Revealed! A radio hacker's toy

In Jian Yunding's eyes, what was floating in the air was not Beijing's smog, but intoxicating radio signals.

In order to capture the wireless signal emitted by a bunch of car keys to unlock the car, he needed a set of "outfits". So he spent two months drawing a set of circuit diagrams, testing the circuits on a breadboard, contacting manufacturers to print circuits, and then finding suitable chips from the components he had accumulated for five years, and then asking foreign friends to bring back some imported parts, and finally burning the code he wrote from scratch, repeatedly debugging the receiving device, and such a set of high-frequency signal capture equipment was "easily" completed.

Jian Yunding

"Actually, apart from eating and sleeping, I basically spend all my time on the lab bench. In the five years since I started working, after paying the rent, almost all the remaining money has been used to buy components." Jian Yunding thought for a moment, "I estimate that I have spent more than 200,000 yuan on buying components over the years."

Radio attack and defense is the field that requires the most "sentiment" among all hacker fields. The reason is simple: it is very expensive and difficult to make money. In this unpopular field, people who can handle all the links such as circuit design, supply chain control, low-level program writing, and finished product production and debugging are undoubtedly a rare species. This is tantamount to being able to build a building and start a business in it.

Some electronic components collected by Jian Yunding

Because he has been assembling circuit boards for many years, his knowledge of component suppliers almost surpasses that of the prodigal daughter in her understanding of luxury goods counters. Bank card fraud protection devices, access card copy simulators, car radio unlocking devices, these black technologies are all made by him.

Love toys, electronic badges

Although Jian Yunding has no knowledge of shopping and traveling, the "black technology" created by him seems to be full of love for the world. The electronic badge is a clear proof of this.

Out of the "pride" of hackers, how could they use the same badges as stupid humans at gatherings? So around 2010, electronic badges, a "hacker toy", first emerged at the hacker conference DefCon in the United States, and then were introduced to China. The task of making the first batch of "hacker toys" in China for the SyScan360 hacker conference was given to Jian Yunding.

The first generation of electronic badges

At the 2013 conference, every attendee received an electronic badge like this. In addition to the normal identity recognition function, this badge also hides a string of codes. This string of codes is a puzzle. All attendees can connect the device to read the question. There are 16 keys on the back of the badge. By pressing the keys according to the correct answer, the LED lights on the front can achieve a cool "marquee" effect.

Since one needs to use one's ID as a parameter in the solution process, the answer to each badge is different, so simply copying is useless. However, in order to take care of the emotions of hackers with varying levels of skill, Jian Yunding finally lowered the difficulty, making the 16 keys in groups of four, so that even an exhaustive method can be used to crack it.

Look at the welding points of the LED lamp. They have not been polished smooth in time. The front and back chips are exposed outside. There is no transparent hard plastic shell to package them.

Jian Yunding looked regretful. Due to cost and time constraints, his "ambition" to turn the badge into a work of art was not realized. However, this interesting toy brought a different kind of fun to that SyScan360. However, the black technology did not stop there. He also "crazily" buried a hidden level in the badge: a mysterious USB interface (this interface is actually not needed in the whole puzzle-solving process). What is even more miraculous is that a friend actually discovered this secret: after connecting the computer with this interface, pressing Shift five times in a row will display the welcome speech of the conference on the screen. Jian Yunding's face was full of joy when he described this "touching" function, which made people believe that this was the pleasure that only hackers could experience.

What? Electronic badges have evolved!

The electronic badge, which made a living by being cute, successfully advanced to the second year's conference. So the task of designing the second generation of badges fell on Jian Yunding again. At that time, he had been "recruited" by 360 and became a member of the unicorn team focusing on researching radio security. His laboratory was also moved to the company. It is worth mentioning that his precious electronic components were also donated to the company free of charge as "dowry". When mentioning this, Jian Yunding's expression was surprisingly calm.

Second generation electronic badge

Intuitively, the upgrade of the second-generation badge lies in its weight. However, this thing that looks like a game console is actually a game console. In short, by correctly entering the answers to three questions, you can unlock a submarine version of the "Flappy Bird" game. For this simple setting, Jian Yunding needs to:

1. Design circuits and select appropriate chips to achieve ideal functions.

2. Create an input method for the badge to input the answer.

3. Edit the underlying call library required for Flappy Bird to run, and then on this basis, rewrite a game based on the form of the original game, and debug it repeatedly until the game experience is satisfactory.

4. Design the appearance, from the customization of battery boxes to the mass production of PCB boards, and take care of all the supply chains.

In the end, the badge adopted a sandwich design of screen, circuit board and back panel, which to some extent changed the drawback of the "naked" first generation.

"Time was too tight. There was only one specification of LCD screen in stock, so I could only design the badge according to the specifications of this screen. There was originally a function to display the room temperature. I specially ordered two batches of detection chips from the United States, but I didn't expect that the display units were one Celsius and the other Fahrenheit, so this function was invalidated." Jian Yunding muttered about his regrets. "In the past two years, I have increasingly felt the difficulty of hardware design. There are too many things to coordinate. It's so difficult for badges with simple functions, and some hardware with complex functions is even more difficult."

Jian Yunding said that the third generation of badges is currently being designed. This generation will have Bluetooth function for the first time and can be operated by mobile phone. However, he did not reveal the specific gameplay of the new badge to Leifeng.com.

Black Technology Family

After all, there are only a few designs that Jian Yunding can freely play with, and practicality is often a hard requirement for his works. The prototypes of these products can be traced back to his creative ideas in college, when he met Yang Qing, a radio enthusiast, in the network security community "T00ls". "NFC card protector" is one of the ideas they have always wanted to realize.

A "card-proof" product with a good appearance

The latest bank cards are all equipped with NFC function. Hackers with bad intentions can obtain your card number, password and recent spending records just by walking by you. So the principle of "card protection" is: when the card protector detects the NFC reading request, it sends out an interference signal to prevent reading. However, this seemingly simple function has undergone seven generations of modifications and upgrades.

Jian Yunding described the pitfalls encountered when designing "card defense":

There are more than 100 options for single-chip microcomputers (a chip that combines a central processing unit, RAM, and hard disk). If the performance is too strong, it will waste electricity, and if the performance is too weak, it will not achieve the desired effect. In addition, the battery cannot be made too large, otherwise it will block the signal transmission coil. When designing, all components must be concentrated together because the slots on the shell must be uniformly cut to save costs.

He said that after studying countless wallets, the team decided to set the protection range of the card protector to 5cm thick, so that it can provide good protection for thick wallets.

Jian Yunding always carries the access card simulator and work badge with him

The access card simulator is another product that Jian Yunding has developed in his team. When the simulator is placed behind the access card and swiped once, the simulator records the card information and makes it possible to copy the card. Because of its high appearance, this simulator has become a must-have badge for everyone in the Unicorn team. However, due to its strong attack properties, this simulator is not sold to the public.

In the past year, Jian Yunding has made many "gadgets", but not many of them have reached the sales standard. However, he is full of confidence. "My ultimate goal is to make my stuff available to people. What's the point of making it just for my own enjoyment?" said this tech geek who doesn't want to be in the spotlight firmly. Perhaps the moment he moved all his "belongings" into the office, he was convinced that one day his "hacker toys" could become "daily tools" for ordinary people.

This may be another kind of warmth that technology geeks have towards the world.