LAS VEGAS — Def Con is one of the world’s biggest hacker conventions, an annual gathering of security experts, cryptographers and at least a few people who could surreptitiously drain your bank account if they wanted. They come to Las Vegas to learn about the latest computer vulnerabilities and exploits, show off their skills, and hack or crack anything that can be hacked and cracked—including the conference badges.

Badges for Def Con, now in its 22nd year, are as big a draw as the event itself. Eschewing the traditional laminated cards that other conventions provide, the badges have evolved over the years to become electronic gizmos with circuit boards, LEDs and cryptographic puzzles—all designed to give hackers and crypto-crackers a sandboxed playground to exercise their arts. For several years the badge has also been part of a contest—with the most clever hack of the circuit board winning a coveted black Uber badge and lifetime free admission to the con.

For a number of years the badges were created by designer Joe Grand and catered primarily to hardware hackers with circuit-board smarts and a soldering iron. The best jury-rigged badge pimped out to control a blimp or thwart facial-recognition systems, took home the prize. But this meant that math geeks and code warriors were often left on the side.

Enter Ryan Clarke, aka LostboY or LosT.

Clarke took over badge design in 2012 and promptly made mysteries and math the centerpiece. It makes sense, given that he’s a crypto and puzzle master whose day job used to be cryptography. For five years he also ran one of Def Con’s most popular contests—the Mystery Challenge, which involved a lot of crypto and math.

That carried over to the first badges he made in 2012, which had more than 45 puzzles, some of which told the story of a secret crypto society Def Con attendees had to unmask. It took until nine months after the conference for someone to solve the final mystery.

This year, Clarke has packed more than a dozen stages into his challenge, with some involving multiple puzzles that have to be solved before players can advance to the next level. The puzzles lead to other puzzles and clues dispersed throughout the conference on floors and walls. Players need parts of each to arrive at the final solution.

Clarke designs at least seven badges each year—one for vendors, press, goons (conference volunteers), speakers, contest leaders and humans (attendees)—all of which have different puzzles and roles to play in the challenge. He also designs the winning Uber badges awarded to the winners of the various Def Con contests.

Enthusiastic contestants have devoted hours of time to solving his past badge and mystery challenges and have even published web pages chronicling their efforts to crack them.

“I’m kind of like a magician. I have to come up with new tricks every year,” Clarke says. “I’m staying one step ahead of them so far.”

That’s getting increasingly difficult to do, however. Hardcore players know Clarke’s life inform his puzzles. After he took up the bass guitar last year, for example, music and musical notes appeared in his design. And his Uber badge always includes a skull, a reference to his first Def Con, when he won an embedded devices contest by embedding a web server in a plastic skull.

With that in mind, badge hackers are constantly keeping tabs on him, looking for any tells. They pore over his online life, seeking even the smallest clue. One year while running the Mystery Challenge, Clarke had to change hotel rooms because people were trying to break into his room. There have even been players who resorted to social engineering, contacting his family and friends to artfully solicit details about his background.

“Basically, they were doing all the things you would want to do to hack someone,” Clarke said.

Although the challenge is hard to crack, the central puzzle is designed to be solved before the con ends Sunday. He says it requires a lot of finessing to make something that is solvable in a finite amount of time but still intellectually challenging.

“If you want to be a jerk, you can just encrypt it to make it really hard to break. But then it’s not fun for everyone,” he says. “I have to think, How do I add a flaw to it so it is accessible within a finite amount of time and is still clever and kitschy and fun?”

Anyone who gets truly stumped can ask him for a clue. He’ll be camped out in a room for the duration of the Con. But players have to put in significant effort before he’ll bother answering them.

“Part of the puzzle is figuring out a code word that enables them to ask me questions to get help,” he says. “So if it’s frustrating and they’re ready to give up, if they have that code word they can ask me for help. But they have to do some level of effort to get to the point.”

In the past, players have tried to uncover solutions by doing a data dump from the EEPROM on the badges to search for solutions and hints in the badge’s memory.

“That was a clever hack and I gave people props for doing that,” he says. But to foil them, all the text and clues stored in this year’s EEPROM are encrypted. He inserted a few bits of cleartext, however, that take a playful jab at the cheaters.

The encrypted code decrypts from other code stored in the EEPROM, but he says it will take a lot of effort to uncover it.

Clarke’s foray into Def Con hacking games began after his first year at the con. He’d come alone and didn’t know what to expect and entered the TCP-IP Embedded Devices challenge on a lark. He participated as a single contestant but beat out competing teams of multiple players to secure the coveted Uber badge his first time out. When he learned the contest wouldn’t be held the following year, he pinged Def Con founder Jeff Moss and offered to run the contest himself. Moss agreed, and Clarke spent six months designing the competition—only to see it cancelled at the last minute due to a communication snafu. Undeterred, he decided to host his own contest anyway—an unofficial, underground Mystery Challenge—which turned out to be a big hit.

“I had a huge showing of people for this contest that was technically not happening,” he says. All of the secrecy around that first challenge has carried over to his subsequent contests and badges. Secrecy and intrigue have always been part of Clarke’s life—his uncle, Floyd Clarke, was deputy director of the FBI during the Clinton administration and was once offered directorship of the CIA, Clarke says, but turned it down.

Since taking over the badges, Clarke has alternated between electronic and conventional badges each year.

Last year, he went old school with a simple plastic badge that was designed with a blackjack theme, to play off Def Con’s 21st year. Each of the seven badge designs was patterned after a card in a poker deck. Only the Uber badge departed from the theme, with an intricate steampunk design and actual mechanical clockwork embedded in the badge.

He’s back to electronics for 2014, with a badge that features a circuit board and several LEDs. Buried within it, however, are crypto-puzzles, electronic Easter eggs, and a backstory about things that aren’t what they seem. The underlying theme riffs on John Carpenter’s 1988 sci-fi cult classic They Live about a shaggy-haired drifter named John Nada who stumbles upon a box of mysterious sunglasses. The glasses allow him to see what others cannot: That an alien race, disguised as the ruling classes, has taken over the world to broadcast subliminal media messages to distract the masses—“Consume!” “Marry!” “Reproduce!” “Sleep!”—while they strip the Earth of its resources.

“You need special glasses or you can’t see the aliens’ true form, and throughout the movie there are things you can only see if you have the glasses,” Clarke notes.

Likewise, every Def Con attendee will get a pair of red-tinted glasses that will allow them to see hidden images and messages in the conference brochure and throughout the conference halls.

Clarke has designed the badges to be used long after the conference ends. The circuit board, for example, has signal traces—wires printed on the board—that can be used to control micro-controllers. This year’s badge, along with the 2012 badge, can be used to do end-to-end encryption on computers to hide communication from the NSA. A Def Con talk that Clarke is presenting with colleagues” will show how the two-badge hack works.

Clarke has found that each year the biggest mistake players make in trying to crack his challenge is over-thinking and over-engineering solutions. Clarke likes to play with them by giving some puzzles an easy solution, which contestants are often too quick to reject. Other puzzles can be decrypted in multiple ways, leaving players to determine which is correct. To help and confound them, Clarke tweets a hint every few hours to nudge people along if he thinks the crowd is getting stuck. But if everyone seems to be progressing too well, he may tweet a red herring to trip them up. After all, he wants people to solve his puzzles. He just doesn’t want them to do it too quickly.