When the Def Con hacker conference celebrated its 20th year last summer, the passage of time was evident; hackers who attended their first con in their teens and 20s returned to tow their children to the Def Con Kids segment.
That tick-tock of time gets a nod this year in the Uber badge – the black badge handed out at the end of the conference to contest winners – in the form of a meticulously crafted, old-school, mechanical timepiece embedded in the 3-D badge.
There are other references to times past in the regular attendee and staff badges – classic bands, hacker flicks, TV shows – but also nods to cyber espionage and a conspiracy theory that connects a classic TV show to the 9/11 hijackings.
The Def Con badges have become as much a tradition as the conference itself, having evolved over the years from simple plastic and metal plates to electronic gadgets and works of art incorporating chips, circuit boards and games designed for hacking.
Last year's sophisticated electronic badges, designed and produced by Ryan Clarke (aka LostboY and LosT), involved an elaborate maze of more than 45 puzzles, some of which told the story of a secret society that attendees had to uncover. The final puzzle only got solved by someone in May, nine months after the conference ended.
This year Clarke, who also was the creator of Def Con's annual Mystery Box Challenge for years, decided to go with a non-electronic badge. But that doesn't mean there aren't electronics involved in the designs or that the badges are one-dimensional.
The badges were created using circuit-board design software and still contain circuit-board design elements, though these aren't initially apparent.
"There are hidden things in the badges themselves that come out of the natural part of being a printed circuit board," Clarke told WIRED in advance of the conference. "So they are both simultaneously electronic and non-electronic."
Some of the badges consist of four layers, with metal embedded in the inner layers that cannot be seen from the outside but can be detected using a multimeter to uncover electrical connections between points.
"All of the badges are made as PCBs with metal and metal traces and interconnected paths of some kind," he says. "If you 'beep' the board, it will provide clues."
Each year, several badges are produced for different categories of conference attendees and staff - attendees get human badges, and there are also badges for press, vendors, speakers and goons (the volunteers who are the core of DefCon, managing its computer network, security and speakers).
This year's badges are designed after poker cards, with some surprise elements thrown in. But Clarke has created more than 40 different variations of each design, which means fewer attendees will have the same Jack, Queen or King badge.
The badges have cryptographic as well as physical elements to them that play a role in solving the puzzles. Some have more than one puzzle element, and some require other badges to be combined with them to produce cryptographic and physical solutions.
There are numerous Easter eggs hidden within the designs that are based on relationships between badges – relationships that may or may not have anything to do with solving the badge puzzle.
"Each of the face cards is a famous hacker or somebody related to hackers somehow," he says. Part of the game is identifying the hackers and finding connections between cards to uncover the Easter eggs, he says.
Clarke also created special hacker and crypto cards to augment the poker hand.
But of all the badges, the Uber badge, which give the recipient lifetime free admission to DefCon, is the most elaborate since it includes a mechanical watch that serves as an homage to Clarke's grandfather, a former jeweler and watchmaker.
"At one point in his watchmaking studies he had to actually produce a mechanical watch where he created all of the parts himself," Clarke says. "I don't have that level of skill, but I wanted to see what grandpa did and what it took for him to do that."
He says the precision and meticulousness that goes into watchmaking is similar to what it takes to become a security professional or hacker.
"You have to have a whole understanding of how the entire system works in order to put it together, and I think to become a really successful hacker or security professional, you really have to understand how certain systems work at a very detailed level, because it's that level of intricacy that allows you to find the security loopholes that provide the avenues of intrusion and attack," he says.
The watch, which Clarke calls kinetic art, requires winding, has a hair spring and main spring and all the jeweled parts that a standard pocket watch would have. The parts were sourced from Europe and China, a task that turned out to be a big challenge since most watches these days are Quartz.
"Most people don't sell pieces to mechanical watch assemblies," he says. "There aren't very many strange folks like myself trying to put something like this together from parts. So it was kind of an interesting scavenger hunt on the web to locate parts."
Whether or not the watch is complete is part of the puzzle and something that attendees will have to figure out, Clarke says.
"People are going to have to have, at a fundamental level, an understanding of how a mechanical watch works in order to identify what may or may not be missing or altered," he says.
Generally the design of the Uber badge is kept secret until the end of the conference when the badges are handed out to contest winners.
But this year it plays a role in other parts of the puzzle and therefore is being revealed at the start of the conference.
"Other pieces make references to the different parts that you go through the development and construction of a mechanical watch," Clarke says.
Some DefCon staff will be wearing Uber badges during the conference so that attendees can get a look at them. Clarke also created stickers with a lot of the artwork from the Uber badge so that people will be able to study them, and one of the rotunda floor circles at the conference venue will have a large blowup of the Uber badge graphics for attendees to study. Clarke will also be stationed in room 1057 during the conference where he will have Uber badges on hand for people to view and study.
Last year there were more than 45 puzzles in the badges, including Easter eggs. A large group that solved the main badge puzzle about the secret society wrote a Wiki describing how they went about it step-by-step. But Clarke says they actually missed 20 percent of the Easter eggs.
The final puzzle, however, which appeared only on the Uber badges, involved a one-time crypto pad. Contestants had to uncover clues to find the key to decrypt it. The clues included Clarke's outfit at the conference - he dressed as Dr. Clayton Forrester, the main character from Mystery Science Theater 3000 – and the crypto key turned out to be the second verse to the TV show's opening theme song.
Only one person solved it, months after the conference ended.
"I can't even imagine how many iterations that person must have gone through to find the solution to the one-time pad," he says.
Once he had the text from the key and overlaid it with the text on the back of the Uber badge, it produced a plain text solution. The solution told participants to email Clarke at a particular address using a particular phrase.
The story behind the badges this year will unfold as people work through different stages of the badges and will set the groundwork for the badges next year, carrying the theme over to Def Con 22.
All photos courtesy of Ryan Clarke and Def Con
