Skip to content

Instantly share code, notes, and snippets.

@edouard-lopez

edouard-lopez/30c3.md

Last active January 8, 2018 22:09
Show Gist options
  • Save edouard-lopez/10009412 to your computer and use it in GitHub Desktop.
Save edouard-lopez/10009412 to your computer and use it in GitHub Desktop.
Download ZIP
List of 30c3 conference with abstract and author (exclude 'Entertainment' and 'Art & Beauty' tracks)
Raw
30c3.md
  1. Opening Event
  2. Do You Think That's Funny?
  3. An introduction to Firmware Analysis
  4. Mobile network attack evolution
  5. Bug class genocide
  6. 30c3 Keynote
  7. The Tor Network
  8. Baseband Exploitation in 2013
  9. No Neutral Ground in a Burning World
  10. Reverse engineering of CHIASMUS from GSTOOL
  11. Electronic Bank Robberies
  12. Hardening hardware and choosing a #goodBIOS
  13. Console Hacking 2013
  14. HbbTV Security
  15. 10 Years of Fun with Embedded Devices
  16. Rock' em Graphic Cards
  17. Basics of Digital Wireless Communication
  18. Long Distance Quantum Communication
  19. Forbidden Fruit
  20. World War II Hackers
  21. Breaking Baryons
  22. Triggering Deep Vulnerabilities Using Symbolic Execution
  23. lasers in space
  24. Policing the Romantic Crowd
  25. Monitoring the Spectrum: Building Your Own Distributed RF Scanner Array
  26. Toward a Cognitive "Quantified Self"
  27. The GNU Name System
  28. Firmware Fat Camp
  29. Life Without Life
  30. The Gospel of IRMA
  31. Glass Hacks
  32. Hillbilly Tracking of Low Earth Orbit
  33. Hardware Attacks, Advanced ARM Exploitation, and Android Hacking
  34. The Year in Crypto
  35. Seeing The Secret State: Six Landscapes
  36. Hello World!
  37. Fast Internet-wide Scanning and its Security Applications
  38. EUDataP: State of the Union
  39. Script Your Car!
  40. Revisiting "Trusting Trust" for binary toolchains
  41. Art of the Exploit: An Introduction to Critical Engineering
  42. SCADA StrangeLove 2
  43. BREACH in Agda
  44. Lightning Talks, Day 2
  45. My journey into FM-RDS
  46. FPGA 101
  47. Introduction to Processor Design
  48. The good, the bad, and the ugly - Linux Kernel patches
  49. Plants & Machines
  50. Technomonopolies
  51. We only have one earth
  52. Extracting keys from FPGAs, OTP Tokens and Door Locks
  53. Magic Lantern
  54. Against Metadata
  55. The Pirate Cinema
  56. Turing Complete User
  57. Open source experimental incubator build up
  58. Hacking as Artistic Practice
  59. Desperately Seeking Susy
  60. Programming FPGAs with PSHDL
  61. Disclosure DOs, Disclosure DON'Ts
  62. Perfect Paul
  63. Making machines that make
  64. Drones
  65. The Exploration and Exploitation of an SD Memory Card
  66. Android DDI
  67. Even More Tamagotchis Were Harmed in the Making of this Presentation
  68. X Security
  69. The Four Wars
  70. To Protect And Infect
  71. Trezor: Bitcoin hardware wallet
  72. Sysadmins of the world, unite!
  73. CounterStrike
  74. Europe, the USA and Identity Ecosystems
  75. ID Cards in China: Your Worst Nightmare
  76. RFID Treehouse of Horror
  77. How to Build a Mind
  78. White-Box Cryptography
  79. Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
  80. The Internet (Doesn't) Need Another Security Guide
  81. India's Surveillance State
  82. Lightning Talks, Day 3
  83. #SOPA, #NSA, and the New Internet "Lobby"
  84. Nerds in the news
  85. Data Mining for Good
  86. Anonymity and Privacy in Public Space and on the Internet
  87. Reverse engineering the Wii U Gamepad
  88. Backdoors, Government Hacking and The Next Crypto Wars
  89. Y U NO ISP, taking back the Net
  90. Building a safe NFC ticketing system
  91. Structuring open hardware projects
  92. The ArduGuitar
  93. Towards an affordable brain-computer-interface
  94. Calafou, postcapitalist ecoindustrial community
  95. WarGames in memory
  96. Virtually Impossible: The Reality Of Virtualization Security
  97. Decoder
  98. When Words Dance
  99. Hacking the Czech Parliament via SMS
  100. Thwarting Evil Maid Attacks
  101. Through a PRISM, Darkly
  102. Closing Event
  103. To Protect And Infect, Part 2
  104. THE DATABASE NATION, a.k.a THE STATE OF SURVEILLANCE
  105. Concepts for global TSCM
  106. Closing Event
  107. Beyond the Tech: Building Internet Freedom Tools for Real People
  108. Lightning Talks, Day 4
  109. Attacking HomeMatic
  110. Coding your body
  111. The philosophy of hacking
  112. Human Rights and Technology
  113. Infrastructure Review

Opening Event

Welcome to the 30th Chaos Communication Congress

Introductory event to say hello to everybody, give a brief overview of the event's features and look into history and future alike

Do You Think That's Funny?

Art Practice under the Regime of Anti-Terror Legislation

This lecture shall give a first person account of how circumstances have dramatically changed for actionist art practice over the last 15 years. I will use examples from my own art practice to show the impossibility to engange in digital and real-life actionism as they are considered criminal under anti-terrorist laws.

An introduction to Firmware Analysis

Techniques - Tools - Tricks

This talk gives an introduction to firmware analysis: It starts with how to retrieve the binary, e.g. get a plain file from manufacturer, extract it from an executable or memory device, or even sniff it out of an update process or internal CPU memory, which can be really tricky. After that it introduces the necessary tools, gives tips on how to detect the processor architecture, and explains some more advanced analysis techniques, including how to figure out the offsets where the firmware is loaded to, and how to start the investigation.

Mobile network attack evolution

Mobile networks should protect users on several fronts: Calls need to be encrypted, customer data protected, and SIM cards shielded from malware.

Many networks are still reluctant to implement appropriate protection measures in legacy systems. But even those who add mitigations often fail to fully capture attacks: They target symptoms instead of solving the core issue.

This talks discusses mobile network and SIM card attacks that circumvent common protection techniques to illustrate the ongoing mobile attack evolution.

Bug class genocide

Applying science to eliminate 100% of buffer overflows

Violation of memory safety is still a major source of vulnerabilities in everyday systems. This talk presents the state of the art in compiler instrumentation to completely eliminate such vulnerabilities in C/C++ software.

30c3 Keynote

via videolink.

The Tor Network

We're living in interesting times

Roger Dingledine and Jacob Appelbaum will discuss contemporary Tor Network issues related to censorship, security, privacy and anonymity online.

Baseband Exploitation in 2013

Hexagon challenges

Exploitation of baseband vulnerabilities has become significantly harder on average. With Qualcomm having grabbed 97% of the market share of shipped LTE chipsets in 1Q2013, you see their chipset in every single top-of-the-line smartphone, whether it is an Android, an iPhone, a Windows Phone or a Blackberry.

No Neutral Ground in a Burning World

The news of the past few years is one small ripple in what is a great wave of culture and history, a generational clash of civilizations. If you want to understand why governments are acting and reacting the way they are, and as importantly, how to shift their course, you need to understand what they're reacting to, how they see and fail to see the world, and how power, money, and idea of rule of law actually interact.

Reverse engineering of CHIASMUS from GSTOOL

It hurts.

We reverse-engineered one implementation of the non-public CHIASMUS cipher designed by the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, short BSI). This did not only give us some insight on the cipher, but also uncovered serious implementation issues in GSTOOL which allow attackers to crack files encrypted with the GSTOOL encryption function with very little effort.

Electronic Bank Robberies

Stealing Money from ATMs with Malware

This talk will discuss a case in which criminals compromised and robbed an ATM by infecting it with specially crafted malware. The successful compromise of an ATM can easily result in the loss of several hundred thousand dollars.

Hardening hardware and choosing a #goodBIOS

Clean boot every boot - rejecting persistence of malicious software and tripping up the evil maid

A commodity laptop is analyzed to identify exposed attack surfaces and is then secured on both the hardware and the firmware level against permanent modifications by malicious software as well as quick drive-by hardware attacks by evil maids, ensuring that the machine always powers up to a known good state and significantly raising the bar for an attacker who wants to use the machine against its owner.

Console Hacking 2013

WiiU

About a year ago Nintendo released their latest video gaming console, the Wii U. Since 2006, the Wii has led to one of the most active homebrew scenes after its security system was completely bypassed. This talk will discuss the improvements made in Wii U's architecture and explain how it was broken in less than 31 days. The talk is targeted at those who hack (or design) embedded system security, but gamers might also find it interesting.

HbbTV Security

OMG - my Smart TV got pr0wn3d

HbbTV (Hybrid broadband broadcast TV) is an emerging standard that is implemented in a growing number of smart TV devices. The idea is to bundle broadcast media content with online content which can be retrieved by the TV set through an Internet connection.

Mechanisms that allow the online content to be accessed by the TV set can be attacked and might put the TV user’s privacy at stake. The presentation highlights possible attack vectors of HbbTV-capable TV sets and introduces possible mitigations.

10 Years of Fun with Embedded Devices

How OpenWrt evolved from a WRT54G firmware to an universal Embedded Linux OS

A review of the 10 year history of the OpenWrt project, current events, and upcoming developments.

Rock' em Graphic Cards

** Introduction to Heterogeneous Parallel Programming**

This talks introduces programming concepts and languages for parallel programming on accelerator cards.

Basics of Digital Wireless Communication

introduction to software radio principles

The aim of this talk is to give an understandable insight into wireless communication, using existing systems as examples on why there are different communication systems for different uses.

Long Distance Quantum Communication

Concepts and components for intercontinal communication with single photons.

This talk should introduce the general 30c3 participant with several components of long distance quantum communication.

Forbidden Fruit

Various dietary restrictions are historically associated with human culture and civilization. In addition, millions suffer from eating disorders that have both pathological and cultural origins.

World War II Hackers

Stalin's best men, armed with paper and pen

The use of encryption to secure sensitive data from unauthorized eyes is as old as human communication itself. Before the relatively new method of computerized encryption software converting data into a format unintelligible to anyone lacking the necessary key for its decryption, for a long time there was pen and paper and the human brain doing quite a bit of work. Up until the 20th century encryption had to be done literally by hand, to then be transmitted in paper form, via telegraphy or radio. In this context, encryption of data has always been of special importance during times of political conflict and war; subsequently, it saw its major developments during those times in history. This talk will examine and explain common hand encryption methods still employed today using the example of one very successful Soviet espionage group operating in Japan in the 1930s and 1940s: the spy ring centered around Richard Sorge, codenamed “Ramsay”.

Breaking Baryons

On the Awesomeness of Particle Accelerators and Colliders

A light-hearted presentation about many aspects of particle accelerators like the LHC and their particle collision experiments. Aimed at technically interested non-scientists and physics buffs alike.

Triggering Deep Vulnerabilities Using Symbolic Execution

Deep program analysis without the headache

Symbolic Execution (SE) is a powerful way to analyze programs. Instead of using concrete data values SE uses symbolic values to evaluate a large set of parallel program paths at once. A drawback of many systems is that they need source code access and only scale to few lines of code. This talk explains how SE and binary analysis can be used to (i) reverse-engineer components of binary only applications and (ii) construct specific concrete input that triggers a given condition deep inside the application (think of defining an error condition and the SE engine constructs the input to the application that triggers the error).

lasers in space

more than just pew pew!

This talk will give an introduction on lasers and space and it will show the huge diversity of applications for lasers in space.

Policing the Romantic Crowd

Velocipedes and Face Recognition

This talk considers the use of new technology to police large crowds in the Romantic period. We examine ethical aspects of modern surveillance technologies by looking at debates around crowd control and face recognition in the age that first imagined, and reflected on, the surveillance state.

Monitoring the Spectrum: Building Your Own Distributed RF Scanner Array

Software-Defined Radio (SDR) has increased in popularity in recent years due to the decrease in hardware costs and increase in processing power. One example of such a class of devices is the RTL-SDR USB dongles based on the Realtek RTL2832U demodulator. This talk will discuss my experience in building a distributed RF scanner array for monitoring and spectrum mapping using such cheap SDR devices. The goal is to help the audience understand the what, why, and how of building their own RF monitoring array so that they will be able to do it themselves. In this era of increasingly being watched'', we must be prepared to do our own watching''.

Toward a Cognitive "Quantified Self"

Activity Recognition for the Mind

The talk gives an overview about our work of quantifying knowledge acquisition tasks in real-life environments, focusing on reading. We combine several pervasive sensing approaches (computer vision, motion-based activity recognition etc.) to tackle the problem of recognizing and classifying knowledge acquisition tasks with a special focus on reading. We discuss which sensing modalities can be used for digital and offline reading recognition, as well as how to combine them dynamically.

The GNU Name System

A Decentralized PKI For Social Movements

DNS, DNSSEC and the X.509 CA system leak private information about users to server operators and fail to provide adequate security against modern adversaries. The fully decentralized GNU Name System provides a privacy-enhancing and censorship-resistant alternative.

Firmware Fat Camp

Embedded Security Using Binary Autotomy

We present a collection of techniques which aim to automagically remove significant (and unnecessary) portions of firmware binaries from common embedded devices to drastically reduce the attack surface of these devices. We present a brief theoretical explanation of Firmware Fat Camp, a collection of "before" and "after" photos of graduates of FFC, along with a set of live demonstrations of FFC in action on common embedded devices.

Modern embedded systems such as VoIP phones, network printers and routers typically ship with all available features compiled into its firmware image. A small subset of these features is activated at any given time on individual devices based on its specific configuration. An even smaller subset of features is actually used, as some unused and insecure features cannot are typically enabled by default and cannot be disabled. However, all embedded devices still contain a large amount of code and data that should never be executed or read according to its current configuration. This unnecessary binary is not simply a waste of memory; it contains vulnerable code and data that can be used by an attacker to exploit the system. This “dead code” provides an ideal attack surface. Automated minimization of this attack surface will significantly improve the security of the device without any impact to the device’s functionality.

Life Without Life

by an anonymous 15 years old

From the mind of teenager, this short story briefly recounts the tale of an alien race and how their pride led to their downfall. However, with death comes rebirth and the end of their story may just be the beginning of ours...

The Gospel of IRMA

Attribute Based Credentials in Practice

Attribute Based Credentials (ABC) allow users to prove certain properties about themselves (e.g. age, race, license, etc.) without revealing their full identity. ABC are therefore important to protect the privacy of the user. The IRMA (I Reveal My Attributes) project of the Radboud University Nijmegen has created the first full and efficient implementation of this technology on smart cards. This allows ABC technology to be used in practice both on the Internet as well as in the physical world. We will discuss ABCs in general, the IRMA system, it's advantages and pitfalls, and future work.

Glass Hacks

Fun and frightening uses of always-on camera enabled wearable computers

A one hour technical lecture that covers everything from machine learning and AI to hardware design and manufacture. Includes demonstrations of applications enabled by an always-on image capturing wearable computer. You'll leave with a clear understanding of the field's status quo, how we got here, and insight into what's around the corner.

Hillbilly Tracking of Low Earth Orbit

Repurposing an Inmarsat Dish

Satellites in Low Earth Orbit have tons of nifty signals, but they move quickly though the sky and are difficult to track with fine accuracy. This lecture describes a remotely operable satellite tracking system that the author built from a Navy-surplus Inmarsat dish in Southern Appalachia.

Hardware Attacks, Advanced ARM Exploitation, and Android Hacking

In this talk (which in part was delivered at Infiltrate 2013 and NoSuchCon 2013) we will discuss our recent research that is being rolled into our Practical ARM Exploitation course (sold out at Blackhat this year and last) on Linux and Android (for embedded applications and mobile devices). We will also demonstrate these techniques and discuss how we were able to discover them using several ARM hardware development platforms that we custom built. Where relevant we will also discuss ARM exploitation as it related to Android as we wrote about in the "Android Hackers Handbook" which we co-authored and will be released in October 2013.

The Year in Crypto

This was a busy year for crypto.

TLS was broken. And then broken again.

Discrete logs were computed. And then computed again.

Is the cryptopocalypse nigh?

Has the NSA backdoored everything in sight?

Also, answers to last year's exercises will be given.

Seeing The Secret State: Six Landscapes

Although people around the world are becoming increasingly aware of the United States' global geography of surveillance, covert action, and other secret programs, much of this landscape is invisible in our everyday lives.

Hello World!

How to make art after Snowden?

USB DeadDrops, IRL map marker in public, FUCK 3D glasses or How to vacuum form a guy fawkes mask. I will present an extensive overview of my art projects from over the last 10 years including the Fake Google car by F.A.T. and moar!! It all started here at the CCC congress! :)) For more info see link --->

Fast Internet-wide Scanning and its Security Applications

Internet-wide network scanning has powerful security applications, including exposing new vulnerabilities, tracking their mitigation, and exposing hidden services. Unfortunately, probing the entire public address space with standard tools like Nmap requires either months of time or large clusters of machines. In this talk, I'll demonstrate <a href="https://zmap.io"&gt;ZMap&lt;/a>, an open-source network scanner developed by my research group that is designed from the ground up to perform Internet-wide scans efficiently. We've used ZMap with a gigabit Ethernet uplink to survey the entire IPv4 address space in under 45 minutes from a single machine, more than 1300 times faster than Nmap. I'll explain how ZMap's architecture enables such high performance. We'll then work through a series of practical examples that explore the security applications of very fast Internet-scale scanning, both offensive and defensive. I'll talk about results and experiences from conducting more than 300 Internet-wide scans over the past 18 months, including new revelations about the state of the HTTPS CA ecosystem. I'll discuss the reactions our scans have generated--on one occasion we were mistaken for an Iranian attack against U.S. banks and we received a visit from the FBI--and I'll suggest guidelines and best practices for good Internet citizenship while scanning.

EUDataP: State of the Union

Jan Phillip Albrecht is rapporteur of the European Parliament for the EU's General Data Protection Regulation as well as for the EU-US data protection framework agreement.

Script Your Car!

Using existing hardware platforms to integrate python into your dashboard

Almost all higher-end cars come with very beefy in-car entertainment hardware. In this talk, I'll describe how to take advantage of an existing hands-free kit to connect your car to the internet and script your dashboard in python.

Revisiting "Trusting Trust" for binary toolchains

Ken Thompson's classic "Reflections on Trusting Trust" examined the impacts of planted build chain bugs, from an example of a compiler Trojan to a hypothetical "well-placed microcode bug". Once theoretical & remote, such scenarios have lately been revealed as a stark reality.

But what if we could have every individual piece of software or firmware in the binary toolchain bug-free, performing just as their programmers intended? Would we be safe from run-away computation if only well-formed inputs to each of the individual tools were allowed? Not so. Potential for malicious computation lurks in a variety of input formats along all steps of the binary runtime process construction and execution. Until the "glue" data of an ABI and the binary toolchains in general is reduced to predictable, statically analyzable power, plenty of room for bug-less Trojans remains.

We will discuss our latest work in constructing Turing-complete computation out of different levels of metadata, present tools to normalize and disambiguate these metadata, and conclude with proposals for criteria to trust binary toolchains beyond "Trusting trust" compilers and planted bugs.

Art of the Exploit: An Introduction to Critical Engineering

In this lecture Julian will introduce projects and interventions made by himself and others that foreground Engineering, rather than Art, in the creative and critical frame, offering highly public insights into the hidden mechanisms and power struggles within our technical environment. Projects such as the <i>Transparency Grenade</i>, <i>Packetbruecke</i> and <i>Newstweek</i> will be covered in detail.

SCADA StrangeLove 2

We already know

SCADA StrangeLove team will present their research on ICS systems for the second time on CCC. Last year we showed current situation with security of industrial world and disclosed a big number of vulnerabilities found in Siemens ICS solutions. Part of vulnerabilities, we can say most notable one, wasn’t disclosed due to Responsible Disclosure. This time we already know. We will speak about several industrial protocols and their weaknesses. During this year we played with new industrial hardware and software – this patitially brings new “We don’t know yet” vulnerability details. Moreover, we’ll mention creepiest bugs undisclosed from last year, tell you about new ones and build attack vectors from them. At last, we will share our experience in pentesting ICS enviroments.

Speakers: Gleb Gritsai and Sergey Gordeychik

BREACH in Agda

Security notions, proofs and attacks using dependently typed functional programming

Software engineering is in a unsustainable state: software is mainly developed in a trial and error fashion, which always leads to vulnerable systems. Several decades ago the correspondence between logics and programming (Curry-Howard) was found. This correspondence is now being used in modern programming languages using dependent types, such as Agda, Coq, and Idris.

In this talk I show our development of attacks and security notions within Agda, using the recent <a href="https://en.wikipedia.org/wiki/BREACH_%28security_exploit%29"&gt;BREACH&lt;/a> exploit as an example. Our development is a constructive step towards verified software and bridges a gap between theory and practice. I will explain the details about the Curry-Howard correspondence. The target audience are interested people with some programming experience.

Lightning Talks, Day 2

My journey into FM-RDS

How I discovered mysterious hidden signals on a public radio channel and eventually found out their meaning through hardware hacking, reverse engineering and little cryptanalysis.

FPGA 101

Making awesome stuff with FPGAs

In this talk I want to show you around in the mysterious world of Field Programmable Gate Arrays, or short FPGAs. The aim is to enable you to get a rough understanding on what FPGAs are good at and how they can be used in areas where conventional CPUs and Microcontrollers are failing upon us. FPGAs open up the world of high-speed serial interconnects, nano-second event reactions and hardware fuzzing.

Introduction to Processor Design

This lecture gives an introduction to processor design. It is mostly interesting for people new to processor design and does not cover high performance pipelined structures. Small knowledge on VHDL programming would be great but is not essential. A very small processor core will described here. Demo:

Create a backdoor in the VHDL Code of a processor core. Exploit this backdoor to get a root shell in the linux operating system.

The good, the bad, and the ugly - Linux Kernel patches

Companies are often blamed for not working upstream. Surprisingly, the situation is not per se better with community projects. To change the latter for the better, Wolfram will show some examples regarding the Linux Kernel and present ideas to create win-win-win situations.

Plants & Machines

Food replicating Robots from Open Source Technologies

Did you ever feel the need to be in charge of your environment? We did . A detailed story of our experience playing with 220VAC and water to build an automated, digitally controlled ecosystem. A place, where you can be the climate-change. Double the temperature, triple the floods, let it storm or rain. A Tamagotchi that generates food from electricity. All done with Arduino, raspberry Pi and Node.js.

Technomonopolies

How technology is used to subvert and circumvent anti-monopoly laws

We all know monopolies are bad. We even have laws against them that sometimes get enforced. However, today we have new kinds of monopolies that affect us without us even noticing them for what they truly are. And technology plays a central role.

We only have one earth

A case for expansionistic space policy

An abundant number of existential risks threatens humanity. Many of those planetary by nature. Current science already enables us to colonize nearby space, yet nobody bothers to supply the modest financial resources. Hence this call to action.

Extracting keys from FPGAs, OTP Tokens and Door Locks

Side-Channel (and other) Attacks in Practice

Side-channel analysis (SCA) and related methods exploit physical characteristics of a (cryptographic) implementations to bypass security mechanisms and extract secret keys. Yet, SCA is often considered a purely academic exercise with no impact on real systems. In this talk, we show that this is not the case: Using the example of several wide-spread real-world devices, we demonstrate that even seemingly secure systems can be attacked by means of SCA with limited effort.

Magic Lantern

Free Software on Your Camera

We present Magic Lantern, a free open software add-on for Canon DSLR cameras, that offers increased functionality aimed mainly at DSLR pro and power users. It runs alongside Canon's own firmware and introduces to consumer-grade DSLRs features usually only found in professional high-end digital (cinema) cameras.

Against Metadata

Twisting time and space to explore the unknown

Using case studies of documentary film, Freedom of Information Law document dumps, soundbanks, and a hacker conference, I will demonstrate experiments and results of several years developing open source tools to reorient the idea of documentary around its documents. This is in opposition to a tendancy towards textual and machine-readable metadata, which unduly constrain our wonder, perception, and ability to navigate ambiguous and unknown material.

The Pirate Cinema

Creating mash-up movies by hidden activity and geography of Peer-to-Peer file sharing

"The Pirate Cinema" reveals Peer-to-Peer information flows. It is a composition generated by the activity on file sharing networks. "The Pirate Cinema" immerses the viewer in network flows.

Turing Complete User

What can be done to protect the term, the notion and the existence of the Users?

With the disappearance of the computer, something else is silently becoming invisible as well — the User. Users are disappearing as both phenomena and term, and this development is either unnoticed or accepted as progress — an evolutionary step. Though the Invisible User is more of an issue than an Invisible Computer.

Open source experimental incubator build up

call for participation in project and product development

This is a call for participation in a project aimed to build up an open source based experimental incubator which can be used for variety of food, beverage and bio hacking projects allowing for easy control and monitoring of internal condition like temperature and humidity. Working groups will be established to develop prototypes which can be easily and relatively cheaply assembled. Securing funding and establishing a portal to effectively share the news and knowledge within the groups and wider community will be major part of the first phase.

Hacking as Artistic Practice

!Mediengruppe Bitnik about their recent works

!Mediengruppe Bitnik are contemporary artists. In their talk they will show two examples of their work, illustrating the translation of hacking from the computer field into an artistic practice. Bitnik will show how to hack the opera in ten easy steps and what happens when you send a parcel with a hidden live webcam to Julian Assange at the Ecuadorian Embassy in London.

Using the strategies of hacking, !Mediengrupppe Bitnik intervenes into settings with the aim of opening them up to re-evaluation and new perspectives.

Desperately Seeking Susy

A farewell to a bold proposal?

Supersymmetry has been particle theorists' favorite toy for several decades. It predicts a yet unobserved symmetry of nature and implies that to each known type of elementary particle there exists a partner particle none of which has been detected up to today.

I will explain why it is an attractive idea nevertheless and what is the current situation after the large hadron collider (LHC) at CERN has looked at many places where supersymmetric partners were expected and did not find them. Is it time to give up hope that susy is a property of nature?

Programming FPGAs with PSHDL

Let's create the Arduino for FPGAs

Learning to program an FPGA is time consuming. Not just do you need to download and install 20 GB of vendor tools, but you also need to wrap your brain around the strange ideas of hardware description languages like VHDL. PSHDL aims to ease the learning curve significantly and provide more people with the ability to program FPGAs.

Disclosure DOs, Disclosure DON'Ts

Pragmatic Advice for Security Researchers

This talk will focus on responsible disclosure best and worst practices from both legal and practical perspectives. I'll also focus on usable advice, both positive and negative, and answer any questions the audience has on best practices.

Perfect Paul

On Freedom of Facial Expression

The facial hacking research presented in this lecture/ performance exploits a well known vulnerability of the human nervous system that it can be easily accessed and controlled by electrodes mounted on the bodies exterior. External digital facial control allows for an unprecedented exploration of human facial expressiveness and has unveiled an unknown expressive potential of the human facial hardware.

Making machines that make

rapid prototyping of digital fabrication and instrumentation machines

Making a new control system for a machine is often a slow and tedious task. Maybe you already have a 3 axis stage, and you already know how to move it around. But what if you want to add a camera and use it for position feedback? You'd have to redesign the whole hardware layer. I'll talk about some ways I've built modularity into control systems for machines so that you can quickly iterate on different kinds of machine systems without getting stuck in hardware land forever. This includes connecting synchronized nodes across a network and importing legacy nodes for things like, say, an old pressure box you found in the trash and has rs232 in. Down with gcode! Long live machine control.

Drones

Autonomous flying vehicles, where are we and where are we going?

During the last 10 years the technology that was formerly only available to the military, reached the hands of thousands. Researchers, hackers, enthusiasts and hobbyists helped drive the technology further and higher than anyone had imagined just a few years ago. We will recap what the civilian airborne robot community has achieved in the last decade and what the next frontiers are that need to be addressed.

The Exploration and Exploitation of an SD Memory Card

by xobs & bunnie

All “managed FLASH” devices, such as SD, microSD, and SSD, contain an embedded controller to assist with the complex tasks necessary to create an abstraction of reliable, contiguous storage out of FLASH silicon that is fundamentally unreliable and unpredictably fragmented. This controller is an attack surface of interest. First, the ability to modify the block allocation and erasure algorithms introduces the opportunity to perform various MITM attacks in a virtually undetectable fashion. Second, the controller itself is typically powerful, with performance around 50MIPS, yet with a cost of mere pennies, making it an interesting and possibly useful development target for other non-storage related purposes. Finally, understanding the inner workings of the controller enables opportunities for data recovery in cards that are thought to have been erased, or have been partially damaged.

This talk demonstrates a method for reverse engineering and loading code into the microcontroller within a SD memory card.

Android DDI

Dynamic Dalvik Instrumentation of Android Applications and the Android Framework

As application security becomes more important on Android we need better tools to analyze and understand them. Android applications are written in Java and a run in the Dalvik VM. Until now most analysis is done via disassembling and monitored execution in an emulator. This talk presents a new technique to instrument Android applications executed in the DVM. The talk will introduce the new technique in great detail including many small examples and a whole attack based on it. We will go step by step to show you what can be achieved using this technique.

Even More Tamagotchis Were Harmed in the Making of this Presentation

You might remember Tamagotchi virtual pets from the 1990's. These toys are still around and just as demanding as ever! At 29C3, I talked about my attempts to reverse engineer the latest Tamagotchis, and this presentation covers my progress since then. It includes methods for executing code on and dumping code from a Tamagotchi, an analysis of the Tamagotchi code dump and a demonstration of Tamagotchi development tools that make use of these capabilities.

X Security

It's worse than it looks

For the past year, I've been looking at the implementation of X.org code. both client and server. During this presentation, I'll give an overview of the good, the bad and the ugly.

The Four Wars

Terror, whistleblowers, drugs, internet

Based on her own experiences as an Intelligence Officer for MI5 (the UK domestic security service) and a whistleblower, Annie Machon will talk about the relationships between the wars on 'terror', drugs, whistleblowers, and the internet, and suggest some ideas about what we can do.

To Protect And Infect

The militarization of the Internet

2013 will be remembered as the year that the Internet lost its innocence for nearly everyone as light was shed on the widespread use of dragnet surveillance by the NSA and intelligence agencies globally. With the uprisings of the Arab Spring where people raided the offices of their regimes to bring evidence to light, we've seen a tremendous phenomenon: a large numbers of whistleblowers have taken action to inform the public about important details. The WikiLeaks SpyFiles series also shows us important details to corroborate these claims. There is ample evidence about the use and abuses of a multi-billion dollar industry that have now come to light. This evidence includes increasing use of targeted attacks to establish even more invasive control over corporate, government or other so-called legitimate targets.

Trezor: Bitcoin hardware wallet

TREZOR is a hardware wallet for Bitcoin. We identified security of the end users' computer as one of the main problems that block Bitcoin mass adoption.

Sysadmins of the world, unite!

a call to resistance

<p>Finally, the world is aware of the threat of mass surveillance and control, but we still have a fight on our hands, and that fight is both technical and political. Global democracy is not going to protect itself. There has never been a higher demand for a politically-engaged hackerdom. Jacob Appelbaum and Julian Assange discuss what needs to be done if we are going to win.</p>

CounterStrike

Lawful Interception

Lawful Interception is a monitoring access for law enforcement agencies, but also one of the primary data sources of many surveillance programs. (Almost?) every Internet service provider needs to provide LI functionality in its routers. However, LI exposes a larger attack surface to the one being surveilled than any router should. Could this be a mistake?

Europe, the USA and Identity Ecosystems

Talk introducing NSTIC and COM 238, i.e. the current digital identity policy proposals in the USA and European discussing their similarities, differences and possible conflicts.

ID Cards in China: Your Worst Nightmare

In China Your ID Card Knows Everything

Imagine getting pulled over for running a stop sign and learning for the first time – from the cop – that you are HIV-positive. People in China are required to carry electronic, swipeable ID cards that hold their political views, their HIV status, their mental health situation, and much more.

RFID Treehouse of Horror

Hacking City-Wide Access Control Systems

In this lecture, we present a black-box analysis of an electronic contact-less system that has been steadily replacing a conventional mechanical key on multi-party houses in a big European city. So far, there are est. 10.000 installations of the electronic system. The mechanical key has been introduced about 40 years ago to allow mail delivery services to access multi-party houses but has since then aggregated many additional users, such as garbage collection, police, fire brigade and other emergency services. Over 92% of residential buildings in this city are equipped with such a solution.

How to Build a Mind

Artificial Intelligence Reloaded

A foray into the present, future and ideas of Artificial Intelligence. Are we going to build (beyond) human-level artificial intelligence one day? Very likely. When? Nobody knows, because the specs are not fully done yet. But let me give you some of those we already know, just to get you started.

White-Box Cryptography

Survey

The goal of white-box cryptography is to protect cryptographic keys in a public implementation of encryption algorithms, primarily in the context of Pay-TV and tamper-resistant software. I present an overview of the white-box cryptography concept along with the most common applications and proposed designs. I discuss the subtle difference between white-box cryptography, public-key cryptography, and obfuscation.

Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware

In this work we present a stealthy malware that exploits dedicated hardware on the target system and remains persistant across boot cycles. The malware is capable of gathering valuable information such as passwords. Because the infected hardware can perform arbitrary main memory accesses, the malware can modify kernel data structures and escalate privileges of processes executed on the system.

The malware itself is a DMA malware implementation referred to as DAGGER. DAGGER exploits Intel’s Manageability Engine (ME), that executes firmware code such as Intel’s Active Management Technology (iAMT), as well as its OOB network channel. We have recently improved DAGGER’s capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code.

The Internet (Doesn't) Need Another Security Guide

Creating Internet Privacy and Security Resources That Don't Suck

As Internet privacy/security professionals and amateur enthusiasts, we are often asked to give advice about best practices in this field. Sometimes this takes the form of one-on-one advice to our friends, sometimes it's training a room full of people, and sometimes you may be asked to write a blog post or a brief guide or an entire curriculum. This talk will survey the current Internet privacy guide landscape and discuss the perils and pitfalls of creating this type of resource, using the Electronic Frontier Foundation's Surveillance Self Defense project as a case study.

India's Surveillance State

India is currently implementing some of the scariest surveillance schemes in the world. This lecture will shed light on India's surveillance industry, its UID scheme which aims at the collection of all biometric data and on various controversial surveillance schemes, such as the Central Monitoring System (CMS).

Lightning Talks, Day 3

#SOPA, #NSA, and the New Internet "Lobby"

The movement against SOPA in the US was the largest protest in online history, and as one of the core organizers, we learned a lot of lessons on how to build a grassroots movement for internet freedom.

Nerds in the news

Spending a year coding in a newsroom

Knight-Mozilla OpenNews sends coders into news organisations on a ten-month fellowship to make new tools for reporting and measuring the news. We believe that to remain relevant, journalism has to smarten up about tech and data. As a global community, we develop tools to datamine public data, news apps to make information accessible, and visualisations to break down complex stories. In my talk, I want to present the lessons about tech that I've learned in a newsroom and the things that still need to be built.

Data Mining for Good

Using random sampling, entity resolution, communications metadata, and statistical modeling to assist prosecutions for disappearance and genocide in Guatemala

For over thirty years, human rights groups in Guatemala have carefully documented the killing and disappearance of many people in the early 1980s. There are tens of thousands of records in many databases, and over 80 million paper pages of police records available in the Archives of the National Police. Most of the prosecutions of the former military and police officials who committed the atrocities depends on eyewitnesses, specific documents, and forensic anthropologists' examination of exhumed bones. However, data analysis helps to see the big patterns in the violence.

Anonymity and Privacy in Public Space and on the Internet

How is it possible to participate in a social event anonymously? How can we hide from surveillance in public space? How can we communicate anonymously in real life? How can we be private in public? This talk will give an overview about existing hacks and techniques that allow to be private in public, and compare privacy technologies from the web to anonymity techniques that can be used in real life.

Reverse engineering the Wii U Gamepad

A year ago in November 2012, Nintendo released their latest home video game console: the Wii U. While most video game consoles use controllers that are very basic, the Wii U took the opposite route with a very featureful gamepad: wireless with a fairly high range, touch screen, speakers, accelerometer, video camera, and even NFC are supported by the Wii U gamepad. However, as of today, this interesting piece of hardware can only be used in conjunction with a Wii U: wireless communications are encrypted and obfuscated, and there is no documentation about the protocols used for data exchange between the console and its controller. Around december 2012, I started working with two other hackers in order to reverse engineer, document and implement the Wii U gamepad communication protocols on a PC. This talk will present our findings and show the current state of our reverse engineering efforts.

Backdoors, Government Hacking and The Next Crypto Wars

Law enforcement agencies claim they are "going dark". Encryption technologies have finally been deployed by software companies, and critically, enabled by default, such that emails are flowing over HTTPS, and disk encryption is now frequently used. Friendly telcos, who were once a one-stop-shop for surveillance can no longer meet the needs of our government. What are the FBI and other law enforcement agencies doing to preserve their spying capabilities?

Y U NO ISP, taking back the Net

Building and running an ISP is not that difficult. It's hard to say how many people are connected to the Internet by such weird structures, but we know that they are more and more each day. What is at stake is taking back the control of the Internet infrastructure and showing that a neutral Internet access is natural.

Building a safe NFC ticketing system

NFC technology is becoming more and more relevant in our lives. One of its major uses is in ticketing solutions. However, most of companies use bad implementations of NFC technology. By this talk we will explain a complete solution, analyzing security challenges and outlining the best practices and implementation choices.

Structuring open hardware projects

experiences from the “i3 Berlin” 3D printer project with Blender and Github

Every successful open hardware project needs a solid organization structure at some point in time, especially when plan to produce and sell your project. In our “i3 Berlin” 3d printer project, we took some elements of the PLM (Product Lifecycle Management) concept and implemented it with open source tools like Github and Blender.

The ArduGuitar

An Arduino Powered Electric Guitar

The <a href="http://www.arduguitar.org"&gt;ArduGuitar&lt;/a> is an electric guitar with <i>no physical controls,</i> i.e. no buttons or knobs to adjust volume, tone or to select the pickups. All of these functions are performed remotely via a bluetooth device such as an Android phone, or via a dedicated Arduino powered blutetooth footpedal. The musician still plucks the strings, of course! This talk will give an overview of the technology and particularly the voyage that took me from nearly no knowledge about anything electronic to enough know-how to make it all work.I will explain what I learned by collaborating on forums, with Hackerspaces and with component providers: "How to ask the right questions." The guitar with its Arduino powered circuit and an Android tablet will be available for demo; the code is all available on the github <a href="https://github.com/gratefulfrog/ArduGuitar"&gt;arduguitar repo</a> with the associated <a href="https://github.com/gratefulfrog/lib"&gt;Arduino footpedal libraries</a>.

Towards an affordable brain-computer-interface

The brain can be understood as a highly specialized information processing device. Because computers basically do the same thing, it's not too absurd to try to link these two together. The result is a brain-computer-interface. This talk explains the core functionality of our brain and how to access the stored data from the outside. Software and hardware have already reached a somewhat hacker-friendly state, and we want to show you how we got there. We're also here to answer all your questions about the brain.

Calafou, postcapitalist ecoindustrial community

Building a space for grassroots sustainable technology development near Barcelona

Calafou – the Ecoindustrial Postcapitalist Colony – is a settlement of around three dozen people in the Catalonian countryside. Concrete pylons standing 20 meters high hold a highway passing above the wild forest valley, where hall after dilapidated hall of industrial ruins stretch along the banks of a contaminated stream nurturing a twisted yet lively ecosystem. Echoes of unseen, passing cars blend into the organic static of wildlife, punctuated by beats booming from the hacklab speakers.

WarGames in memory

what is the winning move?

Memory corruption has been around forever but is still one of the most exploited problems on current systems. This talk looks at the past 30 years of memory corruption and systematizes the different existing exploit and defense techniques in a streamlined way. We evaluate (i) how the different attacks evolved, (ii) how researchers came up with defense mechanisms as an answer to new threats, and (iii) what we will have to expect in the future.

Virtually Impossible: The Reality Of Virtualization Security

Errata FTW

This talk will demonstrate why it is virtually impossible to secure virtual machines implementations properly. In the talk I will try to give an overview of the basics of hardware virtualization technology, the existing attack techniques against virtualization and also explain why it is such a complex problem to create a secure hypervisor. The talk will focus on the low level interfaces and how it affects all aspects of computer platform security. I will also try to review a few interesting Erratas at the end of the talk.

Decoder

DATE TBC!

DECODER is a legendary German film from 1984, based on the themes of William S. Burroughs. Burroughs himself acts in a key scene in the film, along with F.M. Einheit, Christiane F., Genesis P. Orridge a.o.

When Words Dance

A spoken word poetry performance

Held at the end of the conference, this performance will embody my personal experience of the conference and with the participants. I bring into the poem the people, topics and interactions from the conference, diffuse them into words, and let them explode on stage for others to relate to.

Hacking the Czech Parliament via SMS

A parliamentary drama of 223 actors

The Czech art collective Ztohoven' project “Moral Reform” was accomplished in collaboration with web security experts. Together they created the unique art concept of a mobile phone mass-hack.

Thwarting Evil Maid Attacks

Physically Unclonable Functions for Hardware Tamper Detection

Increasingly, users and their computing hardware are exposed a range of software and hardware attacks, ranging from disk imaging to hardware keylogger installation and beyond. Existing methods are inadequate to fully protect users, particularly from covert physical hardware modifications in the "evil maid" scenario, and yet are very inconvenient. Victims include governments and corporations traveling internationally (e.g. China), anti-government activists in places like Syria, and anyone who is a target of a motivated attacker who can gain physical access.

Physically Unclonable Functions, combined with a trusted mobile device and a network service, can be used to mitigate these risks. We present a novel open-source mobile client and network service which can protect arbitrary hardware from many forms of covert modification and attack, and which when integrated with software, firmware, and policy defenses, can provide greater protection to users and limit potential attack surface. We'll also be showing video of an unreleased tool to the public utilized by surveillance teams.

Through a PRISM, Darkly

Everything we know about NSA spying

From Stellar Wind to PRISM, Boundless Informant to EvilOlive, the NSA spying programs are shrouded in secrecy and rubber-stamped by secret opinions from a court that meets in a faraday cage. The Electronic Frontier Foundation's Kurt Opsahl explains the known facts about how the programs operate and the laws and regulations the U.S. government asserts allows the NSA to spy on you.

Closing Event

To Protect And Infect, Part 2

The militarization of the Internet

THE DATABASE NATION, a.k.a THE STATE OF SURVEILLANCE

23rd of December 2008 was a sad day in India for civil liberties. On this day, The Indian Parliament passed the "The Information Technology (Amendment) Act" with no debate in the House, which effectively means is that the government of India now has the power to monitor all digital communications in the country without a court order or a warrant. The "world's largest democracy" strongly leaning towards becoming a surveillance state raises many questions and poses severe challenges for free speech and economic justice in India and globally. This talk will map and review the current political, socio-cultural and legal landscape of mass-surveillance, data protection and censorship in India and analyse how it ties in to the global landscape of surveillance and censorship. It will also aim to create a discussion space to investigate the deeper effects of these so called "welfare" projects and how citizen-led movements can drive the state towards stronger data protection and privacy laws.

Concepts for global TSCM

getting out of surveillance state mode

After studying the various levels of activities that come together in BuggedPlanet and realizing the scope and level of implementation of NSA´s SIGINT theatre, it´s propably time to step back, summarize the big picture and ask how we handle it properly.

Closing Event

Beyond the Tech: Building Internet Freedom Tools for Real People

Few hackers will disagree that users are not given enough consideration when building Internet Freedom Tools designed to circumvent censorship and surveillance. But how do we do it? This talk will outline a framework for a user-focused approach to the Development and Impact of Internet Freedom Tools through using ethnography, human-centered design, and the practice of research-based product definition. This talk is intended for developers, researchers, and journalists who seek to understand how better tools can be developed to protect anonymity and provide unfettered access to the Internet.

Lightning Talks, Day 4

Attacking HomeMatic

HomeMatic is a good working, inexpensive and quickly spreading home automation system supporting wired as well as (partly AES handshake protected) wireless communication. The first part of our talk deals with security issues of HomeMatic devices and their wireless communication protocol called BidCoS (Bidirectional Communication Standard). In the second part we introduce Homegear, our own interface software to control HomeMatic devices.

Coding your body

How to decipher the messages of your body

The average movement habits of a clichè hacker are legendary. Cowering for days in front of unergonomic hardware setups, stoic ignorance of hardly decodeable signs of the body like hunger, eye- and backpains. Probably due to a general disinterest in non-digitally engineered systems.

Shouldn’t a true hacker know at least bits and pieces about the codes and signs of the body? We all know bits and pieces.. but are they the correct and helpful ones? We will discuss some technical and biological details of slipped discs, posture disservice and pain. I will show fundamental “red flags” which have to be serviced by a medical geek. But not all medical geeks have a good idea about the body's code, therefore I will also suggest some helpful therapies for the most common cases. Bottom line: how to code your body to prevent pain without relying on smattering.

The philosophy of hacking

Contemplations on the essence of hacking and its implications on hacker ethics

Modern society's use of technology as an instrument for domination is deeply problematic. Are instrumentality and domination inherent to the essence of technology? Can hacking provide an alternative approach to technology which can overcome this? How do art and beauty fit into this approach?

Human Rights and Technology

"A New Hope" or "The Empire Strikes Back"?

This talk aims to shed some light on recent human rights violations in the context of the use of digital information and communications technology, particularly considering the latest disclosures about the surveillance programmes of Western intelligence services. At the same time, it shall provide information about Amnesty International's positions and activities in this field and invite anybody interested in our work to get involved.

Infrastructure Review

*Presentation of MOC/NOC/VOC/SOC/OC

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment