LAS VEGAS — Def Con is one of the world’s biggest hacker conventions, an annual gathering of security experts, cryptographers and at least a few people who could surreptitiously drain your bank account if they wanted. They come to Las Vegas to learn about the latest computer vulnerabilities and exploits, show off their skills, and hack or crack anything that can be hacked and cracked—including the conference badges.
Badges for Def Con, now in its 22nd year, are as big a draw as the event itself. Eschewing the traditional laminated cards that other conventions provide, the badges have evolved over the years to become electronic gizmos with circuit boards, LEDs and cryptographic puzzles—all designed to give hackers and crypto-crackers a sandboxed playground to exercise their arts. For several years the badge has also been part of a contest—with the most clever hack of the circuit board winning a coveted black Uber badge and lifetime free admission to the con.
The coveted black Uber badge is given to the winners of the badge challenge and other Def Con contest. Note the Korean writing at the bottom. This and other foreign-language letters and characters on the badges—Chinese, Hebrew, Mongoolian—are part of the puzzle. 
Ryan Clarke
For a number of years the badges were created by designer Joe Grand and catered primarily to hardware hackers with circuit-board smarts and a soldering iron. The best jury-rigged badge pimped out to control a blimp or [[thwart facial-recognition systems, took home the prize. But this meant that math geeks and code warriors were often left on the side.](https://www.youtube.com/watch?v=i6lOUM3YTAU)](https://www.youtube.com/watch?v=i6lOUM3YTAU)
[<a href="https://www.youtube.com/watch?](https://www.youtube.com/watch?v=i6lOUM3YTAU)
l3YTAU">Enter Ryan Clarke, aka LostboY or LosT.</p><a href="https://www.youtube.com/watch?v=i6lOUM3YTAU"> <p>Clarke took over badge design in 2012 and promptly made mysteries and math the centerpiece. It makes sense, given that he’s a crypto and puzzle master
eef Con’s most pop contests—the</p>-challenge/">Mystery Chage>, which involved <a href="https://www.wired.com/2008/08/the-defcon-16-m/">a lot of crypto and math</a>. <p>That carried over to the first badges he made in 2012, which had more than 45 puzzles, some of which told the story of a secret crypto society Def Con att
ead to unmask. It took until nine months after the conference for someone to solve the final mystery.</p> <p>This year, Clarke has packed more than a dozen stages into his challenge, with some involving multiple puzzles that have to be solved before players can advance to the next level. The puzzles lead to other puzzles and clues disperse
rhout the conference on floors and walls. Players need parts of each to arrive at the final solution.</p> <p>Clarke designs at least seven badges each year—one for vendors, press, goons (conference volunteers), speakers, contest leaders and humans (attendees)—all of which have different puzzles and roles to play in th
ange. He also designs the winning Uber badges awarded to the winners of the various Def Con contests.</p> <p>Enthusiastic con
a and mystchallenges and have//1o57.wikispaces.com0+ge+Contest">web pages</a> chronicling their <a href="http://elegin.com/dc21/">efforts to crack them</a>. <p>“I’m kind of like a magici
I - .- C
e
nt/uploads/2014/07/Def-Con-Badges-All-660x495.jpg" alt="Def Con Badges -- All" width="660" height="495"></a>
Clarke designs seven badges each year—one for attendees (humans), goons (conference volunteers), vendors, speakers, contest leaders, the press, and the Uber badge. The number “22” on every badge is unique to that badge design; players have to collect eacg class="photsrc="https://www.wired.com/wp-content/themes/wired/assets/images/gallery-cam@2x.png" alt=""> Ryan Clarke
<p>That’s getting increasingly difficult to do, however. Hardcore players know Clarke’s life inform his puzzles. After he took up the bass guitar last year, for example, music and musical notes appeared in his design. And his Uber badge always includes a skull, a reference
hfirst Def Con, when he won an embedded devices contest by embedding a web server in a plastic skull.</p> <p>With that in mind, badge hackers are constantly keeping tabs on him, looking for any tells. They pore over his online life, seeking even the smallest clue. One year while running the Mystery Challenge, Clarke had to change hotel rooms because people were trying to break into his room. There have even been players who resorte
ial engineering, contacting his family and friends to artfully solicit details about his backg
dp> <p>“Basically, they were doing all the things you would want to do to hack someone,” Clarke said.</p> <p>Although the challenge is hard to crack, the central puzzle is designed to be solved before the con ends Sunday. He says it requires a lot of f
sto make something that is solvable in a finite amount of time but still intellectually challenging.</p> <p>“If you want to be a jerk, you can just encrypt it to make it really hard to break. But then it’s not fun for everyone,” he says. “I have to think, How do I a
w to it so it is accessible within a finite amount of time and is still clever and kitschy and fun?”</p> <p>Anyone who gets truly stumped can ask him for a clue. He’ll be camped out in a room fo
eration of the Con. But players have to put in significant effort before he’ll bother answering them.</p> <p>“Part of the puzzle is figuring out a code word that enables them to ask me questions to get help,” he says. “So if it’s frustrating and they’re ready to give up, if they
t code word they can ask me for help. But they have to do some level of effort to get to the point.”</p> <p>In the past, players have tried to uncover solutions
dg a data dump from the EEPROM on the badges to search for solutions and hints in the badge’s memory.</p> <p>“That was a clever hack and I gave people props for doing that,” he says. But to foil them, all the text and clues stored in this year’s
Ore encrypted. He inserted a few bits of cleartext, however, that take a playful jab at the cheaters.</p> <p>The encrypted
e c- .- C
e
content/uploads/2014/08/DefCon-2014-Badges660.gif" alt="DefCon-2014-Badges660" width="660" height="371"></a>
A gif made from a video Clarke prog class="photsrc="https://www.wired.com/wp-content/themes/wired/assets/images/gallery-cam@2x.png" alt=""> Ryan Clarke
<p>Clarke’s foray into Def Con hacking games began after his first year at the con. He’d come alone and didn’t know what to expect and entered the TCP-IP Embedded Devices challenge on a lark. He participated as a single contestant but beat out competing teams of multiple players to secure the coveted Uber badge his first time out. When he learned the contest wouldn’t be held the following year, he pinged Def Con founder Jeff Moss and offered to run the contest himself. Moss agreed, and Clarke spent six months designing the competition—only to see it cancelled at the last minute due to a communication snafu. Undeterred, he decided t
sis own contest anyway—an unofficial, underground Mystery Challenge—which turned out to be a big hit.</p> <p>“I had a huge showing of people for this contest that was technically not happening,” he says. All of the secrecy around that first challenge has carried over t
save always bpart of Clarke’s life—his uncle,</p> <a href="http://en.wikipedia.org/wiki/Floyd_I._Clarke">Floyd Clarke</a>, was deputy director of the FBI durinhe Clinton administration and was once offered directorship of the CIA, Clarke says, but turned it down.
ina- .- C
e
//www.wired.com/wp-content/uploads/2014/07/Def-Con-Goon-Badge.jpg" alt="Def Con Goon Badge" width="275"></a>
The red badge goes to thg class="photsrc="https://www.wired.com/wp-content/themes/wired/assets/images/gallery-cam@2x.png" alt=""> Ryan Clarke
<p>Last year, he went old school with a simple plastic badge that was designed with a blackjack theme, to play off Def Con’s 21st year. Each of the seven ba
d badge departed from the theme, with an</p> <a href="httpsww.wired.com/2013/08/def-badges-revealed/">intricate steampunk design and actual mechanical clockwork</a> embedded in the badge. <p>He’s back to electronics for 2014, with a badge that features a circuit board and several LEDs. Buried within it, however, are crypto-puzzles, electronic Easter eggs,
angs that aren’t whaty seem. Tying theme riffs on John Carpenter’s 1988</p> <a href="%E2%80%9D">sci-fi cult classic <em>They Live</em></a> about a shaggy-haired drifter named John Nada who stumbles upon a box of mysterious sunglasses. The glasses allow him to see what others cannot: That an alien race, disguised as the ruling classes, has taken over the world to broadcast subliminal media messages tostract the masses—“Consume!” “Marry!” “Reproduce!” “Sleep!”—while they strip the Earth of its resources. <p>“You need special glasses or you can’t see the aliens’ t
f, and throughout the movie there are things you can only see if you have the glasses,” Clarke notes.</p> <p>Likewise, every Def Con attendee will get a pair of red-tinted glasses that will
w m- .- %
%
.com/wp-content/uploads/2014/07/defcon-new-01-660x495.jpg" alt="defcon-new-01" width="660" height="495"></a>
The Human badge goes to regular attend “Do Not is Clarke’s subversive counter message to the subliminal messages the aliens in the film <em>They Live</em> broadcast through the media to keep Earthlings in line. Clarke has designed more than g class="photsrc="https://www.wired.com/wp-content/themes/wired/assets/images/gallery-cam@2x.png" alt=""> Ryan Clarke
<p>Clarke has designed the badges to be used long after the conference ends. The circuit board, for example, has signal traces—wires printed on the board—that can be used to control micro-controllers. This year’s badge, along with the 2012 badge, can be
A Def Con talk that Clarke</p href="https://www.defcon.org/html/defcon-dc-22-speakers.html#Bathurst">is presenting with colleagues</a>” will show how the two-badge hack works. <p>Clarke has found that each year the biggest mistake players make in trying to crack his challenge is over-thinking and over-engineering solutions. Clarke likes to play with them by giving some puzzles an easy solution, which contestants are often too quick to reject. Other puzzles can be decrypted in multiple ways, leaving players to determine which is correct. To help and confound them, Clarke tweets a hint every few hours to nudge people along if he thinks the crowd is getting stuck. But if everyone seems to be progressing too well, he may tweet a red herring to tr
hem up. After all, he wants people to solve his puzzles. He just doesn’t want them to do it too quickly.</p>
