moderate force several times to ensure a clean cut. See the pictures below for an example. If your EFM8 is already damaged, we will have plenty of extras at DEF CON this year and can repair your badge. If you won't be at DEF CON this year, just get in touch with us and we'll either send you a replacement EFM8 or swap out the badge. 

Before:

After: