Summary of Day#0
This year the CCC has started pretty chaotic, which isn’t strange because we’re in the Chaos Computer Congress ;)
I say that this year started chaotic, because the ticket selling desk was supposed to be up&running at 5 PM yesterday, but the opening was delayed until 10 PM. I was there at 5, it wasn’t ready, I went for a 2 hours talk, I was there at 7 again, but I saw that the place was open but the selling desks weren’t working yet, and finally after a long walk one more time through the nice xmas markets around the city (I had and overdose of curry bradwurst) I met with Luy, we had a couple of beers(yes, just a couple! ;)) and went to BCC at 10 PM, just to find a looooooong, loooooooong queue :( I haven’t seen anything like that the previous years, the line was all inside the ground floor in the BCC… luckily for LuY and I, JAG was already there, he has been in the line for about 15 minutes and we joined him. We were there, queueing, about 1 hour… the longest queueing time that I remember in a CCC Congress :( if the last year the congress was crowded, this year gonna be crowded++
Day#0 is almost finished, time for something to eat… we had a kebab in Alexanderplatz, some chatting to catchup in the everyday lives of all of us, and time to calling sleep() system function ;)
Day#1 of 26C3 has started.
We met at 10 in Alexanderplatz to have some breakfast. This year we started our personal schedule pretty late compared to other years as the opening lecture, the keynote, this year is in german instead of in english as opposed to previous years, so the first bunch of talks would be the lighting talks. Here we had a mix of german and english talks, I don’t speak a word of german so the talks in this language are totally encrypted for me, that’s a pity because some of them seem pretty interesting. Anyway, we had here a lot of short (4 minutes long) talks, most of them really interesting. People frequently use these lighting talks to briefly introduce the projects in which they’re working on. The talks that I found more interesting, and that I’ll try to know more deeply in the next few days are the following ones:
Sleephacking. If you’re like me, I guess that you have tried polyphasic sleep or at least you have read about it. This talk was a summary of what hacking-sleep-techniques are out there, and invite us all to the workshop about polyphasic sleep. I didn’t attend it, but I’d liked to.
Radio Broadcasting. Maybe you thing trhat radio broadcasting is completely dead. Who wants to FM or AM broadcast when you can broadcast whatever you want globally through the Internet. Take a look at the opendigitalradio project, it’s worth it, maybe you change your mind after know what you can do with a USRP and some radio oriented open software.
Sybil Attack & DDOS with BitTorrent DHT. The idea behind this was very interesting despite the guy giving the talk seemed really nervous… take it easy man, we’re all friends! :) OK, the idea was cool… a DDOS attack forced when you inject some fake DHT info to the torrent network, so you’re telling that some pieces of information are available in IP addresses that really don’t, forcing other people looking for these chunks to connect to the target, and doing that, you create a TCP connection storm against the target.
There were a cool talk about a guy who built a pong watch and asteroid watch, really funny… your binary led watch looks like crap compared with this pong watch. You have to watch it out! :)
More details about the lighting talks here, try to google to find more information about each subject.
After a couple of giant bratwurst for lunch I attended the talk Our darknet and bright spots about the VPN system created to link all the hackerspaces around the world. It was about ChaosVPN (network tha links EU hackerspaces, mainly the german ones) and Agora (network that links all US hackerspaces as noisebridge in SF or Resistor in NYC). Which network topology to use, why a centralized (star kind) topology doesn’t work for them, and why popular VPN software like OpenVPN doesn’t fit their needs. These intranets are based on the tinc and dn42 as the core software for linking all the nodes and a workshop was setup to teach how to get into the hackerspace mesh network. The idea of joining and sharing resources, or participate in the 24/7 CTF is really cool, and catch all my attention, so I’ll take a look at home again in a few days. If I finally get into, I’ll write a post of how to join the network, and what services are on it.
The next talk I’ve attended was Exposing Crypto Bugs through Reverse Engineering. It was a nice talk about how good crypto can be totally cracked if the implementation is bad. The first example was a crypto key, FIPS approved, that creates several encrypted file systems, with 4 different passwords, one for private data, another on for public data, a fake private password that you can use when someone asks you to give him/her your private key, so you can use this fake password that opens and decrypts a simulated real file system, and doing that you fool the guy in the border, for example. Well, the bug in this crypto key was that through reverse engineering was known the structure of the crypto file where the four blocks of data were stored. The structure keeps the passwords SHA hashed. By a brute force attack, or a rainbow table attack, you could crack one or more than one of the four passwords. And what was the funny trick that exposed the really bad implementation? Well, if you could find 1 of the 4 passwords, you could decrypt any of the four data blocks not only the data block associated with the password cracked. So, in the talk he cracked the panic password, which is the 4th password that you can define, the panic password is the one that you’d use to wipe out all the information in your private block, rebuilding the crypto file from scratch. As you can imagine the panic password should be short, so you can type it really fast if you’re on problems. So it’s the one easier to brute-force. So, if you have a weak password, the panic one, you crack it, and you can use it due to the bad implementation to decrypt the private and really secret data… then this system is completely useless.
Next GSM: SRSLY? talk. This kind of talks about GSM encryption aren’t new in CCC, the last couple of years had been talks to inform about the state of art of A5/1 cracking using pre-calculated tables. This time, the H4RDW4RE group has talked about the viability of the attack, which has been evolving from the last 12 years, being completely feasible for everyone with an USRP2 device, what permit you to make a MiTM attack to the GSM terminals, using OpenBTS and forwarding the calls through your own Asterisk PBX if needed. By the way, the USRP is a REALLY AMAZING device, I want one of those :-O it’s a really amazing device to play with radio networks, that’s BT, WiFi, GSM, and radio broadcasting… really cool, don’t you think?. If you’re interested in this subject, check the project page and don’t hesitate to colaborate with the calculation effort.
The last talk I attended today was the cat /proc/sys/net/ipv4/fuckups. Cool talk about how to bypass level 3/4 layer filters taking advance of a faulty Linux device driver of a Realtek giga network card, how to poison squid DNS cache, or how to execute arbitrary code on a remote IM client using the custom emoticons… nice talk, much in the style of “How to own…” book series, linking a bunch of isolated “epic fails” or misconfigurations to reveal a scenario in which taking advantage of all these bugs, one after the other, you can own the system. Nice talk, specially the explanation about the stupid and dangerous implementation of the MSN custom emoticons, so easy to own the remote IM client…
To end the night before going to the hostel, a late night Kebab at our usual place with Max, the guy from Austria that we met last year, and that we’ve met this year again in the CCC. Sai Emrys joined us in the Kebab place, and we had a cool talk about cryptography and the “free space filesystem” idea that he throw in his lightning talk of today, tomorrow he’ll talk about “how to create languages”.
Nice first day… I’m uploading this report while having the last beer in the hostel bar, goind to sleep() to have more hacker’s fun tomorrow morning… nice hacking!