For the 7th time in a row Stormbringer and I visited the Chaos
Communication Conference in Berlin. It was fun as always, I had my
second talk about libdetox and we were able to drink many beers and I
also listened to some interesting talks. A writeup about the different
Rop Gongrijp: 27C3 Keynote - We come in Peace
Rop talks about Wikileaks, free speach, journalism and how unhappy
people can be used to change the world. An angry energy is needed to
change something. Although we come in peace it is important to use our
unhappiness to change something.
Branko Spasojevic: Code deobfuscation by optimization
Static binary translation is used to remove obfuscation. Basic blocks
are merged and false conditional jumps are removed using static flag
tracking. This approach is very limited as no dynamic data is checked.
Dominik Herrmann lexi: Contemporary Profiling of Web Users - On Using
Anonymizers and Still Get Fucked
Distinguish individual anonymized web users using the set of hosts they
access. Use machine learning and patterns to differentiate between
individual users. Find bots that access weird patterns. Solution to hide
from these analyses: Use additional background web-traffic that
obfuscates real traffic.
Felix Gröbert: Automatic Identification of Cryptographic Primitives in
Use PIN on windows to analyze malware and automatically find crypto
blocks inside the application. Generate execution trace with all
executed instructions. Categorize cryptographic algorithms and select
instruction combinations that are used by these algorithms. Search for
these instructions, search for loops and categorize crypto.
Collin Mulliner Nico Golde: SMS-o-Death - From analyzing to attacking
mobile phones on a large scale.
Get large collection of phones, get baseband station, get a faraday cage
and start fuzzing SMS to kill phones.
Peter Stuge: USB and libusb - So much more than a serial port with
How to handle USB devices and how to use libUSB. New findings for USB1 /
2 / 3
vanHauser: Recent advances in IPv6 insecurities
Bruce Dang Peter Ferrie: Adventures in analyzing Stuxnet
A Microsoft-take on analyzing malware. Insights into the structure of
malware decompilation. Description of all the 0day exploits used in
Stuxnet. (And yes, the exploits are really embarrassing for Microsoft).
Alien8 Astro: Pentanews Game Show - Your opponents will be riddled as
Game show with nerd questions. Most of them too easy.
Michael Steil: Reverse Engineering the MOS 6502 CPU - 3510 transistors
in 60 minutes
Interesting talk about the MOS 6502 CPU (used in Nintendos, Apple II and
Karsten Nohl Sylvain Munaut: Wideband GSM Sniffing
Use super cheap mobile phones (4 of them) to sniff GSM communications.
Use SMS routing information to get location of target phone, find cell,
get close to target phone (to the same cell), decrypt TMSI - temporary
session key, wait for call, decrypt call using rainbow tables. BAM,
Karsten Becker Robert Boehme: Part-Time Scientists - One year of
Nerds trying to get to the moon. They already built the rover and are
now building the lander. Nice pictures and some information about how to
get to the moon and what to do if you are only a part-time scientist.
FX of Phenoelit: Building Custom Disassemblers - Instruction Set
Inside of the Stuxnet code there was a lot of SS7 code that is used for
Siemens Controllers. FX developed a disassembler for these machine codes
using a free version of the Siemens compilers. He reverse engineered the
complete tool-chain and verified that parts of the code were
disassembled correctly. He also showed bugs in the Siemens disassemblers
and how to hide hand-written code from the Siemens disassemblers.
Andreas Bogk: Defense is not dead - Why we will have more secure
computers - tomorrow
Talks about the SAFE computer of the DoD. Use type-safe languages with a
garbage collector to reduce bugs. Use type-checking and type-guarantees
even on operating-system level. Construct additional hardware that
type-checks all objects as well.
Daniel J. Bernstein: High-speed high-security cryptography: encrypting
and authenticating the whole Internet
Get rid of DNSSEC and encrypt every single communication. Use UDP
instead of TCP and move everything to a secure protocol. New protocol,
new form of DNS, view from the perspective of a cryptographer.
Ralf-Philipp Weinmann: The Baseband Apocalypse - all your baseband are
belong to us
Ralf-Philipp Weinmann: The Hidden Nemesis - Backdooring Embedded
bushing marcan sven: Console Hacking 2010 - PS3 Epic Fail
How to hack secure crypto systems and how to break the chain of trust.
Finding bugs in console software... They had a couple of nice exploits
to get around the software security system of modern consoles and showed
a way how they could install and develop homebrew software on modern PS3
Henryk Plötz Milosch Meriac: Analyzing a modern cryptographic RFID
system - HID iClass demystified
Use old legacy information about RFID to crack the new cards. Use holes
in crypto systems or wrong implementations to escalate privileges.
Harald Welte Steve Markgraf: Running your own GSM stack on a phone -
Introducing Project OsmocomBB
Get old and cheap phones, crack level 1 software and use a serial line
to control the phone. Implement 2nd, 3rd, and higher levels in software.
Make calls and send texts in a complete open-source and free
Steven J. Murdoch: Chip and PIN is Broken - Vulnerabilities in the EMV
Harald Welte: Reverse Engineering a real-world RFID payment system -
Corporations enabling citizens to print digital money
Free money in Taiwan. They use the Mifare system for public transport
and for small payments. They use a card-only validation scheme that
relies on the security of the card only. All state is safed on the
customer card. Generate your own card with your individual amount of
money on that card. Get free stuff.
Felix von Leitner Frank Rieger: Fnord-Jahresrückblick 2010 - von
Atomausstieg bis Zwangsintegration
Genial wie immer. Spassiger Jahresrueckblick.
Damien M: illescamps Julien Vanegue: Zero-sized heap allocations
vulnerability analysis - Applications of theorem proving for securing
the windows kernel
Ray Stefan 'Sec' Zehl: Hacker Jeopardy - Number guessing for geeks
Fun as always :)
Juergen Pabel: FrozenCache - Mitigating cold-boot attacks for
Julia Wolf: OMG WTF PDF - What you didn't know about Acrobat
Security holes in the PDF parser. Find problems and discrepancies in
different PDF parsers. A PDF can be hidden in a ZIP that can be hidden
in an EXE file. Stack different types and get around the protection of
maha/Martin Haase: Ich sehe nicht, dass wir nicht zustimmen werden -
Die Sprache des politischen Verrats und seiner Rechtfertigung
Stilistische Tricks ueber Sprache, Politik und Umgebung
Sergey: Hackers and Computer Science
Sergey talks about the hacker culture and hacker ethics in general. Nice
easy-listening talk about the nerd/hacker culture.
kornau: A framework for automated architecture-independent gadget
search - CCC edition
Automatically find gadgets in programs for return to libC attacks. Finds
function tails that can be used as new gadgets. Also checks
half-instructions (e.g., jumping into an instruction to get a different,
Lars Weiler: Data Analysis in Terabit Ethernet Traffic - Solutions for
monitoring and lawful interception within a lot of bits
Product show of different black boxes. Connect multiple network ports to
black boxes. Black boxes filter and drop lots of traffic. Remaining data
can be analyzed by normal PC / analysis machine.