2.0 -//Pentabarf//Schedule//EN PUBLISH HQCCYH@@cfp.cccv.de -HQCCYH 38C3: Opening Ceremony en en 20241227T103000 20241227T110000 0.03000

38C3: Opening Ceremony

This ceremony will prepare you for the 38C3 in all its glory, underground and above, hacks and trolls, art and radical ideas. Let's kick this thing off together! PUBLIC CONFIRMED Ceremony https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/HQCCYH/ Saal 1 Gabriela Bogk Aline Blankertz PUBLISH 8ZPHSP@@cfp.cccv.de -8ZPHSP Correctiv-Recherche "Geheimplan gegen Deutschland" – 1 Jahr danach de de 20241227T110000 20241227T114000 0.04000

Correctiv-Recherche "Geheimplan gegen Deutschland" – 1 Jahr danach

Vor einem Jahr enthüllte Correctiv in der investigativen Recherche "Geheimplan gegen Deutschland" ein brisantes Treffen in Potsdam, an dem Rechtsextreme, AfD-Funktionäre, CDU-Mitglieder aus unteren Rängen sowie bedeutende Geldgeber teilnahmen. Diese Veröffentlichung schlug in der deutschen Öffentlichkeit hohe Wellen und führte zu den größten Demonstrationen, die die Bundesrepublik seit ihrer Gründung erlebt hat. Menschen in ganz Deutschland gingen auf die Straße, um gegen die rechtsextreme Bedrohung und die wachsende politische Einflussnahme dieser Kreise zu protestieren. Die Rechtsextremen hingegen versuchten, die Bedeutung dieses Treffens herunterzuspielen und die Enthüllungen als überzogen darzustellen. Sie bemühten sich, ihre Pläne zu relativieren. Gleichzeitig trieb die AfD die demokratischen Parteien bei den Landtagswahlen der neuen Bundesländer weiter vor sich her und konnte in mehreren Bundesländern beachtliche Wahlerfolge feiern. Die Reaktionen auf Bundesebene waren in vielen Augen enttäuschend: Statt die Warnungen aus der Zivilgesellschaft und den Demonstrationen ernst zu nehmen, schien die Bundespolitik in Teilen auf AfD-freundliche Maßnahmen zu setzen. Jean Peters, der leitende Reporter der Recherche, wird in seinem Vortrag detaillierte Einblicke in die Vorgehensweise und die Methodik der Enthüllung geben. Er wird erläutern, wie Correctiv die Verbindungen zwischen den rechtsextremen Akteuren und den finanziellen Unterstützern aufdeckte, welche Herausforderungen es nach der Recherche gab und wie das Team mit der enormen öffentlichen Resonanz umging. Zudem wird er den medialen Diskurs kritisch einordnen: Welche Rolle spielten die Medien bei der Verbreitung und der Einordnung der Informationen? Wie reagierte die Öffentlichkeit auf die Berichterstattung? Und welche Konsequenzen ergaben sich daraus für die politische Debatte in Deutschland? Abschließend wird Peters mögliche nächste Schritte und Ansätze für die weitere Berichterstattung über Rechtsextremismus und den Stand der Debatte rund um ein potenzielles AfD Verbot aufzeigen. Er wird darlegen, wie der investigative Journalismus weiterhin dazu beitragen kann, diese Netzwerke aufzudecken, und welche Hacks die Demokratie bietet, um Autoritarismus zu bekämpfen. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/8ZPHSP/ Saal 1 Jean Peters PUBLISH SJ8PGD@@cfp.cccv.de -SJ8PGD "Natürlich bin ich 18!" - Altersprüfungen im Netz aus Datenschutzperspektive de de 20241227T120000 20241227T124000 0.04000

"Natürlich bin ich 18!" - Altersprüfungen im Netz aus Datenschutzperspektive

Hand aufs Herz – hast du, bevor du 18 warst, Webseiten besucht, die nur für Erwachsene bestimmt waren? Welche Mechanismen haben versucht dich davon abzuhalten? Wie häufig begegnest du diesen Mechanismen heute? Altersprüfungen sind nicht zuletzt durch die Bestimmungen des Digital Services Act (DSA) und die Diskussionen um die Alterstauglichkeit von Social Media heiß diskutiert. Dabei geht es längst nicht mehr allein um Ab-18-Inhalte. Die Idee ist einfach: Wer zu jung ist, darf bestimmte Bereiche des Internets nicht betreten – wie früher in der Videothek - oder wer zu alt ist, bekommt keinen Zutritt – wie auf manchen Spielplätzen. Aber könntest du dir vorstellen, in der Videothek eine Kopie deines Personalausweises abzugeben, zusammen mit der Liste der Filme, die du ausgeliehen hast? Der wichtige Unterschied ist: Um in digitalen Diensten das Alter einer Person prüfen zu können, müssen mehr Daten verarbeitet werden als bei einem kurzen Blick auf den Ausweis, und das ist nicht ohne weiteres zulässig! Der Umgang mit Methoden der Altersprüfung wird einen erheblichen Teil dazu beitragen, wie das Internet in Zukunft aussehen wird und wie frei es sein wird. Es geht nicht nur darum, wie Kinderschutz im Netz umgesetzt wird, sondern auch, wie viel Teilhabe im Digitalen möglich ist – nicht nur für Kinder. In diesem Vortrag erwarten euch ein Überblick über aktuelle (politische) Forderungen nach Altersprüfungen im Internet und den verschiedenen Methoden, die dabei zum Einsatz kommen. Wir machen einen kurzen Exkurs ins Datenschutzrecht und gehen der Frage nach, wie Altersprüfungen, Kinderschutz und Datenschutz zusammenspielen. Nicht zuletzt bekommt ihr die Einschätzung der Bundesbeauftragten für den Datenschutz und die Informationsfreiheit zu hören. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/SJ8PGD/ Saal 1 Aline Sylla Dr. Carsten Adrian PUBLISH C38ZK7@@cfp.cccv.de -C38ZK7 Liberating Wi-Fi on the ESP32 en en 20241227T125500 20241227T133500 0.04000

Liberating Wi-Fi on the ESP32

During the 38c3, there are probably multiple thousands of ESP32s in the CCH, all of which run a closed source Wi-Fi stack. And while that stack works, it would be nicer to have an open source stack, which would grant us the ability to modify and audit the software, which carries potentially sensitive data. So we set to work, reverse engineering the proprietary stack and building a new open source one. We soon discovered just how versatile the ESP32 can be, both as a tool for research and IoT SoC, when its capabilities are fully unlocked. This includes using it as a pentesting tool, a B.A.T.M.A.N. mesh router or an AirDrop client. You'll learn something about Wi-Fi, the ESP32, reverse engineering in general and how to approach such a project. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/C38ZK7/ Saal 1 Frostie314159 Jasper Devreker PUBLISH 7GVNYD@@cfp.cccv.de -7GVNYD Was lange währt, wird endlich gut? Die Modernisierung des Computerstrafrechts de de 20241227T135000 20241227T143000 0.04000

Was lange währt, wird endlich gut? Die Modernisierung des Computerstrafrechts

Das Computerstrafrecht steht seit vielen Jahren in der Kritik – nicht nur von Seiten der Hacker-Community, sondern auch aus der Wissenschaft, der Wirtschaft und sogar von Strafrechtsexperten. Ein zentraler Kritikpunkt ist die Kriminalisierung von Hacking mit guter Absicht, sogenannten ethischen Hackern. Aktuell ist auch diese Form des Hacking strafbar. Initiativen wie Bug Bounty Programme und Disclosure Policies zeigen, dass die Industrie durchaus ein Interesse daran hat, von ethischen Hackern zu profitieren, die Schwachstellen verantwortungsbewusst aufdecken und melden. Seit Ende Oktober ist nun ein Gesetzesentwurf im Umlauf, welcher die Modernisierung des Computerstrafrechts vorsieht. Dieser Vortrag gibt einen Einblick in die Entwicklung dieses Gesetzesentwurfs, den aktuellen Stand der Debatte und die nächsten Schritte. Wir erklären dabei die geplanten Änderungen anhand von praktischen Beispielen und erläutern, welche Aktivitäten zukünftig legal wären und welche weiterhin verboten bleiben. Ziel des Vortrags ist es, die Zuhörenden über den Prozess der Gesetzesänderungen zu informieren. Sie erkennen, welche Möglichkeiten sich aus dem reformierten Computerstrafrecht ergeben und lernen, was beim verantwortungsvollen Aufdecken von Sicherheitslücken beachtet werden muss und welche rechtlichen Grenzen weiterhin bestehen. Zudem wird der Vortrag verdeutlichen, inwieweit die geplante Gesetzesreform als Gewinn für die Hacker-Community angesehen werden kann – oder ob es noch immer Nachbesserungsbedarf gibt. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/7GVNYD/ Saal 1 Florian Hantke Prof. Dr. Dennis-Kenji Kipker PUBLISH SRXRMA@@cfp.cccv.de -SRXRMA „Konnte bisher noch nie gehackt werden“: Die elektronische Patientenakte kommt - jetzt für alle! de de 20241227T144500 20241227T154500 1.00000

„Konnte bisher noch nie gehackt werden“: Die elektronische Patientenakte kommt - jetzt für alle!

In wenigen Wochen startet die [„elektronische Patientenakte (ePA) für alle“](https://www.bundesgesundheitsministerium.de/themen/digitalisierung/elektronische-patientenakte/epa-fuer-alle.html): Medizinische Befunde, Medikationslisten und weitere Gesundheitsdaten von rund 73 Millionen in Deutschlang Krankenversicherten werden dann ohne deren Zutun über Praxis- und Krankenhausgrenzen hinweg in einer zentralen Akte zusammengeführt. Bisher musste die ePA explizit beantragt werden. Ab Januar 2025 dagegen erhalten alle gesetzlich Versicherten, die nicht widersprechen, automatisch eine solche ePA. Eine moderne Sicherheitsarchitektur ermöglicht dabei, dass die enthaltenen Gesundheitsinformationen in der ePA mit den höchsten Sicherheitsstandards geschützt werden. „Der Datenschutz und die Datensicherheit waren uns zu jedem Zeitpunkt das wichtigste Anliegen“, so Gesundheitsminister Karl Lauterbach. „Ein solches System konnte bisher noch nie gehackt werden“. Doch die Vergangenheit hat gezeigt: [„Vertrauen lässt sich nicht verordnen“](https://www.ccc.de/en/updates/2023/digitalegesundheit). Fortsetzung von 36C3 - [„Hacker hin oder her“: Die elektronische Patientenakte kommt!](https://media.ccc.de/v/36c3-10595-hacker_hin_oder_her_die_elektronische_patientenakte_kommt) PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/SRXRMA/ Saal 1 Martin Tschirsich Bianca Kastl PUBLISH GDPEUA@@cfp.cccv.de -GDPEUA Investigating the Iridium Satellite Network en en 20241227T160000 20241227T170000 1.00000

Investigating the Iridium Satellite Network

We'll cover a whole range of topics related to listening to Iridium satellites and making sense of the (meta) data that can be collected that way: - Overview of new antenna options for reception. From commercial offerings (thanks to Iridium Time and Location) to home grown active antennas. - How we made it possible to run the data extraction from an SDR on just a Raspberry Pi. - Running experiments on the Allen Telescope Array. - Analyzing the beam patterns of Iridium satellites. - Lessons learned in trying to accurately timestamp Iridium transmissions for future TDOA analysis. - What ACARS and Iridium have in common and how a community made use of this. - Experiments in using Iridium as a GPS alternative. - Discoveries in how the network handles handset location updates and the consequences for privacy. - Frame format and demodulation of the Iridium Time and Location service. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/GDPEUA/ Saal 1 Sec schneider PUBLISH HWSQQG@@cfp.cccv.de -HWSQQG KLARHEIT ALS WAFFE de de 20241227T171500 20241227T181500 1.00000

KLARHEIT ALS WAFFE

Der Vortrag, eine Mischung aus emotionalem Appell und intellektueller Analyse, thematisiert die Notwendigkeit von Klarheit und bewusster Simplifizierung als Gegengewicht zum Streben nach Perfektion in einer Welt der wahrgenommenen und effektiven Hyperkomplexität. UBERMORGEN stellt infrage, wie viel künstlerische Freiheit im aktuellen Zeitalter der „Happy Dystopia“ noch bleibt, respektive was ‘Radikaler Universalismus’ (Abstraktion zwecks Mustererkennung) für weitläufige Möglichkeiten in der Praxis eröffnen, und beleuchtet, wie ihre neuesten Werke das Potenzial kritischer Ästhetik und radikaler Experimente inmitten einer fragmentierten Informationslandschaft ermöglichen. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/HWSQQG/ Saal 1 Luzius Bernhard lizvlx (UBERMORGEN) PUBLISH ASBXWW@@cfp.cccv.de -ASBXWW BioTerrorism Will Save Your Life with the 4 Thieves Vinegar Collective en en 20241227T191500 20241227T195500 0.04000

BioTerrorism Will Save Your Life with the 4 Thieves Vinegar Collective

We all know that custom, hand-made, artisan-crafted, boutique tools are always better than something factory made. A guitar, a wood chisel, a chef's knife, a built racing engine, a firearm, a suit, a pair of shoes. Given that this is so well-known, and so universally understood, it's peculiar at best that this is not seen by most people when it comes to medicine. It is however also true. Given, however, that the traditional rôle of pharmacists who used to have the freedom to compound custom medicines for the people they were serving has been revoked, and now despite their extensive training, have been limited to being able to do little more than count pills in most cases, we have to do this ourselves. The problem is that this has been criminalized. The moment you stop groveling for permission from medical authorities, and start becoming actively involved in managing your own health, you are a criminal in most countries in the world. Practicing medicine without a license, manufacture of drugs, possession of laboratory tools, possession of precursor chemicals... the list of felonies goes on. The choice is yours. Would you like to be the sickest law-abiding citizen, or the healthiest BioTerrorist? If you want the red pill, you'll have to manufacture it yourself. The blue pill is prescription-only, and if you manage to get a prescription, and you're rich maybe you can afford to buy it. Come learn about the long list of medications which went through the research and development processes, but are never going to be commercially available. Learn how to find more of these, and learn the many ways you can make them yourself. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/ASBXWW/ Saal 1 Dr. Mixæl Swan Laufer PUBLISH MDN3PU@@cfp.cccv.de -MDN3PU Der Thüring-Test für Wahlsoftware de de 20241227T201500 20241227T205500 0.04000

Der Thüring-Test für Wahlsoftware

Vor der Bundestagswahl 2017 veröffentlichten wir unsere Analyse über haarsträubende Sicherheitslücken in einer weit verbreiteten Wahlsoftware. Seitdem ist einiges passiert: Der Hersteller hat die Probleme nicht behoben, das BSI hat einen Stapel Papier produziert, die deutschen Anbieter von Wahlsoftware haben ihr Kartell vergrößert und unterschiedliche Wahl-Pannen untergraben weiterhin das Vertrauen in die Demokratie. Wurden unsere Empfehlungen von 2017 umgesetzt? Wir nehmen den Decompiler und schauen mal nach. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/MDN3PU/ Saal 1 Linus Neumann Thorsten (THS) Schröder PUBLISH 3UWT9A@@cfp.cccv.de -3UWT9A Feelings are Facts: Love, Privacy, and the Politics of Intellectual Shame en en 20241227T211000 20241227T215000 0.04000

Feelings are Facts: Love, Privacy, and the Politics of Intellectual Shame

What happens when we put love and intimacy at the center of our understanding of privacy, and what are the consequences of their disavowal, in favor of a more familiar technocratic definition of privacy-as-absense? What role does our deep desire for love and belonging, and our concomitant fear of shame and rejection, have to do with the (mis)direction of tech capital and the current, warped shape of the tech industry and its products? We take these questions seriously, and work through their implications together in Hamburg during that brief, liminal window between the winter holidays and the new year. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/3UWT9A/ Saal 1 Meredith Whittaker PUBLISH Q8ZAV9@@cfp.cccv.de -Q8ZAV9 Wir wissen wo dein Auto steht - Volksdaten von Volkswagen de de 20241227T220500 20241227T224500 0.04000

Wir wissen wo dein Auto steht - Volksdaten von Volkswagen

Welche Folgen hat es, wenn VW massenhaft Fahrzeug-, Bewegungs- und Diagnosedaten sammelt und den Schlüssel unter die Fußmatte legt? Was verraten Fahrzeugdaten über die Mobilität von Behörden, Ämtern, Ministerien, Lieferdiensten, Mietwagenfirmen, etc.? Wofür werden diese Daten überhaupt gesammelt? Wir zeigen Kurioses bis Bedenkliches - natürlich mit mehr Respekt für den Datenschutz, als diejenigen, die die Daten gesammelt haben. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/Q8ZAV9/ Saal 1 Michael Kreil Flüpke PUBLISH HTWLCG@@cfp.cccv.de -HTWLCG We've not been trained for this: life after the Newag DRM disclosure en en 20241227T230000 20241228T000000 1.00000

We've not been trained for this: life after the Newag DRM disclosure

This talk will be an update about what happened since our 37C3 presentation. We’ll talk about: - Three parliamentary workgroup sessions with dirty bathroom photos on Newag’s offtopic slides, train operators revealing that they paid Newag more than 20k EUR for unlocking a single train, which Newag was able to unlock in 10 minutes, and at the same time saying that they don’t know anything about the locks. - 140-page lawsuits, accusing us of _copyright violation and unfair competition_ (sic!) with a lot of logical gymnastics. - How it’s like to repeatedly explain reverse engineering concepts to journalists. - 6 official investigations, two of them criminal. - New cases revealed since then (from different train operators). - and much more! PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/HTWLCG/ Saal 1 Michał Kowalczyk q3k Jakub Stepniewicz PUBLISH 9C3JXS@@cfp.cccv.de -9C3JXS Desiring Technology. Über Porno, Abhängigkeit und Fortschritt de de 20241228T001500 20241228T005500 0.04000

Desiring Technology. Über Porno, Abhängigkeit und Fortschritt

Pornografie gilt als wichtiger Treiber von Digitalisierung. Ihre Nutzung ist damit auch ein kulturelles Labor digitaler Konsumgesellschaft - aber eines, über das relativ wenig gesprochen wird. Was genau machen Leute eigentlich mit Pornos? Wie Pornos konsumiert werden, gibt mehr als nur Aufschluss über den Stand dessen, was wir “Sexualität” nennen. Menschliches Begehren ist die wichtigste Ressource für technische Entwicklung schlechthin, und in den Lustfarmen der Pornokonsumindustrie findet dieser Zusammenhang nur einen besonders deutlichen Ausdruck. Dieser Vortrag erzählt die Geschichte einer relativ jungen Form digitalisierter Sexualität rund um Pornografiekonsum: Gooning. Er beschreibt, wie über die letzten zehn Jahre diese Form der Lust an sich selbst eine innige Verbindung mit digitalen Medien eingegangen ist. Und er nutzt dieses Beispiel, um eine weitere Geschichte zu erzählen: eine Geschichte über menschliche und vor allem männliche Körper, die nicht anders können, als das Neue zu begehren – selbst angesichts der unerwünschten Zukünfte, mit denen die technologisierte Welt, von der sie abhängig geworden sind, sie konfrontiert. Inhaltshinweis Themen: Sexualität, Sucht. Nacktheit im Bildmaterial ist verpixelt. Dennoch nicht empfohlen für Personen unter 18 Jahren. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/9C3JXS/ Saal 1 Arne Vogelgesang PUBLISH GUFA37@@cfp.cccv.de -GUFA37 Fnord-Nachrichtenrückblick 2024 de de 20241228T011000 20241228T024000 1.03000

Fnord-Nachrichtenrückblick 2024

Endlich wieder ein normaler Ausklang fürs Jahr! PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/GUFA37/ Saal 1 Fefe Atoth PUBLISH FQESP3@@cfp.cccv.de -FQESP3 Typing Culture with Keyboard: Okinawa - Reviving the Japanese Ryukyu-Language through the Art and Precision of Digital Input en en 20241227T110000 20241227T114000 0.04000

Typing Culture with Keyboard: Okinawa - Reviving the Japanese Ryukyu-Language through the Art and Precision of Digital Input

This presentation begins by illustrating how different languages transliterate speech globally and then shifts focus to the Ryukyu-Japonic language family, showcasing how over 10,000 characters can be input on a QWERTY keyboard. The Input Method Engine (IME) has played a unique role in facilitating character input for Chinese, Japanese, and Korean (CJK) languages. This talk explores expanding the CJK family to include Okinawan, addressing how phonologically distinct sounds are recorded and encoded. This addition lays the groundwork for other Okinawan speakers to express themselves and document their lives in today’s interconnected, digital world. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/FQESP3/ Saal ZIGZAG Daichi Shimabukuro PUBLISH MJYTSS@@cfp.cccv.de -MJYTSS Police 2.0: Peaceful activism is terrorism and fakenews are facts en en 20241227T120000 20241227T124000 0.04000

Police 2.0: Peaceful activism is terrorism and fakenews are facts

In 2014 the Dutch police started monitoring Frank van der Linde after he demonstrated and publicly opposed racism, climate change, animal cruelty, homelessness, and other social injustices. By 2019 the Dutch law enforcement had put him on a terror list and shared his personal data with the German Federal Criminal Police Office, Europol and Interpol. Frank challenged the police for sharing his data and categorising him as "terrorist", they responded "The term ‘terrorism’ is a broad term, and they don't really mean it." The Police maintained the categorisation. Last year, a Dutch police officer blew the whistle and spoke out in favor of Frank during a hearing in court. He told the court that the police file about Frank contained grossly mischaracterised and biased information. Overall is seems that wherever van der Linde data is processed, data gets lost and accountability processes cave in. To quote Frank, “What do they have to hide?!” Speakers: Frank van der Linde Lori Roussey, Director of Data Rights, who participates in supporting Frank courageous journey PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/MJYTSS/ Saal ZIGZAG Lori Frank van der Linde PUBLISH FSZBSE@@cfp.cccv.de -FSZBSE Die Geschlechter denen die sie hacken: Selbstbestimmungsgesetz, Pinke Listen, Überwachungsstaat de de 20241227T125500 20241227T133500 0.04000

Die Geschlechter denen die sie hacken: Selbstbestimmungsgesetz, Pinke Listen, Überwachungsstaat

Trans*, inter*, nicht-binäre (TIN*) Rechte und Datensicherheit gehen Hand in Hand. Das wollen wir in diesem Beitrag konkretisieren und für mehr Vernetzung zwischen Digitaler (Grund)rechte-/Datensicherheits-szene und TIN* Aktivismus eintreten. Dabei werden Zusammenhänge zwischen (Un)Sicherheitspaket, Überwachungsmaßnahmen und trans Geschlechtlichkeit erkundet und mit konkreten Gesetzesvorschlägen und aktivistischen Aktionen beantwortet, wie auch ein Einblick in die Teils starken parallelen In den Gesetzgebungsprozessen ermöglicht. Seit 01.11.2024 ist in Deutschland das neue Selbstbestimmungsgesetz (SBGG) in Kraft, das die Änderung von Namens- und Geschlechtseinträgen für TIN* Personen erleichtern soll. Drei Tage vor der Verabschiedung des SBGG am 12.4.2024 wurde dabei das sogenannte “Offenbarungsgebot” im Tausch für die Bezahlkarte für Asylbewerbende aus dem Gesetz herausverhandelt: Insbesondere das Bundesinnenministerium wollte gern eine automatische Weiterleitung persönlicher Daten, darunter Adresse, alter und neuer Geschlechtseintrag, an elf staatliche Institutionen, darunter BKA, Verfassungsschutz, [wie heißen die nochmal richtig: Schwarzgelddezernat und illegale Waffen]. Zu den daraus resultierenden “pinken Listen” ist es nicht gekommen. Allerdings nur unter der Zusicherung, dass die entsprechende Überwachungsmaßnahme für alle Personenstandsänderungen verbindlich wird - das umfasst Eheschließungen, Adoption etc. Eine entsprechende Absichtserklärung sollte im Dezember in den Bundestag gegeben und beschlossen werden, letztlich und vermutlich aber durch das Ende der Ampel vereitelt wurde. Ob, wie und in welcher Form dieses Vorhaben weiterbesteht ist zum jetzigen Zeitpunkt unklar. Datensicherheit und TIN* Rechte überschneiden sich hier unmittelbar. TIN* Personen werden gegen die Privatsphäre aller Menschen instrumentalisiert. In diesem Beitrag wollen wir darlegen, wie es dazu gekommen ist. Wir wollen auch erörtern, was daran schlecht ist und was wir tun können. Dazu werden wir unter andere die Abschnitte und Anschlussmöglichkeiten zur Datensicherheit aus unserem selbst geschriebenen, community produzierten Selbstbestimmungsgesetz 2.0 vorstellen. Wir wollen aber auch Vorschläge zu konkreten aktivistischen Aktionen machen. Dafür brauchen wir eure Bühne - und die Tastaturen unser aller Geschwister. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/FSZBSE/ Saal ZIGZAG Jyn Nephthys Luce deLire PUBLISH XNB7SG@@cfp.cccv.de -XNB7SG Clay PCB en en 20241227T135000 20241227T143000 0.04000

Clay PCB

It is an open secret that the hardware in our smart devices contains not only plastics but also ‘conflict minerals’ such as copper and gold. Technology is not neutral. We investigate alternative hardware from locally sourced materials from a feminist perspective, to develop and speculate upon renewable practices. We call it Feminist Hardware! Feminist Hardware is developed without mining in harmful ways, in an environmentally friendly way, under fair working conditions, and is manufactured from ubiquitously available materials, without generating e-waste, with consent, love and care. We researched on fair-traded, ethical, biodegradable hardware for environmental justice, building circuits that use ancient community-centered crafts encouraging de-colonial thinking, market forces to be disobeyed, and future technologies to be imagined. Our artistic outcome is an Ethical Hardware Kit with a PCB microcontroller at its core. Our PCB is made of wild clay retrieved from the forest in Austria and fired on a bonfire. Our conductive tracks used urban-mined silver and all components are re-used from old electronic devices. The microcontroller can compute different inputs and outputs and is totally open source. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/XNB7SG/ Saal ZIGZAG Patrícia J. Reis Stefanie Wuschitz PUBLISH KETTLY@@cfp.cccv.de -KETTLY Breaking NATO Radio Encryption en en 20241227T144500 20241227T154500 1.00000

Breaking NATO Radio Encryption

High frequency (HF) radio, also known as shortwave radio, is commonly used by the military, other government agencies and industries that need highly robust long-distance communication without any external infrastructures. HF radio uses frequencies between 3 and 30 MHz. These frequencies enable skywave propagation, where the radio signals are reflected by electrically charged particles in the upper atmosphere. While this effect enables communication across very large distances, historically, it required trained and experienced operators to establish a radio link. This dependence on operators was reduced by the introduction of the automatic link establishment (ALE) protocol. In a nutshell, an ALE-enabled radio establishes a link to another radio by selecting a suitable frequency according to a propagation model and then transmitting a call frame. If the frequency is good, the other radio receives the frame and the two radios perform a handshake to set up a link. The encryption of these ALE frames is known as linking protection. It is primarily meant to protect unauthorized users from establishing links with radios in a network or interfering with established links. Additionally, encryption of ALE frames also protects the network from certain types of traffic analysis, which is the analysis of operating data such as network structure, frequencies, callsigns and schedules. The first ALE standard did not specify a cipher, but specified how to integrate a stream cipher with ALE. Later standards introduced the 56-bit key Lattice/SoDark cipher, which is now recommended to be replaced with HALFLOOP whenever possible. HALFLOOP, which is standardized in US standard [MIL-STD-188-14D](https://quicksearch.dla.mil/qsDocDetails.aspx?ident_number=67563) since 2017, is essentially a downscaled version of the Advanced Encryption Standard (AES), which effectively is the most used encryption algorithm today. While this downscaling led to many strong components in HALFLOOP, a fatal flaw in the handling of the so-called tweak enables devastating attacks. In a nutshell, by applying a technique known as differential cryptanalysis, an attacker can skip large parts of the encryption process. In turn, this makes it possible to extract the used secret key and hence enables an attacker to break the confidentiality of the ALE handshake messages and also makes an efficient denial-of-service attack possible. These attacks are described in the two research papers, [Breaking HALFLOOP-24](https://doi.org/10.46586/tosc.v2022.i3.217-238) and [Destroying HALFLOOP-24](https://doi.org/10.46586/tosc.v2023.i4.58-82). They were initiated by the presentation of the [Cryptanalysis of the SoDark Cipher](https://doi.org/10.46586/tosc.v2021.i3.36-53), the predecessor of HALFLOOP. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/KETTLY/ Saal ZIGZAG Lukas Stennes PUBLISH MAUBFS@@cfp.cccv.de -MAUBFS What the PHUZZ?! Finding 0-days in Web Applications with Coverage-guided Fuzzing en en 20241227T160000 20241227T170000 1.00000

What the PHUZZ?! Finding 0-days in Web Applications with Coverage-guided Fuzzing

The World Wide Web has become a fundamental part of modern society, providing crucial services such as social networks, online shopping, and other web applications. To this day, web vulnerabilities continue to be discovered, and data breaches are reported, even on high-profile websites. While several viable methods exist to detect web vulnerabilities, such as penetration tests, source code reviews, and bug bounty programs, these approaches are typically costly and time-intensive. Therefore, discovering web vulnerabilities in an automated and cost-effective fashion is desirable. One method to approach this problem is coverage-guided "fuzzing", which has been successfully used to identify memory corruption bugs in binary applications, but has seen limited application to web applications. Our academic research has resulted in an open-source prototype called "PHUZZ," which outperforms classic black-box vulnerability scanners in detecting web vulnerabilities with its fuzzing approach. This talk will first introduce the concept of coverage-guided fuzzing and the differences from black-box web fuzzing performed by vulnerability scanners. After diving into the challenges of applying coverage-guided fuzzing to web applications, we will introduce PHUZZ and explain how its approach allows the detection of a wide variety of web vulnerabilities, including SQLi, RCE, XSS, XXE, open redirection, insecure deserialization, and path traversal in PHP web applications. Our comparison of PHUZZ with state-of-the-art black-box vulnerability scanners, using a diverse set of artificial and real-world web applications containing known and unknown vulnerabilities, showed surprising results. Not only does PHUZZ outperform the other vulnerability scanners in the number of discovered vulnerabilities, but it also discovers over a dozen new potential vulnerabilities and two 0-days, which we will discuss in our talk. Finally, we will motivate the use of PHUZZ [1] and coverage-guided fuzzing methods to discover web vulnerabilities. This presentation is based on our academic publication "What All the PHUZZ Is About: A Coverage-guided Fuzzer for Finding Vulnerabilities in PHP Web Applications" [0]. [0] https://dl.acm.org/doi/10.1145/3634737.3661137 [1] https://github.com/gehaxelt/phuzz PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/MAUBFS/ Saal ZIGZAG Sebastian Neef (gehaxelt) PUBLISH YM3UTV@@cfp.cccv.de -YM3UTV From fault injection to RCE: Analyzing a Bluetooth tracker en en 20241227T171500 20241227T175500 0.04000

From fault injection to RCE: Analyzing a Bluetooth tracker

This talk will present the journey through the analysis of the Chipolo ONE Bluetooth tracker. As for lots of IoT devices, this analysis mixes both hardware and software attacks so this talk will be packed with lots of techniques that can be applied to other devices as well: - Using fault injection to bypass the debug locking mechanism on a chip that has apparently never been broken before. - Reverse engineering an unknown firmware with Ghidra, a PDF and parts of a SDK - Analyzing weak cryptographic algorithms to be able to authenticate to any device - Finding a buffer overflow and achieve code execution over Bluetooth - Disclosing an unpatchable vulnerability to the vendor PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/YM3UTV/ Saal ZIGZAG Nicolas Oberli PUBLISH ANJUV8@@cfp.cccv.de -ANJUV8 From Silicon to Sovereignty: How Advanced Chips are Redefining Global Dominance en en 20241227T191500 20241227T195500 0.04000

From Silicon to Sovereignty: How Advanced Chips are Redefining Global Dominance

This talk centres on the advanced technical processes required to manufacture state-of-the-art computer chips, tracing the journey from raw materials to ultra-miniaturized circuits. We will explore each critical stage in this complex process, beginning with the refinement of ultrapure quartz and progressing through wafer production to the advanced lithography techniques that enable feature sizes down to just a few nanometers—all executed not merely in a laboratory but at an industrial scale that pushes the boundaries of what is technologically possible. A particular emphasis will be placed on Extreme Ultraviolet (EUV) lithography, a revolutionary technique essential for achieving these ultra-small scales. EUV lithography not only represents the core technological challenge in chip fabrication but also holds a pivotal position in the global semiconductor supply chain, placing it at the intersection of scientific innovation and international politics. The talk will address both the underlying physics and the geopolitical significance of this technology, as nations increasingly view control over semiconductor production as a strategic asset. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/ANJUV8/ Saal ZIGZAG Thorsten Hellert PUBLISH WADJP3@@cfp.cccv.de -WADJP3 Spatial Interrogations Or the Color of the Sky en en 20241227T201500 20241227T205500 0.04000

Spatial Interrogations Or the Color of the Sky

In July 2023, a new method of reconstructing reality was published in a paper called "3D Gaussian Splatting for Real-Time Radiance Field Rendering." Three months later, the first apps provided this technology in their pseudo social-networks. Gaussian Splatting produces a navigable, though static, 3D reconstruction of events from video footage – but also an intriguing aesthetic. Areas of sharp details are surrounded by calculated uncertainty, creating digital spaces that inadvertently mirror how human memory operates. The talk presents a video essay of the same name, exploring this resonance between technology and memory through a crafted blend of found footage, open-source media, and AI-generated elements. By developing custom tools for VR exploration and capture, the work documents these digital spaces from within, creating a choreographed journey through both technical and remembered landscapes. It is both a technical documentation and a poetic interpretation; it’s an interrogation of an emerging technology and a meditation on how we process and reconstruct our experiences, digital and remembered alike. The lecture will focus on the technical background, as well as the artistic practices used to create the video essay. From working with virtual reality and experimenting with AI-generated content, to making decisions and non-decisions – it traces the development of a work in the parallel landscapes of emergent technology and lingering memory, of imminent nostalgia and nascent futures. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/WADJP3/ Saal ZIGZAG Artur Neufeld PUBLISH 7RBKND@@cfp.cccv.de -7RBKND Was macht ein IT-Systemadministrator in einem Alu-Schmelzwerk (Schafft die Deutsche Industrie die Digitalisierung) de de 20241227T211000 20241227T215000 0.04000

Was macht ein IT-Systemadministrator in einem Alu-Schmelzwerk (Schafft die Deutsche Industrie die Digitalisierung)

Der Talk behandelt den Kampf eines einsamen Administrators, der alleine versucht einen fast 100 Personen starken Standort im Herzen des Potts ins 21. Jahrhundert zu führen und irgendwie sicher zu bekommen. Wir beginnen mit witzigen Anekdoten über 20 Jahre alte Server, DOS-Anwendungen, beleuchten ein wenig das fragwürdige Geschäft mit Zertifizierungen beziehungsweise Audits und landen am Ende der Reise bei der Frage, was der Gesetzgeber eigentlich tut und was das für Auswirkungen hat. Es ist ein kleiner Appell und Handlungsleitfaden an alle Administratoren in der Privatwirtschaft, wie sie dem Vorstand und ihren Chefs einen verantwortungsbewussteren Umgang mit Datenschutz und Datensicherheit vermitteln können. Es liegt jetzt an uns (den nachkommenden Generationen), Verantwortung zu übernehmen und diese digitale Welt sicher für alle zu gestalten. Denn der Vortragende geht davon aus, dass wir in den nächsten Jahren viele Firmen verlieren werden, weil sie schlicht und ergreifend den Anschluss verpassen. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/7RBKND/ Saal ZIGZAG Johannes Bernstein PUBLISH TEAHVC@@cfp.cccv.de -TEAHVC Wie wird gleich? de de 20241227T220500 20241227T224500 0.04000

Wie wird gleich?

Basierend auf der Annahme, dass alles mit allem zusammen hängt und ein gemeinsames Interesse besteht, die gesamte Scheiße zum Guten zu wenden, lade ich dazu ein, anhand von Praxisbeispielen aus meiner künstlerischer Forschung und einfachen Live-Experimenten, zu erfahren, wie wir alle Welt gestalten. Und wie wir aus diesem Beteiligt sein Mut ziehen können, einer lebenswerten Zukunft für alle näher zu kommen. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/TEAHVC/ Saal ZIGZAG kathia PUBLISH 39HFD9@@cfp.cccv.de -39HFD9 Hacking the RP2350 en en 20241227T230000 20241228T000000 1.00000

Hacking the RP2350

The RP2350 security architecture involves several interconnected mechanisms which together provide authentication of code running on the chip, protected one-time-programmable storage, fine-grained control of debug features, and so on. An antifuse-based OTP memory serves as the root of trust of the system, and informs the configuration of ARM TrustZone as well as additional attack mitigations such as glitch detectors. Raspberry Pi even constructs an impressive, bespoke Redundancy Coprocessor (RCP), which hardens execution of boot ROM code on the Cortex-M33 cores with stack protection, data validation, and instruction latency randomization. Since there are many potential incorrect guesses to be made about where problems might lie, here I begin with the most fundamental features of the chip logic, including the reset process. Even small oversights at this level can entirely defeat sophisticated security efforts if higher-level mechanisms place complete trust in seemingly simple hardware operations. I show how cursory research into the design details of IP blocks used in the SoC can help inform an attack, and demonstrate the importance of fully testing new features which are built atop older IP. Ultimately, the significant amount of luck (or lack thereof) involved is a reminder of the need to meticulously understand and validate complex systems. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/39HFD9/ Saal ZIGZAG Aedan Cullen PUBLISH TPGRNN@@cfp.cccv.de -TPGRNN A Competitive Time-Trial AI for Need for Speed: Most Wanted Using Deep Reinforcement Learning en en 20241228T001500 20241228T005500 0.04000

A Competitive Time-Trial AI for Need for Speed: Most Wanted Using Deep Reinforcement Learning

15 years ago, at the height of my eSports career, I uploaded an (unofficial) ESL record at Need for Speed: Most Wanted (2005) (NFS:MW) to Youtube. In the meantime Deep Reinforcement Learning became popular and ever since I have dreamt of creating a competitive AI for my favorite racing game of all time: NFS:MW. Now finally the time was right: The hardware is fast enough, good software is available, and Sony's AI research has proven the task is actually doable. Hence I thought: "How hard can it possibly be?". This talk will present in detail all challenges and achievements in creating a competitive time-trial AI in NFS:MW from scratch - including but not limited to - hacking of the game to create a custom API, building a custom (real-time) OpenAI gym environment, steering the game using a virtual controller, and finally successfully training an AI using the Soft-Actor-Critic algorithm. All code including the API is written in Python and is open source. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/TPGRNN/ Saal ZIGZAG Sebastian "Schw4rz" Schwarz PUBLISH QSC7YF@@cfp.cccv.de -QSC7YF libobscura: Cameras are difficult en en 20241227T110000 20241227T114000 0.04000

libobscura: Cameras are difficult

The libobscura experiment exists to find out what a point-and-shoot API abstracting Video4Linux should look like. It has its roots on one hand in the Librem 5 project, where I wrote some 70% of the camera stack, and on the other hand in libcamera, which I found too difficult to use. You think controlling a modern camera is easy? Think again. Between pixel formats, depths, media entities, pads and links, sensitivity, denoising, phase detection, shutter lengths, DMAbuf, OpenGL, feedback loops, requests, and statistics, there's enough opportunities to get lost in the detail. Thankfully, Prototype Fund thinks I'm up for the challenge, so they are funding me through libobscura in order to get lost, and maybe find something in the process. Project repo: https://codeberg.org/libobscura/libobscura PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/QSC7YF/ Saal GLITCH DorotaC PUBLISH RUBQ88@@cfp.cccv.de -RUBQ88 ACE up the sleeve: Hacking into Apple's new USB-C Controller en en 20241227T120000 20241227T124000 0.04000

ACE up the sleeve: Hacking into Apple's new USB-C Controller

The Lightning and USB-C ports on Apple devices have been well known to "hide" secrets beyond just exposing USB and charging functionality: For example last year at CCC, we showed how we can gain access to JTAG on the iPhone 15 using a custom-build PCB ("Tamarin-C"). All this is handled on new Apple devices using a chip called the ACE3: While previous Apple USB-C devices used a slightly modified Texas Instruments TPS65986, the ACE3 is significantly more custom - and significantly more powerful: It runs a full USB stack (implementing the "Port DFU" mode) and is connected to different internal busses of the phone, making it an interesting target for persistent firmware-implant style attacks. Imagine modifying/backdooring the USB-C controller in a way where it will automatically compromise the main operating-system - essentially making (potential) USB jailbreaks untethered. But how do we approach a custom chip without any documentation and which has its firmware in an internal ROM? With the ACE2 it was possible to dump the integrated ROM using JTAG/SWD, which allowed us to identify & exploit a hardware (on all MacBooks except the M3 Pro & Max) vulnerability to persistently modify the ACE2. However the ACE3 is different: We don't even have a pinout for the chip (which has 120 pins), JTAG seems disabled, and the external flash does not even contain the actual firmware, but only tiny patches for the actual firmware in the chip - and the contents are cryptographically validated! After attempting different software avenues of attacking the ACE3 (including building a small fuzzer and finding a timing side-channel attack to enumerate available commands) with no success, and seeing that the ACE3 implements firmware personalization, it was time for the ace up the sleeve: Hardware attacks. After reverse-engineering the external flash layout (including CRCs) and finding that the flash is cryptographically verified (and that a secure-boot bypass vulnerability we found on the ACE2 does not work on the ACE3), the idea was born to use electro-magnetic measurements to determine when during the startup of the chip the validation fails. And by triggering a software-defined radio on the activity of the external flash, it was possible to gather a very precise point in time where the check is being done - perfect to try some fault injection! Unfortunately no good isolated power-supply for the ACE3 could be found to use with voltage fault injection, and so instead I decided to try electro-magnetic fault injection: By "blasting" the chip with strong electro-magnetic fields at just the point in time determined during the EM measurement I was hoping to be able to bypass the check - and after hours of trying, debugging, moving the injection tip, more debugging, and more time, it eventually succeeded: A modified patchset could be booted into the CPU. But … How do we make sure our "patch" actually gets executed? How do we dump the ROM without having any IO? And how do we even know what (in the 32-bit address space of the processor) we should dump? And can we implement the attack without thousands of dollars of hardware? We will look at all of these things during the talk. Itemized progression draft: - Introduction - whoami - History of Lightning/USB-C secrets on Apple devices - A quick look at ACE2 - Technical details & usage - Dumping the ACE2 - Analyzing the MacBook hardware - Building a kernel-level SWD probe to hack the ACE2 without opening the device - Disabling the secure-update functionality of the ACE3 - The ACE3 - iPhone 15 vs iPhone 16 vs MacBook with M3 Pro/Max - No matching Texas Instruments chip, no public documentation, no schematics - Software exploration - Apple's HPM bus - Discovering a timing-sidechannel for supported commands - Hardware exploration - Trying to find SWD (with which I think I succeeded - however it seems to be disabled) - Dumping the external flash - Flash exploration - No full firmware, just patches - Some CRCs found, but also firmware personalization (IM4M) - Seems to be cryptographically verified - Attempting to flash modified dumps (with fixed CRCs) unsuccessfully - Electro-magnetic measurement - Setup: HackRF + small inductor as antenna - Building a reliable Trigger signal for the SDR: Flash chip-select line - Compare when the chip-boot fails with correct and invalid CRCs in the flash - Identified point in time where the boot seems to abort (Screenshots for this can be found in the attachments) - Fault injection - Quick primer: Voltage FI vs EMFI - Setup: ChipSHOUTER on MacBook, ChipWhisperer Husky for trigger-generation, software to reboot the chip & arm the glitcher - Experimenting to determine correct parameters by attempting to fail the boot with correct firmware - The actual attack - Flash modified patchset (Changed version-string) - Reboot chip - Glitch chip at the right time - Test for success, repeat - Success - but what now? - Getting actual code-execution through the attack by overwriting a patched command - Using HPM bus to execute the command and dump 64 bytes at a time - A look at the dumped firmware - Reducing the attack-costs: Performing the attack with <$100 of equipment - How could this have been prevented? - What's next? PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/RUBQ88/ Saal GLITCH stacksmashing PUBLISH 7L7TBY@@cfp.cccv.de -7L7TBY Transparency? Not from the European Commission en en 20241227T125500 20241227T133500 0.04000

Transparency? Not from the European Commission

~~Redacted~~ PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/7L7TBY/ Saal GLITCH Kris Shrishak PUBLISH 7KYFDQ@@cfp.cccv.de -7KYFDQ Life in the Lager: How it is & how to support de de 20241227T135000 20241227T143000 0.04000

Life in the Lager: How it is & how to support

Wir sind eine selbstorganisierte Initiative von Migrantinnen mit Fluchterfahrung, die in Ostdeutschland Rassismus im Alltag erlebt haben. Wir wollen ihre Lebenssituation sichtbarer machen und langfristig mehr gesellschaftliche Solidarität erreichen. In dieser Präsentation sprechen wir über das harte Leben in den Lagern und ländlichen Regionen, über den alltäglichen Rassismus in Behörden, am Arbeitsplatz …, Wir werden auch über die Bezahlkarte und Essensscheine sprechen, basierend auf unseren eigenen Erfahrungen. Diese Maßnahmen sind nicht nur rassistisch, sie entmenschlichen die Betroffenen – besonders Jugendliche. Sie verletzen ihre Würde, Wir geben auch Beispiele, wie jeder von euch konkret unterstützen und Solidarität zeigen kann. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/7KYFDQ/ Saal GLITCH Hafid Shaaib PUBLISH 8MSZTT@@cfp.cccv.de -8MSZTT Demystifying Common Microcontroller Debug Protocols en en 20241227T144500 20241227T154500 1.00000

Demystifying Common Microcontroller Debug Protocols

Embedded programming is the art of shrinking complex programs in tiny packages by throwing away unnecessary features. With modern microcontrollers, debugging need not be one of the features thrown away. Most modern chips include some form of low-level access, but the technical details aren't widely understood. Many users of embedded firmware will use their preferred debugger without thinking too hard about what's going on underneath. We'll start by covering what it means to debug embedded software. The primitives required to have an interactive debug session are surprisingly minimal. From this, we'll build up a list of requirements and "nice to haves" to make a debugging environment comfortable, and reference existing "bespoke" debug approaches. We'll cover several examples of debug engines ranging from cores designed to go into FPGAs to tiny 8-bit microcontrollers. Next, we'll take a step back and describe the common lower-level protocols such as JTAG and SWD. These describe physical signals that go between the host and the target. We'll compare various protocols and see how they map onto the higher-level primitives discussed earlier. Armed with examples, we'll see how the protocol stack is formed. Next, we'll use the knowledge of low-level protocol implementations and the requirements for debugging to look at common abstractions on top of physical transports to implement core control. This will bridge the gap between "JTAG or SWD are the protocol" to "Poking a value in memory on a microcontroller". In this section, we'll cover the more common and generic uses such as Arm's ADI and the RISC-V DMI and see how complex and cross-target configurations are built to be rigid enough to have rich debug features while flexible enough to handle a wide range of processor configurations. Finally, we'll cover common tasks such as programming flash memory, watchpoints, and single-step debugging -- things that we take for granted in the desktop world and would like to have when programming for a potato that costs less than an actual potato. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/8MSZTT/ Saal GLITCH Sean "xobs" Cross PUBLISH KNG7P3@@cfp.cccv.de -KNG7P3 Als die Kommentarspalten brannten – 11 Monate Einsatz in Gaza de de 20241227T160000 20241227T170000 1.00000

Als die Kommentarspalten brannten – 11 Monate Einsatz in Gaza

Cadus ist seit Februar 2024 in Gaza im Einsatz. Unsere Arbeit dort umfasst die Stabilisierung schwerstverletzter Zivilist*innen, medical evacuations und Unterstützung/medizinische Absicherung der Einsätze des United Nations Mine Action Service. Dieser Einsatz ist in Bezug auf die Herausfoderungen auf vielen Ebenen noch einmal deutlich anspruchsvoller als das, was wir als CADUS aus anderen Kriegsgebieten gewohnt sind. Seit Februar haben wir mehr als 3500 schwerstverletzte Patient*innen behandelt und mehrere hundert Menschen innerhalb Gazas und aus Gaza heraus evakuiert. Wir beleuchten unseren Katastrophenhilfe-Einsatz aus drei unterschiedlichen Blickwinkeln. Sebastian wird über die logistischen und administrativen Herausforderungen unseres Einsatzes reden. Wie geht das, in einem der aktuell gefährlichsten Kriegsgebiete einen Hilfseinsatz zu starten und am laufen zu halten? Vor allem unter Berücksichtigung der bestehenden umfassenden Embargos und der Behinderungen humanitärer Hilfe Anna-Lea berichtet darüber, wie wir unsere Teams auf den Einsatz vorbereiten, wie wir versuchen sie während des Einsatzes zu unterstützen, und wie ein Nachsorgeangebot aussehen kann (und muss) für Leute die freiwillig in so einen Einsatz gehen. Mit Nic Zemke hatten wir passend zum 38c3 einen echten Nerd im Einsatz, der darüber sprechen wird wie derzeit Hilfsorganisationen und Vereinte Nationen KML-Files mit überlebenswichtigen Informationen über WhatsApp hin und her schicken und wie wir ein für die Seenotrettung entwickeltes Geoinformationssystem in kürzester Zeit so umgebaut haben, dass die Koordination von Hilfseinsätzen bald hoffentlich weniger Fehleranfällig läuft. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/KNG7P3/ Saal GLITCH Sebastian Jünemann Anna-Lea Göhl Nic Zemke PUBLISH BMDSF7@@cfp.cccv.de -BMDSF7 An open-source guide to the galaxy: Our journey with Ariane 6 en en 20241227T171500 20241227T181500 1.00000

An open-source guide to the galaxy: Our journey with Ariane 6

In this talk members of the Libre Space Foundation will take you on the journey of a rocket's payload: beginning with how the SIDLOC experiment and the satellite Curium One were developed, integrated and finally launched on the Ariane 6 maiden flight into space. 1. **SIDLOC** (Spacecraft Identification and Localization): Developed in collaboration with ESA, SIDLOC aims to improve space safety and mission success rate by establishing an open beaconing standard for spacecraft identification and localization. SIDLOC uses a low power beacon that utilizes the Spread Spectrum modulation and the cross-correlation properties of the Gold sequences, ensuring proper operation in extremely low SNR environments and identification of the transmitting space object. In addition, SIDLOC can provide localization and orbit determination, utilizing the Doppler frequency offset estimation mechanism that it implements. To achieve that, the open and crowd-sourced SatNOGS network is used, contributing to an independent source of orbital elements and spacecraft identifications, disrupting the existing model. The SIDLOC protocol has been implemented in such a way, so it is easy to integrate to a space object, regardless of its size, with minimal effort. 2. **Curium One**: The satellite Curium One is designed to establish an open-source framework for satellite systems. It features 15 newly designed open-hardware PCBs. From solar generators to the on board computer and high frequency communication boards everything was designed, tested and qualified by the community with the help of Planetary Transportation Systems. Its first signal acquisition was performed by the formerly world's largest radio telescope built in 1956 – the 25m diameter Dwingeloo Radio Observatory. We want to tell you about the development and implementation of the core technologies, the biggest challenges we faced during the missions, and the wild jungle experiences at the spaceport in Kourou. We aim to provide an overview of how open-source principles are being applied in space exploration and the benefits and problems of this approach within the space industry. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/BMDSF7/ Saal GLITCH Manthos Papamatthaiou Paul Koetter PUBLISH XCLUY7@@cfp.cccv.de -XCLUY7 Dead Man’s Switch. An art shield to protect the life of Julian Assange en en 20241227T191500 20241227T195500 0.04000

Dead Man’s Switch. An art shield to protect the life of Julian Assange

Dead Man’s Switch is an art shield. It is not a human shield: that is what terrorists produce. Dead Man’s Switch, on the contrary, is a tool for negotiation. “Taking hostage” is one of the most common languages used by the power structure. In his artistic career, Andrei Molodkin, developed the method of mirroring the language of power within the formal parameters of Political Minimalism. In the case of the Dead Man’s Switch, the Medusa Gorgon mirror used to hit the power structure has been done by taking hostage the most important of capitalistic symbols, its icons and values. In this catastrophic time, to destroy art is much more taboo than to destroy the life of a person. Arianna Mondin, applied Interpol’s criminal investigation method to the field of architecture in her PhD to unveil the connection between architecture and oil. She used this method in the development strategy of Dead Man’s Switch. The talk will focus on the process of realizing the Dead Man’s Switch to mirror the language of power to release Julian Assange from prison. In particular, it will clarify the operation to involve artists and collectors in participating by donating their artworks to secure the survival of the most consequential political prisoner of our times. The project involved also specialists in security, negotiation, hardware and software, all together organised in a system aimed at reprogramming the power structure. The talk will conclude by explaining the technical details, software and hardware, and the conceptualisation of the counter as a method of escalation and resetting the system. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/XCLUY7/ Saal GLITCH Andrei Molodkin Arianna Mondin PUBLISH QR7CRG@@cfp.cccv.de -QR7CRG EU's Digital Identity Systems - Reality Check and Techniques for Better Privacy en en 20241227T201500 20241227T205500 0.04000

EU's Digital Identity Systems - Reality Check and Techniques for Better Privacy

Digital Identity solutions are on the rise all around the world. In particular the European Union is establishing a range of ambitious proposals like eIDAS to establish a general purpose platform for identification, authentication and transfer of personal data that will be used by eGovernment, logging into Facebook, public transport, eCommerce and doctor visits. With the Digital Euro, the EU Digital Travel App, Age Verification Apps and many other proposals we can see the scary trajectory the EU is headed towards. This talk provides a critical reality check about the underlying technology, the impact these systems will have on our privacy on a daily basis and what security (hell) we can expect. The talk will also give an overview of the proposed technical eIDAS architecture, and the [Cryptographers' Feedback on the EU Digital Identity’s ARF](https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/issues/200). We will also provide a brief introduction into zero-knowledge proofs, the security and privacy properties they can provide for Digital Identities, and what is missing to bring these technologies into reality. Thomas Lohninger has worked for the digital rights NGO epicenter.works to advocate for [strong privacy in the eIDAS law](https://epicenter.works/en/thema/eid-digital-public-infrastructures) on EU level. He is a member of the [Ad-Hoc Technical Advisory Group of the EU-Commission on eIDAS Wallet](https://epicenter.works/en/content/nda-of-the-ad-hoc-technical-advisory-group-of-the-eu-commission-on-eidas-wallet) and the only civil society Jury member of the SPRIND Funke on [EUDI WALLET Prototypes](https://epicenter.works/en/content/germany-eidas-wallet-jury-agreement-nda) of the German government. Anja Lehmann is a professor for cryptography at the Hasso-Plattner-Institute, University of Potsdam, with a focus on developing privacy-enhancing technologies, in particular enabling privacy-preserving authentication. She is a Jury member of the SPRIND Funke on [EUDI WALLET Prototypes](https://www.sprind.org/impulse/challenges/eudi-wallet-prototypes#anchor-jury) and also supports the SPRIND EUDI project on the integration of zero-knowledge proofs since October 2024. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/QR7CRG/ Saal GLITCH Anja Lehmann Thomas Lohninger PUBLISH WFEH8C@@cfp.cccv.de -WFEH8C How to Spec - Fun with dinosaurs en en 20241227T211000 20241227T215000 0.04000

How to Spec - Fun with dinosaurs

The public image of dinosaurs is largely shaped by art. While paleontology is a dynamic and productive science, it is primarily through paleoart that our perception of prehistoric life takes form. This tradition of science informed art form, rooted in a 200-year history, finds its inspiration in the fossil record and the interpretations it offers. The gaps in our knowledge are as influential as the fossils themselves. Through informed speculation and a fundamental understanding of anatomy, ecology and geology a paleoartist is able to bring back extinct organisms in ever new ways. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/WFEH8C/ Saal GLITCH Joschua Knüppe PUBLISH CMQST8@@cfp.cccv.de -CMQST8 Proprietary silicon ICs and dubious marketing claims? Let's fight those with a microscope! en en 20241227T220500 20241227T224500 0.04000

Proprietary silicon ICs and dubious marketing claims? Let's fight those with a microscope!

A digital synthesizer from 1986 was completely shrouded in mystery and dubious marketing claims. Being that old, eventually every working unit will break, leaving us with the no info about its inner workings. I could not accept this, so I decided to get into silicon reverse engineering. By dissolving its undocumented custom chips into acid and looking at them through a microscope, I was able to get an understanding of what was going on internally, to be able to preserve it and emulate it in the future. This is possible because lot of custom silicon chips from that era (80s and 90s) are of the "gate array" type: a grid-like structure that contains thousands of digital logic gates. By looking at them closely we can understand what those gates do, and by following the wiring between them we can reconstruct the entire system. This method allowed people to understand and recreate perfect emulations of arcade games, sound chips, security ICs and more. In this talk I want to tell my journey into silicon reverse engineering from my perspective of a complete beginner and software guy, and what I learned in the process. I will go through the different kinds of custom chips, how they look under a microscope, their different parts, what can be easily reverse engineered and what can not. Those chips do not only contain logic, but also RAM and ROM parts, and knowing how to identify them can give clues when looking at the logic is too complicated. Sometimes a chip can be completely understood even without knowing that a MOSFET is. I will also cover the process I used for reverse engineer them, some techniques that worked and some that didn't, and some tools I built to automatically extract mask ROMs and generate Verilog code from die shots. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/CMQST8/ Saal GLITCH giulioz PUBLISH P9WRAY@@cfp.cccv.de -P9WRAY IRIS: Non-Destructive Inspection of Silicon en en 20241227T230000 20241228T000000 1.00000

IRIS: Non-Destructive Inspection of Silicon

Do we really know what chips are inside our devices? To a first order, the answer is “no”. We can read the label printed on the chip's package, but most of us have no way to determine if the silicon actually matches what’s on the label. This lack of transparency has lead to much hand-wringing about the safety of our global supply chains, as chips zig-zag the globe on their way to our doorstep: each stop is an opportunity for bad actors to inject malicious hardware, and those of us without access to million-dollar analytical gear have no way of detecting this. IRIS (Infra-Red, *in situ*) is a technique I have been developing that aims to democratize the inspection of silicon. It turns out that for a select but fairly common type of chip - those in chip-scale packages - a simple modification to an off the shelf microscope camera can enable the visualization of micron-scale features within – without requiring any nasty chemicals or desoldering chips. I will also show how the basic everyday technique can be combined with a Jubilee 3D motion platform to create detailed, full-chip images. This talk will cover the basic theory behind the technique, and frame it in the context of several hypothetical threat scenarios that highlight its strengths and limitations. It is important to understand that IRIS is not a panacea for chip verification, but it is a significant step forward in improving transparency. I will also discuss its potential as a new tool for system designers who are serious about enabling user-level hardware verification. Finally, time permitting and equipment cooperating, I would like to share the simple pleasure of being able to take a peek inside the chips of some common mobile phone motherboards with a live demo. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/P9WRAY/ Saal GLITCH Andrew 'bunnie' Huang PUBLISH JKACDE@@cfp.cccv.de -JKACDE Blåmba! ☎️ Behind the scenes of a 2000s-style ringtone provider en en 20241228T001500 20241228T005500 0.04000

Blåmba! ☎️ Behind the scenes of a 2000s-style ringtone provider

A key part of early 2000s advertisements were hyperactive frogs and annoying crocodiles trying to lure people into subscribing to overpriced ringtones and silly graphics for their mobile phones. Apart from shady business practices -- how exactly do you send pictures and ringtones to vintage GSM mobile phones (most of which don't even support TCP/IP)? In our quest to learn more, we stumbled across WAP-Push, User Data Headers, Concatenated SMS, SMPP, User Agent Profiles and many more forgotten technologies. To put all this knowledge to good use, we built Blåmba -- a Chaos ringtone provider, clearly inspired by the (now long defunct) historic ones. Then at Chaos Communication Camp 2023 with the C3GSM network, we had the first public instalment of Blåmba. The Chaos community uploaded lovely artwork and new ringtones, sent patches for the software, and had a fun time reviving their old Nokia phones. This talk will tell the story behind Blåmba, explain how ringtones (and more) made their way onto your phone, what a WAP gateway did, and what other cool tricks mobile phones could do (if you had the money to pay for GPRS traffic 20 years ago). PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/JKACDE/ Saal GLITCH Manawyrm PUBLISH S3WJCS@@cfp.cccv.de -S3WJCS Illegal instructions by legals - Anweisungen für den anwaltlich begleiteten Rechtsbruch de de 20241228T110000 20241228T114000 0.04000

Illegal instructions by legals - Anweisungen für den anwaltlich begleiteten Rechtsbruch

Tracker an Tiertransporter, Kameras vor einer Steueroase, Veröffentlichungen von Verschlusssachen, Frontex verpetzen oder sich selbst verpetzen lassen, Menschen in Seenot retten. Zwei Anwältinnen, die Recht(sbruch) studiert haben, teilen mit euch ihre Erfahrungen aus juristischer out of Action preparation, Whistleblowing-Schutz und Anti-Repressions-Arbeit. Was immer du recherchieren möchtest, welche Missstände du aufdecken möchtest, wir zeigen wie es geht. Wir spielen mit euch eine fiktive Aktion durch: Von der Planung über die Durchführung bis zur Sicherung der Erkenntnise und Vorbereitung auf Ermittlungsmaßnahmen. Bonusmaterial - Plan B: Was tun, wenn was schief geht? Neuorientierung when shit hits the fan oder wie mensch sich Repressionen und Kriminalisierung zu nutze machen kann. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/S3WJCS/ Saal 1 Vivian Kube Vera Magali Keller PUBLISH MWGDZZ@@cfp.cccv.de -MWGDZZ Digitalisierung mit der Brechstange de de 20241228T120000 20241228T124000 0.04000

Digitalisierung mit der Brechstange

Menschen, die noch immer nicht online sind, sind älter, arm, häufig weiblich, manchmal behindert, sind keine Akademiker*innen oder arbeiten in Jobs, bei denen sie nicht vor Computern sitzen. Aber auch durchaus IT-affine Menschen geraten mal ins Straucheln, wenn der Akku vom Gerät mit dem digitalen Ticket nicht mehr mitmacht oder das Funkloch verhindert, dass die digitale Bahncard aktualisiert werden kann, wenn die Kontrolle kommt. Statt dafür zu sorgen, dass die nötige Infrastruktur läuft und alle die Unterstützung bekommen, die sie brauchen, um die immer anders aussehenden digitalen Behördengänge erledigen zu können, setzt die Bundesregierung auf Zuckerbrot und Peitsche. Es gab Geschenke wie den Kulturpass für 18-Jährige oder eine 200-Euro-Einmalzahlung für Studierende, aber die gab es nur für die, die sie online beantragten. Es wird akzeptiert, dass Post- und Bankfilialen durch Online-Angebote ersetzt werden. Alle, die damit nicht klarkommen, werden höchstens belächelt. Aber das betrifft nicht wenige Menschen, die angesichts dieser Digitalisierung mit der Brechstange im Regen stehen. Sie sind oft so schon auf die eine oder andere Weise benachteiligt und nun durch rein digitale Angebote noch weiter abgehängt. Im Idealfall sollte Digitalisierung das Leben vereinfachen. Tatsächlich trägt diese Digitalisierung zu noch mehr gesellschaftlicher Spaltung bei. Dieser Talk beleuchtet, wen das betrifft und warum, und zeigt Beispiele für Dienstleistungen und Angebote, die nur online zu haben sind – und für die, die keine Skrupel haben angesichts der häufig wenig vertrauenserweckenden Umsetzung. Schließlich wird es auch darum gehen, was nötig wäre, um diese Situation zu ändern. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/MWGDZZ/ Saal 1 Anne Roth PUBLISH SSEEUQ@@cfp.cccv.de -SSEEUQ Erpressung aus dem Internet - auf den Spuren der Cybermafia de de 20241228T125500 20241228T133500 0.04000

Erpressung aus dem Internet - auf den Spuren der Cybermafia

Aus Scham wollte er eigentlich gar nicht darüber sprechen. Sebastian (26 Jahre) flirtet mit einer Unbekannten aus dem Internet, sie schickt ihm Nacktfotos, fragt, ob auch er sich vor der Kamera für sie auszieht. Er fühlt sich geschmeichelt, sie verabreden sich zum Videocall, er masturbiert vor laufender Kamera. Davon werden Screenshots erstellt und eine Männerstimme fordert ihn auf 2.000 Dollar zu bezahlen, sonst würden die Bilder an all seine Instagram Freunde gehen. „Ich habe zu leichtsinnig im Internet vertraut“, sagt er rückblickend. Für viele Betroffene folgen neben der Scham und dem finanziellen Verlust Angstzuständen und Depressionen, immer gepaart mit dem Gefühl großer Hilflosigkeit, weil sich die Spuren im Netz verlieren. Ausgehend von den Opfern folgen wir den Spuren von Onlineverbrechern, bei denen vor allem (junge) Männer ausgenommen werden. Es gelingt uns Kontakt aufzubauen, zu einem der selbst Täter war. „Neo“ nennt er sich: Der junge Chinese war auf ein verlockend klingendes Jobangebot als englisch Übersetzer eingegangen, wurde gekidnapped und in eine sogenannte Betrugsfabrik verschleppt. Er berichtet und belegt mit Fotos sowie zahlreichen Unterlagen, wie in Myanmar entlang der Grenze von Thailand hunderttausende Menschen gefangen gehalten und ausgebeutet werden. Der junge Chinese erzählt von Folter und davon, wie sie dort hunderte Menschen im Internet und am Telefon pro Tag abzocken mussten. „Wer nicht gehorchte, bekam Schläge“, sagt er. NGOs und andere Überlebende berichten von Elektroschocks und einem ausgeklügelten System von Menschenhandel und Ausbeutung. Interpol spricht inzwischen von einer aufsteigenden Industrie, die in der gesamten Region Südostasien an Umsatz inzwischen den Drogenhandel abgelöst hat. Rasante technische Entwicklungen, wie Übersetzungsprogramme, Bots und mit KI generierte Fotos und Videos sorgen dafür, dass sich der Betrug immer weiter globalisiert und nach Deutschland strahlt. "Neo" gelingt es schließlich zu fliehen und hunderte interne Dokumente und Fotos aus der "Betrugsfabrik" heraus zu schmuggeln. Der Talk gibt einen Einblick in diese verborgene Welt. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/SSEEUQ/ Saal 1 Svea Eckert Ciljeta Bajrami PUBLISH MUZZ7C@@cfp.cccv.de -MUZZ7C Wann klappt der Anschluss, wann nicht und wie sagt man Chaos vorher? de de 20241228T135000 20241228T143000 0.04000

Wann klappt der Anschluss, wann nicht und wie sagt man Chaos vorher?

Um allen Bahnfahrenden zu helfen, wollen wir auf Basis eines Kriesel-Artigen Datensatz vorhersagen, welche Anschlusszug verpasst wird und welcher nicht. Dafür schauen wir uns die Verspätungsdaten ganz genau an, um prädiktive Faktoren für Verspätungsvorhersagen zu finden. Wir schauen uns ein paar Techniken für kategorische Datentypen an, bauen ein Machine-Learning-Modell und werden dann nachweisen, ob dieses etwas taugt. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/MUZZ7C/ Saal 1 Theo Döllmann PUBLISH QS9AXX@@cfp.cccv.de -QS9AXX Fearsome File Formats en en 20241228T144500 20241228T154500 1.00000

Fearsome File Formats

With so many open-source parsers being tested and fuzzed, and widely available specs, what could go wrong with file formats nowadays ? Nothing to fear, right? Let's explore even darker corners of their landscape! Even extreme simplicity can misleadingly lead to unexpected challenges. And at the other end of the spectrum, new complex constructs appeared over the years: near-polyglots, timecryption, hashquines … Even AI is an element of the game now. Let's play FileCraft, and enjoy the ride! PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/QS9AXX/ Saal 1 Ange Albertini PUBLISH LE7FJL@@cfp.cccv.de -LE7FJL Der CCC-Jahresrückblick de de 20241228T160000 20241228T180000 2.00000

Der CCC-Jahresrückblick

Von der Ampel über den epa bis zur Chatkontrolle, welche Themen haben den CCC in 2024 auf Trab gehalten? PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/LE7FJL/ Saal 1 erdgeist Matthias Marx khaleesi Linus Neumann Constanze Kurz PUBLISH DSQ9FN@@cfp.cccv.de -DSQ9FN Hacking yourself a satellite - recovering BEESAT-1 en en 20241228T191500 20241228T201500 1.00000

Hacking yourself a satellite - recovering BEESAT-1

In 2009, BEESAT-1 was launched into low earth orbit as the first 1U CubeSat of Technische Universität Berlin. In 2011, the satellite started returning invalid telemetry data. After a short amount of time spent diagnosing the issue, operators switched to the redundant on-board computer, which initially resolved the issue. However in 2013 the issue reoccurred on the second computer. With no other on-board computer available to switch to, operations largely ceased besides occasional checks every few years to see whether the satellite was still responding to commands at all. A recovery of BEESAT-1 back into an operational state was made particularly attractive considering that due to its higher orbit, it is currently estimated to remain in space for another 20 years or more, while many of the other spacecraft of the BEESAT series have since burned up in the atmosphere. Additionally, the spacecraft is equipped with a number of sensors and actuators which were not fully utilized during the primary mission and could be used in an extended mission. However, to fully utilize all the available hardware on the spacecraft, a software update is required. Unfortunately, the software update functionality was not completed at the time of launch and as a consequence is in a nonfunctional state. An alternate solution must be devised. Following an extensive effort that diagnosed the telemetry problem, developed a solution that would remedy both the telemetry problem and allow the upload of new flight software, and implemented this solution on the actual spacecraft in orbit, the satellite was finally recovered into an operational state with the ability to perform a software update in September 2024. This talk will cover the recovery process from beginning to end, including: - A crash course in spacecraft operations, including - a brief overview of the typical subsystems of satellites and BEESAT-1 in particular - the practicalities of operating a small satellite like BEESAT-1 in a sun-synchronous low earth orbit - Diagnosing the loss of telemetry without access to said telemetry - Engineering a solution to the diagnosed issue, including: - figuring out how to upload new software without a feature intended for that task - establishing a development and testing setup for flight software development years after the original setup was dismantled - developing a patch to enable returning the satellite to an operational state and establish the ability to upload new flight software, while under the constraints posed by the lack of a proper upload method and without compromising the safety of the spacecraft - Implementing this solution on the actual spacecraft in space - A brief look at the current state of the spacecraft and remaining future tasks Along the way, some of the fun and unexpected moments experienced while working with the 15 year old software and hardware will be shared. The talk is likely to be a mix of technical and non-technical. I hope to provide enough context so that you can follow without a background in space systems or computer security. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/DSQ9FN/ Saal 1 PistonMiner PUBLISH VPZWZK@@cfp.cccv.de -VPZWZK Fake-Shops von der Stange: BogusBazaar de de 20241228T203000 20241228T213000 1.00000

Fake-Shops von der Stange: BogusBazaar

In den vergangenen drei Jahren hat allein diese eine kriminelle Organisation, die wir BogusBazaar nennen, auf mehr als 75.000 Domains gefälschte Markenshops aufgesetzt und damit eine Million Bestellungen mit einem Auftragsvolumen von mehr als 50 Millionen USD abgewickelt. Ein ausgeklügeltes und über die Jahre gewachsenes Setup ermöglicht einen reibungslosen Prozess vom Kopieren der originalen Markenläden, über das Aufsetzen gefälschter Webshops und dem Konfigurieren der Produkte, bis hin zum Orchestrieren der Zahlungsinfrastruktur. Wir hatten einen einmaligen Einblick in dieses Setup und in die Arbeitsweise dieser Bande. Neben Kundendaten und Quellcode konnten wir auch Verträge und Dokumentation studieren und mit den Opfern über ihre Erfahrungen sprechen. In diesem Talk berichten wir über die Hintergründe unserer Recherche. [Die Zeit](https://www.zeit.de/2024/21/gefaelschte-online-shops-fake-shops-betrug-china), [The Guardian](https://www.theguardian.com/money/article/2024/may/08/chinese-network-behind-one-of-worlds-largest-online-scams) und [Le Monde](https://www.lemonde.fr/en/pixels/article/2024/05/08/online-scams-behind-the-scenes-of-the-world-s-largest-network-of-fake-online-retailers_6670775_13.html) berichteten. Der Vortrag ist ein Spin-Off aus der Reihe „[Hirne Hacken](https://media.ccc.de/v/36c3-11175-hirne_hacken)" (36C3), „[Hirne Hacken - Hackback Edition](https://media.ccc.de/v/37c3-12134-hirne_hacken_hackback_edition)“ (37C3) und „[Disclosure, Hack und Back](https://media.ccc.de/v/camp2023-57272-disclosure_hack_and_back)“ (Chaos Communication Camp '23) und will Einblicke in das Handeln von Kriminellen geben, die auch weiterhin aktiv sind. Damit Ihr nicht auf sie hereinfallt. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/VPZWZK/ Saal 1 Matthias Marx Kai Biermann PUBLISH HSNZGR@@cfp.cccv.de -HSNZGR BlinkenCity: Radio-Controlling Street Lamps and Power Plants en en 20241228T214500 20241228T224500 1.00000

BlinkenCity: Radio-Controlling Street Lamps and Power Plants

With three broadcasting towers and over 1.3 million receivers, the radio ripple control system by *EFR (Europäische Funk-Rundsteuerung) GmbH* is responsible for controlling various types of loads (street lamps, heating systems, wall boxes, …) as well as multiple gigawatts of renewable power generation (solar, wind, biogas, …) in Germany, Austria, Czechia, Hungary and Slovakia. The used radio protocols Versacom and Semagyr, which carry time and control signals, are partially proprietary but completely unencrypted and unauthenticated, leaving the door open for abuse. This talk will cover: - An introduction to radio ripple control - Detailed analysis of transmitted radio messages, protocols, addressing schemes, and their inherent weaknesses - Hardware hacking and reversing - Implementation of sending devices and attack PoCs - (Live) demonstrations of attacks - Evaluation of the abuse potential - The way forward PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/HSNZGR/ Saal 1 Fabian Bräunlein Luca Melette PUBLISH TJ8QVD@@cfp.cccv.de -TJ8QVD Wie fliegt man eigentlich Flugzeuge? de de 20241228T230000 20241228T234000 0.04000

Wie fliegt man eigentlich Flugzeuge?

Flugzeuge können fliegen, das muss man nicht mehr erklären. Aber hat ein Flugzeug wirklich einen Schlüssel wie ein Auto? Kann ich einfach einsteigen und losfliegen? Die Antwort lautet: Es kommt darauf an. Fliegen ist ein komplexes Zusammenspiel von Technik, Physik, Menschen und Prozessen. Und je nachdem, wie und was man fliegt, was hat ein A380 mit einer Cessna 152 gemeinsam? Wir nehmen euch mit auf einen fiktiven Flug von Frankfurt nach Mumbai und zurück und erklären euch, was alles im Hintergrund passiert und wovon ihr nichts mitbekommt. Es erwartet euch eine Mischung aus Vortrag, lustigen Geschichten und auch Yak-Shaving, damit wir gemeinsam verstehen, was da eigentlich genau passiert. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/TJ8QVD/ Saal 1 Christian Lölkes kleinsophie PUBLISH LUW3YS@@cfp.cccv.de -LUW3YS KI-Karma next Level: Spiritueller IT-Vertrieb de de 20241228T235500 20241229T003500 0.04000

KI-Karma next Level: Spiritueller IT-Vertrieb

Haben Sie schon einmal einer Messe evangelikaler fundamentalistischer Splittergruppen beigewohnt und sich gefragt, wie sie Menschen dazu bringen könnten in Code zu reden wenn sie Änderungswünsche äußern, statt in Zungen? Wäre es nicht ein echter game-changer, wenn Wunderheilungen auch im Außendienst einsetzbar wären? Sind Sie neidisch, weil jeder gewöhnliche Doomsday-Kult trotz falscher Prophezeiungen seine Kundenbindung stabil hält, während Sie für alles mögliche haftbar gemacht werden? Haben Sie manchmal das Gefühl, ihr Team schwingt nicht auf derselben feinstofflichen Ebene wie Sie? **** Dann sind SIE hier genau RICHTIG!1 *** Im Rahmen des 42-Stufen-Programms für feinstoffliche IT tauchen wir diesmal in den Code von Gruppendynamiken ein. In diesem Kompaktseminar lernen Sie zentrale Erfolgsstrategien bekannter Leader der bekanntesten Spiritualitäts-Startups der letzten Jahrzehnte kennen. Erweitern Sie ihre Wissens-Meridiane und werden Sie Teil einer schwingenden Gemeinschaft, die sich mit dem feinstofflichen Wissen inspirierender Datenbanken vernetzt. Die Chakra-Bausteine des Kurses sind wie folgt: * Software Wunderheilung * Energetisches Community-Building * Code-Channeling * Cyber-Marketing Anhand von Praxisbeispielen aus den Branchen IT und Spiritualität erarbeiten wir ein Erfolgskonzept, das Sie im Handumdrehen zum erfolgreichen erwachten Entrepreneur machen kann. Hinweis: Dieser Kurs ist der zweite Teil eines 42-Stufenprogramms, kann aber auch ohne Vorwissen von Einsteigern gebucht werden. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/LUW3YS/ Saal 1 Katharina Nocun PUBLISH 9QB89V@@cfp.cccv.de -9QB89V 0, 1 oder 2 - Hackerei und Cyberbrei de de 20241229T005500 20241229T022500 1.03000

0, 1 oder 2 - Hackerei und Cyberbrei

Auf einzigartige Weise wird Wissensvermittlung mit Bewegung verknüpft und bietet Nerds anspruchsvolle Unterhaltung. Das Beste aus Besserwisserei und Tele-Aerobic. Drei Teams aus dem Publikum treten gegeneinander an. Die Kandidat:innen müssen Fragen rund um IT-Sicherheit, CCC, Netzpolitik, Hacking-Kultur, Raketenwissenschaft oder Frickeln beantworten und damit ihr Wissen unter Beweis stellen. Für jedes Thema gibt es Spezial-Expert:innen auf der Couch sowie Show- und Musikeinlagen. Dem besten Team winkt der begehrte "0, 1 oder 2"-Überraschungspreis. Die Rate-Show wird von Erisvision in Koproduktion mit C3VOC, CCH und Gefahrengebiet TV Productions präsentiert. PUBLIC CONFIRMED Game show https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/9QB89V/ Saal 1 Erisvision PUBLISH XR9FGQ@@cfp.cccv.de -XR9FGQ Role Play as Resistance: Challenging Securitization Through Activism in a place in EastAfrica en en 20241228T110000 20241228T114000 0.04000

Role Play as Resistance: Challenging Securitization Through Activism in a place in EastAfrica

How I see securitization in my reality: The authorities check on the social media pages where there is any sort of advocating for LGBTQIA+ rights. Digital activism has declined. Even the positive and peaceful social media campaigns that offer a counter narrative and talk about diversity/inclusion are met with harassment or legal action against those involved. When I train these communities, they express fears about being outed on a dating app or in the media because it has already happened several times. This violates their right to privacy and puts them at a higher risk of online and physical attacks, it can affect their work situation, community and even family members. Vital information about sexual and reproductive health and rights and much of the information regarding queer health resources is blocked or censored because it is seen as harmful or dangerous for the community. So basically in some cases people have to rely on uninformed sources to get their sexual education and this can have disastrous effects How I have witnessed a proactive stance: -Developing materials that help activists remain motivated and focused on the goals Case study Feminist Principles of the Internet -Creating free and open learning methodologies about online privacy rights and responsibilities. Case Study Safe Sisters -Building strategic alliance with partners to continue to challenge the right and securitization discourse and raise a struggle against authoritarianism: Case study A coalition to end online violence and promote digital rights and inclusion PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/XR9FGQ/ Saal ZIGZAG Wawan PUBLISH MGSXPN@@cfp.cccv.de -MGSXPN Gemeinwohlorientierte Forschung mit KI: Missbrauch eindämmen durch Zweckbindung für KI-Modelle de de 20241228T120000 20241228T124000 0.04000

Gemeinwohlorientierte Forschung mit KI: Missbrauch eindämmen durch Zweckbindung für KI-Modelle

Skandale wie die Weitergabe von Forschungsdaten der UK Biobank an Versicherungsunternehmen zeigen ein typisches, aber oft übersehenes Risiko im Zusammenhang mit KI: Modelle und Trainingsdaten, die eigentlich dem Gemeinwohl dienen sollten, werden im Schatten der öffentlichen Aufmerksamkeit, jedoch ohne geltendes Recht zu verletzen, für diskriminierende, manipulative und profitorientierte Zwecke zweitverwendet. Wer etwa in der medizinischen Forschung ein Modell zur Erkennung von psychischen Krankheiten anhand von Audiodaten (Stimmaufzeichnung) baut, kann dieses Modell auch außerhalb des medizinischen Kontexts auf beliebige Individuen anwenden – und zum Beispiel bei Video-Bewerbungsgesprächen ein automatisiertes Risiko Scoring damit machen (unsere Beispiele zeigen, dass daran gerade großes Interesse besteht). Der Besitz trainierter KI-Modelle stellt eine enorme Konzentration von Informationsmacht dar – und mit dieser Macht geht ein Missbrauchspotenzial einher, wenn die Tools z.B. in einen kommerziellen Kontext übertragen werden. Zum Schutz unserer Gesellschaft vor Missbrauch KI-basierter Forschung müssen wir deshalb die Zirkulation trainierter KI-Modelle und anonymisierter Trainingsdaten unter demokratische Kontrolle stellen. Wir brauchen ein Regulierungskonzept, das offene Forschungszwecke ermöglicht und gleichzeitig kommerziellen Missbrauch verhindert. Modelle mit allgemeinem Verwendungszweck wie sie die KI-VO legitimiert, sollte es nicht geben. Als Lösung holen wir das alte, bei der Industrie verhasste und in der Politik fast schon vergessene Datenschutzprinzip der Zweckbindung aus der Mottenkiste und aktualisieren es für die Kontrolle von KI. Unser Regulierungsvorschlag einer "Zweckbindung für KI-Modelle" beruht auf unserer mehrjährigen interdisziplinären Forschung zwischen Ethik, Rechtswissenschaft und Informatik. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/MGSXPN/ Saal ZIGZAG Rainer Mühlhoff Hannah Ruschemeier PUBLISH YWU87Y@@cfp.cccv.de -YWU87Y A policy black hole. How Europol and Frontex anticipated their high tech future and why this matters to you. en en 20241228T125500 20241228T133500 0.04000

A policy black hole. How Europol and Frontex anticipated their high tech future and why this matters to you.

Four years ago, a rather small group of complicated individuals set to explore why Europol was so interested in gathering and keeping the data of people even if they were not directly linked with criminal investigations. And why it was prepared to go to war with the EU's data protection watchdog over the issue. They wanted to keep everything and for as long as they could. The only problem was that at the time this was not exactly legal. Politicians would fix that afterwards but questions about the priorities of the agency had emerged and would stay. This is how an investigation into the EU's law enforcement agencies (Europol/Frontex) kick started, trying to understand what the agenda of the institutions in question was and how it shaped their approach to novel technologies introduced into the work of policing. Many complicated things happened since then which brought the spotlight over the effort of the EU border agency to introduce an indiscriminate data retention system for migrants while circumventing basic data protection safeguards, and then also over the formation of an alliance supporting the Commission's CSAM regulation and lately towards the experimentation of Europol with automated aspects of police work. What was common over all these cases was the opacity that clothed developments which made impossible to see the shape of things to come. The presentation will explain how the investigation has unfolded, the challenges it was met with when attempting to access information, the push-back and impact caused by publications and what are the lessons learned from the experience of attempting to analyse and journalistically scrutinize some of the EU's most introvert institutions. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/YWU87Y/ Saal ZIGZAG Apostolis Fotiadis PUBLISH WFHKTR@@cfp.cccv.de -WFHKTR Pirouette Machines. Fluid Components en en 20241228T135000 20241228T143000 0.04000

Pirouette Machines. Fluid Components

Pirouette Machines. Fluid Components embarks on an intimate visual essay on an alternative history of computer hardware in which minerals, cosmetics and fluids mingle in tactile experiments. A lipstick converted into a strident sound generator resonates through toxic entanglements with one of its main historical ingredients: lead. Following a radioactive decay chain, lead ore or galena is found on our lips and in our early 20th-century technologies such as crystal radio demodulation frenzy. This talk draws parallels between different types of hardware materialities and personal stories surrounding computing components in their use. Starting with the beauty industry, the talk serpents amongst toxic concoctions filled with heavy metals oscillating to become predecessors to the first transistors and their alternative fluidic siblings that use air and water instead of electricity. Fluidics is a technology lost in history. To operate, it requires only simple fluid matter guided by natural phenomena. Much like its mineral counterpart: electronics, fluidics builds circuits for computing. This talk concludes by following the seductive forms that fluidic circuits assume, forms, that can reimagine the morphologies of our current electronic machines. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/WFHKTR/ Saal ZIGZAG Ioana Vreme Moser PUBLISH LR3GTU@@cfp.cccv.de -LR3GTU State of Surveillance: A year of digital threats to civil society en en 20241228T144500 20241228T154500 1.00000

State of Surveillance: A year of digital threats to civil society

Drawing on research by Amnesty International and partners over the past year, we will examine how the digital threats facing activists and journalists continue to evolve and adapt. Progress has been made in reigning in abuses from highly invasive spyware, with vendors going out of business and others being hit by lawsuits and sanctions. The technical arms race between defenders and the exploit industry also shows signs for cautious optimism. However notorious spyware companies, occasionally with active government protection, continue taking steps to block much needed accountability efforts. Amnesty International will also the findings of a brand new investigation into the misuse of surveillance technology. The work for civil society to defend against these threats remains challenging. Surveillance vendors continue to deploy increasing murky webs of brokers and complex corporate structures to hide their activities, although we will show tactics that can be used to map these. The emerging surveillance threats at the intersection of mass surveillance, ad tech, and artificial intelligence are becoming all too real, and surveillance tactics continues to unequally and dangerously impact already marginalized people including woman and LGBTQI activists. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/LR3GTU/ Saal ZIGZAG Jurre van Bergen PUBLISH 3TSPQW@@cfp.cccv.de -3TSPQW Self Models of Loving Grace en en 20241228T160000 20241228T170000 1.00000

Self Models of Loving Grace

When we recognize the paradigm of Artificial Intelligence as a philosophical and scientific framework for understanding the nature of minds like ours, we may begin with an essential question: What does it mean for a machine to feel? How do emotions arise at the intersection between a self and its world—or more precisely, within an a reflexive self model, in response to being dynamically reconfigured by a motivational system, in response to shifts in its alignment to a model of its environment, all within the same mind? This inquiry takes us to the core of our own psychological architecture. Who are we when our self-perception alters? What does it mean to depersonalize, to dissolve the boundaries of the self? Can we reverse engineer, debug and reconstruct our identities to become who we want to be? Is there free will? Is it possible to recreate self and sentience in nonbiological substrates? Can AI be conscious? Could we perhaps even extend our own self to non biological substrates? This presentation is part of the philosophical series “From Computation to Consciousness,” which draws on insights from AI and cognitive science to explore the nature of intelligence, consciousness, and their realization in the physical universe. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/3TSPQW/ Saal ZIGZAG Joscha Bach PUBLISH Z7TFKB@@cfp.cccv.de -Z7TFKB arafed futures - An Artist Dialogue on Chip Storage and AI Accelerationism en en 20241228T171500 20241228T181500 1.00000

arafed futures - An Artist Dialogue on Chip Storage and AI Accelerationism

The accelerating pace of generative AI has put a strain on the interconnected software and hardware systems necessary for generative AI. The artist duo explores the media specificity of generative artificial intelligence. The talk consists of two parts: The material aspects of AI, specifically the story of semiconductor and chip shortage. And the spread of hallucinations like terms that escaped their embedding space into language. The working of LLMs is often limited by computational power. These obstacles tethered abstract computation to the physical world, exposing how materiality plays a critical role in the implementation of AI. The investigation begins by examining the causes of the chip shortage — a disruption that brought the semiconductor industry and its surrounding geopolitical tensions into discourse. On the hardware level, NVIDIA’s A100 chips, produced using Taiwan’s TSMC 7nm process, exemplify this intersection, providing the power to expand large language models (LLMs) and image generators. On the software level, the increasing demand for ai-as-service accelerates the use of models with complex pipelines. This interconnected use of models, in turn, leads to the emergence of unexpected artifacts that are morphing back into everyday reality. While browsing AI-generated images on social media, one might come across the word "arafed" in image descriptions, such as, "an arafed man in a white robe riding on top of a blue car.". Yet, a dictionary definition is nowhere to be found. An image search for "arafed" reveals something striking: all resulting images appear AI-generated, spread across various image-sharing and stock photography platforms. The term "arafed" seems to lack a clear origin, but a few posts attribute it to the BLIP-2 model, an image-captioning system that generates descriptive text from image inputs. However, the BLIP-2 paper doesn't mention "arafed" but running BLIP-2 clearly produces descriptions containing this artifact-like word, as if "arafed" has embedded itself in the model's vocabulary. Through the widespread and often unintentional use of BLIP-2 in libraries, extensions, and services, the interconnected nature of software has spread the word into research papers, Amazon descriptions, and even other datasets, further revealing the brittle infrastructure generative-ai systems are built upon. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/Z7TFKB/ Saal ZIGZAG Ting-Chun Liu Leon-Etienne Kühr PUBLISH ADE7AG@@cfp.cccv.de -ADE7AG The master key en en 20241228T191500 20241228T201500 1.00000

The master key

This is the story of the HDCP master key. How in 2010 we derived it from various public sources and from a bunch of cheapish hardware (and how we made money in the process!), and then published it on pastebin. After that it was just wait-and-see what Intel and the rest of the world would do. With the master key anyone can make source and sink keys that interoperate with any HDCP device. Oh, and how I learnt how to spell "forty". HDCP MASTER KEY (MIRROR THIS TEXT!) This is a forty times forty element matrix of fifty-six bit hexadecimal numbers. To generate a source key, take a forty-bit number that (in binary) consists of twenty ones and twenty zeroes; this is the source KSV. Add together those twenty rows of the matrix that correspond to the ones in the KSV (with the lowest bit in the KSV corresponding to the first row), taking all elements modulo two to the power of fifty-six; this is the source private key. To generate a sink key, do the same, but with the transposed matrix. 6692d179032205 b4116a96425a7f ecc2ef51af1740 959d3b6d07bce4 fa9f2af29814d9 82592e77a204a8 146a6970e3c4a1 f43a81dc36eff7 568b44f60c79f5 bb606d7fe87dd6 1b91b9b73c68f9 f31c6aeef81de6 9a9cc14469a037 a480bc978970a6 997f729d0a1a39 b3b9accda43860 f9d45a5bf64a1d 180a1013ba5023 42b73df2d33112 851f2c4d21b05e 2901308bbd685c 9fde452d3328f5 4cc518f97414a8 8fca1f7e2a0a14 dc8bdbb12e2378 672f11cedf36c5 f45a2a00da1c1d 5a3e82c124129a 084a707eadd972 cb45c81b64808d 07ebd2779e3e71 9663e2beeee6e5 25078568d83de8 28027d5c0c4e65 ec3f0fc32c7e63 1d6b501ae0f003 f5a8fcecb28092 854349337aa99e 9c669367e08bf1 d9c23474e09f70 (and 39 more lines like that). PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/ADE7AG/ Saal ZIGZAG segher Wanda PUBLISH WQ9SLQ@@cfp.cccv.de -WQ9SLQ Guardians of the Onion: Ensuring the Health and Resilience of the Tor Network en en 20241228T203000 20241228T213000 1.00000

Guardians of the Onion: Ensuring the Health and Resilience of the Tor Network

This talk is designed to give an overview of Tor's 'new and not-so-new' network health initiatives in response to some of the pressing questions that emerged from the recent reporting about Tor in Germany. After a brief introduction to "Tor," we will primarily focus on issues relating to the Tor network and its community, underscoring the critical importance of distributed trust, transparency, and engagement in maintaining a robust and healthy ecosystem. We will provide a short overview of the fundamental components of the Tor network, detailing the different types of relays that constitute its infrastructure and the role these can have through their lifetime. We will emphasize that the network operates independently of the Tor Project, sustained by a decentralized, global community of contributors. By analyzing network metrics—such as relay distribution across countries and Autonomous Systems (AS)—we will highlight the current state of the network and identify opportunities for increasing geographic and technical diversity. This is followed by an introduction to the concept of network health. We will define the term, assess the current condition of the Tor network, and showcase the different modes of participation. We will primarily consider this through the lens of an 'alleged' over-reliance on relay concentration in specific regions, such as Europe and the United States. These insights will inform a discussion on how a more geographically distributed network could improve resilience, enhance security, and increase overall functionality. The talk will also address the primary challenges facing the Tor network: Sustainability remains a central concern, particularly with regard to maintaining a stable, secure, and decentralized network over time. Additionally, ensuring trust within the community is essential, especially in the face of potential misuse by malicious actors. We will explore the need for incentive structures that encourage the operation of relays while preserving the network’s independence and autonomy. We will review and debate initiatives the Tor Project has proposed to support a decentralized network without imposing centralized control. In response to these challenges, we will propose several potential solutions. Expanding outreach efforts to regions outside the Global North could promote greater diversity in the relay community, thereby strengthening the network’s ability to resist censorship and external threats. We will also examine existing incentive frameworks that support relay operators. Furthermore, we will discuss the success of Snowflake proxies—widely adopted in regions with restrictive internet environments—and how it demonstrates how lowering the barrier to entry for running nodes can encourage broader participation from the community. Finally, we will outline our strategy for ensuring the long-term health of the Tor network, focusing on governance, community engagement, and sustaining the network’s decentralized nature. We will conclude with a call to action, inviting participants to contribute to the continued sustainability and development of the Tor network. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/WQ9SLQ/ Saal ZIGZAG Hiro Gus PUBLISH VL9VZ9@@cfp.cccv.de -VL9VZ9 Feelings of Structure in Life, Art, and Neural Nets en en 20241228T214500 20241228T224500 1.00000

Feelings of Structure in Life, Art, and Neural Nets

'Poetry' as the name of a special human relation to the world -- some special kind of knowing, grasping, challenging or asking we effect through art -- came into focus in 18th century Europe alongside the first blushings of a theory of computation and a computational analysis of mind. This talk proposes that for all of their outward hostilities, the Romantic-and-on idea of poetry and computational approaches to thought, language, and meaning are deeply connected: starting from Kant's doctrine of the productive imagination, we will develop one historical thread that runs to the Romantic poets, Phenomenology, and literary theory, and one historical thread that runs to information theory, machine learning, and the science of neural network models. Comparing the two threads, I'll argue that poetics and the science of neural network models have genuinely (if partially) overlapping subject-matter. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/VL9VZ9/ Saal ZIGZAG Peli Grietzer PUBLISH ETSHKS@@cfp.cccv.de -ETSHKS Projekt Bucketchallenge de de 20241228T230000 20241228T234000 0.04000

Projekt Bucketchallenge

Amazon S3 erlaubt es große Datenmengen für kleines Geld in der Cloud abzulegen. Mit dabei: Die technisch langweiligste Fehlkonfiguration gigantisch skaliert. Frei zugängliche S3-Buckets mit privaten Daten haben in den letzten Jahren häufig für Schlagzeilen gesorgt. Beispiele aus diesem Jahr sind Multifaktor-SMS oder Dokumente von Finanzdienstleistern. Wir haben uns auf den Weg gemacht um die Situation zu verstehen und zu verbessern. Dazu erklären wir, welche einzigartigen Eigenschaften wir von AWS ausgenutzt haben, um etwa 100 000 offene Buckets zu finden. Mit dabei: medizinische Daten, personenbezogene Daten, Kreditkartendaten, und und und. Wir erklären Ansätze, wie wir anhand von Dateinamen eine Idee bekommen, welche Buckets wir uns ansehen und melden sollten und welche uns nicht interessieren. Der Versuch die Situation zu verbessern lässt uns mit einer großen Enttäuschung zurück: Verantwortliche Nutzer der Cloud-Services sind nur mühsam zu ermitteln, und die Cloud-Betreiber sind leider auch keine signifikante Hilfe. Einzig die DSGVO scheint den Verantwortlichen ein kleiner Ansporn. Wir stellen dar, was unserer Erfahrung nach hilft Bucket offline zu bekommen, und wann es so gut wie aussichtslos ist. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/ETSHKS/ Saal ZIGZAG Kaspar PUBLISH DTH9RS@@cfp.cccv.de -DTH9RS Escaping Big Brother (or Your Ex) - counter surveillance for women's shelters en en 20241228T235500 20241229T003500 0.04000

Escaping Big Brother (or Your Ex) - counter surveillance for women's shelters

Digital violence, or gender-based violence using digital means, is expressed in control and abuse. Control of finance, social life, the children, the photos, the conversation, relationships, life. Emotional, sexual, financial, psychological abuse - online. Mark Zuckerberg is not the first stalker to creep the Earth but probably the first to become a billionaire scaling his methods and monetizing his crimes. Sharing war stories of practical feminist threat intel with literally lifesaving tech, Elin has advised women's shelters how to protect their clients and Escape Big Brother in Sweden for the past couple of years. This includes perverse exploits, institutional failures, psyops, and how any and everything can be used against you - if the threat actor is persistent enough. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/DTH9RS/ Saal ZIGZAG erlern PUBLISH 8Q9JXV@@cfp.cccv.de -8Q9JXV Kein Spaß am Gerät auf einem toten Planeten! de de 20241229T005500 20241229T013500 0.04000

Kein Spaß am Gerät auf einem toten Planeten!

In diesem Vortrag präsentieren Anja und Rainer von Bits&Bäume einen kleinen Jahresrückblick, stellen die spannenden neuen Ideen für sozial-ökologische Digitalpolitik vor, blicken kritisch auf die Ampel und präsentieren Bits-&-Bäume-Forderungen an die nächste Bundesregierung. Zum Abschluss ist Esther Mwema aus Zambia zugeschaltet und wirft einen Blick auf die neokoloniale Macht von BigTech auf dem afrikanischen Kontinent und skizziert neue Ideen von lokalen, demokratisch-selbstbestimmten digitalen Infrastrukturen. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/8Q9JXV/ Saal ZIGZAG Anja Höfner Rainer Rehak PUBLISH H79XHC@@cfp.cccv.de -H79XHC Junghacker:innentag Einführung de de 20241228T100000 20241228T104500 0.04500

Junghacker:innentag Einführung

Weitere Informationen siehe [https://events.ccc.de/2024/11/08/38c3-junghackerinnentag/](https://events.ccc.de/2024/11/08/38c3-junghackerinnentag/) PUBLIC CONFIRMED Ceremony https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/H79XHC/ Saal GLITCH PUBLISH NAGY9B@@cfp.cccv.de -NAGY9B Lightning Talks Day 2 de de 20241228T110000 20241228T130000 2.00000

Lightning Talks Day 2

To get involved and learn more about what is happening please see the Links for this event. The second session will take place in another Hall and is not on the Fahrplan. See the Schedule link. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/NAGY9B/ Saal GLITCH PUBLISH CUFLJP@@cfp.cccv.de -CUFLJP From Pegasus to Predator - The evolution of Commercial Spyware on iOS en en 20241228T133000 20241228T143000 1.00000

From Pegasus to Predator - The evolution of Commercial Spyware on iOS

The commercial spyware landscape on iOS has evolved significantly since the discovery of Pegasus in 2016. In this talk, we’ll explore that evolution through four main areas: 1. Spyware Evolution (2016-2024): By analyzing key exploits, tactics, techniques, and procedures (TTPs), infection vectors, and indicators of compromise (IOCs), we’ll trace how spyware has advanced in sophistication, highlighting changes that have led to today’s complex threats. 2. Advancements in Detection: As spyware has grown more sophisticated, so too have detection capabilities. We’ll review the main actors, public organizations and tools that have shaped spyware detection. This part will also include a case study on my discovery and analysis of a sample NSO‘s BlastPass Exploit chain. 3. Current and Future Challenges: Looking forward, we’ll examine the pressing challenges in spyware detection and speculate on how commercial spyware might evolve in response to new security measures and technologies. 4. Recommendations for Research and Detections: Finally, I’ll offer recommendations for advancing research and detection methods and capabilities to combat commercial spyware. Attendees will gain a comprehensive view of the past, present, and future of spyware on iOS, along with actionable strategies for future research and collaboration. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/CUFLJP/ Saal GLITCH Matthias Frielingsdorf PUBLISH DJR7VP@@cfp.cccv.de -DJR7VP MacOS Location Privacy Red Pill: A Rabbit Hole Resulting in 24 CVEs en en 20241228T144500 20241228T154500 1.00000

MacOS Location Privacy Red Pill: A Rabbit Hole Resulting in 24 CVEs

­­­­­­In this talk, we dive into how attackers could have exploited multiple design flaws, information disclosures and logic vulnerabilities spread all across the macOS stack, leading to all kinds of ways to bypass the macOS TCC Location Services privacy protection and precisely localize the user without consent. We will show how attackers could have retrieved precise real time & historical geographic user locations hiding in various components of the persistence layer, within application state restoration files and error log messages that could be triggered via reliably exploitable HTTP response callback race conditions. Digging deeper, we find that the precise user location can be reconstructed with lossless precision by combining various sources of metadata, which were accessible through different pathways and quirks of the operating system, such as: Access point SSID’s + signal strength data, Apple Maps location query data caches, custom application binary plists and even Find My widget UI structure metadata enabling to precisely reconstruct the victims AirTag locations. These issues have been responsibly reported in the scope of the Apple Security Research program and resulted in 24 CVE entries in Apple’s security advisories for macOS. We will finish of by investigating how we can prevent such issues in the future: Extended automated privacy focused integration testing, shifting responsibility of privacy preservation from developers to the system framework level and a more privacy focused API architecture of localization relevant frameworks. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/DJR7VP/ Saal GLITCH Adam M. PUBLISH UVYCZZ@@cfp.cccv.de -UVYCZZ 10 years of emulating the Nintendo 3DS: A tale of ninjas, lemons, and pandas en en 20241228T160000 20241228T170000 1.00000

10 years of emulating the Nintendo 3DS: A tale of ninjas, lemons, and pandas

The 3DS marks a key point in the evolution of handheld consoles from embedded systems to more powerful PC-like architectures, which makes it particularly interesting as a target for emulation: We'll look at the technical challenges presented by its unique hardware components and the custom microkernel-based software stack built on top of it, the various approaches taken to emulate them (low-level vs. high-level), and the trends we're seeing for the future. These technical challenges are put into historical context by looking at the emulator Citra, its initial way to success, the interplay between emulator developers and console hackers, and the impact of a prominent lawsuit that ultimately led to Citra's shutdown. Additionally we'll highlight broader community efforts like Pretendo that help preserve the platform beyond emulation. Finally we'll provide a status update for our ongoing emulation project Mikage and discuss the future outlook of 3DS preservation. This talk will be accessible to a technical audience and gaming enthusiasts alike. We particularly hope to spark new interest in preserving the 3DS legacy and foster new ideas for pushing the boundaries of emulation technology. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/UVYCZZ/ Saal GLITCH neobrain PUBLISH LNDJX3@@cfp.cccv.de -LNDJX3 io_uring, eBPF, XDP and AF_XDP en en 20241228T171500 20241228T181500 1.00000

io_uring, eBPF, XDP and AF_XDP

For many decades, application software programmers have been using the venerable BSD sockets API to make their applications communicate over (at least IP based) networks. Linux has supported TCP/UDP sockets ever since it had a network stack back in the 1990s. While those socket system call APIs are simple and straight-forward, they were designed at a time when internet access happened over dial-up modems and LANs had no more than 10 MBit/s, if at all. With today's Multi-Gigabit speeds even in consumer equipment and 40GE/100GE network interface cards for servers being a reality, using those 1980s BSD/POSIX socket interfaces comes with a huge performance penalty. Some specific use cases like single-flow high-throughput TCP on an end-node have seen optimizations that are transparent to the user (TCP segmentation offloading). But there's only so far you can go with that. Parts of the industry have proposed user-space network stacks built on DPDK - but then basically you do no longer use the Linux kernel network stack at all, and subsequently have none of its features. Yes, that can be fast, but Linux becomes nothing but a bootloader, and you have to implement everything from Ethernet to ARP and IP+TCP in your application. The answer of the Linux kernel community over the last 5+ years has been various new mechanisms and interfaces in the Linux kernel that revolutionize the way how applications can achieve higher network I/O throughput - whether an end host (server/client) or a packet-forwarding router/bridge/firewall. This talk provides a brief but deeply technical introduction into the problem space, the new mechanisms and their use cases. While the talk discusses features of the Linux kernel, we do not discuss their internals; the focus is on how those mechanisms can be used by applications. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/LNDJX3/ Saal GLITCH Harald Welte PUBLISH XDWNRG@@cfp.cccv.de -XDWNRG Autoritäre Zeitenwende im Zeitraffer de de 20241228T191500 20241228T201500 1.00000

Autoritäre Zeitenwende im Zeitraffer

Was die Ampel-Koalition kurz vor ihrem Ende noch mit dem sogenannten „Sicherheitspaket“ einführte, davon hätte ein CSU-Hardliner wie Horst Seehofer vor einigen Jahren nur träumen können: Geflüchteten die Sozialleistungen streichen, biometrische Datenbanken anlegen, alle möglichen Datentöpfe zusammenrühren und analysieren. Ein Teil des Pakets scheiterte am Bundesrat - aber nur, weil es den meisten Ländern nicht weit genug ging. So etwas galt noch vor wenigen Monaten als tabu. In einer offenen Demokratie, dachte man, wird so etwas nicht kommen. Doch der autoritäre Überbietungswettbewerb im Namen der Sicherheit ist spätestens seit dem Anschlag von Solingen in vollem Gang. Politiker:innen konnten ein mutmaßlich islamistisches Attentat und Migration miteinander verrühren, als gäbe es da einen logischen Zusammenhang. Im Sturm der rassistischen Hetze und Kontroll-Fantasien waren Stimmen für Freiheits- und Menschenrechte kaum mehr zu hören. Jetzt, wo die Bundestagswahl früher kommt als geplant, ist das besonders fatal. Wir zeigen in unserem Vortrag, dass diese autoritäre Wende nicht plötzlich gekommen ist. Die jüngst geplanten Maßnahmen sind der Tiefpunkt einer Entwicklung, die schon seit Jahren von der Ampel vorangetrieben wurde. Und sie sind der Höhepunkt der Desillusionierung mit einer Regierung, die einst als „Fortschrittskoalition“ angetreten ist. Wir zeigen auch, dass es Zeit ist für radikalere Widerworte. Denn wir müssen unsere Freiheit heute dafür nutzen, dass auch morgen noch etwas davon bleibt. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/XDWNRG/ Saal GLITCH anna Chris Köver PUBLISH Q98U7B@@cfp.cccv.de -Q98U7B Vectors, Pixels, Plotters and Public Participation en en 20241228T203000 20241228T213000 1.00000

Vectors, Pixels, Plotters and Public Participation

In his talk, Niklas will highlight some of his latest projects that use DIY machines to involve communities in creating art together. From a graffiti robot to a giant mosaic that was designed by an entire neighborhood with the help of a mobile arcade machine, he’ll share the stories behind his inventions. He will discuss his sources of inspiration, the creative process and thoughts about inclusiveness guiding the development of the machines, and the joy of watching diverse people interact with and contribute to these unconventional art pieces. Join Niklas for an insightful journey into how inventiveness can transform urban environments, while also bringing people together through creativity and play. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/Q98U7B/ Saal GLITCH Niklas Roy a.k.a. royrobotiks PUBLISH 8U8ARN@@cfp.cccv.de -8U8ARN RadioMining - Playlist-Scraping und Analyse de de 20241228T214500 20241228T224500 1.00000

RadioMining - Playlist-Scraping und Analyse

Große Radiosender stellen die von Ihnen gespielten Lieder zum Nachlesen auf ihrer Homepage bereit. Der Hintergrund dafür ist, dass man leicht sein neues Lieblingsstück, welches man auf dem Weg zur Arbeit gehört hat, wiederfinden kann. Bei näherer Betrachtung werfen diese Playlisten etliche Fragestellungen auf. Werden zum Beispiel den ganzen Tag immer wieder dieselben Lieder gespielt? Spielen alle Radiosender die gleichen Stücke? Was ist der zeitliche Mindestabstand eines Musikstücks, bevor es erneut gespielt wird? Und müssen wir Last Christmas auch in Zukunft ertragen? In dem Vortrag wird auch die Beziehung zwischen den "Charts" und den Playlisten der Radiosender geprüft. Dabei hat sich auch gezeigt, dass die Charts selbst ein spannendes Analysefeld sind. In die Chartberechnungen wurden MP3-Downloads und später Streams aufgenommen und haben dadurch altbewährte Konzepte verändert. Neben diesen Fragestellungen werden von Stefan auch technische Dinge beleuchtet. Die Herausforderungen des Scrapings, das Einfügen in eine geeignete Datenbank, die Auswertung selbst (und mit welchen Tools) sowie die Visualisierung von Ergebnissen werden anschaulich präsentiert. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/8U8ARN/ Saal GLITCH Stefan Magerstedt PUBLISH JQS3KA@@cfp.cccv.de -JQS3KA Automation and Empathy: Can We Finally Replace All Artistic Performers with Machines? en en 20241228T230000 20241228T234000 0.04000

Automation and Empathy: Can We Finally Replace All Artistic Performers with Machines?

Algorithms and machines are transforming how artworks are produced - but can they replicate the complex psychosocial capacity of empathy in performative arts like music and theater? Moritz offers an example-based overview of the history of non-human performers in the arts and shares current state-of-the-art projects in this field. He discusses his personal journey of combining engineering with art, highlighting projects like the "MR-808 Drum Robot" and automated installations like "Don't Look at Me." Through these works, he examines how robotic performers impact audience perception and emotional engagement. The talk asks critical questions: How do machines alter the psychosocial dynamics of performance? What are the minimal structures needed to evoke an empathetic response from the audience? How does the concept of the Uncanny Valley, as proposed by Masahiro Mori, influence our reactions to non-human performers? So - can we automate empathy? Let's find out! PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/JQS3KA/ Saal GLITCH moritz simon geist PUBLISH ALAJNW@@cfp.cccv.de -ALAJNW Die Faszination des echten Kugelspiels de de 20241228T235500 20241229T003500 0.04000

Die Faszination des echten Kugelspiels

Flipperautomaten waren für lange Zeit ein fester Bestandteil der Unterhaltungs- und Jugendkultur. Sie vereinen ein reales Spielgeschehen mit echten Kugeln und Hindernissen mit (Elektro-)mechanischer und elektronischer Steuerung und Effekten und sind dabei dem direkten Einfluss der Spieler ausgesetzt. Seit einiger Zeit ist diese Unterhaltung, die zudem meist an Orten außerhalb des eigenen Zuhauses stattfand, nun von rein oder vorwiegend virtuellen Spielangeboten ersetzt worden, die in unserem Kulturkreis vor allem in den eigenen vier Wänden stattfindet. Der Vortrag wirft einen persönlichen Blick zurück auf die Entwicklung und Eigenarten dieser Unterhaltungstechnik und beschreibt eigene Erfahrungen aus einigen Jahren, in denen der Vortragende in diesem Umfeld tätig war. Er gibt auch Einblicke in die verwendete Technik und zieht Parallelen zu aktuellen Einsätzen ähnlicher Unterhaltungsanwendungen wie z. B. Escape-Rooms. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/ALAJNW/ Saal GLITCH Gunther PUBLISH UZXTXJ@@cfp.cccv.de -UZXTXJ Net Neutrality: Why It Still Matters (More Than Ever!) en en 20241229T005500 20241229T013500 0.04000

Net Neutrality: Why It Still Matters (More Than Ever!)

This talk by Raquel Renno Nunes from Article 19 and Thomas Lohninger from epicenter.works gives insights into the global civil society fight against the telecom industry. We will lift the veil about the lobbying of companies like Deutsche Telekom, Orange and A1 and showcase strategies how NGOs fought back in Latin America and Europe. This war for the open internet is only heating up. European Commissioner Henna Virkkunen for Digital will have in her hands to uphold net neutrality in Europe. We want to extend our perspective by also looking at the successful fight in Latin America. Brazil in particular made their own experience with Zero-Rating tariffs that connected millions of Brazilians only to a selected few Apps instead of the whole internet. We will showcase how WhatsApp became a catalyst for the spread of fake news around the election of Jair Bolsonaro. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/UZXTXJ/ Saal GLITCH Thomas Lohninger Raquel Renno Nunes Jürgen Bering PUBLISH WGGVDK@@cfp.cccv.de -WGGVDK Gefährliche Meinung – Wenn Wälder brennen und Klimaaktivist*innen im Knast sitzen de de 20241229T110000 20241229T114000 0.04000

Gefährliche Meinung – Wenn Wälder brennen und Klimaaktivist*innen im Knast sitzen

Die Regierung von Schwaben genehmigte im Herbst 2022 die Rodung eines besonders geschützten Bannwalds -- trotz laufender Rechtswidrigkeitsprüfung des gesamten Vorhabens durch Bayerns höchstes Verwaltungsgericht. Denn der Besitzer des angrenzenden Stahlwerks, der zufällig mit seinem Lobbyverband auch größter Spender der CSU ist, Max Aicher, wollte sein klimaschädliches Stahlwerk in den Bannwald hinein erweitern. Daraufhin demonstrierten wir an der Regierung von Schwaben und "besetzen" deren Behördenflur symbolisch mit einer satirischen Botschaft. Einen Bannwald roden? – Frech! Wir werden davon erzählen, wie wir für unsere Kritik zu Haft verurteilt wurden, die Haft aber zunächst nicht antraten, sondern eine Woche durch die Öffentlichkeit geisterten, erst eine Woche später eine Lücke im Terminplan entdeckten und dann doch in der Arrestanstalt auftauchten. Samuel gibt Einblicke hinter die Mauern der Jugendarrestanstalt und berichtet, wie es den Menschen dort drinnen geht, die dort durch psychischen Schmerz "resozialisert" und "erzogen" werden sollen. Über Brief und Zettel aus dem Fensterschlitz konnten Unterstützer*innen von außen den Kontakt halten. Eine Gruppe Nerds baute einen FM-Transmitter und versuchte, ein eigenes Knastradio für Samuel einzurichten. Nach zwei Wochen wurde Samuel plötzlich nachts mit all seinen Büchern vor die Tür gesetzt, denn das Bundesverfassungsgericht entschied: Meinungsfreiheit gilt auch in Augsburg. Die Urteile aus Augsburg waren rechtswidrig, nicht mit dem Grundgesetz vereinbar. Ein eindrucksvolles Beispiel, wie in Deutschland Protest mitunter als „Bedrohung der öffentlichen Ordnung und Sicherheit“ konstruiert und eingeschränkt wird. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/WGGVDK/ Saal 1 Samuel Bosch Kiki Köffle PUBLISH 9RPH7S@@cfp.cccv.de -9RPH7S Robot Uprising: a story-driven AI robotics experience en en 20241229T120000 20241229T124000 0.04000

Robot Uprising: a story-driven AI robotics experience

Do you like deep-diving into AI & robotics, but wish you could escape the inevitable existential dread of techno-capitalist dystopia? If acting it out through a story-driven hackathon sounds interesting, we might just have the right thing for you. [Robot Uprising](https://robotuprising.fi/) is a community-organised, story-driven AI & robotics event series. Part LARP, part hackfest, part robotics competition, it all neatly fits together under the umbrella of an overarching cyberpunk story. The story provides inspiration for the events, the events provide the "historical facts" that shape how the narrative develops. In this talk, we'll take you through the history of Robot Uprising, delve into the technologies (robotics or otherwise) explored through our events, and contemplate how story and hacking intertwine. Our hope is to convince you of the awesomeness of story-driven hacking and inspire you to create many more events like this all around the world. You can join us at [House of Tea after the talk](https://events.ccc.de/congress/2024/hub/en/event/robot-uprising-come-chat-after-our-talk_b0lw/) for a cup of tea and we can continue talking in a more intimate setting. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/9RPH7S/ Saal 1 Karim Hamdi Katarina Partti Juho Kostet PUBLISH XBE87S@@cfp.cccv.de -XBE87S Databroker Files: Wie uns Apps und Datenhändler der Massenüberwachung ausliefern de de 20241229T125500 20241229T133500 0.04000

Databroker Files: Wie uns Apps und Datenhändler der Massenüberwachung ausliefern

Aus 3,6 Milliarden Handy-Standortdaten konnten wir uns ein mächtiges Massenüberwachungs-Tool basteln, das in den falschen Händen viel Schaden anrichten könnte. Wir konnten sehen, auf welchem Weg mutmaßliche Angestellte der NSA zur Arbeit fahren, wo Angehörige der Armee ins Bordell gehen und wo Staatsbeamt:innen wohnen. All das war möglich durch die Gratis-Kostprobe eines Datenhändlers – wer ein paar Tausend Euro im Monat ausgibt, könnte sich noch viel mehr Daten besorgen. Auf unsere Recherchen gab es schockierte Reaktionen aus Bundestag und Bundesregierung, EU-Parlament und Pentagon. Aber Lippenbekenntnisse sind nicht genug, um die kommerzielle Massenüberwachung durch Handy-Apps zu stoppen. Wir zeigen, wie jede:r Einzelne aktiv werden kann und was sich rechtlich ändern muss. Und: Unsere Recherchen zu den Databroker Files gehen weiter. Team netzpolitik.org: Sebastian Meineck; Ingo Dachwitz. Team BR: Katharina Brunner, Rebecca Ciesielski, Maximilian Zierer, Robert Schöffel, Eva Achinger. Hier ist die Übersicht der dazugehörigen Veröffentlichungen: https://netzpolitik.org/2024/databroker-files-die-grosse-datenhaendler-recherche-im-ueberblick/ PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/XBE87S/ Saal 1 Sebastian Meineck Ingo Dachwitz Rebecca Ciesielski PUBLISH PN3TE3@@cfp.cccv.de -PN3TE3 Ein unmoralisches Angebot: Wie wir unsere Communities vor ideologischen Zugriffen schützen de de 20241229T135000 20241229T143000 0.04000

Ein unmoralisches Angebot: Wie wir unsere Communities vor ideologischen Zugriffen schützen

Der Talk gliedert sich in drei Teile: 3. GROUND CONTROL: NORMATIVE INFRASTRUKTUR: Wir alle sind nicht ganz schwindelfrei und suchen nach Anbindungen oder Gravitationsfeldern, die uns in der unendlichen Kontingenz des Daseins Orientierung geben. Diese zutiefst menschliche Sehnsucht nach Sinnanziehungskraft kann man erstmal als solche anerkennen und ohne Scham annehmen. Das ist das klassische Business von Religionen (religare → la „anbinden, zurückbinden, festhalten, an etwas festmachen“). Nun hinterlassen in einer größtenteils säkularen Gesellschaft die zum Glück arbeitslos gewordenen Religionen viele ungebundene Individuen. Leider selten freie Radikale, vielmehr eine durch neoliberale Politik und kapitalistische Erzählungen individualisierte, unorganisierte Schar von Wesen, die ziemlich ‚lost’ sind – und dadurch empfänglich für moralisch durchtränkte Diskurse – gegenwärtig vor allem solche, die das Individuum in den Mittelpunkt stellen. Das Problem daran: Kollektives Handeln wird immer schwieriger zu organisieren. 2. ILLEGAL CONSTRUCTIONS oder DIE ZERSTÖRUNG DER EINS: Alain Badiou ist ein Philosoph, der weltweit und nicht nur in akademischen Kreisen gelesen wird, in Deutschland aber kaum bekannt ist. Dabei hat er gerade zu dieser Fragestellung einiges zu sagen. Sein Plädoyer gilt der Verknüpfung von Subjektivität und Universalismus statt dem Versuch, Partikularitäten zu kontrollieren – wie es seiner Meinung nach identitätspolitische Ansätze versuchen. Stattdessen schlägt er vor, Subjektivität als kollektive ‚illegal instruction‘ zu denken. Was erstmal abstrakt klingt, bringt sehr konkrete Konsequenzen mit sich, wenn man sie in den (netz-)aktivistischen Alltag übersetzt – was im dritten Teil getan wird: 3. ILLEGAL INSTRUCTIONS: Unverbindliches Angebot eines „Security Updates“ mit praktischen Hinweisen, Anregung zur Selbstreflexion und vielen offenen Fragen, die mit in die eigenen Strukturen genommen werden können. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/PN3TE3/ Saal 1 elenos PUBLISH PSHBNA@@cfp.cccv.de -PSHBNA Eat the Rich! Die Menschen wollen soziale Sicherheit, aber kriegen „Deutschland den Deutschen“. Holt das Geld bei den Reichen! de de 20241229T144500 20241229T152500 0.04000

Eat the Rich! Die Menschen wollen soziale Sicherheit, aber kriegen „Deutschland den Deutschen“. Holt das Geld bei den Reichen!

Die Union hat das Bürgergeld zum wichtigsten Wahlkampfthema 2025 auserkoren und will es am liebsten sofort abschaffen. An Menschen, die Sozialleistungen beziehen, werden soziale und technische Methoden der Entmenschlichung erprobt. Im Talk geht es um die Frage, wie es sich im Bürgergeld lebt, was die Unterschiede zu Hartz IV sind, welche Auswirkungen die Überwachungsmethoden der Jobcenter haben und welche gesellschaftliche Funktion das Bürgergeld erfüllt. Ist das alles wirklich legal? Ist das vielleicht sogar egal? Und vor allem: Was können wir dagegen tun? PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/PSHBNA/ Saal 1 Helena Steinhaus PUBLISH YTE8AH@@cfp.cccv.de -YTE8AH Can We Find Beauty in Tax Fraud? en en 20241229T154500 20241229T162500 0.04000

Can We Find Beauty in Tax Fraud?

Can there be beauty in abstraction? And are dividend stripping or VAT fraud diagrams really as dull as they seem? But most importantly: Is defrauding the public of 64 billion euros considered science, engineering, or art? And what does this have to do with you—and why should you care? Using real-world case studies, we’ll explore how corporations and individuals defraud populations and how these schemes—though sometimes confusing or complex on the surface—rely on surprisingly simple, chained tactics, much like exploits in information systems. We’ll break down the roles of various actors, service providers, fraudsters, and corrupt officials, as well as their playbooks, exploring how these crimes work or how they break and fail. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/YTE8AH/ Saal 1 martin PUBLISH 87CFYP@@cfp.cccv.de -87CFYP Der Milliarden-Steuerraub Cum/Ex – wie schädlich ist Wirtschaftskriminalität für unsere Gesellschaft? de de 20241229T164000 20241229T172000 0.04000

Der Milliarden-Steuerraub Cum/Ex – wie schädlich ist Wirtschaftskriminalität für unsere Gesellschaft?

Nachdem kurz erklärt wird, was Cum/Ex eigentlich ist, widmet sich der Vortrag zunächst der Frage, wie die Aufklärung in diesem international organisierten Fall schwerer Steuerhinterziehung überhaupt gelingen konnte und was noch zu tun ist. Wer sind die Akteure auf Seiten der Finanzbranche und wie ticken die Täter? Anschließend wird der generelle Umgang des Staates mit Wirtschaftskriminalität dargestellt und Lösungsansätze entwickelt. Dabei geht es auch um die Frage, was jeder Einzelne tun kann und warum die NGO Finanzwende ein wichtiger Ort sein kann, um politische Veränderungen bei finanzpolitischen Themen zu bewirken. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/87CFYP/ Saal 1 Anne Brorhilker PUBLISH 8UUJVJ@@cfp.cccv.de -8UUJVJ KI nach dem Kapitalismus: Hat ChatGPT in der besseren neuen Welt einen Platz? de de 20241229T173500 20241229T181500 0.04000

KI nach dem Kapitalismus: Hat ChatGPT in der besseren neuen Welt einen Platz?

In diesem Talk besprechen wir, was gegenwärtige "KI" ist, wie sich ökonomische Macht in "KI" zeigt und wie sich "KI" in die breitere Debatte um Technologiekritik einordnet. Wir fragen uns, was man mit Mustererkennung, Deep Learning und Sprachmodellen überhaupt anfangen will in der besseren Welt nach der Revolution und ob uns eine Technologie wie "KI" auf dem Weg dahin helfen kann oder eher behindert. Der Talk wird zu gleichen Teilen von Malte Engeler und Sandra Sieron gehalten. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/8UUJVJ/ Saal 1 Malte Engeler Sandra Sieron PUBLISH 99SLE3@@cfp.cccv.de -99SLE3 Knäste hacken de de 20241229T191500 20241229T195500 0.04000

Knäste hacken

Von HamSy oder SoPart haben die meisten Menschen noch nie etwas gehört. Außer sie hatten bereits Kontakt mit deutschen Knästen. Das führt dazu, das es kaum Dokumentation darüber gibt, wie Digitalisierung für Menschen dort funktioniert und welche Folgen sie in Zukunft haben kann. Im letzten Jahr beschäftigte ich mich mit verschiedenen Systemen in deutschen Knästen und möchte über Datenabflüsse und strukturelle Probleme, die verhindern, dass wir Menschen dort Zugang zu digitaler Teilhabe gewähren, sprechen. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/99SLE3/ Saal 1 Lilith Wittmann PUBLISH F7SPPL@@cfp.cccv.de -F7SPPL Das IFG ist tot – Best of Informationsfreiheit, Gefangenenbefreiung & Machtübernahmen de de 20241229T201500 20241229T205500 0.04000

Das IFG ist tot – Best of Informationsfreiheit, Gefangenenbefreiung & Machtübernahmen

Wenn das IFG tot ist, sollten wir dafür kämpfen, es wiederzubeleben – vielleicht als Untote? Zahlreiche Skandale, die FragDenStaat in diesem Jahr aufgedeckt hat, zeigen, wohin der Weg gehen sollte: - Wir brauchen mehr Leaks & illegal instructions für Beamte - Es ist Zeit, Verwaltungen zu infiltrieren Mit dem Best of Informationsfreiheit, FragDenStaat, Gefangenenbefreiung und Machtübernahmen. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/F7SPPL/ Saal 1 Arne Semsrott PUBLISH N3FZQD@@cfp.cccv.de -N3FZQD Postpartum Punk: make space for unfiltered creativity en en 20241229T211000 20241229T215000 0.04000

Postpartum Punk: make space for unfiltered creativity

In this talk, I’ll share my story and propose some solutions to help people connect and utilise with this raw, abstract, flippant side of the mind, whether or not they’ve experienced parenthood: haptic births, transcranial nursering, chaos VR sessions, neurofeedback baths, quantum aerobics, algorithm jams, and 'Near-Birth-Experiences' PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/N3FZQD/ Saal 1 Ania Poullain-Majchrzak PUBLISH NA9SF8@@cfp.cccv.de -NA9SF8 Pyrotechnik – ist doch kein Verbrechen!? de de 20241229T230000 20241230T000000 1.00000

Pyrotechnik – ist doch kein Verbrechen!?

Während des 38C3 entfaltet sich in Politik und Medien ein jährlich wiederkehrendes Ritual: Die Debatte um Sinn und Unsinn von Feuerwerk. „Der Fortschritt ruft! Der Kohlenstoff hat abgedankt, die Zeit ist fürs Silizium reif!“, so schallt es aus den Reihen der vermeintlich aufgeklärteren und und fortschrittlicheren Teile der Gesellschaft. Doch was ist Feuerwerk überhaupt? Wie funktioniert es? Und ist nicht im Recht, wer das Verschwinden des stinkenden Geknalles fordert? Wir behaupten: das Feuerwerk mitsamt seiner Geschichte und Gegenwart hält noch ein paar spannende Einsichten für uns und unsere Zeit parat. Mit dem Talk werfen wir einen Blick hinter die Kulissen und tauchen tief in Technik und Diskurs der explosiven Materie ein. In einem unterhaltsamen Kurztrip beleuchten wir verschiedene Dimensionen eines vielschichtiges Phänomens - praktisch, technisch, historisch und politisch. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/NA9SF8/ Saal 1 felix bijan PUBLISH 8C7KKR@@cfp.cccv.de -8C7KKR Hacker Jeopardy en en 20241230T001500 20241230T021500 2.00000

Hacker Jeopardy

The well known reversed quiz format, but of course hacker style. It once was entitled „number guessing for geeks“ by a German publisher, which of course is an unfair simplification. It’s also guessing of letters and special characters. ;) Three initial rounds will be played, the winners will compete with each other in the final. The event will be in German, we hope to have live translation again. PUBLIC CONFIRMED Game show https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/8C7KKR/ Saal 1 Sec Ray PUBLISH 73Q3KX@@cfp.cccv.de -73Q3KX Chatbots im Schulunterricht!? de de 20241229T110000 20241229T114000 0.04000

Chatbots im Schulunterricht!?

Im zweiten Teil unserer Studie haben wir systematisch mit LehrerInnen gesprochen und ihre Perspektive auf KI im Schulunterricht untersucht. Wir besprechen, wie dystopisch und fehlgeleitet es ist, die sozialpolitischen Probleme im Bildungswesen mit Techno-Tools zu lösen. Während in Großbritannien bereits “teacher-free” KI-Klassen als Pilotprojekt ins neue Schuljahr gestartet sind, scheint man in Deutschland zwar immer noch auf Lehrkräfte im Klassenzimmer zu setzen – doch die Signale der Kultusministerien sind eindeutig: Lieber den Lehrkräftemangel mit den Services privater KI-Unternehmen fixen als echte politische Maßnahmen durchzusetzen, die den Beruf erträglicher und attraktiver machen. Dass das Schulsystem über KI-Tools noch weiter an private Unternehmensinteressen gebunden wird, hat unweigerlich steigende Ungleichheit und Intransparenz zur Folge. Da aktuell weitere Bundesländer an der Schwelle stehen, Lizenzverträge mit KI-Unternehmen für Lerntools abzuschließen, steht mit diesem Thema einiges auf dem Spiel. Unsere Studie zur "KI-Korrekturhilfe" von Fobizz kann hier runtergeladen werden: <a href="https://doi.org/10.48550/arXiv.2412.06651">https://doi.org/10.48550/arXiv.2412.06651</a> PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/73Q3KX/ Saal ZIGZAG Rainer Mühlhoff Marte Henningsen PUBLISH XXXSWE@@cfp.cccv.de -XXXSWE AI Meets Git: Unmasking Security Flaws in Qodo Merge en en 20241229T120000 20241229T124000 0.04000

AI Meets Git: Unmasking Security Flaws in Qodo Merge

Qodo (formerly CodiumAI) develops an open source tool called Qodo Merge (formerly PR-Agent). This tool can be setup to automatically analyze pull requests on a Gitlab, Github or Bitbucket project. Qodo Merge uses AI to perform various tasks that may help a developer handle a pull request, such as: * Summarizing a pull request * Suggesting code changes to improve a pull request * Generating a CHANGELOG file entry for a pull request * Answering questions about a pull request * and more In this talk, we describe vulnerabilities we found in Qodo Merge that may lead to privilege escalation on Gitlab, write access to Github repositories and leaking secrets of Github repositories. We mention popular open source projects that are vulnerable because they started using Qodo Merge, and discuss how to protect your project from these attacks. We also talk about the multiple ways we tried to report those vulnerabilities to the developers of Qodo Merge and the lack of a way for security people to contact them. Finally, we describe the current security posture of the project regarding the vulnerabilities we found. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/XXXSWE/ Saal ZIGZAG Nils Amiet PUBLISH CHDQRA@@cfp.cccv.de -CHDQRA Vom Betrieb bis ins Netz: Gewerkschaften als Vorbild für modernen Widerstand? de de 20241229T125500 20241229T133500 0.04000

Vom Betrieb bis ins Netz: Gewerkschaften als Vorbild für modernen Widerstand?

Arbeitnehmer*innen der IT-Branche sehen sich zunehmend mit Repressionen konfrontiert, die kreative und gemeinsame Formen des Widerstands erfordern. Von Union Busting über unmoralische Praktiken am Arbeitsplatz bis hin zu gesetzlichen Hürden – die Angriffe auf kollektive Arbeitsrechte werden intensiver und vielseitiger. Die Herausforderung, neue Aktionen zu entwickeln, Widerstände zu überwinden, Ideen zu verwerfen und immer wieder neu anzusetzen, ist längst alltäglich geworden. Umso wichtiger ist es, dass wir uns gegenseitig inspirieren und unterstützen. Aktivismusfelder wie Netzpolitik, Klimaschutz und Arbeitsrechte stehen vor ähnlichen Hindernissen – und wir alle profitieren, wenn wir uns austauschen und voneinander lernen. Unser Vortrag zielt daher nicht darauf ab, allumfassende Lösungen zu bieten. Stattdessen möchten wir aktuelle Missstände aufzeigen und Erfahrungen sowie Lösungsansätze teilen. Gemeinsam wollen wir untersuchen, wie unkonventionelle Ansätze, geteilte Erfahrungen und Zusammenarbeit zu einer stärkeren, solidarischen Zukunft führen können. Mit unserer Erfahrung aus der Gewerkschaftsjugend und aus Tarifkämpfen sprechen wir über Aktionen, Erfolge und Rückschläge – und darüber, wie wir uns in Zukunft besser aufstellen können. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/CHDQRA/ Saal ZIGZAG Joana Starck Laurent Kuffert PUBLISH 7C8KRZ@@cfp.cccv.de -7C8KRZ Auracast: Breaking Broadcast LE Audio Before It Hits the Shelves en en 20241229T135000 20241229T143000 0.04000

Auracast: Breaking Broadcast LE Audio Before It Hits the Shelves

Bluetooth Auracast is a marketing term for a subset of the new "LE Audio" features introduced in the Bluetooth 5.2 specification. LE Audio is designed to provide better sound quality, longer battery life and new capabilities for audio devices like headphones, earbuds and especially hearing aids. Essentially, Auracast is an audio broadcast feature set for Bluetooth Low Energy. Our talk will focus on the new features introduced in the core spec, namely Broadcast Isochronous streams (BIS). The protocol specification for Auracast was released several years ago, and vendors are only now beginning to implement application-level support for it. Previous research from 2023 (the "BISON" paper) has already shown that unencrypted Auracast broadcasts can be hijacked. The Bluetooth specification is very vague in what security goals it tries to achieve for (encrypted) broadcasts. The core building block for LE Audio broadcasts are Broadcast Isochronous Streams (BIS). Security for BIS is only ever mentioned in terms of confidentiality, which is supposedly achievable by encrypting a BIS. In this talk we'll shed some light on the security properties of Auracast and show that authenticity and confidentiality can be violated, even when broadcasts are encrypted. To examine whether the vague specification and the bad examples lead to real-world issues, we have surveyed several implementations of Auracast. We found that on popular devices the default configuration is weak and allows breaking the authenticity and confidentiality of the Auracast broadcast. Alongside the talk, we will release a toolkit that allows to dump, decrypt and hijack encrypted Auracast broadcasts. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/7C8KRZ/ Saal ZIGZAG Frieder Steinmetz Dennis Heinze PUBLISH KBSSG9@@cfp.cccv.de -KBSSG9 Dialing into the Past: RCE via the Fax Machine – Because Why Not? en en 20241229T144500 20241229T152500 0.04000

Dialing into the Past: RCE via the Fax Machine – Because Why Not?

In this talk, we'll show you how we leveraged a printer bug that we found at Pwn2Own Ireland this year to gain remote code execution. Over its fax interface. You might think, "Who cares about faxes?" – but what if I told you that lurking within this vintage feature is a potential pathway for remote code execution? That's right, while everyone else is busy patching the latest vulnerabilities in trendy software and half the world is obsessed with cloud security, we'll be having a blast with tech that should've been retired to the attic long ago, exploiting a feature that's older than some of the attendees! We'll explore how this vintage tech can be the gateway to some serious mischief. Think of the possibilities: municipalities, banks, courts, you pick your favorite bureaucracy. Unfortunately, we can't do any of those things -- that'd be naughty -- so we're restricted to doing the stupidest things we can think of in our live demos. In case you're wondering: of course we'll be running doom on this thing, proving that even the most outdated tech can still pack a punch, as we take control over this device in style. Expect a mix of technical insights and many moments of "why would you do that?". So join us in this wild ride through simpler times -- who knew the key to world domination lays in a dusty fax machine? PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/KBSSG9/ Saal ZIGZAG Rick de Jager Carlo Meijer PUBLISH GNZG8R@@cfp.cccv.de -GNZG8R Let's build dodos! How generative AI is upturning the world of synthetic biology and hopelessly overwhelming traditional governance instruments. en en 20241229T154500 20241229T162500 0.04000

Let's build dodos! How generative AI is upturning the world of synthetic biology and hopelessly overwhelming traditional governance instruments.

This is what the talk will be about: - What is the science behind synthetic biology? What is genome editing, CRISPR/cas, RNAi or off-target effects etc.? - And how does generative AI and generative biology come into play? What is actually happening in laboratories and corporate R&D around the world, including in the USA and China? I will report on AI platforms that generate designs for novel viruses and proteins to experiments ranging from medical drug development and attempts to bring extinct species back to life. I will also present current scenarios in the field of bioweapons. - How big tech is moving to get into bioeconomy – Titans such as Google, Microsoft, Nvidia, Alibaba, Meta, Amazon and Salesforce, with no specific experience in life sciences, are now the leaders in a new ‘generative biology’ run. - I will then continue with our own research on risk and technology assessment of genetically modified organisms and synthetic biology. This includes experiments and method development on biosafety, but also poses more fundamental questions such as investigating if the AI/biodigital design of nature is in line with nature conservation concepts or asking if democratization of biotech research (garage biology) relates to “dual use” risks. We also work on instruments to better understand impacts on society and improved social participation. - Finally, I would like to report on the very controversy negotiations on this topic at the UN Convention on Biological Diversity in Colombia in November – among parties, with perspectives from developing countries, indigenous peoples and local communities, scientist and others and discuss ways forward for fair, multidisciplinary assessment and oversight that is urgently needed. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/GNZG8R/ Saal ZIGZAG Margret Engelhard PUBLISH 8CZXCG@@cfp.cccv.de -8CZXCG Brauchbare Illegalität – Organisationen für menschenfeindliche Diskurse wappnen de de 20241229T164000 20241229T172000 0.04000

Brauchbare Illegalität – Organisationen für menschenfeindliche Diskurse wappnen

Einen großen Teil unseres Lebens verbringen wir in oder mit Organisationen. Vom Sportverein, der Schule, über diverse Arbeitgeber bis hin zur Waldfriedhof GmbH, die sich auch nach unserem Leben um uns kümmert. Organisationen sind mächtige soziale Systeme. Sie sind komplex und widersprüchlich, teilweise quälend langsam oder erschreckend effizient. Aber ohne große und kleine funktionierende Organisationen wäre unsere moderne Gesellschaft nicht denkbar. Das wissen auch die Gegner einer pluralistischen Demokratie. Ihnen ist es bereits gelungen, in den letzten Jahren mit ihren Themen den öffentlichen Diskurs zu prägen, nun rücken Organisationen und damit ihre Mitglieder in den Fokus. In Organisationen gelten jedoch andere Einflussfaktoren als im öffentlichen Diskurs. Der Diskurs von Organisationen wird durch die Strukturen der Organisation und deren Bedeutung für das Verhalten ihrer Mitglieder geprägt, der Diskurs entsteht in der Kaffeeküche und am Fließband, bei Präsentationen und bei Standup-Meetings und ist sogar eingewebt, in die Art und Weise, wie Alltagspraktiken bei der Arbeit ablaufen. In diesem Talk werden Möglichkeiten beschrieben, wie mit organisationswissenschaftlichen und kommunikationspsychologischen Erkenntnissen aus Forschung und Praxis Organisationen robuster für die Zukunft gemacht werden können. Es geht um die Frage, wie konkrete Praktiken einer Organisation gestaltet werden können, dass ein fortschrittliches Miteinander in und um eine Organisation gestärkt wird. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/8CZXCG/ Saal ZIGZAG Johannes Fertmann PUBLISH 9G97SZ@@cfp.cccv.de -9G97SZ TETRA Algorithm set B - Can glue mend the burst? en en 20241229T173500 20241229T181500 0.04000

TETRA Algorithm set B - Can glue mend the burst?

The new authentication suite (TAA2, as opposed to the old TAA1) features longer keys and completely new cryptographic primitives. The new Air Interface Encryption algorithms (TEA set B) consist of three new ciphers, for differing target audiences. TEA5 is intended for European emergency networks, and is the successor of TEA2. TEA6 is intended for friendly extra-european emergency and military networks, and replaces TEA3. Lastly, TEA7 is the only one available for use by critical infrastructure and other civil applications, and replaces TEA1. Initially, ETSI envisaged to keep the new algorithms secret again, once more eliminating the possibility of public scrutiny. However, following our publication, a promise was made to release the algorithms to the public for inspection. Additionally, a statement was made that TEA7 has a reduced effective strength of 56 bits. As mentioned, this algorithm is the successor to TEA1, which has an effective strength of only 32 bits, in a time where 40 bits was the maximum for freely exportable crypto. In TETRA:BURST, we presented several vulnerabilities found in the old standard. Obviously, the backdoored TEA1 algorithm is now replaced by a new cipher, and we will dive into how this works, how it can be attacked, and what the practical implications will be. Second, we previously presented a method of decrypting and injecting traffic on all network types, even those using the stronger TEA2 and TEA3 algorithms. This relies on the lack of cryptographic integrity guarantees on message - something that is still unaddressed. We discuss how this leads to issues. Lastly, TETRA:BURST described a way of decrypting the pseudonymized identities of TETRA users (first demonstrated at the 37C3), allowing for a powerful intelligence capability. We will discuss how the new standard seeks to resolve this issue. Lastly, we previously recommended caution regarding TEA3, due to a suspicious feature in its design. While no full attack will be presented, progress in its cryptanalysis was made, which we will discuss during the talk. And, there is an interesting parallel to be drawn between the suspicious quirk in TEA3 and the design of its successor, TEA6. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/9G97SZ/ Saal ZIGZAG Wouter Bokslag Jos Wetzels PUBLISH CEJZ9E@@cfp.cccv.de -CEJZ9E May the forest be with you – Bäume pflanzen gegen die Klimakrise? de de 20241229T191500 20241229T195500 0.04000

May the forest be with you – Bäume pflanzen gegen die Klimakrise?

Störungen im Wald durch Dürre, Borkenkäfer und Feuer prägen zunehmen das Landschaftsbild und erhalten mehr Aufmerksamkeit von Medien und Politik. Die Sorge reicht von dem Szenario, dass wir alle Wälder verlieren werden hin zu dem Verlust von einem wertvollen CO2-Speicher und Produzenten von Holz. Global neue Bäume zu pflanzen scheint eine intuitive Antwort drauf zu sein, löst aber nicht die Herausforderung der Klimakrise vor der wir gerade stehen. In meinem Vortrag möchte ich aufklären, warum Störungen im Wald per se kein Problem, sondern ein Teil der Waldentwicklung sind und wie sich diese auf die CO2-Speicherfähigkeit und andere Fähigkeiten von Wäldern auswirken. Wälder sind keine statischen Konstrukte in der Landschaft, sondern ein dynamisches System, welches uns viele Dienstleistungen bereitstellt. Es gibt genug Gründe Bäume zu pflanzen, aber warum, wo und wie sind entscheidende Fragen, die ich beleuchten möchte. Außerdem berichte ich aus der aktuellen Forschung um den Zustand der Wälder, wie vor allem wir Menschen den Wald beeinflussen und möglichen Ansätzen, wie wir Wälder widerstandsfähiger machen können. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/CEJZ9E/ Saal ZIGZAG Kirsten Krüger PUBLISH UBWU9D@@cfp.cccv.de -UBWU9D Hacking Life: How to decode and manipulate biological cells with AI en en 20241229T201500 20241229T205500 0.04000

Hacking Life: How to decode and manipulate biological cells with AI

The cell is the fundamental building block of biological organisms, such as us humans. As such, technologies to understand and hack cells enable the cure of diseases and potentially even to expand our life span. In my talk, I provide an overview on how biologists and bioinformaticians use AI to understand and hack cells. Understanding the role of individual cells is a core aspect of biological research, given the extreme diversity of cellular states and functions. A common measurement method to characterize a given cell quantifies which of its genes are activated and how strongly. While this provides a rich high-dimensional readout, it is complex to interpret, given the challenge of deriving an intuition about the meaning of all the individual gene activation levels, as well as their combinatorial effects. In my research, I combine recent AI methods, most prominently multimodal large language models, to enable the analysis and interpretation of these measurements with the English language. I will present this work alongside a more general overview into the research landscape of “AI cell models”. Furthermore, I will provide preliminary insights into how these interpretations form the basis to “hack” cells, which is accomplished through the introduction of complex “illegal instructions” in the form of molecular agents, which alter the behavior of the cell's internal programs. With this talk, I aim to provide the Chaos community with a focused insight into the biological cell and the ways in which recent developments in AI help us understand and manipulate them. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/UBWU9D/ Saal ZIGZAG Moritz Schaefer PUBLISH TKWN7X@@cfp.cccv.de -TKWN7X Die Elektronische Patientenakte (ePA)– a legal instruction trap? de de 20241229T211000 20241229T215000 0.04000

Die Elektronische Patientenakte (ePA)– a legal instruction trap?

Ihr seid in die Kryptoparty-Reihe Digitalisierung und IT-Sicherheit im Gesundheitswesen (aka TI-rant) geraten. Medizin- und Nerd-Bubble konfluieren für eine kurze Zeit, Wissenstransfer passiert. Mindestens 3,14 Herzen schlagen in unserer Brust, wenn wir auf die Digitalisierung des Gesundheitswesens blicken: Nerd, Patient, Anwender, Investor usw. Wir werden versuchen, die verschiedenen Perspektiven etwas auszuleuchten, vielleicht sogar ein wenig mehr in Einklang zu bringen. Wir setzen uns interaktiv mit aktuellen digitalen Phänomenen im Gesundheitswesen auseinander – hier mit Fokus auf die elektronische Patientenakte (ePA). PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/TKWN7X/ Saal ZIGZAG cbro PUBLISH ZJFPSS@@cfp.cccv.de -ZJFPSS Hacker's Guide to Meshtastic: Off-Grid, Encrypted LoRa Meshnets for Cheap! en en 20241229T220500 20241229T224500 0.04000

Hacker's Guide to Meshtastic: Off-Grid, Encrypted LoRa Meshnets for Cheap!

If you've ever wanted to legally create off-grid, encrypted mesh networks that can span over a hundred miles, you can get started with Meshtastic for around $10. This talk will serve as a beginner user's guide to Meshtastic, covering everything from hardware basics to advanced software configuration. We will explore making custom Meshtastic hardware, real-world results from deploying Meshtastic in Los Angeles, and attacks against mesh networks. Attendees will learn about LoRa, Meshtastic node and antenna options, software setup and configuration to extend its functionality, and real-world deployments of remote nodes. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/ZJFPSS/ Saal ZIGZAG Kody Kinzie PUBLISH 9SSMGL@@cfp.cccv.de -9SSMGL Attack Mining: How to use distributed sensors to identify and take down adversaries en en 20241229T230000 20241230T000000 1.00000

Attack Mining: How to use distributed sensors to identify and take down adversaries

Looking at the 2024 M-Trends report, brute force is still one of the main reasons for adversaries to gain access and compromise companies. In fact, 6% of all initial access is done via brute force. Knowing this, as well as that attackers are constantly trying all sorts of attacks against any internet-connected device, there seems to be a gap between what is currently mostly done (block the attack) versus what should be done (report and take down the attacker)! This talk will start with a short introduction on how to set up a system that is able to collect attacks from distributed sensors, enrich them at a central location, as well as use the data to reach out to ISPs and other governing bodies to report the abuse. The sensors are Docker containers with modified OpenSSH servers that will block any login attempt, no matter which username and password combination is used, as well as log the timestamp, source IP, username, and password to a central location. Using this, the so-called "attack pot" is indistinguishable from other Linux systems, ensuring that no suspicion on the attacker's side is raised. For the enrichment part, the ISP's contact data is identified, and abuse notifications are sent via multiple channels to initiate a take down. Furthermore, automated bots monitor if the take down was successful and how long it took, allowing us to share some information on how successful this approach is, which ISPs are more cooperative, and where it is nearly impossible to get any system taken down. Generally, lessons learned with what could be potentially done better will be discussed! The second part of the talk will focus on the analysis of the collected attacks. Across all of the attacks, multiple clusters, which likely are adversarial groups moving from one target to another, could be identified. Furthermore, by analyzing the used credentials, there seems to be some correlation between internet-identifiable information like DNS, region, or OS and the credentials used in an attack. This will allow defenders to get a better understanding of how to defend and even put out decoy information to quickly identify attacks. The closure of the presentation will be an outlook on what could be done better from an ISP or governing body side to speed up take downs of adversarial infrastructure, as well as what everyone can do to make the internet a safer place! PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/9SSMGL/ Saal ZIGZAG Lars König PUBLISH M733LV@@cfp.cccv.de -M733LV Hacking Victorian Bodies: From Grid to Vector Space en en 20241230T001500 20241230T005500 0.04000

Hacking Victorian Bodies: From Grid to Vector Space

In this performative lecture, the SOLID FLESH Collective reimagines how artistic practice can transform historical methods of body representation into tools for imagining radical new forms of embodiment. SOLID FLESH Collective, a hybrid space bridging the realms of gym, gallery, and think tank, examines how Muybridge’s chronophotography once ‘solidified’ bodies within a rigid grid, contrasting it with generative AI’s potential for unprecedented fluidity in self-reimagining. We present a series of experiments in ‘resurrecting’ Muybridge’s subjects, using open-source AI tools to transform scientific documentation into speculative fictions. When commercial AI flagged these Victorian images as ‘pornographic,’ this rejection spurred us to explore alternate approaches, resulting in the creation of wonderfully surreal, inhuman movements with animDiff—as if the AI, uninformed by human motion, were an animator imagining it for the first time. The lecture positions the AI-mediated body within a multidimensional vector space of possibilities, spanning dimensions of gender, age, class, and experience. Through our custom ComfyUI workflow and selected clips from our ongoing film project (solidflesh.com), we show how this ‘vector body’ allows for forms of self-imagination that break free from the solidifying gaze of the camera. Our technical explorations engage larger questions around identity fluidity, algorithmic embodiment, and the possibility of a new, digitally mediated somatic imagination. As mainstream AI development often reinforces conventional body ideals, we speculate on alternative futures, asking how these technologies might instead enable liberating bodily self-conceptions. Moving beyond Muybridge’s grid and current AI’s polished limitations, we explore what approaches to algorithmic embodiment might emerge when we embrace the glitches and ‘failures’ of these systems. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/M733LV/ Saal ZIGZAG Marcin Ratajczyk PUBLISH PSX7FY@@cfp.cccv.de -PSX7FY Azubi-Tag Einführung de de 20241229T093000 20241229T104500 1.01500

Azubi-Tag Einführung

Jedes Jahr zwischen Weihnachten und Neujahr treffen sich tausende Hacker*innen zum Chaos Communication Congress in Hamburg. Der Azubi-Tag ist eine günstige Gelegenheit für Auszubildende, den Congress zu besuchen, den CCC kennenzulernen und viel über IT-Security, Technik und Gesellschaft zu lernen. Wir freuen uns, diesen Tag nun zum zweitem Mal anbieten zu können. Weitere Informationen siehe <https://events.ccc.de/congress/2024/infos/azubi-tag.html>. PUBLIC CONFIRMED Ceremony https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/PSX7FY/ Saal GLITCH PUBLISH PR8EGC@@cfp.cccv.de -PR8EGC Sacrificing Chickens Properly: Why Magical Thinking is Both the Problem and the Solution. en en 20241229T110000 20241229T114000 0.04000

Sacrificing Chickens Properly: Why Magical Thinking is Both the Problem and the Solution.

Causality is hard. Hence the hackers jargon file contains certain references about voodoo, deep magic and yes, even the sacrifice of chickens for the greater good. In that case, that good would be „the stakeholder‘s peace of mind“. Rather than looking at the content of the subject matter, this talk is strictly about language. It highlights the issues arising when experts aim to talk about non-experts about subject matters which are not easily put into words. More precisely, not easily understood by human-sized categories of the mind. The core point is highlighting what could be called the default library present in humans: Stories, with actors and actions leading to results. Anything that‘s not easily fit into that category struggles to be understood. Underneath this, there‘s a set of basic assumptions, comparable to the terms and capabilities of a programming language or it‘s paradigm, which sets the stage for the human-sized stories to happen in. Those are very hard to even see, let alone change, for any individual. Rather than fighting assumptions, replacing a story with another story can be done far more easily. The challenge addressed in this talk is the tendency of public discourse to revolve around human-sized categories even when faced with system-sized problems. The talk invites to use the ethnographer‘s eye in order to combat dread and anger in the current public discourse. Rather than asking „how can you be so stupid?“, asking „how can you be thinking in the terms you are“ and look for logic. This skill can give you one pointed edge: Discerning active lies and acts of propaganda from honest mistakes brought about by mismatched metaphors. Which, in the end, makes the world look like a much more friendly place. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/PR8EGC/ Saal GLITCH Senana PUBLISH GAWZXM@@cfp.cccv.de -GAWZXM Von Augustus bis Trump – Warum Desinformation ein Problem bleibt und was wir trotzdem dagegen tun können de de 20241229T120000 20241229T124000 0.04000

Von Augustus bis Trump – Warum Desinformation ein Problem bleibt und was wir trotzdem dagegen tun können

Obwohl wir inzwischen aus Perspektive der Forschung gesicherte Erkenntnisse über Verbreitung und Wirkung von Desinformationen haben und wirksame Präventions- wie auch Interventionsmaßnahmen auf vielen Ebenen diskutiert werden, laufen wir den tatsächlichen Entwicklungen und gesellschaftlichen Konsequenzen von Desinformation nur hinterher. Ein effektiver Umgang mit den unterschiedlichen Spielarten von Desinformation gelingt oft nicht. Mit Blick auf die aktuelle Forschung bieten wir einen Überblick über Lösungen gegen Desinformation. Dieser Talk soll die Begrifflichkeit für die öffentliche Debatte schärfen und die Frage adressieren: Was kann und soll als Desinformation verstanden werden? Darüber hinaus wollen wir diskutieren, warum der Umgang mit Desinformation so schwierig ist und welche individuellen, gesellschaftlichen und politischen Herausforderungen ihn so schwierig machen. Abschließend beantworten wir die Fragen: Was ist zu tun? PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/GAWZXM/ Saal GLITCH Hendrik Heuer Josephine Schmitt PUBLISH VY3FKQ@@cfp.cccv.de -VY3FKQ Der traurigste Vortrag über digitale Barrierefreiheit des Jahrhunderts de de 20241229T125500 20241229T133500 0.04000

Der traurigste Vortrag über digitale Barrierefreiheit des Jahrhunderts

Die digitale Barrierefreiheit ist kaputt. In den letzten Monaten habe ich viele digitale Angebote des Staates auf deren Barrierefreiheit überprüft und die kritischsten Barrieren an die verantwortlichen Stellen gemeldet. Beispielsweise war es in der Hochwasser-Krise nach Weihnachten 2023 für blinde Personen in mindestens drei relevanten Bundesländern nicht möglich, den aktuellen Pegelstand an ihrem Wohnort abzurufen. Im Katastrophenschutz sieht es nicht besser aus: Alle vier öffentlich finanzierten Warn-Apps sind für viele Menschen mit Behinderung nicht nutzbar. Und auch das neue, für alle verpflichtende E-Rezept wurde voller Barrieren ausgerollt. Diese eklatanten Mängel sind leider Dauerzustand. Selbst wenn Barrieren schon intern bekannt sind, dauert es oft Jahre, bis diese behoben werden. An allen Ecken fehlt wichtige Expertise und der weltweite Beratungsmarkt wird beherrscht von Schlangenöl. Bei einer Meldung einer neuen Barriere werfen die Behörden gerne mit Phrasen um sich und beteuern ihren Einsatz für Inklusion. Tatsächlich zeigen meine Erfahrungen ein erschreckendes Muster , das auf systematische Diskriminierung hindeutet. Aber wie können wir dann wirklich und nachhaltig Dinge verbessern? Können wir das überhaupt? Wir schauen uns den traurigen Zustand der digitalen Barrierefreiheit in Deutschland an, benennen Verantwortliche für die Misere und lernen, was wir eigentlich wirklich bräuchten. Von echten Menschen mit Behinderung, mit echter Expertise. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/VY3FKQ/ Saal GLITCH Casey Kreer PUBLISH GYAZK8@@cfp.cccv.de -GYAZK8 Euclid, das Weltraumteleskop - 180 Millionen Galaxien sind ein guter Anfang de de 20241229T135000 20241229T143000 0.04000

Euclid, das Weltraumteleskop - 180 Millionen Galaxien sind ein guter Anfang

Euclid ist ein astronomisches Weltraumobservatorium, aber zugleich als Gesamtkonzept ein wissenschaftliches Experiment zur besseren Erforschung von "Dunkler Energie" und "Dunkler Materie". Beim 37C3 hatte ich die Hintergründe dazu erklärt und wie Euclid mit der Vermessung der Formen und Entfernungen von 1-2 Milliarden Galaxien die Entwicklungsgeschichte des Universums nachvollziehen wird. Nach eineinhalb Jahren Erfahrungen mit dem Teleskop und neun Monaten Himmeldurchmusterung haben wir einiges an Erfahrung mit dem Teleskop gesammelt, den ersten Data-Release vorbereitet und jede Menge schöner Bilder gesehen und bestaunt. Wir haben uns aber auch durch Herausforderungen mit dem Teleskop gearbeitet, zum Beispiel durch Eisbeläge auf den Spiegeln oder eine aktuell sehr aktive Sonne. Aber das ist unter Kontrolle. Ich werde einige neue und eindrucksvolle Bilder von Euclid zeigen und den Stand der Dinge skizzieren. Ich werde auch ein bisschen einen Blick hinter die Kulissen geben, wie mit solchen Herausforderungen umgegangen wird und wie die Datenverarbeitung voranschreitet. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/GYAZK8/ Saal GLITCH Knud Jahnke PUBLISH UDBPYF@@cfp.cccv.de -UDBPYF The Design Decisions behind the first Open-Everything FABulous FPGA en en 20241229T144500 20241229T152500 0.04000

The Design Decisions behind the first Open-Everything FABulous FPGA

The talk will target both FPGA novices and experts and discuss the technology from two angles: 1) the capabilities of open tools to build an entire FPGA ecosystem and 2) FPGA technology insights. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/UDBPYF/ Saal GLITCH Dirk PUBLISH YC8L8L@@cfp.cccv.de -YC8L8L Beyond BLE: Cracking Open the Black-Box of RF Microcontrollers en en 20241229T154500 20241229T162500 0.04000

Beyond BLE: Cracking Open the Black-Box of RF Microcontrollers

The TI SimpleLink family of BLE and Sub-GHz RF MCUs present a general-purpose Cortex-M4F platform with extensive documentation for developing custom embedded/IoT devices. With a reference manual filled with countless diagrams and register maps for all its peripherals, the Radio section is surprisingly sparse, only mentioning a high-level API for exchanging commands between an RF coprocessor core. This secondary undocumented CPU is what handles the actual RF communication, running from an inaccessible ROM. There’s no mention of what peripherals lay beyond the coprocessor aside from generic “DSP Modem” and “RF Engine” modules. This talk serves to be the unofficial “Radio Reference Manual” of the SimpleLink MCUs, opening the black box of the RF subsystem and painting the full picture on how the radio operates - from the stack to the antenna. As part of this effort to fully understand these chips, we reverse engineered TI’s proprietary RF patch format, which enables SDK updates to introduce support for newer protocols on existing chips. We show how these patches allow you to modify the behavior of almost every part of the RF subsystem, control the RF subsystem in ways not intended, or even replace the ROM firmware entirely. Additionally, we investigate the hidden DSP Modem cores, and decode their proprietary ISA to disassemble and craft new firmware patches for them as well, potentially opening up the door for a cheap single-chip SDR. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/YC8L8L/ Saal GLITCH Adam Batori Robert Pafford PUBLISH 7YDWFB@@cfp.cccv.de -7YDWFB Biological evolution: writing, rewriting and breaking the program of life en en 20241229T164000 20241229T172000 0.04000

Biological evolution: writing, rewriting and breaking the program of life

The history of life abounds with examples of how biological evolution repurposes old tools for new functions. Feathers, indispensable for bird flight, first appeared in dinosaurs, where they served an entirely different purpose: to stay warm in the Jurassic winter. Analogously, the proteins that focus light in the lens of our eyes originally functioned as metabolic enzymes. One of evolution’s most transformative repurposing events is the emergence of multicellularity — a transition that laid the groundwork for complex life as we know it. Before multicellularity evolved, single cells lived autonomously, each with their own genetic program to find food and survive harsh environments. Evolution repurposed these cellular programs, to organise self-sufficient cells into cooperative multicellular groups, with surprising new capabilities and collective survival strategies. For example, cells in the group can divide tasks among each other and share resources, paving the way for the extreme specialisation we find in the organs of modern animals. Our computational models simulate this evolutionary transition to explore how the rewriting of cellular programs sets the stage for further biological innovations. One striking insight from our computational approach is that it requires little input data to generate novel solutions to evolutionary problems, revealing an inherent efficiency in biological systems that stands in contrast to modern generative AI. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/7YDWFB/ Saal GLITCH Enrico Sandro Colizzi Renske Vroomans PUBLISH H8QNQX@@cfp.cccv.de -H8QNQX High energy physics aside the Large Hadron Collider en en 20241229T173500 20241229T181500 0.04000

High energy physics aside the Large Hadron Collider

Developed in the 1950s to 1960s, the standard model of particle physics has been a huge success. However, there are parts it cannot describe: * During the big bang the same amount of matter and anti-matter should have been produced, and they should have annihilated only leaving light. But here we are, so there must have been some sort of imbalance or asymmetry. With our current understanding of particle physics and the big bang we cannot explain the amount of asymmetry necessary to explain our existence. So why are we here? * We found that neutrinos do have mass, while the SM predicts them to be massless. So why do neutrinos have mass and where does it come from? * The orbital velocities of stars in distant galaxies show deviations from expectations if only visible matter is taken into account. These deviations in the galaxy rotational curves hints to additional matter which nowadays we call "dark matter". But what is its origin * The universe seems to expand with an increasing rate, but what is the driver behind this rate? We now describe this as "dark energy" but do not really know what it is made of. * ... Cosmology, astrophysics, and high energy physics are working on solving these mysteries. While the first two require observations of space and simulations on earth, the last one can be fully conducted on earth. In high energy physics we currently are following to paths of finding physics beyond our current understanding called the "standard model" of particle physics: direct and indirect discoveries. This can be achieved by testing ever higher energies, or by probing known processes with improved precision. The discovery of the Higgs Boson in 2012 was of the first category, a direct discovery at high energies. Flavour factories work differently. They operate at much lower energies (about 1000 times lower than the Large Hadron collider), but are collecting huge amounts of data to precisely test the standard model to find hints for unknown physics effects. One of the current flavour physics experiments is Belle II in Japan. There physicists try to find hints explaining the asymmetry between matter and anti-matter seen at the big bang, and are searching for dark matter candidates, as well as other indications of deviations from the standard model. By precisely measuring the standard model processes it is possible check for particles 10,000 times heavier than the energies used in Belle II, and 10 times heavier of what the LHC can achieve in direct searches. This talk focuses on the challenges that modern high energy physics experiments, as well as other experiments are facing, and how to tackle them, as well as the public relevance of the research fields. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/H8QNQX/ Saal GLITCH Christian Wessel PUBLISH XUE8CS@@cfp.cccv.de -XUE8CS Drawing with circuits – creating functional and artistic PCBs together en en 20241229T191500 20241229T195500 0.04000

Drawing with circuits – creating functional and artistic PCBs together

Circuit boards are increasingly being made to be seen. Whether they're personal or commercial, many projects show off their PCBs in an array of shapes, colours and sizes instead of hiding them in enclosures. While making an electronic design work correctly and making it look amazing are not conflicting goals, they do require very different skillsets. If you are not one of the rare people whose expertise spans both graphic and electronic design, it may feel very daunting to collaborate with someone who has a very different skillset. You must figure out what you don't know about each other's fields, what the other needs to know, and find the right language to bridge that divide. We will share our experience of working together as circuit designer and artist, and will talk about: - the possibilities and constraints of modern PCB technology as a medium for visual art - turning a functional electronic design into an artistic playground - our experience of communicating across fields of expertise, developing a common language and conveying essential ideas without getting in each other's way - some fantastic free software for art and electronic design - sample workflows for embellishing circuits - what PCB design software and manufacturers expect and how to get away with doing "weird" things - many examples of beautiful things we and others have made We hope this will inspire and encourage you to make your own beautiful collaborative designs a reality. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/XUE8CS/ Saal GLITCH Kliment Morag Hickman PUBLISH STEVPR@@cfp.cccv.de -STEVPR Ultrawide archaeology on Android native libraries en en 20241229T201500 20241229T205500 0.04000

Ultrawide archaeology on Android native libraries

A rumor has been going around: Android developers are slow to update native dependencies, leaving vulnerabilities unpatched. In this talk we will show how *wrong* this rumor is: Android developers are not slow to patch - they never heard of the word patching. We conduct a massive study over the every single app ever published on Android (more than 8 million!). We explore trendy topics like Play Store scraping, Androzoo scraping, Maven repository scraping, the state of the Android ecosystem, binary similarity state-of-the-art methods vs binary similarity pre-historic methods, and the consequences of thinking you know how databases work when you actually don't. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/STEVPR/ Saal GLITCH Luca Di Bartolomeo (cyanpencil) Rokhaya Fall PUBLISH LVVRLL@@cfp.cccv.de -LVVRLL Klimaschädlich by Design – die ökologischen Kosten des KI-Hypes de de 20241229T211000 20241229T215000 0.04000

Klimaschädlich by Design – die ökologischen Kosten des KI-Hypes

Sogenannte „Generative KI“ ist nicht nur ein Hype-Thema in Politik und Gesellschaft, mit ihr schießen auch die benötigten Rechenkapazitäten in die Höhe. Der Energiebedarf ist so hoch, dass Google, Microsoft und Meta 2024 nacheinander ihre Klima-Ziele zurücknahmen und nun auf dubiose Kernkraft-Lösungen umsteigen wollen. Das hat System, denn Big Tech entwickelt und finanziert nicht nur die gehypten KI-Anwendungen, die gleichen Konzerne bieten auch die benötigten Cloud-Kapazitäten an. Von Chile, Spanien bis nach Taiwan – weltweit regen sich Proteste gegen die Infrastruktur hinter dem KI-Boom, von neuen Bergbauprojekten, Chipfabriken bis zu Hyperscale-Rechenzentren. Der steigende Energie-, Wasser- und Ressourcenverbrauch feuert die Klimakrise an, bedroht Ökosysteme und verletzt indigene Landrechte – für erhoffte Milliardengewinne auf der Seite von Big Tech. In diesem Vortrag schauen wir auf die ökologischen und menschenrechtlichen Kosten des KI-Booms. Wir tragen die Fakten zusammen und liefern kritische Analysen und Argumentationshilfen zum KI-Hype. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/LVVRLL/ Saal GLITCH Friederike Karla Hildebrandt Constanze Kurz PUBLISH JLJGB8@@cfp.cccv.de -JLJGB8 Mushroom-DJs, Strong AI & Climate Change: Connecting the Dots with Artistic Research en en 20241229T220500 20241229T224500 0.04000

Mushroom-DJs, Strong AI & Climate Change: Connecting the Dots with Artistic Research

Artistic research takes the exploratory impulse of art and combines it with the wish for knowing the world that characterizes scientific research. It is neither science communication, nor purely artistic practice - it is located somewhere in between. As a field of its own, artistic research is still relatively young; at ZKM | Center for Art and Media, Karlsruhe, we explore what this means in the context of one of Europe's oldest media art institutions. Our six themes - lifecycles, connect, a common(s) world, ai-lab, post-human world, fellow futures - guide us in what we hope is a contribution to larger discourses from the point of view of art. With examples and projects, this talk will illuminate artistic research practices, its benefits and challenges and how having a hacker mindset is the first step into becoming an artistic researcher. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/JLJGB8/ Saal GLITCH twena PUBLISH UR9CYP@@cfp.cccv.de -UR9CYP How election software can fail en en 20241229T230000 20241230T000000 1.00000

How election software can fail

After critically following the elections for 8 years from the outside, a hacker was employed as one of the functional administrators of the software supporting the elections. Sharing experiences of the use of election software during 7 elections (2020-2023), from local, national to European in The Netherlands. A governmental software project with strict deadlines, and high security expectations. The software project for elections in The Netherlands is build an IT organization [owned by German local governments](https://www.regioit.de/unternehmen/zahlen-daten-fakten). More than 10.000 Java files, what can possible go wrong? During this time multiple emergency patches were needed and incidents occur. Although at first explicitly *not* hired as a coder, within 3 months a Java code contribution was made that was unexpectedly more crucial than anticipated. This talk will show some incidents with the election software in The Netherlands: how the software failed, and when/how it was discovered. Go over how seeing the elections from the outside, and give some history of voting computers and software. Ending with some reflecting on the future. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/UR9CYP/ Saal GLITCH Benjamin W. Broersma PUBLISH WDCRSE@@cfp.cccv.de -WDCRSE Mal was mit Holz de de 20241230T001500 20241230T005500 0.04000

Mal was mit Holz

Holz ist als nachwachsender Rohstoff ein umweltfreundliches Baumaterial, hat als Naturprodukt jedoch seine Eigenheiten. Der Vortrag geht auf die Basics der Holzbearbeitung ein, worauf geachtet werden muss und wie stabile Verbindungen oft völlig ohne Leim oder Schrauben hergestellt werden können. Die Bilder dazu verfolgen zwei Projekte von der Konstruktionszeichnung über die rohen Bohlen bis zum fertigen Produkt und geben Einblicke in das Handwerk, das oft auch ohne Maschinen auskommen kann. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/WDCRSE/ Saal GLITCH Metal_Warrior PUBLISH MCGKUA@@cfp.cccv.de -MCGKUA From Simulation to Tenant Takeover en en 20241230T110000 20241230T114000 0.04000

From Simulation to Tenant Takeover

This talk is the result of what happens when you ask a hacker to simply automate sending out a phishing simulation. My first attempt with Microsoft's new Attack Simulation platform resulted in three bug bounties for the most trivial vulnerabilities and no more faith in the product. Then I tried building a phishing simulation program myself and the last thing I needed was to allowlist my IP address in Exchange Online. I ended up in a rabbit hole where I discovered that Microsoft outsourced their support department to a Chinese company that wanted all my access tokens. I then tried intercepting client-side requests made by the Security & Compliance center with the goal of replaying these to a backend API, only to discover that by fiddling with some parameters I could now hijack remote PowerShell sessions and access Microsoft 365 tenants that were not mine. Tenants where I could now export everything, e-mail, files, etc. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/MCGKUA/ Saal 1 Vaisha Bernard PUBLISH 33YLTY@@cfp.cccv.de -33YLTY Ten Years of Rowhammer: A Retrospect (and Path to the Future) en en 20241230T120000 20241230T124000 0.04000

Ten Years of Rowhammer: A Retrospect (and Path to the Future)

In 2014, Kim et al. reported a new disturbance effect in modern DRAM that they called Rowhammer. The Rowhammer effect flips bits in inaccessible memory locations just by reading the content of nearby memory locations that are attacker-accessible. They trigger the Rowhammer effect by accessing memory locations at a high frequency, using memory accesses and flushes. The root problem behind Rowhammer is the continuous increase in cell density in modern DRAM. In early 2015, Seaborn and Dullien were the first to demonstrate the security impact of this new disturbance effect. In two different exploit variants, they demonstrated privilege escalation from the Google Chrome NaCl sandbox to native code execution and from unprivileged native code execution to kernel privileges. Later, in 2015, Gruss et al. demonstrated that this effect can even be triggered from JavaScript, which they presented in their talk "Rowhammer.js: Root privileges for web apps?" at 32C3. Now, in 2024, it is precisely 10 years after Rowhammer was discovered. Thus, we believe it is time to look back and reflect on the progress we have made. We have seen a seemingly endless cat-and-mouse security game with a constant stream of new attacks and new defenses. We will discuss the milestone works throughout the last 10 years, including various mitigations (making certain instructions illegal, ECC, doubled-refresh rate, pTRR, TRR) and how they have been bypassed. We show that new Rowhammer attacks pushed the boundaries further with each defense and challenge. While initial attacks required native code on Intel x86 with DDR3 memory, subsequent attacks have also been demonstrated on DDR4 and, more recently, DDR5. Attacks have also been demonstrated on mobile Arm processors and AMD x86 desktop processors. Furthermore, instead of native code, attacks from sandboxed JavaScript or even remote attacks via network have been demonstrated as well. Furthermore, we will discuss how the Rowhammer effect can be used to leak memory directly, as well as related effects such as Rowpress. We will discuss these research results and show how they are connected. We will then talk about the lessons learned and derive areas around the Rowhammer effect that have not received sufficient attention yet. We will outline what the future of DRAM disturbance effects may look like, covering more recent effects and trends in computer systems and DRAM technology. Finally, an important aspect of our talk is that we invite everyone to contribute to solving one of the biggest unanswered questions about Rowhammer: What is the real-world prevalence of the Rowhammer effect? How many systems, in their current configurations, are vulnerable to Rowhammer? As large-scale studies with hundreds to thousands of systems are not easy to perform, such a study has not yet been performed. Therefore, we developed a new framework to check if your system is vulnerable to Rowhammer, incorporating the state-of-the-art Rowhammer techniques and tools. Thus, we invite everyone to participate in this unique opportunity at 38C3 to join forces and close this research gap together. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/33YLTY/ Saal 1 Daniel Gruss Martin Heckel Florian Adamsky PUBLISH NJXH8N@@cfp.cccv.de -NJXH8N All Brains are Beautiful! – The Biology of Neurodiversity en en 20241230T125500 20241230T133500 0.04000

All Brains are Beautiful! – The Biology of Neurodiversity

This talk gives an introduction about the extent of variability in neuronal patterns that underlies neurodiversity and critically discusses the idea of neurodivergence, diagnosis criteria in Autism and ADHD from a biological and affected person-perspective. It aims to clear up stereotypes, dogmas that still stick in our society and provides latest insights from science and community about what makes our brains work so differently. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/NJXH8N/ Saal 1 Marcello PUBLISH 3QG7TT@@cfp.cccv.de -3QG7TT identity theft, credit card fraud and cloaking services – how state-sponsored propaganda makes use of the cyber criminal toolbox en en 20241230T135000 20241230T143000 0.04000

identity theft, credit card fraud and cloaking services – how state-sponsored propaganda makes use of the cyber criminal toolbox

Its goal is to undermine the support for Ukraine and polarize Western states: For more than two years, the Russian disinformation campaign Doppelgänger has been running on social networks and its own portals. Despite sanctions, the affected countries have not been able to stop the campaign. This is also because the architects of the campaign employ methods tried and tested by cyber criminals: Identity theft, use of stolen credit cards, bulletproof hosting, cloaking services and multi-level forwarding mechanisms. Research by CORRECTIV and Qurium based on data provided by Antibot4Navalny has uncovered the technical infrastructure of the campaign. The talk guides the audience through details of the new potential alliance between the Russian state and the criminal world. It raises questions about the accountability of authorities and platforms and opens the discussion to the possibilities and limits of resistance against malign foreign influences in the digital sphere. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/3QG7TT/ Saal 1 Alexej Hock Max Bernhard PUBLISH EAT3WZ@@cfp.cccv.de -EAT3WZ Find My * 101 en en 20241230T144500 20241230T152500 0.04000

Find My * 101

Apple's "Find My" network has been online for more than 5 years. Google has launched its own variant "Find My Device" this year. The Apple protocol has been previously reverse-engineered, while Google's specs are publicly available. Both take part in Detecting Unwanted Location Trackers (DULT), an IETF draft. Underlying this is standard Bluetooth Low Energy (BLE) which can be analyzed, and toyed with, with all the standard BLE research tools. I'll show how to sniff and interact with these trackers using tools that many hackers might already have available. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/EAT3WZ/ Saal 1 Henryk Plötz PUBLISH MHXP8Q@@cfp.cccv.de -MHXP8Q Implantable Cardiac Devices - Security and Data Accessibility en en 20241230T154500 20241230T162500 0.04000

Implantable Cardiac Devices - Security and Data Accessibility

CIEDs may adversely affect patients implanted with such devices should their security be compromised. Although some efforts to secure these devices can be noted, it has quite often been lacking and may thus enable patient harm or data confidentiality compromise by malicious actors. Given the vast consequences of security vulnerabilities within this industry, the author aims to provide insight into the challenges associated with designing security architectures for such platforms, as well as possible methodology of researching these devices safely even when lacking manufacturer cooperation and access to device programmers. Data collected by CIEDs and transmitted through remote monitoring is an additional concern for patients. Whilst research has shown that most manufacturers do respond in a timely and comprehensive fashion to GDPR requests, immediate data access is not yet possible and requires the patient to reach out to their doctors to obtain the requisite (event) data. A proposed solution is presented on how a patient communicator may be designed to allow patients interested in their autonomy to perform limited device interrogation in a safe and secure manner. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/MHXP8Q/ Saal 1 dilucide PUBLISH SDFDUW@@cfp.cccv.de -SDFDUW Security Nightmares de de 20241230T164000 20241230T174000 1.00000

Security Nightmares

Es ist wieder ein Jahr vergangen und niemand ist von einem Smartmeter erwürgt worden: Ist überhaupt etwas Berichtenswertes passiert? Und wenn nein, wird es denn nächstes Jahr wenigstens schlimmer? Wir betrachten das vergangene Jahr, versuchen Muster zu erkennen und zu ahnen, wie es weitergehen muss, denn vorgewarnt zu sein, heißt gewappnet zu sein. Und sei es nur mit Popcorn und „In Übereinstimmung mit der Prophezeihung!“-Schildern. Publikumseinwürfe willkommen. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/SDFDUW/ Saal 1 Ron Constanze Kurz PUBLISH VZCYSX@@cfp.cccv.de -VZCYSX 38C3: Return to legal constructions en en 20241230T180000 20241230T184000 0.04000

38C3: Return to legal constructions

Gather round and take a deep breath and enjoy the unique atmosphere before you will feel the spirit again at the next hacker event close to you. PUBLIC CONFIRMED Ceremony https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/VZCYSX/ Saal 1 Gabriela Bogk Aline Blankertz PUBLISH RWD9LP@@cfp.cccv.de -RWD9LP Longtermismus – der „Geist“ des digitalen Kapitalismus de de 20241230T110000 20241230T114000 0.04000

Longtermismus – der „Geist“ des digitalen Kapitalismus

Longtermismus ist die neue Hype-Ideologie des Silicon Valley. Elon Musk und Sam Altman haben sich als Anhänger geoutet, er ist die offizielle Firmenpolitik von OpenAI. Longtermismus postuliert, dass wir uns nicht mit der Gegenwart oder der nahen Zukunft beschäftigen sollten, sondern unser politisches Hauptaugenmerk auf die Entwicklung eines Computerhimmels in ferner Zukunft richten sollten. Zentral sind dabei Annahmen über die Entwicklungsmöglichkeiten von künstlicher Intelligenz, die deutlich religiöse Züge tragen. Der Vortrag stellt die Ergebnisse soziologischer Forschung zu dieser neuen Ideologie vor. Denn so neu ist das ganze gar nicht. Die „Moral“ des Longtermismus passt erstaunlich gut zu den Geschäftszielen der Digitalkonzerne und macht aus diesen eine Metaphysik. Diese soziale Funktion des Longtermismus ähnelt damit der Funktion, die Max Weber für den Protestantismus als „Geist“ des Kapitalismus im Frühkapitalismus ausgemacht hat. Wie der Protestantismus früher dient der Longtermismus heute einerseits als metaphysische Rechtfertigung der Geschäftsmodelle von Unternehmen und andererseits als individuelle Moral, die ihre Anhänger*innen zu mehr Leistung animieren soll. Gegenwärtig erleben wir einen Rechtsruck im Longtermismus, dessen prominente Vertreter*innen wie Elon Musk oder Peter Thiel sich offen für Donald Trump positionieren. Auch hier ähnelt die Entwicklung des Longtermimsus vergleichbaren früheren Ideologien. Klassische Analysen zeigen, warum individualistische Leistungsideologien das Potenzial haben, in eine faschistische Richtung zu kippen. Der Rechtsruck der Silicon-Valley-Eliten wird so verständlich. Abschließend wird auf den Einfluss von Musk und Thiel auf die US-Wahlen eingegangen und versucht, die weitere Entwicklung abzuschätzen. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/RWD9LP/ Saal ZIGZAG Max Franz Johann Schnetker PUBLISH HFPUYT@@cfp.cccv.de -HFPUYT Moving with feelings: Behind the scenes of a one man show mobile & fiber operator in Spain en en 20241230T120000 20241230T124000 0.04000

Moving with feelings: Behind the scenes of a one man show mobile & fiber operator in Spain

The issues with data privacy are being discussed more than ever. However, from the end user perspective, it is difficult to understand the full extent of the impact on their privacy when using well known "free" services or maybe acquired hardware like a vacuum cleaner or a cooking robot. On the other side, there are projects that demonstrate that they can do business respecting their users. One way to start to take care of your privacy is by using free software, but this software needs to be high quality, easy to use for the end user, has to be documented in a clear way and has to resolve issues and bugs as fast as possible. This is very hard work for the developers, so their work has to be compensated. Last but not least, the right to repair plays a big role for being technologically sovereign. It's as important to be aware of your privacy when using online services as it is to know how repairable and privacy-respecting hardware is before you buy it. Can you fight for and support what you believe in while doing business? I think so! Let's talk about it. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/HFPUYT/ Saal ZIGZAG Edgar Saumell Oechsle PUBLISH WU87FV@@cfp.cccv.de -WU87FV GLAM zwischen LOD und ¯\_(ツ)_/¯. Museumskritik für Hacker*innen de de 20241230T125500 20241230T133500 0.04000

GLAM zwischen LOD und ¯\_(ツ)_/¯. Museumskritik für Hacker*innen

GLAM = Abkürzung für Sammlungsinstitutionen: Galleries, Libraries, Archives, Museums LOD = Buzzword in Museen: Linked Open Data ¯\_(ツ)_/¯ = Platzhalter für: Lass irgendwas mit KI, Google Arts & Culture, Facebook Metaverse machen! Als vor vier Jahren mein Forschungsprojekt zur Digitalisierung in Museen losging habe ich meine ersten Ideen auf der rC3 präsentiert ("Wie können wir das digitale Museum aufhalten"). Und jetzt möchte ich die Ergebnisse aus vier Jahren Forschung zur Digitalisierung von Museen teilen. Meine Quellen sind vor allem die Jahresberichte der Staatlichen Museen zu Berlin seit 1990, und die Digitalstrategien der Deutschen Bundesregierung, mit ihrem Fokus auf Künstliche Intelligenz, Virtual Reality und Vernetzte Daten, die zum Beispiel die Millionenprojekte "museum4punkt0" und "Datenraum Kultur" beinhalten. Ich zeige größere Entwicklungen und Konflikte und viele Beispiele, alles anhand der Frage: Welche Brücken können wir bauen zwischen Museumskritik und Datenpolitik? PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/WU87FV/ Saal ZIGZAG Lukas Fuchsgruber PUBLISH YLNEYH@@cfp.cccv.de -YLNEYH From Convenience to Contagion: The Libarchive Vulnerabilities Lurking in Windows 11 en en 20241230T135000 20241230T143000 0.04000

From Convenience to Contagion: The Libarchive Vulnerabilities Lurking in Windows 11

We will introduce the new Compressed Archived folder feature in Windows 11 and review the vulnerabilities of the previous Compressed (zipped) folder. Next, we will explain how we analyzed the libarchive that Windows 11 introduced to support various compression formats. Despite extensive fuzz testing by OSS-Fuzz, we discovered several vulnerabilities in libarchive through code review and fuzzing, including an RCE (Remote Code Execution) vulnerability. Finally, we will use the ClickHouse case to explain how we triggered an RCE vulnerability in ClickHouse while the patch had not been merged upstream. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/YLNEYH/ Saal ZIGZAG NiNi Chen PUBLISH WHDXXH@@cfp.cccv.de -WHDXXH corebooting Intel-based systems en en 20241230T144500 20241230T152500 0.04000

corebooting Intel-based systems

Corebootable or not corebootable, that is the question. The nerdiest nerds already corebooted their old X230 ThinkPads... but what about your new ThinkPad, or even your gaming rig? Well, Intel has a trick called the "BootGuard" inside the Management Engine. It is supposed to protect the firmware and only allow updates from signed sources... somewhat like the Secure Boot. This means we can't coreboot our newer machines, right? ..right? Well, for that to work... it needs team-play between OEMs and Intel, which doesn't always work out. In this talk you will learn how to port coreboot to modern Intel systems - how we did it and even got to game on them. We'll go over coreboot development, tell you how to find ~~potential subjects~~ compatible mainboards and what it would take to boot on them!). We'll explain what are "payloads", which one is right for you, and what it takes to make such system run mainline Linux. We'll also take a look at current state of AMD systems and how they're doing with OpenSIL (which will replace AGESA in the coming years). PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/WHDXXH/ Saal ZIGZAG aprl elly PUBLISH PEN9QU@@cfp.cccv.de -PEN9QU Dude, Where's My Crypto? - Real World Impact of Weak Cryptocurrency Keys en en 20241230T110000 20241230T114000 0.04000

Dude, Where's My Crypto? - Real World Impact of Weak Cryptocurrency Keys

In July 2023, people in our circle of friends noticed a series of seemingly impossible cryptocurrency thefts, which added up to over one million US dollars. A common denominator was discovered across the set of victims we knew: the wallet software `libbitcoin-explorer`. Vulnerable versions used a weak pseudorandom number generator when creating cryptocurrency wallets. Within a short period of time, we disclosed the vulnerability, [CVE-2023-39910](https://milksad.info/disclosure.html). Using this weakness, attackers were able to compute private keys of victims, which is supposed to be impossible under normal circumstances. In this talk we * 📜 - tell the story of uncovering a digital currency heist * 🌐 - dive into similar vulnerabilities * 🔍 - trace the movement of coins * ⚖ - outline ethical challenges of cryptocurrency security research * 🛡 - explore methods to defend and protect against this bug class Our intention is to share the story of how little details can have big consequences and the importance of quality chaos. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/PEN9QU/ Saal GLITCH John Naulty PUBLISH BQFULL@@cfp.cccv.de -BQFULL Is Green Methanol the missing piece for the Energy Transition? en en 20241230T120000 20241230T124000 0.04000

Is Green Methanol the missing piece for the Energy Transition?

Methanol is the simplest carbon-containing liquid and is currently almost exclusively made from fossil fuels. However, it could be made by utilizing renewable energy, green hydrogen, and carbon dioxide, and such green methanol could play an important role in a climate-neutral future - both as a fuel and as a chemical feedstock[1]. Methanol is relatively easy to store and transport. It could provide energy during times with little sun and wind and possibly even balance multi-year fluctuations [2][3]. It could also serve as a shipping fuel and, indirectly, help make aviation fuels. Furthermore, it could form the basis of a fossil-free production of chemical products like plastics [4][5]. That raises important questions about stranded assets in today's chemical industry, as the existing plastic production with steam crackers could become obsolete. Despite its prospects, methanol is no magic silver bullet. Making it from CO2 requires enormous amounts of energy. It should be used carefully and only where efficient direct electrification is infeasible (no methanol car, sorry). Alternative production pathways using climate-friendly biomass and waste have turned out to be challenging in the past, but they could lower some of the enormous energy needs. [1] https://industrydecarbonization.com/news/from-coal-enabler-to-the-minimal-green-methanol-economy.html [2] https://www.cell.com/joule/abstract/S2542-4351(23)00407-5 [3] https://industrydecarbonization.com/news/should-we-burn-methanol-when-the-wind-does-not-blow.html [4] https://www.pnas.org/doi/full/10.1073/pnas.1821029116 [5] https://industrydecarbonization.com/news/how-to-make-plastics-without-fossil-fuels.html PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/BQFULL/ Saal GLITCH Hanno Böck PUBLISH WCUKHB@@cfp.cccv.de -WCUKHB Going Long! Sending weird signals over long haul optical networks en en 20241230T125500 20241230T133500 0.04000

Going Long! Sending weird signals over long haul optical networks

Computer network operators depend on optical stuff everywhere as it is what glues together our interconnected world. But most of the industry is running the same kinds of signals down the optical transceivers. As part of my need to "Trust, but verify" I wanted to check my assumptions on how the business end of modern optical modules worked, so join me in a adventure of sending weird signals many kilometres, and maybe set some records for the most wasteful bandwidth utilisation of optical spectrum in 2024! In this talk we will cover the basis of optical networks, how it fits in with networking, some of the weird things pluggable optics do, the perhaps odd industry defacto standards, and bending the intended use cases of existing tech to make signals that would would deeply probably confuse a modest signals intelligence agency PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/WCUKHB/ Saal GLITCH Ben Cartwright-Cox PUBLISH F7MSNF@@cfp.cccv.de -F7MSNF Microbes vs. Mars: A Hacker's Guide to Finding Alien Life en en 20241230T135000 20241230T143000 0.04000

Microbes vs. Mars: A Hacker's Guide to Finding Alien Life

I am a PhD student in astrobiology and planetary science at the University of Hong Kong and want to introduce you to the exciting research that is happening in the search for life on Mars. We will talk about what Earth and Mars looked like 3 billion years ago, you will get to know some truly weird microbes, learn about the instruments on Mars rovers and the exciting upcoming Mars sample return missions. I will also share highlights from my own research and fieldwork in Mars-like environments: From growing extremophiles in the lab to testing planetary rovers on Mount Etna, and research adventures in the remote deserts of the Atacama and western China. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/F7MSNF/ Saal GLITCH Anouk Ehreiser PUBLISH PRLP7M@@cfp.cccv.de -PRLP7M Von Ionen zu Daten: Die Funktionsweise und Relevanz von (Quadrupol-)Massenspektrometern de de 20241230T144500 20241230T152500 0.04000

Von Ionen zu Daten: Die Funktionsweise und Relevanz von (Quadrupol-)Massenspektrometern

Massenspektrometer aus der Hacker-Perspektive: Die Massenspektrometrie mag auf den ersten Blick kompliziert wirken, doch mit einem grundlegenden Verständnis der Physik und etwas logischem Denken kann man sich überraschend gut in diese Welt einarbeiten. Ich beschäftige mich seit vier Jahren intensiv mit Massenspektrometern – eine Technik, die mich immer mehr fasziniert und in die ich tief eintauche. Dieser Vortrag richtet sich an alle, die bisher wenig bis gar nichts über Massenspektrometrie wissen und erklärt auf zugängliche Weise, wie (Quadrupol-)Massenspektrometer funktionieren und warum sie so entscheidend für die chemische Analyse sind. Wir schauen uns an, wie diese Geräte auf molekularer Ebene arbeiten und welche spannenden Anwendungen es gibt, die unseren Alltag beeinflussen. Dabei werden die physikalischen Grundlagen verständlich erklärt, sodass jeder – auch ohne Vorkenntnisse – nachvollziehen kann, wie und warum diese Technologie so wichtig ist. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/PRLP7M/ Saal GLITCH Sally PUBLISH DFATXZ@@cfp.cccv.de -DFATXZ Philosophical, Ethical and Legal Aspects of Brain-Computer Interfaces en en 20241230T154500 20241230T162500 0.04000

Philosophical, Ethical and Legal Aspects of Brain-Computer Interfaces

Human minds and machines, or organic and artificial intelligence (AI), are increasingly merging through neurotechnologies such as Brain-Computer-Interfaces (BCIs) that may record or alter brain activity. While most current devices are developed and used for rehabilitative purposes, more and more consumer devices are about to come on the market, and some stakeholders such as Elon Musk and his company Neuralink pursue more transhumanist objectives. This merging of minds and machines raises multiple intriguing philosophical, ethical, and legal questions: Do these devices become part of the person, even more, might the AI operating these devices become part of her? (I argue that it does under certain conditions, creating the most intimate conceivable connection between AI and persons). Are there ethical boundaries, and what is the legal situation, especially with respect to human rights? (I call for a renaissance of the right to freedom of thought to provide at least some principled protection for privacy of thought). Moreover, the topic has received the attention of international organizations, which will negotiate the first international treaty on the ethics of neurotechnology under the auspices of UNESCO in the beginning of 2025 (expected to be concluded in late 2025). This will set the standards for the future trajectory of the technology, but whether agreement can be found is to be seen. The EU, US, and China have different regulatory approaches with different visions for the future. This talk addresses these political, philosophical, legal and ethical questions and presents results of an international research cooperation on the topic, HYBRID MIND, that is funded in Germany by the Federal Ministry of Education and Research and comes to its official conclusion during the days of the 38C3. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/DFATXZ/ Saal GLITCH Christoph Bublitz PUBLISH XKW9LG@@cfp.cccv.de -XKW9LG 38C3: Infrastructure Review en en 20241230T164000 20241230T175500 1.01500

38C3: Infrastructure Review

A lot of teams help to make this event happen. This talk gives them the opportunity to show you what they do and how they do it. PUBLIC CONFIRMED Talk https://fahrplan.events.ccc.de/congress/2024/fahrplan/38c3/talk/XKW9LG/ Saal GLITCH nicoduck