33C3: Works for Me

The Chaos Communication Congress (CCC) is the largest German hacker convention by a wide margin, and it’s now in its thirty-third year, hence 33C3. The Congress is a techno-utopian-anarchist-rave with a social conscience and a strong underpinning of straight-up hacking. In short, there’s something for everyone, and that’s partly because a CCC is like a hacker Rorschach test: everyone brings what they want to the CCC, figuratively and literally. Somehow the contributions of 12,000 people all hang together, more or less. The first “C” does stand for chaos, after all.

What brings these disparate types to Hamburg are the intersections in the Venn diagrams. Social activists who may actually be subject to state surveillance are just as interested in secure messaging as the paranoid security geek or the hardcore crypto nerd who’s just in it for the algorithms. Technology, and how we use it to communicate and organize society, is a pretty broad topic. Blinking lights also seem to be in the intersection. But on top of that, we are all geeks. There’s a lot of skill, smarts, and know-how here, and geeks like sharing, teaching, and showing off their crazy creations.

Continue reading “33C3: Works for Me”

33C3 Starts Tomorrow: We Won’t Be Sleeping for Four Days

Possibly the greatest hacker show on Earth, the 33rd annual Chaos Communication Congress (33C3) begins Tuesday morning in Hamburg, Germany. And Hackaday will be there! Contributing Editor [Elliot Williams] is taking the night train up and will be trying to take it all in for you. The schedule looks tremendous.

If you can’t make it, don’t fret. There will be live streaming, and the talks are usually available in preliminary edit for viewing or download just a few minutes after they finish. It’s even cooler to watch the talks with friends, though. Every hackerspace with a video projector could be playing along, live or after the fact. Pick some cool talks and have a “movie night”.

elliot_williams_head_2_square_fuzzIf you’re going to be in Hamburg, and you want to show us something cool, tell us that something is NOTAHACK!1!! in person, or even just say “Hi”, we’ll be wandering around from talk to talk and session to session just like you, only with a backpack full of Hackaday stickers.

If there’s anything you think we should see, post up in the comments. If there’s enough call for it, we’ll have a Hackaday meetup once we can figure out a good time and location. Bring us a cool hack, and we’ll document it on the spot! Our DECT phone number is 2475.

Hackaday Links: December 4, 2016

The Chaos Communication Congress is growing! Actually, it’s not, but there may be an ‘overflow venue’ for everyone who didn’t get a ticket. There’s a slack up for people who didn’t get a ticket to 33C3 but would still like to rent a venue, set up some tables, stream some videos, and generally have a good time.

Need to test a lot of batteries? Have one of those magnetic parts tray/dish things sitting around? This is freakin’ brilliant. Put your batteries vertically in a metal dish, clip one lead of a meter to the dish and probe each battery with the other lead of your meter.

Pravda reports the USS Zumwalt and HMS Duncan – the most technologically advanced ships in the US and Royal Navies – have turned into, ‘useless tin cans due to China’, with ‘Microchips made in China putting the vessels out of action’. Again, Pravda reports this, so don’t worry. In other news, someone found a few USB drives in a parking lot in Norfolk, Virginia.

Here’s how discourse goes on the Internet. Someone does something. Everyone says it’s stupid. We wait a few days or weeks. Someone posts something on Medium telling everyone it’s actually okay. Public opinion is muddled until the actual issue being discussed is rendered technologically irrelevant. For the newest MacBook Pro, we’re currently at stage 3 and ‘it’s kind of great for hackers’. Now if only we knew how to make USB-C ports work with microcontrollers…

If you have a Prusa i3, here’s a free gift: a Spitfire. The files to print a remote control, 973mm Spitfire Mk XVI are now free for Prusa i3 and i3 Mk 2 owners. Why? Because it’s cool, duh, and [Stephan Dokupil] and [Patrik Svida], the guys behind the Spitfire and other 3D printed RC planes, are also in Czech. Now all we need are Czech roundel stickers.

32C3: Running Linux On The PS4

At the 2010 Chaos Communication Congress, fail0verflow (that’s a zero, not the letter O) demonstrated their jailbreak of the PS3. At the 2013 CCC, fail0verflow demonstrated console hacking on the Wii U. In the last two years, this has led to an active homebrew scene on the Wii U, and the world is a better place. A few weeks ago, fail0verflow teased something concerning the Playstation 4. While this year’s announcement is just a demonstration of running Linux on the PS4, fail0verflow can again claim their title as the best console hackers on the planet.

Despite being able to run Linux, there are still a few things the PS4 can’t do yet. The current hack does not have 3D acceleration enabled; you won’t be playing video games under Linux with a PS4 any time soon. USB doesn’t work yet, and that means the HDD on the PS4 doesn’t work either. That said, everything to turn the PS4 into a basic computer running Linux – serial port, framebuffer, HDMI encoder, Ethernet, WiFi, Bluetooth, and the PS4 blinkenlights – is working.

Although the five-minute lightning talk didn’t go into much detail, there is enough information on their slides to show what a monumental task this was. fail0verflow changed 7443 lines in the kernel, and discovered the engineers responsible for the southbridge in the PS4 were ‘smoking some real good stuff’.

This is only fail0verflow’s announcement that Linux on the PS4 works, and the patches and bootstrap code are ‘coming soon’. Once this information is released, you’ll need to ‘Bring Your Own Exploit™’ to actually install Linux.

Video of the demo below.

Continue reading “32C3: Running Linux On The PS4”

32C3: Inside Glorious Leader’s Operating System

North Korea is a surveillance state propped up by a totalitarian government infamous for human rights abuses and a huge military that serves the elite while the poor are left to fight over scraps. Coincidently, that’s exactly what North Korea says about the United States.

There is one significant difference between the two countries: North Korea has developed its own operating system for its citizens, called Red Star OS. It’s an operating system based on Linux, but that has a few interesting features that allow Glorious Leader to take care of his citizens. A deep teardown of what has gone into the development of Red Star OS hasn’t been available until now, with [Florian Grunow] and [Niklaus Schiess]’s talk at the Chaos Communication Congress this week.

Kim Jong-Un with an iMac
Kim Jong-Un with an iMac

The first question anyone must ask when confronted with an operating system built by a country that doesn’t have much electricity is, “why?” This question can only be answered philosophically; the late Kim Jong-Il stressed the importance of North Korea developing “their own style” of programming, and not relying on western operating systems. Nearly everything in Red Star has been modified, with a custom browser called Naenara, a crypto tool, a clone of Open Office, a software manager, and a custom music composition tool. Red Star also had to have the look and feel of OS X; that is, after all, what Glorious Leader uses.

Red Star goes much deeper than custom browsers and a desktop theme. There are other, subtler components inside the OS. There is a program that verifies the integrity of the system by checking signatures of the custom files against a database. If a file has been tampered with, the system reboots. Since this tamper check runs on bootup, Red Star makes it nearly impossible to modify files for study. This is one of the big features designed into Red Star – system integrity is paramount.

There are other custom bits of software that hide files from the user even if they have root, and a ‘virus scanner’ that is anything but. This virus scanner checks documents for patterns that, when put through Google Translate, are strange, weird, and somewhat understandable. Phrases like, “punishment”, “hungry”, and “strike with fists” are detected in all documents, and depending on what the developers decide, these documents can be deleted on a whim.

While scanning a system for documents that contain non-approved speech is abhorrent enough, there’s another feature that would make any privacy advocate weep. Media files including DOCX, JPG, PNG, and AVI files are watermarked by every computer that opened the files. This allows anyone to track the origin of a file, with the obvious consequences to free speech that entails.

While most people in the US consider North Korea to be a technological backwater and oppressive regime, the features that make Red Star OS useful to the DPRK are impressive. The developers touched nearly everything in Red Star, and the features inside it are rather clever and make their style of surveillance very useful. They’re also doing this without any apparent backdoors or other spycraft; they’re putting all their surveillance out in the open for all to see, which is, perhaps, the best way to go about it.

Hackaday at 32C3 and Shmoocon

We are just a few days away from the 2015 Chaos Communications Congress in Hamburg Germany and we’re happy to say that a couple of the Hackaday crew will be on hand.
The annual event is one of the premier hacker conferences in the entire world. CCC-fairydustBoth [Voja Antonic] and [Nava Whiteford] will be attending this year’s 32C3, which runs from Sunday the 27th through Wednesday the 30th.

[Voja] will be pretty busy working a booth that will show off two of his projects. One is his Single-Chip Gaming System and the other is his DIY Book Scanner. If you do want to track him down, he dusted off his Twitter account, @Voja_Antonic, just for the event.

[Nava] will be less tied town, and looking for the best there is to see at the conference. If you want to connect with him, give his Twitter account a jingle: @new299.

2016 Shmoocon

schmoocon-bikerShmoocon is in the middle of January and boasts “Less Moose than Ever”. It’s notoriously hard to get a ticket for the annual hacker convention held in Washington, DC. We asked for three press passes and they were kind enough to provide one. We tried and failed to get tickets during the second public release, which sold out 900 passes in 7.58 seconds.

We’re Looking for One More Ticket!

We were able to purchase a single ticket second-hand, so along with the press pass we now have two. [Mike] and [Brian] are both planning to attend, but we’d like it if [Sophi] could be there as well. If you know of an extra ticket which we can buy at face value, please email mike at Hackaday with the details.

Will you be at Shmoocon? Want to meet up with [Brian], [Mike], and hopefully [Sophi], or know of an activity there we just shouldn’t miss? Ping us on Twitter (@szczys, @bbenchoff, @sophikravitz).

Also, how are our choices on con attendance so far? Leave a comment below and let us know what hacking events you think we just shouldn’t miss in the coming year.

Watch all of the freshly published talks from 28c3

The 28th Annual Chaos Communications Congress just wrapped things up on December 31st and they’ve already published recordings of all the talks at the event. These talks were live-streamed, but if you didn’t find time in your schedule to see all that you wanted, you’ll be happy to find your way to the YouTube collection of the event.

The topics span a surprising range. We were surprised to see a panel discussion on depression and suicide among geeks (hosted by [Mitch Altman]) which joins another panel called Queer Geeks, to address some social issues rather than just hardcore security tech. But there’s plenty of that as well with topics on cryptography, security within web applications, and also a segment on electronic currencies like Bitcoins.

There really is something for everyone and they’ve been thoughtful enough to include playlists for all talks, just the lightning talks, and lightning talks categorized by the day they occurred. Get those links from their YouTube channel description, or find them after the break.

Continue reading “Watch all of the freshly published talks from 28c3”