32nd Chaos Communication Congress

I am currently in the airport waiting for my plane to go back from Hamburg, where I attended the 32nd Chaos Communication Congress (32C3 for short). I decided to write a list of all the talks I watched and add a short personal commentary. As I am doing this immediately after please excuse the brievity of some commentaries.

The Congress as some call it is simply the biggest hacker gathering in Europe It attracts people interested in computers, electronics and security as expected but also artists, musicians and politic activists.

32C3 wristband Wristband of the Congress, showing this year’s motto “Gated Communities”. The congress organizers wanted to remind us to keep trying to find a way to connect those gated communities together and escape the walls.

I made a list of the talks I went to with a small comment about each one. Globally the content quality was very very good and I encourage everyone to watch the recordings available on the CCC website.

Keynote (Fatuma Musa Afrah)

This was a big surprise to me. I expected someone from the “technological/IT” community to give the keynote, but this was so much better! Fatuma told us about her experience crossing borders and coming to Germany as a newcomer (she insists on not calling them refugees).

She was a really good and really fun speaker as well. A must-watch talk. Seriously.

REXUS/BEXUS - Rockets and Ballon Experiments for University Students

This talk was about two scientific programs allowing students to either send thier experiment on a suborbital flight in a rocket (REXUS) or do longer flights in weather ballons (BEXUS).

The two presenter showed us their experiment: The REXUS one was about measuring acceleration and temperature using optical fibers while the BEXUS team was experimenting with plane-to-satellite communication. They spent lots of time discussing the technical details, which can be a bit boring if you are not into that kind of stuff.

The exhaust emissions scandal “Dieselgate”

This talks presents the state of the knowledge about the 2015 Volkswagen emission scandal. One of the presenter has a background in automotive industry while the second is a reverse engineer, which provides a nice balance. The talk starts with some facts and numbers about the scandals then explains a bit the procedure for emission testing that VW cheated. Then they proceed to reverse engineer the firmware of the motor’s control unit to have a deeper understanding of the cheating mechanism.

I really liked this talk because it was quite neutral and gave a lot of insight about how automakers worked and why this cheating could not be the act of isolated engineers. The reverse engineering work was well executed and presented the results clearly without loosing too much time in technical details.

The Great Train Cyber Robery

That talk was awesome. Presented by the SCADA Strangelove guys who were already presenting at 31C3, this talk investigates the possibility of cyber attacks on railroad systems. They show how it is possible for an attacker to exploit various flaws in such system’s design, implementation or operation. At the end of the talk they extend a bit their previous year research by demonstrating some destructive attacks against the power grid.

This talk is a lot of fun to wach: the presenters know their stuff, have a lot of humor and a caricatural russian accent, which makes everything better.

Thunderstrike 2

This talk builds on the previous one presented at 31C3, where the author demonstrated the first firmware attack against Apple’s Macbooks. I went because the topic interested me, having a macbook myself, but I did not like it as much as I expected. This has nothing to do with the level of the exploits demonstrated or the quality of the presentation. It was just a very technical presentation in a field (low level PC architecture) I did not master.

Console hacking

I really like presentations about embedded device firmware hacking. As I do quite a lot of embedded work myself, it is nice to see what others have done and how they were pwned, to avoid repeating the same mistakes. They are usually easier to understand (at least for me) when compared to the Thunderstrike 2 attack.

Hence, I had big expectations for this talk and I wasn’t deceived. This level of console hacking is really good and the authors made a good job of bringing it to the audience.

One year of securitarian drift in France

As you may know, France is currently under a state of emergency, declared after the Paris November 2015 attacks. This state of emergency significantly increase the power of the intelligence services and of the police and is supposed to be temporary. However the parlament is actually discussing a change in the constitution to allow it to continue for an indeterminate duration. This might effectively lead to a “French patriot act”, with all the problems it might cause.

In addition to presenting the changes in the French law, the two presenters (both French political activists) explain how they are fighting back to keep the internet a free place. I plan to watch it again in the following weeks, as the Swiss referendum on intelligence comes in the political scene.

Rowhammer.js: Root privileges for web applications

This talk shows an attack method to flip bits in DRAM cells from Javascript. It explains the difficulties of doing so and explores some theoretical weaponizings of the attack.

I wasn’t too thrilled by that one personally. Although their finding is interesting I think the whole attack seemed a bit too theoretical, at least one prototype exploit would have been nice.

Computational Meta-Psychology

What. The. Hell. This talk was super weird. It mixed together deep learning, consciousness and God. I will watch it again to understand what the author meant.

De-anonymizing programmers

This talk present work done at Princeton university to apply stylometry method to software. The goal of stylometry is to find the author of a written piece using machine learning trained on work sample. After introducing the base maching learning principles used, the presenter explains how those concepts might be applied to software, by extracting syntaxical and semantical features from the program.

The plain simple reality of entropy

In this presentation we learn about how a crypto random number generator based on hash functions works. We learn about /dev/urandom and the difference with /dev/random, and which one should be used in which occasions. A nice talk demistifying some software wizardry.

Hardsploit: A Metasploit-like tool for hardware hacking

I was really enthusiastic for this talk because of my interest in hardware RE. However, I am really not convinced by this project. There is a lot of different reasons behind this but two really kill the buzz:

  1. The board is way too expensive for no reason: most people will never use all the 64 IOs on the board. There could have been a tremendous cost saving by going down to 10-20 pins.
  2. Adding new protocol requires FPGA programming. I know this is required for some high performance parallel busses, but again I feel that most people probably won’t use it.

Logjam: Diffie-Hellman, discrete logs, the NSA and you

The Logjam attack was revealed earlier this year and it was huge. It basically allows anybody with enough computing power (such as NSA) to crack Diffie-Hellman key exchange and decrypt communication.

The talks explains the basic mechanisms that allowed logjam and some measurement of real-world impact. Counter measures are also explained. (I checked my server and I am safe apparently!)

Iridium update

This talk extends research about Iridium (satellite) pagers. Did not enjoy it so much as it is very technical and I did not have the required background.

apertus° AXIOM

The AXIOM is the world first open source camera. The goal is to create a modular system, where the camera can be extended using boards in a similar fashion to PCI in PC systems. They are currently building a beta version and made a demo. Nice talk for those interested in the progress of Open Hardware.

libusb: Maintainer fail

I really wanted to go see that one, as I am progressively involved in more and more open source projects in both developper and maintainer roles. It was presented by Peter Stuge, former head of libusb when the project was replaced by a hostile fork (libusbx). His analysis of the timeline is really interesting, and I liked that he did not seem bitter about it. A true “failosophy” talk.

State of the Onion

If you are interested in Tor, this talk is a good summary of everything that happened in the project since last year. Otherwise, it is of little interest.

Talks I plan to watch later

Since I did not have time to watch everything I wanted, I made a short list of the videos I am going to watch in the coming weeks:

  • Vector retrogaming
  • Digital signal processors
  • Let’s encrypt - what launching a free CA looks like.
  • Insecurity of embedded devices’ firmare - Fast and Furious at large scale
  • Graphs, Drones & Phones
  • “I feel like a criminal and I have to be god at the same time”
  • Top X usability obstacles
  • 32C3 infrastructure overview
  • Wireless Drivers: Freedom considered harmful
  • Vehicle2Vehicle Communication based on IEEE802.11p
  • 3D printing on the moon
  • How hackers grind an MMORPG: By taking it apart!
  • goto fail;
  • PQCHacks
  • Lifting the fog on Red Star OS
  • New memory corruptions attacks: Why can’t we have nice things ?
  • Running your own 3G/3.5G network
  • Perl Jam 2
  • Check your priviledges!
  • A dozen year of Shellphish
  • Ten years after “We Lost the War”
  • Maritime Robotics
  • Unpatchable