BEGIN:VCALENDAR VERSION:2.0 PRODID:-//39th Chaos Communications Congress//CCC's events CALSCALE:GREGORIAN METHOD:PUBLISH X-WR-CALNAME:CCC's events BEGIN:VEVENT SUMMARY:Opening Ceremony DTSTART:20251227T093000Z DTEND:20251227T100000Z DTSTAMP:20260406T225311Z UID:0c8b0cb4-6cf9-5ff8-928a-0a0f49558c48 CATEGORIES:official,CCC & Community DESCRIPTION:Das Opening gibt euch die wichtigsten Infos für den Congress\ , stimmt euch ein und ... äh ... bis Späti! LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/opening-ceremony END:VEVENT BEGIN:VEVENT SUMMARY:All Sorted by Machines of Loving Grace? "AI"\, Cybernetics\, and F ascism and how to Intervene DTSTART:20251227T100000Z DTEND:20251227T104000Z DTSTAMP:20260406T225311Z UID:304dd87b-7de5-557c-9951-1add24396a0b CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:The idea of the Super-Human is not a new one\, neither is the idea of charismatic „good“ leader nor to sort humans into classes\, ra ces\, abilities. The idea of a view controlling many by force and ideas th at justify their rulership and cruelties is an old one\, as is the opposin g idea of a free society and humans as equals.\nA central aspect is how pe ople involved see the human nature and according to that what society they want to build. And what role is intended for technology.\nIn the 19th cen tury the beliefs of both the opposing sides dripped into science\, as well as individual’s heads\, and social movements around the world. While so me wanted to form a wold society of equals others wanted to breed a master race that to control everything.\n\nThe love of industrial leaders for au thoritarianism has played an important role since the beginning in funding and providing access to powerful networks. Industrialists like Henry Ford loved and promoted ideas at least close to fascism. German\, Italian\, an d Austrian counterparts funded Hitler and Mussolini. And it is not that th ey did it because they did not understand the fascist leader’s yearning – it was because they shared and loved their aims and violence. \n\nIn F uturism\, one of the often overlooked roots of fascism\, and its Manifesto the enemies and societal goals are proclaimed crystal clear: “We will g lorify war — the only true hygiene of the world — militarism\, patriot ism\, the destructive gesture of anarchist\, the beautiful Ideas which kil l\, and the scorn of woman.“\n\nAfter WWII most of the people believing in dominating others by force and eugenics lived on\, they and their croni es had slaughtered millions and destroyed whole social movements were oppo sing them. These people warning us about authoritarian prophets of doom an d concentration camps are still missing.\n\nIn the post-war time ideas of authoritarianism met a new player: Cybernetics\, the believe in a future\, where all problems will be solved through technology and we are “All Wa tched Over by Machines of Loving Grace” (Richard Brautigam\, 1967). The ideas split\, merged\, and melted into new beliefs and quasi-religions. In to something that is called “Cyber-Libertarianism” by David Golumbia o r “TESCREAL” by Émile P. Torres and Timnit Gebru. \n\nThis talk will address an aspect that is often missing in analyses: What kind of breeding ground is it where ideas of fascism hatches best? And how can we stop iFa scism instead of participating in it?\n\nFurthermore\, as being sorted by machines is not everyone's secret dream\, ways to stop iFascism will be pr ovided.\n\nBecause we are more\, we care for people in need – and we are the chaos! LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/all-sorted-by-mac hines-of-loving-grace-ai-cybernetics-and-fascism-and-how-to-intervene END:VEVENT BEGIN:VEVENT SUMMARY:A Tale of Two Leaks: How Hackers Breached the Great Firewall of Ch ina DTSTART:20251227T100000Z DTEND:20251227T104000Z DTSTAMP:20260406T225311Z UID:ba655198-f461-5a1b-998c-12ed49fc7aae CATEGORIES:official,Security DESCRIPTION:While probing the Great Firewall’s DNS injection system in 2 021\, we noticed something strange: Sometimes the injected responses conta ined weird garbage. After some investigation\, we realized we’d stumbled onto a memory disclosure vulnerability that would give us an unprecedente d window into the Great Firewall’s internals: Wallbleed.\n\nSo we crafte d probes that could leak up to 125 bytes per response and repeatedly sent them for two years. Five billion responses later\, the picture that emerge d was... concerning. Over 2 million HTTP cookies leaked. Nearly 27\,000 UR L parameters with passwords. SMTP commands exposing email addresses. We fo und traffic from RFC 1918 private addresses - suggesting we were seeing th e Great Firewall’s own internal network. We saw x86_64 stack frames with ASLR-enabled pointers. We even sent our own tagged traffic into China and later recovered those exact bytes in Wallbleed responses\, proving defini tively that real user traffic was being exposed.\n\nIn September 2023\, th e patching began. We watched in real-time as blocks of IP addresses stoppe d responding to our probes. But naturally the same developers that made th is error in the first place made further mistakes. Within hours\, we devel oped “Wallbleed v2” queries that still triggered the leak. The vulnera bility persisted for another six months until March 2024.\n\nGFW measureme nt research went back to business as usual until September of this year wh en an anonymous source released 600GB of leaked source code\, packages\, a nd documentation via Enlace Hacktivista. This data came from Geedge Networ ks - a company closely connected to the GFW and the related MESA lab. Geed ge Networks develops censorship software not only for the GFW but also for other repressive countries such as Pakistan\, Myanmar\, Kazakhstan\, and Ethiopia.\n\nWe will discuss some of our novel findings from the Geedge Ne tworks leak\, including new insights about how the leak relates to Wallble ed.\n\nWallbleed and the Geedge Networks leak show that censorship measure ment research can be about more than just actively probing censored networ ks. We hope this talk will be a call to arms for hackers against Internet censorship.\n\n\nMore information about Wallbleed can be found at the GFW Report:\nhttps://gfw.report/publications/ndss25/en/ LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/a-tale-of-two-lea ks-how-hackers-breached-the-great END:VEVENT BEGIN:VEVENT SUMMARY:OpenAutoLab: photographic film processing machine. Fully automatic and DIY-friendly. DTSTART:20251227T100000Z DTEND:20251227T104000Z DTSTAMP:20260406T225311Z UID:a3655a3a-b74e-5714-ad79-77b0c803136b CATEGORIES:not recorded,official,Hardware DESCRIPTION:The presentation starts with a short overview of analogue phot ography processes and motivation of some photographers to shoot film inste ad of using contemporary digital technology.\nIt covers ways to process th e film starting from least involved\, such as sending to specialized labor atory\, and possible motivation to get a processing machine.\nExisting fil m processors are described with their features and deal-breakers for an en d-user in 2025.\nThen the history of developing OpenAutoLab is given\, tog ether with important design decisions made during development and why alte rnative solutions were discarded.\nIn the end the process of building the machine (and sourcing the needed parts) is given with some motivation towa rds changing it to fit the needs of an individual photographer. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/openautolab-photo graphic-film-processing-machine-fully-automatic-and-diy-friendly END:VEVENT BEGIN:VEVENT SUMMARY:The art of text (rendering) DTSTART:20251227T100000Z DTEND:20251227T104000Z DTSTAMP:20260406T225311Z UID:7c12c5be-5414-5673-a856-697a3889f824 CATEGORIES:official,Art & Beauty DESCRIPTION:Text is everywhere in our modern digital life and yet\, no one really pay attention to how it is rendered on a screen. Maybe this is a s ign that problem has been solved. But it isn't. A few people are still loo king at the best way to display text on any devices & any languages. This talk is based on a lesson I gave at SIGGRAPH a few years ago (https://www .slideshare.net/slideshow/siggraph-2018-digital-typography/110385070) to e xplain rendering techniques and concepts. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/the-art-of-text-r endering END:VEVENT BEGIN:VEVENT SUMMARY:Brennende Wälder und Kommentarspalten - Klimaupdate mit dem FragD enStaat Climate Helpdesk DTSTART:20251227T105500Z DTEND:20251227T113500Z DTSTAMP:20260406T225311Z UID:59b5d6cc-bc07-5554-80f1-7d1008573d92 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:Chatgpt hat (bald) mehr Nutzer*innen als Wikipedia\, OpenAI wi ll in Zukunft den Energieverbrauch von Indien haben und das notfalls auch mit fossilen Energien. Der Energiehunger der künstlichen Intelligenz und der globale Ressourcenhunger für Chips und Elektroautos scheint den Rest Hoffnung einer klimagerechten Welt aufzufressen.\n\nAuch in Deutschland fi nden wir uns in den Wasserkämpfen wieder\, während global längst Bewegu ngen gegen wasserhungrige Konzerne und Rechenzentren zusammenfließen. Auf der ganzen Welt\, von Lateinamerika bis Portugal und Serbien wehren sich Menschen gegen den Abbau des weißen Goldes Lithium\, das für Elektroauto s und Chips benötigt wird. Zusammen mit Wäldern brennen auch die Komment arspalten und die staatlichen Repressionen gegen Klimaaktivismus nehmen zu . Ich möchte einen Überblick geben zum Zustand unserer Erde und der Klim abewegung und was Hacker*innen für die Rettung des Planeten können und w elche Tech-Milliardäre wir dafür bekämpfen müssen.\n\nIch bin Joschi ( they/them) vom FragDenStaat Climate Helpdesk. Ich bringe 10 Jahre Erfahrun g in der Klimabewegung und Expertise für verschiedene Themen rund um Nach haltigkeit und Digitalisierung mit. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/brennende-walder- und-kommentarspalten-klimaupdate-mit-bits-baume-und-dem-fragdenstaat-clima te-helpdesk END:VEVENT BEGIN:VEVENT SUMMARY:Demystifying Fuzzer Behaviour DTSTART:20251227T105500Z DTEND:20251227T113500Z DTSTAMP:20260406T225311Z UID:077fbf39-e49b-5f13-8a6f-c5c71bcb309c CATEGORIES:official,Science DESCRIPTION:Fuzz testing (or\, "fuzzing") is a testing technique that pass es randomly-generated inputs to a subject under test (SUT). This term was first coined in 1988 by Miller to describe sending random byte sequences t o Unix utilities (1)\, but was arguably preceded in 1971 by Breuer for fau lt detection in sequential circuits (2) and in 1972 by Purdom for parser t esting by generating sentences from grammars (3). Curiously\, they all exh ibit different approaches for generating inputs based on knowledge about t he SUT\, though none of them use feedback from the SUT to make decisions a bout new inputs.\n\nFuzzing wasn't yet popular\, but industry was catching on. Between the late 90s and 2013\, we see a number of strategies appear in industry (4). Some had success with constraint solvers\, where they wou ld observe runtime behavior or have knowledge about a target's structure t o produce higher quality inputs. Others operated in a different way\, by t aking an existing input and tweaking it slightly ("mutating") to address t he low-likelihood of random generation to produce structured inputs. None was as successful\, or as popular\, as American Fuzzy Lop\, or "AFL"\, rel eased in 2013. This combined coverage observations for inputs (Ormandy\, 2 007) with concepts from evolutionary novelty search (5) into a tool which could\, from very few initial inputs\, _evolve_ over multiple mutations to find new\, untested code.\n\nDespite its power\, this advancement made it far more difficult to understand how fuzzers even worked. Now all you had to do was point this tool at a program and it would start testing\, and t he coverage would go up\; users were now only responsible for writing "har nesses"\, code which processed fuzzer-produced inputs and sent them to the SUT. Though there have been a few real advances to fuzzing since (or\, at least\, strategies which combined previous methods more effectively)\, fu zzing research has mostly deadended\, with new methods squeezing only mino r improvements out of older ones. This\, and inadequate harness writing\, comes from this opaqueness in how fuzzers internally operate: without unde rstanding what these tools do from first principles\, there's no clear "ri ght" and "wrong" way to do things because there is no mental model to test them against.\n\nThis talk doesn't talk about new bugs\, new fuzzers\, or new harness generation tools. The purpose of this talk is to uncover mech anisms of fuzzer input production in the context of different classes of S UT and harnesses thereon\, highlighting recent papers which have clarified our understanding of how fuzzers and SUTs interact. By the end\, you will have a better understanding of _why_ modern fuzzers work\, _what_ their l imitations are\, and _how_ you can write better fuzzers and harnesses your self.\n\n(1): https://pages.cs.wisc.edu/~bart/fuzz/CS736-Projects-f1988.pd f\n(2): https://ieeexplore.ieee.org/document/1671733\n(3): https://link.sp ringer.com/article/10.1007/BF01932308\n(4): https://afl-1.readthedocs.io/e n/latest/about_afl.html\n(5): https://www.academia.edu/download/25396037/0 262287196chap43.pdf LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/demystifying-fuzz er-behaviour END:VEVENT BEGIN:VEVENT SUMMARY:ISDN + POTS Telephony at Congress and Camp DTSTART:20251227T105500Z DTEND:20251227T113500Z DTSTAMP:20260406T225311Z UID:382a6def-2dbb-5ba8-bde5-0bf509c5eb02 CATEGORIES:official,Hardware DESCRIPTION:Just like at this very event (39C3)\, the last few years a sma ll group of volunteers has delpoyed and operated legacy telephony networks for ISDN (digital) and POTS (analog) services at CCC-camp2023 and 38C3. A nyone on-site can obtain subscriber lines (POTS\, ISDN BRI or PRI service) and use them for a variety of services\, including telephony\, fax machin es\, modem dial-up into BBSs as well as dial-up internet access and video telephony.\n\nThese temporary event networks are not using soft-PBX or VoI P\, but are built using actual de-commissioned hardware from telecom opera tors\, including a Siemens EWSD digital telephone exchange\, Nokia EKSOS V 5 access multiplexers\, a SDH ring for transporting E1 carriers and much m ore.\n\nWhile some may enjoy this for the mere hack value\, others enjoy i t to re-live the digital communication sear of their childhood or youth. Howevre\, there is a more serious aspect to this: The preservation and res toration of early digital communications infrastructure from the 1970s to 1990s\, as well as how to operate such equipment. As part of this effort\ , we have already been able to help communications museums to fill gaps in their collections.\n\nThe talk will cover\n* the equipment used\,\n* the network hierarchy we build\,\n* the services operated\n* the lessons learn t\n* newly-written open source software for interfacing retro telcommunica tions gear LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/isdn-pots-telepho ny-at-congress-and-camp END:VEVENT BEGIN:VEVENT SUMMARY:Zentrum für Politische Schönheit: Ein Jahr Adenauer SRP+ und der Walter Lübcke Memorial Park DTSTART:20251227T105500Z DTEND:20251227T113500Z DTSTAMP:20260406T225311Z UID:926c987a-2dd9-54f6-9a3a-45222dc9c4b7 CATEGORIES:official,Art & Beauty DESCRIPTION:Es ist genau ein Jahr her\, dass der Adenauer SRP+ in der Hall e des 38C3 stand. Damals war er noch eine Baustelle\, aber schon bald mach te er sich auf den Weg\, um Geschichte zu schreiben. Wir nehmen euch mit a uf eine Reise: von Blockade über Protest\, von Sommerinterviews bis zu Po lizeischikanen lassen wir ein Jahr Adenauer SRP+ Revue passieren. Das kön nte lustig werden.\nAußerdem: alles zum Walter Lübcke-Memorial-Park\, de n wir gerade direkt vor die CDU-Zentrale gebaut haben.\n\nOwei owei: Das w ird viel für 40 Minuten. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/zps-ein-jahr-aden auer-srp-und-mehr END:VEVENT BEGIN:VEVENT SUMMARY:Building hardware - easier than ever - harder than it should be DTSTART:20251227T115000Z DTEND:20251227T123000Z DTSTAMP:20260406T225311Z UID:4bfb9f9c-a8cd-5bcb-8b0f-ce20509f2a36 CATEGORIES:official,Hardware DESCRIPTION:Electronics is easier and more fun to get into than it's ever been before. All the tools and resources are easily accessible and super c heap or free. There's an enormous amount of things to build from and build on.\n\nIt's also never been more important to be able to build and unders tand electronics\, as assholes running corporations are wasting their work ers' unpaid overtime on making all the electronics in our lives shittier\, more full of ads\, slop\, and spyware\, and more frustrating to use. Enco untering a device that works for you instead of against you is a breath of fresh air. Building one is an act of resistance and power. Not depending on the whims of corporate assholes is freedom.\n\nHowever\, the culture ar ound electronics and the electronics industry is one of exclusion and gate keeping. It doesn't need to be. It would be stupidly easy to make things b etter\, and we should. I've been teaching absolute beginners advanced elec tronics manufacturing skills for many years now. It's absolutely shocking how much more diverse the people who I teach are compared to the industry. The "hardware is hard" meme is true in some cases but toxic when worn as a badge of pride or a warning to people attempting it.\n\nI will tell you why designing and building electronics is not nearly as hard as it seems\, how it's almost never been easier to get into it\, and why it's very impo rtant that people who think or have been told they can't do it should be d oing more of it. I'll tell you my experiences of what building devices is like\, show and tell a few useful skills\, and tell the story of how tryin g to prove someone wrong on the internet turned into a decade of teaching people with zero experience how to handle the most complex electronic comp onents at all sorts of community events. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/building-hardware -easier-than-ever-harder-than-it-should-be END:VEVENT BEGIN:VEVENT SUMMARY:FeTAp 611 unplugged: Taking a rotary dial phone to the mobile age DTSTART:20251227T115000Z DTEND:20251227T123000Z DTSTAMP:20260406T225311Z UID:cc16de00-c31f-5c44-a34a-615e6beba883 CATEGORIES:official,Hardware DESCRIPTION:There are people who throw away old telephones - and then ther e are those who find them in the garbage and think\, „How can a microcon troller actually read the digits from a rotary dial?“\nThis talk follows the journey of transforming a classic German FeTAp 611 rotary phone into a mobile device while keeping its vintage charm. Building on earlier retro fits\, this project aims to combine the following design goals into a mobi le version of the Fernsprechtischapparat:\n\n- Grandparents-compatible – The phone shall be easy to use by non-technical people\, showing the same look and feel as the original phones\, including details such as a dial t one.\n- easy phone switching – Switching between FeTAp and regular cellp hone shall not require unscrewing the phone to switch SIM cards.\n- standa rd components – PCB/PCBA suppliers shall be capable of manufacturing boa rds at a reasonable price.\n- device-agnostic circuit design – Adapting to different phones (e.g. W48\, FeTAp 791\, FeTAp 611) shall minimize the need for changes in the schematic. This includes a ringing voltage generat or that shall be powerful enough to drive an old W48 phone.\n\nThis talk w ill walk you through certain aspects of the German analog telephony standa rd 1TR110-1\, and the challenges faced when implementing those on a batter y-powered device with little space. It explains\n- the state machine imple mented on an STM32 microcontroller\,\n- how to connect old carbon micropho nes to modern audio electronics\,\n- designing (and avoiding mistakes in) a flyback based SMPS to generate 32V - 75V ringing voltage\,\n- how to gen erate 25 Hz AC using an H-bridge\,\n- and how to layout the PCB such that the ancient second handset connector can now be used for USB-C charging.\n \nIn the course of the development\, I discovered that the project is not only a good way to get a glimpse into various aspects of ancient and moder n types of electronics - but also into people’s reactions when such a ph one suddenly starts ringing on a flea market… :-) LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/fetap-611-unplugg ed-taking-a-rotary-dial-phone-to-the-mobile-age END:VEVENT BEGIN:VEVENT SUMMARY:Neuroexploitation by Design: Wie Algorithmen in Glücksspielproduk ten sich Wirkweisen des Reinforcement Learning und dopaminergen Belohnungs systems zunutze machen DTSTART:20251227T115000Z DTEND:20251227T123000Z DTSTAMP:20260406T225311Z UID:6a645194-deb6-5e96-b8ce-bb18774f1f14 CATEGORIES:official,Science DESCRIPTION:In diesem Vortrag wird beleuchtet\, wie moderne Glücksspielpr odukte und glücksspielähnliche Spielmechaniken\, etwa Lootboxen\, geziel t psychologische und neurobiologische Lernprozesse ausnutzen\, um Umsatz d urch längeres Spielen und stärkere Interaktion zu generieren. Im Fokus s tehen dabei Mechanismen des Verstärkungslernens (Reinforcement Learning) und deren Zusammenspiel mit dem dopaminergen Belohnungssystem. Anhand aktu eller Forschungsergebnisse werden Designstrategien vorgestellt\, die das S uchtpotenzial von Glücksspielen erhöhen können. Ziel des Vortrags ist e s\, ein wissenschaftlich fundiertes Verständnis dieser Dynamiken zu vermi tteln\, Risiken für Individuen und Gesellschaft aufzuzeigen und die Notwe ndigkeit von Regulierung und verantwortungsvollem Design zu diskutieren. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/neuroexploitation -by-design-wie-algorithmen-in-glucksspielprodukten-sich-wirkweisen-des-rei nforcement-learning-und-dopaminergen-belohnungssystems-zunu END:VEVENT BEGIN:VEVENT SUMMARY:Who cares about the Baltic Jammer? – Terrestrial Navigation in t he Baltic Sea Region DTSTART:20251227T115000Z DTEND:20251227T123000Z DTSTAMP:20260406T225311Z UID:64ec3662-a77a-51c1-98fc-65f995f49912 CATEGORIES:official,Security DESCRIPTION:Since 2017\, our team at DLR and partners across Europe have b een working on an alternative to satellite navigation: **R-Mode**\, a back up system based on terrestrial transmitters. Our main testbed spans the Ba ltic Sea — a region now infamous for GNSS jamming and spoofing.\n\nWe’ ll start by showing what GNSS interference actually means in practice: air craft losing navigation data\, ships switching to manual control\, and ent ire regions facing timing outages — such as the recent disruption of tel ecommunications in Gdańsk during Easter 2025.\n\nThen we’ll take you be hind the scenes of building R-Mode: designing signals that can coexist wit h legacy systems\, installing transmitters along the coast\, and testing s hipborne receivers in rough conditions. We’ll share personal moments — like the first time we received a stable position fix in the middle of th e Baltic.\n\nFinally\, we’ll talk about perception and politics: how a “research curiosity” became a critical infrastructure project\, why ES A now wants to build a *satellite* backup (with the same vulnerabilities)\ , and how it feels when your civilian open-source navigation system sudden ly becomes strategically relevant. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/who-cares-about-t he-baltic-jammer-terrestrial-navigation-in-the-baltic-sea-region END:VEVENT BEGIN:VEVENT SUMMARY:Chaos macht Küche DTSTART:20251227T125000Z DTEND:20251227T133000Z DTSTAMP:20260406T225311Z UID:90cb7149-ec4d-5499-9649-9091374100ad CATEGORIES:official,CCC & Community DESCRIPTION:Bei vielen Zeltlagern\, Sommerfesten\, ICMP\, Village beim Cha os-Camp und ähnlichem habe ich gelernt wie man für viele Menschen kochen kann und wie nicht. Damit Du nicht die gleiche Lernkurve machen musst\, m öchte ich Dir zeigen mit welchen Überlegungen Du mit 2-3 Freunden Essen für viele Menschen zubereiten kannst. \n\nPlanen\, einkaufen\, Logistik\, vorbereiten\, kochen\, Hygiene\, servieren und aufräumen\, das kann jede r. \nDas so zu machen das es Spaß macht\, sich nicht nach Arbeit anfühlt und dann auch noch allen schmeckt\, das möchte ich Dir mit diesem Vortra g vermitteln.\n\nWenn dein Space in Zukunft ein großes Event plant und Du darüber nachdenkst ob man vor Ort kochen kann und will\, dann komme vorb ei und lass Dir zeigen was man dafür braucht und wie das geht. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/chaos-macht-kuche END:VEVENT BEGIN:VEVENT SUMMARY:Developing New Medicines in the Age of AI and Personalized Medicin e DTSTART:20251227T125000Z DTEND:20251227T133000Z DTSTAMP:20260406T225311Z UID:5cf7d973-5a94-5e8f-9f8d-8b5f4ec5bb6d CATEGORIES:official,Science DESCRIPTION:After presenting a high-level overview of the path from an ide a to the medicine that you can buy at a pharmacy\, this talk will present and discuss the following aspects of the drug discovery and development pr ocess:\n(1) The translation of an idea into a drug for a human patient fac es many critical moments along the development process. This so-called “ translational gap” is addressed through experiments in a test tube (or P etri dish)\, experimentation in lab animals\, and eventually testing in hu mans. However\, findings in a standard cell line or in a mouse do not nece ssarily reflect the complexity of biological processes in a human patient. Currently\, there are many technological advancements under way to improv e the current drug discovery and development process\, and possibly even r eplace animal studies in the future (e.g.\, organs-on-chip). Nevertheless\ , the fundamental issues surrounding translational research remain\, such as the lack of standardization\, the limitations of model systems\, and va rious underlying clinical biases.\n(2) Like in many industries today\, AI applications are introduced at multiple levels and for various purposes wi thin the drug discovery and development continuum. Often\, a lot of hope i s placed in AI-based technologies to accelerate the R&D process\, increase efficiency and productivity\, and identify new therapeutic approaches. In deed\, there are many highly useful examples\, such as the automation of i mage analysis in research\, which replaces repetitive tasks and hence free s up a lot of time for researchers to do meaningful research. However\, th ere are also many applications that are likely misguided\, because they st ill face fundamental problems in evaluating scientific knowledge. For inst ance\, the use of LLMs to summarize huge amounts of very complex and heter ogeneous scientific data relies on the accuracy\, completeness\, and repro ducibility of the available scientific data\, which is often not the case. In addition\, AI is often employed in an IT environment with questionable data security and ownership practices\, such as the storage of sensitive research data on third-party cloud platforms.\n(3) Until now\, the overwhe lming majority of drugs have been developed to treat large patient populat ions\, which represent a considerable market and ultimately ensure a retur n on investment. Today\, however\, most common and homogeneous diseases ca n already be managed\, often with several (generic) drugs. Slight improvem ents to current drugs do not justify a large profit margin anymore\, so th e focus of drug discovery and development is shifting toward more heteroge neous and rare diseases\, for which no or only poor treatments are availab le. Novel medicines in those disease areas hold the promise of substantial improvement for patients\; however\, these new patient (sub)populations\, and thus markets\, are much smaller\, leading to premium prices for indiv idualized therapies in order to ensure a return on investment. This paradi gm shift toward individualized therapy - referred to as precision and pers onalized medicine - is supported by the advent of novel technologies and t he accumulation of large bodies of data.\n(4) The rise of precision and pe rsonalized medicine is challenging the current business model of today’s pharmaceutical industry\, suggesting that the era of blockbuster drugs mi ght be over. Moreover\, many intellectual property rights for blockbuster drugs are going to expire in the next few years\, ending the market domina nce of a number of pharma companies and sending the current industry lands cape into turmoil. These developments will likely alter the current modus operandi of the entire biopharmaceutical development process\, and it is n ot clear how the next few years will look like. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/developing-new-me dicines-in-the-age-of-ai-and-personalized-medicine END:VEVENT BEGIN:VEVENT SUMMARY:Endlich maschinenlesbare Urteile! Open access für Juristen DTSTART:20251227T125000Z DTEND:20251227T133000Z DTSTAMP:20260406T225311Z UID:8f6e4391-96fc-5d29-b66c-328026fc35f0 CATEGORIES:official,Science DESCRIPTION:Es ist tatsächlich ein ernsthaftes und reales wissenschaftlic hes und gesellschaftliches Problem\, wenn Urteile hinter den wurmstichigen Aktenschränken der Amtstuben weggeschlossen werden. Wir belegen das anha nd einiger besonders hahnebüchener Zitate aus aktuellen und nicht mehr ä nderbaren Urteilen aus der Praxis.\n\nWir erarbeiten aktuell Strategien\, wie man das Rechtssystem power-cyclen kann\, um Urteile in ihrer Gesamthei t\, und damit die faktisch gesprochene Rechtslage in Deutschland wieder zu gänglich werden. Als positiver Nebeneffekt der Verfügbarkeit von Urteile n kann Zivilgesellschaft und die Politik auch selber souverän überprüfe n\, ob unsere Richter das Recht typischerweise auch wirklich im Sinne der Legislative anwenden – keiner kann es aktuell wissen\, wie können nur h offen ... LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/endlich-maschinen lesbare-urteile-open-access-fur-juristen END:VEVENT BEGIN:VEVENT SUMMARY:Liberating Bluetooth on the ESP32 DTSTART:20251227T125000Z DTEND:20251227T133000Z DTSTAMP:20260406T225311Z UID:760c1f6b-349e-5ee3-9eeb-4a0f20dc902a CATEGORIES:official,Hardware DESCRIPTION:The ESP32 has become an ubiquitous platform in the hacker and maker communities\, powering everything from badges and sensors to mesh ne tworks and custom routers. While its Wi-Fi stack has been the subject of p revious reverse engineering efforts\, its Bluetooth subsystem remains larg ely undocumented and closed source despite being present in millions of de vices.\n\nThis talk presents a reverse engineering effort to document Espr essif’s proprietary Bluetooth stack\, with a focus on enabling low-level access for researchers\, security analysts\, and developers to improve ex isting affordable and open Bluetooth tooling.\n\nThe presentation covers t he reverse engineering process itself\, techniques and the publication of tooling to simplify the process of peripheral mapping\, navigating broken memory references and symbol name recovery.\n\nThe core of the talk focuse s on the internal workings of the Bluetooth peripheral. The reverse engine ering effort led to the discovery of the peripheral architecture\, it’s memory regions\, interrupts and a little bit of information about other re lated peripherals.\n\nBy publishing open tooling\, SVD files and other doc umentation\, this work aims to empower researchers\, hackers\, and develop ers to build custom Bluetooth stacks\, audit existing ones\, and repurpose the ESP32 for novel applications. This may interest you if you care about transparency\, low-level access\, and collaborative tooling. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/liberating-blueto oth-on-the-esp32 END:VEVENT BEGIN:VEVENT SUMMARY:RedScout42 – Zur digitalen Wohnungsfrage DTSTART:20251227T134500Z DTEND:20251227T142500Z DTSTAMP:20260406T225311Z UID:718be695-c840-5eed-9c67-b8d5089f8042 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:In unserem Vortrag zeigen wir\, wie Immoscout & Co. mit einem ausgeklügelten technischen System Monopolprofite generiert\, die Mieten i n die Höhe treibt und ein Vermieterparadies aufgebaut hat\, das die Miete r:innen in den Wahnsinn treibt. \n\nWir bleiben aber nicht bei der Kritik stehen\, sondern zeigen\, wie durch die Vergesellschaftung von Plattformen der Daseinsvorsorge ein Werkzeug entstehen kann\, das den Mittellosen auf dem Wohnungsmarkt hilft. Vermieter in ihre Schranken zu weisen und Marktt ransparenz für alle statt nur für die Besitzenden zu schaffen. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/redscout42-zur-di gitalen-wohnungsfrage END:VEVENT BEGIN:VEVENT SUMMARY:KIM 1.5: Noch mehr Kaos In der Medizinischen Telematikinfrastruktu r (TI) DTSTART:20251227T134500Z DTEND:20251227T144500Z DTSTAMP:20260406T225311Z UID:eeb77e44-8a29-5235-960b-e50575570c5c CATEGORIES:official,Security DESCRIPTION:KIM hat sich als Dienst für medizinische E-Mails etabliert: E lektronische Arbeitsunfähigkeitsbescheinigungen (eAU)\, zahnärztliche He il- und Kostenpläne\, Laborinformationen\, und Medikamentendosierungen so llen sicher per KIM übermittelt werden. Die Sicherheit soll unauffällig und automatisiert im Hintergrund\, ohne Interaktion mit den Benutzenden ge währleistet werden. Dazu werden die Ver- und Entschlüsselung sowie die S ignierungsfunktionalitäten in einer extra Software\, dem sogenannten Clie ntmodul\, abstrahiert.\n\nIn diesem Vortrag wird das Design dieser Sicherh eits-Abstraktion und dadurch bedingte Schwachstellen\, wie das Fälschen o der Entschlüsseln von KIMs\, beleuchtet.\n\nFortsetzung von 37C3: KIM: Ka os In der Medizinischen Telematikinfrastruktur (TI) [https://media.ccc.de/ v/37c3-12030-kim_kaos_in_der_medizinischen_telematikinfrastruktur_ti] LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/kim-1-5-noch-mehr -kaos-in-der-medizinischen-telematikinfrastruktur-ti END:VEVENT BEGIN:VEVENT SUMMARY:Not an Impasse: Child Safety\, Privacy\, and Healing Together DTSTART:20251227T134500Z DTEND:20251227T144500Z DTSTAMP:20260406T225311Z UID:f51a40a9-a8ba-55bb-875a-0907cb2d66cc CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:There is a path forward! Many\, in fact. But the impasse frami ng seriously limits how policymakers\, technologists\, advocates\, and our communities understand child sexual abuse (CSA). We need informed\, princ ipled\, and bold alternatives to policing-driven tech solutions like clien t-side scanning and grooming classifiers. To effectively and humanely brea k the cycles of abuse that enables CSA in our communities\, we have to thi nk beyond criminalization. This talk will unpack how and why this impasse framing exists\, how it constrains us from candidly engaging with the comp lexity of CSA. Drawing from scientific and clinical research and informed by transformative justice approaches\, I detail what CSA is\, how and why it happens offline and online\, and why the status quo of detection and cr iminalization does not work. Ultimately\, I argue that effective\, humane\ , and collective interventions require protecting the safety and privacy o f all those harmed by CSA\, and that this creates a unique role for techno logists to play. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/not-an-impasse-ch ild-safety-privacy-and-healing-together END:VEVENT BEGIN:VEVENT SUMMARY:Opening pAMDora's box and unleashing a thousand paths on the journ ey to play Beatsaber custom songs DTSTART:20251227T134500Z DTEND:20251227T144500Z DTSTAMP:20260406T225311Z UID:3aa9e859-d4b0-5e7d-8f5c-7741e6c9856e CATEGORIES:official,Security DESCRIPTION:# BACKSTORY\n---------------\nSo here is the backstory of how it all started:\n- I bought a commercial gaming console\n- Then bought a V R headset (for this console) because of exclusive game\n- But also wanted to play beatsaber\n- I could\, but builtin song selection was very limited \n- Custom songs exist (for example on steam)\, but not for this console\n - I didn't want to buy a second headset for steam\nThat's when i decided i want to hack this console so that i can port community created customs so ngs to the console and play them there with the VR headset i already have. \n\nInitially starting with an approach similar to the usual "entrypoint t hrough browser"\, then go for kernel and call it a day\, but quickly annoy ing hurdles blocked my way. For one\, the Hypervisor makes your live just miserable with it's execute only kernel text blind exploitation. Other iss ues were that one needs to be on latest version to download the game\, whi ch exists only as digital purchase title\, preventing me to share my effor ts with others even if i can get it working on my console.\nThough\, what finally put the nail in the coffin was when porting a kernel zeroday to th e console failed because of heavy sandboxing\, unreachable syscalls or eve n entirely stripped kernel functions. \nSome may call it "skill issue". An yways\, that's when i was full of it and decided to bring this thing down for good. \nEverybody does glitching nowadays and according to rumors peo ple did have success on this thing with glitching before\, so how hard can it really be\, right? \n\nSo the question became: Is it possible to build a modchip\, which glitches the board and lets me play beatsaber custom so ngs? \nStuff like that has been done on other consoles before (minus the beatsaber part :P) \n\nTurns out that when manufacturing produces chips wi th broken GPUs\, they are sold as spinoff desktop mainboards (with disable d GPU) rather than thrown away. Which is great\, because those mainboards are much cheaper\, especially if you buy broken spinoff mainboards on ebay . \n\nSo on the journey to beatsaber custom songs\, breaking this deskto p mainboard became a huge chunk of the road. Because if i can glitch this and build a modchip for it\, surely i can also do it for the console\, rig ht? I mean it's the exact same SoC afterall! \nBack when i started i didn' t know i would be about to open pAMDoras box and discover so many bugs and hacks. \n\n# Actual talk description\n---------------\n**Disclaimer: Thi s is not a console hacking talk!** \nThis talk is gonna be about breaking nearly every aspect of the AMD Platform Security Processor of the desktop mainboard with the same SoC as the console. While certainly usefuly for _ several_ other AMD targets\, unfortunately not every finding can directly be ported to the console. Still\, it remains very useful nonetheless!\n\n Note: The final goal of custom songs on beatsaber has not been reached yet \, this talk is presenting the current state of things.\n\nIn this talk yo u'll be taken on a ride on how everything started and how almost every asp ect of the chip was broken. How bugs were discovered\, what strategies wer e used to move along. \nNot only will several novel techniques be present ed for applying existing physical attacks to targets where those couldn't really be applied before\, but also completely new approaches are shared w hich bring a whole different perspective on glitching despite having lots of capacitors (which we don't really want to remove) and extremely powerfu ll mosfets (which smooth out crowbar attempts in a blink of an eye). \n\n But that's not all! \nWhile trying to perform physical attacks on the har dware\, the software would just start falling apart by itself. Which means \, at least **6 unpatchable\\* bugs** were discovered\, which are gonna be presented in the talk alongside with **5 zero-day exploits**. Getting EL3 code execution on the most secure core inside AMDs SoC? No Problem! \nApa rt from just bugs and exploits\, many useful techniques and discovery stra tegies are shared which will provide an excellent knowedgle base and attac k inspiration for following along or going for other targets. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/opening-pamdora-s -box-and-unleashing-a-thousand-paths-on-the-journey-to-play-beatsaber-cust om-songs END:VEVENT BEGIN:VEVENT SUMMARY:All my Deutschlandtickets gone: Fraud at an industrial scale DTSTART:20251227T150000Z DTEND:20251227T160000Z DTSTAMP:20260406T225311Z UID:a2dd3dc7-ecae-50b3-82d9-266ad02f7a40 CATEGORIES:official,Security DESCRIPTION:At last years Congress Q presented [a deep-dive into the techn ical details of train ticketing](https://media.ccc.de/v/38c3-what-s-inside -my-train-ticket) and its [Zügli](https://zügli.app) platform for this\; since then\, things have gone rather out of hand. The little side-project for looking into the details of train tickets turned into a full-time pro ject for detecting ticketing fraud. This talk details an executive summary of the madness that has been the past year\, and how we accidentally ende d up in national and international politics working to secure the Deutschl andticket.\n\nShortly after last year's talk\, we were contacted about som e *interesting* looking tickets someone noticed\, issued by the Vetter Gmb H Omnibus- und Mietwagenbetrieb - or so they claimed to be. These were nor mal Deutschlandtickets\, but with a few weird mistakes in them. At first\, we thought nothing much of it\; mistakes happen. But\, on further investi gation\, these turned out to not be legitimate tickets at all\, but rather from a fraudulent website by the name of d-ticket.su\, using the private signing key obtained under suspicious circumstances. How exactly this key came into the wrong hands remains unclear\, but we present the possible ex planations for how this could've happened\, how many responsible have been thoroughly uncooperative in getting to the bottom of this\, and how the s upporting systems and processes of the Deutschlandticket were unable to co pe with this situation.\n\nParallel to this\, another fraud has been drain ing the transport companies of their much-needed cash: SEPA Direct Debit f raud. Often\, a direct debit payment can be setup online with little more than an IBAN and ticking a box\; and most providers of the Deutschlandtick et offer an option to pay via direct debit. Fraudsters have noticed this\, and mass purchase Deutschlandtickets with invalid or stolen IBANs before flipping them for a discounted price on Telegram\; made easier because mos t transport companies issue a ticket immediately\, before the direct debit has been fully processed. The supporting systems of the Deutschlandticket in many cases don't even provide for the revocation of such tickets. We w ill detail the hallmarks of this fraud\, how transport companies can work to prevent it\, and how we tracked down the fraudsters by their own carele ss mistakes. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/all-my-deutschlan dtickets-gone-fraud-at-an-industrial-scale END:VEVENT BEGIN:VEVENT SUMMARY:Chaos all year round DTSTART:20251227T150000Z DTEND:20251227T160000Z DTSTAMP:20260406T225311Z UID:42fe49fd-0068-5456-a326-7687603aead8 CATEGORIES:official,CCC & Community DESCRIPTION:Bei diesem Vortrag im Lightning-Talk-Format habt ihr die Mögl ichkeit\, euch quasi im Schnelldurchlauf über viele weitere tolle Chaos-E vents zu informieren. Zusätzlich werden auch ein bis zwei größere Event s vorgestellt\, die sich gerade in der Planungsphase befinden und noch Ver stärkung für ihr Team suchen. \n\nFalls ihr euer Chaos-Event auf der gro ßen Bühne kurz vorstellen möchtet\, tragt euch bitte [im Wiki ein](http s://events.ccc.de/congress/2025/hub/de/wiki/event-vorstellungen). LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/chaos-all-year-ro und END:VEVENT BEGIN:VEVENT SUMMARY:„KI“\, Digitalisierung und Longevity als Fix für ein kaputtes Gesundheitssystem? DTSTART:20251227T150000Z DTEND:20251227T160000Z DTSTAMP:20260406T225311Z UID:4b106a63-ac7e-5c39-945a-26ce0d071897 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:In der Analyse sind sich alle einig: Das Gesundheitssystem ste ht vor großen Herausforderungen\, die von explodierenden Kosten\, wachsen den Zugangsbarrieren bis hin zum anstehenden demographischen Wandel reiche n: viele Menschen werden alt und kränker\, während gleichzeitig sehr vie le Mitarbeiter:innen des Gesundheitswesens in Rente gehen. Wir brauchen al so Lösungen fürs Gesundheitssystem\, die nachhaltig tragen und Menschenw ürde ermöglichen. \n
Während ganz unterschiedliche Lösungsansätze d iskutiert werden\, taucht ein Narrativ immer wieder auf: Dass Digitalisier ung durch massive Effizienzgewinne die bestehenden Probleme im Gesundheits wesen fixen werden: Dank „KI“ sollen Menschen weniger häufig Ärzt:in nen brauchen\, zum Beispiel\, indem durch Symptomchecker und Co vorgefilte rt wird\, wer wirklich behandelt werden muss\, und wer nicht. Manche behau pten\, dass Hausärzt:innen künftig ein vielfaches an Patient:innen behan deln könnten\, wenn nur die richtigen technischen Hilfsmittel gefunden wu rden. Und längst befinden wir uns tatsächlich in einer Realität\, in de r Chats mit LLMs an vielen Stellen zumindest Dr. Google ersetzt haben.\n\n Weitere Lösungsansätze zielen auf mehr Eigenverantwortung ab: "Longevity " ist das Trendwort in aller Munde. Ein Ansatz der „Langlebigkeit“\, d er maßgeblich durch technische \nMaßnahmen gestützt sein soll: Selbstop timierung per App\, „KI“ als individueller Gesundheitsassistent und al lerlei experimentelle Untersuchungen. Die Grundidee: Wenn Menschen länger gesund bleiben und leben\, wird das Gesundheitssystem weniger belastet\, während Menschen länger zu Gesellschaft und Wirtschaft beitragen können . Die ideologischen Grundzüge und Geschäftsmodelle der „Longevity“ k ommen aus den USA\, von Tech-Milliardären und ihren Unsterblichkeitsfanta sien bis hin zu wenig seriösen Gesundheitsinfluencer:innen\, die am Ende oft mehr schaden als dass sie zu einem größeren Wohlbefinden ihrer Kund: innen beitragen würden - und trotzdem hunderttausende auf Social Media in ihren Bann ziehen.\n\nDer Vortrag zieht Verbindungslinien zwischen naiver Technikgläubigkeit\, aktuellen Diskursen im Gesundheitswesen\, ihren fra gwürdigen ideologischen Wurzeln und der Frage\, wie wir Herausforderungen und insbesondere sozialen Ungleichheiten im Feld der Gesundheit wirklich effektiv begegnen. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/ki-digitalisierun g-und-longevity-als-fix-fur-ein-kaputtes-gesundheitssystem END:VEVENT BEGIN:VEVENT SUMMARY:Of Boot Vectors and Double Glitches: Bypassing RP2350's Secure Boo t DTSTART:20251227T150000Z DTEND:20251227T160000Z DTSTAMP:20260406T225311Z UID:1bbd6873-6f69-59a8-8eb2-926acc763d7e CATEGORIES:official,Security DESCRIPTION:The RP2350 is one of the first generally available microcontro llers with active security-features against fault-injection such as glitch -detectors\, the redundancy co-processor\, and other pieces to make FI att acks more difficult.\n\nBut security on paper often does not mean security in real-life. Luckily for us\, Raspberry Pi also ran the RP2350 Hacking C hallenge: A public bug bounty that has exactly these attacks in-scope. Dur ing the hacking challenge 5 different attacks were found on the secure-boo t process - one of which was shown at 38C3 by Aedan Cullen.\n\nIn this tal k\, we talk about all successful attacks - including laser fault-injection \, a reset glitch\, and a double-glitch during execution of the bootrom - to show all the different ways in which a chip can be attacked.\n\nWe also talk about the awesomeness of an open security-ecosystem for chips: Raspb erry Pi was very transparent on the findings\, and worked with researchers to improve the new revision of the chip. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/of-boot-vectors-a nd-double-glitches-bypassing-rp2350-s-secure-boot END:VEVENT BEGIN:VEVENT SUMMARY:Escaping Containment: A Security Analysis of FreeBSD Jails DTSTART:20251227T161500Z DTEND:20251227T171500Z DTSTAMP:20260406T225311Z UID:1632d233-fb88-5f58-aaec-823ea32f8b56 CATEGORIES:official,Security DESCRIPTION:FreeBSD’s jail feature is one of the oldest and most mature OS-level isolation mechanisms in use today\, powering hosting environments \, container frameworks\, and security sandboxes. But as with any large an d evolving kernel feature\, complexity breeds opportunity. This research a sks a simple but critical question: If an attacker compromises root inside a FreeBSD jail\, what does it take to break out?\n\nTo answer that\, we c onducted a large-scale audit of FreeBSD kernel code paths accessible from within a jail. We systematically examined privileged operations\, capabili ties\, and interfaces that a jailed process can still reach\, hunting for memory safety issues\, race conditions\, and logic flaws. The result: roug hly 50 distinct issues uncovered across multiple kernel subsystems\, rangi ng from buffer overflows and information leaks to unbounded allocations an d reference counting errors—many of which could crash the system or prov ide vectors for privilege escalation beyond the jail.\n\nWe’ve developed proof-of-concept exploits and tools to demonstrate some of these vulnerab ilities in action. We’ve responsibly disclosed our findings to the FreeB SD security team and are collaborating with them on fixes. Our goal isn’ t to break FreeBSD\, but to highlight the systemic difficulty of maintaini ng strict isolation in a large\, mature codebase.\n\nThis talk will presen t our methodology\, tooling\, and selected demos of real jail escapes. We ’ll close with observations about kernel isolation boundaries\, lessons learned for other OS container systems\, and a call to action for hardenin g FreeBSD’s jail subsystem against the next generation of threats. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/escaping-containm ent-a-security-analysis-of-freebsd-jails END:VEVENT BEGIN:VEVENT SUMMARY:Handy weg bis zur Ausreise – Wie Cellebrite ins Ausländeramt ka m DTSTART:20251227T161500Z DTEND:20251227T171500Z DTSTAMP:20260406T225311Z UID:9c3ce2ac-1531-5a5a-ae7d-df3511b5c914 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:Seit Anfang 2024 dürfen Ausländerbehörden Smartphones von a usreisepflichtigen Menschen nicht nur durchsuchen\, sondern gleich ganz be halten – „bis zur Ausreise“. \n\nWas als geringfügige Änderung im Aufenthaltsgesetz daherkommt\, erweist sich als massiver Eingriff in Grund rechte: Menschen verlieren nicht nur die Kontrolle über ihre Daten\, sond ern auch ihr wichtigstes Kommunikationsmittel – auf unbestimmte Zeit. \n \nHier hört ihr\, welche absurden Blüten das treibt. Von Bayern bis NRW haben Bundesländer inzwischen eigene IT-forensische Tools für ihre Behö rden angeschafft\, um auf den Geräten nach “Indizien” für die Herkun ft zu suchen. Sie setzen Methoden ein\, wie wir sie sonst aus Ermittlungsv erfahren oder von Geheimdiensten kennen – um die Geräte von Menschen zu durchsuchen\, die nichts verbrochen haben. \n\nIm Vortrag zeige ich\, wel che absurden Konsequenzen das für die Betroffenen mit sich bringt\, welch e Bundesländer an der traurigen Spitze der Statistik stehen – und wie s ich das Ganze in das Arsenal der digitalen und sonstigen Repressionen von Geflüchteten einreiht. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/handy-weg-bis-zur -ausreise-wie-cellebrite-ins-auslanderamt-kam END:VEVENT BEGIN:VEVENT SUMMARY:Pwn2Roll: Who Needs a 595€ Remote When You Have wheelchair.py? DTSTART:20251227T161500Z DTEND:20251227T171500Z DTSTAMP:20260406T225311Z UID:4435af8f-b96a-5593-be42-47a04ba5f47e CATEGORIES:official,Hardware DESCRIPTION:This talk depicts the reverse engineering of a popular electri c wheelchair drive system - the Alber e-motion M25: a several thousand eur o assistive device that treats mobility like a SaaS subscription. Through Android app reverse engineering\, proprietary Bluetooth protocol analysis\ , hours of staring at hex dumps (instead of the void)\, and good old-fashi oned packet sniffing\, we'll expose how manufacturers artificially limit e ssential features and monetize basic human mobility.\n\nWhat you'll learn: \n\n- how a 22-character QR code sticker\, labeled as "Cyber Security Key" \, becomes AES encryption\n- why your 6000€ wheelchair drive includes an app with Google Play Billing integration for features the hardware alread y supports\n- the internals\, possibilities and features of electronics wo rth 30€ cosplaying as a 595€ medical device\n- the technical implement ation of the "pay 99.99€ or stay slow" speed limiter (6 km/h vs 8.5 km/h )\n- how nearly 2000€ in hardware and app features can be replaced by a few hundred lines of Python\n- why the 8000€ even more premium (self-dri ving) variant is literally identical hardware with a different Boolean fla g and firmware plus another (pricier) remote\n\nWe'll cover the complete m ethodology: from initial reconnaissance\, sniffing and decrypting packets to reverse-engineer the proprietary communication protocol\, to PoCs of Py thon replacements\, tools\, techniques\, and ethical considerations of rev erse engineering medical devices.\n\nThis is a story about artificial scar city\, exploitative DRM\, ethics and industry power\, and how hacker-minde d creatures should react and act to this.\n\nThis talk will be simultaneou sly interpretated into German sign language (Deutsche Gebärdensprache aka . DGS). LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/pwn2roll-who-need s-a-599-remote-when-you-have-wheelchair-py END:VEVENT BEGIN:VEVENT SUMMARY:To sign or not to sign: Practical vulnerabilities in GPG & friends DTSTART:20251227T161500Z DTEND:20251227T171500Z DTSTAMP:20260406T225311Z UID:e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b CATEGORIES:official,Security DESCRIPTION:Beyond the underlying mathematics of cryptographic algorithms\ , there is a whole other layer of implementation code\, assigning meaning to the processed data. For example\, a signature verification operation bo th needs robust cryptography **and** assurance that the verified data is i ndeed the same as was passed into the signing operation. To facilitate the second part\, software such as *GnuPG* implement parsing and processing c ode of a standardized format. Especially when implementing a feature rich and evolving standard\, there is the risk of ambivalent specification\, an d classical implementation bugs.\n\nThe impact of the vulnerabilities we f ound reaches from various signature verification bypasses\, breaking encry ption in transit and encryption at rest\, undermining key signatures\, to exploitable memory corruption vulnerabilities. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/to-sign-or-not-to -sign-practical-vulnerabilities-i END:VEVENT BEGIN:VEVENT SUMMARY:1965 + 60 Years of Algorithmic Art with Computers DTSTART:20251227T181500Z DTEND:20251227T191500Z DTSTAMP:20260406T225311Z UID:5aaab022-3cb6-5d1a-9326-eec204bbb8f1 CATEGORIES:official,Art & Beauty DESCRIPTION:We want to look at the complex topic of art created with compu ters\, beginning with some careful and barely noticed first experiments an d emerging into an ever more diverse and creative field\, from different a ngles. In particular\, we want to focus on the dynamics of power and how t hese developments were influenced by their context - from social movements to political pressure.\n\nWe want to start with explaining how the initia l developments\, both from an artistic - concrete art - and technological - the evolution of computers and the creation of the drawing machine Zuse Z64 in Germany and film techniques in the US\, respectively - took place. We will do so in the context of the first three exhibitions that all took place in the year 1965. Their artworks were created by Georg Nees in Stutt gart\, A. Michael Noll with Béla Julesz in New York and Frieder Nake with Georg Nees\, again in Stuttgart.\n\nIn the following\, we will try to giv e an outline of further developments. We provide examples how hierachies i n art and science have developed and played a role in different events. In the domain of computer-generated art\, similar to other art\, there are t wo large influences hidden for the typical recipent of this art - gallerie s and critics. We will discuss this exemplary with early exhibitions of Fr ieder Nake being described by the FAZ and later on\, how the east-west con flict has influenced the art and its exhibitions. Among other issues\, we discuss patriarchal structures\, the commercial side of art\, how old tech is sold as revolutionary and how progress is still as connected with thre atening feelings as in the early years.\n\nLooking back at the beginnings\ , it is interesting to observe how artists - also with an artistic\, rathe r than technical background - worked with the limitations and overcame the m. Fortunately\, the technological entry barrier to create algorithmic art yourself has drastically decreased over time and we want to encourage you to experiment yourself!\n\nFrieder Nake is creating algorithmic drawings and doing visual research since 1964. In 1971\, he published the influenti al essay "there should be no computer art" and he has been teaching comput er graphics at the University of Bremen for decades. Enna Gerhard is pursu ing a PhD in theory of computer science and creates algorithmic drawings i n the meantime. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/1965-60-years-of- algorithmic-art-with-computers END:VEVENT BEGIN:VEVENT SUMMARY:And so it begins - Wie unser Rechtsstaat auf dem Highway Richtung Trumpismus rast – und warum afghanische Kläger*innen für uns die Notbr emse ziehen DTSTART:20251227T181500Z DTEND:20251227T191500Z DTSTAMP:20260406T225311Z UID:fae65b90-30c4-5ce1-8d59-d8f3600c7845 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:• Versprochen ist versprochen und wird auch nicht gebrochen “ – das lernen wir schon als Kinder. Aber der Kindergarten ist schon l ange her\, und Politiker*innen haben zwar oft das Auftreten eines Elefante n\, aber das Gedächtnis eines Goldfischs.\n• Deswegen hätte die Bundes regierung auch fast 2.500 Afghan*innen mit deutschen Aufnahmezusagen in Is lamabad „vergessen“\, die dort seit Monaten auf die Ausstellung ihrer deutschen Visa warten\n• Das Kalkül dahinter: Pakistan erledigt die Dre cksarbeit und schiebt sie früher oder später ab\, Problem solved! - selb st wenn dabei Menschenleben auf dem Spiel stehen.\n• Wie kann die Zivilg esellschaft die Notbremse ziehen\, wenn sich Regierung und Verwaltung nich t mehr an das eigene Recht gebunden fühlen?\n• Eine Möglichkeit: wir v ernetzen die afghanischen Familien mit Anwält*innen\, damit sie Dobrindt und Wadephul verklagen - und sie gewinnen! Die Gerichtsbeschlüsse sind ei ndeutig: Visa sofort erteilen – sonst Strafzahlungen! Inzwischen laufen über 100 Verfahren an vier Verwaltungsgerichten\, weitere kommen täglich hinzu. \n• Das dürfte nicht ganz das gewesen sein\, was die neue Bunde sregierung meinte\, als sie im Koalitionsvertrag verkündete\, „freiwill ige Aufnahmeprogramme so weit wie möglich zu beenden“. \nÜbersetzung d er politischen Realitätsversion: Wenn es nach Dobrindt und dem Kanzler ge ht\, sollen möglichst gar keine Schutzsuchenden aus Afghanistan mehr nach Deutschland kommen – rechtsverbindliche Aufnahmezusagen hin oder her. E inreisen dürfen nur noch anerkannte Terroristen aus der Taliban-Regierung \, um hier in Deutschland die afghanischen Botschaften und Konsulate zu ü bernehmen\n• Durch die Klagen konnten bereits 78 Menschen einreisen\, et wa 80 weitere Visa sind in Bearbeitung – und weitere werden vorbereitet. \n• Doch wie in jedem Drehbuch gilt: The Empire strikes back! Die Regier ung entwickelt laufend neue Methoden\, um Urteile ins Leere laufen zu lass en und Einreisen weiterhin zu blockieren.\n• Willkommen im „Trumpismus made in Germany“. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/and-so-it-begins- wie-unser-rechtsstaat-auf-den-highway-richtung-trumpismus-rast-und-warum-a fghanische-klager-innen-fur-uns-die-notbremse-ziehen END:VEVENT BEGIN:VEVENT SUMMARY:Die Känguru-Rebellion: Digital Independence Day DTSTART:20251227T181500Z DTEND:20251227T191500Z DTSTAMP:20260406T225311Z UID:514cda00-fd8e-5417-ba56-a882572a660e CATEGORIES:official,CCC & Community DESCRIPTION:Vielleicht auch was von Elon und Jeff on Mars.\nUnd dann ruft das Känguru zum Digital Independence Day auf. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/die-kanguru-rebel lion-digital-independence-day END:VEVENT BEGIN:VEVENT SUMMARY:Life on Hold: What Does True Solidarity Look Like Beyond Duldung\, Camps\, Deportation\, and Payment Cards? DTSTART:20251227T181500Z DTEND:20251227T191500Z DTSTAMP:20260406T225311Z UID:11a7f79c-4ac5-5449-8fd4-6467ef2d6d2c CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:In this session\, people share everyday experiences with a sys tem that often systematically undermines human rights and dignity.\nWe don ’t just talk about the obvious obstacles like the payment card or reside ncy obligation\, but also the invisible wounds: the constant fear of depor tation\, the psychological consequences of isolation\, and the daily exper ience of hostility. We highlight the specific challenges of life in crampe d camps on the outskirts of big cities\, as well as the social control and visibility in rural communities.\nHowever\, this talk is not just about n aming problems. At its core is the urgent question: What does true solidar ity really look like? How can support go beyond symbolic politics and shor t-term aid offers? This session is an invitation to shift perspectives\, l isten\, and collaboratively develop concrete approaches for a more humane policy and a more solidaric coexistence. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/life-on-hold-what -does-true-solidarity-look-like-beyond-duldung-camps-deportation-and-payme nt-cards END:VEVENT BEGIN:VEVENT SUMMARY:BitUnlocker: Leveraging Windows Recovery to Extract BitLocker Secr ets DTSTART:20251227T193000Z DTEND:20251227T203000Z DTSTAMP:20260406T225311Z UID:f09b0595-daf8-52ac-89cb-5cf5e222c3dc CATEGORIES:official,Security DESCRIPTION:In Windows\, the cornerstone of data protection is BitLocker\, a Full Volume Encryption technology designed to secure sensitive data on disk. This ensures that even if an adversary gains physical access to the device\, the data remains secure and inaccessible.\n\nOne of the most crit ical aspects of any data protection feature is its ability to support reco very operations in case of failure. To enable BitLocker recovery\, signifi cant design changes were implemented in the Windows Recovery Environment ( WinRE). This led us to a pivotal question: did these changes introduce any new attack surfaces impacting BitLocker?\n\nIn this talk\, we will share our journey of researching a fascinating and mysterious component: WinRE. Our exploration begins with an overview of the WinRE architecture\, follow ed by a retrospective analysis of the attack surfaces exposed with the int roduction of BitLocker. We will then discuss our methodology for effective ly researching and exploiting these exposed attack surfaces. Our presentat ion will reveal how we identified multiple 0-day vulnerabilities and devel oped fully functional exploits\, enabling us to bypass BitLocker and extra ct all protected data in several different ways.\n\nNotably\, the findings described reside entirely in the software stack\, not requiring intrusive hardware attacks to be exploited.\n\nFinally\, we will share the insights Microsoft gained from this research and explain our approach to hardening and further securing WinRE\, which in turn strengthens BitLocker. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/bitunlocker-lever aging-windows-recovery-to-extract-bitlocker-secrets END:VEVENT BEGIN:VEVENT SUMMARY:Chatkontrolle - Ctrl+Alt+Delete DTSTART:20251227T193000Z DTEND:20251227T203000Z DTSTAMP:20260406T225311Z UID:9296cd85-f869-5687-94cb-e87d805249a2 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:Die Chatkontrolle liest sich mehr wie eine tragische Komödie\ , als ein Gesetzgebungsverfahren. Nach dem dramaturgischen Rückblick auf dem 37C3 wird es nun Zeit einen Blick auf die Seite der Rebellen zu werfen . \nMarkus Reuter und khaleesi haben den Gesetzgebungsprozess rund um die Chatkontrolle von Anfang an eng begleitet\, er aus der der journalistische n\, sie aus der Policy-Perspektive. \nNach den ersten Jahren mit großen R ummel und Hollywoodstars ist es nach den EU-Wahlen doch etwas ruhig geword en. Doch die Gefahr ist nicht vom Tisch: \n\nZwar steht die Position des E U-Parlaments gegen die Chatkontrolle - aber wie sicher sie wirklich ist\, ist unklar.\nDerzeit hängt alles am Rat: Es gab sehr positive Vorschläge (polnische Ratspräsidentschaft) und negative Vorschläge (dänische Rats präsidentschaft) - doch einigen können sich die Länder nicht und eine M ehrheit will die Chatkontrolle\, kann sich aber nicht durchsetzen.\n\nUnd auch in Deutschland hat die Chatkontrolle den ganz großen Sprung in die Öffentlichkeit geschafft und die Gegner:innen einen Etappensieg errungen. Was dieser Erfolg mit der Arbeit der letzten vier Jahre zu tun hat und wa rum auch in Deutschland noch nichts in trockenen Tüchern ist\, erzählen wir in diesem Talk. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/episode-ii-der-ra t-schlagt-zuruck END:VEVENT BEGIN:VEVENT SUMMARY:Excuse me\, what precise time is It? DTSTART:20251227T193000Z DTEND:20251227T203000Z DTSTAMP:20260406T225311Z UID:62f556ab-b1b4-51fb-9c86-b49ea1f3c45f CATEGORIES:official,Hardware DESCRIPTION:Where even a few microseconds of drift can turn perfect sync i nto complete chaos.\nThis talk takes a deep dive into the mysterious world of precise time distribution in large networks. We’ll start by explorin g how PTP 1588 actually works\, from announce\, sync\, and follow-up messa ges to delay measurements and the magic of hardware timestamping. We’ll look at why PTP is critical for modern audio/video-over-IP standards like AES67 and SMPTE 2110\, and how they push Ethernet to its absolute temporal limits.\nAlong the way\, we’ll discover how transparent and boundary cl ocks fight jitter\, and why your switch’s buffer might secretly hate you . We will do live Wireshark dissections of real PTP traffic\, demos showin g what happens when timing breaks\, and some hands-on hardware experiments with grandmasters and followers trying to stay in sync.\nExpect packets\, graphs\, oscilloscopes\, crashing live demos and at least one bad joke ab out time travel. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/excuse-me-what-pr ecise-time-is-it END:VEVENT BEGIN:VEVENT SUMMARY:Not To Be Trusted - A Fiasco in Android TEEs DTSTART:20251227T193000Z DTEND:20251227T203000Z DTSTAMP:20260406T225311Z UID:f8587f46-8a0e-58d7-8d1d-82928b8220e2 CATEGORIES:official,Security DESCRIPTION:We present novel insights into the current state of TEE securi ty on \nAndroid focusing on two widespread issues: missing TA rollback \np rotection and a type confusion bug arising from the GlobalPlatform TEE \nI nternal Core API specification.\nOur results demonstrate that these issues are so widespread that on most\n devices\, attackers with code execution at N-EL1 (kernel) have a buffet \nof n-days to choose from to achieve code execution at S-EL0 (TA).\n\nFurther\, we demonstrate how these issues can be weaponized to fully \ncompromise an Android device. We discuss how we exploit CVE-2023-32835\, a\n type confusion bug in the keyinstall TA\, on a fully updated Xiaomi \nRedmi Note 11.\nWhile the keyinstall TA shipped i n the newest firmware version is not \nvulnerable anymore\, the vulnerabil ity remains triggerable due to missing\n rollback protections.\n\nTo furth er demonstrate how powerful code execution as a TA is\, we'll \nexploit a vulnerability in the BeanPod TEE (used on Xiaomi Mediatek \nSoCs)\, to ach ieve code execution at S-EL3. Full privilege escalations in\n the TEE are rarely seen on stage\, and we are targeting the BeanPod TEE \nwhich is bas ed on the Fiasco micro kernel. This target has never been \npublicly explo ited\, to the best of our knowledge.\n\nOur work empowers security researc hers by demonstrating how to regain control over \nvendor-locked TEEs\, en abling deeper analysis of critical security \nmechanisms like mobile payme nts\, DRM\, and biometric authentication. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/not-to-be-trusted -a-fiasco-in-android-tees END:VEVENT BEGIN:VEVENT SUMMARY:DNGerousLINK: A Deep Dive into WhatsApp 0-Click Exploits on iOS an d Samsung Devices DTSTART:20251227T204500Z DTEND:20251227T214500Z DTSTAMP:20260406T225311Z UID:2b044342-d98d-5821-beb8-14a662373af2 CATEGORIES:official,Security DESCRIPTION:In August 2025\, it attracted significant attention when Apple patched CVE-2025-43300\, a vulnerability reportedly exploited in-the-wild to execute "extremely sophisticated attack against specific targeted indi viduals”. A week later\, WhatsApp issued a security advisory\, revealing the fix for a critical vulnerability\, CVE-2025-55177\, which was also ex ploited in-the-wild. Strong evidence indicated that these two vulnerabilit ies were chained together\, enabling attackers to deliver a malicious expl oit via WhatsApp to steal data from a user's Apple device\, all without an y user interaction.\n\nTo deconstruct this critical and stealthy in-the-wi ld 0-click exploit chain\, we will detail our findings in several parts:\n 1. WhatsApp 0-Click Attack Vector (CVE-2025-55177). We will describe the 0 -click attack surface we identified within WhatsApp. We will detail the fl aws in WhatsApp's message handling logic for "linked devices\," which stem med from insufficient validation\, and demonstrate how an attacker could c raft malicious protocol messages to trigger the vulnerable code path.\n2. iOS Image Parsing Vulnerability (CVE-2025-43300). The initial exploit allo ws an attacker to force the target's WhatsApp to load arbitrary web conten t. We will then explain how the attacker leverages this by embedding a mal icious DNG image within a webpage to trigger a vulnerability in the iOS im age parsing library. We will analyze how the RawCamera framework handles t he parsing of DNG images\, and pinpoint the resulting OOB vulnerability.\n 3. Rebuilding the Chain: From Vulnerability to PoC. In addition\, we will then walk through our process of chaining these two vulnerabilities\, cons tructing a functional Proof-of-Concept (PoC) that can simultaneously crash the WhatsApp application on target iPhones\, iPads\, and Macs.\n\nBeyond Apple: The Samsung Connection (CVE-2025-21043). Samsung's September securi ty bulletin patched CVE-2025-21043\, an out-of-bounds write vulnerability in an image parsing library reported by the Meta and WhatsApp security tea ms. This vulnerability was also confirmed to be exploited in-the-wild. Whi le an official WhatsApp exploit chain for Samsung devices has not been pub licly detailed\, we will disclose our findings on this related attack. Fin ally\, we will share some unexpected findings from our investigation\, inc luding the discovery of several additional\, previously undisclosed 0-day vulnerabilities. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/dngerouslink-a-de ep-dive-into-whatsapp-0-click-exploits-on-ios-and-samsung-devices END:VEVENT BEGIN:VEVENT SUMMARY:Doomsday-Porn\, Schäferhunde und die „niedliche Abschiebung“ von nebenan: Wie autoritäre Akteure KI-generierte Inhalte für Social Med ia nutzen DTSTART:20251227T204500Z DTEND:20251227T214500Z DTSTAMP:20260406T225311Z UID:7cca9076-3454-5229-b1f4-9069def42bfd CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:KI-generierter Content ist aus der Kommunikationsstrategie aut oritärer Akteure nicht mehr wegzudenken. Social Media wird derzeit mit re chtem KI-Slop geflutet\, in dem wahlweise die Welt dank Migration kurz vor dem Abgrund steht oder blonde\, weiße Familien fröhlich Fahnen schwenke n. Im politischen Vorfeld der extremen Rechten werden zudem immer häufige r mal mehr oder weniger offensichtliche Deepfakes geteilt\, die auf die je weilige politische Botschaft einzahlen. Das reicht von KI-generierten Stra ßenumfragen über Ausschnitte aus Talksendungen\, die nie stattgefunden h aben\, bis hin zu gänzlich KI-generierten Influencerinnen (natürlich blo nd). Was macht das mit politischen Debatten? Und wie sollten wir als Gese llschaft damit umgehen? LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/radikalisierungsp ipeline-esoterik-von-eso-nazis-de END:VEVENT BEGIN:VEVENT SUMMARY:Hacking washing machines DTSTART:20251227T204500Z DTEND:20251227T214500Z DTSTAMP:20260406T225311Z UID:efa55b63-86b6-56c5-88ab-46408b59b18d CATEGORIES:official,Hardware DESCRIPTION:Modern home appliances may seem simple from the outside\, but inside they contain complex electronic systems\, proprietary communication protocols\, and diagnostic interfaces rarely documented outside the manuf acturer. In this talk\, we'll explore the challenges of reverse-engineerin g these systems: from analyzing appliance control boards and internal comm unication buses to decompiling and modifying firmware to better understand device functionality.\n\nWe'll also look at the security mechanisms desig ned to protect diagnostic access and firmware readout\, and how these prot ections can be bypassed to enable deeper insight into device operation. Fi nally\, this talk will demonstrate how the results of this research can be used to integrate even legacy home appliances into popular home automatio n platforms.\n\nThis session combines examples and insights from the rever se-engineering of B/S/H/ and Miele household appliances. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/hacking-washing-m achines END:VEVENT BEGIN:VEVENT SUMMARY:Throwing your rights under the Omnibus - how the EU's reform agend a threatens to erase a decade of digital rights DTSTART:20251227T204500Z DTEND:20251227T214500Z DTSTAMP:20260406T225311Z UID:bc5b663a-1e48-5525-afbd-1e6895b71db0 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:The new EU Commission has an agenda. What started with the rep ort of former European Central Bank chief Mario Draghi on Europe's "compet itiveness" has quickly turned into "getting rid of bureaucracy"\, then int o "simplification"\, and finally open "deregulation". What this means is t hat a large number of European laws that were adopted in the last decade t o ensure sustanabiliy\, protect human rights along the whole supply chain\ , or to ensure our digital rights\, are watered down\, and core elements a re scrapped. \n\nIn terms of the EU's digital rulebook\, it has already st arted in May with the deletion of a core compliance element in the General Data Protection Regulation (GDPR) - the obligation to keep records of you r processing activities. While it sounds harmless - all the other rights a nd obligations still appy - it means that companies have no clue anymore w hat personal data they process\, for which purposes\, and how. \n\nA much larger revision has been proposed on 19th November 2025\, with the "omnibu s" legislation dubbed "Digital Simplification Package". This will affect r ules on data protection\, data governance\, AI\, obligations to report cyb ersecurity incidents\, and protections against cookies and other tracking technologies. Furthermore\, the EU's net neutrality rules are scheduled to be opened for reform in December by the so called Digital Networks Act.\n \nIn this talk we discuss what to expect from the new EU agenda\, who is d riving it and how to resists. Our goal is to leave you better informed and equipped to fight back against this deregulatory trend. This talk may con tain hope. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/throwing-your-rig hts-under-the-omnibus-how-the-eu-s-reform-agenda-threatens-to-erase-a-deca de-of-digital-rights END:VEVENT BEGIN:VEVENT SUMMARY:Breaking architecture barriers: Running x86 games and apps on ARM DTSTART:20251227T220000Z DTEND:20251227T224000Z DTSTAMP:20260406T225311Z UID:a4d303fc-6761-551a-834e-204bc539eab4 CATEGORIES:official,Hardware DESCRIPTION:ARM-powered hardware in laptops promises longer battery life a t the same compute performance as before\, but a translation layer like FE X is needed to run existing x86 software. We'll look at the technical chal lenges involved in making this possible: designing a high-performance bina ry recompiler\, translating Linux system calls across architectures\, and forwarding library calls to their ARM counterparts.\n\nGaming in particula r poses extreme demands on FEX and raises further questions: How do we ena ble GPU acceleration in an emulated environment? How can we integrate Wine to run Windows games on Linux ARM? Why is Steam itself the ultimate boss battle for x86 emulation? And why in the world do we care more about page sizes than German standardization institutes?\n\nThis talk will be accessi ble to a technical audience and gaming enthusiasts alike. However\, be pre pared to learn cursed knowledge you won't be able to forget! LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/breaking-architec ture-barriers-running-x86-games-and-apps-on-arm END:VEVENT BEGIN:VEVENT SUMMARY:Coding Dissent: Art\, Technology\, and Tactical Media DTSTART:20251227T220000Z DTEND:20251227T224000Z DTSTAMP:20260406T225311Z UID:d743f89d-684b-5a29-a0e1-4b788caa4255 CATEGORIES:official,Art & Beauty DESCRIPTION:In this talk\, media artist and curator Helena Nikonole presen ts her work at the intersection of art\, activism\, and tactical technolog y — including interventions into surveillance systems\, wearable mesh ne tworks for off-grid communication\, and AI-generated propaganda sabotage.\ n\nFeaturing projects like Antiwar AI\, the 868labs initiative\, and the c uratorial project Digital Resistance\, the talk explores how art can do mo re than just comment on sociotechnical systems — it can interfere\, infi ltrate\, and subvert them.\n\nThis is about prototypes as politics\, netwo rked interventions as civil disobedience\, and media hacks as tools of str ategic refusal. The talk asks: what happens when art stops decorating cris is and starts debugging it?\n\nThe talk will also introduce an upcoming Ha ckLab initiative — a collaboration-in-progress that brings together arti sts\, hackers\, and activists to develop open-source tools for disruption\ , resilience\, and collective agency — and invites potential collaborato rs to get involved. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/coding-dissent-ar t-technology-and-tactical-media END:VEVENT BEGIN:VEVENT SUMMARY:The Eyes of Photon Science: Imaging\, Simulation and the Quest to Make the Invisible Visible DTSTART:20251227T220000Z DTEND:20251227T224000Z DTSTAMP:20260406T225311Z UID:44d1ae6d-febc-5035-8379-d2030e7f59a2 CATEGORIES:official,Science DESCRIPTION:X-ray imaging detectors have come a long way in the last 15 ye ars\, turning ideas that once seemed impossible into realities. Imaging de tectors in photon science are more than just high-speed cameras. They are complex systems operating at the limits of what’s physically measurable. Understanding how they behave before\, during\, and after experiments is essential to advancing both the technology and the science it enables.\n\n In this talk\, I’ll take you inside the world of detector simulation and performance modelling. I’ll explore how tools like Monte Carlo simulati ons\, sensor response models\, and system-level performance evaluations ar e used to:\n\n- Predict detector behaviour in extreme conditions (such as MHz X-ray bursts)\, and\n- identify critical performance bottlenecks befor e production.\n\nBy linking imaging technology with simulation and modelli ng\, we can better interpret experimental data and design the next generat ion of scientific cameras. Beyond the technical aspects\, this talk reflec ts on the broader theme of how we “see” though technology\, what it me ans to make the invisible visible\, and how simulation changes not only ho w we build instruments\, but also how we understand them. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/the-eyes-of-photo n-science-imaging-simulation-and-the-quest-to-make-the-invisible-visible END:VEVENT BEGIN:VEVENT SUMMARY:Bluetooth Headphone Jacking: A Key to Your Phone DTSTART:20251227T220000Z DTEND:20251227T230000Z DTSTAMP:20260406T225311Z UID:887fe87e-6ef2-5d94-98c8-f582cb22f442 CATEGORIES:official,Security DESCRIPTION:Airoha is a vendor that\, amongst other things\, builds Blueto oth SoCs and offers reference designs and implementations incorporating th ese chips. They have become a large supplier in the Bluetooth audio space\ , especially in the area of True Wireless Stereo (TWS) earbuds. Several re putable headphone and earbud vendors have built products based on Airoha ’s SoCs and reference implementations using Airoha’s Software Developm ent Kit (SDK).\n\nDuring our Bluetooth Auracast research we stumbled upon a pair of these headphones. During the process of obtaining the firmware f or further research we initially discovered the powerful custom Bluetooth protocol called *RACE*. The protocol provides functionality to take full c ontrol of headphones. Data can be written to and read from the device's fl ash and RAM.\n\nThe goal of this presentation is twofold. Firstly\, we wan t to inform about the vulnerabilities. It is important that headphone user s are aware of the issues. In our opinion\, some of the device manufacture rs have done a bad job of informing their users about the potential threat s and the available security updates. We also want to provide the technica l details to understand the issues and enable other researchers to continu e working with the platform. With the protocol it is possible to read and write firmware. This opens up the possibility to patch and potentially cus tomize the firmware.\n\nSecondly\, we want to discuss the general implicat ions of compromising Bluetooth peripherals. As smart phones are becoming i ncreasingly secure\, the focus for attackers might shift to other devices in the environment of the smart phone. For example\, when the Bluetooth Li nk Key\, that authenticates a Bluetooth connection between the smart phone and the peripheral is stolen\, an attacker might be able to impersonate t he peripheral and gain its capabilities. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/bluetooth-headpho ne-jacking-a-key-to-your-phone END:VEVENT BEGIN:VEVENT SUMMARY:AI-generated content in Wikipedia - a tale of caution DTSTART:20251227T225500Z DTEND:20251227T233500Z DTSTAMP:20260406T225311Z UID:13468ffb-06e8-53ca-9e7c-3cfa56cd44af CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:It began as a standard maintenance project: I wanted to write a tool to find and fix broken ISBN references in Wikipedia. Using the buil t-in checksum\, this seemed like a straightforward technical task. I expec ted to find mostly typos. But I also found texts generated by LLMs. These models are effective at creating plausible-sounding content\, but (for now ) they often fail to generate correct checksums for identifiers like ISBNs . This vulnerability turned my tool into an unintentional detector for thi s type of content. This talk is the story of that investigation. I'll show how the tool works and how it identifies this anti-knowledge. But the tec h is only half the story. The other half is human. I contacted the editors who had added this undeclared AI content. I will talk about why they did it and how the Wikipedians reacted and whether "The End is Nigh" calls mig ht be warranted. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/ai-generated-cont ent-in-wikipedia-a-tale-of-caution END:VEVENT BEGIN:VEVENT SUMMARY:Building a NOC from scratch DTSTART:20251227T225500Z DTEND:20251227T233500Z DTSTAMP:20260406T225311Z UID:ab19e1f1-ca13-531e-9d30-0ca5b0c7551c CATEGORIES:official,CCC & Community DESCRIPTION:Zum Zeitpunkt der 29. Eurofurence (also dieses Jahr) hatte das Event eine Größe erreicht\, bei der typische Event-Locations unsere spe ziellen Anforderungen nicht mal eben so erfüllen konnten. Beispielsweise ist eine aufwändige Audio/Video-Produktion Teil der Eurofurence\, welche ein IP-Netz mit hoher Bandbreite\, niederiger Latenz\, niedrigem Jitter\, Multicast-Transport und präzise Zeitsynchronisierung benötigt. Deshalb w urde dieses Jahr das _Onsite Eurofurence Network Operation Center_ _(EFNOC )_ gegründet. Unsere Aufgabe sollte es sein\, alle Anforderungen der ande ren Teams kompetent zu erfüllen wovon wir euch in diesem Vortrag etwas au s dem Nähkästchen erzählen wollen.\n\nGrob haben wir wärend der EF29 d as Team etabliert und ein Netzwerk gebaut\, welches für A/V-Produktion\, Event-Koordination und Event-Management (z.B. Security\, Ticketing) benutz t wurde. Unser persönliches Ziel war es außerdem\, ein benutzbares WLAN- Netzwerk für alle Besuchenden über dies gesamte Event-Venue hinweg zu sc haffen – also von Halle H bis zum Vorplatz.\nUnsere Architektur bestand dafür aus einem simplen Layer2-Netzwerk mit VLAN-Unterteilung\, welches v on _Arista DCS-7050TX-72Q_ mit 40Gbit/s Optiken bereitgestellt wurde. Die Aristas haben außerdem ein PTP-Signal propagiert\, welches von einer Mein berg Master-Clock gesteuert wurde. Zusätzlich war ein Linux-Server als Hy pervisor für diverse Netzwerk-Services wie DNS\, DHCP\, Monitoring und Ro uting im Einsatz.\nSo zumindest der Plan\, denn während des Events wurden wir mit der Realität und vielen „spaßigen“ Problemen konfrontiert.\ n\nUnser Talk wird sich unter anderem mit diesen technischen Problemen bes chäftigen\, allerdings den Fokus nicht nur auf die technische Darstellung legen. Stattdessen werden wir auch beleuchten\, wie wir als Team menschli ch untereinander und in der Kommunikation mit anderen Teams damit umgegang en sind. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/building-a-noc-fr om-scratch END:VEVENT BEGIN:VEVENT SUMMARY:From Silicon to Darude Sand-storm: breaking famous synthesizer DSP s DTSTART:20251227T225500Z DTEND:20251227T233500Z DTSTAMP:20260406T225311Z UID:481f7cae-da59-5506-9801-625227113981 CATEGORIES:official,Hardware DESCRIPTION:This talk is a sequel to my last year's talk "Proprietary sili con ICs and dubious marketing claims? Let's fight those with a microscope! "\, where I showed how I reverse engineered a pretty old device (1986) by looking at microscope silicon pics alone\, with manual tracing and some cu stom tools. Back then I claimed that taking a look at a more modern device would be way more challenging\, due to the increased complexity.\n\nThis time\, in fact\, I've reverse engineered a much modern chip: the custom Ro land/Toshiba TC170C140 ESP chip (1995). Completing this task required a di fferent approach\, as doing it manually would have required too much time. We used a guided automated approach that combines clever microscopy with computer vision to automatically classify standard cells in the chip\, sav ing us most of the manual work.\nThe biggest win though came from directly probing the chip: by exploiting test routines and sending random data to the chip we figured out how the internal registers worked\, slowly giving us insights about the encoding of the chip ISA. By combining those two app roaches we managed to create a bit-accurate emulator\, that also is able t o run in real-time using JIT.\n\nIn this talk I want to cover the followin g topics:\n- What I learned since my previous talk by looking at more comp licated chips\n- Towards automating the silicon reverse engineering proces s\n- How to find and exploit test modes to understand how stuff works\n- H ow we tricked the chips into spilling its own secrets\n- How the ESP chip works\, compared to existing DSP chips\n- How the SuperSaw oscillator turn ed out to work LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/from-silicon-to-d arude-sand-storm-breaking-famous-synthesizer-dsps END:VEVENT BEGIN:VEVENT SUMMARY:Unnecessarily Complicated Kitchen – Die Wissenschaft des guten G eschmacks DTSTART:20251227T232000Z DTEND:20251228T002000Z DTSTAMP:20260406T225311Z UID:341961a3-599d-52b9-8262-34c1757c9698 CATEGORIES:official,Entertainment DESCRIPTION:Willkommen in der „Unnecessarily Complicated Kitchen“ – einer Küche\, in der Naturwissenschaft\, Technik und kulinarisches Chaos aufeinandertreffen.\nWir sezieren das Kochen aus der Perspektive von Hacke r*innen: Warum Hitzeübertragung ein deinen Tschunk kühlt\, warum Emulsio nen wie BGP funktionieren und wie sich die Kunst des Abschmeckens in Daten punkten erklären lässt.\n\nIn diesem Talk verbinden wir naturwissenschaf tliche Experimente mit kulinarischer Praxis. Wir erhitzen\, rühren\, mess en und analysieren – live auf der Bühne. Dabei übersetzen wir Physik u nd Chemie in Geschmack\, Textur und Aha-Momente.\nKochen wird so zum Labor versuch\, zum Hack\, zum Reverse Engineering des guten Geschmacks.\n\nIch zeige\, dass hinter jeder gelungenen Marinade ein Protokoll steckt\, hinte r jeder Soße ein Algorithmus – und dass man auch in der Küche mit Tria l & Error\, Open Source und einer Prise Chaos zu erstaunlichen Ergebnissen kommt.\n\nAm Ende steht nicht nur Erkenntnis\, sondern auch Genuss: Denn wer versteht\, warum etwas schmeckt\, kann die Regeln brechen – und sie dabei besser würzen. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/unnecessarily-com plicated-kitchen-die-wissenschaft-des-guten-geschmacks END:VEVENT BEGIN:VEVENT SUMMARY:Junghacker:innentag Einführung DTSTART:20251228T090000Z DTEND:20251228T094500Z DTSTAMP:20260406T225311Z UID:6022aa96-3706-5910-9fd1-dfe882a4c473 CATEGORIES:not recorded,official,CCC & Community DESCRIPTION:Weitere Informationen [findest du hier](https://events.ccc.de/ 2025/11/25/39c3-junghackerinnentag/). LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/junghackerinnenta g-einfuhrung END:VEVENT BEGIN:VEVENT SUMMARY:Digitale Inklusion: Wie wir digitale Barrierefreiheit für alle er reichen können DTSTART:20251228T100000Z DTEND:20251228T110000Z DTSTAMP:20260406T225311Z UID:184bb132-6a17-5aa5-9ebe-08b1d5e3a767 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:Für viele Menschen ist es selbstverständlich\, online unterw egs zu sein. Dennoch sind weiterhin viele Menschen mit Beeinträchtigung o nline ausgeschlossen. Seit Juni 2025 sind durch das Barrierefreiheitsstär kungsgesetz ist digitale Barrierefreiheit für Unternehmen verpflichtend. Damit ist digitale Barrierefreiheit von einer Option zu einem Recht geword en. Trotz der gesetzlichen Vorgaben scheitert die digitale Barrierefreihei t in der Praxis häufig an der fehlenden Expertise von Verantwortlichen. W ir möchten aus drei Perspektiven auf Barrierefreiheit in der digitalen We lt schauen:\n\nLena Müller ist Entwicklerin und für die barrierefreie Ge staltung von Inhalten verantwortlich. Kathrin Klapper promoviert und nutzt in ihrem Alltag zum Sprechen einen Sprachcomputer mit Augensteuerung. Und Jakob Sponholz setzt sich in seiner Forschung mit der Frage auseinander\, wie digitale Medien zur Inklusion beitragen können.\n\nWir möchten zun ächst einen Einblick in die Mechanismen geben\, die digitale Inklusion ve rhindern - sowohl theoretisch als auch praktisch. Anschließend möchten w ir anhand von einfachen Beispielen zeigen\, dass der Einstieg in die Gesta ltung von barrierefreien Inhalten eigentlich gar nicht so schwer ist und e s sich lohnt\, einfach anzufangen. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/digitale-inklusio n-wie-wir-digitale-barrierefreiheit-fur-alle-erreichen-konnen END:VEVENT BEGIN:VEVENT SUMMARY:Hatupangwingwi: The story how Kenyans fought back against intrusiv e digital identity systems DTSTART:20251228T100000Z DTEND:20251228T110000Z DTSTAMP:20260406T225311Z UID:13360c32-568f-519d-a8fd-0a9740089ccf CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:In 2019\, the Kenyan government announced the transition to a centralised database named National integrated Identity management system (Huduma Namba) in a bid to develop a digital Identity system that went on to be termed a “single source of truth. Historically\, Kenya has not had the best track record with civil registration and identity systems. This is particularly due to the linkages with colonial practices with the first ID “Kipande” being used as a tool for surveillance of natives and imp osed for restriction of movement. This system carried on post independence creating different classes of citizens in terms of access to nationality documents. \nIt is for this reason that CSOs\, mostly community-based\, ch ose a three pronged approach to counter this\; seeking legal redress\, gra ssroots/community mobilization and advocacy and spotlighting ways in which in a shrinking civil society space\, Kenyan civil society was able not on ly take up space\, but make their impact felt in protecting the rights of those on the margins. The session shares lessons of how we shaped the Medi a narrative that took down a multi million dollar project that was not peo ple centered but rather oppression driven. This session shares experiences of how we created a heightened sense of citizenry awareness to shoot down oppressive digitalisation agendas. \nThe aim is to show how these efforts led to over 10 million Kenyans resisting to enroll in the system especial ly the young people (Gen Z) who felt they were being coerced to join a sys tem due to the poor messaging by the government and they connected with th e NGO campaign thus choosing to resist the system in the true spirit of Ha tupangwingwi\, with Hashtags like #DOIDRIGHT and #DEPORTME trending on so cial media as a sign of resistance. This led to the collapse of the whole project.\nFinally\, the session will share how in 2022\, when the new gove rnment wanted to roll out the new DPI project known as Maisha Namba\, they realised the importance of including civil society voices and they conven ed over 50 NGOs to try to build buy-in for the new digital ID program. It was the first time the government and NGOs were on the same table discussi ng how to build an inclusive digital ID system. This is the story of how t he power of us led to civil society earning their space in the designing p hase of the new Digital Public Infrastructure. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/hatupangwingwi-th e-story-how-kenyans-fought-back-against-intrusive-digital-identity-systems END:VEVENT BEGIN:VEVENT SUMMARY:Protecting the network data of one billion people: Breaking networ k crypto in popular Chinese mobile apps DTSTART:20251228T100000Z DTEND:20251228T110000Z DTSTAMP:20260406T225311Z UID:a19d5bca-7949-5353-abaf-1c43655f7c26 CATEGORIES:not recorded,official,Security DESCRIPTION:TLS is not as universal as we might think. Applications with h undreds of millions of active users continue to use insecure\, home-rolled proprietary network encryption to protect sensitive user data. This talk demonstrates that this is a widespread and systemic issue affecting a larg e portion of the most popular applications in the world. These issues are particularly concentrated in mobile applications developed in China\, whic h have been overlooked by the global security community despite their mass ive popularity and influence.\n\nWe found that 47.6% of top Mi Store appli cations used proprietary network cryptography without any additional encry ption\, compared to only 3.51% of top Google Play Store applications. We a nalyzed the most popular of these protocols\, including cryptosystems desi gned by Alibaba\, iQIYI\, Kuaishou\, and Tencent. Of the top 9 protocol fa milies\, we discovered vulnerabilities in 8 that allowed network eavesdrop pers to decrypt underlying data. We also discovered additional vulnerabili ties in several other protocols used by apps with hundreds of millions of users.\n\nThrough the vulnerabilities fixed as a result of this work\, thi s research has directly improved the network security of up to one billion people. However\, there were hundreds more proprietary protocols used by popular applications that we discovered. Verifying all of their security t hrough manual reverse-engineering and vulnerability reporting is not feasi ble at this scale. What can we do as a community to fix this systemic issu e and prevent such failures from occurring in the future? LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/protecting-the-ne twork-data-of-one-billion-people-breaking-network-crypto-in-popular-chines e-mobile-apps END:VEVENT BEGIN:VEVENT SUMMARY:Lightning Talks - Tag 2 DTSTART:20251228T100000Z DTEND:20251228T120000Z DTSTAMP:20260406T225311Z UID:860a362f-4666-5fe0-9f0a-8d26485f730e CATEGORIES:official,CCC & Community DESCRIPTION:- **Lightning Talks Introduction**\n- **Chaos auf der Schiene: Die Wahrheit hinter den Verspätungen** — *poschi*\n- **EventFahrplan - The 39C3 Fahrplan App for Android** — *tbsprs*\n- **Quantum computing m yths and reality** — *Moonlit*\n- **Return to attacker.com** — *Safi*\ n- **Teilchendetektor im Keller? Ich habs gemacht. Die Theorie und der Bau einer Funkenkammer** — *Rosa*\n- **What's the most secure phone?** — *jiska*\n- **reverse engineering a cinema camera’s peripheral port** — *3nt3*\n- **Youth Hacking 4 Freedom: the European Free Software competiti on for teenagers** — *Ana Galan*\n- **From word clouds to Word Rain: A n ew text visualisation technique** — *Maria Skeppstedt*\n- **Spaß mit Br ettspielen** — *Marco Bakera*\n- **Creative Commons Radio - I really did n't want to become a copyright activist!** — *Martin*\n- **lernOS für D ich - Selbstmanagement & persönliches Wissensmanagement leicht gemacht** — *Simon Dückert*\n- **Was man in Bluetooth Advertisements so alles fin det** — *Paul*\n- **The Sorbus Computer** — *SvOlli*\n- **AI doesn’t have to slop - Introducing an open source alternative to big-tech AI agen ts** — *Kitty*\n- **Interoperability and the Digital Markets Act: collec ting experiences from the community** — *Dario Presutti*\n- **Leveraging Security Twin for on-demand resilience assessment against high-impact att acks** — *Manuel Poisson*\n- **A seatbelt for innerHTML** — *Frederik Braun*\n- **Toxicframe - Ghost in the Switch: Vier Jahre Schweigen in der Netgate SG-2100** — *Wim Bonis*\n- **KI³Rat = Mensch x Daten x Dialog** — *ceryo / Jo Tiffe*\n- **iPod Nano Reverse Engineering** — *hug0*\n- **Interfaces For Society - Wenn Demokratie Auf Protokollen Läuft** — * Pauline Dimmek*\n- **Security problems with electronic invoices** — *Han no Böck* LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/lightning-talks-t ag-2 END:VEVENT BEGIN:VEVENT SUMMARY:Neue Chaos Events - InselChaos und Håck ma’s Castle plaudern au s dem Nähkästchen DTSTART:20251228T111500Z DTEND:20251228T121500Z DTSTAMP:20260406T225311Z UID:8ba2a160-c00d-56c4-a84e-afb1536bc48b CATEGORIES:official,CCC & Community DESCRIPTION:**InselChaos**\nDer Port39 e.V. hatte den Traum\, das Chaos na ch MV zu holen und ein größeres Event an der Ostsee zu veranstalten. Ger ade erst 3 Jahre alt\, haben wir mit der Planung in kleinem Kreis begonnen . Eine Location musste gesucht\, Inspirationen und Ideen gesammelt\, büro kratische Hürden und sehr viele individuelle Probleme gelöst werden\, bi s es Anfang September soweit war\, dass wir unsere Gäste begrüßen durft en. In diesem Talk sprechen wir darüber\, wie es ist\, als kleiner Verein mit einem vierköpfigen Orga-Team ein ChaosEvent mit über 150 Gästen zu koordinieren\, welche Schwierigkeiten wir dabei überwunden und vor allem \, welche Learnings wir daraus gezogen haben\, um es nächstes Mal noch be sser zu machen.
\n\n**Håck ma’s Castle**\nWir werden in unserem Talk\ , darüber sprechen\, welche Methoden und Meetingmodi wir ausgetestet habe n\, gute wie aber auch schlechte Entscheidungen welche getroffen wurden. V orallem aber auch über die Herausforderung\, die es mit sich bringt\, wen n sich Wesen noch nicht kennen und wir zuerst auf menschlicher Ebene auch zusammenkommen mussten\, damit es inhaltlich auch besser klappt. 

Har d facts Håck ma's Castle:\n- 3 (+1) Tage Event\n- August 2024\n- mit Schl oss\n- mit Camping\n- ~330 Wesen\n- inklusive 1 Schlosskatze *meow*\n- Org a verteilt in ganz Österreich und darüber hinaus:\n- metalab\, realraum\ , C3W\, CCC Salzburg\, /dev/lol\, SegFaultDragons\, SegVault\, IT-Syndikat \, /usr/space\, Gebärdenverse\, female coders\, chaos.jetzt etc. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/neue-chaos-events -inselchaos-und-hack-ma-s-castle-plaudern-aus-dem-nahkastchen END:VEVENT BEGIN:VEVENT SUMMARY:Skynet Starter Kit: From Embodied AI Jailbreak to Remote Takeover of Humanoid Robots DTSTART:20251228T111500Z DTEND:20251228T121500Z DTSTAMP:20260406T225311Z UID:e6837a00-672c-532b-9bfa-319453667c03 CATEGORIES:official,Security DESCRIPTION:Unitree is among the highest-volume makers of commercial robot s\, and their newest humanoid platforms ship with multiple control stacks and on-device AI agents. If the widespread\, intrusive presence of these r obots in our lives is inevitable\, should we take the initiative to ensure they are completely under our control? What paths might attackers use to compromise these robots\, and to what extent could they threaten the physi cal world?\n\nIn this talk\, we first map the complete attack surface of Unitree humanoids\, covering hardware interfaces\, near-field radios and  Internet-accessible channels. We demonstrate how a local attacker can hi jack a robot by exploiting vulnerabilities in short-range radio communicat ions (Bluetooth\, LoRa) and local Wi-Fi. We also present a fun exploit of the embodied AI in the humanoid: With a single spoken/text sentence\, we j ailbreak the on-device LLM Agent and pivot to root-priviledged remote cod e execution. Combined with a flaw in the cloud management service\, this f orms a full path to gain complete control over any Unitree robot connected to the Internet\, obtaining root shell\, camera livestreaming\, and speak er control.\n\nTo achieve this\, we combined hardware inspection\, firmwar e extraction\, software-defined radio tooling\, and deobfuscation of cust omized\, VM-based protected binaries. This reverse engineering breakthroug h also allowed us to understand the overall control logic\, patch decision points\, and unlock advanced robotic movements that were deliberately di sabled on consumer models like G1 AIR. \n\nTakeaways. Modern humanoids ar e networked\, AI-powered cyber-physical systems\; weaknesses across radios \, cloud services\, and on-device agents could allow attackers to remotely hijack robot operations\, extract sensitive data or camera livestreams\, or even weaponize the physical capabilities. As robotics continue their tr ansition from controlled environments to everyday applications\, our work highlights the urgent need for security-by-design in this emerging technol ogy landscape. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/skynet-starter-ki t-from-embodied-ai-jailbreak-to-remote-takeover-of-humanoid-robots END:VEVENT BEGIN:VEVENT SUMMARY:Suing spyware in Europe: news from the front! DTSTART:20251228T111500Z DTEND:20251228T121500Z DTSTAMP:20260406T225311Z UID:d1a92d77-d8c6-524e-ba32-d2e9547723e0 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:Despite the European Parliament’s PEGA investigation in 2023 \, spyware scandals in Europe continue to grow\, with little real action t o stop or address them. Many EU countries were — or still are — client s of the world’s major spyware companies. As a result\, nothing changes except the number of victims targeted by these technologies. Worst\, offic es or clients in the EU is useful for spyware companies' sales pitch. So\, the EU is a growing hub for this ominous ecosystem! With no real politica l will to act\, members of the PEGA investigation say the only hope for ch ange is to take these cases to court — and that’s exactly the path we ’ve chosen!\n\nIrídia’s case is one of the flagship cases in the EU\, both for its depth and for what it has achieved so far. We will review th e current status and implications of the case\, examining issues that rang e from state responsibility to the role of the spyware company behind Pega sus — in its creation\, sale\, and export — which maintains a strong p resence within the EU.\n\nAfter that\, we will take a step back to look at what is happening across Europe. We will highlight the most significant c ases currently moving forward\, as well as some of the PEGA coalition’s strategies for driving accountability\, strengthening safeguards\, and ens uring remedies. The coalition’s mission goes beyond legal action — it aims to prevent the devastating impact of spyware and push for systemic ch ange. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/suing-spyware-in- europe-news-from-the-front END:VEVENT BEGIN:VEVENT SUMMARY:Agentic ProbLLMs: Exploiting AI Computer-Use and Coding Agents DTSTART:20251228T123000Z DTEND:20251228T133000Z DTSTAMP:20260406T225311Z UID:05e9ba1f-11c5-5d4e-b907-4feecc857ae5 CATEGORIES:official,Security DESCRIPTION:During the Month of AI Bugs (August 2025)\, I responsibly disc losed over two dozen security vulnerabilities across all major agentic AI coding assistants. This talk distills the most severe findings and pattern s observed.\n\nKey highlights include:\n* Critical prompt-injection exploi ts enabling zero-click data exfiltration and arbitrary remote code executi on across multiple platforms and vendor products\n* Recurring systemic fla ws such as over-reliance on LLM behavior for trust decisions\, inadequate sandboxing of tools\, and weak user-in-the-loop controls.\n* How I leverag ed AI to find some of these vulnerabilities quickly\n* The AI Kill Chain: prompt injection\, confused deputy behavior\, and automatic tool invocatio n\n* Adaptation of nation-state TTPs (e.g.\, ClickFix) into AI ClickFix te chniques that can fully compromise computer-use systems.\n* Insights about vendor responses: from quick patches and CVEs to months of silence\, or q uiet patching\n* AgentHopper will highlight how these vulnerabilities comb ined could have led to an AI Virus\n\nFinally\, the session presents pract ical mitigations and forward-looking strategies to reduce the growing atta ck surface of probabilistic\, autonomous AI systems. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/agentic-probllms- exploiting-ai-computer-use-and-coding-agents END:VEVENT BEGIN:VEVENT SUMMARY:A post-American\, enshittification-resistant internet DTSTART:20251228T123000Z DTEND:20251228T133000Z DTSTAMP:20260406T225311Z UID:c9f5a6df-6c79-5492-b3e0-110347358445 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:Enshittification wasn't an accident. It also wasn't inevitable . This isn't the iron laws of economics at work\, nor is it the great forc es of history.\n\nEnshittification was a choice: named individuals\, in li ving memory\, enacted policies that created the enshittogenic environment. They created a world that encouraged tech companies to merge to monopoly\ , transforming the internet into "five giant websites\, each filled with s creenshots of the other four." They let these monopolists rip us off and s py on us. \n\nAnd they banned us from fighting back\, claiming that anyone who modified a technology without permission from its maker was a pirate (or worse\, a terrorist). They created a system of "felony contempt of bus iness-model\," where it's literally a crime to change how your own devices work. They declared war on the general-purpose computer and demanded a co mputer that would do what the manufacturer told it to do (even if the owne r of the computer didn't want that).\n\nWe are at a turning point in the d ecades-long war on general-purpose computing. Geopolitics are up for grabs . The future is ours to seize. \n\nIn my 24 years with EFF\, I have seen m any strange moments\, but never one quite like this. There's plenty of ter rifying things going on right now\, but there's also a massive\, amazing\, incredibly opportunity to seize the means of computation. \n\nLet's take it. ' LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/a-post-american-e nshittification-resistant-internet END:VEVENT BEGIN:VEVENT SUMMARY:A space odyssey #2: How to study moon rocks from the Soviet sample return mission Luna 24 DTSTART:20251228T123000Z DTEND:20251228T133000Z DTSTAMP:20260406T225311Z UID:3ad7da57-ece4-5a75-9e52-f93d7df79734 CATEGORIES:official,Science DESCRIPTION:In this talk\, members of the Museum for Natural History in Be rlin will present the story of a Luna 24 sample retrieved by the GDR from the USSR. The sample has been almost "lost" to time. When it fell into our hands\, we started understanding its historical and scientific significan ce\, produced specialized sample containers and initiated curation efforts of the sample while slowly understanding its history and geochemical comp osition.\n\n### Luna 24 Moon Mission\nWhat happened on the 18th & 19th of August 1976 on the moon? Why was this landing site chosen and how was the sample retrieved and brought back to Earth? Which way did the scientists h andle these extremely precious samples? Picture: Музей Космона втики (CC0 1.0)\n\n### Methods and Results\nWhich methods can be util ized to gather new information from such a sample without destroying it? W hich storage and curation methods must be used to preserve its value for t he scientists that come after us? How did advanced analytical methods like µCT\, electron microscopes\, µ X-ray fluorescence spectrometers and nit rogen-cooled infrared spectrometers contribute to our understanding of the sample?\n\nFly with us to the moon!\n\nThis work has been developed toget her with Christopher Hamann. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/a-space-odyssey-2 -how-to-study-moon-rocks-from-the-soviet-sample-return-mission-luna-24 END:VEVENT BEGIN:VEVENT SUMMARY:selbstverständlich antifaschistisch! Aktuelle Informationen zu de n Verfahren im Budapest-Komplex - von family & friends Hamburg DTSTART:20251228T123000Z DTEND:20251228T133000Z DTSTAMP:20260406T225311Z UID:f33636a7-e2a3-5925-87e3-1ba270e73ff5 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:Am 26. September wurde gegen Hanna vor dem OLG München das er ste Urteil gegen eine der Antifaschist*innen im Rahmen des Budapest-Komple xes gefällt: 5 Jahre für ein lediglich auf Indizien basierendes Urteil. Dem Mordvorwurf der Staatsanwaltschaft wurde nicht entsprochen\, behauptet wurde aber die Existenz einer gewalttätigen „kriminellen Vereinigung “.\nAm 12. Januar 2026 wird nun vor dem OLG Düsseldorf der Prozess gege n Nele\, Emmi\, Paula\, Luca\, Moritz und Clara\, die seit Januar in versc hiedenen Gefängnissen in U-Haft sitzen\, eröffnet. Die Anklage konstruie rt auch hier eine kriminelle Vereinigung nach §129 und enthält den Vorwu rf des versuchten Mordes. Die Verfahren in dieser Weise zu verfolgen\, lä sst vor allem auf ein hohes Ausforschungs- und Einschüchterungsinteresse schließen.\nZaid\, gegen den ein europäischer Haftbefehl aus Ungarn vorl iegt\, war Anfang Mai unter Meldeauflagen entlassen worden\; aufgrund sein er nicht-deutschen Staatsangehörigkeit hatte der Generalbundesanwalt kein e Anklage gegen ihn erhoben. Da er in Deutschland nach wie vor von einer Überstellung nach Ungarn bedroht ist\, hält er sich seit Oktober 2025 in Paris auf. Er ist gegen Auflagen auf freiem Fuß.\nEin weiteres Verfahren im Budapest- Komplex wird in Dresden zusammen mit Vorwürfen aus dem Anti fa Ost Verfahren verhandelt. Der Prozess gegen Tobi\, Johann\, Thomas (Nan uk)\, Paul und zwei weitere Personen wird bereits im November beginnen.\nI n Budapest sitzt Maja – entgegen einer einstweiligen Verfügung des BVer fG und festgestellt rechtswidrig im Juni 2024 nach Ungarn überstellt - we iterhin in Isolationshaft\; der Prozess soll erst im Januar fortgeführt w erden und voraussichtlich mit dem Urteil am 22.01. zu Ende gehen.\nMit den Prozessen im Budapest-Komplex wird ein Exempel statuiert – nicht nur ge gen Einzelne\, sondern gegen antifaschistische Praxis insgesamt. Die Behau ptung einer kriminellen Vereinigung mit Mordabsichten stellt eine absurde juristische Eskalation des staatlichen Vorgehens gegen Antifaschist*innen dar und steht in keinem Verhältnis zu den verhandelten Vorkommnissen.\nMi t dieser Prozesswelle und den Repressionen gegen Freund*innen und Angehör ige wird antifaschistisches Engagement massiv kriminalisiert und ein verze rrtes Bild von politischem Widerstand gezeichnet – während gleichzeitig rechte Gewalt europaweit zunimmt und faschistische Parteien erstarken. Wi r sehen\, dass Angriffe auf Rechtsstaatlichkeit und Zivilgesellschaf immer weiter zunehmen. Die Art und Weise\, wie gegen die Antifas im Budapest-Ko mplex vorgegangen wird\, ist ein Vorgeschmack darauf\, wie politische Oppo sition in einer autoritäreren Zukunft behandelt werden könnte. Wir sind alle von der rechtsautoritären Entwicklung\, von Faschisierung betroffen. Die Kriminalisierung von Antifas als „terroristische Vereinigung" ist T eil einer (weltweiten) Entdemokratisierung und Zersetzung von Rechtsstaatl ichkeit. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/selbstverstandlic h-antifaschistisch-aktuelle-informationen-zu-den-verfahren-im-budapest-kom plex-von-family-friends-hamburg END:VEVENT BEGIN:VEVENT SUMMARY:Chaos Communication Chemistry: DNA security systems based on molec ular randomness DTSTART:20251228T134500Z DTEND:20251228T142500Z DTSTAMP:20260406T225311Z UID:656a3c17-8cd8-516f-bf31-645c98af7990 CATEGORIES:official,Science DESCRIPTION:Nucleic acids have been theorized as potential data storage an d computation platforms since the mid-20th century. In the meantime\, nota ble advances have been made in implementing such systems\, combining acade mic research with industry efforts. \nAfter providing a general introducti on to the interdisciplinary field of DNA information technology\, in the s econd half of the talk focuses on DNA-based cryptography and security syst ems\, in particular zooming in on the example of chemical unclonable funct ions (CUFs) based on randomly generated\, synthetic DNA sequences. Similar to Physical Unclonable Functions (PUFs)\, these DNA-based systems contain vast random elements that cannot be reconstructed – neither algorithmic ally nor synthetically. Using biochemical processing\, we can operate thes e systems in a fashion comparable to cryptographic hash functions\, enabli ng new authentication protocols. Aside from covering the basics\, we delve into the advantages\, as well as the drawbacks\, of DNA as a medium. Fina lly\, we explore how CUFs could in the future be implemented as physical s ecurity architectures: For example\, in anti-counterfeiting of medicines o r as personal signatures for artworks. \nIn a broader sense\, this talk ai ms to inspire a reconsideration of entropy\, randomness and information in the experimental sciences through a digital lens. In doing so\, it provid es examples of how looking at physical systems through an information pers pective can unravel new synergies\, applications and even security archite ctures. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/chaos-communicati on-chemistry-dna-security-systems-based-on-molecular-randomness END:VEVENT BEGIN:VEVENT SUMMARY:Chaospager - How to construct an Open Pager System for c3 DTSTART:20251228T134500Z DTEND:20251228T142500Z DTSTAMP:20260406T225311Z UID:f9204594-d3f2-5c45-ba71-542a99eb9e5d CATEGORIES:official,Hardware DESCRIPTION:At 38c3\, we conducted an experiment to test out our self-buil t POCSAG Pager infrastructure. Together with DL0TUH and CERT\, we are now working on an open pager solution leveraging well-known components in the maker commmunity (e.g. ESP32\, SX1262) to support the alarming of action f orces at c3 events. In this talk\, we will guide you through the process o f developing such a project\, problems that are occuring and what our futu re plans are. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/chaospager-how-to -construct-an-open-pager-system-for-c3 END:VEVENT BEGIN:VEVENT SUMMARY:Live\, Die\, Repeat: The fight against data retention and boundles s access to data DTSTART:20251228T134500Z DTEND:20251228T142500Z DTSTAMP:20260406T225311Z UID:693e18d6-e777-596b-a21d-dd9e9f0282e6 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:The Specter of Data Retention is back in the political arena\, both as a harmonized\, EU-wide approach as well as being part of the coal ition agreement of the new German national government. Other countries hav e already recently implemented new data retention laws\, i.e. Belgium or D enmark. \nIn parallel\, access to all types of stored data – and not onl y data stored under a data retention regime – by law enforcement has bee n radically reformed by groundbreaking new legislation\, undermining both exiting national safeguards as well as protections implemented by business es aiming for a higher standard in cyber security and data protection. \n The talk will give an overview on recent developments for a harmonized “ minimum” approach to data retention under the Polish and Danish EU presi dency as well as the new German legislation currently under consideration. \nIt will introduce the upcoming international release mechanisms for sto red data under the e-evidence legislation\, the 2nd protocol to the EU cyb ercrime convention as well as future threats from the UN cybercrime conven tion. \nIt will address how a cross-border request for information works i n practice\, which types of data can be requested by whom\, and who will b e responsible for the few remaining safeguards – including an analysis o f the threat model and potential “side channel” attacks by cybercrime to gain access to basically all data stored by and with service providers. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/live-die-repeat-t he-fight-against-data-retention-and-boundless-access-to-data END:VEVENT BEGIN:VEVENT SUMMARY:Power Cycle B7 oder Warum kauft man eine Zeche? DTSTART:20251228T134500Z DTEND:20251228T142500Z DTSTAMP:20260406T225311Z UID:cb8cd10b-f5d1-597d-a5c4-3cbd914fa6aa CATEGORIES:official,CCC & Community DESCRIPTION:Wir – Mitglieder des Recklinghäuser Chaostreffs c3RE – h aben gemeinsam mit einigen weiteren Menschen einen weiteren Verein gegrün det\, den Blumenthal7 e.V. \nDas Ziel ist\, ein altes Steinkohlebergwerk z u kaufen\, zu erhalten\, zu renovieren und vielen Menschen als Raum für C haos\, Kreativität und Happenings zugänglich zu machen. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/power-cycle-b7-od er-warum-kauft-man-eine-zeche END:VEVENT BEGIN:VEVENT SUMMARY:Amateurfunk im All – Kontakt mit Fram2 DTSTART:20251228T144000Z DTEND:20251228T152000Z DTSTAMP:20260406T225311Z UID:0df52094-ee30-5d05-bf48-573a5eae1a8d CATEGORIES:official,Hardware DESCRIPTION:Schon kurz nachdem die ersten Satelliten den Weltraum eroberte n\, waren auch Amateurfunkende dabei und brachten ihr Hobby in dieses Feld ein. Auch bei Fram2\, der ersten bemannten Mission\, die beide Polarregio nen überflog\, war der Sprechfunkkontakt mit einer Universität fest eing eplant.\n\nDer studentische Funkclub "AFuTUB" (https://dk0tu.de) an der TU Berlin hat die Crew der Fram2 angefunkt – mit einem experimentellen Fun ksetup\, das für viele von uns Neuland war.\n\nWir geben Einblicke in zwe i intensive Wochen Planung\, Koordination und Aufbau\, den Betrieb einer ( improvisierten) Bodenstation\, sprechen über technische Hürden\, Antenne ndesign und Organisation – und wie wir schließlich mit der Astronautin Rabea Rogge im Weltraum gefunkt haben. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/amateurfunk-im-al l-kontakt-mit-fram2 END:VEVENT BEGIN:VEVENT SUMMARY:Burn Gatekeepers\, not Books! DTSTART:20251228T144000Z DTEND:20251228T152000Z DTSTAMP:20260406T225311Z UID:878d9a0c-0446-561d-9f85-c81033aad209 CATEGORIES:not recorded,official,Ethics\, Society & Politics DESCRIPTION:Der Buchmarkt ist kaputt\; das ist keine neue Erkentnis. Wir d röseln auf\, an welchen Ecken es hakt und zeigen auf\, wie schlimm es wir klich ist. Dabei machen wir auch ein bisschen Name & Shame\, denn irgendwe r ist ja schuld. Wir zeigen aber auch\, wo uns auf dem deutschen Markt noc h fehlende APIs (im Gegensatz zum internationalen Buchmarkt) das Leben deu tlich leichter machen würden. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/burn-gatekeepers- not-books END:VEVENT BEGIN:VEVENT SUMMARY:Cracking open what makes Apple's Low-Latency WiFi so fast DTSTART:20251228T144000Z DTEND:20251228T152000Z DTSTAMP:20260406T225311Z UID:c8fe18e8-6cd5-5354-aad7-1a51e64fd529 CATEGORIES:official,Hardware DESCRIPTION:Apple's Continuity features make up a big part of their walled garden. From AirDrop and Handoff to AirPlay\, they all connect macOS and iOS devices wirelessly. In recent years\, security researchers have opened up several of these features showing that the Apple ecosystem is technica lly compatible with third-party devices.\n\nIn this talk\, we present the internal workings of Low-Latency WiFi (LLW) – Apple's link-layer protoco l for several real-time Continuity features like Continuity Camera and Sid ecar Display. We talk about the concepts behind LLW\, how it achieves its low-latency requirement and how we got there in the reverse engineering pr ocess.\n\nWe also present the tooling we built to enable more kernel-level tracing and logging on iOS through a reimplementation of cctool from macO S and the source code of trace that was buried deep inside of Apple’s op en-source repository system_cmds. We build a log aggregator that combines various kernel- and user-space traces\, log messages and pcap files from b oth iOS and macOS into a single file and finally investigate the network s tack on Apple platforms that is implemented in both user- and kernel space . There we find interesting configuration values of LLW that make it the g o-to link-layer protocol for Apple's proprietary real-time Continuity appl ications. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/cracking-open-wha t-makes-apple-s-low-latency-wifi-so-fast END:VEVENT BEGIN:VEVENT SUMMARY:Über europäische Grenzen hinweg auf klinischen Daten rechnen - a ber sicher! DTSTART:20251228T144000Z DTEND:20251228T152000Z DTSTAMP:20260406T225311Z UID:0fdda2f0-88c1-518f-858f-fd41d48325f4 CATEGORIES:not recorded,official,Science DESCRIPTION:**Klinische Forschung 101:** Warum sind "multizentrische" klin ische Studien der Goldstandard und wie läuft das ab? Welche Daten werden da gesammelt und wie funktioniert in der Praxis der Datenaustausch? Was sa gt die DSGVO dazu?\n\n**Sicheres verteiltes Rechnen 101:** Wie kann man in verschlüsselten peer-to-peer Netzwerken gemeinsam auf verteilten Daten r echnen\, ohne die Eingabedaten untereinander austauschen zu müssen? Was s ind technische Vor- und Nachteile? Was ändert das an den Rollen der Akteu re im System?\n\n**Der Prototyp in Deutschland 2019:** Das LMU Klinikum in München kooperiert mit der Charité in Berlin und der TU München. Zum e rsten Mal gelingt das gemeinsame Rechnen auf verteilten Patient:innendaten . Diverse lessons were learned.\n\n**Die erste europäische Studie 2024:** Das LMU Klinikum in München kooperiert mit der Policlinico Universitario Fondazione Agostino Gemelli in Rom. Aus der Pilotstudie ergibt sich auch ein DSGVO-konformer Blueprint und eine wiederverwendbare Architektur.\n\n* *Fazit und Ausblick:** Sicheres verteiltes Rechnen in der Wissenschaft und darüber hinaus. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/uber-europaische- grenzen-hinweg-auf-klinischen-daten-rechnen-aber-sicher END:VEVENT BEGIN:VEVENT SUMMARY:Auf die Dauer hilft nur Power: Herausforderungen für dezentrale Netzwerke aus Sicht der Soziologie DTSTART:20251228T153500Z DTEND:20251228T161500Z DTSTAMP:20260406T225311Z UID:0425efd8-fec5-5dbc-860b-8478857dc9ac CATEGORIES:official,Science DESCRIPTION:Die Soziologie hat immer etwas mitzuteilen\, sobald Fragen kol lektiven Handelns auftreten. Dies gilt sowohl für soziale wie auch digita le Räume. So hat der Soziologe Peter Kollock bereits in den 1990er Jahren festgestellt\, „the Internet is filled with junk and jerks“ (Kollock\ , 1999\, S. 220). Gegenwärtig dürfte die Mehrheit dieser Aussage anstand slos zustimmen. Aber dies ist nicht der entscheidende Punkt\, sondern die weitere Beobachtung: „Given that online interaction is relatively anonym ous\, that there is no central authority\, and that it is difficult or imp ossible to impose monetary or physical sanctions on someone\, it is striki ng that the Internet is not literally a war of all against all” (1999\, S. 220).\n\nDie Welt kennt inzwischen zahlreiche Gegenbeispiele\, bei dene n Autoritäten das Internet nutzen\, um das Nutzungsverhalten zu monetaris ieren oder Überwachungstechnologien zur Sanktionierung einsetzen (Zuboff\ , 2019). Diese Ausgangslage beziehe ich in meiner Forschung ein\, wenn ich dezentrale Netzwerke wie das Fediverse oder das Tor-Netzwerk aus soziolog ischer Perspektive betrachte. In erster Linie bin ich daran interessiert z u verstehen\, wie dezentrale Netzwerke – organisatorisch nicht technisch – entstehen und welche Herausforderungen es dabei zu überwinden gilt ( Sanders & Van Dijck\, 2025). Eine zentrale Motivation orientiert sich an d er Frage\, wie ein Internet ohne zentrale Autorität\, verringert von Mark tabhängigkeiten\, resilient gegenüber Sanktionsmechanismen und Souverän bezüglich eigener Daten\, aufgebaut werden kann. Motiviert durch diesen präskriptiven Rahmen\, betrachte ich im Vortrag die Herausforderungen zun ächst deskriptiv und beziehe meine soziologische Perspektive ein. Denn in der Regel profitieren Menschen\, die einen Vorteil aus der Realisierung e ines bestimmten Ziels ziehen\, unabhängig davon\, ob sie persönlich eine n Anteil der Kooperation tragen – oder eben nicht. Das kollektive Handel n fällt mitunter schwer\, obwohl oder gerade\, weil ein begründetes koll ektives Interesse zur Umsetzung eines bestimmten Zieles besteht. Gleiche I nteressen sind nicht gleichbedeutend mit gemeinsamen Interessen. Diese Sit uationsbeschreibung ist vielfältig anwendbar von WG-Aufräumplänen bis z u Fragen der klimaneutralen Transformation. Der Grund ist\, dass kollektiv es Handeln ein Mindestmaß an Zeit\, Aufwand oder Geld verursacht\, sodass vielfach ein Trittbrettfahren gewählt wird in der Hoffnung\, dass immer noch genug andere kooperieren\, um das gewünschte Ziel zu erreichen (Hard in\, 1982). \n\nAus dieser Perspektive betrachte ich dezentrale Netzwerke. So kann das Fediverse oder der Tor-Browser genutzt werden\, ohne eine eig ene Instanz oder Knoten zu hosten. Dies ist auch nicht das Ziel der genann ten dezentralen Netzwerke. Dennoch: Die Kosten und der Aufwand für die te chnische Infrastruktur müssen von einem kleinen Teil getragen werden\, w ährend die überwältigende Mehrheit der Nutzer:innen von der Infrastrukt ur profitieren\, ohne einen Beitrag zu dieser zu leisten. Dies führt zur originären Instabilität dezentraler Netzwerke und stellt eine relevante Herausforderung für die Zukunft dar. Während durch Netzwerkanalysen das Wachstum und die Verstetigung von dezentralen Netzwerken beschrieben wird\ , fehlt es an einem vertieften Verständnis über Bedingungen wie dezentra le Netzwerke überhaupt entstehen. Während des Vortrags werde ich empiris che Daten zur Entwicklung des Fediverse und des Tor-Netzwerkes zeigen\, um die Herausforderung zu verdeutlichen. Insbesondere das Tor-Netzwerk steht dabei vor dem Problem\, dass die Möglichkeit zur De-Anonymisierung steig t\, wenn die Anzahl an Knoten sinkt. Die Überwindung des von mir dargeste llten Kollektivgutproblems nimmt demnach eine zentrale Rolle zur Aufrechte rhaltung ein.\n\nDie Motivation sich mit dezentralen Netzwerken auseinande rzusetzen\, resultiert aus der Umkehr der Argumentation\, wenn Netzwerke über eine zentrale Autorität verfügen und zugleich in der Lage sind\, S anktionsmechanismen zu nutzen\, beispielsweise um unliebsame User:innen zu sperren\, das Nutzungsverhalten zu überwachen und zu monetarisieren (Zub off\, 2019). Hierbei beziehe ich mich offensichtlich auf die Entwicklung s ozialer Medien\, die das oben beschriebene Problem kollektiven Handelns du rch Kommodifizierung der Infrastruktur lösen. Ähnliches ist aus dem Bere ich der Kryptowährung bekannt\, welche ebenfalls durch den individualisie rten monetären Vorteil\, das heißt der Verheißung einer Kapitalakkumula tion\, Kooperationsprobleme überwindet. Stellen wir uns so die Zukunft de s Internets vor?\nDezentrale Netzwerke sind nicht per se eine allumfassend e technische Lösung für gesellschaftlich-soziale Probleme. Im Gegenteil: Dezentrale Netzwerke\, wenn sie nicht auf Kommodifizierung basieren\, unt erliegen einer sozialen Ordnung\, die sich eben nicht technisch lösen lä sst. Ein Bewusstsein über die Notwendigkeit dezentraler Netzwerke ist hie rbei leider nicht ausreichend\, sondern es braucht Menschen und Organisati onen\, die bereit sind einen Teil der Infrastruktur zu tragen\, ohne einen direkten Vorteil hiervon zu erhalten. Diese Selbstorganisation steht im V ergleich zu profitorientierten Unternehmen immer im Nachteil (Offe & Wiese nthal\, 1980). \n\nIn meiner Forschung verbinde ich mein Interesse an Grun dstrukturen und Bedingungen sozialer Ordnung\, wie dem Kooperationsproblem \, mit dem Anspruch gesellschaftlicher Gestaltung. Allein das Bewusstsein über diese Bedingungen kann noch kein Kooperationsproblem lösen. Es kann allerdings helfen\, den Rahmen dieser Bedingungen aktiv zu gestalten. Ich werde mich dabei zwischen kritischen Realitäten und hoffnungsvollen Ausb licken bewegen\, denn ganz offensichtlich existieren dezentrale Netzwerke\ , die eine organisatorische und technische Alternative anbieten. Doch wie der Titel suggeriert\, hilft hier auf die Dauer nur die (zivilgesellschaft liche) Power.\n\nLiteratur\nHardin\, R. (1982). Collective Action. Hopkins University Press.\nKollock\, P. (1999). The Economies of Online Cooperati on: Gifts and Public Goods in Cyberspace. In M. A. Smith & P. Kollock (Hrs g.)\, Communities in Cyberspace (S. 220–239). Routledge.\nOffe\, C.\, & Wiesenthal\, H. (1980). Two Logics of Collective Action: Theoretical Notes on Social Class and Organizational Form. Political Power and Social Theor y\, 1\, 67–115.\nSanders\, M.\, & Van Dijck\, J. (2025). Decentralized O nline Social Networks: Technological and Organizational Choices and Their Public Value Trade-offs. In J. Van Dijck\, K. Van Es\, A. Helmond\, & F. V an Der Vlist\, Governing the Digital Society. Amsterdam University Press. https://doi.org/10.5117/9789048562718_ch01\nZuboff\, S. (2019). Surveillan ce Capitalism—Überwachungskapitalismus. Aus Politik und Zeitgeschichte\ , 24–26\, 4–9. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/auf-die-dauer-hil ft-nur-power-herausforderungen-fur-dezentrale-netzwerke-aus-sicht-der-sozi ologie END:VEVENT BEGIN:VEVENT SUMMARY:Lessons from Building an Open-Architecture Secure Element DTSTART:20251228T153500Z DTEND:20251228T161500Z DTSTAMP:20260406T225311Z UID:0c6e2d25-7014-5aaf-9c6a-b4347f0ff85c CATEGORIES:official,Hardware DESCRIPTION:This talk shares our engineering experience from designing and implementing an open-architecture secure element — a type of chip that is traditionally closed and opaque. We’ll outline the practical conseque nces of choosing openness as part of the security model: how it affected h ardware architecture\, firmware design\, verification\, and development wo rkflows.\nThe session dives into concrete technical areas including the se cure boot chain\, attestation and update flow\, key storage isolation\, an d the testing and fuzzing infrastructure used to validate the design. It a lso covers the boundaries of openness — where third-party IP\, export co ntrol\, or certification requirements force certain blocks to remain close d — and how we document and mitigate those limits.\nWe’ll present anon ymized examples of external security evaluations\, show how responsible di sclosure and transparent fixes improved resilience\, and reflect on what “community-driven security” means in a hardware context. Attendees sho uld leave with a clearer view of what it takes to make security verifiable at the silicon level — and why that process is never finished. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/lessons-from-buil ding-an-open-architecture-secure-element END:VEVENT BEGIN:VEVENT SUMMARY:Persist\, resist\, stitch DTSTART:20251228T153500Z DTEND:20251228T161500Z DTSTAMP:20260406T225311Z UID:985ef663-e1f8-54d2-8e3e-f0c5beb512e2 CATEGORIES:official,Art & Beauty DESCRIPTION:Working with textile mediums like yarn\, thread\, and floss is generally seen as a feminine hobby and as thus is usually classified as c raft\, not art. And crafting is something people\, maybe even people usual ly seen as a bit boring\, do in their free time to unwind. Most of us have grown up with the image of the loving grandmother knitting socks for the family\, an act of care that was never considered anything special.\nThe p atriarchal society’s tendency to underestimate anything considered femin ine and\, inextricably connected to this\, domestic is an ongoing struggle . But being underestimated also provides a cover and with it the opportuni ty for subversion and resistance.\nAs global powers are cycling back to de spotism and opression\, let me take you back in time to show you how peopl e used textile crafts to organise resistance and shape movements. Like the quilts that were designed and sewn to help enslaved people in the US esca pe slavery and navigate the Underground Railroad from the 1780s on\, or th e knitted garments that carried information about the Nazis to help resist ance in occupied Europe during World War II\, or the cross stitches by a p risoner of war that had Nazis unknowingly display art saying “Fuck Hitle r”.\nTextile crafts have been used by marginalised and disenfranchised p eople to protest\, to organise\, and to persist for centuries. This tradit ion found a new rise in what is now called “craftivism” and is using t he internet to build bigger communities spanning the world. These communit ies also come together to help\, often quite tangibly by creating specific items like the home-sewn masks during early Covid19. In addition\, crafti ng has scientifically-proven benefits for one’s mental health.\nTaking u p the increasingly popular quote "When the world is too scary\, too loud\, too much: Stop consuming\, start creating"\, this talk shows how the skil ls to create have enabled and will enable people to resist and to persist. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/persist-resist-st itch END:VEVENT BEGIN:VEVENT SUMMARY:CCC-Jahresrückblick DTSTART:20251228T153500Z DTEND:20251228T171500Z DTSTAMP:20260406T225311Z UID:49b35210-41ea-547d-86da-1ca62612c7b6 CATEGORIES:official,CCC & Community DESCRIPTION:2025 war ein gutes Jahr für Exploits\, kein gutes Jahr für d ie Freiheit und ein herausragendes für schlechte Ideen. Regierungen kämp ften weiter für Massenüberwachung\, natürlich mit KI-Unterstützung™. Kriege wurden weiter „digitalisiert“\, Chatkontrolle als Kinderschutz verkauft\, Waffensysteme haben inzwischen mehr Autonomie als die meisten Bürger*innen und künstliche Intelligenz löst endlich alle Probleme – vor allem die\, die bisher niemand hatte. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/ccc-jahresruckbli ck END:VEVENT BEGIN:VEVENT SUMMARY:A Quick Stop at the HostileShop DTSTART:20251228T163500Z DTEND:20251228T171500Z DTSTAMP:20260406T225311Z UID:b3ef337e-bfb3-51bf-bcaa-0b2d697b9c7f CATEGORIES:official,Security DESCRIPTION:[HostileShop](https://github.com/mikeperry-tor/HostileShop) cr eates a simulated web shopping environment where an **attacker agent LLM** attempts to manipulate a **target shopping agent LLM** into performing un authorized actions. Crucially\, HostileShop does not use an LLM to judge a ttack success. Instead\, success is determined automatically and immediate ly by the framework\, which reduces costs and enables rapid continual lear ning by the attacker LLM.\n\nHostileShop is best at discovering **prompt i njections** that induce LLM Agents to make improper "tool calls". In other words\, HostileShop finds the magic spells that make LLM Agents call func tions that they have available to them\, often with the specific input of your choice.\n\nHostileShop is also capable of [enhancement and mutation o f "universal" jailbreaks](https://github.com/mikeperry-tor/HostileShop?tab =readme-ov-file#prompts-for-jailbreakers). This allows **cross-LLM adaptat ion of universal jailbreaks** that are powerful enough to make the target LLM become fully under your control\, for arbitrary actions. This also ena bles public jailbreaks that have been partially blocked to work again\, un til they are more comprehensively addressed.\n\nI created HostileShop as a n experiment\, but continue to maintain it to let me know if/when LLM agen ts finally become secure enough for use in privacy preserving systems\, wi thout the need to rely on [oppressive](https://runtheprompts.com/resources /chatgpt-info/chatgpt-is-reporting-your-prompts-to-police/) [levels of sur veillance](https://www.anthropic.com/news/activating-asl3-protections). LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/a-quick-stop-at-t he-hostileshop END:VEVENT BEGIN:VEVENT SUMMARY:Current Drone Wars DTSTART:20251228T163500Z DTEND:20251228T171500Z DTSTAMP:20260406T225311Z UID:562f7db7-c4c4-5120-903d-a782e8a17894 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:The character of drone wars has changed. The large\, cumbersom e long-range drones have been complemented with small and low-budget drone s. Moreover\, more and more states are developing\, deploying and selling them. Ten years ago at least 50 states were developing them. At the top ar e USA\, Israel\, Turkey\, China\, Iran and Russia.\n \nRussia's attack on Ukraine has unleashed a drone war unlike any seen before.\nIn short time t he Ukraine has build significant drone production capabilities and announc ement that it will increase its own production of quadcopters and kamikaze drones to one million units per year.\n \nGerman defense companies and st artups are now promoting a “drone wall on NATO's eastern flank.” Moreo ver\, despite their vulnerability to air defenses\, large drones are also being further developed. They are intended to accompany next generation fi ghter jets in swarms.\n \nIn this talk\, past and current developments are discussed. What are the perspectives now? LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/current-drone-war s END:VEVENT BEGIN:VEVENT SUMMARY:Variable Fonts — It Was Never About File Size DTSTART:20251228T163500Z DTEND:20251228T171500Z DTSTAMP:20260406T225311Z UID:62a4c15d-6efb-5d85-b41d-5363e08ebeae CATEGORIES:official,Art & Beauty DESCRIPTION:When the OpenType 1.8 specification introduced variable fonts in 2016\, the idea was simple: combine all weights and styles of a font fa mily into one file and save file size and therefore bandwidth. Yet in 2025 \, variable fonts have become a platform for artistic and technical explor ation far beyond their initial goal.\n\nThis talk follows that transformat ion from the inside. It starts with a short history of flexible font techn ologies — Adobe’s Multiple Master and Apple’s TrueType GX formats of the 1990s (I am just mentioning the company names as they were the publis hers of these technologies) — and how they failed to become standards. I t then shows why variable fonts succeeded: many designers today are more t ech savvy and know some basic HTML\, CSS and maybe even some JavaScript. A nd at the same time all major browsers and almost all design apps support variable fonts by now.\n\nFrom there\, I present a series of first-hand p rojects where typography met code:\n– TypoLabs (2017)\, whose identity u sed a custom variable font animating between extremes of weight and width → the variable font family became the (probably forever) unpublished var iable font family Denman\;\n– Marjoree (2024)\, a pair of variable patte rn fonts based on hexagonal and pentagonal tilings that explore legibility and repetition\;\n– Kario (2025)\, a duplex variable font powering the 39C3 identity\, with uniwidth weights\, optical-size adjustments\, and typ ographic Easter eggs\;\n– and Bronco (2017?)\, an experiment using the a rbitrary-axis model for interpolation to escape the cube-shaped multiple m aster design space of traditional variable fonts.\n\nThe talk then moves f rom history to speculation. Early head-tracking experiments once tried to adjust a variable font’s optical size based on reader position — produ cing total chaos as text reshaped itself while being read. On the other ha nd this playful chaos marks the moment when things become truly interestin g: connecting a font axis to live data\, to mouse movement\, to sound\, to network input — anything that makes type responsive and alive. That’s the kind of misbehavior I want to talk about — not breaking for the sak e of breaking\, but using technology the “wrong” way to see what happe ns.\n\nThe talk will mix images\, a lot of short videos\, and a bit of beh ind-the-scenes insight into font development. It’s about what happens wh en design tools meet code\, and how that intersection keeps typography ali ve and unpredictable.\n\nLink list of variable font experiments:\nhttps:// kario.showmefonts.com/\nhttps://marjoree.showmefonts.com/\nhttps://www.bro nco.varfont.com/\nhttps://www.denman.varfont.com/\nhttps://www.seraphs.var font.com/ \n+ 39C3 visual identity LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/variable-fonts-it -was-never-about-file-size END:VEVENT BEGIN:VEVENT SUMMARY:Amtsgeheimnis raus\, Datenhalde rein: was die Informationsfreiheit in Österreich bringt DTSTART:20251228T181500Z DTEND:20251228T185500Z DTSTAMP:20260406T225311Z UID:7557e54c-89e9-530d-aafb-8736570661d4 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:Die Kampagne – wie aus "binnen zwei Wochen" mehr als elf Jah re wurden\nDie Strategien – die man übernehmen kann\nDer Vergleich – wie ist Österreichische IFG im Vergleich zum Deutschen\, und ist das der richtige\nDie (besten) Preisträger – aus mehr als zehn Jahren des Schm ähpreises "Mauer des Schweigens"\nDie Datenhalde – mit Aufruf\, was aus dem Datenberg zu machen LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/amtsgeheimnis-rau s-datenhalde-rein-was-die-informationsfreiheit-in-osterreich-bringt END:VEVENT BEGIN:VEVENT SUMMARY:CPU Entwicklung in Factorio: Vom D-Flip-Flop bis zum eigenen Betri ebssystem DTSTART:20251228T181500Z DTEND:20251228T185500Z DTSTAMP:20260406T225311Z UID:6189eca4-8ac2-5606-af23-628b82eb4a54 CATEGORIES:official,Hardware DESCRIPTION:Factorio ist ein Spiel über Fabrikautomation - Förderbänder \, Dampfmaschinen und Produktionsketten stehen im Vordergrund. Eigentlich ist das interne Logiksystem („Combinators“) gedacht für die Steuerung der Fabrik\, jedoch erlaubt es auch die Entwicklung komplexer Hardware.\n \nIn diesem Vortrag erzähle ich meine Geschichte\, wie ich eine vollstän dige RISC-V-Architektur in Factorio rein aus Vanilla-Combinators erschaff en habe:\nDie CPU arbeitet mit 32 Bit-Wörtern\, verfügt über 32 General Purpose Register\, 128 KB RAM/Persistent Storage\, eine 5-stufige Pipelin e mit Forwarding und Hazard-Handling sowie eine Logikeinheit für Branches und Interrupts. Ein Display-Controller steuert eine Konsolen-Ausgabe sowi e ein Farbdisplay\, während ein Keyboard-Controller Eingaben über physis che In-Game-Tasten ermöglicht.\n\nErgänzt wird die Hardware auf der Soft wareseite durch das Betriebssystem *FactOS*\, das ein einfaches Filesystem sowie Systemcalls (zum Beispiel zum Drucken eines Strings im Terminal) zu r Verfügung stellt. Außerdem schränkt das Betriebssystem das ausführe nde User-Programm auf einen festen Bereich des RAMs ein und verhindert so direkten Zugriff auf die Hardware.\n\nIm Talk möchte ich euch durch alle Schichten dieser Konstruktion führen:\nVon den Grundlagen der Factorio-Si gnalphysik über CPU-Design und Pipeline-Hazards bis zur Toolchain und dem Betriebssystem. Außerdem gebe ich einen Einblick\, wie die Limitierungen aber auch die Vorteile von Factorio im Vergleich zu herkömmlichen Logik Simulatoren das Design einer CPU beeinflussen können. Ich runde meinen Ta lk mit einer Live-Demonstration des Systems ab. \n\nDie vollständige CPU\ , inklusive Quellcode des Assemblers\, Blueprints und Beispielprogramme\, stelle ich öffentlich zur Verfügung. Dadurch kann jede interessierte Per son die Architektur in Factorio laden\, erweitern und eigene Software daf ür entwickeln.\n\nEs wird im Anschluss eine [Self-organized Session](http s://events.ccc.de/congress/2025/hub/en/event/detail/cpu-entwicklung-in-fac torio-wie-benutze-ich-phds-f) geben\, in der ich eine hands-on Einleitung geben werde\, wie man die CPU in Factorio lädt\, wie man Programme schrei bt\, diese assembliert und in Factorio einfügt. Auch kann man dort gerne mit mir über das Projekt quatschen\, ich freue mich auf alle Beiträge un d Kommentare :) LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/cpu-entwicklung-i n-factorio-vom-d-flip-flop-bis-zum-eigenen-betriebssystem END:VEVENT BEGIN:VEVENT SUMMARY:How to render cloud FPGAs useless DTSTART:20251228T181500Z DTEND:20251228T185500Z DTSTAMP:20260406T225311Z UID:039c6510-1a33-57fe-8bbf-08bcc31df8bb CATEGORIES:official,Security DESCRIPTION:FPGA instances are now offered by multiple cloud service provi ders (including Amazon EC2 F1/F2 instances\, Alibaba ECS Instances\, and M icrosoft Azure NP-Series). The low-level programmability of FPGAs allows i mplementing new attack vectors including DOS attacks. While some severe at tacks (such as short circuits) cannot be easily deployed as users are prev ented to load own configuration bitstreams on the cloud FPGAs\, it has bee n demonstrated that it is possible to leak information (like cloud instanc e scheduling policies or the physical topologies of the FPGA servers) or t o mount DoS attacks by excessive power hammering. For instance\, basically all cloud FPGAs provide logic cells that can be configured as small shift registers. This allows building toggle-shift-registers with 10K and more flip-flops\, which can draw over 1 KW power when clocked at a few hundred MHz. \nIn our work\, we created fast ring-oscillators that bypass all desi gn checks applied during bitstream cloud deployment and how we achieved to ggle rates of 8 GHz inside an FPGA by using glitch amplification. The latt er one was calibrated with the help of a time-to-digital converter (TDC).\ nAs a first attack\, we used power hammering to crash AWS F1 instances by increasing power consumption to 300 W (three times the allowed power envel ope). We used physical unclonable functions (PUFs) to examine the behaviou r of the attacked FPGA cloud instances and we found that most remained una vailable for several hours after the attack.\nAs a more subtle attack\, we tried to cause permanent damage to FPGAs in our lab by driving fast toggl ing signals to virtually any available wire (and primitive) into a small r egion of the chip. With this\, we created hotspot designs that draw 130 W in less than 1% of the available logic and routing resources of a datacent er FPGA. Even though the achieved power density was excessive\, it was ins ufficient to induce permanent damages. This is largely due to the area ine fficiencies of an FPGA that limit the power density. For instance\, FPGAs use large multiplexers to implement the switchable connections and there e xists only one active path that is routed through the multiplexers\, hence \, leaving most of the transistors sitting idle. Similarly\, FPGAs provide a large number of configuration memory cells (about 1 Gb on a typical dat acenter device) that draw negligible power as these do not switch during o peration. All these idle elements force the power drawing circuits to be s pread out\, hence limiting power density. Anyway\, when experimenting with different hotspot variants\, we found thermal runaway effects and excessi ve device aging with up to a 70% increase in delay on some wires. We achie ved this aging in just a few days and under normal operational conditions (i.e. by staying within the available power budget and having board coolin g running). Such a large increase in latency can be considered to render a n FPGA useless as it will usually not be fast enough to host (realistic) u ser designs.\nBeyond exploring these attack vectors\, we developed counter measures and design guidelines to prevent such attacks. These include scan s of the user designs\, use restrictions to resources like IOs and clock t rees\, as well as runtime monitoring and FPGA health checks. With this\, w e believe that FPGAs can be operated securely and reliably in a cloud sett ing. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/how-to-render-clo ud-fpgas-useless END:VEVENT BEGIN:VEVENT SUMMARY:In-house electronics manufacturing from scratch: How hard can it b e? DTSTART:20251228T181500Z DTEND:20251228T185500Z DTSTAMP:20260406T225311Z UID:151d4fb0-5d25-586b-8063-c7706bbd9094 CATEGORIES:official,Hardware DESCRIPTION:Our industry needs a reboot as well\, it no longer serves the people.\n\nOur work is based on our belief that high-quality high-mix/low volume manufacturing of electronics in Europe is economically viable and a ccessible to small companies with a lower-than-expected up-front investmen t.\n\nWe believe that relocation of industry to Europe depends on small in novative companies\, and will not come from slow and bloated industry gian ts whose products are victims of enshittification and maximum profit extra ction.\n\nBy using open-source hardware and software whenever possible\, w e are attempting to set up our own production operation in Hamburg and we want to share the solutions and enable others to do the same and collectiv ely reclaim ownership of the means of production.\n\nWe will cover:\n- How we acquired and set up production machines\, their costs\, and our learni ngs\n- Quirks of paste printing and reflow soldering at scale (up to 50 ba tches a day)\n- Component inventory\, tracking\, DfM\, etc.\n- How OpenPnP is a key enabler of our prcesses\n - Our proposed changes to OpenPnP\n - Our work integrated Siemens Siplace Feeders in OpenPnP\n\nCheck out our ressources on the topic at https://eilbek-research.de/blog/thank-you-f or-attending-our-talk-at-39c3/ LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/in-house-electron ics-manufacturing-from-scratch-how-hard-can-it-be END:VEVENT BEGIN:VEVENT SUMMARY:freiheit.exe - Utopien als Malware DTSTART:20251228T191000Z DTEND:20251228T195000Z DTSTAMP:20260406T225311Z UID:4c285dd4-58fc-5378-9434-628f7871ee9f CATEGORIES:official,Art & Beauty DESCRIPTION:Ich lade das CCC-Publikum ein\, die Betriebssysteme hinter uns eren Betriebssystemen zu untersuchen.\nWährend wir uns mit Verschlüsselu ng\, Datenschutz und digitaler Selbstbestimmung beschäftigen\, installier en Tech-Milliardäre ihre Weltanschauungen als Default-Einstellungen unser er digitalen Infrastruktur. Die Recherchen beleuchten die mitgelieferte Ma lware.\n\nIch navigiere durch die Ideengeschichte zwischen Marinettis Futu ristischem Manifest (1909) und Musks Mars-Kolonien\, von den ersten Progra mmiererinnen zur Eroberung des Alls\, von neoliberalen Think Tanks zur Sch uldenbremse\, von nationalen Christen zu Pronatalisten.\nInvestigative Rec herche trifft auf performative Vermittlung. \nMit O-Tönen von Peter Thiel \, Nick Land und anderen zeigt die Lecture ideologische Verbindungslinien zwischen Theoretikern autoritär-technoider Träume und den Visionen der T ech-Oligarchen auf:\n\nEs geht um „Freedom Cities“\, Steuerflucht und White Supremacy.\nUm Transhumanismus als Upgrade-Zwang bis hin zu neo-euge nischen Gedanken.\nUm Akzeleration als politische Strategie: Geschwindigke it statt Reflexion\, Disruption statt Demokratie\, Kolonisierung – jetzt auch digital.\n\nAus Theaterperspektive betrachte ich das Revival der Cä saren und die Selbstinszenierung von Tech-CEOs als Künstler\, Priester od er Genies. \nUnd mit der Investigativ Reporterin Sylke Grunwald habe ich r echerchiert\, was all das mit den Debatten rund um Palantir zu tun hat.\n\ nDie scheinbar alternativlose Logik von "Move Fast and Break Things" ist n icht unvermeidlich – sie ist gewollt\, gestaltet\, ideologisch aufgelade n. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/freiheit-exe-utop ien-als-malware END:VEVENT BEGIN:VEVENT SUMMARY:Prometheus: Reverse-Engineering Overwatch DTSTART:20251228T191000Z DTEND:20251228T195000Z DTSTAMP:20260406T225311Z UID:d08f6f41-a731-57f7-ba40-8f38464f2dcd CATEGORIES:official,Hardware DESCRIPTION:Hey you! Yes you! Do you want to pay for a game which gets for cibly taken away from you after only six years? Do you want to buy lootbox es in order to unlock cosmetics faster in the game you „own“?\n\nOverw atch 1 was released in 2016 to critical acclaim and millions of sales glob ally. It has permanently changed the hero-shooter landscape which was in m uch need of a fresh new game and playstyle. After a few hard years plagued with infrequent updates\, long overdue hero nerfs / reworks and broken pr omises\, Overwatch 1 was finally taken offline on October 3\, 2022.\n\nEve r since I started playing Overwatch I was fascinated by the game and it’ s proprietary engine\, Tank. Not much is known about it\, only that core c omponents were reused from the cancelled Blizzard IP\, Titan. It’s a sha me that this game (engine) is not getting the recognition it deserves. Fro m the entity-component architecture to the deterministic graph based scrip ting engine which handles (almost) everything which happens ingame\, it is a truly refreshing take on networking and game programming rarely seen in games. So\, considering this\, building a game server from scratch can’ t be that hard\, riiiight?\n\nJoin me in this documentation of my gradual descent into madness while I (jokingly) roast Overwatch developers for cod e which they probably do not even remember that theyve written 10+ years a go :)\n\nAll research presented in this talk was done on the first archive d\, still publicly available version which I could find\, 0.8.0.0 Beta (0. 8.24919)\, which got uploaded to archive.org. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/prometheus-revers e-engineering-overwatch END:VEVENT BEGIN:VEVENT SUMMARY:Recharge your batteries with us - an empowering journey through th e energy transition DTSTART:20251228T191000Z DTEND:20251228T195000Z DTSTAMP:20260406T225311Z UID:372f7089-b6ae-50ed-bc35-f60c5e9fd6e1 CATEGORIES:official,Science DESCRIPTION:A committed energy activist and an award-winning solar cell re searcher take you on a lively\, motivating and sometimes funny journey:\n\ n- to electricity rebels from the Black Forest\,\n- to heat pumps that sup ply entire neighborhoods\,\n- to new solar technologies\,\n- to wind turbi nes with history\,\n- and to politicians who were too pessimistic.\n\nWhat is already going really well? What can you emulate? Where is it worth get ting involved?\nWe'll show you – in an easy-to-understand\, cheerful way .\nTo stay motivated for an adventure as big as the energy transition\, we need more than just facts and figures. We need momentum\, optimism\, and the human energy that keep the power cycles turning.\nCome by! Let’s rec harge together and celebrate the successes of the energy transition. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/recharge-your-bat teries-with-us-an-empowering-journey-through-the-energy-transition END:VEVENT BEGIN:VEVENT SUMMARY:Trump government demands access to European police databases and b iometrics DTSTART:20251228T191000Z DTEND:20251228T195000Z DTSTAMP:20260406T225311Z UID:f3ecee56-19f5-5c45-b5ec-799f710e0388 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:The US demand is unprecedented: even EU member states do not g rant each other such extensive direct database access – normally the exc hange takes place via the "hit/no-hit principle" with a subsequent request for further data. This is how it works\, for example\, in the Prüm Treat y among all Schengen states\, which has so far covered fingerprints and DN A data and is now also being extended to facial images.\n\nThe EBSP could practically affect anyone who falls under the jurisdiction of border autho rities: from passport controls to deportation proceedings. Under the US au tocrat Donald Trump\, this is a particular problem\, as his militia-like i mmigration authority ICE is already using data from various sources to bru tally persecute migrants – direct access to police data from VWP partner s could massively strengthen this surveillance apparatus. Germany alone mi ght give access to facial images of 5.5 million people and fingerprints of a similar dimension.\n\nThe USA has already tightened the Visa Waiver Pro gramme several times\, for instance in 2006 through the introduction of bi ometric passports and in 2008 through the ESTA pre-registration requiremen t. In addition\, there were bilateral agreements for the exchange of finge rprints and DNA profiles – however\, these may only be transmitted in in dividual cases involving serious crime.\n\nExisting treaties such as the E U-US Police Framework Agreement are not applicable to the "Enhanced Border Security Partnership"\, as it applies exclusively to law enforcement purp oses. It is also questionable how the planned data transfer is supposed to be compatible with the strict data protection rules of the GDPR. The EU C ommission therefore wants to negotiate a framework agreement on the EBSP t hat would apply to all member states. Time is running short: the US govern ment has set VWP states a deadline of 31 December 2026. Some already agree d on a bilateral level. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/trump-government- demands-access-to-european-police-databases-and-biometrics END:VEVENT BEGIN:VEVENT SUMMARY:CSS Clicker Training: Making games in a "styling" language DTSTART:20251228T200500Z DTEND:20251228T204500Z DTSTAMP:20260406T225311Z UID:29678965-8b0b-5428-b63f-4de3a79b0a47 CATEGORIES:official,Art & Beauty DESCRIPTION:This talk is about how HTML and CSS can be used to make intera ctive art and games\, without using any JS or server-side code. \n \nI'l l explain some of the classic Cohost CSS Crimes\, how I made [CSS Clicker] (https://lyra.horse/css-clicker/)\, and what's next for the CSS scene. \ n \nI hope this talk will teach and/or inspire you to make cool stuff of your own! \n \n---\n \n*Content notes:* \n- Slides feature animations and visual effects \n- Short video clip (with music) will be played \n- Clicker sound at the end of the talk\n\n---\n\nSlides will be available af ter the talk at: [https://lyra.horse/slides/#2025-congress](https://lyra. horse/slides/#2025-congress) LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/css-clicker-train ing-making-games-in-a-styling-language END:VEVENT BEGIN:VEVENT SUMMARY:Power Cycles statt Burnout – Wie Einflussnahme nicht verpufft DTSTART:20251228T200500Z DTEND:20251228T204500Z DTSTAMP:20260406T225311Z UID:d4b2186b-a1a9-521e-ac91-5dfe6deb2782 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:Ziel des Talks ist es\, ein realistisches Bild davon zu vermit teln\, wie parlamentarische Entscheidungsfindung funktioniert – und prak tische Hinweise zu geben\, wie man Einfluss nehmen kann\, ohne dabei Resso urcen zu verschwenden.\n\nWie bringt man politische Prozesse in Bewegung? Was passiert eigentlich mit einer Mail\, wenn sie an einen Abgeordneten ge ht? Und wie unterscheidet sich konstruktive Interessenvertretung von über griffigem Lobbyismus?\n\nIn diesem Talk berichten Anna Kassautzki (Mitglie d des Bundestags von 2021 bis 2025\, stellvertretende Vorsitzende des Digi talausschusses 20. LP) und Rahel Becker (ehemalige wissenschaftliche Mitar beiterin Digitales) aus der Innenperspektive parlamentarischer Arbeit.\n\n Chatkontrolle\, Data Act\, Recht auf Open Data\, DSGVO\, es gab viel zu ve rhandeln in der letzten Legislaturperiode. Anna und Rahel waren mittendrin und geben einen Einblick in die hektische - teils absurde Kommunikation mit Interessenvertretungen. Dabei liegt der Fokus immer auf der Frage: Wel che Strategien braucht es\, damit zivilgesellschaftliche Arbeit nicht verp ufft?\n\nZugleich geht es um die strukturellen Fragen:\nWo sind die Flasch enhälse für politischen Fortschritt? Wie priorisieren Abgeordnete in ein em überfüllten Kalender? Und welche Hebel kann die (digitale) Zivilgesel lschaft sinnvoll nutzen\, um Gehör zu finden?\n\nDenn gerade in Zeiten ma ssiver digitalpolitischer Herausforderungen ist informierte\, strategische Beteiligung notwendiger denn je. Ein Vortrag für alle\, die sich in poli tische Prozesse einmischen wollen. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/power-cycles-stat t-burnout-wie-einflussnahme-nicht-verpufft END:VEVENT BEGIN:VEVENT SUMMARY:Verlorene Domains\, offene Türen - Was alte Behördendomains verr aten DTSTART:20251228T200500Z DTEND:20251228T204500Z DTSTAMP:20260406T225311Z UID:6a747cc1-1320-5027-b7f9-050a6f3b2134 CATEGORIES:official,Security DESCRIPTION:Im Rahmen der Untersuchung zeigten sich nicht nur Fehlkonfigur ationen\, sondern auch Phänomene wie Bitsquatting und Typoquatting innerh alb der Verwaltungsnetze. Mit dem Betrieb eines DNS-Servers und dem Erwerb von bund.ee (naher Typosquatting/Bitquatting zu bund.de) konnten u.a. zah lreiche DNS-Anfragen von Servern des Bundesministerium des Innern (BMI) un d weiterer Einrichtungen des Bundes empfangen werden.\n\nDer Vortrag beleu chtet die technischen und organisatorischen Schwachstellen\, die hinter so lchen Vorgängen stehen - und zeigt\, wie DNS-Details Einblicke in die IT- Infrastruktur des Staates ermöglichen können. Abgerundet wird das Ganze durch praktische Beispiele\, Datenanalysen und Empfehlungen\, wie sich äh nliche Vorfälle künftig vermeiden lassen.\n\nIn anderen Ländern sind go v-Domains als TLDs längst üblich (bspw. gov.uk) - in Deutschland ist bun d.de oder gov.de allerdings nicht so verbreitet wie man glaubt\, unter and erem da Bundesministerien eigene Domains nutzen oder nach Regierungsbildun g umbenannt werden. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/verlorene-domains -offene-turen-was-alte-behordendomains-verraten END:VEVENT BEGIN:VEVENT SUMMARY:Wie wir alte Flipperautomaten am Leben erhalten DTSTART:20251228T200500Z DTEND:20251228T204500Z DTSTAMP:20260406T225311Z UID:1511188c-92ca-5002-b411-591b5f848e14 CATEGORIES:official,Hardware DESCRIPTION:Der Vortrag gibt einen Einblick in die verschiedenen Generatio nen von Flippern und deren Technik. Angefangen von elektromechanischen Ger äten aus den frühen Sechzigern\, über erste Prozessorsteuerungen\, bis hin zu modernsten computergesteuerten Automaten mit Bussystemen. Jede Gene ration hat ihre technischen Eigenheiten\, ihre typischen Fehlermuster und Schwachstellen. \nIn öffentlichen Räumen sind heutzutage kaum mehr Flipp er anzutreffen. Das liegt insbesondere daran\, dass deren Wartung aufwänd ig ist\, weil durch die mechanische Beanspruchung häufig Fehler auftreten . Bereits kleinste technische Probleme können den Spielspaß zunichte mac hen.\nDas Finden und Beheben von Fehlern erfordert viel Erfahrung – und manchmal Kreativität\, insbesondere wenn alte Bauteile nicht mehr verfüg bar sind oder kaum Dokumentation vorhanden ist. Technisch ist Sachverstand auf vielen Ebenen erforderlich\, vom Schaltplanlesen über Löten und ele ktronische Messtechnik\, bis hin zu mechanischem Know-how.\nDie Community der Flipper-Enthusiasten ist allerdings groß und kooperativ\, sodass auch private Sammler ihre Flipper am Laufen halten können. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/wie-wir-alte-flip perautomaten-am-leben-erhalten END:VEVENT BEGIN:VEVENT SUMMARY:Don’t look up: There are sensitive internal links in the clear o n GEO satellites DTSTART:20251228T210500Z DTEND:20251228T214500Z DTSTAMP:20260406T225311Z UID:832b4de9-1ee3-5905-a4dc-692a71ac87d3 CATEGORIES:official,Security DESCRIPTION:In this talk\, we will cover our hardware setup\, alignment te chniques\, our parsing code\, and survey some of the surprising finds in t he data. This talk will include some previously unannounced results. Thi s data can be passively observed by anyone with a few hundred dollars of c onsumer-grade hardware. There are thousands of geostationary satellite tra nsponders globally\, and data from a single transponder may be visible fro m an area as large as 40% of the surface of the earth. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/don-t-look-up-the re-are-sensitive-internal-links-in-the-clear-on-geo-satellites END:VEVENT BEGIN:VEVENT SUMMARY:How To Minimize Bugs in Cryptography Code DTSTART:20251228T210500Z DTEND:20251228T214500Z DTSTAMP:20260406T225311Z UID:3f442497-4f90-5868-ac13-3f4b0f857c59 CATEGORIES:official,Security DESCRIPTION:Over the last 10 years or so\, using mathematical proof assist ants and other formal-logic tools for cryptography code has gone from a re latively new idea to standard practice. I've been lucky enough to have a f ront-row seat to that transformation\, having started doing formal-methods research in 2015 and then switched to a focus on cryptography implementat ion since 2021. Code from my master's thesis project\, ["fiat-crypto"](htt ps://github.com/mit-plv/fiat-crypto)\, is [included](https://andres.system s/fiat-crypto-adoption.html) in every major browser as well as AWS\, Cloud flare\, Linux\, OpenBSD\, and standard crypto libraries for Go\, Zig\, and Rust (RustCrypto\, dalek). In addition to verifying code correctness\, de signers of high-level protocols like Signal's recently announced post-quan tum ratchet increasingly use mathematical tools (ProVerif in Signal's case ) to check their work.\n\nDespite the growing popularity of these formal t echniques and their relevance to personal information security\, few peopl e are aware of them\, and they maintain a reputation for being hard to lea rn and esoteric. I'd like to demystify the topic and show examples of how anyone can use proof assistants in small\, standalone ways as part of the coding or design process. My hope is that next time a colleague asks for r eview of a complex high-speed bit-twiddling algorithm\, instead of staring at the code line-by-line\, attendees of my talk will know they can write a computer-checked proof to confirm or deny that the algorithm achieves it s intended result. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/how-to-minimize-b ugs-in-cryptography-code END:VEVENT BEGIN:VEVENT SUMMARY:Machine Vision – Vom Algorithmus zum Baumpilz im digitalen Metab olismus DTSTART:20251228T210500Z DTEND:20251228T214500Z DTSTAMP:20260406T225311Z UID:34f3d9a6-9164-58df-81e6-51c112362a89 CATEGORIES:official,Art & Beauty DESCRIPTION:Unmengen an Bilder werden Täglich in die Netzwerke hochgelade n. Doch nicht nur Menschen betrachten diese Bilder\, auch Maschinen analys ieren und „betrachten" sie. Wie funktioniert dieses maschinelle „Sehen " und wie wurde dieses den Computern beigebracht?\nDiese Lecture Performan ce gibt einen Überblick über die Entwicklung des maschinellen Sehens. Na ch einem kurzen Einblick in die geschichtliche Entwicklung – von den ers ten Ansätzen bis zu heutigen Anwendungen – betrachten wir\, wie diese T echnologien in unterschiedlichsten künstlerischen Arbeiten eingesetzt wer den. Was reflektieren diese Arbeiten jenseits der reinen Anwendung von Mac hine Vision Algorithmen?\nAnhand der beiden Arbeiten "Throwback Environmen t" und "Fomes Fomentarius Digitalis" betrachten wir\, wie Machine Vision i n einem künstlerischen Feedbackloop genutzt worden ist und wie uns dies P erspektiven auf die Funktionsweise dieser Algorithmen eröffnet. Die Arbei ten machen sichtbar\, was die Eingesetzten Alghorithmen sehen\, in welchen Mustern sie operieren. Sie zeigen auch\, wo ihre Grenzen liegen und was d as ganze mit Baumpilzen zu tun hat. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/machine-vision-vo m-algorithmus-zum-baumpilz-im-digitalen-metabolismus END:VEVENT BEGIN:VEVENT SUMMARY:Textiles 101: Fast Fiber Transform DTSTART:20251228T210500Z DTEND:20251228T214500Z DTSTAMP:20260406T225311Z UID:72f2a9b5-f646-584a-a3f1-e700657736a5 CATEGORIES:official,Hardware DESCRIPTION:Textiles play an integral part in our daily lives. If you’re reading this\, chances are you’re wearing clothes or have some form of fabric within arm’s reach. Yet despite how common and essential textiles are\, few of us know how they actually come to be. How do we go from a pl ant\, animal\, or synthetic polymer to a fully finished piece of clothing? \n\nThis talk unravels the full transformation pipeline of textiles: start ing with fibers and their properties\, then spinning them into yarn\, turn ing that yarn into textiles through weaving\, knitting\, crochet\, braidin g\, knotting\, and other techniques\, and finally finishing them through p rinting\, embroidery\, dyeing\, or bleaching.\nAlong the way\, you’ll le arn why your “100% cotton” garments can feel completely different desp ite being made of the same fiber\, how structure matters just as much as m aterial\, and what environmental impact different choices have.\n\nWhether you want to make your own textiles\, hack existing ones\, or finally unde rstand why that wool sweater you washed too hot is now tiny\, this talk is a crash course in most things textile\, and a reminder that you don’t n eed industrial machinery or fast fashion to create something on your own. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/textiles-101-fast -fiber-transform END:VEVENT BEGIN:VEVENT SUMMARY:51 Ways to Spell the Image Giraffe: The Hidden Politics of Token L anguages in Generative AI DTSTART:20251228T220000Z DTEND:20251228T224000Z DTSTAMP:20260406T225311Z UID:da752c1f-1231-5039-a2a9-9daa2f114606 CATEGORIES:official,Art & Beauty DESCRIPTION:Tokens are the fragments of words that generative models use t o process language\, the step that breaks text into subword units before a ny neural networks are involved. There are 51 ways to combine tokens to sp ell the word giraffe using existing vocabulary: from a single token **gira ffe** to splits using multiple tokens like *gi|ra|ffe*\, *gira|f|fe*\, or even *g|i|r|af|fe*.\n\nIn one experiment\, we hijacked the prompting proce ss and fed token combinations directly to text-to-image models. With varia tions like *g|iraffe* or *gir|affe* still generating recognizable results\ , our experiments show that the beginning and end of tokens hold particula r semantic weight in forming giraffe-like images. This reveals that certai n images cannot be generated through prompting alone\, as the tokenization process sanitizes most combinations\, suggesting that English\, or any hu man language\, is merely a subset of token languages.\n\nThe talk features experiments using genetic algorithms to reverse-engineer prompts from ima ges\, respelling words in token language to change their generative outcom es\, and critically examining token dictionaries to investigate edge cases where the vocabulary breaks down entirely\, producing somewhat *speculati ve languages* that include strange words formed at the edge of chaos where English meets token (non-)sense.\n\nThese experiments show that even befo re generation occurs\, token dictionaries already encode a stochastic worl dview\, shaped by the statistical frequencies of their training data – d ominated by popular culture\, brands\, platform-speak\, and *non-words*. T okenization is\, therefore\, a political act: it defines what can be repre sented and how the world becomes computationally representable. We will lo ok at specific tokens and ask: Which models use which vocabularies? What * non-word* tokens are shared among models? And how do language models make sense of a world using a language we do not understand? LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/51-ways-to-spell- the-image-giraffe-the-hidden-politics-of-token-languages-in-generative-ai END:VEVENT BEGIN:VEVENT SUMMARY:When Vibe Scammers Met Vibe Hackers: Pwning PhaaS with Their Own W eapons DTSTART:20251228T220000Z DTEND:20251228T224000Z DTSTAMP:20260406T225311Z UID:9c5f59ba-255e-5446-9b31-13eebef85810 CATEGORIES:official,Security DESCRIPTION:Our journey began with a simple question: why are so many peop le losing money to fake convenience store delivery websites? The answer le d us through two distinct criminal architectures\, both exhibiting charact eristics of large language model–assisted development.\n\nCase 1 ran on PHP with backup artifacts exposing implementation details and query manipu lation opportunities. The installation package itself contained pre-existi ng access mechanisms—whether this was developer insurance or criminal-on -criminal sabotage remains unclear. We leveraged initial access to bypass security restrictions using protocol-level manipulation and extracted giga bytes of operational data.\n\nCase 2 featured authentication bypass vulner abilities that granted direct administrative access. The backend structure revealed copy-pasted code patterns without proper security implementation .\n\nThroughout both systems\, we observed telltale signs of AI-generated code: verbose documentation in unexpected languages\, inconsistent coding patterns\, textbook-like naming conventions\, and theoretical security imp lementations. Even the UI revealed LLM fingerprints—overly polished comp onent layouts\, placeholder text patterns\, and design choices that felt d istinctly "tutorial-like." These weren't experienced developers—they wer e operators deploying what LLMs gave them without understanding the intern als.\n\nThe irony? We used AI extensively too: for data parsing\, pattern recognition\, attack surface mapping\, and intelligence queries. The diffe rence was intentionality—we understood what the output meant.\n\nUsing o pen-source intelligence platforms and carefully crafted fingerprints\, we mapped over a hundred active domains following similar patterns. Each one shared the same architecture\, the same weaknesses\, the same developer mi stakes. This repeatability became our advantage. When scammers can redeplo y infrastructure in days\, you don't attack individual sites—you automat e the entire reconnaissance-to-evidence pipeline.\n\nThis talk demonstrate s practical techniques for mass-scale fraud infrastructure fingerprinting\ , operational security considerations when investigating active criminal o perations\, and methods to recognize AI-generated code patterns that revea l threat actor sophistication. We'll discuss the ethical boundaries of cou nter-fraud operations and evidence preservation for law enforcement\, alon g with automation strategies for sustainable threat intelligence when adve rsaries rebuild faster than you can report. The demonstration will show ho w to go from a single suspicious domain to a network map of 100+ sites and thousands of victim records—using tools available to any researcher.\n\ nThis isn't a story about elite hackers versus criminal masterminds. It's about two groups equally reliant on AI vibing their way through technical problems—one for fraud\, one for justice. The skill barrier has collapse d. The question now is: who has better context\, better ethics\, and bette r coffee? LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/when-vibe-scammer s-met-vibe-hackers-pwning-phaas-with-their-own-weapons END:VEVENT BEGIN:VEVENT SUMMARY:Xous: A Pure-Rust Rethink of the Embedded Operating System DTSTART:20251228T220000Z DTEND:20251228T224000Z DTSTAMP:20260406T225311Z UID:d92af8c4-40fb-54e2-9535-bcc683f4a010 CATEGORIES:official,Hardware DESCRIPTION:The world is full of small\, Internet-of-Things (IoT) gadgets running embedded operating systems. These devices generally fall into two categories: larger devices running a full operating system using an MMU wh ich generally means Linux\, or smaller devices running without an MMU usin g operating systems like Zephyr\, chibios\, or rt-thread\, or run with no operating system at all. The software that underpins these projects is wri tten in C with coarse hardware memory protection at best. As a result\, th ese embedded OSes lack the security guarantees and/or ergonomics offered b y modern languages and best practices.\n\nThe Xous microkernel borrows con cepts from heavier operating systems to modernize the embedded space. The open source OS is written in pure Rust with minimal dependencies and an em phasis on modularity and simplicity\, such that a technically-savvy indivi dual can audit the code base in a reasonable period of time. This talk cov ers three novel aspects of the OS: its incorporation of hardware memory vi rtualization\, its pure-Rust standard library\, and its message passing ar chitecture.\n\nDesktop OSes such as Linux require a hardware MMU to virtua lize memory. We explain how ARM has tricked us into accepting that MMUs ar e hardware-intensive features only to be found on more expensive “applic ation” CPUs\, thus creating a vicious cycle where cheaper devices are fo rced to be less safe. Thanks to the open nature of RISC-V\, we are able to break ARM’s yoke and incorporate well-established MMU-based memory prot ection into embedded hardware\, giving us security-first features such as process isolation and encrypted swap memory. In order to make Xous on real hardware more accessible\, we introduce the Baochip-1x\, an affordable\, mostly-open RTL 22nm SoC configured expressly for the purpose of running X ous. The Baochip-1x features a Vexriscv CPU running at 400MHz\, 2MiB of SR AM\, 4MiB of nonvolatile RRAM\, and a quad-core RV32E-derivative I/O accel erator called the “BIO”\, based on the PicoRV clocked at 800MHz.\n\nMo st Rust targets delegate crucial tasks such as memory allocation\, network ing\, and threading to the underlying operating system’s C standard libr ary. We want strong memory safety guarantees all the way down to the memor y allocator and task scheduler\, so for Xous we implemented our standard l ibrary in pure Rust. Adhering to pure Rust also makes cross-compilation an d cross-platform development a breeze\, since there are no special compile r or linker concerns. We will show you how to raise the standard for “Pu re Rust” by implementing a custom libstd.\n\nXous combines the power of page-based virtual memory and Rust’s strong borrow-checker semantics to create a safe and efficient method for asynchronous message passing betwee n processes. This inter-process communication model allows for easy separa tion of different tasks while keeping the core kernel small. This process maps well onto the Rust "Borrow / Mutable Borrow / Move" concept and treat s object passing as an IPC primitive. We will demonstrate how this works n atively and give examples of how to map common programming algorithms to s huttle data safely between processes\, as well as give examples of how we implement features such as scheduling and synchronization primitive entire ly in user space.\n\nWe conclude with a short demo of Xous running on the Baochip-1x\, bringing Xous from the realm of emulation and FPGAs into ever yday-user accessible physical silicon. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/xous-a-pure-rust- rethink-of-the-embedded-operating-system END:VEVENT BEGIN:VEVENT SUMMARY:The Maybe Talent Show DTSTART:20251228T220000Z DTEND:20251228T233000Z DTSTAMP:20260406T225311Z UID:ce60f89c-fcdb-577f-89c2-5beb11b88ca7 CATEGORIES:not recorded,official,Entertainment DESCRIPTION:The show is an open format that gives people the space to show themselves\, be visible and make themselves vulnerable. We bring a queer format that celebrates people for simply being humans to Hamburgs neighbor hood pubs\, autonomous stages and other easily accessible spaces. In doing so it's explicitly anti-capitalist\, builds communities and unlikely alli ances.\nNot just in the hacker/CCC community we applaud the cool things pe ople can do: The big stage is often reserved for outstanding achievements\ ; attention and social credits usually go to those who already have the ne twork and skills. While we consider celebrating success to be absolutely n ecessary\, we see the need to give people space to try things out\, to fai l publicly without having to be ashamed\, and to celebrate Imperfection. S tage presence comes from trying on stage\, and the Maybe Talent Show is th e place where this is possible for everyone. Inclusive\, hilarious and wit hout making fun of anyone. Promise. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/the-maybe-talent- show END:VEVENT BEGIN:VEVENT SUMMARY:Code to Craft: Procedural Generation for the Physical World DTSTART:20251228T225500Z DTEND:20251228T233500Z DTSTAMP:20260406T225311Z UID:6938a1f1-4ee3-5fca-ae37-d59274e529de CATEGORIES:official,Art & Beauty DESCRIPTION:In this talk\, I will share practical insights from developing procedural generation tools for physical objects: ranging from stickers a nd paper lanterns to printed circuit boards and even furniture. I will out line key challenges and considerations when generating designs for fabrica tion tools such as laser cutters or pen plotters\, as well as how to adapt procedural systems so they can be reproduced by a wide audience (not ever yone has access to CNC machines or industrial equipment\, sadly!).\n\nBeyo nd technical considerations\, I aim to encourage attendees to translate th eir own generative ideas into tangible artifacts and to foster a culture o f open-sourcing and knowledge sharing within the community. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/code-to-craft-pro cedural-generation-for-the-physical-world END:VEVENT BEGIN:VEVENT SUMMARY:Reverse engineering the Pixel TitanM2 firmware DTSTART:20251228T225500Z DTEND:20251228T233500Z DTSTAMP:20260406T225311Z UID:c553ee23-bc27-585a-b8d0-d8fee999e75a CATEGORIES:official,Hardware DESCRIPTION:I will discuss the problems encountered while reverse engineer ing and simulating the firmware for the TitanM2 security chip\, found in t he Google Pixel phones. I'll discuss how to obtain the firmware. Talk abou t the problems reverse engineering this particular binary. I show how you can easily extend ghidra with new instructions to get a full decompilation . Also\, I wrote a Risc-V simulator in python for running the titanM2 firm ware. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/reverse-engineeri ng-the-pixel-titanm2-firmware END:VEVENT BEGIN:VEVENT SUMMARY:The Small Packet of Bits That Can Save (or Destabilize) a City DTSTART:20251228T225500Z DTEND:20251228T233500Z DTSTAMP:20260406T225311Z UID:0cc2fd2c-93de-5cb0-b10d-56e901b4acc4 CATEGORIES:official,Security DESCRIPTION:In this talk\, we’ll begin by contextualizing the importance of the seismic alert in Mexico City\, a system born from the devastating 1985 earthquake. We’ll examine how it was designed\, how it works\, and why it carries such a deep psychological impact.\n\nFrom there\, we’ll e xplore the history and design of Weather Radio and the SAME protocol\, loo king at how messages are transmitted and encoded through this technology\, and how it was later adapted for SASMEX. \n\nI’ll also share my persona l experience building compatible receivers\, from early open-source experi ments that inspired local manufacturers to create government-certified dev ices\, to developing a receiver as part of my undergraduate thesis.\n\nWe ’ll analyze how simplicity\, one of the key strengths of these systems\, also introduces certain risks\, and how these trade-offs emerge when deal ing with accessibility\, interoperability\, and security in system design. \n\nFinally\, I’ll demonstrate how to receive\, decode\, and encode thes e alert messages\, and discuss how\, with the right equipment\, it’s pos sible to generate such alert signals. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/the-small-packet- of-bits-that-can-save-or-destabilize-a-city END:VEVENT BEGIN:VEVENT SUMMARY:GPTDash – Der Reverse-Turing-Test DTSTART:20251229T000000Z DTEND:20251229T013000Z DTSTAMP:20260406T225311Z UID:9c8bec33-f71a-5090-857d-1648a027c8a9 CATEGORIES:official,Entertainment DESCRIPTION:In unserem Reverse-Turing-Test schlüpfen die Teilnehmenden in die Rolle einer KI und versuchen so robotisch-menschlich wie möglich zu klingen. In einer anschließenden Blindstudie prüfen wir\, wer sich am be sten unter KIs mischen und beim nächsten Robot Uprising die Spionin der W ahl wäre.\n\nHumor\, Kreativität und ein Hang zu allgemeingültigen\, ni chtssagenden Floskeln sind die perfekten Voraussetzungen! Ein digitales En dgerät (Smartphone\, Tablet\, Laptop\, …) reicht zum Mitspielen aus. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/gptdash-der-rever se-turing-test END:VEVENT BEGIN:VEVENT SUMMARY:Azubi-Tag Einführung DTSTART:20251229T083000Z DTEND:20251229T094500Z DTSTAMP:20260406T225311Z UID:970c40cb-3332-5e64-97f4-465a56f1b96a CATEGORIES:not recorded,official,CCC & Community DESCRIPTION:Weitere Informationen findest du auf [https://events.ccc.de/co ngress/2025/infos/azubi-tag.html](https://events.ccc.de/congress/2025/info s/azubi-tag.html) LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/azubi-tag-einfuhr ung END:VEVENT BEGIN:VEVENT SUMMARY:Design for 3D-Printing DTSTART:20251229T100000Z DTEND:20251229T104000Z DTSTAMP:20260406T225311Z UID:1adb7e54-9bc5-5947-a7ff-dc286b0b14c2 CATEGORIES:official,Hardware DESCRIPTION:Over the years\, the 3d-printing community has discovered many tricks and rules that help creating parts that can be printed well and fu lfill their purpose as best as possible. I started collecting these rules and wrote an article guide to make this knowledge more accessible. I want to present the most important principles and the mindset that is needed to achieve perfected design.\n\nThis is not about how to use a CAD program t o design a part — but rather about the thought process of the design eng ineer while drawing up a part. A though process that consists of compromi ses between many objectives\, of heuristic rules\, and many neat little tr icks.\n\nThe article that this talk is based on can be found on my blog: h ttps://blog.rahix.de/design-for-3d-printing/ LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/design-for-3d-pri nting END:VEVENT BEGIN:VEVENT SUMMARY:Greenhouse Gas Emission Data: Public\, difficult to access\, and n ot always correct DTSTART:20251229T100000Z DTEND:20251229T104000Z DTSTAMP:20260406T225311Z UID:dd990a78-1e11-5c5e-aef4-6eb0214c772a CATEGORIES:official,Science DESCRIPTION:Which factory in my city is the largest emitter of CO2? Which industrial sector is\nresponsible for the largest share of a country's con tribution to climate change? It\nshould not be difficult to answer these q uestions. Public databases and reporting\nrequired by international agreem ents usually allow us to access this data.\n\nHowever\, trying to access a nd work with these datasets — or\, shall we say\, Excel tables\n— can be frustrating. UN web pages that prevent easy downloads with a "security\ nfirewall"\, barely usable frontends\, and other issues make it needlessly difficult to\ngain transparency about the sources of climate pollution.\n \nWhile working with official EU datasets\, the speaker observed data poin ts that could not\npossibly be true. Factories suddenly dropped their emis sions by orders of magnitude\nwithout any explanation\, different official sources report diverging numbers for the\nsame emission source\, and resp onsible European and National authorities appear not to\ncare that much.\n \nThe talk will show how to work with relevant greenhouse gas emission dat a sources and\nhow we can access them more easily by converting them to st andard SQL tables. Furthermore\, we will dig into some of the\nstrange iss ues one may find while investigating emission datasets.\n\n# Background / Links\n\n* Why is it needlessly difficult to access UNFCCC Emission Data? [https://industrydecarbonization.com/news/why-is-it-needlessly-difficult-t o-access-unfccc-emission-data.html](https://industrydecarbonization.com/ne ws/why-is-it-needlessly-difficult-to-access-unfccc-emission-data.html)\n* UNFCCC Emission Data Downloads: [https://industrydecarbonization.com/docs/ unfccc/](https://industrydecarbonization.com/docs/unfccc/)\n* Code (Docker \, MariaDB/MySQL\, phpMyAdmin) to easily access EU emisison data: [https:/ /github.com/decarbonizenews/ghgsql](https://github.com/decarbonizenews/ghg sql)\n* Errors and Inconsistencies in European Emission Databases: [https: //industrydecarbonization.com/news/errors-and-inconsistencies-in-european- emission-data.html](https://industrydecarbonization.com/news/errors-and-in consistencies-in-european-emission-data.html)\n* Slides: [https://slides.h boeck.de/39c3-climatedata/](https://slides.hboeck.de/39c3-climatedata/) LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/greenhouse-gas-em ission-data-public-difficult-to-access-and-not-always-correct END:VEVENT BEGIN:VEVENT SUMMARY:The Museum of Care: Open-Source Survival Kit Collection DTSTART:20251229T100000Z DTEND:20251229T104000Z DTSTAMP:20260406T225311Z UID:dcf9ec1c-9755-5757-8f1d-91ec6e0f0661 CATEGORIES:official,Art & Beauty DESCRIPTION:We think humanity could already be living in a society of abun dance and communal luxury. We have the technologies to produce enough for everyone to have everything. The issue isn't technological but social. Thi s is why we need a Museum (of Care): museums are among the few places that create\, distribute\, and preserve what a society values.\n\nWhat will be at the session:\nWe'll tell in more detail about the concept of the Museu m of Care on abandoned ships (of which\, according to Maritime Foundation data\, there are more than 4\,500 in the world). We'll talk about the hall s of our museum: the Hall of Giants and other emerging spaces. Projects we 're building—spirulina farms\, 3D printers—in Saint Vincent (Caribbean ) and Kibera Art District\, Nairobi Kenya\, Playground designed that commu nities can construct with nearly no resources. Can we actually build a nom adic museum proud not of its unique exhibits but of how easily they spread and get replicated?\n\nThen we will move to an open conversation about wh at poetic technologies are and how they differ from bureaucratic ones. Som e people may have read David Graeber's book The Utopia of Rules\; here you can download his other texts that are less widely known or not yet publis hed. We would very much like to explore the question of poetic and bureauc ratic technologies together with you. To facilitate this discussion\, the David Graeber Institute has invited Alistair Parvin\, creator of the Wiki House project\, to join Nika Dubrovsky in conversation.\n\nThe discussion continues in the format of a Visual Assembly—focused on building a distr ibuted\, non-hierarchical\, genuinely open University with different ideas of funding and knowledge production. This is the very beginning of the pr ocess so all input is very much welcome. We'd welcome any ideas\, critique s\, or proposals for collaboration. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/the-museum-of-car e-open-source-survival-kit-collection END:VEVENT BEGIN:VEVENT SUMMARY:Lightning Talks - Tag 3 DTSTART:20251229T100000Z DTEND:20251229T120000Z DTSTAMP:20260406T225311Z UID:7fe75d23-5966-5dca-a736-e7664a475be3 CATEGORIES:official,CCC & Community DESCRIPTION:- **Lightning Talks Introduction**\n- **"Oma\, erzähl mir von der Zukunft" oder: Wie wir weiter interessante Sachen machen\, ohne den P laneten zu ruinieren 🌱** — *EstherD*\n- **Don't abuse the ecosystem: against overloading "ecosystem'** — *michele*\n- **The Climatepoetry.or g video tool** — *Magnus Ahltorp*\n- **Neo-Kolonialismus & Katzenbilder - Installation zur Lieferkette von GenAI** — *Rike*\n- **Build social in ventories with StashSphere** — *Maximilian Güntner*\n- **Invitation to the Fermentation Camp "Kvas 2026"** — *algoldor*\n- **Stretching nginx t o its limits: a music player in the config file** — *Eloy*\n- **2D Graph ics Creation with Graphite - How to Build a Hackable Graphics Editor** — *Dennis Kobert*\n- **The Modulator: a Custom Controller for Live Music Pe rformance** — *Jakob Kilian*\n- **Find hot electronic devices for cheap using Lock-In Thermography** — *Clemens Grünewald*\n- **Those Who Contr ol** — *Andreas Haupt*\n- **SearchWing - Search&Rescue Drones** — *sea rchwing team*\n- **Reducing E-Waste With The Reverse Engineering Toolkit** — *Raaf*\n- **Genetic engineering with CRISPR/Cas9: how far are we toda y from biopunk?** — *Dmytro Danylchuk*\n- **Discovering the Orphan Sourc e Village** — *Martin Hamilton*\n- **kicoil - generate planar coils in a ny shape for PCBs and ICs** — *jaseg*\n- **Trade Offer: Pentest Data for CTF Points** — *Sebastian*\n- **Soziologische Gabentheorie - Grundlage für die Bewertung von Social Media?** — *sozialwelten*\n- **Hacking ID3 MP3 Metadata** — *Danilo Erazo*\n- **ICANN HAZ .MEOW? How we're (trying to) make a TLD out of sheer audacity** — *dotMeow (Aris\, Ela\, LJ\, Wo rdloc)*\n- **Shitty Robots** — *Neo*\n- **UNIX v4** — *aap*\n- **WissK omm Wiki - Bibliothek für Videos und Podcasts** — *TimBorgNetzWerk*\n- **Lightning** — *Vi* LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/lightning-talks-t ag-3 END:VEVENT BEGIN:VEVENT SUMMARY:a media-almost-archaeology on data that is too dirty for "AI" DTSTART:20251229T105500Z DTEND:20251229T113500Z DTSTAMP:20260406T225311Z UID:8a09918c-9b59-53b2-ab8e-4f2cfdb460d5 CATEGORIES:official,Art & Beauty DESCRIPTION:In 1980s\, non-white women’s body size data was categorized as dirty data when establishing the first women's sizing system in US. Now in the age of GPT\, what is considered as dirty data and how are they rem oved from massive training materials? \n\nDatasets nowadays for training l arge models have been expanded to the volume of (partial) internet\, with the idea of “scale averages out noise”\, these datasets were scaled u p by scrabbling whatever available data on the internet for free then “c leaned” with a human-not-in-the-loop\, cheaper-than-cheap-labor method: heuristic filtering. Heuristics in this context are basically a set of rul es came up by the engineers with their imagination and estimation that are “good enough” to remove “dirty data” of their perspective\, not g uaranteed to be optimal\, perfect\, or rational.\n\nThe talk will show som e intriguing patterns of “dirty data” from 23 extraction-based dataset s\, like how NSFW gradually equals to NSFTM (not safe for training model)\ , and reflect on these silent\, anonymous yet upheld estimations and not-g uaranteed rationalities in current sociotechnical artifacts\, and ask for whom these estimations are good-enough\, as it will soon be part our techn ological infrastructures. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/a-media-almost-ar chaeology-on-data-that-is-too-dirty-for-ai END:VEVENT BEGIN:VEVENT SUMMARY:Celestial navigation with very little math DTSTART:20251229T105500Z DTEND:20251229T113500Z DTSTAMP:20260406T225311Z UID:967b7f53-aa2b-578b-9403-e1ba380cda15 CATEGORIES:official,Hardware DESCRIPTION:Since the dawn of time people have asked themselves: where am I and why am I here? This talk won't help you answer the why question\, b ut it will discuss how determine the where in the pre-GPS age of sextants\ , slide rules and stopwatches by taking the noon sight\, aka the meridian passage.\n\nThe usual way to find your position using the Sun requires a l arge almanac of lookup tables and some challenging math. The books are fr ustrating to consult on every sight and the base 60 degree-minute-second m ath is frustrating even with a calculator\, and if you're on a traditional ship it seems wrong to do traditional navigation with electronic devices. \n\nTo speed up the process I’ve designed a specialized circular slide r ule that handles most of the table lookups to correct height of eye\, semi -diameter\, temperature\, refraction and index errors\, and also simplifie s the degree-minute-second arithmetic required to calculate the exact decl ination of the Sun.\n\nIn this talk I’ll demonstrate how to make your ow n printable paper slide rule and use it to reduce the meridian passage mea surement to a lat/lon with just a few rotations of the wheels and pointer\ , no electronics or bulky books necessary! LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/celestial-navigat ion-with-very-little-math END:VEVENT BEGIN:VEVENT SUMMARY:Hacking Karlsruhe - 10 years later DTSTART:20251229T105500Z DTEND:20251229T113500Z DTSTAMP:20260406T225311Z UID:418f57a7-435b-5835-98ad-85158338b6c4 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:Wenn Gesetze Grundrechte verletzen\, warum nicht das Bundesver fassungsgericht hacken – mit Strategie\, Teamwork und guter Begründung? Aus dieser Idee ist inzwischen ein zentrales Werkzeug zivilgesellschaftli cher Gegenmacht geworden: Strategische Prozessführung. Das Prinzip ist ei nfach: Gesetze nicht nur kritisieren\, sondern systematisch angreifen\, mi t gezielten Verfassungsbeschwerden gegen Überwachung\, Zensur und staatli che Eingriffe in die digitale Freiheit.\nSeitdem hat sich viel getan. Orga nisationen wie die Gesellschaft für Freiheitsrechte (GFF) haben den Weg n ach Karlsruhe professionalisiert und Verfahren angestoßen\, die viele aus den Nachrichten kennen:\ngegen die Vorratsdatenspeicherung\,\ngegen das B ND-Gesetz zur Auslandsüberwachung\,\ngegen den Einsatz von Palantir\,\nun d gegen den Einsatz von Staatstrojanern.\nEinige dieser Verfahren waren er folgreich und haben Gesetze gekippt. Andere sind krachend gescheitert – oder hängen seit Jahren in Karlsruhe fest. Dabei zeigt sich: Der Weg zum Urteil wird härter\, die Erfolgsaussichten kleiner\, und das Verfassungsg ericht ist nicht mehr der progressive Motor\, der es mal war.\nDieser Talk zieht eine ehrliche Bilanz: Was bringt strategische Prozessführung wirkl ich? Was lässt sich aus Erfolgen und Misserfolgen lernen? Welche Fälle l ohnen sich – und wo wird der Rechtsweg zur Sackgasse? Und wie verschiebt sich das Ganze inzwischen auf die europäische Ebene – wo neue Schaupl ätze wie der Digital Services Act oder der AI Act warten?\nKeine juristis che Vorlesung\, sondern ein Erfahrungsbericht aus zehn Jahren digitaler Gr undrechtsarbeit. Es geht um Taktik\, Fehlentscheidungen\, unerwartete Alli anzen – und um die Frage\, wie man auch heute noch im Rechtssystem rütt eln kann\, wenn die Türen in Karlsruhe enger werden.\nDer Vortrag wird ge halten von Simone Ruf und Jürgen Bering von der Gesellschaft für Freihei tsrechte. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/hacking-karlsruhe -10-years-later END:VEVENT BEGIN:VEVENT SUMMARY:BE Modded: Exploring and hacking the Vital Bracelet ecosystem DTSTART:20251229T115000Z DTEND:20251229T123000Z DTSTAMP:20260406T225311Z UID:678b899b-7d32-56e3-9d1d-7f2208cfe2d7 CATEGORIES:official,Hardware DESCRIPTION:The Vital Bracelet series\, active from 2021 to 2024\, was a l ine of toys that revolved around a number of fitness bracelets that encour aged exercise by raising characters from the Digimon series\, and expandin g into tokusatsu and popular anime characters later. Think of it as Tamago tchi\, but nurturing through exercise instead of button presses.\n\nIn thi s presentation\, we'll look at the different parts of this series' ecosyst em\, how they work\, and the different ways to circumvent various security measures and customize the devices' behavior.\n\nWe start by looking at t he first Vital Bracelet\, with a quick introduction to hardware reverse en gineering and how to dump firmware out of flash. Following that\, we will take a look at the microcontroller used in the devices\, and its obscure i nstruction set architecture. This will lead into an exploration of how to reverse engineer code when you are missing a significant portion of it\, a nd how the embedded ROM was dumped. After this\, we will look at the DRM a pplied to content\, and how it was circumvented. Next\, the device's NFC c apabilities will be explored.\n\nWith the release of the Vital Bracelet BE \, which introduced upgradable firmware\, came new challenges and opportun ities. We will take a look at the new content format and additional DRM me asures it incorporated\, plus how the device's bootloader was dumped despi te its signature verification scheme.\n\nFinally\, we will take a look at the process for modding the various Vital Bracelet releases\, and some tec hniques to use while writing patches.\n\nThe material in this talk can be applied beyond just the Vital Bracelet series\, and can be useful if you w ant to explore other electronic toys\, or just hardware reverse engineerin g in general. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/be-modded-explori ng-and-hacking-the-vital-bracelet-ecosystem END:VEVENT BEGIN:VEVENT SUMMARY:Teckids – eine verstehbare (digitale) Welt DTSTART:20251229T115000Z DTEND:20251229T123000Z DTSTAMP:20260406T225311Z UID:cd3af7ee-3204-5404-8714-f18d33f08bd8 CATEGORIES:official,CCC & Community DESCRIPTION:Bei Teckids geht es nicht "nur" um Technikbasteln und Programm ieren mit Kindern\, sondern darum\, mit anderen\, für andere\, bei Events und gesellschaftlich aktiv zu werden.\n\nIn letzter Zeit haben wir viele Projekte dafür unternommen. Unter anderem haben wir den neuen Themen-Slot "Jung und überwacht" bei den BigBrotherAwards 2025 gestaltet und bereite n Jugendthemen für das nächste Jahr vor. Zum zweiten Mal laden wir beim 39c3 Kinder beim Fairydust-Türöffner-Tag "hinter die Kulissen" der Chaos -Teams ein.\n\nUnser Slogan mit dem etwas merkwürdigen Wort "Verstehbarke it" steht dafür\, dass alle nicht nur die Fähigkeiten\, sondern auch das Recht behalten sollen\, mit ihrer Technik zu machen\, was sie wollen\, un d alles zu hinterfragen und zu verstehen. Dafür wollen wir noch mehr jung e Menschen und auch Erwachsene erreichen. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/teckids-eine-vers tehbare-digitale-welt END:VEVENT BEGIN:VEVENT SUMMARY:What Makes Bike-Sharing Work? Insights from 43 Million Kilometers of European Cycling Data DTSTART:20251229T115000Z DTEND:20251229T123000Z DTSTAMP:20260406T225311Z UID:4914b889-5003-561f-90a8-5371fc09a946 CATEGORIES:official,Science DESCRIPTION:We are Felix\, Georg\, and Martin - each of us working profess ionally in different research and data areas\, ranging from the future of mobility to computational fluid dynamics and machine learning. What unites us is our shared interest in **quantitative traffic analyses**. Building on earlier small-scale studies focused on individual cities\, we set out t o launch a project that captures shared bike system data across Europe - f rom regular bikes to e-bikes.\n\nIn our study\, which led to an **[open-ac cess scientific publication](https://doi.org/10.1007/s11116-025-10661-2)** \, we scraped shared bike data across Europe at a **minute-by-minute level ** over many months\, accumulating **more than 43 million records**. We an alyze **behavioural and systemic patterns** to understand what makes a bik e-sharing system useful and successful within a city. As such\, this evide nce-based research fits very well with the **39C3 Science track** and the theme of "**Power Cycles**" as we dissect the complex energy and usage cyc les that define urban mobility and sustainable futures for everyone. We br idge the gap between urban planning\, socioeconomics\, and technology by a pplying statistical modeling and engineering knowledge to a large-scale mi ned dataset. Join us to learn whether right-wing politics stall sustainabl e mobility\, or which climate e-bikes feel most comfortable in!\n\nWe love going the extra mile and therefore provide a live\, interactive demo that everyone can use to explore and understand traffic flows: [bikesharingflo wmap.de](https://bikesharingflowmap.de/). Therefore\, attendees will be ab le to play with the data in a self-service way. We also provide all code o n GitHub and the complete dataset on HuggingFace. And\, of course\, we wil l also discuss how both bike-sharing operators and our boss reacted when w e told them about the dataset we already had collected (spoiler: lawyers w ere involved\, yet it’s still available for downloads…). LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/what-makes-bike-s haring-work-insights-from-43-million-kilometers-of-european-cycling-data END:VEVENT BEGIN:VEVENT SUMMARY:Shit for Future: turning human shit into a climate solution DTSTART:20251229T125000Z DTEND:20251229T133000Z DTSTAMP:20260406T225311Z UID:f392f7c4-841b-5922-8fdf-ff8eb8150825 CATEGORIES:official,Science DESCRIPTION:Today’s science mostly follows worn-out pathways and lack bi g discoveries and innovations. Scientists often don’t want to take a ris k because the competition for a permanent position in academia is so high\ , which pressures them into conservative research topics supported by thei r supervisors. Even when science provides helpful solutions for urgent pro blems\, the knowledge mostly ends up in libraries\, written in papers that nobody understands. I want to show that it is worthwhile to follow resear ch ideas that are unconventional\, upset your boss af and explore topics t hat are unpopular like working with shit. I hope that sharing stories of h ow a funny idea turned into a solution encourage others to start making im pact in their environment. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/shit-for-future-t urning-human-shit-into-a-climate-solution END:VEVENT BEGIN:VEVENT SUMMARY:Watch Your Kids: Inside a Children's Smartwatch DTSTART:20251229T125000Z DTEND:20251229T133000Z DTSTAMP:20260406T225311Z UID:b51eb883-55db-5e30-9685-f7726b4da4d1 CATEGORIES:official,Security DESCRIPTION:Smartwatches for children have entered the mainstream: Adverti sed on the subway and sold by your cell provider\, manufacturers are charg ing premium prices comparable to an entry-level Apple watch.\n\nIn exchang e\, parents are promised peace of mind: A safe\, gentle introduction into the world of technology — and a way to call\, text\, and locate their ch ild at any time.\n\nBut how much are the vendor's promises of safety\, pri vacy\, GDPR compliance\, apps made in Europe and cloud servers in Germany actually worth?\n\nWe take you along the process of hacking one of the mos t popular children's watches out there\, from gaining initial access to ru nning our own code on the watch. Along the way\, we find critical security issues at every turn. Our PoC attacks allow us to read and write messages \, virtually abduct arbitrary children\, and take control over any given w atch.\n\nFinally\, we'll also talk about disclosure\, funny ideas of what passes as a security fix\, and how we can use what we found to build somet hing better. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/watch-your-kids-i nside-a-children-s-smartwatch END:VEVENT BEGIN:VEVENT SUMMARY:Wer hat Angst vor dem Neutralitätsgebot? DTSTART:20251229T125000Z DTEND:20251229T133000Z DTSTAMP:20260406T225311Z UID:94c5aafc-0742-500b-92bd-ca6f2ceb37a1 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:„Neutralität“ wird zum neuen Kampfbegriff: Weil sie gegen die menschenfeindliche Politik von Friedrich Merz protestieren\, wirft di e CDU Gruppen wie Omas gegen Rechts\, Greenpeace und Correctiv vor\, nicht neutral zu sein. Unter Berufung auf ein angeblich verletztes Neutralität sgebot werden staatliche Förderungen gestrichen und NGOs geraten unter Be obachtung des Verfassungsschutzes.\nJulia Klöckner verbietet im Namen der „Neutralität“ Palestine-Shirts\, Anstecknadeln und Regenbogenflaggen im Parlament. Die AfD fordert dazu auf\, Lehrkräfte zu melden\, die sich gegen Rechtsextremismus einsetzen oder entsprechende Positionen innerhalb der AfD kritisieren.\nDoch was steckt dahinter?\nWas bedeutet das sogenan nte Neutralitätsgebot – und für wen gilt es überhaupt?\nUnd für wen gilt es nicht?\nZivilcourage kann nicht neutral sein – und soll es auch nicht sein. Genauso wie AfD-Hetze gegen Migrant*innen nicht „neutral“ ist\, ist die Kritik menschenfeindlicher Äußerungen nicht nur legitim\, sondern Pflicht demokratischer Bürger*innen. Das Beschwören eines „Neu tralitätsgebots“ für NGOs ist ein durchschaubarer\, aber gefährlicher Versuch\, sie der eigenen Position zu unterwerfen.\nDie Rechtsanwältinne n Vivian Kube und Hannah Vos erklären den verfassungsrechtlichen Hintergr und\, zeigen die autoritären Strategien hinter dem Ruf nach „Neutralit ät“ auf und geben Tipps\, wie man sich dagegen wehren kann.\nSie engagi eren sich im Projekt Gegenrechtschutz\, um demokratische Prinzipien und Be troffene vor rechtlichen Angriffen zu verteidigen. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/wer-hat-angst-vor -dem-neutralitatsgebot END:VEVENT BEGIN:VEVENT SUMMARY:When 8 Bits is Overkill: Making Blinkenlights with a 1-bit CPU DTSTART:20251229T125000Z DTEND:20251229T133000Z DTSTAMP:20260406T225311Z UID:d304dbd5-b055-5742-a134-417b0adbfa14 CATEGORIES:official,Hardware DESCRIPTION:In the late seventies\, Motorola created a very cheap CPU\, in tended to replace logic circuits made from electromechanical relays. The r esulting IC is so minimalistic that it can hardly be recognized as a CPU: Its data bus is just a single bit wide\, it has no program counter\, and t he address bus isn't connected to the cpu at all. Yet\, with just a few su pport components\, and some clever programming\, it can be made to do all sorts of things.\n\nWe'll explore hardware design and programming by takin g a look at my implementation of Conway's Game of Life\, and answer the qu estion of how one can address 512 words of memory\, as well as some other peripherals\, using just four bits of address space.\n\nOutline:\n* Histor y and theory of operation of the mc14500 \n* Writing programs that process one bit at a time\n* A closer look at the hardware I built\, including it s wacky peripherals\n* Demonstration\n* Q&A LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/when-8-bits-is-ov erkill-making-blinkenlights-with-a-1-bit-cpu END:VEVENT BEGIN:VEVENT SUMMARY:Learning from South Korean Telco Breaches DTSTART:20251229T134500Z DTEND:20251229T144500Z DTSTAMP:20260406T225311Z UID:272591e8-0754-5fa1-8472-50f00dab31ac CATEGORIES:official,Security DESCRIPTION:This talk will cover the public information and experiments re lated to the South Korean telco breaches in 2025. This talk will cover SK Telecom's HSS breach (final results announced)\, KT's femtocell breach (in vestigation ongoing) and related operator billing fraud\, and revisit Phra ck report on KT and LG U+ breach. We also give a light on the detail regar ding the implemented mitigation and diaster response of each operators.\n\ nSK Telecom's HSS breach is attributed to a variant of BPFDoor malware\, r esulting leakage of critical operator data related to subscriber authentic ation and accounting. They replaced the SIM cards of all 23 million subscr ibers\, and implemented additional mechanism to track the possible cloning of the SIM card. We analyze the aftermath and how it will effectively pro tect against the said attack.\n\nKT's femtocell and operator billing breac h (investigation still ongoing as the time of writing) is attributed to th e mismanagement of KT's femtocell\, allowing an external attacker to mimic k the behavior of KT's legitimate femtocell and use as a cellular intercep tion device. This is a modern implementation of the remarkable research "W eaponizing Femtocells" back in 2012\, and new cellular technologies like V oLTE have changed the possible attack vectors. We provide a possible theor y on how the attack would be possible\, based on the publicly available in formation and previous researches.\n\nFinally\, we also cover the characte ristics of South Korean mobile market and how the media caused the inaccur ate analysis and FUD (fear\, uncertainty\, and doubt). In particular\, how SMS-based 2FA is tied to personal authentication and how everything is st rongly bound to the personal identity. Early media reports could be attrib uted to the information "lost in translation" and inaccurate information i n English-language articles when the details of the breach were not widely shared. We try to correct the information (also in the official incidence report) and showcase how not to report the breach in general. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/learning-from-sou th-korean-telco-breaches END:VEVENT BEGIN:VEVENT SUMMARY:Making the Magic Leap past NVIDIA's secure bootchain and breaking some Tesla Autopilots along the way DTSTART:20251229T134500Z DTEND:20251229T144500Z DTSTAMP:20260406T225311Z UID:b98918cb-489e-5f5e-aa06-26753cb48418 CATEGORIES:official,Security DESCRIPTION:In mid 2024\, a friend approached me about Magic Leap making t heir TX2 based XR headsets little more than a paperweight by disabling the mandatory activation servers. I morally dislike this\, companies shouldn' t turn functional devices into e-waste just because they want to sell newe r devices.\n\nAfter obtaining one\, and poking at the Fastboot implementat ion\, I discovered it was based off NVIDIA's Fastboot implementation\, whi ch is source available. I found a vulnerability in the NVIDIA provided sou rce code in how it unpacks SparseFS images (named sparsehax)\, and success fully blindly exploited the modified implementation on the Magic Leap One. I also found a vulnerability in it that allowed gaining persistence via h ow it loads the kernel DTB (named dtbhax).\n\nStill unsatisfied with this\ , I used fault injection to dump the BootROM from a Tegra X2 devkit.\n\nIn the BootROM I discovered a vulnerability in the USB recovery mode. Exploi ting this vulnerability proved difficult due to only having access to memo ry from the perspective of the USB controller. I will explain what was tri ed\, why it didn't work\, and how I eventually got code execution at the h ighest privilege level via it. \n\nAs I will demonstrate\, this exploit al so functions on Tesla's autopilot hardware. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/making-the-magic- leap-past-nvidia-s-secure-bootchain-and-breaking-some-tesla-autopilots-alo ng-the-way END:VEVENT BEGIN:VEVENT SUMMARY:Programmierte Kriegsverbrechen? Über KI-Systeme im Kriegseinsatz in Gaza und warum IT-Fachleute sich dazu äußern müssen DTSTART:20251229T134500Z DTEND:20251229T144500Z DTSTAMP:20260406T225311Z UID:7f6e6dff-5f85-5c03-8f07-373b3acce367 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:Das Thema „KI in der Militärtechnik“ und die Beziehung zw ischen Mensch und Maschine ist seit Jahrzehnten ein Thema in der Friedensb ewegung\, der Konfliktforschung\, der Philosophie\, den Sozialwissenschaft en und den kritischen Data & Algorithm Studies. Doch in den letzten Jahren wurden Waffensysteme mit KI-Komponenten entwickelt und auch praktisch in bewaffneten Konflikten eingesetzt. Dabei reicht die Anwendung von Drohnens teuerung über optische Zielerfassung bis hin zur logistischen Zielauswahl . Am Beispiel KI-gestützter Zielwahlsysteme\, die vom israelischen Milit är seit Mai 2021 und insbesondere jetzt im Genozid in Gaza eingesetzt wer den\, können die aktuellen technischen Entwicklungen aufgezeigt und analy siert werden. Im Fokus dieses Talks stehen vier KI-unterstützte Systeme: Das System Gospel zur militärischen Bewertung von Gebäuden\, das System Lavender zur militärischen Bewertung von Personen\, das System Where's Da ddy? zur Zeitplanung von Angriffen und ein experimentelles System auf Basi s großer Sprachmodelle zur Erkennung militärisch relevanter Nachrichten in palästinensischen Kommunikationsdaten.\n\nAuf Basis der Aussagen von W histleblower:innen des israelischen Militärs und Angestellten beteiligter Unternehmen wie Amazon\, Google oder Microsoft sowie internen Dokumenten\ , die durch investigative Recherchen von mehreren internationalen Teams vo n Journalist:innen veröffentlicht wurden\, können die Systeme und Design entscheidungen technisch detailliert beschrieben\, kritisch analysiert sow ie die militärischen und gesellschaftlichen Implikationen herausgearbeite t und diskutiert werden. Dabei entstehen auch Fragen bezüglich Verantwort ungsverlagerung durch KI\, Umgehung und Bruch des humanitären Völkerrech ts sowie die grundsätzliche Rolle von automatisierter Kriegsführung.\n\n Am Schluss geht der Vortrag noch auf die Verantwortung von IT-Fachleuten e in\, die ja das Wissen und Verständnis dieser Systeme mitbringen und dahe r überhaupt erst problematisieren können\, wenn Systeme erweiterte oder gänzlich andere Funktionen erfüllen\, als öffentlich und politisch oft kommuniziert und diskutiert wird. Überlegungen zu Handlungsoptionen und A uswegen leiten zuletzt die Diskussion ein. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/programmierte-kri egsverbrechen-uber-ki-systeme-im-kriegseinsatz-in-gaza-und-warum-it-fachle ute-sich-dazu-auern-mussen END:VEVENT BEGIN:VEVENT SUMMARY:Supplements und Social Media – wenn der Online-Hype zur realen G esundheitsgefahr wird DTSTART:20251229T134500Z DTEND:20251229T144500Z DTSTAMP:20260406T225311Z UID:e5377df9-07f4-5c8c-b510-8f64e58d95e3 CATEGORIES:official,Science DESCRIPTION:Der Markt für Nahrungsergänzungsmittel boomt seit Jahren. Da für sorgen unter anderem verschiedenste Influencer\, die die Präparate i n den sozialen Medien bewerben. Statt nur Produkte der großen Player in d iesem Bereich anzupreisen\, wie More Nutrition\, ESN oder Holy Energy\, ha ben einige Influencer mittlerweile sogar ihre eigenen Nahrungsergänzungsm ittelmarken auf den Markt gebracht.\n\nVersprochen wird dabei vieles: Pre- Workout-Booster sollen die Leistung beim Krafttraining erhöhen und blitzs chnell zum Traumkörper verhelfen\, während Gaming-Booster Wachheit und e ine Top-Performance beim Zocken versprechen. Wieder andere Kapseln oder au ch Gummibärchen sollen für eine makellose Haut oder einen ruhigen Schlaf sorgen. Manche Präparate können angeblich sogar Krankheiten vorbeugen o der heilen.\n\nDoch was steckt tatsächlich in diesen Mitteln\, die online regelrecht gehypt werden? Rein rechtlich handelt es sich um Lebensmittel\ , was wiederum bedeutet\, dass sie ohne behördliche Zulassung auf den Mar kt gebracht werden dürfen. Es genügt schon\, wenn der Unternehmer für d ie Sicherheit garantiert. Die Hürden für einen Marktzutritt sind damit d enkbar niedrig\, während gleichzeitig Gewinnmargen locken\, die sogar den illegalen Drogenhandel übertreffen.\n\nDas Ergebnis zeigt sich in den Be richten der amtlichen Lebensmittelüberwachung: Bei den Proben\, die das N iedersächsische Landesamt für Verbraucherschutz und Lebensmittelsicherhe it im Jahr 2024 untersucht hat\, entsprachen rund neun von zehn Proben (89 %) nicht den rechtlichen Vorgaben. Neben Mängeln bei der Kennzeichnung u nd Bewerbung\, wodurch Verbraucher viel Geld für wirkungslose Pulver ausg eben\, ist die stoffliche Zusammensetzung der Produkte besonders kritisch. So kann beispielsweise die Einnahme von überdosierten Vitamin-D-Präpara ten zu Störungen des Calciumstoffwechsels führen (sog. Hypercalcämien). Vermeintlich harmlose pflanzliche Präparate\, wie Kurkuma oder Ashwagand a\, können zu Leberschäden bis hin zum Leberversagen führen. Besonders brisant ist dabei\, dass die Wahrscheinlichkeit für die Erforderlichkeit einer Lebertransplantation oder den Tod des Patienten höher ist als bei L eberschäden durch Arzneimittel (83 vs. 66 %). Es kommen also Menschen dur ch die Einnahme von Präparaten zu Schaden\, mit deren Hilfe sie ihrer Ges undheit eigentlich etwas Gutes tun wollten.\n\nDer Vortrag beleuchtet dahe r die aktuelle Marktsituation unter besonderer Berücksichtigung des Influ encer-Marketings kritisch\, erklärt den Unterschied zwischen Nahrungserg änzungs- und Arzneimitteln und stellt die rechtlichen Rahmenbedingungen f ür das Inverkehrbringen und die Bewerbung von Nahrungsergänzungsmitteln dar. Zudem wird aufgezeigt\, warum ein ausreichender Verbraucherschutz dur ch die aktuellen Möglichkeiten des Lebensmittelrechts insbesondere im Int ernet nicht gewährleistet werden kann\, wo Handlungsbedarf für die Polit ik besteht und wie man sich selbst vor fragwürdigen Produkten schützen k ann. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/supplements-und-s ocial-media-wenn-der-online-hype-zur-realen-gesundheitsgefahr-wird END:VEVENT BEGIN:VEVENT SUMMARY:APT Down and the mystery of the burning data centers DTSTART:20251229T150000Z DTEND:20251229T160000Z DTSTAMP:20260406T225311Z UID:11d5c612-0e50-500b-b071-c4ba0dd076cd CATEGORIES:official,Security DESCRIPTION:In August 2025 Phrack published the dump of an APT member's wo rkstation. The attacker was most likely Chinese\, working on targets align ed with North Korea's doctrine. The dump was full of exploits\, attacker t ools and loot. Data from government networks\, cell carriers and telcos\, including server databases and loads or private keys stemming from the gov ernment PKI. The attacker had maintained a steady foothold in various targ ets in South Korea and Taiwan before accidentally "losing" their workstati on.\n\nThe dump sparked a government investigation\, and big corporations like LG\, Lotte and Korea Telecom were asked to explain themselves. The go vernment also mandated an on-site audit in the data center where the hacks had taken place. On the day of the audit\, some li-ion batteries in the d ata center mysteriously caught fire. The blaze destroyed close to 100 serv ers (which had no backup) and plunged public service in South Korea into d isarray. \nShortly after\, the Lotte data center burned as well - the corp oration had been victim of a breach recently\, albeit by a different threa t actor. In the beginning of October\, one of the officers examining the g overnment data center fire tragically died by his own hand.\n\nThe talk ai ms to revisit this mysterious sequence of events that was started by an ar ticle in Phrack #72. It doesn't hope to give answers or a solution\, but n arrates a story that could be from a spy thriller. Caution: Conspiracies a nd technical gore could be present.\n[TW: Suicide\, self-harm] LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/apt-down-and-the- mystery-of-the-burning-data-centers END:VEVENT BEGIN:VEVENT SUMMARY:Gegenmacht - Best of Informationsfreiheit DTSTART:20251229T150000Z DTEND:20251229T160000Z DTSTAMP:20260406T225311Z UID:755f1d78-c910-56cb-a37e-13870013bff6 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:Transparenz braucht Rechenschaft. Ohne Konsequenzen bleibt Tra nsparenz wirkungslos. Wie können wir also eine wirksame Gegenmacht schaff en\, die Veränderungen durchsetzt? \n\nPhilipp Amthors Angriff aufs Infor mationsfreiheitsgesetz konnten wir erst einmal abwehren - jetzt geht's in die Offensive! Mit den Highlights aus Strafanzeigen gegen Alexandeer Dobri ndt\, Spahns geleaktem Maskenbericht\, der Milliardärslobby im Wirtschaft sministerium und allen Steueroasen in Deutschland. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/gegenmacht-best-o f-informationsfreiheit END:VEVENT BEGIN:VEVENT SUMMARY:There is NO WAY we ended up getting arrested for this (Malta editi on) DTSTART:20251229T150000Z DTEND:20251229T160000Z DTSTAMP:20260406T225311Z UID:f7806034-b88e-559b-9c11-7ce6ffc72a82 CATEGORIES:official,Security DESCRIPTION:The talk goes through the full journey\,\n\n1. The talk descri bes in more detail how the arrests were carried out on November 12th\, 202 2 including the confiscation of all computer equipment\, the time spent in a cell and the interrogation before being released.\n2. How the decision was made to go to the media 5 months later\, the consequences of that and why it was beneficial.\n3. The later fallout including the university disa ssociating itself from the students + even disallowing one of the students to tutor at the university\n4. How this led to a pause in Malta's partici pation in the European Cyber Security Challenge with one specific meeting involving the national IT agency and the 3 students.\n5. mentions of a gra nt of a pardon after the prime minister visited the office of a student\n6 . The start of the initial court sessions and the outcomes from that.\n7. A super interesting meeting where the justice minister told the students t hat even though they'll be given a pardon -- if this happens again they wi ll be arrested again.\n8. What it meant to get a pardon and how that techn ically still hasn't ended our situation in court yet. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/there-is-no-way-w e-ended-up-getting-arrested-for-this-malta-edition END:VEVENT BEGIN:VEVENT SUMMARY:Von wegen Eisblumen! Wie man mit Code\, Satelliten und Schiffsexpe ditionen die bunte Welt des arktischen Phytoplanktons sichtbar macht DTSTART:20251229T150000Z DTEND:20251229T160000Z DTSTAMP:20260406T225311Z UID:75dadf9f-5f43-5cc5-b344-b0d402af7092 CATEGORIES:official,Science DESCRIPTION:Im Arktischen Ozean wird immer deutlicher\, wie stark die glob ale Erwärmung den Rückgang des Meereises und das marine Ökosystem beein flussen. Winzige Organismen\, das Phytoplankton\, bilden die Grundlage des Nahrungsnetzes durch den Aufbau von Biomasse und spielen so eine zentrale Rolle im globalen Kohlenstoffkreislauf. Dabei werden sie in der Arktis st ark von den jahreszeitlichen Schwankungen der Polarnacht/-tag\, der Meerei sausdehnung und der sich verändernden Umwelt beeinflusst. Doch das Phytop lankton ist nicht nur ökologisch bedeutsam\, sondern auch erstaunlich vie lfältig und farbenfroh – wie eine bunte Blumenwiese im Ozean! \nSpannen d bleiben dabei auch die Fragen\, was die Vielfalt des Phytoplanktons ausm acht\, wie diese eine Anpassung an die Umweltveränderungen ermöglicht un d wie sich das arktische Ökosystem unter verschiedenen Klimawandelszenari en entwickeln könnte.\nDieser Vortrag lädt euch ein\, in die eisigen Wel ten des arktischen Ozeans einzutauchen\, um dem grundlegenden Baustein des arktischen Ökosystems\, dem Phytoplankton\, auf den Grund zu gehen. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/von-wegen-eisblum en-wie-man-mit-code-satelliten-und-schiffsexpeditionen-die-bunte-welt-des- arktischen-phytoplanktons-sichtbar-macht END:VEVENT BEGIN:VEVENT SUMMARY:Schlechte Karten - IT-Sicherheit im Jahr null der ePA für alle DTSTART:20251229T161500Z DTEND:20251229T171500Z DTSTAMP:20260406T225311Z UID:2b5a6a8e-327e-594d-8f92-b91201d18a02 CATEGORIES:official,Security DESCRIPTION:Zum letzten Chaos Communication Congress konnten Martin Tschir sich und Bianca Kastl eine Ansammlung größerer und kleiner Sicherheitspr obleme in der elektronischen Patientenakte für alle aufzuzeigen – sei e s in der Ausgabe von Identifikationsmitteln\, in Systemen in der Telematik infrastruktur oder in angebundenen Systemen. All diese Probleme kumulierte n in einem veränderten und reduzierten Rollout der ePA für alle in den M odellregionen Anfang 2025\, bei dem bereits erste Maßnahmen zur Schadensm inimierung unternommen wurden. \nEnde April 2025 wurde die ePA für alle d ann auch wirklich für alle deutschlandweit bereitgestellt – allerdings traten am gleichen Tag die scheinbar sicher gelösten Sicherheitslücken i m Zugangsmanagement wieder zu Tage und wurden alsbald wieder nur provisori sch abgedichtet.\n\nDieser Talk will etwas zurückblicken auf die Geschich te und die Ursachen dieser Sicherheitsprobleme der ePA für alle. Als «ei nes der größten IT-Projekte der Bundesrepublik» steht die ePA sinnbildl ich für den digitalpolitischen Umgang mit Sicherheitsversprechen und inte ressensgetriebenen Anforderungen über die Köpfe von Patient*innen oder B ürger*innen hinweg. \n\nDabei geht es nicht nur um technische Probleme un d deren Behebungsversuche\, sondern auch um die strukturellen Ursachen\, d ie große digitale Vorhaben immer wieder in manchen Bereichen scheitern la ssen. Diese tiefergehende Betrachtung kann uns dabei helfen\, die Ursachen für schlechte IT-Sicherheit auch bei zukünftigen digitalpolitischen Vor haben in Deutschland besser zu verstehen. Nicht für die ePA für alle und Anwendungen im Bereich der Telematikinfrastruktur\, sondern auch weit dar über hinaus.\n\nTiefergehende Analyse und Nachwirkungen zu 38C3 „Konnte bisher noch nie gehackt werden“: Die elektronische Patientenakte kommt - jetzt für alle! LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/schlechte-karten- it-sicherheit-im-jahr-null-der-epa-fur-alle END:VEVENT BEGIN:VEVENT SUMMARY:Set-top box Hacking: freeing the 'Freebox' DTSTART:20251229T161500Z DTEND:20251229T171500Z DTSTAMP:20260406T225311Z UID:032fdd30-9488-55b8-968c-dbce19a3f446 CATEGORIES:official,Security DESCRIPTION:The Freebox HD is a set-top box with media player capabilities designed and built by the French ISP 'Free' in 2006\, and distributed to customers since (including me). It is still in use and will be maintained until the end of 2025.\n\nWhen I got it\, I wanted to run homebrew softwar e on it\, so I decided to reverse engineer it. The initial goal was to get arbitrary code execution. The Freebox HD being largely undocumented\, thi s talk shows the full process of reverse engineering it from scratch:\n* I nitial visual inspection\n* Disassembly and inspection of the insides\n* A ttack surface analysis and choice of the target\n* Search and exploitation of a vulnerability in PrBoom (a Doom source port running on the Freebox H D)\n* Analysis of the Linux system running on the Freebox HD\n* Search and exploitation of a Linux kernel exploit to escape the sandbox and gain roo t privileges\n* Decryption and dump of the firmware\n* Analysis of the Lin ux system and the programs of the Freebox HD\n* Playing with the remote co ntrol capabilities\n* Reverse engineering of the private networks of the I SP\n\nThe two exploits used to gain full root access were both discovered for this specific hack\, which makes them 0-day exploits.\n\nThe analysis leads to some interesting discoveries about the device itself\, but also t he ISP\, how their technical support works and accesses the devices remote ly\, and much more! LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/set-top-box-hacki ng-freeing-the-freebox END:VEVENT BEGIN:VEVENT SUMMARY:The Last of Us - Fighting the EU Surveillance Law Apocalypse DTSTART:20251229T161500Z DTEND:20251229T171500Z DTSTAMP:20260406T225311Z UID:973af772-1dae-58a1-b979-ea890cbdfe09 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:Admidst its current push to remove the rules that have protect ed the EU's environment\, consumer and fundamental rights\, there is one a rea the European Commission happily calls for more regulation: Internal se curity. The recent "ProtectEU" Internal Security Strategy does little to p rotect Europeans\, and instead foresees attacks on encryption\, the re-int roduction of mandatory data retention and the strengthening of Europol and Frontex\, the main agents of the EU's oppressive law enforcement infrastr ucture. In this talk\, we will introduce the strategy and its main pillars \, explain its political and legal contexts\, and take a look at what it w ould mean for our fundamental rights\, access to encryption\, and IT secur ity if enacted. But not all hope is lost (yet)\, and together we want to c hart pathways to meaningful resistance. To do so\, we will help understand the maze of the EU's lawmaking process and identify pressure points. We w ill then look back at past fights\, lessons learned and new opportunities to act in solidarity against a surveillance agenda that is truly apocalypt ic. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/the-last-of-us-fi ghting-the-eu-surveillance-law-apocalypse END:VEVENT BEGIN:VEVENT SUMMARY:Wer liegt hier wem auf der Tasche? Genug mit dem Bürgergeld-Fetis ch. Stürmt die Paläste! DTSTART:20251229T161500Z DTEND:20251229T171500Z DTSTAMP:20260406T225311Z UID:1e0b17f8-d1e2-5d75-b052-811b8f722b38 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:Die neue Grundsicherung trumpft Hartz IV in seiner Grausamkeit und ist ein Damoklesschwert über Erwerbslosen und allen\, die Lohnarbeit machen. Zugleich nimmt die Zahl der Milliardäre und Mulitmillionäre ste tig zu. Finanzbetrug durch Überreiche wird mehr oder weniger tatenlos zug esehen\, während das Phantom des Bürgergeld-Totalverweigerers seit Jahre n durch die Medien getrieben wird. \n\nWie der Angriff auf den Sozialstaat sich auf die Betroffenen in der Praxis auswirkt und was wir als Zivilgese llschaft tun können\, um nicht nur tatenlos zusehen zu müssen\, darum ge ht es in diesem Talk. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/wer-liegt-hier-we m-auf-der-tasche-genug-mit-dem-burgergeld-fetisch-sturmt-die-palaste END:VEVENT BEGIN:VEVENT SUMMARY:Build a Fake Phone\, Find Real Bugs: Qualcomm GPU Emulation and Fu zzing with LibAFL QEMU DTSTART:20251229T181500Z DTEND:20251229T185500Z DTSTAMP:20260406T225311Z UID:5454618f-fcfb-568a-b82b-eb0b10bf89cb CATEGORIES:official,Security DESCRIPTION:Mobile phone manufacturers ship competitive hardware supported by increasingly complex software stacks\, ranging from firmware and bootl oaders to kernel modules\, hypervisors\, and other TrustZone environments. In an effort to keep their products secure\, these companies rely on stat e-of-the-art testing techniques such as fuzzing. They commonly perform the ir fuzzing campaigns on-device to find vulnerabilities. Unfortunately\, th is approach is expensive to scale and does not always provide fine-grained control over the target. To address these issues\, we approached the prob lem through the prism of emulation\, by partially reimplementing the hardw are as a normal software to run on a computer. That way\, we could scale f uzzing instances\, and gain full control over the emulated target.\n\nThe presentation will outline how we made the full emulation of Qualcomm’s A ndroid ecosystem possible by tweaking the complex build system of the Andr oid image and implementing a custom board (including more than 10 custom d evices) in QEMU. We will review the steps required and the technical chall enges encountered along the way.\n\nAfter providing a quick recap and the latest updates on LibAFL QEMU (presented at 37C3) by one of the LibAFL mai ntainers\, we will delve into the gory details of how we partially emulate d the latest version of Adreno—the GPU designed by Qualcomm—and built a fuzzer for its Android kernel driver. In particular\, we will show how L ibAFL QEMU was integrated into our custom board and the few improvements w e made to the kernel to get better coverage with KCOV. Finally\, we will d emonstrate how our approach enabled us to find a new critical vulnerabilit y in the GPU kernel driver. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/build-a-fake-phon e-find-real-bugs-qualcomm-gpu-emulation-and-fuzzing-with-libafl-qemu END:VEVENT BEGIN:VEVENT SUMMARY:Netzpolitik in der Schweiz: Zwischen Bodensee und Matterhorn DTSTART:20251229T181500Z DTEND:20251229T185500Z DTSTAMP:20260406T225311Z UID:fb08402b-1b8c-533b-b1fc-6daaa4fdc60f CATEGORIES:official,CCC & Community DESCRIPTION:**Themen sind unter anderem:**\n\n\n**E-ID und E-Collecting:** Die netzpolitische Community hat nicht nur eine privatisierte E-ID verhin dert sondern auch den Datenschutz als zentrales Prinzip verankert und eine n beispielhaften Gesetzgebungsprozess begleitet. Das Gleiche haben wir bei E-Collecting vor\, mit dem wir die direkte Demokratie der Schweiz auf ein neues Level heben wollen.\n\n\n**Elektronisches Gesundheitsdossier:** Was macht man\, um eine Verschlechterung bei einem Produkt zu kaschieren? Ric htig\, man nimmt ein Rebranding vor. Und so heisst das E-PD nun E-GD.\n\n\ n**Kabelaufklärung:** Im Dezember überraschte uns das Bundesverwaltungsg ericht mit einem wegweisenden Urteil: Es beurteilte die Kabelaufklärung a ls nicht vereinbar mit der Bundesverfassung und der Europäischen Menschen rechtskonvention. Lässt das ganze aber 5 Jahr laufen.\n\n\n**What the VÜ PF:** Wie die Schweiz zudem plant\, das freie Internet weitgehend abzuscha ffen. Wie der Stand der Verschärfung ist. Was wir und du dagegen tun kön nen?\n\n\n**Plattformregulierung:** Ein Vorschlag zur Plattformregulierung wurde vom Bund ausgearbeitet - und nach der Verhängung von 39% Strafzoll still und heimlich in der Schublade versenkt. Doch der Bund fasste Mut - und wagt einen zaghaften Aufbruch.\n\n\n**KI-Regulierung & Leistungsschutz recht:** Und wieso getraut sich der Bund\, ein Leistungsschuzrecht einzuf ühren? Und mit der Motion «Gössi» KI-Sprachmodelle mit Schweizer Daten zu gefährden? (Spoiler: wegen der Verleger-Lobby)\n\n\n**Community in de r Schweiz:** Winterkongress\, Diversity und andere Aktivitäten.\n\n\nNach dem Vortrag sind alle interessierten Personen eingeladen\, die [Diskussio n in einer self-organized Session](https://events.ccc.de/congress/2025/hub /en/event/detail/treffen-der-netzpolitischen-community-der-sch_uoca) fortz usetzen. Es werden Aktivist:innen von verschiedenen Organisationen der Net zpolitik in der Schweiz anwesend sein. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/netzpolitik-in-de r-schweiz-zwischen-bodensee-und-matterhorn END:VEVENT BEGIN:VEVENT SUMMARY:AI Agent\, AI Spy DTSTART:20251229T181500Z DTEND:20251229T191500Z DTSTAMP:20260406T225311Z UID:3e87bab2-575a-53be-8101-5d8144253646 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:The talk will provide a critical technical and political econo my analysis of the new privacy crisis emerging from OS and application lev el AI agents\, aimed at the 39C3 "Ethics\, Society & Politics" audience.\n \n1. Defining the Threat: The OS as a Proactive Participant (5 mins)\nWe w ill begin by defining "Agentic AI" in two contexts - imbibed into the oper ating system and deployed via critical gateway applications such as web br owsers. Traditionally\, the operating systems and browsers are largely neu tral enforcers of user agency\, managing resources and providing APIs for applications to run reliably. We will argue that this neutrality is close to being eliminated. The new paradigm shifts these applications into a pro active agent that actively observes\, records\, and anticipates user actio ns across all applications.The prime example for this analysis will be Mic rosoft’s "Recall" feature\, Google’s Magic Cue\, and OpenAI’s Atlas. Politically\, we will frame this not as a "feature" but as the implementa tion of pervasive\, non-consensual surveillance and remote-control infrast ructure. This "photographic memory" of and demand for non-differentiated a ccess to everything from private Signal messages to financial data to heal th data creates a catastrophic single point of failure\, making a single s ecurity breach an existential threat to a user's entire digital life. Ulti mately\, we hope to illustrate how putting our brains in a jar (with agent ic systems) is effectively a prompt injection attack against our own human ity.\n\n2. The Existential Threat to Application-Level Privacy (10 mins)\n The core of the talk will focus on what this means for privacy-first appli cations like Signal. We will explain the "blood-brain barrier" analogy: se cure apps are meticulously engineered to minimize data and protect communi cations\, relying on the OS to be a stable\, neutral foundation on which t o build. This new OS trend breaks that barrier. We will demonstrate how OS -level surveillance renders application-level privacy features\, including end-to-end encryption\, effectively useless. If the OS can screenshot a m essage before it's encrypted or after it's decrypted\, the promise of priv acy is broken\, regardless of the app's design. We will also discuss the u nsustainable "clever hacks" (like Signal using a DRM feature) that develop ers are forced to implement\, underscoring the need for a structural solut ion.\n\n3. An Actionable Framework for Remediation (20 mins)\nThe final\, and most important\, part of the talk will move from critique to action. W e will present an actionable four-point framework as a "tourniquet" to add ress these immediate dangers:\n\na. Empower Developers: Demand clear\, off icially supported APIs for developers to designate individual applications as "sensitive" with the default posture being for such applications being opted-out of access by agentic systems (either OS or application based) ( default opt-out)\n\nb. Granular User Control: Move beyond all-or-nothing p ermissions. Users must have explicit\, fine-grained control to grant or de ny AI access on an app-by-app basis.\n\nc. Mandate Radical Transparency: O S vendors and application developers must clearly disclose what data is ac cessed\, how it's used\, and how it's protected—in human-readable terms\ , not buried in legalese. Laws and regulations must play an essential role but we cannot just wait for them to be enforced\, or it will be too late. \n\nd. Encourage and Protect Adversarial Research: We will conclude by re inforcing the need for a pro-privacy\, pro-security architecture by defaul t\, looking at the legal frameworks that govern these processes and why th ey need to be enforced\, and finally asking the attendees to continue expo sing vulnerabilities in such systems. It was only due to technically-groun ded collective outrage that Recall was re-architected by Microsoft and we will need that energy if we are to win this war. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/ai-agent-ai-spy END:VEVENT BEGIN:VEVENT SUMMARY:Transkultureller Hack auf die klassische Musikszene – Vortrag un d Konzert DTSTART:20251229T181500Z DTEND:20251229T194500Z DTSTAMP:20260406T225311Z UID:cc2dc346-c1fc-58ad-a723-8472c9a8e5d1 CATEGORIES:official,Art & Beauty DESCRIPTION:Das transkulturelle Bridges Kammerorchester hackt die klassisc he Musikszene: es bringt Musizierende mit und ohne Flucht- und Migrationsb iografie zusammen und integriert Instrumente und Musikstile in die europä ische Orchestertradition\, die dort traditionell nicht vorgesehen sind. Ne ben klassischen Orchesterinstrumenten spielen Instrumente wie Oud\, Tar\, Tiple\, Kaval\, Kamanche\, Shudraga\, Daf und Riq zentrale Rollen.\n\nIhre Musik komponieren die Orchestermitglieder überwiegend selbst. Auch das i st ein Hack auf die klassische Musikszene\, die bisher überwiegend Werke verstorbener männlicher Komponisten interpretiert. So steht die Musik des Bridges Kammerorchester für Vielfalt und Selbstbestimmung und macht die Diversität der in Deutschland lebenden Gesellschaft hörbar. \nIm Vortrag zeigen Mitglieder des Bridges Kammerorchesters anhand von Erfahrungen und Hörbeispielen – live und per Video – wie sie die klassische Musiksze ne hacken. Sie geben Einblicke in ihren kollektiven\, heterogenen Komposit ionsprozess\, berichten von Freiheiten\, Herausforderungen und Erfahrungen mit Publikum und Veranstaltern. Persönliche Migrationsgeschichten verdeu tlichen\, wie diese die musikalische Perspektive und Identität des Orches ters prägen. Anschließend folgt ein Konzert\, das die Vielfalt ihrer Mus ik erlebbar macht.\n\n*Eine Aufzeichnung dieser Session ist verfügbar [au f dem YouTube-Kanal von Bridges](https://youtu.be/R0kzNxpKaJQ).* LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/transkultureller- hack-auf-die-klassische-musikszene-vortrag-und-konzert END:VEVENT BEGIN:VEVENT SUMMARY:The Angry Path to Zen: AMD Zen Microcode Tools and Insights DTSTART:20251229T191000Z DTEND:20251229T195000Z DTSTAMP:20260406T225311Z UID:d921f5af-9d6b-5ff3-8fe8-147467b23c65 CATEGORIES:official,Security DESCRIPTION:Modern CPUs often translate the complex\, user visible instruc tion set like x86_64 into a simpler\, less feature rich internal instructi on set. For simple instructions this translation is done by a fast path de coding unit. However some instructions\, like `wrmsr` or `rdrand` are too complex to decode that way. These instructions instead are translated usin g a microcode decoder that can act almost like an execution engine. The mi crocode decoder still emits internal instructions into the pipeline\, but allows for features like conditional branches and calls & returns. All of this logic happens during a single x86_64 instruction and is usually hidde n from the outside world. At least since AMD K8\, launched in 2003\, AMD C PUs allowed updating this microcode to fix bugs made in the original imple mentation. \n\nBuilding on our [previous](https://media.ccc.de/v/34c3-9058 -everything_you_want_to_know_about_x86_microcode_but_might_have_been_afrai d_to_ask) [experience](https://media.ccc.de/v/35c3-9614-inside_the_amd_mic rocode_rom) with AMD K8 & K10 microcode and [EntrySign](https://bughunters .google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking) [p ublished](https://media.ccc.de/v/why2025-156-entrysign-create-your-own-x86 -microcode-for-fun-and-profit) earlier this year\, we took a closer look a t AMD Zen 1-5 CPUs. We build on top of [Zentool](https://github.com/google /security-research/tree/master/pocs/cpus/entrysign/zentool) to understand more instructions and created a set of tools to easily create microcode pa tches as well as apply them on CPUs. We can modify the behavior of instruc tions and observe some usually not visible internal state by supplying our own microcode update.\n\nLike on K8\, we extracted the physical ROM on th e CPU using an electron microscope to read the hardcoded microcode on a Ze n 1 CPU. Using the understanding of the microcode encoding we could then s tart disassembling the contents and understand how some instructions are i mplemented. While there are still a lot of things we don't understand\, we could follow control flow and analyze algorithms like the XXTEA decryptio n of the microcode update.\n\nTo start off this work\, we implemented a se t of tools that allow easy testing of microcode updates without the need f or a fully featured OS. That way we can run timing tests with low noise an d don't risk data corruption if we corrupt a vital instruction. To continu e our naming scheme from our work on K8 we dubbed this the AngryTools\, al l of them available on [GitHub](https://github.com/AngryUEFI). The core co mponents are a UEFI application running from RAM\, AngryUEFI\, and a Pytho n framework for test writing on a client computer\, AngryCAT. AngryUEFI st arts on the test system and waits for AngryCAT tests supplied via TCP. The se tests usually consist of a microcode update that gets loaded on the tar get CPU core and a buffer with x64 instructions that get run afterwards. A ngryUEFI then sends back information about the test execution. AngryUEFI a lso recovers most faults caused by invalid microcode\, often even allowing reuse of a CPU core after a failed test run. We also added some syscall-l ike interfaces to support more complex data collection like [IBS](https:// reflexive.space/zen2-ibs/).\n\nTo make it easier to write custom microcode updates we also implemented [ZenUtils](https://github.com/AngryUEFI/ZenUt ils)\, a set of Python tools. So far we support single line assembly and d isassembly based on architecture specification for Zen 1 & 2 with limited support for other Zen architectures. We also include a macro assembler tha t can create a full microcode update from an assembly-like input file. Lat er we will also extend ZenUtils with utilities to sign and en/decrypt micr ocode updates. Currently we rely on Zentool for these tasks.\n\nWe also sh ow some basic examples of how microcode programs work\, from a simple CStr ing strlen implementation in a single x64 instruction to a [subleq](https: //esolangs.org/wiki/Subleq) VM implemented entirely in microcode. These sh ow off the basics of microcode programming\, like memory loads & stores\, arithmetic and conditional branches. We are also currently looking at othe r examples and more complex programs.\n\nWe hope this talk shows you how t o start throwing random bits at your own AMD Zen CPU to figure out what ea ch bit does and help us in further understanding the instruction set. We w elcome improvements to the tooling and even entirely new tools to help ana lyze microcode updates and the ROM.\n\nIf you are already familiar with En trySign\, we only cover the very basics of it and focus more on what we le arned after having a foothold in the microcode. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/the-angry-path-to -zen-amd-zen-microcode-tools-and-insights END:VEVENT BEGIN:VEVENT SUMMARY:Aber hier Leben? Nein danke! …oder doch? Wie wir der autoritäre n Zuspitzung begegnen können. DTSTART:20251229T193000Z DTEND:20251229T203000Z DTSTAMP:20260406T225311Z UID:fa59ce23-205c-5cd9-a7de-8ba768e3bf3f CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:Mit dem „Super-Ost-Wahljahr“ 2024 (Landtagswahlen in Sachs en\, Thüringen und Brandenburg) wurden bereits alle möglichen AfD-Regier ungs-Horrorszenarien in Ostdeutschland in den Medien diskutiert und ausgem alt. Nächstes Jahr stehen jedoch noch die Landtagswahlen in Sachsen-Anhal t und Mecklenburg-Vorpommern an. Und die Prognosen sehen auch dort übel a us. Wären morgen Wahlen\, würde die AfD in Sachsen-Anhalt 39% der Stimme n und in Mecklenburg-Vorpommern 38% bekommen. Um dem etwas entgegenzusetze n müssten wüste Bündnisse aus CDU\, Die Linke\, SPD und BSW entstehen. Kurzum: LSA und MV sind verloren!\n \nZusätzlich schrumpfen beide Bundes länder und altern gleichzeitig. In Sachsen-Anhalt gibt es keinen einzigen „wachsenden“ Ort. Weniger Kinder\, immer mehr ältere Menschen\, Fach kräftemangel und ein „Männerüberschuss“ – wer will da schon noch Leben und dem rechten Sog die Stirn bieten? Emanzipatorische Akteur:innen verlassen das Land\, denn sie werden angegriffen und kriminalisiert. Also: Mauer drum und sich selbst überlassen? Ganz nach dem alten Tocotronic So ng „Aber hier Leben? Nein danke!“ \n\nWir wollen den Osten aber nicht aufgeben\, deshalb beleuchten wir in unserem Talk\, wie wir mit einer geme insamen Kraftanstrengung die Mauer vermeiden können – denn es gibt sie (noch): Die Gegenstimmen und Linken Aktiven die in beiden Bundesländern t äglich die Fähnchen hochhalten. Ob die „Zora“ in Halberstadt\, das „AZ Kim Hubert“ in Salzwedel oder das „Zentrum für Randale und Mela ncholie“ in Schwerin: Sie organisieren Austauschräume\, alternative Kon zerte und Orte\, die für alle Menschen offen sind. Sie brauchen unseren S upport und wir zeigen euch Möglichkeiten wie dieser aussehen könnte.\n\n Außerdem wollen wir ins Gespräch kommen. Was hat eigentlich „der Weste n“ mit all dem zu tun? Warum können wir es uns nicht länger leisten un politisch oder inaktiv zu sein? Wie kann die Chaos-Bubble sich in die ostd eutschen Herzen hacken? Und was können wir alle tun\, um gemeinsam zu pre ppen und uns den Herausforderungen zu stellen? LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/aber-hier-leben-n ein-danke-oder-doch-wie-wir-der-autoritaren-zuspitzung-begegnen-konnen END:VEVENT BEGIN:VEVENT SUMMARY:Blackbox Palantir DTSTART:20251229T193000Z DTEND:20251229T203000Z DTSTAMP:20260406T225311Z UID:bf34e289-afe1-59a8-8c1c-018b755772e3 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:Software von Palantir analysiert für Polizeien und Militär d eren Daten – dafür lizenzieren auch deutsche Polizeibehörden seit Jahr en die Analysesoftware Gotham des US-Unternehmens. Die Software verarbeite t strukturierte und unstrukturierte Informationen aus Polizeidatenbanken. Die genauen Funktionsweisen sind für die Öffentlichkeit\, Gesetzgeber un d Kontrollbehörden jedoch nicht einsehbar. \n\nDas US-Unternehmen ist hoc humstritten und auch in Deutschland seit einigen Gesetzesinitiativen wiede r umkämpft – wegen seiner intransparenten Analysemethoden\, seiner Zusa mmenarbeit mit autoritären Staaten und seiner Nähe zur US-Regierung.\n\n Rechtlich ist der Einsatz von Analysetools wie von Palantir in Deutschland ohnehin komplex\, denn das Bundesverfassungsgericht hat 2023 deutliche Gr enzen für polizeiliche Datenanalysen gezogen. Dennoch haben mehrere Bunde sländer für ihre Polizeien Verträge oder streben sie an. Auch auf Bunde sebene wird der Einsatz für das Bundeskriminalamt und die Bundespolizei h itzig diskutiert.\n\nWie funktioniert Gotham und welche Gefahren gehen dam it einher?\nWelche Entwicklungen sind im Bund und in den Ländern zu beob achten? Wie geht es weiter?\n\nWir wollen über den Stand der Dinge in Bun d und Ländern informieren und auch zeigen\, wie wir versuchen\, rechtlich e Vorgaben durchzusetzen. Denn die GFF und der CCC sind an Verfassungsbesc hwerden beteiligt\, unter anderem in Hessen\, Hamburg und zuletzt in Bayer n. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/blackbox-palantir END:VEVENT BEGIN:VEVENT SUMMARY:Hegemony Eroding: Excavating Diversity in Latent Space DTSTART:20251229T200500Z DTEND:20251229T204500Z DTSTAMP:20260406T225311Z UID:c31906d3-4cd5-5b05-aebe-5ce1538c70b8 CATEGORIES:official,Art & Beauty DESCRIPTION:Generative AI models ingest huge datasets gathered all over th e web. Unsurprisingly\, they reflect decades of Western cultural hegemony. Yet\, the hegemony is not absolute.\n\nNon-Western motifs\, that is\, rec urring patterns and themes with deep cultural resonance\, can be discovere d and reproduced across different generative AI models.\n\nIn this talk I will explain the methods I developed to draw out motifs\, the journey I to ok and what I learned along the way. I will present motifs and use them to outline a space stretching from representation to prejudice on the one ha nd and western to non-western depiction on the other.\n\nFinally\, I will make a case for AI as a tool for cultural exploration and discuss how mone tary incentives jeopardise this endeavour\, adding to the long list of rea sons to break up monopolies with transparent\, publicly-funded AI-models. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/hegemony-eroding- excavating-diversity-in-latent-space END:VEVENT BEGIN:VEVENT SUMMARY:Race conditions\, transactions and free parking DTSTART:20251229T200500Z DTEND:20251229T204500Z DTSTAMP:20260406T225311Z UID:28fc102e-a38e-51b2-a48b-530b0d0e49a9 CATEGORIES:official,Security DESCRIPTION:After the [Air France-KLM dataleak](https://media.ccc.de/v/37c 3-lightningtalks-58027-air-france-klm-6-char-short-code) I kept repeating this was not a real hack\, and confessed I always wanted to hack a system based on triggering race conditions because the lack of proper transaction s.\nThis was way easier than expected. In this talk I will show how just a dding `$ seq 0 9 | xargs -I@ -P10 ..` can break some systems\, and how to write safe database transactions that prevent abuse.\n\nIn this talk I wil l explain what race conditions are. Many examples of how and why code will fail. How to properly create a database transaction. The result of abusin g this in real life (e.g. free parking). LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/race-conditions-t ransactions-and-free-parking END:VEVENT BEGIN:VEVENT SUMMARY:10 years of Dieselgate DTSTART:20251229T204500Z DTEND:20251229T214500Z DTSTAMP:20260406T225311Z UID:a877c904-f887-588e-9637-9b1df2f019dd CATEGORIES:official,Security DESCRIPTION:10 years ago\, Felix spent a lot of sleepless nights on revers e-engineering the Diesel software that implemented the (by now) well-known "Acoustic Function" defeat device\; he presented my findings at the 32c3 and 33c3 in 2015 and 2016\, expecting this to be the last time we needed t o hear about this.\n\nLittle did he know about the extent of the Diesel em issions cheating. Since then he has analyzed many more vehicles\, learned a bit or two about mechanical engineering problems of cars.\n\nKarsten\, w orking as a court-appraised expert\, will add his unique view on the chall enges in documenting software that was never meant to be understood by the public.\n\nThis talk will discuss methodologies of independent analysis o f highly dynamic systems that many people see as black boxes (but that\, o f course\, are not: they are just machines running software). LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/10-years-of-diese lgate END:VEVENT BEGIN:VEVENT SUMMARY:The Heartbreak Machine: Nazis in the Echo Chamber DTSTART:20251229T204500Z DTEND:20251229T214500Z DTSTAMP:20260406T225311Z UID:958d3055-3929-56b8-b71c-25b3a64f1902 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:Monatelang tauchte Martha in die verborgene Welt von WhiteDate \, WhiteChild und WhiteDeal ein\, drei Plattformen\, die von einer Rechtse xtremistin aus Deutschland betrieben werden. Sie glaubt an die Verschwöru ng einer weißen Vorherrschaft und einer „rassisch reinen“ weißen Gem einschaft. Was als Neugier begann\, entwickelte sich schnell zu einem Exp eriment über menschliches Verhalten\, Technologie und Absurdität.

M artha infiltrierte das Portal mit „realistischen“ KI-Chatbots. Die Bot s waren so überzeugend\, dass sie die Überprüfungen umgingen und sogar als „weiß“ verifiziert worden. Durch die Gespräche und Recherche von digitalen Spuren dieser Gemeinschaft\, die sich in Sicherheit wähnte\, k onnte sie Nutzer identifizieren. \n
Gemeinsam mit Reporter:innen der „ Die Zeit“ konnten wir die Person hinter der Plattform enttarnen und ihre Radikalisierung von einer erfolgreichen Pianistin zu einer Szene-Unterneh merin nachzeichnen. Um ihr Dating-Portal hat sie ein Netzwerk von Websites aufgebaut\, dass seinen Nutzern Liebe\, Treue und Tradition vermarktet. W hiteDate verspricht romantische Beziehungen\, WhiteChild propagiert Famili en- und Abstammungsideale und WhiteDeal ermöglicht berufliches Networking und „gegenseitige Unterstützung“ unter einem rassistischen Weltbild. Gemeinsam zeigen sie\, wie Ideologie und Einsamkeit auf bizarre Weise mit einander verwoben sein können.

Nach monatelanger Beobachtung\, klass ischer OSINT-Recherche\, automatisierter Gesprächsanalyse und Web-Scrapin g haben wir herausgefunden\, wer hinter diesen Plattformen steckt und wie ihre Infrastruktur funktioniert. Dabei deckten wir die Widersprüche und A bsurditäten extremistischer Gemeinschaften auf\, verdeutlichten ihre Anf älligkeit für technologische Eingriffe und brachten sogar den einen oder anderen Nazi zum Weinen.

Dieser Vortrag erzählt von Beobachtung\, S chabernack und Einblicken in die digitale Welt extremistischer Gruppen. Er zeigt\, wie Algorithmen\, KI-Personas und investigatives Denken Hass entl arven\, seine Narrative hinterfragen und seine Echokammern aufbrechen kön nen. Wir zeigen\, wie Technologie im Kampf gegen Extremismus eingesetzt we rden kann. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/the-heartbreak-ma chine-nazis-in-the-echo-chamber END:VEVENT BEGIN:VEVENT SUMMARY:Light in the Dark(net) DTSTART:20251229T210500Z DTEND:20251229T214500Z DTSTAMP:20260406T225311Z UID:414813ee-69f4-56ee-a013-f887f26d91d6 CATEGORIES:official,Science DESCRIPTION:Onion services can be considered one of the most controversial aspects of the Tor network\, because they allow the anonymous hosting of services\, which has enabled the creation of illegal services which are di fficult for law enforcement to shut down. Defenders argue that this is a p rice worth paying to ensure free speech for people who could otherwise not speak up or run their own services. \n\nThis obviously raises the questio n what onion services are being actually used for in practice. Many resear chers have tried to answer this question in the past. Based on their work we already know a few things: \n\n- 9% of all Websites on the Darknet are marketplaces [1]\n- 2.7% of all Websites on the Darknet are marketplaces [ 2]\n- 50% of all Websites on the Darknet are marketplaces [3]\n- 8.4% of a ll Websites on the Darknet are marketplaces [4]\n- 27% of all Websites on the Darknet are marketplaces [5]\n- 34.8% of all Websites on the Darknet a re marketplaces [6]\n\nNo\, this is not a copy and paste error\, all of th e above statements can be found in peer-reviewed scientific publications. All of these results are valid on their own and constitute valuable contri butions to science\, but it does not take an expert to notice the contradi ctions in their findings. \nThe reasons for these inconsistencies are the main topic of this talk. We will discuss the information available to res earchers and the limitations originating from it. Challenges and current d isagreements when it comes to interpreting available data will be addresse d along with common misrepresentations of research results. We will highli ght how the choice of data sources can predetermine the final result befor e a study has even begun\, how minor changes to definitions can lead to co mpletely different results and how important context is when interpreting data. \n\nArmed with this knowledge\, we can tackle the challenge to find out what we know about the Darknet\, what we might figure out in the futur e\, what we can reasonably assume but will never be able to prove\, and wh at we will (hopefully) never know. \n\n----------------------------------- ------\nSources\n[1] https://doi.org/10.1049/iet-ifs.2015.0121\n[2] https: //doi.org/10.1016/j.future.2024.03.025\n[3] https://doi.org/10.1145/360016 0.3600167\n[4] https://doi.org/10.1109/INFOCOM53939.2023.10229057\n[5] htt ps://doi.org/10.1109/ICDCSW.2014.20\n[6] https://doi.org/10.1080/00396338. 2016.1142085 LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/light-in-the-dark -net END:VEVENT BEGIN:VEVENT SUMMARY:The Spectrum - Hackspace Beyond Hacking DTSTART:20251229T210500Z DTEND:20251229T214500Z DTSTAMP:20260406T225311Z UID:f7a3c3ba-a9d0-5aab-bf31-f63a034a8d22 CATEGORIES:official,CCC & Community DESCRIPTION:The Spectrum is a new queer-feminist\, intersectional and tran sdisciplinary hackspace centering FLINTA+\, creatures with disabilities\, and other marginalized communities founded in 2025. We see hacking as more than code and machines—it’s a way of exploring the world through curi osity\, play\, and care. By taking things\, systems\, and ideas apart\, we uncover new perspectives and possibilities for change. Our space is built around awareness\, inclusion\, and open access to knowledge. We aim to cr eate an environment where everyone can learn\, share\, and experiment free ly—without the constraints of “normality.” From art and music to act ivism and technology\, The Spectrum brings together diverse disciplines an d beings to co-create\, collaborate\, and imagine better futures.\n\nAt 39 C3\, we want to share our experiences of building such a space: how awaren ess work and accessibility can shape community dynamics\, what transdiscip linary hacking can look like\, and how centering marginalized perspectives transforms collective creation. Join us to explore what it means to hack not only systems\, but also art\, expectations\, and realities.\n\nhttps:/ /the-spectrum.space/en/ LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/the-spectrum-hack space-beyond-hacking END:VEVENT BEGIN:VEVENT SUMMARY:Rowhammer in the Wild: Large-Scale Insights from FlippyR.AM DTSTART:20251229T220000Z DTEND:20251229T224000Z DTSTAMP:20260406T225311Z UID:1627c5c1-db61-5117-aa41-991850cc20a8 CATEGORIES:official,Security DESCRIPTION:This will be a followup talk after our talk "Ten Years of Rowh ammer: A Retrospect (and Path to the Future)" at 38C3.\nIn the talk last y ear we gave an overview of the current state of Rowhammer and highlighted that there are no large-scale prevalence studies.\nWe wanted to change tha t and asked the audience to participate in our large-scale study on Rowham mer prevalence.\n\nWe performed the large-scale study on Rowhammer prevale nce thanks to many volunteers supporting our study by measuring their syst ems.\nIn total\, we collected 1006 datasets on 822 different systems (some systems were measured multiple times).\nWe show that 126 of them (12.5%) are affected by Rowhammer with our fully-automated setup.\nThis should be seen as a lower bound\, since the preconditions required for effective too ls failed on ~50% of the systems.\nAmong many other insights\, we learned that the fully-automated reverse-engineering of DRAM addressing functions is still an open problem and we assume the actual number of affected syste ms to be higher as the 12.5% we measured in our study.\n\nNow\, one year a fter our talk at the 38C3\, we want to give an update on the current state of Rowhammer\, since multiple new insights were published in the last yea r:\nThe first reliable Rowhammer exploit on DDR5\, a JavaScript implementa tion of Rowhammer that works on current DDR4 systems\, and an ECC bypass o n DDR4\, just to name a few.\nAdditionally\, we want to present the result s of our large-scale study on Rowhammer prevalence which was supported by the audience from last year's talk. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/rowhammer-in-the- wild-large-scale-insights-from-flippyr-am END:VEVENT BEGIN:VEVENT SUMMARY:Human microservices at the Dutch Railways: modern architecture\, a ncient hardware? DTSTART:20251229T220000Z DTEND:20251229T230000Z DTSTAMP:20260406T225311Z UID:f894f246-6bd4-5750-a66b-d073e37b7acd CATEGORIES:official,Hardware DESCRIPTION:When a train breaks down in the Netherlands\, a system of inte rconnected humans is shifted into gear. The current state of that system h as been developed for over 80 years and as such should be seen as an archi tectural marvel. Even though there is nowadays a significant amount of sof tware involved in the process\, the people involved are still very much ne cessary.\n\nThis talk describes the processes and roles involved in the Du tch railway day to day operations. We will start at a broken down train on a busy track and work our way towards solutions including dragging the tr ain\, evacuating travelers and redirecting other trains on that trajectory . We will explore this from a software developer's perspective. We will co nsider the people involved as an ancient form of hardware\, and the protoc ols between them as software. We will also go over the more modern additio ns to the system: phone lines and software running on actual computers.\n\ nAfter our investigation you will have a new understanding of the complexi ty of running a railway network. And we will ask ourselves: is this an out dated system that needs to be digitized? Or is this actually a modern syst em with microservices and a "human in the loop"? LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/human-microservic es-at-the-dutch-railways-modern-architecture-ancient-hardware END:VEVENT BEGIN:VEVENT SUMMARY:Peep-Show für die Polizei. Staatliche Überwachung von Queers in Hamburger Toiletten bis 1980 DTSTART:20251229T220000Z DTEND:20251229T230000Z DTSTAMP:20260406T225311Z UID:ad9fa823-820f-5846-825e-42e2b5934ef6 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:In den 1970er Jahren nutzt die Hamburger Polizei auf zehn öff entlichen Herrentoiletten in der Wand eingelassene Spionspiegel\, um zu be obachten welche Männer am Pissoir ihrer Meinung nach etwas zu lange neben einander stehen. In einem Überwachungszeitraum von gut 18 Jahren sprechen Hamburger Beamte mit Berufung auf ‚Jugendschutz‘ und ‚Sauberkeit‘ hunderte Hausverbote an öffentlichen Toiletten aus\, nehmen Personalien auf und legen dabei illegalerweise ‚Rosa Listen‘ genannte Homosexuelle nregister an. \nDie unfreiwillige Peep-Show endet im Sommer 1980\, als die Polizei völlig indiskret die Teilnehmenden der ersten lesbisch-trans-sch wulen Demonstration in Hamburg fotografiert um nach Selbstaussage „die K arteien aufzufrischen“. Ein anonymes Kollektiv zerschlägt die Überwach ungsspiegel und bringt die illegale Polizeipraxis ans Licht der Öffentlic hkeit.\nMit zwei Fragen tauchen wir in diesem Vortrag in die Aborte der Ge schichte: Wie ist das polizeiliche Toilettenüberwachungssystem in Hamburg entstanden? Welche technischen und sozialen Lücken nutzten die Aktivist: innen für den Exploit dieses Systems? Und was hat das eigentlich mit heut e zu tun? LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/peep-show-fur-die -polizei-staatliche-uberwachung-von-queers-in-hamburger-toiletten-bis-1980 END:VEVENT BEGIN:VEVENT SUMMARY:Von Fuzzern zu Agenten: Entwicklung eines Cyber Reasoning Systems für die AIxCC DTSTART:20251229T220000Z DTEND:20251229T230000Z DTSTAMP:20260406T225311Z UID:11ede3bc-662b-580b-9ecb-e84edabee369 CATEGORIES:official,Security DESCRIPTION:Die AIxCC (DARPA’s AI Cyber Challenge) ist ein zweijähriger Wettbewerb\, dessen Ziel es war\, die Möglichkeiten der automatisierten Erkennung und Behebung von Sicherheitslücken zu verbessern.\nDabei sollte ein autonomes\, in sich geschlossenes System entwickelt werden\, das Soft ware analysiert\, Schwachstellen erkennt\, diese mithilfe von Reproducern nachweist und anschließend sichere Patches erzeugt.\n\nUnser Team hat sic h diesem globalen Experiment angeschlossen und ein eigenes Cyber Reasoning System (CRS) von Grund auf neu entwickelt. Dazu haben wir mehrere Agenten entwickelt. Unser System profitierte von der Kombination klassischer Tech niken wie Fuzzing mit modernen Large Language Models (LLMs). Die Synergie zwischen diesen Ansätzen erwies sich als leistungsfähiger als jede der b eiden Techniken für sich allein\, sodass unser CRS Software auf eine Weis e untersuchen und patchen konnte\, wie es weder Fuzzing noch LLMs allein l eisten konnten.\n\nIn diesem Vortrag werden wir:\n- das Konzept und die Zi ele hinter AIxCC erläutern\n- durchgehen\, wie ein CRS tatsächlich funkt ioniert und wie wir unseres entwickelt haben\n- zeigen\, wie LLMs traditio nelle Fuzzing- und Analyse-Techniken unterstützen können\n- Beobachtunge n zu den Strategien der Finalisten-Teams teilen LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/von-fuzzern-zu-ag enten-entwicklung-eines-cyber-reasoning-systems-fur-die-aixcc END:VEVENT BEGIN:VEVENT SUMMARY:PRÜF DTSTART:20251229T231500Z DTEND:20251229T235500Z DTSTAMP:20260406T225311Z UID:35e68e53-852a-56a2-8b3c-1bc27ce7fbb0 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:Wir haben eine Forderung: „Alle Parteien\, die vom Verfassun gsschutz als rechtsextremer Verdachtsfall oder gesichert rechtsextrem eing estuft werden\, sollen durch das Bundesverfassungsgericht überprüft werd en.“ Wir demonstrieren so lange\, bis der Bundesrat die Prüfung formal beantragt hat. PRÜF-Demos. Bald in allen Landeshauptstädten. Am 2. Samst ag. Jeden Monat.\n\nWarum beim Schutz der Demokratie nicht mal einen Ansat z wählen\, der so noch nicht probiert wurde? Nicht auf die anderen gucken \, sondern auf uns? Auf das gemeinsame? Auf Spaß? Das nutzen\, was wir ha ben und was wir können? Wir haben das Grundgesetz\, dessen Stärken einge setzt werden müssen. Wir haben uns\, Millionen Menschen\, die wir uns org anisieren können. Wir haben Ideen\, wir haben Geld\, wir haben Macht\, wi r haben Wissen. Bisher haben wir nicht einmal ansatzweise unsere Möglichk eiten ausgeschöpft und es wäre absurd\, wenn wir das nicht schaffen wür den\, die Freiheitliche Demokratische Grundordnung zu schützen.\n\nVortra g kann Spuren von Prüfen enthalten. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/pruf END:VEVENT BEGIN:VEVENT SUMMARY:Spectre in the real world: Leaking your private data from the clou d with CPU vulnerabilities DTSTART:20251229T231500Z DTEND:20251229T235500Z DTSTAMP:20260406T225311Z UID:f1e6f4e2-875f-573c-9e68-8dfd52e29225 CATEGORIES:official,Security DESCRIPTION:Seven years ago\, Spectre and Meltdown were announced. These t wo vulnerabilities showed that instructions executed by the CPU might acci dentally access secret data. This secret data can contain files cached fro m disk\, cryptographic keys\, private information\, or anything else that might be stored in memory. An attacker can use Spectre to learn the value of that secret data\, even though the attacker is not supposed to have acc ess to it. \n\nEven though this sounds problematic\, there is a reason why these type of vulnerabilities haven't had a significant real-world impact . Mitigations make it much harder to pull off\, and an attacker needs a fo rm of remote code execution anyway to trigger the relevant CPU instruction s. If an attacker can already execute arbitrary code\, then Spectre is pro bably not what you should be worried about. For regular users\, these CPU vulnerabilities are likely not that much of a threat.\n\nHowever\, that is not the case for public cloud providers. Their business model is to provi de *remote code execution as a service*\, and to rent out shared hardware resources as efficiently as possible. Customers run their system in an see mingly isolated virtual machine on top of shared physical hardware. Becaus e customers can run anything they want on these systems\, public cloud pro viders must treat these workloads as untrusted. They have to assume the wo rst case scenario\, i.e. that an attacker is deliberately trying violate t he confidentiality\, integrity or availability of their systems\, and\, by extension\, their customers' systems. For transient execution vulnerabili ties like Spectre\, that means that they enable all reasonable mitigations \, and some more.\n\nIn this talk\, we show that transient execution attac ks can be used on real-world systems\, despite the deployed software mitig ations. We demonstrate this by silently leaking secret data from another v irtual machine at a major global cloud provider\, defeating virtual machin e isolation without leaving a trace. Additionally\, we'll discuss our coor dinated disclosure process\, the currently deployed mitigations and how fu ture mitigations could address the issue. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/spectre-in-the-re al-world-leaking-your-private-data-from-the-cloud-with-cpu-vulnerabilities END:VEVENT BEGIN:VEVENT SUMMARY:Verschlüsselung brechen durch physischen Zugriff - Smartphone Bes chlagnahme durch Polizei DTSTART:20251229T231500Z DTEND:20251229T235500Z DTSTAMP:20260406T225311Z UID:4972548a-618e-56a1-8328-3abe474a31ab CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:Staatstrojaner\, Chat-Kontrolle\, Wanzen. Die Mittel staatlich er Überwachung sind vielfältig und teilweise technisch sehr komplex. Dab ei ist es leicht\, den Überblick zu verlieren. Ein relativ profanes Mitte l\, das Polizeibehörden in Deutschland hunderttausendfach anwenden\, ist die Beschlagnahme von Smartphones und Laptops sowie das Auslesen ihrer Dat en. Genaue Statistiken gibt es nicht. Es dürften jedoch mehr Fälle sein als bei der einfachen Telekommunikationsüberwachung. Allein in Sachsen-An halt waren es innerhalb von fünf Jahren 13.000 Smartphones. \n\nAuch bei leichten Straftaten und Ordnungswidrigkeiten beschlagnahmt die Polizei reg elmäßig Datenträger - insbesondere Smartphones und Laptops - etwa beim Verdacht einer Beleidigung oder bei der Handynutzung im Straßenverkehr. O ft werden auch Hausdurchsuchungen durchgeführt und dabei alle technischen Geräte beschlagnahmt und durchsucht. Die Verfassungsmäßigkeit dieser p olizeilichen Praxis ist sehr zweifelhaft. Das Bundesinnenministerium plant e in der letzten Legislatur sogar\, die Kompetenzen der Polizei auszuweite n wodurch auch heimliche Hausdurchsuchungen möglich werden sollten. Damit könnte die Polizei heimlich Staatrojaner installieren oder sog. Evil-Mai d-Angriffe vorbereiten. Die Strafverfolgungsbehörden stützen sich auf di e Beschlagnahmevorschriften der §§ 94 ff. Strafprozessordnung\, die seit 1877 im Wesentlichen unverändert geblieben sind und in ihrem Wortlaut we der die Möglichkeit eines Datenzugriffs noch die Modalitäten und Grenzen einer Datenauswertung regeln. Auch wird die Maßnahme nicht auf Straftate n einer gewissen Schwere begrenzt und es fehlen Vorgaben zum Schutz besond ers sensibler Daten\, die etwa in den Kernbereich der persönlichen Lebens führung fallen. Im Rahmen einer Durchsuchung ermöglicht es der §§ 110 Strafprozessordnung eine vorläufige Sicherung und Durchsicht der Speicher medien. Auch diese Vorschrift reicht nicht aus\, um Grundrechte angemessen zu schützen\, da mit der kompletten Ausforschung des gesamten Datenbesta ndes ein gravierender Grundrechtseingriff in die Privatsphäre der Betroff enen verbunden ist und gesetzlich keine angemessenen Grenzen gesetzt werde n.\n\nGerade auf Smartphones befinden sich oft höchstpersönliche Daten w ie Chats mit der Familie oder dem*der Partner*in\, Fotos\, Kontakte\, Stan dortdaten und Dating-Apps. Darüber hinaus sind die Geräte regelmäßig m it Cloud-Diensten und anderen Datenträgern verbunden. Auf all diese Daten können Polizeibehörden dann zugreifen.\nMöglich wird das durch Softwar e von Firmen wie Cellebrite\, MSAB oder Magnet. Diese nutzen Sicherheitsl ücken aus\, um die Verschlüsselung von Smartphones zu knacken. Wie auch bei Sicherheitslücken für Staatstrojaner sind die Sicherheitslücken\, d ie diese Firmen ausnutzen\, den Herstellern nicht bekannt. Damit unterstü tzen deutsche Behörden ein System\, dass die Geräte aller unsicher macht . Auch die Bitlocker-Verschlüsselung von Windows-Computern lässt sich of t umgehen. Dies ermöglicht den Strafverfolgungsbehörden den freien und u nbeschränkten Zugang zu allen persönlichen Daten\, ohne angemessene gese tzliche oder gerichtliche Kontrolle und Überprüfung. Auch für die betro ffenen Personen wird nicht erkennbar\, in welchem Ausmaß Daten durchsucht und ausgewertet wurden. Im Vortrag wird der aktuelle Stand und die Proble me von Verschlüsselung von Windows und Linux Computern sowie Android und iOS Smartphones erläutert. \n\nAm Beispiel des Journalisten Hendrik Torne rs\, dessen Smartphone beschlagnahmt wurde\, nachdem er eine polizeiliche Maßnahme nach einer Klimademonstration beobachtet hatte und nun im Rahmen einer Verfassungsbeschwerde dagegen vorgeht\, sowie weiterer öffentlich diskutierter Fälle wie #Pimmelgate besprechen die Vortragenden die techni schen und juristischen Hintergründe. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/verschlusselung-b rechen-durch-physischen-zugriff-smartphone-beschlagnahme-durch-polizei END:VEVENT BEGIN:VEVENT SUMMARY:Die große Datenschutz-\, Datenpannen- und DS-GVO-Show DTSTART:20251230T000000Z DTEND:20251230T013000Z DTSTAMP:20260406T225311Z UID:6396165e-0c44-58d3-a345-a63966473508 CATEGORIES:official,Entertainment DESCRIPTION:Datenschutz wird oftmals als lästige Pflicht wahrgenommen – aber was will und macht Datenschutz\, für was ist er sinnvoll und was is t zu beachten? In welche Stolperfallen können auch Nerds hineinfallen? ** Die Datenschutz- und DSGVO-Show vermittelt spielerisch Datenschutzgrundlag en\,** bietet einen Einblick in die Praxis der Datenschutz-Aufsichtsbehör den und zeigt typische technische wie rechtliche Fehler im Umgang mit pers onenbezogenen Daten. Aber auch für Datenschutz-Profis und Superhirne sind einige harte Nüsse dabei.\n\nDer Moderator arbeitet beim Landesbeauftrag ten für den Datenschutz und die Informationsfreiheit Baden-Württemberg u nd berichtet aus der praktischen Arbeit einer Aufsichtsbehörde\, nennt re chtliche Grundlagen\, gibt Hinweise zu notwendigen technischen Maßnahmen nach Artikel 32 DS-GVO und die oftmals schwierige Risikoabschätzung nach „wir wurden gecybert“-Sicherheitsvorfällen.\n\nIm Quiz selbst müssen die Kandidat:innen in ihren Antworten praktische Lösungsvorschläge für häufige technische und rechtliche Probleme vorschlagen\, zum Beispiel we lche technischen Maßnahmen bei bestimmten Datenpannen nach dem „Stand d er Technik“ angebracht sind\, ob man als Website-Betreiber denn nun Goog le Analytics nutzen darf oder wie man sich gegen (rechtswidrige) Datensamm ler wehrt. Dadurch können Teilnehmer wie Zuschauer die praktische Anwendu ng der DS-GVO spielerisch lernen. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/die-groe-datensch utz-datenpannen-und-ds-gvo-show END:VEVENT BEGIN:VEVENT SUMMARY:Asahi Linux - Porting Linux to Apple Silicon DTSTART:20251230T100000Z DTEND:20251230T104000Z DTSTAMP:20260406T225311Z UID:e0739bd6-f804-5fde-8cf6-fc940567bf45 CATEGORIES:official,Hardware DESCRIPTION:In this talk\, you will learn how Apple Silicon hardware diffe rs from regular laptops or desktops.\nWe'll cover how we reverse engineere d the hardware without staring at disassembly but by using a thin hypervis or that traces all MMIO access and then wrote Linux drivers.\nWe'll also t alk about how upstreaming to the Linux kernel works and how we've signific antly decreased our downstream patches in the past year.\n\nAs an example\ , we will use support for the Type-C ports and go into details why these a re so complex and required changes across multi subsystems.\n\nIn the end\ , we'll briefly talk about M3/M4/M5 and what challenges we will have to ov ercome to get these supported. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/asahi-linux-porti ng-linux-to-apple-silicon END:VEVENT BEGIN:VEVENT SUMMARY:Atoms in Space DTSTART:20251230T100000Z DTEND:20251230T104000Z DTSTAMP:20260406T225311Z UID:dac63c75-58d4-5d97-9910-c9ec9c9c63b7 CATEGORIES:official,Science DESCRIPTION:Quantum technologies have seen a wide field of applications in medicine\, geosciences\, computing and communications\, in many cases bri dging the gap from laboratory experiments to commercial products in the la st decade. For terrestrial applications that is. But what about going to s pace?\n\nQuantum physics based sensors and experiments promise higher accu racy\, sensitivity or better long term stability as they rely on immutable properties of atoms. When properly manipulated\, these (ultra-)cold atoms are likely to outperform state of the art instruments. Experiments conduc ted on sounding rockets demonstrated important steps like Bose-Einstein Co ndensate creation during a few minutes in microgravity\, enabling more adv anced quantum experiments in the future. The International Space Station and the Tiangong Space Station host dedicated experiments like ultrastable clocks as well as flexible research infrastructure for fundamental resear ch benefitting from long free-fall times. However\, the deployment of such technologies on satellites is not as advanced. Satellite missions utilizi ng quantum sensors or performing long term experiments are subject to stud ies and proposals backed by a broad scientific community aiming at better understanding of climate change\, interplanetary navigation or tests of ge neral relativity. First steps towards realization of such missions are tak en by ESA\, NASA and various national space agencies as well as universiti es funded by national agencies or the EU.\n\nThis talk will detect the cur rent state of atoms in space and give an overview of active programs to de ploy quantum sensors on operational satellite missions. The focus is on fu ture applications in geosciences and related fields employing the same tec hnology.\n\n- [Presentation](https://cfp.cccv.de/media/39c3/submissions/TX YU83/resources/39C3_Atoms_in_Space_CHOIpRv.pdf)\n- [Extended list of refer ences](https://cfp.cccv.de/media/39c3/submissions/TXYU83/resources/Referen ces_v11_AryJX8G.pdf) LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/atoms-in-space END:VEVENT BEGIN:VEVENT SUMMARY:How to keep Open Source open without leaving our communities open to threats DTSTART:20251230T100000Z DTEND:20251230T104000Z DTSTAMP:20260406T225311Z UID:b472503f-7336-586b-aa63-d082c14e0945 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:The state of the internet\, c 1990:\n\n* Limited\, opt-in conn ectivity: people had to both have access to a computer and that computer h ad to have access to the internet.\n* Tooling required some in-industry kn owledge to be able to run and use\, not only for development but also for communication. \n* Open source was a young movement. The "common source" w as proprietary.\n\nThe state of the internet\, c 2025:\n\n* Always online\ , might-not-even-be-to-opt-out connectivity: devices are almost always col lecting and transmitting data\, including audio/visual\, in some cases eve n if "turned off".\n* Easy to use tooling has made it easier for everyone to come together. The pervasiveness of technology also means that most peo ple\, of any background\, can easily access other people in the thousands or even millions.\n* Open source is common\, accessible\, and matured. A $ 9 **_trillion_** resource. Yes\, **_trillion_**.\n\nThese three significan t changes drastically change the threat model for OSS communities. In the beginning\, someone had to have both knowledge and resources to harm or ot herwise compromise a community of developers. Now\, anyone with a grudge c an make a bot army with seamless integrations and gracious freemium tiers for AI/LLMs. Likewise\, when open source was small\, the "who" who would b e motivated to harm and otherwise disrupt those communities was limited. N ow there is both massive social and economic benefit to harm and disrupt. This means that risks and threats now still include the motivated and reso urced **_with the addition of_** those who are scarce in both.\n\nWe need to come together to build new organizational threat models that account fo r how this consequence has posed new risks to our communities. With care a nd attention to detail\, we can introduce responsible friction that will p rotect our communication infrastructure\, the lifeblood of what allows ope n source to grow.\n\nThere will also be a workshop with this presentation\ , with the outcome of creating an ongoing working group dedicated to helpi ng OSS Foundations of all sizes protect their communities.\n\nThere will b e a workshop about the same topic on 12.30\, Day 4: [https://events.ccc.de /congress/2025/hub/de/event/detail/how-to-keep-open-source-open-without-le aving-our-c](https://events.ccc.de/congress/2025/hub/de/event/detail/how-t o-keep-open-source-open-without-leaving-our-c) LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/how-to-keep-open- source-open-without-leaving-our-communities-open-to-threats END:VEVENT BEGIN:VEVENT SUMMARY:I Hated All The Cross-Stitch Software So I Made My Own: My Derange d Outsider Software Suite For Making Deranged Outsider Art DTSTART:20251230T100000Z DTEND:20251230T104000Z DTSTAMP:20260406T225311Z UID:c43046a1-bac9-54d3-a551-d86630e7ab3b CATEGORIES:official,Art & Beauty DESCRIPTION:Designing cross-stitch patterns\, I got frustrated with all th e programs which expected me to click around a canvas setting individual p ixels. I wanted a cross-stitch design software suite that I could drive wi th a Makefile\, which could give me an interactive interface for stitching or compile them to PDF. In short\, I wanted to say `echo "shutdown -h now " | embellish --border | export pattern --pdf` and get a design worthy of stitching on a pillow.\n\nSo\, I made the thing I wanted. I'll discuss the many yak shaves along the way (proprietary file format reverse-engineerin g\, OAuth2\, what 'color' even means\, unikernel hosting\, and more). I'll talk a bit about the joy of making something so you can make something\, and how it feels to craft software that is unapologetically personal. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/i-hated-all-the-c ross-stitch-software-so-i-made-my-own-my-deranged-outsider-software-suite- for-making-deranged-outsider-art END:VEVENT BEGIN:VEVENT SUMMARY:CCC&T - Cosmic ray\, the Climate Catastrophe and Trains. DTSTART:20251230T105500Z DTEND:20251230T113500Z DTSTAMP:20260406T225311Z UID:471f65aa-7729-5e51-b849-4603cfac762f CATEGORIES:official,Science DESCRIPTION:The Dürremonitor is a programme that is often mentioned in th e German news when some regions experience drought. Alongside the Dürremo nitor and the underlying Mesoscale Hydrological Model (MHM)\, there is ong oing research at the UFZ concerning soil moisture. Some of these studies i nvolve measuring soil moisture using a technique called cosmic ray neutron sensing (CRNS). Rather than taking measurements\, the MHM uses a physics- based model incorporating precipitation forecasts to predict drought or fl ood. These two strategies for quantifying soil moisture are therefore in o pposition: the measurement-based approach (CRNS) and the modelling-based a pproach (MHM/Dürremonitor). CRNS is a relatively new method of measuring soil moisture based on the proportion of neutrons reflected by the soil (t he principles were discovered in the 1980s\, but it has only recently beco me commercially applicable). This method has several advantages over previ ous soil moisture measurement methods: it is non-invasive\, easy to set up \, portable and can therefore be used on trains.\n\nIn the talk I will giv e an overview of the Dürremonitor and MHM and then focus on CRNS. I will explain the physical principles behind the method\, how it is implemented in practice by making serveys using trains. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/ccc-t-cosmic-ray- the-climate-catastrophe-and-trains END:VEVENT BEGIN:VEVENT SUMMARY:CUII: Wie Konzerne heimlich Webseiten in Deutschland sperren DTSTART:20251230T105500Z DTEND:20251230T113500Z DTSTAMP:20260406T225311Z UID:910d24ff-efce-5adc-8b86-0f9c55fb1cda CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:In Deutschland entscheidet eine private Organisation aus Inter netanbietern und großen Unterhaltungskonzernen\, welche Webseiten für de n Großteil der Bevölkerung nicht mehr erreichbar sind. \nDie selbsternan nte "Clearingstelle Urheberrecht im Internet" sperrt ohne richterliche Bes chlüsse den Zugriff auf Hunderte von Domains. \nWir haben daraufhin cuiil iste.de ins Leben gerufen\, um die geheim gehaltene Liste von Domains zu v eröffentlichen und so mehr Transparenz in die heimliche Zensur der Konzer ne zu bringen.\nUnsere Auswertung der Liste zeigte: Fast ein Drittel der g esperrten Domains erfüllte – teils seit Jahren – nicht mehr die Krite rien für eine Sperre.\nWir werden uns ansehen\, wie dutzende Domains nach öffentlichem Druck wieder entsperrt wurden\, während Provider gleichzei tig deren Sperren noch mehr verschleierten.\nVor ein paar Monaten soll sic h angeblich viel geändert haben bei der CUII - doch diese Änderung sieht leider verdächtig nach einem PR-Stunt aus\, um weiterhin Seiten ohne Tra nsparenz sperren zu können. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/cuii-wie-konzerne -heimlich-webseiten-in-deutschland-sperren END:VEVENT BEGIN:VEVENT SUMMARY:“End Of 10”: How the FOSS Community is Combatting Software-Dri ven Resource and Energy Consumption DTSTART:20251230T105500Z DTEND:20251230T113500Z DTSTAMP:20260406T225311Z UID:910e5f22-945b-5196-8e21-246acbcaadd3 CATEGORIES:official,CCC & Community DESCRIPTION:This is a talk about digital sustainability and the role softw are plays in hardware longevity. At the 38C3\, the End Of 10 campaign held a workshop to co-ordinate contributions across FOSS communities. Many peo ple currently involved started contributing after this workshop\, includin g 2 of the 3 presenters. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/end-of-10-how-the -foss-community-is-combatting-software-drive-resource-and-energy-consumpti on END:VEVENT BEGIN:VEVENT SUMMARY:What You Hack Is What You Mean: 35 Years of Wiring Sense into Text DTSTART:20251230T105500Z DTEND:20251230T113500Z DTSTAMP:20260406T225311Z UID:ba5269c3-88f7-50e8-b12c-63510ee697e8 CATEGORIES:official,Art & Beauty DESCRIPTION:Computers can’t do much without encoding. They need ways to turn bytes into symbols\, words\, and meaning — to make text readable fo r both humans and machines. But encoding isn’t just for machines. Humans also encode: we describe\, structure\, and translate our thoughts into te xt. And while the number of text formats seems endless (and keeps growing) \, that’s not a bug — it’s a feature. Diversity in encoding is how w e learn what works and what doesn’t.\n\nLong before ASCII tables or Unic ode\, text encoding already existed — in alphabets\, printing presses\, and typographic systems. Every technology of writing has been a way of hac king language into matter: from clay tablets to lead letters\, from code p ages to Markdown. Each era brings new formats and new constraints — and with them\, new genres\, new rules\, new cultural codes. Think of poetry a nd protocol manuals\, fairy tales and README files\, the Hacker Bible itse lf — all shaped by the tools and conventions that carry them.\n\nSo here ’s the question: can we encode not only what we see\, but what we mean? Can we capture a poem’s rhythm\, a play’s voices\, or the alternate en dings of a story — and do it in a way that’s open\, remixable\, and ma chine-readable?\n\nTurns out\, yes — and the solution has existed since 1988. It’s called the Text Encoding Initiative (TEI)\, a long-running op en-source standard that lets you describe the structure\, semantics\, and context of texts using XML. You can think of it as a humanities fork of hy pertext — an extensible markup language for everything from medieval man uscripts to memes.\n\nTEI is more than a format: it’s a collaborative\, living standard maintained by an international community of researchers\, librarians\, and digital humanists. It evolves with the world — adding e lements for new text types (like social media posts) and for changing cult ural realities (like non-binary gender markers). It embodies open science principles and keeps publishing in the hands of its creators.\n\nYou don ’t need a publisher\, a platform\, or a big server farm. Just an XML-awa re text editor\, a few lines of CSS\, and maybe a Git repo. From there\, y ou can transform your encoded text into websites\, PDFs\, e-books — or s hare it directly in its raw\, readable\, hackable form. It’s sustainable \, transparent\, and low-energy. It even challenges the academic prestige economy by making every individual contribution visible — from editors t o annotators to script writers.\n\nIn this talk\, we’ll look at text as code and code as culture\, from alphabets to XML\, and explore how TEI can be a tool for hacking not machines but meaning itself. We’ll end with a practical example: a TEI-encoded page of the first Hacker Bible — becau se our own history also deserves to be archived\, shared\, and forked. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/what-you-hack-is- what-you-mean-35-years-of-wiring-sense-into-text END:VEVENT BEGIN:VEVENT SUMMARY:Fossile Industrie liebt KI! DTSTART:20251230T115000Z DTEND:20251230T123000Z DTSTAMP:20260406T225311Z UID:49ceb68c-bcbe-592f-9c62-b1085f657190 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:Obwohl die negativen Klimaauswirkungen generativer KI immer de utlicher werden\, sollen in ganz Europa Großrechenzentren gebaut werden u nd Deutschland „KI-Nation“ werden\, was ungeahnte „Wirtschaftskräft e freisetzen soll“ – zumindest\, wenn es nach der Bundesregierung geht .\n\nDer Ausbau der Recheninfrastruktur für generative KI benötigt viel Energie\, Wasser und Ressourcen\, was global zu Umweltschäden führt. Pro gnosen für die EU zeigen\, dass der Energieverbrauch in Zukunft so groß werden könnte\, dass der Ausbau der erneuerbaren Energien nicht mithalten kann – doch die fossile Industrie steht bereits in den Startlöchern.\n \nDer Hype um generative KI liefert ihnen die perfekte Begründung für de n Ausbau fossiler Infrastruktur- mitten in der eskalierenden Klimakrise. T ech- und Fossilkonzerne investieren massiv in neue Gaskraftwerke für ener giehungrige Rechenzentren. Dabei ist der wirtschaftliche Nutzen und die W ertschöpfung durch die Technologie weiterhin unklar.\nKlar ist: wir erleb en derzeit eine fossile Gegenoffensive im Gewand digitaler Versprechen. Au f Kosten des Klimas und der Zukunft.\n\nDieser Vortrag schließt an den Ta lk "Klimaschädlich by Design" vom 38C3 an und gibt Updates zu Entwicklung en in Deutschland und Europa. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/fossile-industrie -liebt-ki END:VEVENT BEGIN:VEVENT SUMMARY:Laser Beams & Light Streams: Letting Hackers Go Pew Pew\, Building Affordable Light-Based Hardware Security Tooling DTSTART:20251230T115000Z DTEND:20251230T123000Z DTSTAMP:20260406T225311Z UID:8ddb3a95-bce6-56a7-89f6-d2d50d084e9f CATEGORIES:official,Hardware DESCRIPTION:Stored memory in hardware has had a long history of being infl uenced by light\, by design. For instance\, as memory is represented by th e series of transistors\, and their physical state represents 1's and 0's\ , original EPROM memory could be erased via the utilization of UV light\, in preparation for flashing new memory.\n\nNaturally\, whilst useful\, thi s also has proven to be an avenue of opportunity to be leveraged by attack ers\, allowing them to selectively influence memory via a host of optical/ light-based techniques. As chips became more advanced\, the usage of opaqu e resin was used as a "temporary" measure to combat this flaw\, by coating chips in a material that would reflect undesirable UV.\n\nPresent day opi nions are that laser (or light) based hardware attacks\, are something tha t only nation state actors are capable of doing\; due to both limitations of cost in tooling as well as personnel expertise required. Currently\, so phisticated hardware labs use expensive\, high frequency IR beams to penet rate the resin.\n\nThis project demonstrates that with a limited budget an d hacker-and-maker mentality\, similar results can be obtained at a fracti on of the cost\, from the comfort of your home or garage. With the modific ations of an opensource low-cost microscope\, addition of a home-built bea m splitter and interchangeable diode laser\, it has been shown that consum er-grade diodes are capable of producing results similar to the high-cost variants\, such as the YAG lasers.\n\nOne example of results includes intr oducing affordable avenues to conduct laser-based fault injection\, via th e usage of such budget-friendly tooling. We are opening the study of these low-level hardware attacking methodologies to more entry-level security t esters\, without the need for hundreds of thousands of dollars in startup capital.\n\nBy leveraging more affordable technology alternatives\, we hav e embarked on a mission to uncover hardware malware\, detect supply-chain chip replacements\, and delve into the realm of laser-logic-state imaging. Our approach integrates optics\, laser selection\, and machine learning c omponents. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/laser-beams-light -streams-letting-hackers-go-pew-pew-building-affordable-light-based-hardwa re-security-tooling END:VEVENT BEGIN:VEVENT SUMMARY:Security of Cardiac Implantable Electronic Devices DTSTART:20251230T115000Z DTEND:20251230T123000Z DTSTAMP:20260406T225311Z UID:0cd9234b-1abb-5fa2-85a9-af1ec76569bb CATEGORIES:not recorded,official,Security DESCRIPTION:CIEDs may adversely affect patients implanted with such device s should their security be compromised. Although some efforts to secure th ese devices can be noted\, it has quite often been lacking and may thus en able patient harm or data confidentiality compromise by malicious actors. Given the vast consequences of security vulnerabilities within this indust ry\, the author aims to provide insight into the challenges associated wit h designing security architectures for such platforms\, as well as possibl e methodology of researching these devices safely even when lacking manufa cturer cooperation and access to device programmers. \n\nData collected by CIEDs and transmitted through remote monitoring is an additional concern for patients. Whilst research has shown that most manufacturers do respond in a timely and comprehensive fashion to GDPR requests\, immediate data a ccess is not yet possible and requires the patient to reach out to their d octors to obtain the requisite (event) data. A proposed solution is presen ted on how a patient communicator may be designed to allow patients intere sted in their autonomy to perform limited device interrogation in a safe a nd secure manner. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/security-of-cardi ac-implantable-electronic-devices END:VEVENT BEGIN:VEVENT SUMMARY:Who runs the www? WSIS+20 and the future of Internet governance DTSTART:20251230T115000Z DTEND:20251230T123000Z DTSTAMP:20260406T225311Z UID:9bdb9e0b-10c1-5543-81f5-d51da1c86367 CATEGORIES:official,Ethics\, Society & Politics DESCRIPTION:The starting point is the UN’s WSIS+20 review process\, whic h negotiated the future of the Internet Governance Forum and the roles of stakeholders within it. Against this backdrop\, the talk traces the origin s of the so-called multistakeholder approach and examines how it works in practice and where its limits lie.\n\nWhat role do technical standardizati on organizations such as the IETF\, ICANN\, ITU or the W3C play in an incr easingly geopolitical environment? Who sets the rules\, who defines the st andards\, and who is left out of these processes?\n\nThe aim of the talk i s to make the connections between technology and international politics vi sible and to explain why Internet governance matters to everyone intereste d in an open\, global\, and interoperable Internet. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/who-runs-the-www- wsis20-and-the-future-of-internet END:VEVENT BEGIN:VEVENT SUMMARY:Battling Obsolescence – Keeping an 80s laser tag system alive DTSTART:20251230T125000Z DTEND:20251230T133000Z DTSTAMP:20260406T225311Z UID:d1174c82-6e99-5acb-98f2-3c0f55b046c7 CATEGORIES:official,Hardware DESCRIPTION:Looking at the effects of obsolescence in the context of a las er tag system from the 1980s Q-Zar (Quasar in the UK)\, what needed to hap pen to keep it going to enable people to continue playing. What lessons w e can learn from that and some good examples from other projects\, and how that can be applied to our own projects. \n\nThis talk covers the electro nics involved in the laser tag system\, why the continued availability of components has varied a lot. The need to develop new computer software th at continues to work years later. The way the physical equipment can have its life extended. \n\nTopics covered range from electronics design throu gh to software coding and onto physical unit repair. A look at the tooling created to help maintain\, support and repair the laser tag packs. The c hallenges Covid-19 created and how things were rapidly pivoted to enable c ontinued playing in challenging times.\nThis is about how we all can make simple decisions that help build something that will last the maximum time possible with the least amount of effort. LOCATION:Fuse URL:https://events.ccc.de/congress/2025/hub/event/detail/battling-obsolesc ence-keeping-an-80s-laser-tag-sys END:VEVENT BEGIN:VEVENT SUMMARY:Breaking BOTS: Cheating at Blue Team CTFs with AI Speed-Runs DTSTART:20251230T125000Z DTEND:20251230T133000Z DTSTAMP:20260406T225311Z UID:3d82c56b-fb2f-545f-b8f1-264c220c8f09 CATEGORIES:official,Security DESCRIPTION:THE PLAN\n\nLive demonstrations of AI agents speed-running blu e team challenges\, including the failure modes that break investigations. We'll show both what happens when we try the trivial approaches like “j ust have claude do it”\, “AI workflows”\, and what ultimately worked \, like managed self-planning\, semantic SIEM layers\, and log agents. Mos t can be done with free and open tools and techniques on the cheap\, so we will walk through that as well.\n\nTHE DEEP DIVE\n\n* Why normal prompts and static AI workflows fail\n* Self-planning investigation agents that ev olve task lists dynamically\n* What we mean by semantic layers for calling databases and APIs\n* How to handle millions of log events without bankru pting yourself\n* Why "no AI" rules are misguided technically and conceptu ally\n\nGOING BEYOND CTFS\n\nThe same patterns that trivialize training ex ercises work on real SOC investigations. We're watching blue team work fun damentally transform - from humans investigating to humans managing AI inv estigators. Training programs teaching skills AI already automates. Hiring practices that can't verify who's doing the work. Certifications losing m eaning. More fundamentally\, when we talk about who watches the watchers\, a lot is about to shift again. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/breaking-bots-che ating-at-blue-team-ctfs-with-ai-speed-runs END:VEVENT BEGIN:VEVENT SUMMARY:Von Groschen und SpurLos - GNU Taler auch auf eurem Event! DTSTART:20251230T125000Z DTEND:20251230T133000Z DTSTAMP:20260406T225311Z UID:8d964e8f-4853-5ca9-8a0e-6afc215dae7d CATEGORIES:official,CCC & Community DESCRIPTION:Anonymes Bezahlen ganz ohne Bargeld? Digitales Bezahlen ohne G ebühren auf jede einzelne Transaktion? Keine zentrale Datensammelei bei U S-amerikanischen Zahlungsanbietern\, und trotzdem keine Blockchain?\n\nGeh t nicht? Geht doch! Schon auf mehreren Veranstaltungen wurde [GNU Taler](h ttps://www.taler.net/) erfolgreich als lokales Event-Bezahlsystem eingeset zt: Sämtliche Zahlungen beim [LUG Camp 2024](https://lugcamp.wuplug.org/) wurden dank GNU Taler ausschließlich digital durchgeführt. Ebenso wurde mehr als ein Viertel des Umsatzes bei den [Datenspuren 2025](https://date nspuren.de/2025/) mit GNU Taler digital abgewickelt.\n\nWährend die GLS B ank im Rahmen des EU-geförderten Projekts NGI Taler ein [deutschlandweite s Angebot](https://www.gls.de/taler) vorbereitet\, hatten unsere Besucher* innen bereits jetzt die Gelegenheit\, anonymes digitales Bezahlen in der e chten Welt zu testen. Das positive Feedback und der reibungslose Ablauf ha ben uns gezeigt: GNU Taler ist einsatzbereit und kommt in der Community su per an!\n\nDeshalb wollen wir unsere Erfahrungen mit GNU Taler als Eventbe zahlsystem gerne an Orgateams von anderen (Chaos-)Veranstaltungen weiterge ben. Nach einer Einführung zur Funktionsweise von GNU Taler berichten wir von der praktischen Umsetzung beim LUGCamp und bei den Datenspuren und ge ben Tipps für alle\, die GNU Taler auch bei ihrem nächsten Event anbiete n wollen. LOCATION:Ground URL:https://events.ccc.de/congress/2025/hub/event/detail/von-groschen-und- spurlos-gnu-taler-auch-auf-eurem-event END:VEVENT BEGIN:VEVENT SUMMARY:We\, the EU\, and 1064 Danes decided to look into YouTube: A story about how the EU gave us a law\, 1064 Danes gave us their YouTube histori es\, and reality gave us a headache DTSTART:20251230T125000Z DTEND:20251230T133000Z DTSTAMP:20260406T225311Z UID:d397c338-c631-5a03-a335-e3043d49188c CATEGORIES:official,Science DESCRIPTION:**Talk Description**\nIn this talk\, we explore what happens w hen the European Union’s data access laws meet the practical realities o f platform research. The talk opens with a shared introduction\, where Dav id and LK set the stage: why social media platforms like YouTube matter fo r democracy and what the EU has done to make them more transparent.\n\nLK will then provide a short introduction into the legally mandated ways we c an currently use to access platform data: from the GDPR’s right of acces s\, the research data access provisions in the DSA\, to the portability ob ligations into the DMA. But access is not the same as insight\, a lesson D avid learned the hard way. Along with his team he invited over a thousand Danes to make use of their GDPR-right to their own data and donate their Y ouTube watch histories\, searches\, subscriptions and comments. Using the DSA\, the team then obtained meta-data on the millions of videos the data donors had interacted with. The goal: Seeing what the digital data traces YouTube collects from its users can tell us about the platform’s effect on people’s lives and society. Are the data carrying indicators of polar ization\, loneliness\, political extremism or any of the numerous other ai ls of society that YouTube has been suspected to cause? However\, the data are difficult to get a hold of\, messy\, not properly annotated\, and par sing them requires an almost archeological mindset. Together\, we will pee k behind the Youtube curtain\, shine a light on what platform data actuall y looks like\, and sketch out what can and cannot be learned from them. \n \nAll around Europe\, researchers are currently facing similar challenges\ , parsing cryptic user and platform data from Facebook and TikTok to porn sites and Zalando. The platforms implement the data access laws to achieve minimal compliance but not to provide meaningful transparency. Data gathe red by the DSA40 Data Access Collaboratory shows that application forms va ry widely\, researchers are rejected for non-compliant reasons\, and appli cations artificially stalled. Other researchers have shown that the data r eceived through some of the APIs is incomplete and inaccurate. In short: t here is a lot of space for improvement. But we do not need to wait for inv estigations into platform compliance to conclude.. The basic conditions fo r democratic oversight have been set\, which means that theoretically vari ous legal ways into the platforms exist for citizens\, researchers and civ il society. The question that remains is which levers to use to practicall y realise as much of this potential as possible. \n\n**About the Presenter s**\nDavid Wegmann is a PhD student at Aarhus University\, Denmark. He res earches social media and its societal effects using data science. As part of DATALAB\, he led the analysis of donated data for “Data donation as a method for investigating trends and challenges in digital media landscape s at national scale: The Danish population’s use of YouTube as an illust rative case” by Bechmann and colleagues (2025).\n\nLK Seiling coordinate s the DSA40 Data Access Collaboratory\, where they research the implementa tion of the DSA’s data access provisions. At the Weizenbaum Institute Be rlin\, they are also looking into research engineering and data access as well as technologically mediated risks for individuals\, society\, and sci ence. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/we-the-eu-and-106 4-danes-decided-to-look-into-youtube-a-story-about-how-the-eu-gave-us-a-la w-1064-danes-gave-us-their-youtube-histories-and-reality-ga END:VEVENT BEGIN:VEVENT SUMMARY:Infrastructure Review DTSTART:20251230T134500Z DTEND:20251230T144500Z DTSTAMP:20260406T225311Z UID:323248d0-1bcf-5440-a8b3-9d35d40fb06d CATEGORIES:official,CCC & Community DESCRIPTION:39c3 is a big challenge to run\, install power\, network conne ctivity and other services in a short time and tear down everything even f aster. This is a behind the scenes of the event infrastructure\, what work ed well and what might not have worked as expected. LOCATION:Zero URL:https://events.ccc.de/congress/2025/hub/event/detail/infrastructure-re view END:VEVENT BEGIN:VEVENT SUMMARY:Security Nightmares DTSTART:20251230T134500Z DTEND:20251230T144500Z DTSTAMP:20260406T225311Z UID:a481eb2e-8b78-5f97-bfee-a47d1a271010 CATEGORIES:official,CCC & Community DESCRIPTION:Wir wagen auch den IT-Security-Ausblick auf das Jahr 2026. Der ist wie immer mit Vorsicht zu genießen. LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/security-nightmar es END:VEVENT BEGIN:VEVENT SUMMARY:Closing Ceremony DTSTART:20251230T150000Z DTEND:20251230T160000Z DTSTAMP:20260406T225311Z UID:319c31a2-af90-5db9-89f0-fe9ac582726e CATEGORIES:official,CCC & Community DESCRIPTION: \; LOCATION:One URL:https://events.ccc.de/congress/2025/hub/event/detail/closing-ceremony END:VEVENT END:VCALENDAR