28C3 – Behind enemy lines

I was lucky enough to get a ticket for the Chaos Communication Congress 2011 in Berlin, Germany. So many people wanted to attend the CCCongress that the tickets were sold out in an instant. But the current location can’t handle more visitors so we’re forced to somehow limit the number of visitors unless the location or the concept of the CCCongress changes. Both options don’t sound really inviting, but refusing people to come isn’t fun either. So we’ll see what the future brings.

But I’d like to raise the point that the CCCongress is very much an event made by the people, i.e. the participants. It’s not that there is an overly mighty set of people who decide everything and are responsible for having a great event. It’s everybody that is responsible for helping out if somethings need to be done, contributing ideas, talks, workshop, etc. It’s rather a place where you play a part by helping physically and paying a fraction of the cost to have a good time. That means that you can’t make a CCCongress by paying the entrance fee only. It’s not a show for your entertainment. Hence you can’t have expectations that somebody has to do things for you. This applies to things you don’t like, too. If you don’t like stuff that is happening, stand up and change it. Don’t sit and complain. This especially applies to things like sexism or other politically incorrect things. There is no personnel being obliged to do anything. It’s all our big party and you’re supposed to contribute yourself to make it great. I mention this, because there were complaints about supposedly right-wing people being present but nobody did anything.

Many people go to the CCCongress for the talks. And well, I didn’t really managed to watch many of them, but the following make a list of notable talks, because they were in some ways, say, “interesting”.

But you can have very good talks as well. For example

A very big applause needs to be given to the video team. It’s just amazing that the recordings were available within a few days. I just envy those guys for rocking so hard.

Now it’s time for a shameless plug: As I want to watch the recordings of this CCCongress and I know that I won’t do it myself, because the last years proof that I don’t watch the videos anyway, I’ll publicly show two videos of the recordings every Wednesday in the local Chaos Computer Club. So if your disk is filling up with videos that you wanted to watch but never will, feel free to show up on the “Chaotic Congress Cinema“. Funny thing is, that there are 100 videos recorded and if we watch 2 videos every week, we’d finish all of them within the year :-)

CCCamp 2011

It happened again! The Chaos Communication Camp took place a couple of weeks ago near Berlin. I was all excited to go although I had to miss the last days of the Desktop Summit.

The weather was mostly nice and the atmosphere, especially at night, was really fantastic. Everybody was really nice and there was so much creativity all over the venue that it was really hard to not start to make or hack on something.

While it had many very interesting things to be seen, I think to most amazing machine on the ground was a “Crepes printer”. Some austrian dude built a machine which would make you a fresh crepe. Including some chocolate sauce! Just right next the that were some friends that intend to launch a sattelite and already had their radio equipment ready. With their massive antenna they spoke to the moon and measured the reflections coming back.

The participants also got a fancy badge called “r0ket“. It’s an amazing device and people did awesome stuff with it immediately. Given the presence of 3D printers and lasercutters, people added all sorts of extensions to the r0ket. But some enhanced their r0ket with good old knitting goodness.

The whole CCCamp, taking place on an old russian airbase, was themed very aeronautical so everything was somehow related to space travel or rocket science. It also had many talks on those subjects which I didn’t attend a lot. I was too busy hacking or socialising.

You can only see a tiny fraction of the many artisty stuff it had on the ground. But you do see an old MIG which got pwned along with a spacy car. He got trolled quite well, I’d say but decide for yourself:

You can try to grasp the atmosphere by looking at these areal shots:

You can see some more pictures and press articles in the CCCamp Wiki. The next Camp will be “Observe. Hack. Make. 2013.” and I’m very much looking forward to attend it.

GNOME 3 Launch Party in Hamburg

For the new GNOME-3 love we will have a release party in Hamburg, just as many places over Germany and the whole world!

If you want to join the fun, be in the Attraktor, the local hackerspace. The address is Mexikoring 21, 22999 Hamburg, Germany, Europe, Earth, Solarsystem. Find more detailed instruction on how to get there here. The party starts on Friday, 2011-04-08, at 18:00 and runs open end.

We have a page in the local wiki to describe the event and further planning will take place there: http://wiki.attraktor.org/Termin:GNOME-3-Launch-Party. As for the program: We intend to have a small introductory talk to show off what new user experience GNOME-3 will bring to the people. Afterwards, we will distribute GNOME-3 images to be put on pendrives to be able try GNOME-3. Finally, we’ll sit around, have some beers and snacks and discuss about the new and shiny GNOME :-)

Besides the GNOME-3 images, we’ll have GNOME-3 goodies to give away! Thanks a lot to the GNOME Foundation making that possible! So show up early to claim your goodies!

So I expect you to be there :-)

mrmcd1001b Impressions

I had the pleasure to be invited to the MetaRheinMain ChaosDays 1001b (mrmcd1001b) in Darmstadt. This years motto was “Beyond Science Fiction” and ~250 people gathered together to discuss “Society and Technology in 20th century fiction and 21th century reality”.  

The presented talks were mostly interesting, although I didn’t attend that many. I spent most of the time talking to people or giving (two) talks myself: Security in Mobile Devices and Virtualised USB Fuzzing.

The first one went as expected and I think the attendees enjoyed it very much. Again, talking about technical details that a buffer overflow on x86 involves is not that much fun but I think it went at least alrightish. Slides can be found here.

The second talk was kind of a rehearsal for my final thesis presentation. So I took the chance to prepare myself for Dublin and present brand new stuff^tm. I started off crashing a Linux PC with my N900 and went then to the talk. It was a bit confusing, I guess. But in fairness: It was very late in every sense of the word ;-) But I got positive feedback nonetheless so it’s better if you make up your own mind with the slides. Although I don’t think the slides alone are that interesting.

For some reason, people were interested in the commands that I’ve used for the demo:

  1. Boot Ubuntu
    /opt/muelli/qemu/bin/qemu-system-x86_64 -enable-kvm -hda ubuntu.img -cdrom ~/ISOs/ubuntu-10.04.1-desktop-amd64.iso -monitor stdio -serial vc -m 1G -loadvm 1
  2. Setup Filter
  3. usb_filter_setup /tmp/filter
    export PYTHONPATH=~/hg/scapy-com/
    python recordingfilter.py /tmp/filter /tmp/phonet.dump

  4. Attach device
  5. info usbhost
    usb_add host:0421:01c8
    sudo chown muelli /dev/bus/usb/002/004

    usb_del 0.2

  6. Replay
  7. usb_add emul:full:/tmp/filter
    cat /tmp/filter.in &
    cat /tmp/phonet.dump.out > /tmp/filter.out

    usb_del 0.0
    kill %%

  8. Fuzz (didn’t really work because of a Heisenbug)
  9. python emulator.py --relaxed /tmp/filter /tmp/phonet.dump.combined
    python fuzzingemulator.py /tmp/filter webcam.dump
    usb_del 0.0

  10. Fully Virtualise

  11. usb_add emul:full:/tmp/filter
    python usbmachine.py /tmp/filter.in /tmp/filter.out

Chaos BBQ 2010

Over the weekend, I had the opportunity to attend ChaosBBQ in Dortmund, Germany. It’s a small yet interesting gathering of hackers and it is a very relaxed conferency happening. With a BBQ ;-)

This years motto was “contruct, desctruct!” and I was more on the destructing side: I presented two topics: Security in Mobile Devices and a Magnetic Stripe Card workshop.

The Security in Mobile Devices talk went quite well and I think I encouraged people to start hacking their devices :) It’s funny though: I almost see blood coming out of the people ears when I go through the very technical part about buffer overflows. 2/3 seems to be bored or overwhelmed. The other 1/3 seems to be very interested and crave for more details. But I get everybody back when I have more pictures and videos about funny exploits and when I’m able to slander about Apple ;-) Again, I talked about a mixture of Hardware and Platform security and gave examples of previous hacks and how to actually start breaking your gadget.

The magnet card workshop was interesting, too. I presented how magnetic stripe technology actually works. And because we were curious hackers, we explored how it’s been used and how we can hack stuff. I told a few warstories that will hopefully be able to expand on in the future (although I don’t know whether DCU will like it ;-) ). Since it was more of a workshop, people contributed with technical details (thx to the guys from das Labor :-) ) or other interesting facts.

I had a nice weekend in Dortmund and I can recommend attending the ChaosBBQ if you’re looking for a tiny yet open gathering of interested geeks and hackers.

CfP Easterhegg 10 in Muenchen

Ein neues Jahr, eine neues Eaterhegg :-) Dieses Mal in Muenchen vom 2010-04-02 bis 2010-04-05.

Es folgt eine Kopierpaste des originalen CfP:

Was ist das Easterhegg?

Das Easterhegg ist das Oster- und Familientreffen des Chaos Computer Clubs und seiner Freunde. Im Jahr 2010 will der µCCC auf der Flucht vor langweiligen Familienfesten kreatives Asyl im familiaeren Kreise Gleichgesinnter bieten. So wird zum Fest nach Muenchen eingeladen, aber nicht nur das: Bei diesem Fest geht es aber auch darum, konkret an Dingen zu basteln und auch darum, immer ein paar Ecken weiterzudenken.

Erfahrungsgemaess werden in den Workshops sowohl sehr technische, als auch immer haeufiger gesellschaftspolitische Themen behandelt. Gefreut wird sich also ueber skurrile Softwarebastelleien, handgreifliche Loetorgien, Aufdeckung von Verschwoerungungen und spontane Realisierungen einer Utopie – oder auch nur Vorschlaege dazu.
Gern gesehen sind aber auch andere Themen, die bewegen und von denen Ihr denkt, dass sie fuer einige Teilnehmer anregend und spannend sind.

Wann und Wo?

Von Karfreitag 02.04.2010 bis Ostermontag 05.04.2010 im  EineWeltHaus  Muenchen Schwanthalerstr. 80 80336 Muenchen bei 48.156582,11.543541.


Es wird darum gebeten, das Pentabarf zu nutzen: https://cccv.pentabarf.org/submission/EH2010/
Im Anschluss an die Veranstaltung moechten die Folien unter einer freien Lizenz veroeffentlicht werden. Als Richtwert wird fuer Vortraege ca. eine Stunde, fuer Workshops ca. drei Stunden vorgegeben. Alle Zeiten sind frei veraenderbar. Es gilt: Wuensche bitte bei der Einreichung angeben, um einen reibungslosen Ablauf zu gewaehrleisten.

Wir moechten wissen…

…worum es in deinem Workshop/Vortrag geht
…warum du dich mit dem Thema beschaeftigst
…wieso das Thema fuer unsere Besucher interessant ist
…wieviel Zeit Du fuer Deine Veranstaltung gerne haettest
…und was du sonst noch benoetigst (Beamer, Netz, Mobiliar)

Einsendeschluss ist der 21. Februar 2010

Ich glaube, ich werde etwas zu Krypto, Buffer Overflows und Mobile Security machen. Mal gucken :-)

26C3 Review

Attending last years CCCongress was a great pleasure. Although there were great lectures, it’s the spirit that’s the best part of the conference. Meeting all these nice hacker people, hanging around, talking, discussing, hacking is just brilliant. You’ve got all those smart hackers around you and it just can’t get boring.26c3 logo

A good way of socialising is, of course, visiting the various parties that take place. The Phenoelit party was awesome. Thanks FX for the invites :)

Besides drinking I spent time on some crypto problems and tried to investigate on the magnetic-stripe-card authentication in Hotels and Hostels. I found out, that all our cards for one room are equal, but not one card that has been obtained later. The data on the card is just ~100bits and I tried to find timestamps and room numbers in it but I failed. I blame my dataset to be too small. I’ll launch more advanced experiments next year. If you happen to have insider knowledge in magnetic-stripe locks, drop me a line.

I want to highlight two things about the last CCCongress. Firstly, Friend Tickets were available and the concept is just awesome: Basically you can propose a friend of yours you think would benefit of attending the CCCongress but has no way to cover the expenses. The organisers then decide whether you can get a discount (which will, of course, apportioned to every regularly paying attendee). I like to see this solidarity among hackers. Unfortunately, no stats are available to see how many people were enabled to come through this method. I hope, having these friend tickets will be considered next year again. So if you wanted to come to the CCCongress but feared the expenses, consider asking for a discount. Just for the record: The prices are at rock bottom anyway: 80 Euros for a 4 day conference of this kind is amazingly cheap. Thanks to all the angels! :-)

The second noteworthy concept to distribute the CCCongress as much as possible (called Dragons Everywhere). The idea is fantastic: Increase the number of attendees as much as possible by building mini conferences and stream the most important things. It would be even better, if the gatherings had a feedback channel, i.e. Webcam. Hopefully, it’ll be better next year, i.e. better and more reliable streaming services and more places, especially in Berlin, because many people were sent away because the conference was already sold out :(

If you want to get a feeling of what the CCCongress is like, you might want to have a look at the recordings. If you organize a public viewing, make sure you show these videos :-) Based on the feedback, the best talks were:

And for entertainment, the following German talks are very good:

I hope you enjoy watching the CCCongress and consider coming in next year!

jOEpardy at Easterhegg09

I held a jOEpardy session at Easterhegg09! I guess, you know what a Jeopardy is, if not, have a look at the Wikipedia :-P

The people were entertained and hopefully learned something ;-) Sadly, the hardware didn’t really work :( The buzzer were somewhat broken so that we actually had to try to see (with our eyes) who pushed the button first. Funnily enough, I *did* test the setup extensively just 10 minutes before the gig! Very weird.

The Questions can be found here: Round 1, Round 2, Round 3, Round 4. But it doesn’t make much sense without the jOEpardy software, unless you parse the XML on your own.

The software is a Java Application which was initially written by TriPhoenix! I haven’t written Java for a long time and I have to admit, that writing Java with Eclipse is actually fun! Eclipse is so smart and tightly integrated in the build process that it’s quite easy to write, build and debug. I wish there was such a good IDE for C or Python. Sadly, I think that Java Code is bloated although <2.500 LoC for a jOEpardy is not too bad I’d say :-)

I actually thought I could release the jOEpardy code by now (and thus waited with this post…), but I still have to resolve copyright questions.

CCC Artwork

There are several images related to the CCC which I looked for for quite some time. Probably the oldest is the Pesthoernchen (also as SVG):

The Pesthoernchen
The Pesthoernchen

While you can get the image above from the official Logos, you can’t get the lower ones (yet): Sterntastatur from 18C3 (Hacking Is Not A Crime) also as SVG:

Sterntastatur - Logo of the  18C3
Sterntastatur - Logo of the 18C3

You might like the inverted version (also as SVG): 18C3 Logo invertiert

There is a modified version which aims to be more like the original RAF logo by mimicking a shotgun (also a SVG):

Sterntastatur2 - More like the RAF logo
Sterntastatur2 - More like the RAF logo

Hacking Is Not A CrimeHacking Is Not A Crime

Datenspuren 2009 – Call for Participation

Die Datenspuren in Dresden gehen wider erwarten in eine neue Runde! Es ist schoen zu sehen, dass sich ein neues Organisationsteam im C3D2 Umfeld geformt hat und die gemuetliche Konferenz ans Laufen bringt. Obwohl ich selber noch nie da war, soll es eine ueberschaubare Konferenz sein, die sich weniger um Technik, als um praktische Datenvermeidung und Risiken der glaesernen Gesellschaft dreht. “Hands off – Privacy on” lautet das diesjaehrige Motto: Finger weg von den Grundrechten; der eigenen Privatsphäre bewusst werden.

Datenspuren 2009 Flyer Front
Datenspuren 2009 Flyer Front

Wenn du also am 03.10.2009 und 04.10.2009 nichts vor hast, bist du herzlich eingeladen nach Dresden in die Scheune zu kommen! Der Eintritt ist frei.

Auch darfst du ueber das Pentabarf deinen Vortrag oder Workshop einreichen, die Schwerpunkte sollen dieses Jahr sein:

  • Datenspuren im täglichen Leben
  • Missbrauch von Daten
  • Rechtslage
  • Sicherheit und Prävention
  • Digital Resistance
  • Hacking
  • Technikfolgenabschätzung
  • Informationsfreiheit
  • Aufklärung und Diskurs
Datenspuren 2009 Flyer Back
Datenspuren 2009 Flyer Back