NHB12

The NHB12 and NHB12B are the tenth and eleventh hardware revisions of the GoodFET, but they also served as conference badges for the Next Hope conference that occurred in Manhattan in 2010. These were the first GoodFETs to be mass produced, but an additional badge hacking kit is necessary to run the GoodFET firmware.

All badges ship with an MSP430 port of the OpenBeacon firmware for use with the conference's OpenAMD deployment.

NHBadge

CAD Files

Eagle CAD 5.x files for the design can be found in /branches/nhb12 of the subversion repository, or as nhb12.zip and nhb12b.zip.

The complete project files, including the assembly line programming and regression tests scripts, are available at http://sourceforge.net/projects/nhbadge/files/. A newly minted Win32 port of the GoodFET's MSP430 Client was used for all flashing and testing.

Firmware

The pinouts of the NHB12 and NHB12B differ from the GoodFET2x series that is assumed by the MSP430F2618 firmware. Full support will be integrated into 'goodfet.bsl --fromweb' soon, but for the time being, flash one of the images at the NHBadge project's file page

with 'goodfet.bsl -e -p foo.hex'.

To build the GoodFET firmware for these boards, compile trunk/firmware with 'board=nhb12 make clean install' or 'board=nhb12b make clean install' as your hardware dictates.

Bill of Materials

Coming Soon

Errata

Email travis at radiantmachines.com if you should find any.

Hacks

Makers Local 256 wired one of their badges to build a Geiger Counter that detects other badges.

Adam Mayer hacked up a replacement OpenBeacon firmware image which would clone a nearby device's ID, in order to confuse the aggregation servers. You can find a copy of his firmware in the nhbadge subversion repository.

Travis managed to build a promiscuous sniffer for Microsoft's 2.4GHz wireless keyboards, documented in Promiscuity is the nRF24L01+'s Duty. Keystrokes are USB HID events encrypted only by XOR, where the key is the 5 byte MAC address. Because a key-up event includes a longer string of zero bytes, some packets actually include the key twice!

Next Hope Badge USB Modification

(The following are instructions for assembling the badge hacking kit. They've yet to be edited properly into the project description.)

This kit is best used with the 80-pin MSP430F2618 model, so switching to that model is recommended prior to assembly. The 80-pin model is written as "NHB12" on the right of the badge, while the 64-pin model is "NHB12B"

Introduction

The following instructions are for adding USB support to a Next Hope conference badge, model numbers of which are NHB12 and NHB12B. For further details see my article entitled Hacking the Next Hope Badge.

While these instructions are not terribly complicated, the kit is not intended for a first-time solderer. If you have never soldered before, then build a TV-B-Gone as practice before having someone help you assemble this kit. Additionally, some Unix or command-line Windows experience is necessary, as the tools involved do not have a GUI.

Modification

First, be sure that you have both a mini USB connector and an FT232RL chip, as pictured below. These are included in Mitch's kit.

Mini USB Connectors

FT232RL Chip

Modify your badge by the following steps:

Driver

The FTDI Virtual Comm Port (VCP) driver for Windows and Mac can be found at http://www.ftdichip.com/Drivers/VCP.htm, while Linux and OpenBSD distributions generally ship with built-in support.

OpenBeacon Firmware

To reflash your badge's OpenBeacon firmware, grab the NHBadge project from subversion. The Unix command for this is ``git clone https://nhbadge.svn.sourceforge.net/svnroot/nhbadge''. (TortoiseSVN will retrieve the same URL for Windows users.) Inside the nhbadge/dist path, one will find the latest Next Hope badge firmware along with Windows batch scripts for programming the badges. Unix users with a C compiler and GoodFET and instead run ``goodfet.bsl -e -p foo.hex'' to compile the firmware and flash a firmware image over USB.

To make things a bit easier, a ZIP file distribution for Windows users is available at http://goodserv.cis.upenn.edu/nhdist.zip. This is the exact file that was sent to the manufacturer, and was the file used on the production line to program these things.

GoodFET Firmware

To download the GoodFET firmware for either Unix or Windows, visit http://goodfet.sf.net/ and follow the SVN instructions. Once installed, you can flash the GoodFET firmware to the badge with either 'goodfet.bsl -e -p goodfet2618.hex' or 'GFBSL.EXE -e -p goodfet2618.hex'.

To build the GoodFET firmware for these boards, compile trunk/firmware with 'board=nhb12 mcu=msp430x2618 make clean install' or 'board=nhb12b mcu=msp430x2618 make clean install' as your hardware dictates.

Once flashed with firmware, the badge will respond to 'goodfet.monitor info' ('GFMON.EXE info' on Windows) with its model number and clock calibrations.

You can then use 'goodfet.nrf sniffob' to packet sniff the rest of the badge network or 'goodfet.nrf snifftp' to sniff traffic from Turning Point Clickers. Read my articles on Hacking the Next Hope Badge and Reversing and RF Clicker for details.

Appendix A: Component Placement

NHBadge USB

NHBadge FTDI