The ToorCon 13 badge functions as an RF spectrum analyzer with the LEDs representing the 13 evenly spaced Wi-Fi channels in the 2.4 GHz band. Push the button to activate the badge for a short time. In addition to Wi-Fi, it can detect Bluetooth, ZigBee, microwave ovens, and anything else operating in the band.
The badge is designed to be enhanced. Only a few additional components are required to power it over USB. Fully populated, the badge functions as an Ubertooth capable of passive Bluetooth monitoring and more. Additionally, many options are open to those who would like to reprogram the microcontroller(s) on board.
Insert a CR2032 battery with the positive (+) side up.
Upon insertion of a battery, the badge should initiate a power-on self-test sequence. You’ll see LED1 through LED11 illuminate dimly in order. If all goes well, 11 LEDs will then stay lit for a second or so, and then the device will go to sleep. (Optionally you may execute an additional wireless transceiver test indicated by LED12 and LED13 by pressing the button during the self-test, but this will not succeed unless there is a nearby Ubertooth configured in repeater mode.)
Press the button (SW1) to wake the device from sleep or put it back to sleep. When awakened, all 13 LEDs will flash dimly once, and then the badge will execute the spectrum analyzer function. After several minutes it will go to sleep on its own.
A low battery typically causes the power-on self-test to reset repeatedly without completion. Remove or replace the battery if you see this happen.
If something other than the self-test happens when inserting a good battery, remove the battery. Without any power source connected, short the battery connector with a paper clip or other metal object (you can even use the edge of the battery) for a few seconds to discharge the capacitors on the badge. Then re-insert the battery.
To reset the microcontroller, either remove and re-insert the battery or briefly connect pins 1 and 6 of the P15 header with a paper clip or other conductive implement.
Badge Hacking Kits
Two badge hacking kits were available at ToorCon. The small kit includes all the components required to power the badge over USB. The large kit includes the entire set of components needed to turn the badge into an Ubertooth.
If you install the LPC1756 (large kit), you will then have to install new firmware on both microcontrollers.
The microcontroller on the ToorCon 13 badge is a Renesas R5F212L4 (R8C/2L). Code for the R8C can be compiled with a GCC cross-compiler, and the resulting binary can be installed on the device with a simple TTL serial interface such as the SparkFun FTDI Basic Breakout - 3.3V. Power on the badge, connect the FTDI board to the P15 programming header, and use DJ Delorie’s flash tool. You must first configure the FTDI device with the gr8c-eeprom program included with the flash tool. Then use:
./uflash -3 -rv -b 38400 toorcon.elf
Essential information for firmware development:
- R8C/2L Datasheet
- R8C/2L Hardware Manual
- R8C/2L general information, sample code, etc.
- Building a GNU Toolchain
The ToorCon 13 badge consists of entirely open source hardware and software. Firmware and hardware design files are located in the Project Ubertooth GitHub repository under the tc13badge code name.