The Cyphercon 2016 badge is a functional minimalist
Interface
Encoding Operation
CypherTTY is a minimal 3 bit character encoding standard designed for the Cyphercon 2016 Badge. While you could use the badge to encrypt any binary data, I thought it would be fun to have a standard way to make secret text messages.
000 > > > > > >
001 SP 3 , N U B
010 E 4 ? S M V
011 T 5 ! H W K
100 . 6 ” R F J
101 0 7 A D G X
110 1 8 O L Y Q
111 2 9 I C P Z
A message always starts from the first column. If the desired character exists on this column, note down the indicated 3 bit value from the matrix. If not, a value of 000 shifts to the next column. This is a ‘Column Shift’ character, and is unprintable. Shifting from the last column wraps back to the first column.
For an example we will encode “Hello!”
H 000 000 000 011
E 000 000 000 010
L 000 000 000 110
L 110
O 000 000 000 000 000 110
! 011
Our bit-stream is: 000 000 000 011 000 000 000 010 000 000 000 110 110 000 000 000 000 000 110 011
Encrypting Operation
For each of the 8 bits in the seed, from highest to lowest bit, hold the High Override or Low Override switch then click the Step switch. When you are finished, the 8 linear feedback shift register (LFSR) indicator LEDs should match your seed.
For each three bits of the plain-text stream: For any high valued bits, hold down the corresponding Input switch. Note the binary value resulting on the Output indicator LEDs. Then click the Step button to clock the LFSR forward before moving on to the next three bits.
For an example we will encrypt the encoded bit-stream for “Hello!” using the seed 00000001
000 000 000 011 000 000 000 010 000 000 000 110 110 000 000 000 000 000 110 011
Becomes
001 010 100 011 000 000 000 011 011 110 100 110 110 000 001 010 101 010 010 011
Decoding Operation
Starting from the first column again, we will decode the encrypted bit-stream into printable characters
001 010 100 011 000 000 000 011 011 110 100 110 110 000 001 010 101 010 010 011
SP E . T > > > H H L R L L > U M G M M W
or
” E.THHLRLLUMGMMW”
This decoded cipher-text is the secret message. Decrypting this message is the same procedure as encrypting it. As long as you use the same starting seed, the message will always decrypt to “Hello!”
Special cases when CypherTTY encoding a cipher-text binary stream:
After encryption, if the last character in the cipher-text is a Column Shift (000), notate this with a “+” character. Replace any run of six Column Shift characters (000 000 000 000 000 000) with a “=” character.
These rules avoid two situations where, without them, it would be possible to encode a stream of bits into a string that would decode to a different stream of bits. Which, while hilarious … makes for a very short game of telephone.
Advanced Topics
Reconfiguration
The operation/configuration of the badge comes set by seven 0 Ohm resistors on the back of the badge. If they are removed, the circular header can be then used to remap some of the badge logic. Think of this like the plug board or patch-bay.
Automation
It is possible to control the badge through the circular header. You can roll your own interface or ask about Badge Bug.
Weaknesses
The period of the LFSR as implemented is very low. We fully expect the secret messages hidden around the conference to be cracked. Be sure to read through the Badge Driver firmware source code for a hint.
Integrated Circuits
74hc595 Serial to Parallel Shift Register
Stores the state of the linear feedback shift register (LFSR) (a pseudo-random number generator) and drives the 8 LFSR indicator LEDs.
74hc14 Hex Inverter
Keeps the clock and latch pins of the 595 180 degrees out of phase
74hc86 Quad Exclusive Or Gate
Gates 1-3
XOR each of the user Input bits with their corresponding Key bits, using the result to drive each of the three Output indicator LEDs
Gate 4
XOR bits 6 and 7 of the LFSR, using the result to feedback into the LFSR when stepping into the next state of of the pseudo-random number generator.
NE555 Timer
De-bounce the Step button, to ensure that the user can only step the LFSR forward intentionally.
HACK THE BADGE
http://pastebin.com/nGqUetjk – Badge Driver_v1_0.spin