Best of 26c3

FirefoxScreenSnapz073.jpgHere is my list of the most important talks of the 26th Chaos Communication Congress [26C3] held in Berlin, Germany that was held last week.

Since my German language skills have eroded into near-worthlessness, I’m only going to mention presentations available in the English language.

Many videos are not yet up, but of those that are, these are my picks in order of interest and significance.

It is really great that there are videos up so quickly and without all of the capitalist headaches that we see here in the US. Yes, selling things is important, but kicking out some video to your community is a great thing. Information is supposed to be free, right hacker conferences? Eat your own dogfood, guys.

A Part Time Scientists’ Perspective of Getting to the Moon

We want to use the opportunity the 26C3 presents as a venue to introduce our team. The Part-Time-Scientists are the first German team participating in the Google Lunar X PRIZE. Our presentation would kick off with a quick explanation of what the X PRIZE is, the challenges and gains.

The main part of the presentation will then focus on our progress. That includes a showcase of some hard- and software we’re using. Additionally pictures and videos specifically created for the 26C3. And a brief overview of the GoogleLunarXPrize and it’s overall progress.

They Skype’d in one of the members of the Apollo program, presented a working model of their moon rover, their communication model with Earth from the moon in an open architecture of configured satellite receivers that anyone can use.


HTTP / Torrent


From the total lack of network to handset authentication, to the “Of course I’ll give you my IMSI” message, to the iPhone that really wanted to talk to us. It all came as a surprise – stunning to see what $1500 of USRP can do. Add a weak cipher trivially breakable after a few months of distributed table generation and you get the most widely deployed privacy threat on the planet.

Cloning, spoofing, man-in-the-middle, decrypting, sniffing, crashing, DoS’ing, or just plain having fun. If you can work a BitTorrent client and a standard GNU build process then you can do it all, too. Prepare to change the way you look at your cell phone, forever.

“A more wholesome discussion is needed for the security standard that 4 billion people deserve”

There has been a variety of inaccurate press coverage over this talk, so I advise people to watch it for themselves. Something like ~85% of the worlds mobile phones are vulnerable to this proof of concept. Cracking GSM conversations is not new, but this is comprehensive and undeniable.

Cryptome put up a variety of A5 files related to this topic.

HTTP / Torrent

Tor and censorship: lessons learned

The perennial TOR talk from Roger Dingledine. This time, he had some new data about China using TOR bridges. Plenty of metrics about usage. Additionally and surprisingly, a call for corporate espionage from Tor users and sympathizers.

I’ll say that last bit again since it kind of blew me away. Roger is looking for people to give the TOR project state secrets and corporate insider implementation details.

I hope you guys like attention.

HTTP / Torrent

WikiLeaks Release 1.0

During the last 12 months WikiLeaks representatives have been talking at numerous conferences, from technology via human rights to media focused, in an effort to introduce WikiLeaks to the world. WikiLeaks has had major document releases that have spawned attention in all major newspapers by now, it has triggered important reform and has established itself as part of the accepted media reality.

The WikiLeaks people give an update on their accomplishments, propose that Iceland become a tax/data haven, and give hints about giving out future WikiLeaks awards to people who contribute to stuff-doing.

HTTP / Torrent

SCCP hacking, attacking the SS7

Quite a comprehensive basics and beyond format of talk busting on SS7.

SS7 is like TCP/IP in the 1990s. It used to be quite a secure network because nobody outside the organizations (here, the mobile operators and telecom companies) were connected to it. Now it’s getting interconnected to new actors which are not that trustworthy. Somehow, hackerdom made SS7 come into existence thanks to the massive use of Blue Boxes. Now, hackerdom is getting its toy back! SS7 is nowaday more and more accessible, and as such increasingly vulnerable. So we’re getting exposed to a totally new set of protocols, as secure as TCP/IP in the 1980s. This looks like the Blue Box is coming back to life, in a very different form.

Good stuff. Perfect for anyone who watched the GSM talk or wants to set up Asterisk.

HTTP / Torrent

Layer 8 based IP Address hijacking in the end of the days of IPv4

A good primer about ASN and IP block allocation and current hijinks.

In times of the omnipresent scare of IPv4 address shortage and price tags on Internet resources that are raised on a yearly basis some people look for creative means of securing themselves parts of “pre-owned” IP space. This space comes from the various early birds on the net. From major corporations to the US Military: Nobody is safe of getting his unused IP assets nicked. This talk will explain the ways IP assignments are made and how clever and not so clever, greedy and not so greedy IP thieves can get into the possession of valuable IP assets.

It is the end of days for IPv4 (how many times have you heard this before) and I, for one, we welcome our new IPv6 overlords.

HTTP / Torrent

Peanut Butter and Plastic: Industrial Revolution

The future of manufacturing will purring next to your computer and plasticizing digital designs into 3D objects. We’re at the dawn of the diamond age with portable 3D printers, decentralized manufacturing, digital design and the rise of personal fabrication.

Bre Pettis talking about his Makerbot stuff. If you haven’t seen it before, it is worth a watch. People like their Makerbots.

HTTP / Torrent

Tesla technology; wireless power transfer

Wireless power is a most wanted technology. It has already been invented by Nikola Tesla in 1888. The speaker read the papers, reproduced the theoretical and practical results. The theoretical idea to get highly efficient wireless power transmission is to separate the electric from the magnetic field, because magnetic field lines are closed curves near the device, while the electric field lines reach to infinity and receiver only needs common ground (the earth). This is done by special requirements to the sender and receiver antennas (form of the coil). The antenna form has been modeled in the software nec2 (variant xnec2c on debian). A lowcost PET bottle serves as the hull of the coil. Around 200 windings of insulated copper wire are manually applied to the bottle. A transmission in the range of 10 meters was reached, the power used is 100mW, from signal generator amplitude 10V and 1 MHz frequency. This will be shown.

These are exactly the kind of people who are largely missing from American hacker conferences (with the exception of the quantum crypto people who are very cool indeed); [mad] scientists.

HTTP / Torrent

Defending the Poor

FX brings us up to speed on the Flash family of exploits using colorful metaphors and straight talk.

The talk will discuss a class of in-the-wild malware and exploits, reasons for it’s success as well as reasons why protecting against it in common ways is not effective. This will be done by examining the internals of the attacked subject. Following this, the second part of the talk will present an alternative protection mechanism, which the presenter believes prevents large parts of this class of attacks. The mechanisms and code to do this will be presented and released.

HTTP / Torrent

Their lightning talks were also really dense with good new stuff. If you’re looking for something in particular, the lightning talk schedule is found here. Lightning talk summaries and links after the jump.

Day 2: HTTP / Torrent [ All English language ]

Hacking government

With the premise that government data is the property of the people and disclosing pdfs on a government website is insufficient, so they’re going to scrape, gather, manipulate data, develop applications, and present (they hope) interesting uses of this data to the public@opendatahack

FCUK: MiFare Classic Universal Toolkit

Updated RFID card toolkit


The German Privacy Foundation

An OpenPGP v2 card (a smartcard) and a reader

Supports keys up to 3072 bit

Free Rainbow Tables

uses BOINC

Free Rainbow Tables forum

OWASP favicon enumeration

Nmap 5.10 beta has favicon scanning built in


Decentralized social networking with web of trust

NLNet Foundation

They give away money to projects.Focused on privacy and making the internet a better place and they may give you some.

Friend2Friend economics

Day 3: HTTP / Torrent

8:30 Plug and play sensor input

No drivers needed

26:30 Open RFID

Different from other RFID haxing kits because it works with low frequency tags. Most are 13MHz, this one can do 125KHz as well.

Board is size of a cc, no battery required, firmware upgradable, GPL, Active attacks; emulation/brute force


Schleuder: Yet Another Crypto-mailinglist Manager

OpenPGP encrypted mailinglist

Written in Ruby


MTA agnostic

Relieves users from key management

Users managed by signature, not email address

41:45 ClockTamer: Universal clock source

Open source hardware/software highly accurate clock source

50:30 Some cool audio demo thing

56:30 Hackable:1 mobile gnome initiative

1:01:30 WAFP: Web Application FingerPrinter

Written in Ruby

Fetches static files from web applications and compares checksums to a database

1:07:30 libcpu

An anything-to-anything recompiler

1:11:00 libhomebrew

Examples: The Homebrew Channel

1:15:45 Yet Another XMPP Instant Messenger

1:19:45 Hackable Devices [ccc wiki]

1:26:00 Atari Coldfire Project

Objective: To build a new Atari compatible computer

Open hardware: PCB schema is free

Open source as much as possible


1:31:30 NLnet

1:35:30 Cheating at Flash Games

[ The rest are in German ]

Day 4: HTTP / Torrent

Unauthorized access to “secure” flash drives live demo

Interesting defacements using RF or Wifi controlled lighting devices

13:00 The OpenBTS Project

Very few fixed phone lines in the undeveloped world

Looks like GSM to a phone and SIP to a network

Open Source

Low power and encourages lightweight architectures on GPRS and 2G networks.

24:20 tikzgraphicx

29:00 The Future of Hacker Meetings

Large CCC events are over capacity

Greater number of smaller events

Use wiki to publicize events

34:00 [German] Droid Army

DROIDARMY is about the idea to push the development of a robot control based on android phones. Machines, robots and new devices with the interoperability of the google services and other off the shelf solutions can lower the costs of product development significantly and shorten time to market. Collaboration capabilities of cloud computing tools could let multiple robots work on one issue together.

46:00 OnionCat [and here]

P2P VPN network for anonymization based on I2P network and Tor.

Creates anonymous network layer where both client and server are anonymous to each other.

Any kind of IP data supported; frees protocol restrictions from Tor hidden nodes

50:00 Free Art and Technology Lab

The Free Art and Technology Lab is an organization dedicated to enriching the public domain through the research and development of creative technologies and media. The entire FAT network of artists, engineers, scientists, lawyers, musicians and Bornas are committed to supporting open values and the public domain through the use of emerging open licenses, support for open entrepreneurship and the admonishment of secrecy, copyright monopolies and patents.

Basically a bunch of trolls, so naturally the crowd loved it. Apparently trolling is now established art.

1:11:30 Remuco: Wireless remote control for Linux media players

1:17:00 Breaking Verilog-2005 Obfuscation: The DRM of digital design

1:25:30 Formica swarm robots

Kit now for sale and shipping in February for ₡30

25mm x 25mm in size.

1:38:30 What happens at the expiration of database protection

Talk of database and copyright law in Sweden and the EU

Proposes a Project Gutenberg for databases that copyright protection has expired

1:57:00 Student Robotics

Robitics kit design for primary schools

Runs an autonomous robotics competition

Students code their robot controls in python

One response to “Best of 26c3

  1. Pingback: Secrets, Wikileaks, and Hacktivism « Bad Penny·

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s