Hackers and Heroes: Rise of the CCC and Hackerspaces

From its roots in phone phreaking to the crackdowns and legal precedents that drove hacking mostly underground (or into business), hacker culture in the United States has seen a lot over the last three decades. Perhaps the biggest standout is the L0pht, a visible 1990s US hackerspace that engaged in open disclosure and was, arguably, the last of the publicly influential US hacker groups.

The details of the American hacker scene were well covered in my article yesterday. It ended on a bit of a down note. The L0pht is long gone, and no other groups that I know of have matched their mix of social responsibility and public visibility. This is a shame because a lot of hacker-relevant issues are getting decided in the USA right now, and largely without our input.

Chaos Computer Club

But let’s turn away from the USA and catch up with Germany. In the early 1980s, in Germany as in America, there were many local computer clubs that were not much more than a monthly evening in a cafeteria or a science museum or (as was the case with the CCC) a newspaper office. Early computer enthusiasts traded know-how, and software, for free. At least in America, nothing was more formally arranged than was necessary to secure a meeting space: we all knew when to show up, so what more needed to be done?

Things are a little different in the German soul. Peer inside and you’ll find the “Vereinsmentalität” — a “club-mentality”. Most any hobby or sport that you can do in Germany has an associated club that you can join. Winter biathlon, bee-keeping, watercolor painting, or hacking: when Germans do fun stuff, they like to get organized and do fun stuff together.

Continue reading “Hackers and Heroes: Rise of the CCC and Hackerspaces”

32C3: Running Linux On The PS4

At the 2010 Chaos Communication Congress, fail0verflow (that’s a zero, not the letter O) demonstrated their jailbreak of the PS3. At the 2013 CCC, fail0verflow demonstrated console hacking on the Wii U. In the last two years, this has led to an active homebrew scene on the Wii U, and the world is a better place. A few weeks ago, fail0verflow teased something concerning the Playstation 4. While this year’s announcement is just a demonstration of running Linux on the PS4, fail0verflow can again claim their title as the best console hackers on the planet.

Despite being able to run Linux, there are still a few things the PS4 can’t do yet. The current hack does not have 3D acceleration enabled; you won’t be playing video games under Linux with a PS4 any time soon. USB doesn’t work yet, and that means the HDD on the PS4 doesn’t work either. That said, everything to turn the PS4 into a basic computer running Linux – serial port, framebuffer, HDMI encoder, Ethernet, WiFi, Bluetooth, and the PS4 blinkenlights – is working.

Although the five-minute lightning talk didn’t go into much detail, there is enough information on their slides to show what a monumental task this was. fail0verflow changed 7443 lines in the kernel, and discovered the engineers responsible for the southbridge in the PS4 were ‘smoking some real good stuff’.

This is only fail0verflow’s announcement that Linux on the PS4 works, and the patches and bootstrap code are ‘coming soon’. Once this information is released, you’ll need to ‘Bring Your Own Exploit™’ to actually install Linux.

Video of the demo below.

Continue reading “32C3: Running Linux On The PS4”

32C3: Vector Video Games

There are a few classic video games that rely on vector graphics and special monitors. Asteroids is incomplete if you’re not playing it in its original arcade format. The same goes with Tempest, Lunar Lander, and the 1983 Star Wars arcade game. Emulation of these games is possible, even with MAME, but the display – like every display you can buy today – is still rasterized. The solution to this problem is to create a vector display output for MAME that works in conjunction with adapter boards and DACs connected to a monitor.

For this year’s Chaos Computer Congress, that’s exactly what [Trammell Hudson] and [Adelle Lin] did. They’ve created an open source vector gaming system that connects MAME to XY monitors and oscilloscopes.

The build uses a custom board equipped with a Teensy 3.1 microcontroller and a 12-bit DAC to convert XY coordinates sent by MAME to vectors that can be displayed on any XY monitor. This, of course, requires a patch to MAME, which the maintainers rejected as being an, “unacceptably hacky way to achieve the intended result.” It does achieve the intended result, though: allowing dozens of vector games playable on whatever monitor supports vector graphics.

So far, [Trammell] and [Adelle] have gotten their system working on Vectrex consoles, analog oscilloscopes set to XY mode, and vectorscopes that litter every broadcast station and surplus shop. Check out [Trammell] and [Adelle]’s talk, and if you want to build the V.st vector display driver, the board is available from OSHPark.

32C3: Towards Trustworthy x86 Laptops

Security assumes there is something we can trust; a computer encrypting something is assumed to be trustworthy, and the computer doing the decrypting is assumed to be trustworthy. This is the only logical mindset for anyone concerned about security – you don’t have to worry about all the routers handling your data on the Internet, eavesdroppers, or really anything else. Security breaks down when you can’t trust the computer doing the encryption. Such is the case today. We can’t trust our computers.

In a talk at this year’s Chaos Computer Congress, [Joanna Rutkowska] covered the last few decades of security on computers – Tor, OpenVPN, SSH, and the like. These are, by definition, meaningless if you cannot trust the operating system. Over the last few years, [Joanna] has been working on a solution to this in the Qubes OS project, but everything is built on silicon, and if you can’t trust the hardware, you can’t trust anything.

And so we come to an oft-forgotten aspect of computer security: the BIOS, UEFI, Intel’s Management Engine, VT-d, Boot Guard, and the mess of overly complex firmware found in a modern x86 system. This is what starts the chain of trust for the entire computer, and if a computer’s firmware is compromised it is safe to assume the entire computer is compromised. Firmware is also devilishly hard to secure: attacks against write protecting a tiny Flash chip have been demonstrated. A Trusted Platform Module could compare the contents of a firmware, and unlock it if it is found to be secure. This has also been shown to be vulnerable to attack. Another method of securing a computer’s firmware is the Core Root of Trust for Measurement, which compares firmware to an immutable ROM-like memory. The specification for the CRTM doesn’t say where this memory is, though, and until recently it has been implemented in a tiny Flash chip soldered to the motherboard. We’re right back to where we started, then, with an attacker simply changing out the CRTM chip along with the chip containing the firmware.

But Intel has an answer to everything, and to the house of cards for firmware security, Intel introduced their Management Engine. This is a small microcontroller running on every Intel CPU all the time that has access to RAM, WiFi, and everything else in a computer. It is security through obscurity, though. Although the ME can elevate privileges of components in the computer, nobody knows how it works. No one has the source code for the operating system running on the Intel ME, and the ME is an ideal target for a rootkit.

trustedstickIs there hope for a truly secure laptop? According to [Joanna], there is hope in simply not trusting the BIOS and other firmware. Trust therefore comes from a ‘trusted stick’ – a small memory stick that contains a Flash chip that verifies the firmware of a computer independently of the hardware in a computer.

This, with open source firmwares like coreboot are the beginnings of a computer that can be trusted. While the technology for a device like this could exist, it will be a while until something like this will be found in the wild. There’s still a lot of work to do, but at least one thing is certain: secure hardware doesn’t exist, but it can be built. Whether secure hardware comes to pass is another thing entirely.

You can watch [Joanna]’s talk on the 32C3 streaming site.

Chaos Communication Camp 2015: Badges, Talks, and Culture

The Rad1o Badge

The rad1o badge is this great standalone HackRF clone, and great hardware hacking platform. On Day Two and most of Day Three, people were divided largely into two camps: those simply having fun with GNURadio and the software-defined radio (SDR) side of things, and those modifying and adding to the rad1o firmware to get the various peripherals up and working or simply make sweet animations.


On the evening on Day Three, this all changed. [iggy] managed to get the HackRF PortaPack library ported over to the rad1o badge. We’re excited about this code because it lets the radio and microcontroller sides of the badge work together, and that means things like a standalone SDR radio sniffer with waterfall plot (pictured here picking up WiFi and Bluetooth signals) is feasible. Using the badge as a standalone transmit and receive platform can’t be far away. Things are starting to get really cool with the rad1o, and there’s still two days of camp left.

Meanwhile, on the SDR front, there was a packed house at the GNURadio workshop last night, and there’s going to be a repeat on Sunday since it was so popular. The Munich CCC has a great SDR scavenger hunt going on currently, and [Sec] and [Schneider] from Munich gave their talk on eavesdropping on the Iridium satellite pager system with a twist at the end: a live demo of decoding the pager’s beacon signals inside the tent, run on custom software and the rad1o badge.


We attended Internet Archive’s talk on how they’re getting along. If you don’t know the IA, they run the Wayback Machine, have preserved a bunch of old-school video games, and are currently running a large-scale book-scanning project. High points of the talk include the story of their legal self-defense against an intrusive National Security Letter, and the background of their workaround that lets them loan out books even when they’re still under copyright.

At the same time, [Will Scott] gave a talk on open proxies. Thanks to the saved talks, we watched both. A lot of computers out there (accidentally or otherwise) allow people to proxy their data

[Lieven Standaert]’s talk on prototyping is a great summary of a bunch of tricks and tips that he’s learned by shepherding students through some fairly ambitious design projects. He’s got a complete lab with CNC mill, laser cutter, and 3D printer and the focus of the talk is on how to use these various tools together most efficiently, playing to each of their various strong suits.

shot0001[Tarek Loubani] gave an inspirational talk “3D Printing High-Quality Low-Cost Free Medical Hardware“. Basically, he looked into stethoscope designs, and re-engineered a 3D printable version. All of the tech in stethoscopes is in the housing design and its shape, and they’re relatively expensive, so it’s a fantastic low-hanging fruit. Watch the talk if you’re thinking about doing some good with your 3D printer. (Not that printing out owls with top hats isn’t important for the world…)

If you’re looking to upgrade your DIY electronics manufacturing capabilities, [hunz]’s talk on “Pushing the Limits of DIY Electronics” is worth a look. As the cool parts get smaller, the DIYer faces a number of new challenges, from thin traces to reflow soldering of BGA parts. A great tip: some board houses offer free SMD solder stencils, and it can be easily worth it to order up a single-sided PCB from them just to get the stencil. He also got into the design side of DIY manufacture, including a discussion of transmission lines that we found helpful.

Here are two more talks that we probably don’t need to tell you are cool: space hacking and combat robots. Need we say more? Both talks are introductory and general, and if what you need is a little encouragement to get involved, you’ll find it here.

Life in Camp: Kids and the Lake

OK, we’re not going to lie: it got hot over the last two days. Like, really hot. One of the nicest features of camp life, then, is the lake (or the lakes, because there’s another one just outside the camp that’s larger and a bit less popular). If you’ve already caught up on your sleep, and your hacking projects are in a good place, or if it’s just too hot to work, nothing beats a dip in the cool water. Heck, even if you’ve got hacking to do, take a swim break for an hour. After all, that’s what makes Camp special.

IMG_20150815_145833Finally, we were surprised how kid-friendly Camp has become this time around. The accommodations for the still-too-young-to-hack are pretty amazing. From a petting zoo to a gigantic Lego-filled tent, to the nearly full schedule of finger painting and kiddie arts-and-crafts, you’d have almost as much to do at Camp if you were five as if you were twenty-five. Time passes, and even hackers don’t stay young forever, and it’s fantastic to see the community taking care of the next generation. Plus, the kids seem to love it.

Going On

Again, with so many things going on at Camp, it’s hard to keep up with everything. Look through the archived talks and see what strikes your fancy. If you find something you like, post up in the comments.

Chaos Communication Camp 2015: Dispatch from Day One

There’s been too much to do here at the Chaos Communication Camp — the Quadrennial outdoor meeting of hackers. Between talks and projects and workshops, there’s hardly been a minute to sit down and write up a summary.  Nonetheless, I’ve sat in on a few talks.  Here’s a quick overview of some of what happened on Day One, and a little look behind the scenes into what makes a 5,000-person hacker camp work.

Continue reading “Chaos Communication Camp 2015: Dispatch from Day One”

Chaos Communication Camp 2015 Teaser

It happens every four years in Germany. The days are at their longest and the summer heat’s penetrating. It’s time to break out the tent and go camping. But who wants to go camping in the wilderness, where there’s no Gigabit Ethernet and nobody to hack on projects with? Much better to attend the Chaos Communications Camp 2015 with 5,000 other nerds. And Hackaday will be there!

If you’ve never been to a Chaos Camp, it’s an amazing experience. It’s like a DIY version of DEF CON, except that it takes place in tents in the countryside outside Berlin instead of gambling-themed hotels in the dry, dusty desert. There’s a lot more emphasis on actually doing stuff while at camp. (It’s meant to be a vacation, after all.) Indeed, presentations are shut down in the middle of the day for three and a half hours to give people time to hack and interact.



Have a look at the list of projects, events, sessions, villages, or talks to get a feeling of scale, and bear in mind that a lot of the most interesting activities are often unofficial: people getting together to work on stuff. There’s plenty of inspiration and room for cooperation to go around.

Like many cons these days, the badge itself will doubtless serve as at least one such source of inspiration, and the 2015 Camp’s badge is awesome. It’s essentially a HackRF One with an LPC4300 ARM Cortex M4 micro, large flash memory, USB, battery, audio, and an LCD screen on-board. Add an antenna and you’ve got an insanely versatile standalone radio hacking platform. We’re digging through the docs in anticipation. So expect some to see a bunch of SDR and RF hacks in the next few months as 5,000 hackers get these in their hands.

If you can’t make it (tickets have been sold out for a while now), you can check out the live streams. Not only will the talks be shown as they happen, but in keeping with the democratic ethos of the CCC, anyone who can set up an icecast server can set up their own stream.

And of course, we’ll be there reporting on as much as we can. If anything strikes your fancy and you’d like us to check it out for you, post up in the comments here. We can’t promise the impossible, but we’ll try. And if you’re going to camp as well, keep an eye out for Elliot and say Hi.