36c3 talks

Posted by Wxcafé on Sun 02 February 2020

So a bit over a month ago, like every year, hackers gathered in Leipzig, Germany for the Chaos Communication Congress. This year, like the year before, I couldn’t go to congress (last year because I was moving over an ocean, this year because I didn’t plan early enough and the trip from NYC to Leipzig needs to be planned…), so I was stuck with watching the recordings of the talks (and just miss spending time with friends, unfortunately…).

The problem with watching congress recordings is that they’re all uploaded at the same time, and you don’t have the sort of curation effect of being physically constrained on what you can watch: when you’re at congress, there’s (at least) 4 talks at the same, plus assemblies, and friends to see, and more things that mean you have to curate on-the-fly what you’re gonna see and what you aren’t. On the other hand, when you get all the talks dumped on you at the same time, you don’t have that effect, and you have to choose between like 60 talks and don’t know which are going to be interesting, and which aren’t.

Last year, I simply watched the infrastructure talk, and gave up because I didn’t have time to spend on watching all of the talks. This year, for 36c3, I decided to spend that time and watch everything that sounded vaguely interesting. To spare you the work of going through everything, I’m collecting them all here and giving them a short summary and a 1-5 ⭐ rating reflecting how much it was interesting to me. So here goes:

36c3 Infrastructure Review ⭐⭐⭐⭐

Like each year, the infrastructure review talks about how congress works and the people who make it work. I love watching these, I loved being an Angel when I was there, and I really like learning about the parts of organizing I didn’t know about. This time it’s a bit rushed unfortunately but it’s still a nice talk

A dozen more things you didn’t know Nextcloud could do ⭐⭐

Good talk on nextcloud. Starts talking about the cloud in general and data privacy and stuff like that, then presents upcoming and existing features of nextcloud, many of which I didn’t know were there

a home among the stars: Galina Balashova, architect of the soviet space programme ⭐⭐⭐⭐

Great presentation of the Soviet space program interior design and of the history of the person who designed all of it, Galina Balashova. I was riveted

All wireless communication stacks are equally broken ⭐⭐

Review of vulnerabilities in various wireless communications stacks. A bit light imo, and a bit hard to follow, but a good reminder that you shouldn’t trust these

A systematic evaluation of OpenBSD’s mitigations ⭐⭐⭐⭐

Ah, the infamous OpenBSD talk! Very interesting, honestly, most of the points are very true and need to be fixed. I found he nitpicked a little bit though, and he was kinda aggressive and not very sociable (“I haven’t interacted with the OpenBSD community once”), and then he seems kinda surprised not to have received a warm welcome. That being said, the talk is very informative and does contain a lot of very worrying information and valid criticism

Boot2root ⭐⭐⭐⭐

Your bootloader, it’s been a while since you thought about it too much, huh? Well, it’s a critical component of the security chain of trust, and they’re… really bad. This talk explores exactly how bad they are.

DC/DC Converters: Everything You Wanted To Know About Them ⭐⭐⭐⭐

I approached this thinking “Everything I want to know about DC/DC converters? uh… I can’t think of a thing…” and left with a better understanding of power supplies and a now-satisfied curiosity for electronics. Good talk!

Don’t Ruck Us Too Hard - Owning Ruckus AP Devices ⭐⭐⭐

Classic junk hacking, still pretty fun to watch and examine

Hacking (with) a TPM ⭐⭐⭐⭐⭐

Great talk about how TPMs work, how we can actually use them from linux, what we can do with them… Wanted to learn about TPMs for years, this gave me exactly what I wanted.

Hacking Sony PlayStation Blu-ray Drives ⭐⭐⭐

Interesting subject and great research, pretty old stuff by now though and the talk itself isn’t that good (mostly reading his slides, stuff like that).

How to Break PDFs ⭐⭐⭐⭐

Fun talk about design problems in the PDF standard that allow for forged signatures and stuff like that.

Infrastructure of Wikipedia ⭐⭐⭐⭐

Had no idea how wikipedia was run infrastructure-wise, this is a comprehensive explanation of just that. Very surprised by how small their operation is given the scale of wikipedia.

Intel Management Engine deep dive ⭐⭐⭐⭐

Missed all the previous Intel ME talks at congress, so this was a good refresher. It’s an impressive talk from a technical point of view, and very informative too

It’s not safe on the streets… especially for your 3DS! ⭐⭐⭐⭐

Very cool talk on the Streetpass protocol, how it works, and how it’s exploitable. Definitely makes me wanna experiment with my 3ds again! (oops, I forgot to play the games 😩)

KTRW: The journey to build a debuggable iPhone ⭐⭐⭐⭐⭐

iOS exploitation is always really cool. iOS kernel exploitation is even cooler. Using that to make a step-by-step debuggable iPhone, with a demo on-stage? Amazing. Admitting your exploit has been redundant/outdated since right before you released it and all that work could have been avoided, with a smile? Priceless

Look at ME! - Intel ME Investigation ⭐⭐⭐⭐

Good overview of what you missed in the previous ME talk (and also really helps understanding that other talk, you should watch this one first!). No reverse engineering has been performed in the making of this presentation, of course

Messenger Hacking: Remotely Compromising an iPhone through iMessage ⭐⭐⭐⭐

Another iOS exploitation talk, this time 0 interaction, with memory corruption through what’s essentially text messages? Really cool

No Body’s Business But Mine, a dive into Menstruation Apps ⭐⭐⭐⭐

Important research on menstruation apps data sharing (mal)practices. Pretty good talk too, a bit light on the research but it’s cool that they contacted and got an answer from the companies in question.

Plundervolt: Flipping Bits from Software without Rowhammer ⭐⭐⭐⭐⭐

I love hardware attacks and fault injection attacks, this is a hardware attack using fault injection all from software. It’s great. It’s not very practical, and the target is pretty small, but it’s really amazing to learn about, and the presentation is great too

Practical Cache Attacks from the Network and Bad Cat Puns ⭐⭐⭐⭐

Yay, yet another CPU cache attack! And this one is over the network too, which is way broader in application than the previous examples! Very good technical talk.

Refactoring qaul.net in Rust (Internet independent mesh communication App) ⭐⭐⭐⭐⭐

I love hearing about alternative communication platforms, and I love the ones that don’t depend on a centralized or even federated infrastructure (we’re gonna need them after the end of capitalism when we’re reducing our collective energy consumption). This is about just that, and it’s fun, and my friend is speaking too so.

SELECT code_execution FROM * USING SQLite; ⭐⭐⭐⭐

Is SQLite secure? It’s software so obviously not, but how insecure is it? This talk goes into how to corrupt memory in SQLite, and that’s pretty good given the number of things that use it.

SIM card technology from A-Z ⭐⭐⭐⭐

Smartcards are cool. SIM Cards are cool! I love learning about stuff like that where there’s not a lot of (publicly-available) documentation and it’s hard to experiment by yourself, and this goes into great detail

Server Infrastructure for Global Rebellion ⭐⭐⭐⭐⭐⭐⭐⭐⭐⭐

Probably the most important talk of 36c3 in my opinion. Too many activist/political groups don’t think nearly enough about infrastructure and security, and act as if talking openly was fine and noone was spying on them. Guess what.

There’s also a shortage of politically-invested systems and network admins, and we need more, we need way more. The distributed architecture of the system that’s presented here, with the implicit transfer of knowledge that goes with it, is incredibly good and very effective against getting compromised.

I’ll leave the rest for when you to discover in the talk, but definitely watch it.

Be warned though, the first… maybe 20 minutes? are not about infrastructure, they’re about global warming. And while this is a very important topic it can also be very overwhelming (and it definitely is here), so you might want to skip that if it makes you anxious. Otherwise, be prepared.

Storing energy in the 21st century ⭐⭐⭐

Everything you’ve ever wanted to know about batteries. Unfortunately cut a bit short at the end because of poor time management, but still.

System Transparency ⭐⭐⭐

More TPM stuff, but also an interesting view of what secure systems could be on the cloud (probably won’t be, but could be).

Tales of old: untethering iOS 11 ⭐⭐⭐⭐

iOS talk again, the coolest humble brag talk I’ve ever seen (“yeah so we chained this exploit with this exploit, then chained this exploit to it, then exploited this and then this… and now we have code execution! So that was easy, next up…”), and some comically bad patching by Apple.

TamaGo - bare metal Go framework for ARM SoCs. ⭐⭐⭐⭐

That’s a very cool project, honestly. I’m all for better firmwares, and this seems like order of magnitudes better than what’s out there to build these. Hilarious watching the speaker clarify at every step he doesn’t think Go is better than rust etc too.

Go /might not/ be the best language for the job, though. A rust equivalent would be better (do not email me about this thanks)

The KGB Hack: 30 Years Later ⭐⭐

Interesting topic, relating to the origins of the CCC and the cold war, but the talk itself isn’t that well told unfortunately

The Large Hadron Collider Infrastructure Talk ⭐⭐⭐⭐

Lots of infrastructure talks this year, huh? Very cool, I love hearing about physics stuff when I don’t have to learn anything, and this is exactly that. They have very, very tight and specific constraints, and it’s amazing how they managed to build the hardware they needed to meet these constraints

The One Weird Trick SecureROM Hates ⭐⭐⭐⭐⭐

ANOTHER iOS talk? Lots of iOS talks this year, huh? This one talks about an unpatcheable exploit in the boot ROM of iPhones up to the last model. Boom. Obviously a great talk

The Ultimate Acorn Archimedes talk ⭐⭐⭐⭐

A very british talk about an old RISC computer? I’m here for it.

The challenges of Protected Virtualization ⭐⭐

This one presents the concept of an Ultravisor, some sort of more privileged hypervisor that would enable VMs that are protected from the host. I’m not really convinced honestly but go give it a listen to make up your own mind

The sustainability of safety, security and privacy ⭐⭐⭐

It’s hard to patch things for a long time, and yet we’re going to have to start because we need to start being more sustainable.

The technical is political – tech’s role in oppression and what technicians can do against it ⭐⭐⭐⭐

This one may be a bit obvious, honestly, but it’s still good and important to see these things said at a hacker forum like congress is, and they aren’t told too badly, so… yeah?

TrustZone-M(eh): Breaking ARMv8-M’s security ⭐⭐⭐⭐

Fault injection is fun! Fault injection is cool, and that’s what he’s doing here with very precisely timed undervoltage (he’s got a cute little device to help too). Also gives all the context you need, good talk

Uncover, Understand, Own - Regaining Control Over Your AMD CPU ⭐⭐⭐⭐

The Intel ME talk, but about the AMD PSP. They reverse-engineered it pretty well, and explain not only how it works but also how they reimplemented part of the firmware and a userland proxy too.

Understanding millions of gates ⭐⭐⭐⭐⭐

Very interesting talk, about reverse engineering integrated circuits from pictures of the chip surface. Hardware reverse-engineering and amazing-looking graphs get a thumbs-up from me

What the World can learn from Hongkong ⭐⭐⭐⭐⭐

I was a bit weary of this one because western liberals love to use revolts in foreign countries as examples that liberalism is so good. But this talk is politically well thought-out, and it has a lot of very good protest tactics suggestions. Good stuff here too

What’s left for private messaging?

Secure messaging rehash of old debates, the threat modelling is always the same (the state or a state-like actor is spying on you), not much usability concern, and no accessible suggestions. Meh

Wifibroadcast ⭐⭐⭐⭐⭐

This guy is maybe the most nonchalant I’ve seen so far, and he gives a talk that’s so mind-blowing that the tone difference made me feel weird. How the fuck can wifi do that? What’s the catch? There has to be a catch, right?

X11 and Wayland: A tale of two implementations ⭐⭐⭐

A guy implements his window manager on two different backends and lives to tell the tale

ZombieLoad Attack ⭐⭐⭐⭐⭐

Yet Another Cache Leak in Intel CPUs, but this one is very well told! One of these guys also worked on Plundervolt which is really impressive, stop breaking Intel CPUs that much!

So… Yeah that’s it. Not all talks are covered here, because I didn’t watch all of them, because they didn’t all look interesting and I don’t have unlimited time to do that! But you should have enough to keep busy for a few days.

That’s obviously far from the same experience as being at CCC, but I hope it helps reconnect a little, and I definitely hope I can be there next year!