CYPHERCON 2016 Electronic Badge

The Cyphercon 2016 badge is a functional minimalist Exclusive Or Stream Cipher implemented in hardware around old-school 7400 logic chips, micro-switches, and LEDs without the use of a processor or micro-controller.  Essentially, it is a very nerdy encoder ring.

Interface

generalbadge

1. Override High
2. Override Low
3. Input 0 (1’s place)
4. Input 1 (2’s place)
5. Input 2 (4’s place)
6. Step

Encoding Operation

CypherTTY is a minimal 3 bit character encoding standard designed for the Cyphercon 2016 Badge.  While you could use the badge to encrypt any binary data, I thought it would be fun to have a standard way to make secret text messages.

000     >       >       >       >       >       >
001     SP      3       ,       N       U       B
010     E       4       ?       S       M       V
011     T       5       !       H       W       K
100     .       6       ”       R       F       J
101     0       7       A       D       G       X
110     1       8       O       L       Y       Q
111     2       9       I       C       P       Z

A message always starts from the first column.  If the desired character exists on this column, note down the indicated 3 bit value from the matrix.  If not, a value of 000 shifts to the next column.  This is a ‘Column Shift’ character, and is unprintable.  Shifting from the last column wraps back to the first column.

For an example we will encode “Hello!”

H 000 000 000 011
E 000 000 000 010
L 000 000 000 110
L 110
O 000 000 000 000 000 110
! 011

Our bit-stream is: 000 000 000 011 000 000 000 010 000 000 000 110 110 000 000 000 000 000 110 011

Encrypting Operation

For each of the 8 bits in the seed, from highest to lowest bit, hold the High Override or Low Override switch then click the Step switch.  When you are finished, the 8 linear feedback shift register (LFSR) indicator LEDs should match your seed.

 

For each three bits of the plain-text stream: For any high valued bits, hold down the corresponding Input switch.  Note the binary value resulting on the Output indicator LEDs.  Then click the Step button to clock the LFSR forward before moving on to the next three bits.

For an example we will encrypt the encoded bit-stream for “Hello!” using the seed 00000001

000 000 000 011 000 000 000 010 000 000 000 110 110 000 000 000 000 000 110 011

Becomes

001 010 100 011 000 000 000 011 011 110 100 110 110 000 001 010 101 010 010 011

Decoding Operation

Starting from the first column again, we will decode the encrypted bit-stream into printable characters

001 010 100 011 000 000 000 011 011 110 100 110 110 000 001 010 101 010 010 011

SP   E   .   T   >   >   >   H   H   L   R   L   L   >   U   M   G   M   M   W

or

” E.THHLRLLUMGMMW”

This decoded cipher-text is the secret message.  Decrypting this message is the same procedure as encrypting it.  As long as you use the same starting seed, the message will always decrypt to “Hello!”

Special cases when CypherTTY encoding a cipher-text binary stream:

After encryption, if the last character in the cipher-text is a Column Shift (000), notate this with a “+” character.  Replace any run of six Column Shift characters (000 000 000 000 000 000) with a “=” character.

These rules avoid two situations where, without them, it would be possible to encode a stream of bits into a string that would decode to a different stream of bits. Which, while hilarious … makes for a very short game of telephone.

Advanced Topics

Reconfiguration

The operation/configuration of the badge comes set by seven 0 Ohm resistors on the back of the badge.  If they are removed, the circular header can be then used to remap some of the badge logic.  Think of this like the plug board or patch-bay.

Automation

It is possible to control the badge through the circular header.  You can roll your own interface or ask about Badge Bug.

Weaknesses

The period of the LFSR as implemented is very low.  We fully expect the secret messages hidden around the conference to be cracked.  Be sure to read through the Badge Driver firmware source code for a hint.

Integrated Circuits

74hc595 Serial to Parallel Shift Register

Stores the state of the linear feedback shift register (LFSR) (a pseudo-random number generator) and drives the 8 LFSR indicator LEDs.

74hc14 Hex Inverter

Keeps the clock and latch pins of the 595 180 degrees out of phase

74hc86 Quad Exclusive Or Gate

Gates 1-3

XOR each of the user Input bits with their corresponding Key bits, using the result to drive each of the three Output indicator LEDs

Gate 4

XOR bits 6 and 7 of the LFSR, using the result to feedback into the LFSR when stepping into the next state of of the pseudo-random number generator.

NE555 Timer

De-bounce the Step button, to ensure that the user can only step the LFSR forward intentionally.

 

HACK THE BADGE

To use these files, you will need to download Propeller Tool which can be found:
The propellers can also be programmed in C: http://learn.parallax.com/propeller-c-set-simpleide so if you want to do a port over to C from spin, you are welcome to do so.
You can also use this: https://github.com/parallaxinc/PropellerIDE which works with spin files on Windows, Linux, and Mac.

http://pastebin.com/nGqUetjk – Badge Driver_v1_0.spin

http://pastebin.com/7zCcJLPE – BadgeMonitor_v1_0.spin