1 00:00:00,170 --> 00:00:05,850 LosT: So, welcome, DEF CON 21. Last year was DEF CON 20, this is 21. Welcome. 2 00:00:05,850 --> 00:00:12,850 (Laughter.) LosT: We thought about calling it DEF CON 3 00:00:13,660 --> 00:00:20,109 20++. So last year, surrounding the badges, there is always this a little bit of panic 4 00:00:20,109 --> 00:00:27,109 here. Some of you guys aren't getting any audio, are you? So this is me saying basically 5 00:00:27,820 --> 00:00:32,619 this is my empty lanyard. This was Wednesday afternoon last year right before the conference 6 00:00:32,619 --> 00:00:38,510 and me holding up the lanyards and saying, yeah, where's my badges? Where are they? That's 7 00:00:38,510 --> 00:00:43,399 the kind of stress and panic that usually surrounds the creation process of the DEF 8 00:00:43,399 --> 00:00:48,170 CON badges. We try and keep pretty tight security because every year we have people that try 9 00:00:48,170 --> 00:00:53,159 and figure out where we're going to fabricate. We've had people contact the PCP fab houses 10 00:00:53,159 --> 00:00:57,659 we used before and social engineered them into making a set of badges for themselves 11 00:00:57,659 --> 00:01:02,319 preCON. We have had people contact the PCP houses 12 00:01:02,319 --> 00:01:09,319 post‑CON and get uber badges fabricated. It has been quite an adventure trying to maintain 13 00:01:09,670 --> 00:01:13,909 security just around the badges themselves and with a security conference, it is kind 14 00:01:13,909 --> 00:01:19,829 of ‑‑ it is not really malicious per se. It is more of a trophy a demonstration of 15 00:01:19,829 --> 00:01:25,890 skill. But, you know, it's fun stuff. So this year, I've had quite a few discussions 16 00:01:25,890 --> 00:01:29,950 with Jeff, Dark Tangent. For those of you not familiar with some of the traditions and 17 00:01:29,950 --> 00:01:32,929 things surrounding DEF CON ‑‑ how many of you have been to DEF CON for more than 18 00:01:32,929 --> 00:01:39,929 five years? So the n00bs outnumber the seasoned vets here by quite a number based on the hands 19 00:01:43,229 --> 00:01:46,740 that you guys have been raising. So one of the things that you'll notice with 20 00:01:46,740 --> 00:01:52,920 the DEF CON iconography is we have traditionally had ‑‑ we've traditionally had a series 21 00:01:52,920 --> 00:01:57,509 of three, what I call, PIPs associated with us which are the rotary dial. Those of you 22 00:01:57,509 --> 00:02:00,630 in high school, you know what that is, right? (laughter). 23 00:02:00,630 --> 00:02:07,569 LosT: Yeah. So if you see the Goon badges, the rotary dial is actually a brass knuckle. 24 00:02:07,569 --> 00:02:14,569 (Feedback). LosT: Hello. So the rotary ‑‑ are 25 00:02:14,680 --> 00:02:18,480 you getting this? Sounds like when I talk, it cuts out. 26 00:02:18,480 --> 00:02:22,879 The rotary dial was part of our culture because back in the day when we didn't have Internets 27 00:02:22,879 --> 00:02:29,090 we were all using BCBs and phone lines. A kid on a Commodore 64 with a modem, the only 28 00:02:29,090 --> 00:02:36,090 way you could connect is dial‑up. It suddenly became valuable to get these sprint and MCI 29 00:02:36,790 --> 00:02:42,430 codes to reach out and touch your friends on Fito net and all these BCBs. It became 30 00:02:42,430 --> 00:02:49,430 a big part of hacker culture to be able to get free long distance. 31 00:02:49,849 --> 00:02:55,519 The smiley face with the skull and cross‑bones has become ubiquitous with DEF CON as well. 32 00:02:55,519 --> 00:03:01,610 It ties into the piracy aspect. And the floppy disk, again, all you high school guys out 33 00:03:01,610 --> 00:03:08,610 there know what that is. It's later cousin, the click, click, click, click, disk, I mean 34 00:03:10,230 --> 00:03:14,540 zip disk. You guys all remember those, right? How many of those have a pile somewhere in 35 00:03:14,540 --> 00:03:21,010 a back closet? Yeah. (laughter). LosT: Anybody still using one? Yeah. 36 00:03:21,010 --> 00:03:26,420 (laughter). LosT: I'm sorry. So I talked ‑‑ I 37 00:03:26,420 --> 00:03:29,900 was talking to Jeff and I said, you know, we've got these symbols that are on our lanyards, 38 00:03:29,900 --> 00:03:35,780 they are on our programs and half of them haven't really kept up with the times. It 39 00:03:35,780 --> 00:03:42,650 is more just a tradition. We need a fourth. We need to round out the trifecta here. So 40 00:03:42,650 --> 00:03:47,750 I asked Jeff's permission to introduce a new symbol that will become part of the DEF CON 41 00:03:47,750 --> 00:03:52,890 iconography. And I did this pre all of the Snowden garbage 42 00:03:52,890 --> 00:03:58,329 that's going on right now which is really scary that it happened on the timing. And 43 00:03:58,329 --> 00:04:03,019 so I have introduced the key hole. Now, when I went to Jeff with the key hole, I said I 44 00:04:03,019 --> 00:04:07,790 think it is timeless and it fits in several different aspects of our hacker culture. I 45 00:04:07,790 --> 00:04:12,459 said, first of all, we've got physical security. We do the lock picking stuff, the lock is 46 00:04:12,459 --> 00:04:19,459 indicative of that. Locks and keys and key holes are also usually represented to represent 47 00:04:20,380 --> 00:04:23,760 cryptography so I think we have the crypto aspect. 48 00:04:23,760 --> 00:04:29,950 And I said, they're also surreptitious observation all lot of times, peeking through the key 49 00:04:29,950 --> 00:04:35,070 hole, listening through the key holes. A lot of history novels will have a magnifying glass 50 00:04:35,070 --> 00:04:40,880 and the key hole up there or you will see the eyeball peeking through. I thought it 51 00:04:40,880 --> 00:04:46,010 was appropriate to introduce. And so from this point forward, when we do all of our 52 00:04:46,010 --> 00:04:51,980 designs and everything else, instead of the three circle symbols, we will have the fourth. 53 00:04:51,980 --> 00:04:57,410 You guys are really quiet. Whew! (applause). 54 00:04:57,410 --> 00:05:04,410 (speaker off microphone.) LosT: So, another tradition that I'm going 55 00:05:06,040 --> 00:05:11,760 to break ‑‑ oh, and side tangent. I kind of pictured this year as you know those magicians' 56 00:05:11,760 --> 00:05:16,550 famous secrets reveal where the dude wore the stupid hockey mask and told how the magic 57 00:05:16,550 --> 00:05:22,110 tricks were done on a cable show and he did that so that the same magicians couldn't keep 58 00:05:22,110 --> 00:05:26,380 reusing the same crap over and over again. This year with the breaking of traditions 59 00:05:26,380 --> 00:05:31,490 was kind of my foray into I have been doing this stuff for many, many years for DEF CON 60 00:05:31,490 --> 00:05:38,320 now but my personal challenge is to try and vest myself every year with badge design crypto, 61 00:05:38,320 --> 00:05:42,060 the game design and all the things that I touch. And one of the ways I'm motivating 62 00:05:42,060 --> 00:05:48,950 myself to do some really good things moving forward is to do this is kind of my DEF CON's 63 00:05:48,950 --> 00:05:53,910 greatest secrets revealed so I can't keep pulling the same old stuff out and keep retreading 64 00:05:53,910 --> 00:05:58,410 because I think it is a copout. So one of the things we also never do every 65 00:05:58,410 --> 00:06:03,350 year is we always hold the uber badge and information regarding the uber badge back 66 00:06:03,350 --> 00:06:07,030 until the last day of the conference on Sunday when they're awarded. How many of you have 67 00:06:07,030 --> 00:06:12,770 no concept what the uber badge is at DEF CON? So when you attend DEF CON, you get badges 68 00:06:12,770 --> 00:06:17,780 that basically say I paid for the conference. They say what level you are. And you will 69 00:06:17,780 --> 00:06:22,590 hear us say human and inhuman that's because the general attend dance or general populous 70 00:06:22,590 --> 00:06:29,590 are referred to as humans. Everyone else is inhumans. That would be vendors, the press, 71 00:06:30,180 --> 00:06:33,950 the speakers. I'm getting there with the press, just wait. 72 00:06:33,950 --> 00:06:36,730 (laughter). LosT: And so you have the human and inhuman. 73 00:06:36,730 --> 00:06:40,710 But you also have a very special badge every year that is known as the uber badge. 74 00:06:40,710 --> 00:06:46,660 Now, we like DEF CON to be very interactive conference. It is a put up or shut up place. 75 00:06:46,660 --> 00:06:53,660 It is like everybody talks a big game. Everybody has hacked with Gibson. Everybody has trained 76 00:06:54,250 --> 00:07:01,250 with Bruce Lee. We have more contests than any contest. We have between 40 and 80 contests 77 00:07:05,850 --> 00:07:10,570 running. Some of them are incredibly difficult and challenging. Some are just for fun. You 78 00:07:10,570 --> 00:07:14,710 will see them going on as you go. You may have noticed some of the crypto that's involved 79 00:07:14,710 --> 00:07:20,710 on the graphics on the floor and out in the program and in your lanyards. So if you come 80 00:07:20,710 --> 00:07:25,920 to DEF CON and you compete in what we call a black badge competition which means a competition 81 00:07:25,920 --> 00:07:32,770 that warrants enough effort and skill, you are awarded a black uber badge and that's 82 00:07:32,770 --> 00:07:37,020 free entrance into DEF CON for the rest of your life. 83 00:07:37,020 --> 00:07:41,690 To give you an idea how rare they are, last year we had roughly 15,000 people attend and 84 00:07:41,690 --> 00:07:47,390 we gave out about 15 uber badges. It is a very elite club to have a black uber badge. 85 00:07:47,390 --> 00:07:53,330 It is more bragging rights in the community than anything. It is kind of a token of appreciation 86 00:07:53,330 --> 00:07:59,740 for people who share or demonstrate skill. But the uber badge, because it is awarded 87 00:07:59,740 --> 00:08:04,060 at the end of the conference usually you don't get to see them or know anything about them 88 00:08:04,060 --> 00:08:09,270 until Sunday at the closing ceremonies. You will see people who have uber badges will 89 00:08:09,270 --> 00:08:13,670 often wear them from that point forward. So you will see some folks that have badges that 90 00:08:13,670 --> 00:08:18,220 look like they don't match within the theme of the year. That's probably an uber badge 91 00:08:18,220 --> 00:08:24,150 from previous years. Excuse me. I'm going to grab some water. 92 00:08:24,150 --> 00:08:29,120 So breaking with another tradition, they say, hey, Jeff, I want to show the uber badge on 93 00:08:29,120 --> 00:08:36,120 Thursday. He's like, man, what are you doing to me, Ryan? He's like you're adding key holes. 94 00:08:36,939 --> 00:08:40,849 You are going to show the uber badge. You did not dye your hair. You are not wearing 95 00:08:40,849 --> 00:08:47,849 a hat. The world is changing, I guess. (laughter). So, if you have noticed on your map, there 96 00:08:50,389 --> 00:08:55,350 is a room listed at 1057, that is the room I will be in and I will have uber badges on 97 00:08:55,350 --> 00:09:02,029 display for people to handle and look at. And we'll get more into what they are later 98 00:09:02,029 --> 00:09:07,180 on. Before I move forward in that ‑‑ I'm 99 00:09:07,180 --> 00:09:14,180 getting feedback here. So the last thing that I asked Jeff ‑‑ and this is a doozy and 100 00:09:14,540 --> 00:09:18,970 I just thought, man, there is no way in hell he will go for this. Those of you coming here 101 00:09:18,970 --> 00:09:23,899 expecting an electronic badge this year, this is kind of my it is electronic but not electronic. 102 00:09:23,899 --> 00:09:30,290 I wanted to do a tick tock cycle on badge design where I do a year electronic a year 103 00:09:30,290 --> 00:09:34,850 non‑electronic. So this one is kind of faux electronic in some ways. It is a PCB. 104 00:09:34,850 --> 00:09:40,449 But the reason I want to do that is it becomes passe. You go to conferences and everybody 105 00:09:40,449 --> 00:09:47,449 has an electronic badge. We had the blinking LEDs and last year we had a processor with 106 00:09:48,459 --> 00:09:55,459 eight 32‑bit cores on a dye with a propellor chip. I don't want it to get people come expecting 107 00:09:55,699 --> 00:10:00,410 an electronic badge because for my competitions if you know what to expect, it gives you an 108 00:10:00,410 --> 00:10:05,720 unfair advantage to those who are new. And ironically the year I did the titanium 109 00:10:05,720 --> 00:10:12,709 badges that were non‑electronic I had far greater participation by the attendees in 110 00:10:12,709 --> 00:10:17,180 the competition than I did last year with the electronic badges. And I asked people 111 00:10:17,180 --> 00:10:22,850 that and it appears as though people just don't want to mess with the electronics at 112 00:10:22,850 --> 00:10:27,749 the conference. It is a very small subset, about 10%, because if you are not familiar 113 00:10:27,749 --> 00:10:33,050 with an architecture or the language or the tool chain for a new chip, you don't want 114 00:10:33,050 --> 00:10:37,839 to come to DEF CON and use up your three days here, you know, sitting at a laptop trying 115 00:10:37,839 --> 00:10:41,850 to figure that out. So I went to Jeff and I said, you know, one 116 00:10:41,850 --> 00:10:48,490 of the really iconic parts of DEF CON is the badge. And we keep it secret every single 117 00:10:48,490 --> 00:10:53,610 year until the conference starts. And I go, I want to tell them about DEF CON 22's badge 118 00:10:53,610 --> 00:10:59,370 at DEF CON 21 so that they have a year to prepare. 119 00:10:59,370 --> 00:11:03,680 And he didn't get back to me for a while. He said he had to think about it. And he said, 120 00:11:03,680 --> 00:11:08,199 you know what? Let's give them partial information. Let's give them a little bit information because 121 00:11:08,199 --> 00:11:13,889 next year's badge will be an electronic badge. The games will be every bit as intense as 122 00:11:13,889 --> 00:11:18,069 they are this year and as they were last year and the year before. But we want to people 123 00:11:18,069 --> 00:11:23,350 to be able to get exposure to the tool chain and the chip and the architecture. 124 00:11:23,350 --> 00:11:29,490 So we're also going to release a monthly blog that's kind of a mini how‑to on how to develop 125 00:11:29,490 --> 00:11:34,120 or program for those of you who are just straight coders for what the badge will be next year. 126 00:11:34,120 --> 00:11:37,579 We won't give you the details and specs on what it does. 127 00:11:37,579 --> 00:11:42,850 I had prepared to announce what an architecture was today. However, I was told ‑‑ and 128 00:11:42,850 --> 00:11:47,189 it was actually pretty exciting because it is a processor that is not yet released, and 129 00:11:47,189 --> 00:11:52,089 I was going to be able to say, hey, we are one of the first groups to get our hands on 130 00:11:52,089 --> 00:11:55,559 this new architecture. I have just been told that based on their 131 00:11:55,559 --> 00:12:00,259 last engineering run, they're not quite sure they will be able to deliver chips to me in 132 00:12:00,259 --> 00:12:06,199 time to get next year's badge produced. That being said, I've got to wait to tell you what 133 00:12:06,199 --> 00:12:10,740 that architecture is because if they can't get me that architecture before next year, 134 00:12:10,740 --> 00:12:14,790 then obviously I can't do it. (speaker off microphone.) 135 00:12:14,790 --> 00:12:21,790 I can neither nor deny that. And I have set a deadline that by December 136 00:12:24,100 --> 00:12:29,509 this year if that information hasn't been ‑‑ if they haven't told me that they can source 137 00:12:29,509 --> 00:12:34,059 that chip for me by December, then I'm just going to pick a different architecture. I 138 00:12:34,059 --> 00:12:39,139 can tell you that my fall‑back architecture will most likely be a MSP430 or something 139 00:12:39,139 --> 00:12:45,029 in that series from TI. So anyway, secret information. See, it is 140 00:12:45,029 --> 00:12:50,600 kind of like my doc dump. You guys have hacked into my system and getting all my secrets 141 00:12:50,600 --> 00:12:55,779 and all my information. I will have to go back and rethink my security cycle, I guess. 142 00:12:55,779 --> 00:13:00,379 So here on the screen you'll see some of the CAD work that was done for the uber badge 143 00:13:00,379 --> 00:13:04,910 this year. And I normally use Altium for my design stuff if you are familiar with the 144 00:13:04,910 --> 00:13:11,050 tool chain. I wanted to use software that was able to be accessible or free to everyone. 145 00:13:11,050 --> 00:13:16,059 So all of the badges were designed on the free version of Eagle. Those of you who do 146 00:13:16,059 --> 00:13:21,949 design work, that means, Simon, you are nuts, over and over again. (laughter). 147 00:13:21,949 --> 00:13:28,949 It wasn't fun and I found some really cool errors in Eagle. There is an error that comes 148 00:13:30,050 --> 00:13:37,050 up too many pixels in the Y direction. What the hell does that mean? That's like PC Load 149 00:13:37,529 --> 00:13:44,529 Letter. (laughter). Being a hacker ‑‑ also, it was German. 150 00:13:46,339 --> 00:13:50,860 Being a hacker, I took obviously my work and I rotated it because I wanted to see if there 151 00:13:50,860 --> 00:13:56,699 are too many pixels in the opposite direction. There's not. (laughter). 152 00:13:56,699 --> 00:14:01,129 I still don't know why I got that error because I couldn't reproduce it just by ‑‑ because 153 00:14:01,129 --> 00:14:07,680 then, of course, you start reducing a bit at a time to find out where that extreme is, 154 00:14:07,680 --> 00:14:12,379 right? So this year's badge, the uber badge specifically 155 00:14:12,379 --> 00:14:19,379 is a homage to my grandfather. He was a watchmaker. He said when he was in watch making school, 156 00:14:19,629 --> 00:14:26,490 they would hand them raw metal and they had to make a watch. That included the springs, 157 00:14:26,490 --> 00:14:33,490 the case, everything. Since this is something I just started doing since last DEF CON, I 158 00:14:35,009 --> 00:14:41,610 didn't have that level of skill or the equipment to do that. So I ordered some of the parts 159 00:14:41,610 --> 00:14:46,220 preassembled but then assembled those parts. For those of you familiar with watch making, 160 00:14:46,220 --> 00:14:52,869 I couldn't possibly do the hair spring to the balance wheel myself so those came assembled. 161 00:14:52,869 --> 00:14:57,160 If you look at the graphic that's on the bottom there, most mechanical watch movements only 162 00:14:57,160 --> 00:15:03,720 have five main components. And I had this whole cool spiel prepared to show how we could 163 00:15:03,720 --> 00:15:10,720 map security and hacking in using the watch to move that forward but then I decided I 164 00:15:10,930 --> 00:15:15,119 can't share that with you yet because it will ruin some of the badge challenge that is happening 165 00:15:15,119 --> 00:15:18,749 this year. If you go across the bottom, you have basically 166 00:15:18,749 --> 00:15:25,749 a mainstream and the balance wheel and the escape that controls how the energy is released. 167 00:15:26,920 --> 00:15:33,089 That's kind of like your firewall. And then at the end, the 5 and the 6 are displayed 168 00:15:33,089 --> 00:15:40,089 to show you the time. So all of the glass that's on the uber badge, 169 00:15:40,559 --> 00:15:45,670 they are actual watch crystals on the front and the back. Can you hear this? 170 00:15:45,670 --> 00:15:47,709 (Ticking). Yes! 171 00:15:47,709 --> 00:15:54,709 LosT: So it is really hard to sleep when you have 30 of these ticking in your room. 172 00:15:55,459 --> 00:15:58,369 (laughter). And I'm getting to the point now where I just 173 00:15:58,369 --> 00:16:01,740 started blocking the noise out because I have been working on these for so many months. 174 00:16:01,740 --> 00:16:08,740 It is just ticking all the time. There's some of the movement out with the 175 00:16:09,179 --> 00:16:14,889 PCB on top on one of my desks. (Clapping). 176 00:16:14,889 --> 00:16:21,399 LosT: Thank you. Somebody clapped. (applause). 177 00:16:21,399 --> 00:16:28,399 Yeah, they were just a little bit of work. So all of them were hand assembled by myself 178 00:16:31,610 --> 00:16:35,860 for the ubers. And that's why I can only do the ubers like this because there's no way 179 00:16:35,860 --> 00:16:41,709 I could possibly get 15,000 badges done for all you guys. Sorry. 180 00:16:41,709 --> 00:16:47,389 There's a few more pictures and I will leave that one up there for a minute in case anybody 181 00:16:47,389 --> 00:16:50,259 is participating in the badge challenge because I thought you might want to get a picture 182 00:16:50,259 --> 00:16:57,259 of the code that's on the back there. Geez, you guys are quiet. This is DEF CON. You know, 183 00:16:59,819 --> 00:17:03,869 the people that are new here, you are supposed to make noise and yell at me and throw things. 184 00:17:03,869 --> 00:17:08,080 Yeah! LosT: This is not black hat. 185 00:17:08,080 --> 00:17:12,240 (laughter). LosT: I mean, this is not an infomercial 186 00:17:12,240 --> 00:17:19,240 or a trade show. (speaker off microphone.) 187 00:17:19,800 --> 00:17:26,800 LosT: What's that? (speaker off microphone.) 188 00:17:29,760 --> 00:17:36,760 LosT: Are you done? No? Yes? Ten seconds. Marco. 189 00:17:40,480 --> 00:17:47,460 Polo! (laughter). LosT: By the way, the copper that's underneath 190 00:17:47,460 --> 00:17:53,470 the solder mass doesn't quite show up in the picture, just FYI. Some of you may have noticed 191 00:17:53,470 --> 00:17:58,440 that on your own badges. There's some ‑‑ well, we'll get to that in a minute. So one 192 00:17:58,440 --> 00:18:02,770 of the other things we did this year, more variations on the badge than ever. So up until 193 00:18:02,770 --> 00:18:08,120 the time I started doing the badge design, we always did: Here's your human badge. Here's 194 00:18:08,120 --> 00:18:13,660 your press badge. Here's your speaker badge. And there was only one human badge. So I started 195 00:18:13,660 --> 00:18:19,310 because I'm a masochist doing multiple human designs to give you guys some variety and 196 00:18:19,310 --> 00:18:26,310 flavor and it gave me more of a design palette for the crypto challenges. 197 00:18:26,920 --> 00:18:31,740 I won't tell you how many because that's part of the game is for you to figure that out. 198 00:18:31,740 --> 00:18:38,740 There are more human variations than we have ever had. In addition to that ‑‑ there 199 00:18:39,260 --> 00:18:44,960 is us doing some of the sorting of the badges to make sure when we distribute them, there 200 00:18:44,960 --> 00:18:50,670 was a mixture. Because there was one year, last year actually, the registration desks 201 00:18:50,670 --> 00:18:55,130 were taking the boxes as they came in. And, of course, even those there were multiple 202 00:18:55,130 --> 00:18:59,480 designs they came grouped together so all of a particular badge were going out like 203 00:18:59,480 --> 00:19:03,940 on Thursday and all on Friday and it prevented people from moving forward in the game because 204 00:19:03,940 --> 00:19:10,540 they couldn't find the other variants. So we actually hand mixed up all the badges this 205 00:19:10,540 --> 00:19:15,720 year. (applause) 206 00:19:15,720 --> 00:19:22,720 LosT: So, like I mentioned before, we have these things we call non‑human badges. You 207 00:19:27,440 --> 00:19:32,890 will notice that all of the non‑human badges this year are, in fact, face cards with the 208 00:19:32,890 --> 00:19:39,890 exception of one. That would be the press badge. The press badge is a deus. 209 00:19:40,810 --> 00:19:47,810 (applause). LosT: And for the slow kids in the audience, 210 00:19:48,450 --> 00:19:55,450 that is my "fuck you" to the press. (laughter). LosT: Oh, deuce. I get it. It is spelled 211 00:19:57,580 --> 00:20:04,580 differently. The one on your left is the vendor badge. That's why he has the bit coin. The 212 00:20:05,960 --> 00:20:10,590 one in the middle you got to kind of figure it out. But the base behind him is a GNL base. 213 00:20:10,590 --> 00:20:17,300 So that's a little bit of a hint. So I added two new card types because, no 214 00:20:17,300 --> 00:20:23,120 poker came would be complete without the ability to get the hack hand. I introduced the hacker 215 00:20:23,120 --> 00:20:29,380 card and the crypto card instead of the two jokers. If you get a hacker, crypto, ace and 216 00:20:29,380 --> 00:20:36,380 king you have the playing hand. There was to add variation. Those of you who have purchased 217 00:20:40,130 --> 00:20:45,170 some of those decks, they came with two hackers in them because they did a misprint because 218 00:20:45,170 --> 00:20:49,840 everything I do seems to get screwed up in production somehow. 219 00:20:49,840 --> 00:20:55,090 We actually got the crypto cards printed and overnighted and we have them. I'm going to 220 00:20:55,090 --> 00:21:00,020 have them in my 1057 room. So if you bought one of those decks, bring it in there. Show 221 00:21:00,020 --> 00:21:07,020 me the deck and I will give you one of those crypto cards. So there's your hack hand. 222 00:21:11,020 --> 00:21:17,750 (applause). Limited number, I think we made 2,000 or something 223 00:21:17,750 --> 00:21:23,920 like that. So there is not very many. If you guys like them, we may do a blank run for 224 00:21:23,920 --> 00:21:30,920 next year or whatever. For next year, I have been talking to Neil and DT, we think we have 225 00:21:35,100 --> 00:21:38,760 a theme picked out. Won't release what the theme is but I was very excited that Jeff 226 00:21:38,760 --> 00:21:44,130 actually gave me permission to tell you guys that we are he a going to release information 227 00:21:44,130 --> 00:21:48,270 about the badges. And it feels kind of wrong and kind of dirty to be breaking tradition 228 00:21:48,270 --> 00:21:52,400 like that, that we've been doing this for so long. But I also think it is time to move 229 00:21:52,400 --> 00:21:57,370 forward on some things. And just like in the security field, if we don't continue to innovate 230 00:21:57,370 --> 00:22:02,630 and move forward, we'll stagnate. And I think that's starting to happen in some areas, so 231 00:22:02,630 --> 00:22:07,290 I really think we need to push the envelope and I hope that's what we do hear at DEF CON 232 00:22:07,290 --> 00:22:14,290 and I hope that's what all of you do when you go back to your respective schools and 233 00:22:15,220 --> 00:22:21,270 places of business. So thanks. The people in the front are clapping 234 00:22:21,270 --> 00:22:28,270 for me. Yeah, come on! Innovate! Aren't you guys tired of shit being broken? Come on. 235 00:22:28,530 --> 00:22:31,050 (applause). So if you take a look at your badges, some 236 00:22:31,050 --> 00:22:36,400 of them, not very many, but some of them are four‑layer boards, not two. And I won't 237 00:22:36,400 --> 00:22:41,360 tell you which ones they are. But they are ‑‑ the ones generally ‑‑ the general populous 238 00:22:41,360 --> 00:22:48,360 badges are a two‑layer PCB with exposed copper a solder mask and were designed in 239 00:22:50,130 --> 00:22:57,130 Eagle. The artwork could be done as vector art in Ink Scape. So I'm hoping to inspire 240 00:23:01,190 --> 00:23:06,770 you, those of you that haven't even thought of it, you can download free tools and crank 241 00:23:06,770 --> 00:23:11,500 out a circuit board like the one you have around your neck. 242 00:23:11,500 --> 00:23:13,080 A what? LosT: A circuit board which is what they 243 00:23:13,080 --> 00:23:18,510 are. They are printed circuit boards, PCBs. (speaker off microphone.) 244 00:23:18,510 --> 00:23:25,510 LosT: Maybe. There may be other things. It's copper. You can solder to it. Just because 245 00:23:26,880 --> 00:23:29,610 it doesn't look like a pad doesn't mean it might not be. 246 00:23:29,610 --> 00:23:36,610 So, anyway, you guys like them? Are you enjoying the badges this year? 247 00:23:38,490 --> 00:23:43,290 (applause). You guys make the CON for me. You do. I put 248 00:23:43,290 --> 00:23:50,290 a crap ton of work into the stuff that I do. It's a unique challenge to design cryptography 249 00:23:50,740 --> 00:23:57,180 puzzle that is are designed to be broken in a temporal space of about three days. 250 00:23:57,180 --> 00:24:01,640 For smart people like that because you are all smarter than I am ‑‑ you are. I'm 251 00:24:01,640 --> 00:24:07,390 just like this retard in my closet with a soldering iron and coding and I slap stupid 252 00:24:07,390 --> 00:24:14,340 crap together and I come to DEF CON and barf it out and you guys actually solve this stupid 253 00:24:14,340 --> 00:24:21,340 crap that I put out every year. And I'm amazed every single year somebody solves a piece 254 00:24:21,960 --> 00:24:28,280 of the puzzle in a way that I had not even thought of. And that's why this is a hack 255 00:24:28,280 --> 00:24:32,690 CON. That's why these are my people. That's why I can come here and do stupid crap like 256 00:24:32,690 --> 00:24:39,690 that and not have to justify myself. This is my one time a year ‑‑ (applause). 257 00:24:43,890 --> 00:24:48,540 This is my one time a year I can go in a large group like this and not feel like that odd 258 00:24:48,540 --> 00:24:54,120 duck or I have to explain my T‑shirt or I have to explain why I did what I did. And 259 00:24:54,120 --> 00:24:58,900 I hope you all feel that way, too. And for you guys that are new to DEF CON, everything 260 00:24:58,900 --> 00:25:02,620 that I do in these contests is designed to make you interact with each other because 261 00:25:02,620 --> 00:25:07,420 I know most of us tend to be introverted based on personality types that gravitate towards 262 00:25:07,420 --> 00:25:14,420 certain fields. I have a background in mathematics. I'm used to looking at my own shoes. 263 00:25:15,770 --> 00:25:20,060 I encourage you to talk to each other. You have an ice breaker around your neck. You 264 00:25:20,060 --> 00:25:24,410 have an excuse to say: I haven't seen that badge yet, can I see that? In order to see 265 00:25:24,410 --> 00:25:29,340 that, you have to be close to someone. You have to interact. I encourage you to do that. 266 00:25:29,340 --> 00:25:32,620 I also encourage you to do that because it makes solving the puzzles easier and it is 267 00:25:32,620 --> 00:25:36,980 actually impossible to solve the puzzles this year without looking at other people's badges. 268 00:25:36,980 --> 00:25:40,350 Same thing was true last year and the year before that. 269 00:25:40,350 --> 00:25:44,240 To me the most important thing that comes out of DEF CON are the relationships that 270 00:25:44,240 --> 00:25:49,650 are built here that then produce other fruits that might not otherwise be out in the world 271 00:25:49,650 --> 00:25:53,610 because I think there's too much wrong with what's going on. There is too much wrong in 272 00:25:53,610 --> 00:25:59,180 security. We've seen a lot of bad stuff coming out in the news lately. And you all understand 273 00:25:59,180 --> 00:26:05,710 we're odd. We're the odd folks in this ‑‑ if you go out and you think about the average 274 00:26:05,710 --> 00:26:11,110 IQ of somebody on the planet, it's kind of frightening, yeah. 275 00:26:11,110 --> 00:26:18,110 So, anyway, I'm glad you're all here. Welcome to DEF CON 21. 276 00:26:18,220 --> 00:26:25,220 (applause) You're going to have to be more lively than 277 00:26:25,360 --> 00:26:32,210 this for your other speakers. This is open ceremony. You have speakers up here who will 278 00:26:32,210 --> 00:26:36,040 be drinking while they present and they want to talk to you. If somebody starts talking 279 00:26:36,040 --> 00:26:41,910 bull shit in their speeches, call them on it. That's why we are here at DEF CON. Welcome 280 00:26:41,910 --> 00:26:42,340 and have a great time. (applause). 281 00:26:42,340 --> 00:26:49,340 Do I release the hounds now? What do I do? Tell the security story. 282 00:26:56,920 --> 00:27:02,970 LosT: You guys want to hear the TSA security story? So I hand carried the ubers and several 283 00:27:02,970 --> 00:27:08,580 of the badges and I had them in a box and duct taped shut with black duct tape. Probably 284 00:27:08,580 --> 00:27:10,550 not the best choice. (laughter). 285 00:27:10,550 --> 00:27:14,650 And I took it in my carry on because there was no way in hell I was going to check this. 286 00:27:14,650 --> 00:27:20,610 This was real glass. These will break. So I checked the box. It is going through the 287 00:27:20,610 --> 00:27:25,600 x‑ray machine and the lady is looking at me. And she looks at the screen and she looks 288 00:27:25,600 --> 00:27:29,350 back at me and I see her eye kind of raise. She looks back at the screen and then they 289 00:27:29,350 --> 00:27:36,350 do the whole call someone else over. According to Bruce, the security theater began. Curtain 290 00:27:37,560 --> 00:27:41,270 rose and act 1 started. (laughter). 291 00:27:41,270 --> 00:27:48,110 The TSA had another gal come over and look at the screen and, of course, then they pull 292 00:27:48,110 --> 00:27:53,580 it out the other side of the x‑ray. Sir, is this your bag? Yes, it is. Would you mind ‑‑ 293 00:27:53,580 --> 00:27:58,510 because it was in a box inside of my carry on. So she goes, I'm going to take it out. 294 00:27:58,510 --> 00:28:05,510 I said go ahead. Please be careful. It is fragile. (laughter). 295 00:28:09,080 --> 00:28:15,140 So don't ever tell TSA something is fragile because they take that to mean explosive, 296 00:28:15,140 --> 00:28:22,140 I guess. I don't know. Because, you know... So they open up my bag and once you open the 297 00:28:22,370 --> 00:28:28,010 bag, then you can start to hear the ticking noise that's going. 298 00:28:28,010 --> 00:28:33,820 (laughter). TSA doesn't like little boxes wrapped in black 299 00:28:33,820 --> 00:28:40,700 duct tape that tick that show up with extreme amounts of metal in the x‑ray. Especially 300 00:28:40,700 --> 00:28:46,520 when there is a big fuckin' skull on it. (laughter) 301 00:28:46,520 --> 00:28:53,520 You know what? It was fun and I'm glad I made my flight. How's that? And consequently, that's 302 00:28:55,450 --> 00:29:00,520 not the first time this has happened to me coming to DEF CON. I had the mystery boxes 303 00:29:00,520 --> 00:29:07,120 declared as bombs at least four separate times and we have had hotel security here as people 304 00:29:07,120 --> 00:29:11,830 competing in the mystery challenge carrying these metal boxes with mercury till sensors 305 00:29:11,830 --> 00:29:18,430 on them so they are balancing them very precariously because if they tilt them the box wails because 306 00:29:18,430 --> 00:29:24,210 I'm a jerk. (laughter). I will give you this one and then I got to 307 00:29:24,210 --> 00:29:30,410 let you go. I had these thick steel boxes that were made out of a tube. And they had 308 00:29:30,410 --> 00:29:35,750 locks on the top and bottom. And I put the mercury till switch inside so they couldn't 309 00:29:35,750 --> 00:29:40,210 tilt the box but they had to pick the bottom lock first. I got these big ass heavy boxes 310 00:29:40,210 --> 00:29:44,720 they can't tilt and they have to go up through the bottom. You have people holding these 311 00:29:44,720 --> 00:29:48,580 boxes that weigh 50 pounds over the head of some guy who is underneath trying to pick 312 00:29:48,580 --> 00:29:55,580 the log from the underside. And so here's security walks by and here's these guys holding 313 00:30:05,580 --> 00:30:07,310 the box and you got this guy on the ground. (laughter). 314 00:30:07,310 --> 00:30:11,540 And there were blinking lights on the outside. Looked like a bomb. So, anyway, those are 315 00:30:11,540 --> 00:30:15,090 the kinds of stories that I will never forget about DEF CON. Anyway, thank you very much. 316 00:30:15,090 --> 00:30:15,370 Have a great conference. (applause). 317 00:30:15,370 --> 00:30:15,620 Okay, everybody. We are going to clear the room. So if you are seated, unseat yourself 318 00:30:15,490 --> 00:30:15,740 and move towards the exits. Thanks a bunch.