DFN Workshop 2011

I had the opportunity to attend the 18th DFN Workshop (I wonder how that link will look like next year) and since it’s a great event I don’t want you to miss out. Hence I’ll try to sum the talks and the happenings up.

It was the second year for the conference to take place in Hotel Grand Elysee in Hamburg, Germany. I was unable to attend last year, so I didn’t know the venue. But I am impressed. It is very spacious, friendly and well maintained. The technical equipment seems to be great and everything worked really well. I am not too sure whether this is the work of the Hotel or the Linux Magazin though.

After a welcome reception which provided a stock of caffeine that should last all day long, the first talk was given by Dirk Kollberg from Sophos. Actually his boss was supposed to give the talk but cancelled it on short notice so he had to jump in. He basically talked about Scareware and that it was a big business.

He claimed that it used to be cyber graffiti but nowadays it turned into cyber war and Stuxnet would be a good indicator for that. The newest trend, he said, was that a binary would not only be compressed or encrypted by a packer, but that the packer itself used special techniques like OpenGL functions. That was a problem for simulators which were commonly used in Antivirus products.

He investigated a big Ukrainian company (Innovative Marketing) that produced a lot of scareware and was in fact very well organised. But apparently not from a security point of view because he claimed to have retrieved a lot of information via unauthenticated HTTP. And I mean a lot. From the company’s employees address book, over ERM diagrams of internal databases to holiday pictures of the employees. Almost unbelievable. He also discovered a server that malware was distributed from and was able to retrieve the statistics page which showed how much traffic the page made and which clients with which IPs were connecting. He claimed to have periodically scraped the page to then compile a map with IPs per country. The animation was shown for about 90 scraped days. I was really wondering why he didn’t contact the ISP to shut that thing down. So I asked during Q&A and he answered that it would have been for Sophos because they wouldn’t have been able to gain more insight. That is obviously very selfish and instead of providing good to the whole Internet community, they only care about themselves.

The presentation style was a bit weird indeed. He showed and commented a pre-made video which lasted for 30 minutes out of his 50 minutes presentation time. I found that rather bold. What’s next? A pre-spoken video which he’ll just play while standing on the stage? Really sad. But the worst part was as he showed private photos of the guy of that Ukrainian company which he found by accident. I also told him that I found it disgusting that he pillared that guy in public and showed off his private life. The people in the audience applauded.

A coffee break made us calm down.

The second talk about Smart Grid was done by Klaus Mueller. Apparently Smart Grids are supposed to be the new big thing in urban power networks. It’s supposed to be a power *and* communications network and the household or every device in it would be able to communicate, i.e. to tell or adapt its power consumption.

He depicted several attack scenarios and drew multiple catastrophic scenarios, i.e. what happens if that Smart Grid system was remotely controllable (which it is by design) and also remotely exploitable so that you could turn off power supply for a home or a house?
The heart of the Smart Grid system seemed to be so called Smart Meters which would ultimately replace traditional, mechanical power consumption measuring devices. These Smart Meters would of course be designed to be remotely controllable because you will have an electrified car which you only want to be charged when the power is at its cheapest price, i.e. in the night. Hence, the power supplier would need to tell you when to turn the car charging, dish or clothes washing machine on.

Very scary if you ask me. And even worse: Apparently you can already get Smart Meters right now! For some weird reason, he didn’t look into them. I would have thought that if he was interested in that, he would buy such a device and open it. He didn’t even have a good excuse, i.e. no time or legal reasons. He gave a talk about attack scenarios on a system which is already partly deployed but without actually having a look at the rolled out thing. That’s funny…

The next guy talked about Smart Grids as well, but this time more from a privacy point of view. Although I was not really convinced. He proposed a scheme to anonymously submit power consumption data. Because the problem was that the Smart Meter submitted power consumption data *very* regularly, i.e. every 15 minutes and that the power supplier must not know exactly how much power was consumed in each and every interval. I follow and highly appreciate that. After all, you can tell exactly when somebody comes back home, turns the TV on, puts something in the fridge, makes food, turns the computer on and off and goes to bed. That kind of profiles are dangerous albeit very useful for the supplier. Anyway, he committed to submitting aggregated usage data to the supplier and pulled off self-made protocols instead of looking into the huge fundus of cryptographic protocols which were designed for anonymous or pseudonymous encryption. During Q&A I told him that I had the impression of the proposed protocols and the crypto being designed on a Sunday evening in front of the telly and whether he actually had a look at any well reviewed cryptographic protocols. He didn’t. Not at all. Instead he pulled some random protocols off his nose which he thought was sufficient. But of course it was not, which was clearly understood during the Q&A. How can you submit a talk about privacy and propose a protocol without actually looking at existing crypto protocols beforehand?! Weird dude.

The second last man talking to the crowd was a bit off, too. He had interesting ideas though and I think he was technically competent. But he first talked about home routers being able of getting hacked and becoming part of a botnet and then switched to PCs behind the router being able to become part of a botnet to then talk about installing an IDS on every home router which not only tells the ISP about potential intrusions but also is controllable by the ISP, i.e. “you look like you’re infected with a bot, let’s throttle your bandwidth”. I didn’t really get the connection between those topics.

But both ideas are a bit weird anyway: Firstly, your ISP will see the exact traffic it’s routing to you whatsoever. Hence there is no need to install an IDS on your home router because the ISP will have the information anyway. Plus their IDS will be much more reliable than some crap IDS that will be deployed on a crap Linux which will run on crappy hardware. Secondly, having an ISP which is able to control your home router to shape, shut down or otherwise influence your traffic is really off the wall. At least it is today. If he assumes the home router and the PCs behind it to be vulnerable, he can’t trust the home router to deliver proper IDS results anyway. Why would we want the ISP then to act upon that potentially malicious data coming from a potentially compromised home router? And well, at least in the paper he submitted he tried to do an authenticated boot (in userspace?!) so that no hacked firmware could be booted, but that would require the software in the firmware to be secure in first place, otherwise the brilliantly booted device would be hacked during runtime as per the first assumption.

But I was so confused about him talking about different things that the best question I could have asked would have been what he was talking about.

Finally somebody with practical experience talked and he presented us how they at Leibniz Rechenzentrum. Stefan Metzger showed us their formal steps and how they were implemented. At the heart of their system was OSSIM which aggregated several IDSs and provided a neat interface to search and filter. It wasn’t all too interesting though, mainly because he talked very sleepily.

The day ended with a lot of food, beer and interesting conversations 🙂

The next day started with Joerg Voelker talking about iPhone security. Being interested in mobile security myself, I really looked forward to that talk. However, I was really disappointed. He showed what more or less cool stuff he could do with his phone, i.e. setting an alarm or reading email… Since it was so cool, everybody had it. Also, he told us what important data was on such a phone. After he built his motivation, which lasted very long and showed many pictures of supposed to be cool applications, he showed us which security features the iPhone allegedly had, i.e. Code Signing, Hardware and File encryption or a Sandbox for the processes. He read the list without indicating any problems with those technologies, but he eventually said that pretty much everything was broken. It appears that you can jailbreak the thing to make it run unsigned binaries, get a dump of the disk with dd without having to provide the encryption key or other methods that render the protection mechanisms useless. But he suffered a massive cognitive dissonance because he kept praising the iPhone and how cool it was.
When he mentioned the sandbox, I got suspicious, because I’ve never heard of such a thing on the iPhone. So I asked him whether he could provide details on that. But he couldn’t. I appears that it’s a policy thing and that your application can very well read and write data out of the directory it is supposed to. Apple just rejects applications when they see it accessing files it shouldn’t.
Also I asked him which protection mechanisms on the iPhone that were shipped by Apple do actually work. He claimed that with the exception of the File encryption, none was working. I told him that the File encryption is proprietary code and that it appears to be a designed User Experience that the user does not need to provide a password for syncing files, hence a master key would decrypt files while syncing.

That leaves me with the impression that an enthusiastic Apple fanboy needed to justify his iPhone usage (hey, it’s cool) without actually having had a deeper look at how stuff works.

A refreshing talk was given by Liebchen on Physical Security. He presented ways and methods to get into buildings using very simple tools. He is part of the Redteam Pentesting team and apparently was ordered to break into buildings in order to get hold of machines, data or the network. He told funny stories about how they broke in. Their tools included a “Keilformgleiter“, “Tuerfallennadeln” or “Tuerklinkenangel“.
Once you’re in you might encounter glass offices which have the advantage that, since passwords are commonly written on PostIts and sticked to the monitor, you can snoop the passwords by using a big lens!

Peter Sakal presented a so called “Rapid in-Depth Security Framework” which he developed (or so). He introduced to secure software development and what steps to take in order to have a reasonably secure product. But all of that was very high level and wasn’t really useful in real life. I think his main point was that he classified around 300 fuzzers and if you needed one, you could call him and ask him. I expected way more, because he teased us with a framework and introduced into the whole fuzzing thing, but didn’t actually deliver any framework. I really wonder how the term “framework” even made it into the title of his talk. Poor guy. He also presented softscheck.com on every slide which now makes a good entry in my AdBlock list…

Fortunately, Chritoph Wegener was a good speaker. He talked about “Cloud Security 2.0” and started off with an introduction about Cloud Computing. He claimed that several different types exist, i.e. “Infrastructure as a Service” (IaaS), i.e. EC2 or Dropbox, “Platform as a Service” (PaaS), i.e. AppEngine or “Software as a Service (SaaS), i.e. GMail or Twitter. He drew several attack scenarios and kept claiming that you needed to trust the provider if you wanted to do serious stuff. Hence, that was the unspoken conclusion, you must not use Cloud Services.

Lastly, Sven Gabriel gave a presentation about Grid Security. Apparently, he supervises boatloads of nodes in a grid and showed how he and his team manage to do so. Since I don’t operate 200k nodes myself, I didn’t think it was relevant albeit it was interesting.

To conclude the DFN Workshop: It’s a nice conference with a lot of nice people but it needs to improve content wise.

Oh srsly? 300MBs for a scanner driver (/.-)

My granny asked me to bring her a driver for her all-in-one scanner thingy, because it would take her too long to download it. Well, I wasn’t too sure whether it’s HP’s fault by not supporting the generic classes or Windows 7‘s fault by not implementing the USB Printer or Scanner class driver (But they should). However, I didn’t think a driver can be that huge. However, HP supposes you to download 290 whopping MB! For making their product work!

But they are serious. You cannot download anything smaller than that. ๏̯͡๏ I thought they were kidding me. Must be a very complicated device… Well, I’m copying their BLOBs onto a pendrive now…

Freedom not Fear 2010 on 2010-09-11 in Berlin

Call for Action!

Do you in or near Berlin? Or just happen to be there on 2010-09-11? Then go out for once! It’s good for your body, your mind and society. Again, Freedom Not Fear will take place and you are most welcome to join! You’re not in Berlin, great! Freedom not Fear will also take place in

The demands are:

1. Cutbacks on surveillance measures

  • abolition of the blanket logging of our communication and locations (data retention)
  • abolition of the blanket collection of our biometric data as well as RFID passports
  • protection from surveillance at the workplace by introducing effective labour data protection laws
  • no permanent student ID numbers
  • no handing over of personal information without cause; no European wide standardized state run collection of information (Stockholm Program)
  • no systematic surveillance of monetary transactions or any other mass data analysis within the EU (Stockholm Program)
  • no information exchange with the US or any other state lacking effective data protection laws
  • abolition of permanent CCTV camera surveillance and ban of all behavioral detection techniques
  • no blanket registration of passengers traveling with airlines or by boat (PNR data)
  • no secret searches of private computer systems, neither online nor offline
  • no introduction of the e-health insurance card in the presently planned form
  • no systematic surveillance of financial transactions data or similar mass data analysis in the EU (SWIFT)
  • no blanket registration of all air and sea travellers (PNR data)
  • no automated registration of vehicle number plates and locations
  • no secret searches of private computer systems, neither online nor offline

2. Evaluation of existing surveillance powers

We call for an independent review of all existing surveillance powers as to their effectiveness, proportionality, costs, harmful side-effects and alternative solutions. We particularly call on the European parliament to immediately re-evaluate existing and planned projects on interior security that restrict fundamental rights of the people in Europe.

3. Moratorium on new surveillance powers

Following the “arms race” in security measures over the past few years, we demand an immediate stop to new interior security laws that further restrict civil liberties.

4. Ensure freedom of expression, dialogue and information on the Internet

  • safeguard net neutrality with binding laws
  • keep the Internet free, unfiltered and uncensored, without blocking lists or pre-publication controls, neither by state institutions nor by Internet service providers
  • no Internet disconnection policies (“three strikes”, “graduated response”)
  • outlaw installation of filtering infrastructures on ISP networks
  • content deletion must require an order by an independent and impartial judge, the right to legal recourse must be ensured
  • establish a digital Human Rights Charter for the 21st century, with global protections of digital civil rights
  • introduction of an unlimited right to quote multimedia content, which nowadays is indispensable for public debate in democracies
  • protection of internet platforms for preserving the free expression of opinion (participatory websites, forums, comments on blogs etc.), which nowadays is threatened by inadequate laws encouraging self-censorship (chilling effect)

Cleanternet – campaign for a cleaner and safer Internet – cleanternet.org from alexanderlehmann on Vimeo.

Freedom Not Fear 2010

Key Rollover

I have deprecated my OpenPGP Key 0xAA208D9E in favour of a new key 0x059B598E. So please use this new key which you can find, i.e. here.

muelli@bigbox ~ $ gpg --fingerprint --list-key 0x059B598E
pub   1024D/059B598E 2010-06-23 [expires: 2015-06-22]
      Key fingerprint = 610C B252 37B3 70E9 EB21  08E8 9CEE 1B6B 059B 598E
uid                  Tobias Mueller
sub   4096g/C71F0BE4 2010-06-23 [expires: 2015-06-22]

muelli@bigbox ~ $

If you’ve signed my old key, you might as well sign my new one (verifying that it’s correctly signed with the old key), assuming that my identity hasn’t changed. I recommend using caff to do so.

WTFOTM: ISO 3103 or Howto make tea

Another sequel in the series WTF of the month: It’s a standard, namely ISO 3103 that clarifies …*drumroll*… how to make tea…

I somehow came across ISO 3103 and my initial thought was: WTF?!

The method consists in extracting of soluble substances in dried tea leaf, containing in a porcelain or earthenware pot, by means of freshly boiling water, pouring of the liquor into a white porcelain or earthenware bowl, examination of the organoleptic properties of the infused leaf, and of the liquor with or without milk or both.

Admittedly, the: (from Wikipedia)

[…] standard is not meant to define the proper method for brewing tea, but rather how to document tea brewing procedure so sensory comparisons can be made. An example of such test is a taste-test to establish which blend of teas to choose for a particular brand in order to maintain a consistent tasting brewed drink from harvest to harvest.

So now go and fix your tea making process to be standard compliant…

WTFOTM: Hotels warming your bed

My favourite service, in the series WTFOTM, of this month is *drumroll* a Hotel that sends its employees, wearing an electric blanket, to your bed to warm it up for you.

A hotel chain is employing human bed warmers to help guests get a good night’s sleep.

There’s nothing wrong with having a warm bed, but having hotel employees warming that up for you?! That just feels a bit weird and thus: WTF?!

IRISS Conference 2009

I had the joy to attend the first annual IRISS Conference 2009 which is a for free conference held by IRISS, the Irish CERT.

It was about cybercrime in general and there were speaker from e.g. SANS, IRISS -the local cert- or Team Cymru which I already enjoyed at DNF CERT Conf at the beginning of the year.

One talk I attended was by a local polices cybercrime investigation team. He basically talked about the goodness of creating movement profiles with GSM data and ISP keeping IP to customer data to catch criminals…

Then we participated in HackEire, a Capture the Flag style contest. We ran second. Not too bad for our sucky preparation and the fact that we spent more than an hour to make a Mac share its 3G uplink with two Linux Notebooks over (encrypted -didn’t work-) WiFi. The game network was 10.0.1.0/23 and the Mac automatically and not changable was 10.0.2.0/24. Although the networks overlapped by one bit I expected it to work for the majority of the packets being sent. But we failed. Hard. So hard, that the Mac couldn’t take part in the game anymore… I need to polish either my understanding of networking or my passion for hating Apple.

This CtF, however, was a bit different since there was one virtual network for everyone. I.e. no team had an own server or an own virtual network. There were four machines which were supposed to be owned in a given order. That wasn’t immediately clear and there were many tarpits to waste a lot of time. I.e. a Kernel in a supposed-to-be vulnerable version which is not exploitable, or a separate PHP user for the Webserver with a locked down home directory, tempting you to mess around with PHP scripts to investigate.

And the end of the day, the contest was about collecting secret keys to decrypt a file afterwards. The secret keys were more or less obviously lying around once the machine has been pwned. Passphrases to that secret keys were either user passwords or otherwise easily guessable strings.

The Machines were:

  1. Linux Webserver. To be 0wned with a password being served on a page from the webserver. A bit obfuscated though, so that one had to use the source. Once SSHed to that host, secrings were lying around in ~/gnupg/. Also, weird processes were running that connected to a strange host outside the network (4) to send a password over the wire.
  2. BIND on windows (sic!). To be pwned via the conficker exploit. Also, one should crack a users password using THCs Hydra.
  3. Linux Mailserver. With SSH Server only visible when coming from (1). Log in with password from (2). Machine was running an old kernel, thus sooner or later you g0t root. Then search for keyring in home directories. Also, crack the shadow using a John that’s capable of cracking SHA256 (i.e. not the most recent version shipped with Ubuntu).
  4. “hidden” DB server on Windows, only connectable from (1). You could find that machine by looking at the network interfaces of (1). You’d see that it has a second interface with a different IP thus inviting you to scan the new subnet. Luckily, there was an smbclient on (1) and with credentials from (1), one could enumerate all users (smbclient -L). Then, with the other credentials found on (1), connect and get keyring as well as final encrypted file.

That final file could be decrypted using keys and passphrases obtained earlier. Out came an ELF binary that looked, smelled and quacked like “ls”. However, it contained a steganographically hidden text file. Using a standard stego tool shipped with Backtrack, it’s possible to obtain the very final CSV file.

I not only liked the fact that they posted hints on the wall every now and then, but also that they actively walked around, talking to the teams and helped them actually achieving stuff. In fact, I wouldn’t even have thought about transferring zones from that BIND instance using AXFR or checking the machines whether they have an smbclient installed.

While we were playing, I bricked my sudo by trying to add a line without knowing the syntax. I couldn’t do sudo nano /etc/sudoers afterwards as it couldn’t parse the file, effectively leaving me without root access. I think I’ll better use visudo now…

Ireland vs. France

Heh, the following conversation might not have happened (unless the Consulat Général De France is located in “Joker Street”, but anyway, it’s hillarious. Either read the quotes or find the (largish) Image:

Ireland-vs.-France

20 October 2009

Dear Sir,

I am writing to you on behalf of the French President, Monsieur Nicolas Sarkozy. Following the recent announcement of the World Cup play-off match between our two countries, the President has requested that you provide a VIP box for the game as he is very keen to attend.

Yours faithfully,
Jacques du Maurier
Directeur
Consulat Général de France
12-24 Rue des Blaguer
74139 Paris
France

23.10.09

Dear Mr. Du Maurier,

Thank-you for your recent letter concerning box arrangements at Croke Park. We are delighted that President Sarkozy wishes to attend and look forward to welcoming him. We would just like some clarification regarding the VIP box as there are a number of options available. Do you have any preferences re: size?

Yours faithfully,
Bill O’Leary
Liaison officer
Department of Diplomatic Affairs
28 St. Stephens Green South
Dublin 2
Ireland

26.10.09

Dear Mr. O’Leary,

Thank-you for your prompt response. We were not aware that the boxes at the stadium came in different sizes. Do the dimensions have any bearing on one’s enjoyment of the game?

Yours faithfully,
Jacques du Maurier

29.10.09

Dear Mr. Du Maurier,

The overall match experience will certainly be influenced by the President’s choice of box. The first box is 30cm high and will allow the President to see most of the Croke Park pitch, though he may not be quite able to see play in the North-West quadrant. The second box is 60cm, but whilst this would afford the President a panoramic view of the pitch, it will also make him visible to Press photographers which may compromise his privacy.

Yours faithfully,
Bill O’Leary

2 Novembre 2009

Dear Mr. O’Leary,

There appears to have been some confusion. When we requested a “VIP box” for our President, we were not looking for a box for him to stand on. Whilst we expect the foreign press to make humorous remarks about the President’s diminutive stature, we do not expect this from an official representative of the Irish government department.

Yours faithfully,
Jacques du Maurier

5.11.09

Please accept our apologies and those of the Executive Hospitality Committee at Croke Park. There was certainly no intentional attempt at humour on our part and we hope that you will accept this as a genuine misunderstanding. Naturally, we will make a VIP ‘Executive’ box available to the President, with full security and hospitality arrangements in place. The boxes will then be placed discreetly inside.

Yours faithfully,
Bill O’Leary

9 Novembre 2009

Sir,

In light of the lack of respect we feel your office has displayed in response to an official request from a visiting Head of State, the President has decided to watch the match in Paris instead. Rest assured that we will be lodging a formal complaint regarding your conduct at the highest levels.

Jacques du Maurier

12.11.09

Fair enough. We look forward to seeing the boys in green give your lot a good hammering.

Bill

Ireland, Blasphemy €25.000 and other rules

I was rather shocked as I read this article about a law passing the Dáil which fines blasphemy with 25.000 Euro. If I didn’t know better I’d say this couldn’t happen in an European country, but astonishingly such things happen within the EU. Now I’m a bit afraid being Ireland as an atheist.

Freshly draught Guinness (~5€)
Freshly draught Guinness (~5€)

So yes, I moved to Dublin, Ireland to study at the DCU 🙂 If you want to visit me, have lunch or a pint, don’t hesitate to ring me 🙂 I haven’t seen so much of Ireland myself so far, but I’ve been into bloody cold Irish Sea…

Also, The Pirate Bay is blocked by Eircom, the largest ISP in Ireland. They use an IP based filter, not only  a DNS based one. So they actually interfere with my communication which I assumed to be unconstitutional. But luckily, I have a tunnel set up which gives me free access to the world.

Cliff in Howth near Dublin
Cliff in Howth near Dublin

Besides the panic about the swine flu, another weird thing is Irish bureaucracy. My impression is that the people don’t really think beyond their utterly extensive and most of the times really stupid rules. For example, I tried to register at the University by paying 2000 Euros study fees. It failed because my credit card apparently has a limit of something less than that. The registry advised me to wire the money and print a screenshot of the online banking site. Of course I didn’t know a) how I could connect my laptop to the internet, b) how or where to print and c) log on to anything because I wasn’t even a student yet. Luckily, I have some friends at that university, that helped me out so I could finally register… It appears, that the rules are generally made to be ignored. They probably want to have them just in case they need to file a case against you. So as I applied at the university, I had been offered a conditional offer which was to be accepted by some specified date. I couldn’t, however, fulfill the condition and time to discuss that was running out. They told me that the date could generally be amended. I don’t think it’s good to have rules which are known to not be enforced and just needed to have something against you just in case…

The pubs in Dublin are great, although they have to close rather early, like around 02:00 o’clock. Also, you can’t get beer after 22:00 in a shop *sigh*. Yes, Irland might have a drinking problem, but treating everybody like a small child obviously doesn’t help it.

Beerprice dropped from ~20€ to 12€
Beerprice dropped from ~20€ to 12€

Engrish

Alright, the following stuff is probably only funny, if you know German and Germans a bit. At least I had to laugh a couple of times, so you might enjoy that as well 🙂

I received a PDF with some weird English translations of German idioms and I tried to extract the text information from that, so I stumbled upon a page explaining how to do OCR with free software on Linux. I got the best results using Tesseract with the German language set, but I had to refine the result (leaving some typos intact).

  • that’s me sausage = ist mir wurst
  • go where the pepper grows = geh hin wo der pfeffer wächst
  • I think my pig whizzles = ich glaub mein schwein pfeift
  • sorry, my english is under all pig = entschuldige, mein englisch ist unter aller sau
  • now can come what want…i ready = letzt kann kommen was will, ich bin fertig
  • I think I spider = ich glaub ich spinne
  • the devil will i do = den teufel werd ich tun
  • what too much is, is too much = was zu viel ist, ist zu viel
  • my lovely mister singing club = mein lieber herr gesangsverein
  • don’t walk me on the nerves = geh mir nicht auf die nerven
  • come on…jump over your shadow = komm schon…spring ueber deinen schatten
  • you walk me animally on the cookie = du gehts mir tierisch auf den keks
  • there my hairs stand up to the mountain = da stehen mir die haare zu berge
  • tell me nothing from the horse = erzaehl mir keinen vom pferd
  • don’t ask after sunshine = trag nicht nach sonnenschein
  • free like the motto: you me too = frei nach dem Motto, du mich auch
  • I have the nose full = ich hab die nase voll
  • lt’s not good cherry-eating with you = es ist nicht gut kirschen essen mit dir
  • it’s going up like smiths cat = es geht ab wie Schmidts katze
  • to thunderweather once more = zum Donnerwetter noch mal
  • not from bad parents = nicht von schlechten eltern
  • now it goes around the sausage = jetzt geht’s um die wurst
  • there you on the woodway = da bist du auf dem holzweg
  • good thing needs while = gut ding braucht weile
  • holla the woodfairy = holla die waldfee
  • we are sitting all in the same boot = wir sitzen alle im selben boot
  • don’t make you a head = mach dlr keinen kopf
  • there run me the water in the mouth together = da läuft rnlr das wasser im mund zusammen
  • I understand just train-station = ich versteh nur bahnhof
  • I hold it in head not out = ich halt’s im kopf nicht aus
  • shame you what = scham dich was
  • there we have the salad = da haben wir den salat
  • end good, everything good = ende gut, alles gut
  • zip you together = reiß dich zusammen
  • now butter by the fishes = jetzt mal butter bei die flsche
  • he made himself me nothing you nothing out of the dust — er machte sich mir nichts, dir nichts aus dem Staub
  • I belive you have the ass open — ich glaub du hast den Arsch auf!
  • you make me nothing for = du machst mir nichts vor
  • that makes me so fast nobody after = das macht mir so schnell keiner nach
  • I see black for you = ich seh schwarz fur dich
  • so a pig-weather = so ein Sauwetter
  • you are really the latest = du bist wirklich das letzte
  • your are so a fear-rabbit = du bist so ein angsthase
  • everybody dance after your nose = alle tanzen nach deiner nase
  • known home luck alone = trautes Heim, Glueck allein
  • I think I hear not right = Ich denk Ich hör nicht richtig
  • that have you your so thought = das hast du dir so gedacht
  • give not so on = gib nicht so an
  • heaven, ass and thread! = Himmel, Arsch und Zwirn’
  • of again see = auf wiedersehen
  • Human Meier = Mensch Meier
  • now we sit quite beautiful in the ink = jetzt sitzen wir ganz schoen in der Tinte
  • you have not more all cups in the board = du hast nicht mehr alle Tassen im Schrank
  • around heavens will = um Himmels willen
  • you are heavy in order = du bist schwer in Ordnung
  • l wish you what = ich wünsch dir was
  • she had a circleroundbreakdown = sie hatte einen kreislaufzusammenbruch
  • you are a blackdriver = du bist ein schwarzfahrer
  • I know me here out = ich kenn mich hier aus
  • l fell from all clouds = Ich fiel aus allen Wolken
  • that I not laugh = das ich nicht lache
  • no one can reach me the water = niemand kann mir das wasser relchen
  • that’s absolut afterfullpullable = das ist absolut nachvollziehbar
  • give good eight = gib gut acht
  • not the yellow of the egg = nicht das gelbe vom Ei
  • come good home = komm gut heim
  • evererything in the green area = alles im gruenen bererch
  • I die for Blackforrestcherrycake = Ich sterbe fuer Schwarzwalderkirschtorte
  • how too always = wie auch immer
  • I make you ready! = Ich mach dlch fertig!
  • I laugh me death = ich lach mich tot
  • it walks me icecold the back down = es lauft mir eiskalt den rücken runter
  • always with the silence = Immer mit der Ruhe
  • that’s one-wall-free = das Ist einwandfrei
  • I’m foxdevilswild = lch bin fuchsteufelswild
  • here goes the mail off = hier geht die post ab
  • me goes a light on = mir geht ein licht auf
  • it‘s highest railway = es ist hoechste Eisenbahn
Creative Commons Attribution-ShareAlike 3.0 Unported
This work by Muelli is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported.