23C3 27.-30.12. 2006 Berlin -- Chaos Computer Club conference with interesting program ; )

Robert Michel openmoko at robertmichel.de
Thu Nov 30 19:48:46 CET 2006


Today the CCC.de published the "Fahrplan" the program for their
23. conference, called 23C3:

First quick view to show several lectures that would be very interesting 
for us ;)))
Ok this is a long list - I will not only make you think
that it would be fine to go to Berlin or to see the video
tapes in January - before the 23C3 we could also 
- discuss interesting parts 
- find out who of us will go there
- collect interesting quetions
- and maybe have an OpenMoko/Neo1973 community meeting in Berlin 

Ok - just an overview - add when an interesting lecture is missing
and try split our discussion to seperate lectures ;)

Harald Welte - 
   Project Sputnik
Project Sputnik is the real-time in-building location tracking system
present at the 23C3. The Sputnik is a small active 2.4GHz RF Beacon,
whose signal is picked up by one or multiple of the 20+ Sputnik base 
stations installed in the event venue (bcc). Attendees of the 23C3 are 
able to voluntarily participate in this system by purchasing an 
inexpensive Sputnik transponder which they can carry with them 
during the whole event.   
In order to make this project attractive to hackers, the Sputnik
hardware schematics and firmware source code will be published on the
first day of the event,enabling hackers to enhance/replace the exiting 
firmware, and to add new applications such as peer-to-peer communication
between multiple Sputniki.
The location data (both raw and processed) will be available to the
public via the congress network. This means that everyone has access to
all data.  
The intention of the project is mainly to demonstrate what kind of
surveillance is possible using off-the-shelf inexpensive technology, and
to make hackers interested into exploring potential positive use cases for it. 

Andreas Bogk, Hannes Mehnert -
   Design and Implementation of an object-oriented, secure TCP/IP Stack
We present a domain-specific language (DSL) capable to describe
ad-hoc defined protocols like TCP/IP. Additionally we developed other
libraries, like a flow graph for packet processing and a layering mechanism 
for protocol stacking, to get a complete TCP/IP stack.  

pallas -
   How To Design A Decent User Interface
Take a look at software from a user's point of view and improve your
applications Prepare to be brainwashed! This talk wants you to switch from the
developer's perspective to that of an average user to design better UIs.  

tof (Christof Vollrath) -
   Java wird Groovy 
Eine Einführung in die neue, dynamische Sprache für das
Groovy ist eine neue, dynamische Sprache für die Java-VM. Sie greift
Konzepte von Smalltalk, Python und Ruby auf und integriert Sie nach
Java. Die Integration ist leichtgängig, da die Syntax hinreichend ähnlich 
zu Java ist und reibungslos bestehende Java-Bibliotheken genutzt werden können.  

(New dynamic languages for the Java-VM. Integreation of concepts
of smalltalk, python and ruby into Java.)

Steven J. Murdoch -
   Detecting temperature through clock skew
Hot or Not: Defeating anonymity by monitoring clock skew to remotely
detect the temperature of a PC
By requesting timestamps from a computer, a remote adversary can find
out the precise speed of its system clock. As each clock crystal is
slightly different, and varies with temperature, this can act as a 
fingerprint of the computer and its location. 

Melanie Rieback -
   A Hacker's Toolkit for RFID Emulation and Jamming
Radio Frequency Identification (RFID) tags are remotely-powered data
carriers, that are often touted as a "computer of the future", bringing
intelligence to our homes and offices, optimizing our supply chains, and 

keeping a watchful eye on our pets, livestock, and kids.  
However, many RFID systems rely upon the integrity of RFID tag data
for their correct functioning. It has never been so easy to interfere
with RFID systems; we have built a handheld device that performs RFID 
tag emulation and selective RFID tag jamming (sortof like a personal
RFID firewall). Our device is compatible with the ISO 15693/14443A 
(13.56 MHz) standards, and fits into a shirt pocket.
This presentation will explain the "nuts and bolts" of how tag spoofing
and selective RFID jamming work, and will conclude by demonstrating this 

Andreas Krennmair -
   Secure Network Server Programming on Unix 

Paul Wouters, Leigh Honeywell -
   Mobile phone call encryption 
Encrypting (GSM) mobile phone calls over VPN with an Asterisk PBX  
To encrypt all your mobile phones to protect it from overzealous
eavesdroppers, you are currently limited to using special hardware such
as the Cryptophone. The disadvantage of cryptophone is that it only works 
with other cryptophones. To work around this, we turn mobile phones from 
"voice" phones into VOIP phones. Using the SIP protocol for VOIP and 
IPsec/L2TP or Openvpn as our VPN, Leigh Honeywell and Paul Wouters connect 
their mobile phones fully encrypted to an Asterisk PBX server.
The presentation, given by Asterisk expert Leigh Honeywell and VPN
expert Paul Wouters will start with a description of the demise of the
"old" telecom sector and the end of "voice" conversations. The replacement, 
Voice Over IP promises a lot of good things, but it comes at a price. Hacking 
VOIP calls on the internet is much easier. We can no longer trust the security 
of the telecom infrastructure. Forged caller-ID, charging someone else for your 
calls, breaking through firewalled networks, or abuse via VOIP services like 
Google, Jajah, Skype or others. We will demonstrate some of these attacks.   
To address these problems, we need to be able to both authenticate
and encrypt our calls. The solution presented is build with using Freely
available (mostly open source) software and we will explain various aspects 
and ideas behind our setup and why we choose the various protocols and software 
We are currently working with various phones, such as the Linux based
GreenPhone, the XDA's and other phones running either Linux or Microsoft
Windows PDA phones. 
Leigh and Paul will also hold a workshop, where they can go into the
deep technical details on how to build your phones and your servers, and
where people can try out our phones and secure PBX. 

fh -
XMPP ist viel mehr als nur Instant Messaging

Kevin Finistere, Thierry Zoller
   Bluetooth Hacking Revisited 
Hacking Bluetooth revisited - This talks goes into the depth of
Bluetooth security, we'll show attacks on every possible bluetooth layer
including Application Layer, lower layers. We'll break the drivers, the 
implementation, the applications and the _protocol itself_. At the end of 
this talk we hope we have achieved a Prardigm shift with regards on how you 
perceive Bluetooth Security in General. It's not only for toys.

Jan Seedorf -
   SIP Security

Milosch Meriac, Harald Welte -
   OpenPCD / OpenPICC 
Free RFID reader and emulator  
This presentation will introduce and demonstrate OpenPCD and
OpenPICC. The purpose of those projects is to develop free hardware
designs and software for 13.56MHz RFID reader and transponder simulator.
OpenPICC can be used to e.g. simulate ISO 14443 or ISO 15693 transponders, 
such as those being used in biometric passports and FIFA worldcup tickets. 
The OpenPCD project is a 100% Free Licensed RFID reader hardware and
software design. It has first been released on September 13, 2006. Using
OpenPCD, interested hackers can directly access the lowest layers of 13.56MHz 
based RFID protocols. The hardware offers a number of digital and analog
interfaces, and the firmware source code is available and can be modified and
compiled using arm-gcc.
The OpenPICC project is the counterpart to OpenPCD. It is a device
that emulates 13.56MHz based RFID transponders / smartcards. Like
OpenPCD, the hardware design and software are available under Free Licenses. It has not been
released yet, but the first prototypes are working and it is expected to
be released before 23C3.  
The presentation will introduce and explain the OpenPCD and OpenPICC
hardware as well as software design.

Collin Mulliner -
   Advanced Attacks Against PocketPC Phones
0wnd by an MMS 
Smart phones are the new favorite target of many attackers. Also most
current attacks are harmless, since these mostly rely on user mistake or
lack of better knowledge. Current attacks are mostly based on logic errors rather
then code inject and often are only found by accident. The talk will
show some real attacks against smart phones and the kind of vulnerability analysis
which lead to their discovery. 
This talk is about a security analysis of the PocketPC MMS (Multimedia Messaging Service) 
We will start with some background information about some older
attacks against mobile phones. In the next step we will introduce to
PocketPC-based phones and their security. Further we will introduce to the Multimedia 
Messaging Service. Here we will show how it works and how MMS messages look like
under the microscope.   
In the main part we analyze the PocketPC MMS client and build a
fuzzer for it. Since we want avoid costs by sending real MMS messages we
build our own virtual mms system and make PocketPC believe that this is the real thing.  
In the end we will present the bugs and vulnerabilities we found,
including the methods for exploiting them such as how to build your own
So far I planned to release all information that I have kept back at
defcon (exploit code, mms-client, etc...).
Come to this talk if you enjoy any of the following:   
networking mobile phones security fuzzing hex dumps ping floods standards 

Michael Steil -
   Inside VMware   
How VMware, VirtualPC and Parallels actually work  
Virtualization is rocket science. In cooperation with the host
operating system, VMware takes over complete control of the machine
hundreds of times a second, handles pagetables completely manually, 
and may chose to wire (make-non-pageable) as much memory as it chooses. 
This talk explains why it still works. [...] 

Of course I will try to go to Berlin (Could someone close to Aachen,
BXL,Cologne could give me a lift ? ;) - but beside if I will be there:
I would like it very much to see, that OpenMoko/Neo1973 is be a topic 
on the 23C3 
- hey come on, OpenMoko/Neo1973 is *that* big hackers dream ;)

@Sean, any chance that Harald could be there with a prototype?
Would make OpenMoko much more populare ;)))))

@Harald, did you asked Sean for some extra signal lines to have
SPI solder points on the Neo1973 circuit board?
"The OpenPCD hardware design is based on the CL RC632 Multiple
Protocol Contactless Reader IC from Philips, which supports ISO 14443
A&B, ISO 15693, Mifare and ICODE protocols. This reader IC is connected 
via SPI to an ARM Microcontroller."


More information about the community mailing list