The NHB12 and NHB12B are the tenth and eleventh hardware revisions of the GoodFET, but they also served as conference badges for the Next Hope conference that occurred in Manhattan in 2010. These were the first GoodFETs to be mass produced, but an additional badge hacking kit is necessary to run the GoodFET firmware.
The complete project files, including the assembly line programming and regression tests scripts, are available at http://sourceforge.net/projects/nhbadge/files/. A newly minted Win32 port of the GoodFET's MSP430 Client was used for all flashing and testing.
The pinouts of the NHB12 and NHB12B differ from the GoodFET2x series that is assumed by the MSP430F2618 firmware. Full support will be integrated into 'goodfet.bsl --fromweb' soon, but for the time being, flash one of the images at the NHBadge project's file pagewith 'goodfet.bsl -e -p foo.hex'.
To build the GoodFET firmware for these boards, compile trunk/firmware with 'board=nhb12 make clean install' or 'board=nhb12b make clean install' as your hardware dictates.
Bill of Materials
Email travis at radiantmachines.com if you should find any.
Makers Local 256 wired one of their badges to build a Geiger Counter that detects other badges.
Adam Mayer hacked up a replacement OpenBeacon firmware image which would clone a nearby device's ID, in order to confuse the aggregation servers. You can find a copy of his firmware in the nhbadge subversion repository.
Travis managed to build a promiscuous sniffer for Microsoft's 2.4GHz wireless keyboards, documented in Promiscuity is the nRF24L01+'s Duty. Keystrokes are USB HID events encrypted only by XOR, where the key is the 5 byte MAC address. Because a key-up event includes a longer string of zero bytes, some packets actually include the key twice!
Next Hope Badge USB Modification
(The following are instructions for assembling the badge hacking kit. They've yet to be edited properly into the project description.)
This kit is best used with the 80-pin MSP430F2618 model, so switching to that model is recommended prior to assembly. The 80-pin model is written as "NHB12" on the right of the badge, while the 64-pin model is "NHB12B"
The following instructions are for adding USB support to a Next Hope conference badge, model numbers of which are NHB12 and NHB12B. For further details see my article entitled Hacking the Next Hope Badge.
While these instructions are not terribly complicated, the kit is not intended for a first-time solderer. If you have never soldered before, then build a TV-B-Gone as practice before having someone help you assemble this kit. Additionally, some Unix or command-line Windows experience is necessary, as the tools involved do not have a GUI.
First, be sure that you have both a mini USB connector and an FT232RL chip, as pictured below. These are included in Mitch's kit.
Modify your badge by the following steps:
- (Optional) Use a soldering iron to remove first one side, then the other, of the battery clip. If leaving the battery in place, be sure not to have both a battery and USB power at the same time.
- Use a Dremel tool or fine cutters to remove the two plastic nubs from the the Mini USB plug. The badges as manufactured lack holes for the nubs, so it is necessary to remove them for mechanical compatibility.
- Fit the Mini USB connector to the board as shown in Appendix A. It should fit flush with the board, fitting securely after soldering. Solder a single of the pins first, then a second to ensure proper positioning. The side plugs should be soldered last, with plenty of extra solder for mechanical stability.
- UNDER NO CIRCUMSTANCES should the board be held by its USB connector. If twisted as a lever, the connector will come off, and it will not be fun to repair the board.
- Once the USB connector is properly in place, fit the FTDI chip as shown in Appendix A. The circle on the chip, which indicates Pin 1, should be next to the "U3" text. First, tack a single corner pin of the chip. Once this is done and the chip is still positioned properly, tack a pin on the opposite corner with as little solder as possible. Finally, after verifying that those pins are properly positioned, solder the remaining pins. If any bridge, remove the excess solder with a coper soldering wick.
- Having these parts connected, plug the badge into your computer using the included USB A to Mini B cable. You should then see a new USB device enumeration. If anything gets hot, immediately unplug the badge and check your soldering.
DriverThe FTDI Virtual Comm Port (VCP) driver for Windows and Mac can be found at http://www.ftdichip.com/Drivers/VCP.htm, while Linux and OpenBSD distributions generally ship with built-in support.
To reflash your badge's OpenBeacon firmware, grab the NHBadge project from subversion. The Unix command for this is ``svn co https://nhbadge.svn.sourceforge.net/svnroot/nhbadge''. (TortoiseSVN will retrieve the same URL for Windows users.) Inside the nhbadge/dist path, one will find the latest Next Hope badge firmware along with Windows batch scripts for programming the badges. Unix users with a C compiler and GoodFET and instead run ``goodfet.bsl -e -p foo.hex'' to compile the firmware and flash a firmware image over USB.
To make things a bit easier, a ZIP file distribution for Windows users is available at http://goodserv.cis.upenn.edu/nhdist.zip. This is the exact file that was sent to the manufacturer, and was the file used on the production line to program these things.
To download the GoodFET firmware for either Unix or Windows, visit http://goodfet.sf.net/ and follow the SVN instructions. Once installed, you can flash the GoodFET firmware to the badge with either 'goodfet.bsl -e -p goodfet2618.hex' or 'GFBSL.EXE -e -p goodfet2618.hex'.
To build the GoodFET firmware for these boards, compile trunk/firmware with 'board=nhb12 mcu=msp430x2618 make clean install' or 'board=nhb12b mcu=msp430x2618 make clean install' as your hardware dictates.
Once flashed with firmware, the badge will respond to 'goodfet.monitor info' ('GFMON.EXE info' on Windows) with its model number and clock calibrations.
You can then use 'goodfet.nrf sniffob' to packet sniff the rest of the badge network or 'goodfet.nrf snifftp' to sniff traffic from Turning Point Clickers. Read my articles on Hacking the Next Hope Badge and Reversing and RF Clicker for details.