BEGIN:VCALENDAR VERSION:2.0 METHOD:PUBLISH PRODID:Data::ICal 0.24 X-PUBLISHED-TTL:PT10M X-WR-CALDESC:https://events.ccc.de/congress/2025/hub/ X-WR-CALNAME:39th Chaos Communications Congress - Main Stages BEGIN:VTIMEZONE TZID:Europe/Berlin BEGIN:DAYLIGHT DTSTART:19700329T020000 RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=-1SU TZNAME:CEST TZOFFSETFROM:+0100 TZOFFSETTO:+0200 END:DAYLIGHT BEGIN:STANDARD DTSTART:19701025T030000 RRULE:FREQ=YEARLY;BYMONTH=10;BYDAY=-1SU TZNAME:CET TZOFFSETFROM:+0200 TZOFFSETTO:+0100 END:STANDARD END:VTIMEZONE BEGIN:VEVENT CATEGORIES:Art & Beauty\, Talk CLASS:PUBLIC DESCRIPTION:Typography is the art of arranging type to make written languag e legible\, readable\, and appealing when displayed. However\, for the neo phyte\, typography is mostly apprehended as the juxtaposition of character s displayed on the screen while for the expert\, typography means typeface \, scripts\, unicode\, glyphs\, ascender\, descender\, tracking\, hinting\ , kerning\, shaping\, weigth\, slant\, etc. Typography is actually much mo re than the mere rendering of glyphs and involves many different concepts. If glyph rendering is an important part of the rendering pipeline\, it is nonetheless important to have a basic understanding of typography or ther e’s a known risk at rendering garbage on screen\, as it has been seen many times in games\, software and operating systems.\nText is everywhere in o ur modern digital life and yet\, no one really pay attention to how it is rendered on a screen. Maybe this is a sign that problem has been solved. B ut it isn't. A few people are still looking at the best way to display tex t on any devices & any languages. This talk is based on a lesson I gave at SIGGRAPH a few years ago (https://www.slideshare.net/slideshow/siggraph- 2018-digital-typography/110385070) to explain rendering techniques and con cepts.\n DTEND;TZID=Europe/Berlin:20251227T114000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T110000 LOCATION:Ground SUMMARY:The art of text (rendering) - Nicolas Rougier [en] UID:7c12c5be-5414-5673-a856-697a3889f824 URL:https://events.ccc.de/congress/2025/hub/event/detail/the-art-of-text-re ndering END:VEVENT BEGIN:VEVENT CATEGORIES:Science\, Talk CLASS:PUBLIC DESCRIPTION:Despite how it's often portrayed in blogs\, scientific articles \, or corporate test planning\, fuzz testing isn't a magic bug printer\; j ust saying "we fuzz our code" says nothing about how _effectively_ it was tested. Yet\, how fuzzers and programs interact is deeply mythologised and poorly misunderstood\, even by seasoned professionals. This talk analyses a number of recent works and case studies that reveal the relationship be tween fuzzers\, their inputs\, and programs to explain _how_ fuzzers work. \nFuzz testing (or\, "fuzzing") is a testing technique that passes randoml y-generated inputs to a subject under test (SUT). This term was first coin ed in 1988 by Miller to describe sending random byte sequences to Unix uti lities (1)\, but was arguably preceded in 1971 by Breuer for fault detecti on in sequential circuits (2) and in 1972 by Purdom for parser testing by generating sentences from grammars (3). Curiously\, they all exhibit diffe rent approaches for generating inputs based on knowledge about the SUT\, t hough none of them use feedback from the SUT to make decisions about new i nputs.\n\nFuzzing wasn't yet popular\, but industry was catching on. Betwe en the late 90s and 2013\, we see a number of strategies appear in industr y (4). Some had success with constraint solvers\, where they would observe runtime behavior or have knowledge about a target's structure to produce higher quality inputs. Others operated in a different way\, by taking an e xisting input and tweaking it slightly ("mutating") to address the low-lik elihood of random generation to produce structured inputs. None was as suc cessful\, or as popular\, as American Fuzzy Lop\, or "AFL"\, released in 2 013. This combined coverage observations for inputs (Ormandy\, 2007) with concepts from evolutionary novelty search (5) into a tool which could\, fr om very few initial inputs\, _evolve_ over multiple mutations to find new\ , untested code.\n\nDespite its power\, this advancement made it far more difficult to understand how fuzzers even worked. Now all you had to do was point this tool at a program and it would start testing\, and the coverag e would go up\; users were now only responsible for writing "harnesses"\, code which processed fuzzer-produced inputs and sent them to the SUT. Thou gh there have been a few real advances to fuzzing since (or\, at least\, s trategies which combined previous methods more effectively)\, fuzzing rese arch has mostly deadended\, with new methods squeezing only minor improvem ents out of older ones. This\, and inadequate harness writing\, comes from this opaqueness in how fuzzers internally operate: without understanding what these tools do from first principles\, there's no clear "right" and " wrong" way to do things because there is no mental model to test them agai nst.\n\nThis talk doesn't talk about new bugs\, new fuzzers\, or new harne ss generation tools. The purpose of this talk is to uncover mechanisms of fuzzer input production in the context of different classes of SUT and har nesses thereon\, highlighting recent papers which have clarified our under standing of how fuzzers and SUTs interact. By the end\, you will have a be tter understanding of _why_ modern fuzzers work\, _what_ their limitations are\, and _how_ you can write better fuzzers and harnesses yourself.\n\n( 1): https://pages.cs.wisc.edu/~bart/fuzz/CS736-Projects-f1988.pdf\n(2): ht tps://ieeexplore.ieee.org/document/1671733\n(3): https://link.springer.com /article/10.1007/BF01932308\n(4): https://afl-1.readthedocs.io/en/latest/a bout_afl.html\n(5): https://www.academia.edu/download/25396037/0262287196c hap43.pdf\n DTEND;TZID=Europe/Berlin:20251227T123500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T115500 LOCATION:Ground SUMMARY:Demystifying Fuzzer Behaviour - Addison [en] UID:077fbf39-e49b-5f13-8a6f-c5c71bcb309c URL:https://events.ccc.de/congress/2025/hub/event/detail/demystifying-fuzze r-behaviour END:VEVENT BEGIN:VEVENT CATEGORIES:Science\, Talk CLASS:PUBLIC DESCRIPTION:Die Legalisierung des Online-Glücksspiels in Deutschland im Jah r 2021 und die zunehmende Normalisierung von Glücksspiel und Sportwetten i n den Medien haben ein Umfeld geschaffen\, in welchem Glücksspielprodukte leichter zugänglich und gesellschaftlich stärker akzeptiert sind als je zu vor. Diese weit verbreitete Exposition birgt erhebliche Risiken für vulner able Personen\, insbesondere da die Grenzen zwischen Spielen und Glücksspi el zunehmend verwischen. Seit einiger Zeit ist beispielsweise ein deutlich er Anstieg von Spielen zu beobachten\, die Glücksspiel-ähnliche Items wie Loot-Boxen beinhalten. Komplexe Designmerkmale in elektronischen Glücksspi elprodukten\, z.B. Glücksspielautomaten und Online-Slots\, sind gezielt da rauf ausgerichtet\, Individuen zu verlängerten Spielsitzungen zu motiviere n\, um den Umsatz zu maximieren. Während Glücksspiel für viele Menschen ei ne Form der Unterhaltung darstellt\, kann das Spielverhalten bei manchen e skalieren und schwerwiegende Folgen für das Leben der Betroffenen haben. D ieser Vortrag wird Mechanismen in Glücksspielprodukten und Loot Boxen bele uchten und aufzeigen\, weshalb diese Merkmale das Suchtpotenzial fördern k önnen. Hierbei spielen Mechanismen des sogenannten Verstärkungslernens (en gl. Reinforcement Learning) eine Rolle\, die das menschliche Belohnungssys tem aktivieren\, also dopaminerge Bahnen\, welche an der Vorhersage von Be lohnungen beteiligt sind. Besonderes Augenmerk liegt auf dem Reinforcement -Learning\, einem Framework zur Modellierung von Lernen durch belohnungsba siertes Feedback\, welches sowohl in der Psychologie zur Beschreibung mens chlichen Lernens und Entscheidungsverhaltens als auch zur Optimierung von Machine-Learning-Algorithmen eingesetzt wird. Im Vortrag werden auch Ergeb nisse aus eigener Forschung am Labor der Universität zu Köln vorgestellt. Ziel ist es\, Mechanismen des Glücksspiels zu erklären\, sowie das Bewusst sein für potenzielle Schäden für Individuen und die Gesellschaft zu schärf en und die Notwendigkeit von Regulation sowie verantwortungsbewussten Desi gnpraktiken zu diskutieren.\nIn diesem Vortrag wird beleuchtet\, wie moder ne Glücksspielprodukte und glücksspielähnliche Spielmechaniken\, etwa Loot boxen\, gezielt psychologische und neurobiologische Lernprozesse ausnutzen \, um Umsatz durch längeres Spielen und stärkere Interaktion zu generieren . Im Fokus stehen dabei Mechanismen des Verstärkungslernens (Reinforcement Learning) und deren Zusammenspiel mit dem dopaminergen Belohnungssystem. Anhand aktueller Forschungsergebnisse werden Designstrategien vorgestellt\ , die das Suchtpotenzial von Glücksspielen erhöhen können. Ziel des Vortra gs ist es\, ein wissenschaftlich fundiertes Verständnis dieser Dynamiken z u vermitteln\, Risiken für Individuen und Gesellschaft aufzuzeigen und die Notwendigkeit von Regulierung und verantwortungsvollem Design zu diskutie ren.\n DTEND;TZID=Europe/Berlin:20251227T133000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T125000 LOCATION:Ground SUMMARY:Neuroexploitation by Design: Wie Algorithmen in Glücksspielprodukte n sich Wirkweisen des Reinforcement Learning und dopaminergen Belohnungssy stems zunutze machen - Elke Smith [de] UID:6a645194-deb6-5e96-b8ce-bb18774f1f14 URL:https://events.ccc.de/congress/2025/hub/event/detail/neuroexploitation- by-design-wie-algorithmen-in-glucksspielprodukten-sich-wirkweisen-des-rein forcement-learning-und-dopaminergen-belohnungssystems-zunu END:VEVENT BEGIN:VEVENT CATEGORIES:CCC & Community\, Talk CLASS:PUBLIC DESCRIPTION:Ihr macht eine Veranstaltung für viele Menschen? Dann haben vie le Menschen auch viel Hunger.\nJetzt wird euch gezeigt wie man für viele ( mehr als 75) Menschen Essen zubereitet.\nEs braucht nur etwas Vorbereitung und Motivation!\nBei vielen Zeltlagern\, Sommerfesten\, ICMP\, Village be im Chaos-Camp und ähnlichem habe ich gelernt wie man für viele Menschen ko chen kann und wie nicht. Damit Du nicht die gleiche Lernkurve machen musst \, möchte ich Dir zeigen mit welchen Überlegungen Du mit 2-3 Freunden Esse n für viele Menschen zubereiten kannst.\n\nPlanen\, einkaufen\, Logistik\, vorbereiten\, kochen\, Hygiene\, servieren und aufräumen\, das kann jeder . \nDas so zu machen das es Spaß macht\, sich nicht nach Arbeit anfühlt un d dann auch noch allen schmeckt\, das möchte ich Dir mit diesem Vortrag ve rmitteln.\n\nWenn dein Space in Zukunft ein großes Event plant und Du darü ber nachdenkst ob man vor Ort kochen kann und will\, dann komme vorbei und lass Dir zeigen was man dafür braucht und wie das geht.\n DTEND;TZID=Europe/Berlin:20251227T143000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T135000 LOCATION:Ground SUMMARY:Chaos macht Küche - Ingwer Andersen [de] UID:90cb7149-ec4d-5499-9649-9091374100ad URL:https://events.ccc.de/congress/2025/hub/event/detail/chaos-macht-kuche END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:From the EU’s “Chat Control” to the UK’s age verification\, the re is a growing legislative momentum across jurisdictions to regulate the Internet in the name of protecting children. The monstrosity of child sexu al abuse looms large in shaping how policymakers\, advocates\, and the pub lic understand the problem area of and propose solutions for detecting\, r eporting\, and removing harmful/illegal content. Children’s safety and adu lts’ privacy are thus pitted against each other\, deadlocked into an impas se. As technologists deeply concerned with safety and privacy\, where do w e go from here?\nThere is a path forward! Many\, in fact. But the impasse framing seriously limits how policymakers\, technologists\, advocates\, an d our communities understand child sexual abuse (CSA). We need informed\, principled\, and bold alternatives to policing-driven tech solutions like client-side scanning and grooming classifiers. To effectively and humanely break the cycles of abuse that enables CSA in our communities\, we have t o think beyond criminalization. This talk will unpack how and why this imp asse framing exists\, how it constrains us from candidly engaging with the complexity of CSA. Drawing from scientific and clinical research and info rmed by transformative justice approaches\, I detail what CSA is\, how and why it happens offline and online\, and why the status quo of detection a nd criminalization does not work. Ultimately\, I argue that effective\, hu mane\, and collective interventions require protecting the safety and priv acy of all those harmed by CSA\, and that this creates a unique role for t echnologists to play.\n DTEND;TZID=Europe/Berlin:20251227T154500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T144500 LOCATION:Ground SUMMARY:Not an Impasse: Child Safety\, Privacy\, and Healing Together - Kat e Sim [en] UID:f51a40a9-a8ba-55bb-875a-0907cb2d66cc URL:https://events.ccc.de/congress/2025/hub/event/detail/not-an-impasse-chi ld-safety-privacy-and-healing-together END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:In August 2024\, Raspberry Pi released their newest MCU: The RP 2350. Alongside the chip\, they also released the RP2350 Hacking Challenge : A public call to break the secure boot implementation of the RP2350. Thi s challenge concluded in January 2025 and led to five exciting attacks dis covered by different individuals.\n\nIn this talk\, we will provide a tech nical deep dive in the RP2350 security architecture and highlight the diff erent attacks. Afterwards\, we talk about two of the breaks in detail---ea ch of them found by one of the speakers. In particular\, we first discuss how fault injection can force an unverified vector boot\, completely bypas sing secure boot. Then\, we showcase how double glitches enable direct rea dout of sensitive secrets stored in the one-time programmable memory of th e RP2350.\n\nLast\, we discuss the mitigation of the attacks implemented i n the new revision of the chip and the lessons we learned while solving th e RP2350 security challenge. Regardless of chip designer\, manufacturer\, hobbyist\, tinkerer\, or hacker: this talk will provide valuable insights for everyone and showcase why security through transparency is awesome.\nT he RP2350 is one of the first generally available microcontrollers with ac tive security-features against fault-injection such as glitch-detectors\, the redundancy co-processor\, and other pieces to make FI attacks more dif ficult.\n\nBut security on paper often does not mean security in real-life . Luckily for us\, Raspberry Pi also ran the RP2350 Hacking Challenge: A p ublic bug bounty that has exactly these attacks in-scope. During the hacki ng challenge 5 different attacks were found on the secure-boot process - o ne of which was shown at 38C3 by Aedan Cullen.\n\nIn this talk\, we talk a bout all successful attacks - including laser fault-injection\, a reset gl itch\, and a double-glitch during execution of the bootrom - to show all t he different ways in which a chip can be attacked.\n\nWe also talk about t he awesomeness of an open security-ecosystem for chips: Raspberry Pi was v ery transparent on the findings\, and worked with researchers to improve t he new revision of the chip.\n DTEND;TZID=Europe/Berlin:20251227T170000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T160000 LOCATION:Ground SUMMARY:Of Boot Vectors and Double Glitches: Bypassing RP2350's Secure Boot - stacksmashing\, nsr [en] UID:1bbd6873-6f69-59a8-8eb2-926acc763d7e URL:https://events.ccc.de/congress/2025/hub/event/detail/of-boot-vectors-an d-double-glitches-bypassing-rp2350-s-secure-boot END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:Seit Anfang 2024 dürfen Ausländerbehörden Smartphones von ausre isepflichtigen Menschen nicht nur durchsuchen\, sondern gleich ganz behalt en – „bis zur Ausreise“. \n\nWas als geringfügige Änderung im Aufenthaltsg esetz daherkommt\, erweist sich als massiver Eingriff in Grundrechte: Mens chen verlieren nicht nur die Kontrolle über ihre Daten\, sondern auch ihr wichtigstes Kommunikationsmittel – auf unbestimmte Zeit. \n\nHier hört ihr \, welche absurden Blüten das treibt. Von Bayern bis NRW haben Bundeslände r inzwischen eigene IT-forensische Tools für ihre Behörden angeschafft\, u m auf den Geräten nach “Indizien” für die Herkunft zu suchen. Sie setzen M ethoden ein\, wie wir sie sonst aus Ermittlungsverfahren oder von Geheimdi ensten kennen – um die Geräte von Menschen zu durchsuchen\, die nichts ver brochen haben.\nSeit Anfang 2024 dürfen Ausländerbehörden Smartphones von ausreisepflichtigen Menschen nicht nur durchsuchen\, sondern gleich ganz b ehalten – „bis zur Ausreise“.\n\nWas als geringfügige Änderung im Aufentha ltsgesetz daherkommt\, erweist sich als massiver Eingriff in Grundrechte: Menschen verlieren nicht nur die Kontrolle über ihre Daten\, sondern auch ihr wichtigstes Kommunikationsmittel – auf unbestimmte Zeit.\n\nHier hört ihr\, welche absurden Blüten das treibt. Von Bayern bis NRW haben Bundeslä nder inzwischen eigene IT-forensische Tools für ihre Behörden angeschafft\ , um auf den Geräten nach “Indizien” für die Herkunft zu suchen. Sie setze n Methoden ein\, wie wir sie sonst aus Ermittlungsverfahren oder von Gehei mdiensten kennen – um die Geräte von Menschen zu durchsuchen\, die nichts verbrochen haben.\n\nIm Vortrag zeige ich\, welche absurden Konsequenzen d as für die Betroffenen mit sich bringt\, welche Bundesländer an der trauri gen Spitze der Statistik stehen – und wie sich das Ganze in das Arsenal de r digitalen und sonstigen Repressionen von Geflüchteten einreiht.\n DTEND;TZID=Europe/Berlin:20251227T181500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T171500 LOCATION:Ground SUMMARY:Handy weg bis zur Ausreise – Wie Cellebrite ins Ausländeramt kam - Chris Köver [de] UID:9c3ce2ac-1531-5a5a-ae7d-df3511b5c914 URL:https://events.ccc.de/congress/2025/hub/event/detail/handy-weg-bis-zur- ausreise-wie-cellebrite-ins-auslanderamt-kam END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:Wenn die Regierung sich nicht mehr an das eigene Recht gebunden fühlt\, markiert das nicht nur einen politischen Spurwechsel\, sondern di e Auffahrt auf den Highway to Trumpism. Zeit die Notbremse zu ziehen!\nNor malerweise trifft es in solchen Situationen immer zuerst diejenigen\, die sich am wenigsten wehren können. Doch was passiert\, wenn genau diese Mens chen mit juristischen Werkzeugen bewaffnet werden\, um zurückzuschlagen?\n Anhand von über 100 Klagen afghanischer Schutzsuchender zeigen wir\, wie M inisterien das Bundesaufnahmeprogramm sabotieren\, Gerichte sie zurückpfei fen – und die Zivilgesellschaft zum letzten Schutzwall des Rechtsstaats wi rd. Und wir verraten\, warum sich Beamte im BAMF vielleicht lieber krankme lden sollten und welche anderen Möglichkeiten sie haben\, um nicht straffä llig zu werden.\n• Versprochen ist versprochen und wird auch nicht gebroch en“ – das lernen wir schon als Kinder. Aber der Kindergarten ist schon lan ge her\, und Politiker*innen haben zwar oft das Auftreten eines Elefanten\ , aber das Gedächtnis eines Goldfischs.\n• Deswegen hätte die Bundesregier ung auch fast 2.500 Afghan*innen mit deutschen Aufnahmezusagen in Islamaba d „vergessen“\, die dort seit Monaten auf die Ausstellung ihrer deutschen Visa warten\n• Das Kalkül dahinter: Pakistan erledigt die Drecksarbeit und schiebt sie früher oder später ab\, Problem solved! - selbst wenn dabei M enschenleben auf dem Spiel stehen.\n• Wie kann die Zivilgesellschaft die N otbremse ziehen\, wenn sich Regierung und Verwaltung nicht mehr an das eig ene Recht gebunden fühlen?\n• Eine Möglichkeit: wir vernetzen die afghanis chen Familien mit Anwält*innen\, damit sie Dobrindt und Wadephul verklagen - und sie gewinnen! Die Gerichtsbeschlüsse sind eindeutig: Visa sofort er teilen – sonst Strafzahlungen! Inzwischen laufen über 100 Verfahren an vie r Verwaltungsgerichten\, weitere kommen täglich hinzu. \n• Das dürfte nich t ganz das gewesen sein\, was die neue Bundesregierung meinte\, als sie im Koalitionsvertrag verkündete\, „freiwillige Aufnahmeprogramme so weit wie möglich zu beenden“. \nÜbersetzung der politischen Realitätsversion: Wenn es nach Dobrindt und dem Kanzler geht\, sollen möglichst gar keine Schutz suchenden aus Afghanistan mehr nach Deutschland kommen – rechtsverbindlich e Aufnahmezusagen hin oder her. Einreisen dürfen nur noch anerkannte Terro risten aus der Taliban-Regierung\, um hier in Deutschland die afghanischen Botschaften und Konsulate zu übernehmen\n• Durch die Klagen konnten berei ts 78 Menschen einreisen\, etwa 80 weitere Visa sind in Bearbeitung – und weitere werden vorbereitet.\n• Doch wie in jedem Drehbuch gilt: The Empire strikes back! Die Regierung entwickelt laufend neue Methoden\, um Urteile ins Leere laufen zu lassen und Einreisen weiterhin zu blockieren.\n• Will kommen im „Trumpismus made in Germany“.\n DTEND;TZID=Europe/Berlin:20251227T201500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T191500 LOCATION:Ground SUMMARY:And so it begins - Wie unser Rechtsstaat auf dem Highway Richtung T rumpismus rast – und warum afghanische Kläger*innen für uns die Notbremse ziehen - Eva\, Elaha [de] UID:fae65b90-30c4-5ce1-8d59-d8f3600c7845 URL:https://events.ccc.de/congress/2025/hub/event/detail/and-so-it-begins-w ie-unser-rechtsstaat-auf-den-highway-richtung-trumpismus-rast-und-warum-af ghanische-klager-innen-fur-uns-die-notbremse-ziehen END:VEVENT BEGIN:VEVENT CATEGORIES:Hardware\, Talk CLASS:PUBLIC DESCRIPTION:With PTP 1588\, AES67\, and SMPTE 2110\, we can transmit synchr onous audio and video with sub-millisecond latency over the asynchronous m edium Ethernet. But how do you make hundreds of devices agree on the exact same nanosecond on a medium that was never meant to care about time?\nPre cision Time Protocol (IEEE 1588) tries to do just that. It's the invisible backbone of realtime media standards like AES67 and SMPTE 2110\, propriet ary technologies such as Dante\, and even critical systems powering high-f requency trading\, cellular networks\, and electric grids.\nWhere even a f ew microseconds of drift can turn perfect sync into complete chaos.\nThis talk takes a deep dive into the mysterious world of precise time distribut ion in large networks. We’ll start by exploring how PTP 1588 actually work s\, from announce\, sync\, and follow-up messages to delay measurements an d the magic of hardware timestamping. We’ll look at why PTP is critical fo r modern audio/video-over-IP standards like AES67 and SMPTE 2110\, and how they push Ethernet to its absolute temporal limits.\nAlong the way\, we’l l discover how transparent and boundary clocks fight jitter\, and why your switch’s buffer might secretly hate you. We will do live Wireshark dissec tions of real PTP traffic\, demos showing what happens when timing breaks\ , and some hands-on hardware experiments with grandmasters and followers t rying to stay in sync.\nExpect packets\, graphs\, oscilloscopes\, crashing live demos and at least one bad joke about time travel.\n DTEND;TZID=Europe/Berlin:20251227T213000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T203000 LOCATION:Ground SUMMARY:Excuse me\, what precise time is It? - Oliver Ettlin [en] UID:62f556ab-b1b4-51fb-9c86-b49ea1f3c45f URL:https://events.ccc.de/congress/2025/hub/event/detail/excuse-me-what-pre cise-time-is-it END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:Der amtierende US-Präsident postet ein Video\, in dem er Demons trierende aus einem Kampfjet heraus mit Fäkalien bewirft und das Weiße Hau s zelebriert den „Star Wars Day“ mit einem pompösen Trump-Bild mit Lichtsc hwert. Accounts von AfD-Sympathisanten posten KI-Kitsch einer vermeintlich heilen Welt voller blonder Kinder und Frauen im Dirndl. Ist das lediglich eine geschmackliche Entgleisung oder steckt da mehr dahinter?\nKI-generie rter Content ist aus der Kommunikationsstrategie autoritärer Akteure nicht mehr wegzudenken. Social Media wird derzeit mit rechtem KI-Slop geflutet\ , in dem wahlweise die Welt dank Migration kurz vor dem Abgrund steht oder blonde\, weiße Familien fröhlich Fahnen schwenken. Im politischen Vorfeld der extremen Rechten werden zudem immer häufiger mal mehr oder weniger of fensichtliche Deepfakes geteilt\, die auf die jeweilige politische Botscha ft einzahlen. Das reicht von KI-generierten Straßenumfragen über Ausschnit te aus Talksendungen\, die nie stattgefunden haben\, bis hin zu gänzlich K I-generierten Influencerinnen (natürlich blond). Was macht das mit politi schen Debatten? Und wie sollten wir als Gesellschaft damit umgehen?\n DTEND;TZID=Europe/Berlin:20251227T224500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T214500 LOCATION:Ground SUMMARY:Doomsday-Porn\, Schäferhunde und die „niedliche Abschiebung“ von ne benan: Wie autoritäre Akteure KI-generierte Inhalte für Social Media nutze n - Katharina Nocun [de] UID:7cca9076-3454-5229-b1f4-9069def42bfd URL:https://events.ccc.de/congress/2025/hub/event/detail/radikalisierungspi peline-esoterik-von-eso-nazis-de END:VEVENT BEGIN:VEVENT CATEGORIES:Hardware\, Talk CLASS:PUBLIC DESCRIPTION:Presenting FEX\, a translation layer to run x86 apps and games on ARM devices: Learn why x86 is such a pain to emulate\, what tricks and techniques make your games fly with minimal translation overhead\, and how we are seamless enough that you'll forget what CPU you're using in the fi rst place!\nARM-powered hardware in laptops promises longer battery life a t the same compute performance as before\, but a translation layer like FE X is needed to run existing x86 software. We'll look at the technical chal lenges involved in making this possible: designing a high-performance bina ry recompiler\, translating Linux system calls across architectures\, and forwarding library calls to their ARM counterparts.\n\nGaming in particula r poses extreme demands on FEX and raises further questions: How do we ena ble GPU acceleration in an emulated environment? How can we integrate Wine to run Windows games on Linux ARM? Why is Steam itself the ultimate boss battle for x86 emulation? And why in the world do we care more about page sizes than German standardization institutes?\n\nThis talk will be accessi ble to a technical audience and gaming enthusiasts alike. However\, be pre pared to learn cursed knowledge you won't be able to forget!\n DTEND;TZID=Europe/Berlin:20251227T234000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T230000 LOCATION:Ground SUMMARY:Breaking architecture barriers: Running x86 games and apps on ARM - Tony Wasserka [en] UID:a4d303fc-6761-551a-834e-204bc539eab4 URL:https://events.ccc.de/congress/2025/hub/event/detail/breaking-architect ure-barriers-running-x86-games-and-apps-on-arm END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:I successfully failed with a literature related project and acc identally built a ChatGPT detector. Then I spoke to the people who uploade d ChatGPT generated content on Wikipedia.\nIt began as a standard maintena nce project: I wanted to write a tool to find and fix broken ISBN referenc es in Wikipedia. Using the built-in checksum\, this seemed like a straight forward technical task. I expected to find mostly typos. But I also found texts generated by LLMs. These models are effective at creating plausible- sounding content\, but (for now) they often fail to generate correct check sums for identifiers like ISBNs. This vulnerability turned my tool into an unintentional detector for this type of content. This talk is the story o f that investigation. I'll show how the tool works and how it identifies t his anti-knowledge. But the tech is only half the story. The other half is human. I contacted the editors who had added this undeclared AI content. I will talk about why they did it and how the Wikipedians reacted and whet her "The End is Nigh" calls might be warranted.\n DTEND;TZID=Europe/Berlin:20251228T003500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T235500 LOCATION:Ground SUMMARY:AI-generated content in Wikipedia - a tale of caution - Mathias Sch indler [en] UID:13468ffb-06e8-53ca-9e7c-3cfa56cd44af URL:https://events.ccc.de/congress/2025/hub/event/detail/ai-generated-conte nt-in-wikipedia-a-tale-of-caution END:VEVENT BEGIN:VEVENT CATEGORIES:Hardware\, Talk CLASS:PUBLIC DESCRIPTION:OpenAutoLab\, an open source machine\, that is capable of proce ssing contemporary color and black-and-white films for analogue photograph y\, is being presented here. It made its first public appearance at 37C3 a nd was already seen there in action\, but had no organized talk or proper presentation. Now it is better documented\, waits to be built by more peop le and to be further developed by the community.\nThis talk is about motiv ation behind developing OpenAutoLab and about the technical decisions made during it. It is argued that any dedicated film photographer is able to g et one built.\nThe presentation starts with a short overview of analogue p hotography processes and motivation of some photographers to shoot film in stead of using contemporary digital technology.\nIt covers ways to process the film starting from least involved\, such as sending to specialized la boratory\, and possible motivation to get a processing machine.\nExisting film processors are described with their features and deal-breakers for an end-user in 2025.\nThen the history of developing OpenAutoLab is given\, together with important design decisions made during development and why a lternative solutions were discarded.\nIn the end the process of building t he machine (and sourcing the needed parts) is given with some motivation t owards changing it to fit the needs of an individual photographer.\n DTEND;TZID=Europe/Berlin:20251227T114000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T110000 LOCATION:Fuse SUMMARY:OpenAutoLab: photographic film processing machine. Fully automatic and DIY-friendly. - Kauz [en] [NOT RECORDED] UID:a3655a3a-b74e-5714-ad79-77b0c803136b URL:https://events.ccc.de/congress/2025/hub/event/detail/openautolab-photog raphic-film-processing-machine-fully-automatic-and-diy-friendly END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:Das Klima-Update vom FragDenStaat Climate Helpdesk.\nChatgpt ha t (bald) mehr Nutzer*innen als Wikipedia\, OpenAI will in Zukunft den Ener gieverbrauch von Indien haben und das notfalls auch mit fossilen Energien. Der Energiehunger der künstlichen Intelligenz und der globale Ressourcenh unger für Chips und Elektroautos scheint den Rest Hoffnung einer klimagere chten Welt aufzufressen.\n\nAuch in Deutschland finden wir uns in den Wass erkämpfen wieder\, während global längst Bewegungen gegen wasserhungrige K onzerne und Rechenzentren zusammenfließen. Auf der ganzen Welt\, von Latei namerika bis Portugal und Serbien wehren sich Menschen gegen den Abbau des weißen Goldes Lithium\, das für Elektroautos und Chips benötigt wird. Zus ammen mit Wäldern brennen auch die Kommentarspalten und die staatlichen Re pressionen gegen Klimaaktivismus nehmen zu. Ich möchte einen Überblick geb en zum Zustand unserer Erde und der Klimabewegung und was Hacker*innen für die Rettung des Planeten können und welche Tech-Milliardäre wir dafür bek ämpfen müssen.\n\nIch bin Joschi (they/them) vom FragDenStaat Climate Help desk. Ich bringe 10 Jahre Erfahrung in der Klimabewegung und Expertise für verschiedene Themen rund um Nachhaltigkeit und Digitalisierung mit.\n DTEND;TZID=Europe/Berlin:20251227T123500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T115500 LOCATION:Fuse SUMMARY:Brennende Wälder und Kommentarspalten - Klimaupdate mit dem FragDen Staat Climate Helpdesk - Joschi Wolf [de] UID:59b5d6cc-bc07-5554-80f1-7d1008573d92 URL:https://events.ccc.de/congress/2025/hub/event/detail/brennende-walder-u nd-kommentarspalten-klimaupdate-mit-bits-baume-und-dem-fragdenstaat-climat e-helpdesk END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:Reports of GNSS interference in the Baltic Sea have become almo st routine — airplanes losing GPS\, ships drifting off course\, and timing systems failing. But what happens when a group of engineers decides to bu ild a navigation system that simply *doesn’t care* about the jammer?\n\nSi nce 2017\, we’ve been developing **R-Mode**\, a terrestrial navigation sys tem that uses existing radio beacons and maritime infrastructure to provid e independent positioning — no satellites needed. In this talk\, we’ll sha re our journey from an obscure research project that “nobody needs” to a s ystem now seen as crucial for resilience and sovereignty. Expect technical insights\, field stories from ships in the Baltic\, and reflections on wh at it means when a civilian backup system suddenly attracts military inter est.\nSince 2017\, our team at DLR and partners across Europe have been wo rking on an alternative to satellite navigation: **R-Mode**\, a backup sys tem based on terrestrial transmitters. Our main testbed spans the Baltic S ea — a region now infamous for GNSS jamming and spoofing.\n\nWe’ll start b y showing what GNSS interference actually means in practice: aircraft losi ng navigation data\, ships switching to manual control\, and entire region s facing timing outages — such as the recent disruption of telecommunicati ons in Gdańsk during Easter 2025.\n\nThen we’ll take you behind the scenes of building R-Mode: designing signals that can coexist with legacy system s\, installing transmitters along the coast\, and testing shipborne receiv ers in rough conditions. We’ll share personal moments — like the first tim e we received a stable position fix in the middle of the Baltic.\n\nFinall y\, we’ll talk about perception and politics: how a “research curiosity” b ecame a critical infrastructure project\, why ESA now wants to build a *sa tellite* backup (with the same vulnerabilities)\, and how it feels when yo ur civilian open-source navigation system suddenly becomes strategically r elevant.\n DTEND;TZID=Europe/Berlin:20251227T133000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T125000 LOCATION:Fuse SUMMARY:Who cares about the Baltic Jammer? – Terrestrial Navigation in the Baltic Sea Region - Lars\, Niklas Hehenkamp\, Markus [en] UID:64ec3662-a77a-51c1-98fc-65f995f49912 URL:https://events.ccc.de/congress/2025/hub/event/detail/who-cares-about-th e-baltic-jammer-terrestrial-navigation-in-the-baltic-sea-region END:VEVENT BEGIN:VEVENT CATEGORIES:Science\, Talk CLASS:PUBLIC DESCRIPTION:Zur Überraschung Vieler sind Juristen Wissenschaftler\, die nac h wissenschaftlichen Maßstäben arbeiten sollten und ihre Schriftsätze und Urteile auch nach stringenten wissenschaftlichen Kriterien gestalten und u ntereinander diskutieren sollten. Doch nur in einigen Rechtsgebieten funkt ioniert dies.\n\nWie jede Wissenschaft ist auch die Rechtswissenschaft nur so gut wie das ihr zugrundeliegende Quellenmaterial – in diesem Fall sind das meist Urteile. Empirische Untersuchungen über diese Daten sind nur mö glich\, wenn sie der Forschung auch zur Verfügung stehen. Doch wissenschaf tliche Arbeit im juristischen Feld ist aktuell nicht wirklich möglich\, da die wenigsten Urteile veröffentlicht werden\, da sich die Gerichte meist vor der dadurch anfallenden Arbeit scheuen. Wir betrachten\, warum dies Gr undsätze der Rechtsstaatlichkeit infrage stellt und warum Player aus der W irtschaft mehr über deutsche Rechtsprechung wissen\, als unsere Gerichte – und wie sie das zu Geld machen.\nEs ist tatsächlich ein ernsthaftes und r eales wissenschaftliches und gesellschaftliches Problem\, wenn Urteile hin ter den wurmstichigen Aktenschränken der Amtstuben weggeschlossen werden. Wir belegen das anhand einiger besonders hahnebüchener Zitate aus aktuelle n und nicht mehr änderbaren Urteilen aus der Praxis.\n\nWir erarbeiten akt uell Strategien\, wie man das Rechtssystem power-cyclen kann\, um Urteile in ihrer Gesamtheit\, und damit die faktisch gesprochene Rechtslage in Deu tschland wieder zugänglich werden. Als positiver Nebeneffekt der Verfügbar keit von Urteilen kann Zivilgesellschaft und die Politik auch selber souve rän überprüfen\, ob unsere Richter das Recht typischerweise auch wirklich im Sinne der Legislative anwenden – keiner kann es aktuell wissen\, wie kö nnen nur hoffen ...\n DTEND;TZID=Europe/Berlin:20251227T143000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T135000 LOCATION:Fuse SUMMARY:Endlich maschinenlesbare Urteile! Open access für Juristen - Beata Hubrig\, Nuri Khadem-Al-Charieh [de] UID:8f6e4391-96fc-5d29-b66c-328026fc35f0 URL:https://events.ccc.de/congress/2025/hub/event/detail/endlich-maschinenl esbare-urteile-open-access-fur-juristen END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:Wer heutzutage eine Wohnung sucht\, kommt kaum noch darum herum \, sich einen Account bei Immoscout24 & Co. zu erstellen. Diese „Platform Real Estate“ sind eine besondere Art der „Walled Gardens“\, die ihr Geschä ftsmodell auf die sich immer weiter verschärfende Wohnungskrise ausgericht et haben. Und das ist äußerst profitabel für die Besitzer dieser Strukture n der Daseinsvorsorge: Im September 2025 stieg Scout24 in den DAX auf und reiht sich damit in Unternehmen wie BMW\, Rheinmetall und SAP ein.\nIn uns erem Vortrag zeigen wir\, wie Immoscout & Co. mit einem ausgeklügelten tec hnischen System Monopolprofite generiert\, die Mieten in die Höhe treibt u nd ein Vermieterparadies aufgebaut hat\, das die Mieter:innen in den Wahns inn treibt.\n\nWir bleiben aber nicht bei der Kritik stehen\, sondern zeig en\, wie durch die Vergesellschaftung von Plattformen der Daseinsvorsorge ein Werkzeug entstehen kann\, das den Mittellosen auf dem Wohnungsmarkt hi lft. Vermieter in ihre Schranken zu weisen und Markttransparenz für alle s tatt nur für die Besitzenden zu schaffen.\n DTEND;TZID=Europe/Berlin:20251227T152500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T144500 LOCATION:Fuse SUMMARY:RedScout42 – Zur digitalen Wohnungsfrage - Sandra\, Leonard [de] UID:718be695-c840-5eed-9c67-b8d5089f8042 URL:https://events.ccc.de/congress/2025/hub/event/detail/redscout42-zur-dig italen-wohnungsfrage END:VEVENT BEGIN:VEVENT CATEGORIES:CCC & Community\, Talk CLASS:PUBLIC DESCRIPTION:Neben dem Congress gibt es noch viele andere Chaos-Events\, die über das ganze Jahr verteilt stattfinden. Das Easterhegg\, die GPN und di e MRMCD kennen vermutlich die meisten Chaos-Wesen. Aber was ist eigentlich mit den ganzen kleineren Veranstaltungen?\nBei diesem Vortrag im Lightnin g-Talk-Format habt ihr die Möglichkeit\, euch quasi im Schnelldurchlauf üb er viele weitere tolle Chaos-Events zu informieren. Zusätzlich werden auch ein bis zwei größere Events vorgestellt\, die sich gerade in der Planungs phase befinden und noch Verstärkung für ihr Team suchen.\n\nFalls ihr euer Chaos-Event auf der großen Bühne kurz vorstellen möchtet\, tragt euch bit te [im Wiki ein](https://events.ccc.de/congress/2025/hub/de/wiki/event-vor stellungen).\n DTEND;TZID=Europe/Berlin:20251227T170000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T160000 LOCATION:Fuse SUMMARY:Chaos all year round - Deanna [de] UID:42fe49fd-0068-5456-a326-7687603aead8 URL:https://events.ccc.de/congress/2025/hub/event/detail/chaos-all-year-rou nd END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:FreeBSD’s jail mechanism promises strong isolation—but how stro ng is it really?\nIn this talk\, we explore what it takes to escape a comp romised FreeBSD jail by auditing the kernel’s attack surface\, identifying dozens of vulnerabilities across exposed subsystems\, and developing prac tical proof-of-concept exploits. We’ll share our findings\, demo some real escapes\, and discuss what they reveal about the challenges of maintainin g robust OS isolation.\nFreeBSD’s jail feature is one of the oldest and mo st mature OS-level isolation mechanisms in use today\, powering hosting en vironments\, container frameworks\, and security sandboxes. But as with an y large and evolving kernel feature\, complexity breeds opportunity. This research asks a simple but critical question: If an attacker compromises r oot inside a FreeBSD jail\, what does it take to break out?\n\nTo answer t hat\, we conducted a large-scale audit of FreeBSD kernel code paths access ible from within a jail. We systematically examined privileged operations\ , capabilities\, and interfaces that a jailed process can still reach\, hu nting for memory safety issues\, race conditions\, and logic flaws. The re sult: roughly 50 distinct issues uncovered across multiple kernel subsyste ms\, ranging from buffer overflows and information leaks to unbounded allo cations and reference counting errors—many of which could crash the system or provide vectors for privilege escalation beyond the jail.\n\nWe’ve dev eloped proof-of-concept exploits and tools to demonstrate some of these vu lnerabilities in action. We’ve responsibly disclosed our findings to the F reeBSD security team and are collaborating with them on fixes. Our goal is n’t to break FreeBSD\, but to highlight the systemic difficulty of maintai ning strict isolation in a large\, mature codebase.\n\nThis talk will pres ent our methodology\, tooling\, and selected demos of real jail escapes. W e’ll close with observations about kernel isolation boundaries\, lessons l earned for other OS container systems\, and a call to action for hardening FreeBSD’s jail subsystem against the next generation of threats.\n DTEND;TZID=Europe/Berlin:20251227T181500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T171500 LOCATION:Fuse SUMMARY:Escaping Containment: A Security Analysis of FreeBSD Jails - ilja\, Michael Smith [en] UID:1632d233-fb88-5f58-aaec-823ea32f8b56 URL:https://events.ccc.de/congress/2025/hub/event/detail/escaping-containme nt-a-security-analysis-of-freebsd-jails END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:Lager\, Duldung\, Bezahlkarte\, Essensscheine – Criminalization \, Radicalization\, Reality for Many People in East Germany\nThis talk she ds light on how these terms shape everyday life. We dive into an existence marked by uncertainty\, isolation\, and psychological strain\, both in an onymous big cities and rural areas of East Germany. We ask: What does “sol idarity” really mean in this context?\nIn this session\, people share ever yday experiences with a system that often systematically undermines human rights and dignity.\nWe don’t just talk about the obvious obstacles like t he payment card or residency obligation\, but also the invisible wounds: t he constant fear of deportation\, the psychological consequences of isolat ion\, and the daily experience of hostility. We highlight the specific cha llenges of life in cramped camps on the outskirts of big cities\, as well as the social control and visibility in rural communities.\nHowever\, this talk is not just about naming problems. At its core is the urgent questio n: What does true solidarity really look like? How can support go beyond s ymbolic politics and short-term aid offers? This session is an invitation to shift perspectives\, listen\, and collaboratively develop concrete appr oaches for a more humane policy and a more solidaric coexistence.\n DTEND;TZID=Europe/Berlin:20251227T201500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T191500 LOCATION:Fuse SUMMARY:Life on Hold: What Does True Solidarity Look Like Beyond Duldung\, Camps\, Deportation\, and Payment Cards? - H-Shaaib\, Eric Noel Mbiakeu [e n] UID:11a7f79c-4ac5-5449-8fd4-6467ef2d6d2c URL:https://events.ccc.de/congress/2025/hub/event/detail/life-on-hold-what- does-true-solidarity-look-like-beyond-duldung-camps-deportation-and-paymen t-cards END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:Trusted Execution Environments (TEEs) based on ARM TrustZone fo rm the backbone \nof modern Android devices' security architecture. The wo rd "Trusted" in \nthis context means that **you**\, as in "the owner of th e device"\, don't \nget to execute code in this execution environment. Eve n when you unlock \nthe bootloader and Magisk-root your device\, only vend or-signed code will\n be accepted by the TEE. This unfortunate setup limit s third-party \nsecurity research to the observation of input/output behav ior and static\n manual reverse engineering of TEE components.\n\nIn this talk\, we take you with us on our journey to regain power over \nthe highe st privilege level on Xiaomi devices. Specifically\, we are \ntargeting th e Xiaomi Redmi 11s and will walk through the steps necessary\n to escalate our privileges from a rooted user space (N-EL0) to the \nhighest privileg e level in the Secure World (S-EL3). We will revisit old\n friends like Tr usted Application rollback attacks and GlobalPlatform's \ndesign flaw\, an d introduce novel findings like the literal fiasco you \ncan achieve when you're introducing micro kernels without knowing what \nyou're doing. In d etail\, we will elaborate on the precise exploitation \nsteps taken and mi tigations overcome at each stage of our exploit chain\,\n and finally demo our exploits on stage.\n\nRegaining full control over our devices is the first step to deeply \nunderstand popular TEE-protected use cases includin g\, but not limited \nto\, mobile payment\, mobile DRM solutions\, and the mechanisms protecting your biometric \nauthentication data.\nWe present n ovel insights into the current state of TEE security on \nAndroid focusing on two widespread issues: missing TA rollback \nprotection and a type con fusion bug arising from the GlobalPlatform TEE \nInternal Core API specifi cation.\nOur results demonstrate that these issues are so widespread that on most\ndevices\, attackers with code execution at N-EL1 (kernel) have a buffet \nof n-days to choose from to achieve code execution at S-EL0 (TA). \n\nFurther\, we demonstrate how these issues can be weaponized to fully \ ncompromise an Android device. We discuss how we exploit CVE-2023-32835\, a\ntype confusion bug in the keyinstall TA\, on a fully updated Xiaomi \nR edmi Note 11.\nWhile the keyinstall TA shipped in the newest firmware vers ion is not \nvulnerable anymore\, the vulnerability remains triggerable du e to missing\nrollback protections.\n\nTo further demonstrate how powerful code execution as a TA is\, we'll \nexploit a vulnerability in the BeanPo d TEE (used on Xiaomi Mediatek \nSoCs)\, to achieve code execution at S-EL 3. Full privilege escalations in\nthe TEE are rarely seen on stage\, and w e are targeting the BeanPod TEE \nwhich is based on the Fiasco micro kerne l. This target has never been \npublicly exploited\, to the best of our kn owledge.\n\nOur work empowers security researchers by demonstrating how to regain control over \nvendor-locked TEEs\, enabling deeper analysis of cr itical security \nmechanisms like mobile payments\, DRM\, and biometric au thentication.\n DTEND;TZID=Europe/Berlin:20251227T213000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T203000 LOCATION:Fuse SUMMARY:Not To Be Trusted - A Fiasco in Android TEEs - 0ddc0de\, gannimo\, Philipp [en] UID:f8587f46-8a0e-58d7-8d1d-82928b8220e2 URL:https://events.ccc.de/congress/2025/hub/event/detail/not-to-be-trusted- a-fiasco-in-android-tees END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:The spyware attack targeting WhatsApp\, disclosed in August as an in-the-wild exploit\, garnered significant attention. By simply knowing a victim's phone number\, an attacker could launch a remote\, zero-intera ction attack against the WhatsApp application on Apple devices\, including iPhones\, iPads\, and Macs. Subsequent reports indicated that WhatsApp on Samsung devices was also targeted by similar exploits.\nIn this presentat ion\, we will share our in-depth analysis of this attack\, deconstructing the 0-click exploit chain built upon two core vulnerabilities: CVE-2025-55 177 and CVE-2025-43300. We will demonstrate how attackers chained these vu lnerabilities to remotely compromise WhatsApp and the underlying iOS syste m without any user interaction or awareness. Following our analysis\, we s uccessfully reproduced the exploit chain and constructed an effective PoC capable of simultaneously crashing the target application on iPhones\, iPa ds\, and Macs. Finally\, we will present our analysis of related vulnerabi lities affecting Samsung devices (such as CVE-2025-21043) and share how th is investigation led us to discover additional\, previously unknown 0-day vulnerabilities.\nIn August 2025\, it attracted significant attention when Apple patched CVE-2025-43300\, a vulnerability reportedly exploited in-th e-wild to execute "extremely sophisticated attack against specific targete d individuals”. A week later\, WhatsApp issued a security advisory\, revea ling the fix for a critical vulnerability\, CVE-2025-55177\, which was als o exploited in-the-wild. Strong evidence indicated that these two vulnerab ilities were chained together\, enabling attackers to deliver a malicious exploit via WhatsApp to steal data from a user's Apple device\, all withou t any user interaction.\n\nTo deconstruct this critical and stealthy in-th e-wild 0-click exploit chain\, we will detail our findings in several part s:\n1. WhatsApp 0-Click Attack Vector (CVE-2025-55177). We will describe t he 0-click attack surface we identified within WhatsApp. We will detail th e flaws in WhatsApp's message handling logic for "linked devices\," which stemmed from insufficient validation\, and demonstrate how an attacker cou ld craft malicious protocol messages to trigger the vulnerable code path.\ n2. iOS Image Parsing Vulnerability (CVE-2025-43300). The initial exploit allows an attacker to force the target's WhatsApp to load arbitrary web co ntent. We will then explain how the attacker leverages this by embedding a malicious DNG image within a webpage to trigger a vulnerability in the iO S image parsing library. We will analyze how the RawCamera framework handl es the parsing of DNG images\, and pinpoint the resulting OOB vulnerabilit y.\n3. Rebuilding the Chain: From Vulnerability to PoC. In addition\, we w ill then walk through our process of chaining these two vulnerabilities\, constructing a functional Proof-of-Concept (PoC) that can simultaneously c rash the WhatsApp application on target iPhones\, iPads\, and Macs.\n\nBey ond Apple: The Samsung Connection (CVE-2025-21043). Samsung's September se curity bulletin patched CVE-2025-21043\, an out-of-bounds write vulnerabil ity in an image parsing library reported by the Meta and WhatsApp security teams. This vulnerability was also confirmed to be exploited in-the-wild. While an official WhatsApp exploit chain for Samsung devices has not been publicly detailed\, we will disclose our findings on this related attack. Finally\, we will share some unexpected findings from our investigation\, including the discovery of several additional\, previously undisclosed 0- day vulnerabilities.\n DTEND;TZID=Europe/Berlin:20251227T224500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T214500 LOCATION:Fuse SUMMARY:DNGerousLINK: A Deep Dive into WhatsApp 0-Click Exploits on iOS and Samsung Devices - Zhongrui Li\, Yizhe Zhuang\, Kira Chen [en] UID:2b044342-d98d-5821-beb8-14a662373af2 URL:https://events.ccc.de/congress/2025/hub/event/detail/dngerouslink-a-dee p-dive-into-whatsapp-0-click-exploits-on-ios-and-samsung-devices END:VEVENT BEGIN:VEVENT CATEGORIES:Art & Beauty\, Talk CLASS:PUBLIC DESCRIPTION:This presentation examines artistic practices that engage with sociotechnical systems through tactical interventions. The talk proposes a rt as a form of infrastructural critique and counter-technology. It also i ntroduces a forthcoming HackLab designed to foster collaborative developme nt of open-source tools addressing digital authoritarianism\, surveillance capitalism\, propaganda infrastructures\, and ideological warfare.\nIn th is talk\, media artist and curator Helena Nikonole presents her work at th e intersection of art\, activism\, and tactical technology — including int erventions into surveillance systems\, wearable mesh networks for off-grid communication\, and AI-generated propaganda sabotage.\n\nFeaturing projec ts like Antiwar AI\, the 868labs initiative\, and the curatorial project D igital Resistance\, the talk explores how art can do more than just commen t on sociotechnical systems — it can interfere\, infiltrate\, and subvert them.\n\nThis is about prototypes as politics\, networked interventions as civil disobedience\, and media hacks as tools of strategic refusal. The t alk asks: what happens when art stops decorating crisis and starts debuggi ng it?\n\nThe talk will also introduce an upcoming HackLab initiative — a collaboration-in-progress that brings together artists\, hackers\, and act ivists to develop open-source tools for disruption\, resilience\, and coll ective agency — and invites potential collaborators to get involved.\n DTEND;TZID=Europe/Berlin:20251227T234000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T230000 LOCATION:Fuse SUMMARY:Coding Dissent: Art\, Technology\, and Tactical Media - Helena Niko nole [en] UID:d743f89d-684b-5a29-a0e1-4b788caa4255 URL:https://events.ccc.de/congress/2025/hub/event/detail/coding-dissent-art -technology-and-tactical-media END:VEVENT BEGIN:VEVENT CATEGORIES:Hardware\, Talk CLASS:PUBLIC DESCRIPTION:Have you ever wondered how the chips and algorithms that made a ll those electronic music hits work? Us too!\n\nAt The Usual Suspects we c reate open source emulations of famous music hardware\, synthesizers and e ffect units. After releasing some emulations of devices around the Motorol a 563xx DSP chip\, we made further steps into reverse engineering custom s ilicon chips to achieve what no one has done before: a real low-level emul ation of the JP-8000. This famous synthesizer featured a special "SuperSaw " oscillator algorithm\, which defined an entire generation of electronic and trance music. The main obstacle was emulating the 4 custom DSP chips t he device used\, which ran software written with a completely undocumented instruction set. In this talk I will go through the story of how we overc ame that obstacle\, using a mixture of automated silicon reverse engineeri ng\, probing the chip with an Arduino\, statistical analysis of the opcode s and fuzzing. Finally\, I will talk about how we made the emulator run in real-time using JIT\, and what we found by looking at the SuperSaw code.\ nThis talk is a sequel to my last year's talk "Proprietary silicon ICs and dubious marketing claims? Let's fight those with a microscope!"\, where I showed how I reverse engineered a pretty old device (1986) by looking at microscope silicon pics alone\, with manual tracing and some custom tools. Back then I claimed that taking a look at a more modern device would be w ay more challenging\, due to the increased complexity.\n\nThis time\, in f act\, I've reverse engineered a much modern chip: the custom Roland/Toshib a TC170C140 ESP chip (1995). Completing this task required a different app roach\, as doing it manually would have required too much time. We used a guided automated approach that combines clever microscopy with computer vi sion to automatically classify standard cells in the chip\, saving us most of the manual work.\nThe biggest win though came from directly probing th e chip: by exploiting test routines and sending random data to the chip we figured out how the internal registers worked\, slowly giving us insights about the encoding of the chip ISA. By combining those two approaches we managed to create a bit-accurate emulator\, that also is able to run in re al-time using JIT.\n\nIn this talk I want to cover the following topics:\n - What I learned since my previous talk by looking at more complicated chi ps\n- Towards automating the silicon reverse engineering process\n- How to find and exploit test modes to understand how stuff works\n- How we trick ed the chips into spilling its own secrets\n- How the ESP chip works\, com pared to existing DSP chips\n- How the SuperSaw oscillator turned out to w ork\n DTEND;TZID=Europe/Berlin:20251228T003500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T235500 LOCATION:Fuse SUMMARY:From Silicon to Darude Sand-storm: breaking famous synthesizer DSPs - giulioz [en] UID:481f7cae-da59-5506-9801-625227113981 URL:https://events.ccc.de/congress/2025/hub/event/detail/from-silicon-to-da rude-sand-storm-breaking-famous-synthesizer-dsps END:VEVENT BEGIN:VEVENT CATEGORIES:CCC & Community\, Ceremony CLASS:PUBLIC DESCRIPTION:Power On! Lasst uns gemeinsam an diesem magischen Ort ankommen und alles vorbereiten\, um die nächsten vier Tage in einer fröhlich-kreati ven\, fantastischen Wunderwelt zu verbringen und Kraft zu tanken.\nDas Ope ning gibt euch die wichtigsten Infos für den Congress\, stimmt euch ein un d ... äh ... bis Späti!\n DTEND;TZID=Europe/Berlin:20251227T110000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T103000 LOCATION:One SUMMARY:Opening Ceremony - pajowu\, Stella [de] UID:0c8b0cb4-6cf9-5ff8-928a-0a0f49558c48 URL:https://events.ccc.de/congress/2025/hub/event/detail/opening-ceremony END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:While the extreme right is on the rise in many countries and cl imate change is unrolling\, a promising future seems to be written: Accord ing to Elon Musk\, Sam Altman\, and some other “tech bros” it is to leave the dying planet to go to space. With the help of something called “A(G)I” .\nBut what kind of future is the one that is promised? And what is the co nnection between power cycles of tech company owners and people who's beli eves can be called fascist? As we moved power through data in the hands of very view\, it is important to examine what ideas these view have in thei r heads.\nThis talk will explore the roots of today's tech fascism and its love for tech. From the early thoughts and movements in the US and Europe to Futurism and the Holocaust\, organised with Hollerith punching cards. It will dive into the its blooming relationship with cybernetics\, and tak e a look in the future the “tech bros” want to lure us in.\nThis talk will address the often overlooked topic of how and when people get comfy with diving into movements of hate and how to stop a white supremacy future whe re we will be sorted by machines.\nAnd\, in taking a look on past movement s opposing authoritarianism and will examine mindsets and possibilities of resistance as well as the possibility of restarting everything. Because w e have a planet and loved ones to lose.\nWear your safety cat-ears\, buckl e up\, it will be a wild\, but entertaining ride.\nThe idea of the Super-H uman is not a new one\, neither is the idea of charismatic „good“ leader n or to sort humans into classes\, races\, abilities. The idea of a view con trolling many by force and ideas that justify their rulership and crueltie s is an old one\, as is the opposing idea of a free society and humans as equals.\nA central aspect is how people involved see the human nature and according to that what society they want to build. And what role is intend ed for technology.\nIn the 19th century the beliefs of both the opposing s ides dripped into science\, as well as individual’s heads\, and social mov ements around the world. While some wanted to form a wold society of equal s others wanted to breed a master race that to control everything.\n\nThe love of industrial leaders for authoritarianism has played an important ro le since the beginning in funding and providing access to powerful network s. Industrialists like Henry Ford loved and promoted ideas at least close to fascism. German\, Italian\, and Austrian counterparts funded Hitler and Mussolini. And it is not that they did it because they did not understand the fascist leader’s yearning – it was because they shared and loved thei r aims and violence.\n\nIn Futurism\, one of the often overlooked roots of fascism\, and its Manifesto the enemies and societal goals are proclaimed crystal clear: “We will glorify war — the only true hygiene of the world — militarism\, patriotism\, the destructive gesture of anarchist\, the bea utiful Ideas which kill\, and the scorn of woman.“\n\nAfter WWII most of t he people believing in dominating others by force and eugenics lived on\, they and their cronies had slaughtered millions and destroyed whole social movements were opposing them. These people warning us about authoritarian prophets of doom and concentration camps are still missing.\n\nIn the pos t-war time ideas of authoritarianism met a new player: Cybernetics\, the b elieve in a future\, where all problems will be solved through technology and we are “All Watched Over by Machines of Loving Grace” (Richard Brautig am\, 1967). The ideas split\, merged\, and melted into new beliefs and qua si-religions. Into something that is called “Cyber-Libertarianism” by Davi d Golumbia or “TESCREAL” by Émile P. Torres and Timnit Gebru.\n\nThis talk will address an aspect that is often missing in analyses: What kind of br eeding ground is it where ideas of fascism hatches best? And how can we st op iFascism instead of participating in it?\n\nFurthermore\, as being sort ed by machines is not everyone's secret dream\, ways to stop iFascism will be provided.\n\nBecause we are more\, we care for people in need – and we are the chaos!\n DTEND;TZID=Europe/Berlin:20251227T114000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T110000 LOCATION:One SUMMARY:All Sorted by Machines of Loving Grace? "AI"\, Cybernetics\, and Fa scism and how to Intervene - Katika Kühnreich [en] UID:304dd87b-7de5-557c-9951-1add24396a0b URL:https://events.ccc.de/congress/2025/hub/event/detail/all-sorted-by-mach ines-of-loving-grace-ai-cybernetics-and-fascism-and-how-to-intervene END:VEVENT BEGIN:VEVENT CATEGORIES:Art & Beauty\, Talk CLASS:PUBLIC DESCRIPTION:Es ist genau ein Jahr her\, dass der Adenauer SRP+ in der Halle des 38C3 stand. Damals war er noch eine Baustelle\, aber schon bald macht e er sich auf den Weg\, um Geschichte zu schreiben. Wir nehmen euch mit au f eine Reise: von Blockade über Protest\, von Sommerinterviews bis zu Poli zeischikanen lassen wir ein Jahr Adenauer SRP+ Revue passieren. Das könnte lustig werden.\nAußerdem: alles zum Walter Lübcke-Memorial-Park\, den wir gerade direkt vor die CDU-Zentrale gebaut haben.\n\nOwei owei: Das wird v iel für 40 Minuten.\nEs ist genau ein Jahr her\, dass der Adenauer SRP+ in der Halle des 38C3 stand. Damals war er noch eine Baustelle\, aber schon bald machte er sich auf den Weg\, um Geschichte zu schreiben. Wir nehmen e uch mit auf eine Reise: von Blockade über Protest\, von Sommerinterviews b is zu Polizeischikanen lassen wir ein Jahr Adenauer SRP+ Revue passieren. Das könnte lustig werden.\nAußerdem: alles zum Walter Lübcke-Memorial-Park \, den wir gerade direkt vor die CDU-Zentrale gebaut haben.\n\nOwei owei: Das wird viel für 40 Minuten.\n DTEND;TZID=Europe/Berlin:20251227T123500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T115500 LOCATION:One SUMMARY:Zentrum für Politische Schönheit: Ein Jahr Adenauer SRP+ und der Wa lter Lübcke Memorial Park - Stefan Pelzer\, Philipp Ruch [en] UID:926c987a-2dd9-54f6-9a3a-45222dc9c4b7 URL:https://events.ccc.de/congress/2025/hub/event/detail/zps-ein-jahr-adena uer-srp-und-mehr END:VEVENT BEGIN:VEVENT CATEGORIES:Hardware\, Talk CLASS:PUBLIC DESCRIPTION:Building electronics has never been easier\, cheaper\, or more accessible than the last few years. It's also becoming a precious skill in a world where commercially made electronics are the latest victim of ensh ittification and vibe coding. And yet\, while removing technical and finan cial barriers to building things\, we've not come as far as we should have in removing social barriers. The electronics and engineering industry and the cultures around them are hostile to newcomers and self-taught practit ioners\, for no good reason at all. I've been teaching advanced electronic s manufacturing skills to absolute beginners for a decade now\, and they'v e consistently succeeded at acquiring them. I'm here to tell you why it's not as hard as it seems\, how to get into it\, and why more people who thi nk they can't should try.\nElectronics is easier and more fun to get into than it's ever been before. All the tools and resources are easily accessi ble and super cheap or free. There's an enormous amount of things to build from and build on.\n\nIt's also never been more important to be able to b uild and understand electronics\, as assholes running corporations are was ting their workers' unpaid overtime on making all the electronics in our l ives shittier\, more full of ads\, slop\, and spyware\, and more frustrati ng to use. Encountering a device that works for you instead of against you is a breath of fresh air. Building one is an act of resistance and power. Not depending on the whims of corporate assholes is freedom.\n\nHowever\, the culture around electronics and the electronics industry is one of exc lusion and gatekeeping. It doesn't need to be. It would be stupidly easy t o make things better\, and we should. I've been teaching absolute beginner s advanced electronics manufacturing skills for many years now. It's absol utely shocking how much more diverse the people who I teach are compared t o the industry. The "hardware is hard" meme is true in some cases but toxi c when worn as a badge of pride or a warning to people attempting it.\n\nI will tell you why designing and building electronics is not nearly as har d as it seems\, how it's almost never been easier to get into it\, and why it's very important that people who think or have been told they can't do it should be doing more of it. I'll tell you my experiences of what build ing devices is like\, show and tell a few useful skills\, and tell the sto ry of how trying to prove someone wrong on the internet turned into a deca de of teaching people with zero experience how to handle the most complex electronic components at all sorts of community events.\n DTEND;TZID=Europe/Berlin:20251227T133000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T125000 LOCATION:One SUMMARY:Building hardware - easier than ever - harder than it should be - K liment [en] UID:4bfb9f9c-a8cd-5bcb-8b0f-ce20509f2a36 URL:https://events.ccc.de/congress/2025/hub/event/detail/building-hardware- easier-than-ever-harder-than-it-should-be END:VEVENT BEGIN:VEVENT CATEGORIES:Hardware\, Talk CLASS:PUBLIC DESCRIPTION:Despite how widely used the ESP32 is\, its Bluetooth stack rema ins closed source. Let’s dive into the low-level workings of a proprietary Bluetooth peripheral. Whether you are interested in reverse engineering\, Bluetooth security\, or just enjoy poking at undocumented hardware\, this talk may inspire you to dig deeper.\nThe ESP32 has become an ubiquitous p latform in the hacker and maker communities\, powering everything from bad ges and sensors to mesh networks and custom routers. While its Wi-Fi stack has been the subject of previous reverse engineering efforts\, its Blueto oth subsystem remains largely undocumented and closed source despite being present in millions of devices.\n\nThis talk presents a reverse engineeri ng effort to document Espressif’s proprietary Bluetooth stack\, with a foc us on enabling low-level access for researchers\, security analysts\, and developers to improve existing affordable and open Bluetooth tooling.\n\nT he presentation covers the reverse engineering process itself\, techniques and the publication of tooling to simplify the process of peripheral mapp ing\, navigating broken memory references and symbol name recovery.\n\nThe core of the talk focuses on the internal workings of the Bluetooth periph eral. The reverse engineering effort led to the discovery of the periphera l architecture\, it’s memory regions\, interrupts and a little bit of info rmation about other related peripherals.\n\nBy publishing open tooling\, S VD files and other documentation\, this work aims to empower researchers\, hackers\, and developers to build custom Bluetooth stacks\, audit existin g ones\, and repurpose the ESP32 for novel applications. This may interest you if you care about transparency\, low-level access\, and collaborative tooling.\n DTEND;TZID=Europe/Berlin:20251227T143000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T135000 LOCATION:One SUMMARY:Liberating Bluetooth on the ESP32 - Antonio Vázquez Blanco (Antón) [en] UID:760c1f6b-349e-5ee3-9eeb-4a0f20dc902a URL:https://events.ccc.de/congress/2025/hub/event/detail/liberating-bluetoo th-on-the-esp32 END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:While trying to apply fault injection to the AMD Platform Secur ity Processor with unusual (self-imposed) requirements/restrictions\, it w ere software bugs which stopped initial glitching attempts. Once discovere d\, the software bug was used as an entry to explore the target\, which in turn lead to uncovering (and exploiting) more and more bugs\, ending up i n EL3 of the most secure core on the chip.\nThis talk is about the story o f trying to glitch the AMD Platform Security Processor\, then accidentally discovering several bugs and getting a good look inside the target\, befo re returning to trying to hammer it with novel physical strategies.\n# BAC KSTORY\n---------------\nSo here is the backstory of how it all started:\n - I bought a commercial gaming console\n- Then bought a VR headset (for th is console) because of exclusive game\n- But also wanted to play beatsaber \n- I could\, but builtin song selection was very limited\n- Custom songs exist (for example on steam)\, but not for this console\n- I didn't want t o buy a second headset for steam\n That's when i decided i want to hack t his console so that i can port community created customs songs to the cons ole and play them there with the VR headset i already have.\n\nInitially s tarting with an approach similar to the usual "entrypoint through browser" \, then go for kernel and call it a day\, but quickly annoying hurdles blo cked my way. For one\, the Hypervisor makes your live just miserable with it's execute only kernel text blind exploitation. Other issues were that o ne needs to be on latest version to download the game\, which exists only as digital purchase title\, preventing me to share my efforts with others even if i can get it working on my console.\nThough\, what finally put the nail in the coffin was when porting a kernel zeroday to the console faile d because of heavy sandboxing\, unreachable syscalls or even entirely stri pped kernel functions. \nSome may call it "skill issue". Anyways\, that's when i was full of it and decided to bring this thing down for good. \nEv erybody does glitching nowadays and according to rumors people did have su ccess on this thing with glitching before\, so how hard can it really be\, right?\n\nSo the question became: Is it possible to build a modchip\, whi ch glitches the board and lets me play beatsaber custom songs? \nStuff li ke that has been done on other consoles before (minus the beatsaber part : P)\n\nTurns out that when manufacturing produces chips with broken GPUs\, they are sold as spinoff desktop mainboards (with disabled GPU) rather tha n thrown away. Which is great\, because those mainboards are much cheaper\ , especially if you buy broken spinoff mainboards on ebay.\n\nSo on the jo urney to beatsaber custom songs\, breaking this desktop mainboard became a huge chunk of the road. Because if i can glitch this and build a modchip for it\, surely i can also do it for the console\, right? I mean it's the exact same SoC afterall! \nBack when i started i didn't know i would be ab out to open pAMDoras box and discover so many bugs and hacks.\n\n# Actual talk description\n---------------\n**Disclaimer: This is not a console hac king talk!** \nThis talk is gonna be about breaking nearly every aspect o f the AMD Platform Security Processor of the desktop mainboard with the sa me SoC as the console. While certainly usefuly for _several_ other AMD ta rgets\, unfortunately not every finding can directly be ported to the cons ole. Still\, it remains very useful nonetheless!\n\nNote: The final goal o f custom songs on beatsaber has not been reached yet\, this talk is presen ting the current state of things.\n\nIn this talk you'll be taken on a rid e on how everything started and how almost every aspect of the chip was br oken. How bugs were discovered\, what strategies were used to move along. \nNot only will several novel techniques be presented for applying existi ng physical attacks to targets where those couldn't really be applied befo re\, but also completely new approaches are shared which bring a whole dif ferent perspective on glitching despite having lots of capacitors (which w e don't really want to remove) and extremely powerfull mosfets (which smoo th out crowbar attempts in a blink of an eye).\n\nBut that's not all! \nW hile trying to perform physical attacks on the hardware\, the software wou ld just start falling apart by itself. Which means\, at least **6 unpatcha ble\\* bugs** were discovered\, which are gonna be presented in the talk a longside with **5 zero-day exploits**. Getting EL3 code execution on the m ost secure core inside AMDs SoC? No Problem! \nApart from just bugs and ex ploits\, many useful techniques and discovery strategies are shared which will provide an excellent knowedgle base and attack inspiration for follow ing along or going for other targets.\n DTEND;TZID=Europe/Berlin:20251227T154500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T144500 LOCATION:One SUMMARY:Opening pAMDora's box and unleashing a thousand paths on the journe y to play Beatsaber custom songs - tihmstar [en] UID:3aa9e859-d4b0-5e7d-8f5c-7741e6c9856e URL:https://events.ccc.de/congress/2025/hub/event/detail/opening-pamdora-s- box-and-unleashing-a-thousand-paths-on-the-journey-to-play-beatsaber-custo m-songs END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:The Deutschlandticket was the flagship transport policy of the last government\, rolled out in an impressive timescale for a political pr oject\; but this speed came with a cost - a system ripe for fraud at an in dustrial scale.\n\nGerman public transport is famously decentralised\, wit h thousands of individual companies involved in ticketing and operations. Unifying all of these under one national\, secure\, system has proven a ch allenge too far for politicians. The end result: losses in the hundreds of millions of Euros\, compensated to the transport companies from state and federal budgets to keep the system afloat\, and nobody willing to take re sponsibility.\n\nThis talk will cover the political\, policy\, and technic al mistakes that lead to this mess\; how we can learn from these mistakes\ ; and what we can do to ensure the Deutschlandticket has a viable future.\ nAt last years Congress Q presented [a deep-dive into the technical detail s of train ticketing](https://media.ccc.de/v/38c3-what-s-inside-my-train-t icket) and its [Zügli](https://zügli.app) platform for this\; since then\, things have gone rather out of hand. The little side-project for looking into the details of train tickets turned into a full-time project for dete cting ticketing fraud. This talk details an executive summary of the madne ss that has been the past year\, and how we accidentally ended up in natio nal and international politics working to secure the Deutschlandticket.\n\ nShortly after last year's talk\, we were contacted about some *interestin g* looking tickets someone noticed\, issued by the Vetter GmbH Omnibus- un d Mietwagenbetrieb - or so they claimed to be. These were normal Deutschla ndtickets\, but with a few weird mistakes in them. At first\, we thought n othing much of it\; mistakes happen. But\, on further investigation\, thes e turned out to not be legitimate tickets at all\, but rather from a fraud ulent website by the name of d-ticket.su\, using the private signing key o btained under suspicious circumstances. How exactly this key came into the wrong hands remains unclear\, but we present the possible explanations fo r how this could've happened\, how many responsible have been thoroughly u ncooperative in getting to the bottom of this\, and how the supporting sys tems and processes of the Deutschlandticket were unable to cope with this situation.\n\nParallel to this\, another fraud has been draining the trans port companies of their much-needed cash: SEPA Direct Debit fraud. Often\, a direct debit payment can be setup online with little more than an IBAN and ticking a box\; and most providers of the Deutschlandticket offer an o ption to pay via direct debit. Fraudsters have noticed this\, and mass pur chase Deutschlandtickets with invalid or stolen IBANs before flipping them for a discounted price on Telegram\; made easier because most transport c ompanies issue a ticket immediately\, before the direct debit has been ful ly processed. The supporting systems of the Deutschlandticket in many case s don't even provide for the revocation of such tickets. We will detail th e hallmarks of this fraud\, how transport companies can work to prevent it \, and how we tracked down the fraudsters by their own careless mistakes.\ n DTEND;TZID=Europe/Berlin:20251227T170000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T160000 LOCATION:One SUMMARY:All my Deutschlandtickets gone: Fraud at an industrial scale - Q Mi sell\, 551724 / maya boeckh [en] UID:a2dd3dc7-ecae-50b3-82d9-266ad02f7a40 URL:https://events.ccc.de/congress/2025/hub/event/detail/all-my-deutschland tickets-gone-fraud-at-an-industrial-scale END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:Might contain zerodays. https://gpg.fail/\n\nFrom secure commun ications to software updates: PGP implementations such as *GnuPG* ubiquito usly relied on to provide cryptographic assurances. Many applications from secure communications to software updates fundamentally rely on these uti lities.\nSince these have been developed for decades\, one might expect ma ture codebases\, a multitude of code audit reports\, and extensive continu ous testing.\nWhen looking into various PGP-related codebases for some per sonal use cases\, we found these expectations not met\, and discovered mul tiple vulnerabilities in cryptographic utilities\, namely in *GnuPG*\, *Se quoia PGP*\, *age*\, and *minisign*.\nThe vulnerabilities have implementat ion bugs at their core\, for example in parsing code\, rather than bugs in the mathematics of the cryptography itself. A vulnerability in a parser c ould for example lead to a confusion about what data was actually signed\, allowing attackers without the private key of the signer to swap the plai n text. As we initially did not start with the intent of conducting securi ty research\, but rather were looking into understanding some internals of key management and signatures for personal use\, we also discuss the proc ess of uncovering these bugs. Furthermore\, we touch on the role of the Op enPGP specification\, and the disclosure process.\nBeyond the underlying m athematics of cryptographic algorithms\, there is a whole other layer of i mplementation code\, assigning meaning to the processed data. For example\ , a signature verification operation both needs robust cryptography **and* * assurance that the verified data is indeed the same as was passed into t he signing operation. To facilitate the second part\, software such as *Gn uPG* implement parsing and processing code of a standardized format. Espec ially when implementing a feature rich and evolving standard\, there is th e risk of ambivalent specification\, and classical implementation bugs.\n\ nThe impact of the vulnerabilities we found reaches from various signature verification bypasses\, breaking encryption in transit and encryption at rest\, undermining key signatures\, to exploitable memory corruption vulne rabilities.\n DTEND;TZID=Europe/Berlin:20251227T181500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T171500 LOCATION:One SUMMARY:To sign or not to sign: Practical vulnerabilities in GPG & friends - 49016\, Liam [en] UID:e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b URL:https://events.ccc.de/congress/2025/hub/event/detail/to-sign-or-not-to- sign-practical-vulnerabilities-i END:VEVENT BEGIN:VEVENT CATEGORIES:CCC & Community\, Talk CLASS:PUBLIC DESCRIPTION:Marc-Uwe Kling liest neues vom Känguru vor.\nVielleicht auch wa s von Elon und Jeff on Mars.\nUnd dann ruft das Känguru zum Digital Indepe ndence Day auf.\n DTEND;TZID=Europe/Berlin:20251227T201500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T191500 LOCATION:One SUMMARY:Die Känguru-Rebellion: Digital Independence Day - Marc-Uwe Kling\, Linus Neumann [de] UID:514cda00-fd8e-5417-ba56-a882572a660e URL:https://events.ccc.de/congress/2025/hub/event/detail/die-kanguru-rebell ion-digital-independence-day END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:Seit jetzt schon vier Jahren droht aus der EU die Chatkontrolle . In Deutschland ist das Thema nach den Protesten im Oktober aktueller den n je - und sogar Jens Spahn und Rainer Wendt sind plötzlich gegen diese Fo rm der Überwachung. In diesem Vortrag schauen wir zurück und erklären was\ , vor allem im Hintergrund\, passiert ist. Wir nehmen die Position der Bun desregierung genau unter die Lupe und werfen einen Blick auf die Schritte\ , die auf EU-Ebene vor uns liegen.\nDie Chatkontrolle liest sich mehr wie eine tragische Komödie\, als ein Gesetzgebungsverfahren. Nach dem dramatur gischen Rückblick auf dem 37C3 wird es nun Zeit einen Blick auf die Seite der Rebellen zu werfen. \nMarkus Reuter und khaleesi haben den Gesetzgebun gsprozess rund um die Chatkontrolle von Anfang an eng begleitet\, er aus d er der journalistischen\, sie aus der Policy-Perspektive. \nNach den erste n Jahren mit großen Rummel und Hollywoodstars ist es nach den EU-Wahlen do ch etwas ruhig geworden. Doch die Gefahr ist nicht vom Tisch:\n\nZwar steh t die Position des EU-Parlaments gegen die Chatkontrolle - aber wie sicher sie wirklich ist\, ist unklar.\nDerzeit hängt alles am Rat: Es gab sehr p ositive Vorschläge (polnische Ratspräsidentschaft) und negative Vorschläge (dänische Ratspräsidentschaft) - doch einigen können sich die Länder nich t und eine Mehrheit will die Chatkontrolle\, kann sich aber nicht durchset zen.\n\nUnd auch in Deutschland hat die Chatkontrolle den ganz großen Spru ng in die Öffentlichkeit geschafft und die Gegner:innen einen Etappensieg errungen. Was dieser Erfolg mit der Arbeit der letzten vier Jahre zu tun h at und warum auch in Deutschland noch nichts in trockenen Tüchern ist\, er zählen wir in diesem Talk.\n DTEND;TZID=Europe/Berlin:20251227T213000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T203000 LOCATION:One SUMMARY:Chatkontrolle - Ctrl+Alt+Delete - khaleesi\, Markus Reuter [de] UID:9296cd85-f869-5687-94cb-e87d805249a2 URL:https://events.ccc.de/congress/2025/hub/event/detail/episode-ii-der-rat -schlagt-zuruck END:VEVENT BEGIN:VEVENT CATEGORIES:Hardware\, Talk CLASS:PUBLIC DESCRIPTION:Almost everyone has a household appliance at home\, whether it' s a washing machine\, dishwasher\, or dryer. Despite their ubiquity\, litt le is publicly documented about how these devices actually work or how the ir internal components communicate. This talk takes a closer look at propr ietary bus systems\, hidden diagnostic interfaces\, and approaches to clou d-less integration of appliances from two well-known manufacturers into mo dern home automation systems.\nModern home appliances may seem simple from the outside\, but inside they contain complex electronic systems\, propri etary communication protocols\, and diagnostic interfaces rarely documente d outside the manufacturer. In this talk\, we'll explore the challenges of reverse-engineering these systems: from analyzing appliance control board s and internal communication buses to decompiling and modifying firmware t o better understand device functionality.\n\nWe'll also look at the securi ty mechanisms designed to protect diagnostic access and firmware readout\, and how these protections can be bypassed to enable deeper insight into d evice operation. Finally\, this talk will demonstrate how the results of t his research can be used to integrate even legacy home appliances into pop ular home automation platforms.\n\nThis session combines examples and insi ghts from the reverse-engineering of B/S/H/ and Miele household appliances .\n DTEND;TZID=Europe/Berlin:20251227T224500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T214500 LOCATION:One SUMMARY:Hacking washing machines - Severin von Wnuck-Lipinski\, Hajo Noeren berg [en] UID:efa55b63-86b6-56c5-88ab-46408b59b18d URL:https://events.ccc.de/congress/2025/hub/event/detail/hacking-washing-ma chines END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:Bluetooth headphones and earbuds are everywhere\, and we were w ondering what attackers could abuse them for. Sure\, they can probably do things like finding out what the person is currently listening to. But wha t else? During our research we discovered three vulnerabilities (CVE-2025- 20700\, CVE-2025-20701\, CVE-2025-20702) in popular Bluetooth audio chips developed by Airoha. These chips are used by many popular device manufactu rers in numerous Bluetooth headphones and earbuds.\n\nThe identified vulne rabilities may allow a complete device compromise. We demonstrate the imme diate impact using a pair of current-generation headphones. We also demons trate how a compromised Bluetooth peripheral can be abused to attack paire d devices\, like smartphones\, due to their trust relationship with the pe ripheral.\n\nThis presentation will give an overview over the vulnerabilit ies and a demonstration and discussion of their impact. We also generalize these findings and discuss the impact of compromised Bluetooth peripheral s in general. At the end\, we briefly discuss the difficulties in the disc losure and patching process. Along with the talk\, we will release tooling for users to check whether their devices are affected and for other resea rchers to continue looking into Airoha-based devices.\n\nExamples of affec ted vendors and devices are Sony (e.g.\, WH1000-XM5\, WH1000-XM6\, WF-1000 XM5)\, Marshall (e.g. Major V\, Minor IV)\, Beyerdynamic (e.g. AMIRON 300) \, or Jabra (e.g. Elite 8 Active).\nAiroha is a vendor that\, amongst othe r things\, builds Bluetooth SoCs and offers reference designs and implemen tations incorporating these chips. They have become a large supplier in th e Bluetooth audio space\, especially in the area of True Wireless Stereo ( TWS) earbuds. Several reputable headphone and earbud vendors have built pr oducts based on Airoha’s SoCs and reference implementations using Airoha’s Software Development Kit (SDK).\n\nDuring our Bluetooth Auracast research we stumbled upon a pair of these headphones. During the process of obtain ing the firmware for further research we initially discovered the powerful custom Bluetooth protocol called *RACE*. The protocol provides functional ity to take full control of headphones. Data can be written to and read fr om the device's flash and RAM.\n\nThe goal of this presentation is twofold . Firstly\, we want to inform about the vulnerabilities. It is important t hat headphone users are aware of the issues. In our opinion\, some of the device manufacturers have done a bad job of informing their users about th e potential threats and the available security updates. We also want to pr ovide the technical details to understand the issues and enable other rese archers to continue working with the platform. With the protocol it is pos sible to read and write firmware. This opens up the possibility to patch a nd potentially customize the firmware.\n\nSecondly\, we want to discuss th e general implications of compromising Bluetooth peripherals. As smart pho nes are becoming increasingly secure\, the focus for attackers might shift to other devices in the environment of the smart phone. For example\, whe n the Bluetooth Link Key\, that authenticates a Bluetooth connection betwe en the smart phone and the peripheral is stolen\, an attacker might be abl e to impersonate the peripheral and gain its capabilities.\n DTEND;TZID=Europe/Berlin:20251228T000000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251227T230000 LOCATION:One SUMMARY:Bluetooth Headphone Jacking: A Key to Your Phone - Dennis Heinze\, Frieder Steinmetz [en] UID:887fe87e-6ef2-5d94-98c8-f582cb22f442 URL:https://events.ccc.de/congress/2025/hub/event/detail/bluetooth-headphon e-jacking-a-key-to-your-phone END:VEVENT BEGIN:VEVENT CATEGORIES:Entertainment\, Talk CLASS:PUBLIC DESCRIPTION:In unserer „Unnecessarily Complicated Kitchen“ hacken wir die G esetze der Kulinarik. Ich zeige live\, wie Hitze\, Chemie und Chaos zusamm enwirken\, wenn Moleküle tanzen\, Dispersionen emulgieren und Geschmack zu Wissenschaft wird. Zwischen Pfanne und Physik entdecken wir\, warum Koche n im Grunde angewandtes Debugging ist – und wie man Naturgesetze so würzt\ , dass sie schmecken.\nWillkommen in der „Unnecessarily Complicated Kitche n“ – einer Küche\, in der Naturwissenschaft\, Technik und kulinarisches Ch aos aufeinandertreffen.\nWir sezieren das Kochen aus der Perspektive von H acker*innen: Warum Hitzeübertragung ein deinen Tschunk kühlt\, warum Emuls ionen wie BGP funktionieren und wie sich die Kunst des Abschmeckens in Dat enpunkten erklären lässt.\n\nIn diesem Talk verbinden wir naturwissenschaf tliche Experimente mit kulinarischer Praxis. Wir erhitzen\, rühren\, messe n und analysieren – live auf der Bühne. Dabei übersetzen wir Physik und Ch emie in Geschmack\, Textur und Aha-Momente.\nKochen wird so zum Laborversu ch\, zum Hack\, zum Reverse Engineering des guten Geschmacks.\n\nIch zeige \, dass hinter jeder gelungenen Marinade ein Protokoll steckt\, hinter jed er Soße ein Algorithmus – und dass man auch in der Küche mit Trial & Error \, Open Source und einer Prise Chaos zu erstaunlichen Ergebnissen kommt.\n \nAm Ende steht nicht nur Erkenntnis\, sondern auch Genuss: Denn wer verst eht\, warum etwas schmeckt\, kann die Regeln brechen – und sie dabei besse r würzen.\n DTEND;TZID=Europe/Berlin:20251228T012000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T002000 LOCATION:One SUMMARY:Unnecessarily Complicated Kitchen – Die Wissenschaft des guten Gesc hmacks - LukasQ [de] UID:341961a3-599d-52b9-8262-34c1757c9698 URL:https://events.ccc.de/congress/2025/hub/event/detail/unnecessarily-comp licated-kitchen-die-wissenschaft-des-guten-geschmacks END:VEVENT BEGIN:VEVENT CATEGORIES:CCC & Community\, Talk CLASS:PUBLIC DESCRIPTION:Zu unserer Freude haben sich in den letzten Jahren immer mehr J unghacker:innen auf dem Congress eingefunden. Daher bieten wir auch diesma l\, wie schon in den Vorjahren\, einen speziell auf Kinder und Jugendliche zugeschnittenen Junghacker:innentag an. Am zweiten Congresstag\, dem 28. Dezember 2024\, organisieren Freiwillige aus vielen Assemblies von etwa 10 bis 17 Uhr ein vielseitiges Workshop-Programm für angehende Hacker:innen. \nWeitere Informationen [findest du hier](https://events.ccc.de/2025/11/25 /39c3-junghackerinnentag/).\n DTEND;TZID=Europe/Berlin:20251228T104500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T100000 LOCATION:Ground SUMMARY:Junghacker:innentag Einführung [de] [NOT RECORDED] UID:6022aa96-3706-5910-9fd1-dfe882a4c473 URL:https://events.ccc.de/congress/2025/hub/event/detail/junghackerinnentag -einfuhrung END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:The session title is fashioned after the Kenyan movement buildi ng rhetoric “Hatupangwingwi” which is Kenyan slang meant as a call to acti on to counter anti-movement building techniques by the political class and resist infiltration and corruption. This is true for the organisation and movement building towards inclusive identity regimes in Kenya. \nThe sess ion seeks to explore the lessons from Kenya’s journey to digitalization of public services and the uptake of Digital Public infrastructure. It digs deeper on the power of us and how civil society could stop a destructive surveillance driven digitalisation thus protecting millions of Kenyans.\nI n 2019\, the Kenyan government announced the transition to a centralised d atabase named National integrated Identity management system (Huduma Namba ) in a bid to develop a digital Identity system that went on to be termed a “single source of truth. Historically\, Kenya has not had the best track record with civil registration and identity systems. This is particularly due to the linkages with colonial practices with the first ID “Kipande” b eing used as a tool for surveillance of natives and imposed for restrictio n of movement. This system carried on post independence creating different classes of citizens in terms of access to nationality documents. \nIt is for this reason that CSOs\, mostly community-based\, chose a three pronged approach to counter this\; seeking legal redress\, grassroots/community m obilization and advocacy and spotlighting ways in which in a shrinking civ il society space\, Kenyan civil society was able not only take up space\, but make their impact felt in protecting the rights of those on the margin s. The session shares lessons of how we shaped the Media narrative that to ok down a multi million dollar project that was not people centered but ra ther oppression driven. This session shares experiences of how we created a heightened sense of citizenry awareness to shoot down oppressive digital isation agendas. \nThe aim is to show how these efforts led to over 10 mil lion Kenyans resisting to enroll in the system especially the young people (Gen Z) who felt they were being coerced to join a system due to the poor messaging by the government and they connected with the NGO campaign thus choosing to resist the system in the true spirit of Hatupangwingwi\, wit h Hashtags like [#DOIDRIGHT](https://events.ccc.de/congress/2025/hub/tag/D OIDRIGHT) and [#DEPORTME](https://events.ccc.de/congress/2025/hub/tag/DEPO RTME) trending on social media as a sign of resistance. This led to the co llapse of the whole project.\nFinally\, the session will share how in 2022 \, when the new government wanted to roll out the new DPI project known as Maisha Namba\, they realised the importance of including civil society vo ices and they convened over 50 NGOs to try to build buy-in for the new dig ital ID program. It was the first time the government and NGOs were on the same table discussing how to build an inclusive digital ID system. This i s the story of how the power of us led to civil society earning their spac e in the designing phase of the new Digital Public Infrastructure.\n DTEND;TZID=Europe/Berlin:20251228T120000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T110000 LOCATION:Ground SUMMARY:Hatupangwingwi: The story how Kenyans fought back against intrusive digital identity systems - Mustafa Mahmoud Yousif [en] UID:13360c32-568f-519d-a8fd-0a9740089ccf URL:https://events.ccc.de/congress/2025/hub/event/detail/hatupangwingwi-the -story-how-kenyans-fought-back-against-intrusive-digital-identity-systems END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:In 2022\, CitizenLab contacted a member of the Spanish non-prof it Irídia to tell them that one of their members had likely been hacked wi th Pegasus spyware. The target\, a lawyer\, had been spied on by the Spani sh government in 2020 because he represented a Catalan politician who was in prison. His phone was infected with Pegasus during the COVID-19 lockdow n\, on the same day he was having an online meeting with other lawyers wor king on the case.\n\nIrídia and the lawyer (Andreu) decided to take the ca se to court. A few years later\, he met with Data Rights and invited them to join forces and bring in partners from across Europe to increase the im pact. This collaboration led to the creation of the PEGA coalition in May 2025.\n\nThis talk goes over the status of the case and work we have done across Europe to bring spyware use in court.\nDespite the European Parliam ent’s PEGA investigation in 2023\, spyware scandals in Europe continue to grow\, with little real action to stop or address them. Many EU countries were — or still are — clients of the world’s major spyware companies. As a result\, nothing changes except the number of victims targeted by these t echnologies. Worst\, offices or clients in the EU is useful for spyware co mpanies' sales pitch. So\, the EU is a growing hub for this ominous ecosys tem! With no real political will to act\, members of the PEGA investigatio n say the only hope for change is to take these cases to court — and that’ s exactly the path we’ve chosen!\n\nIrídia’s case is one of the flagship c ases in the EU\, both for its depth and for what it has achieved so far. W e will review the current status and implications of the case\, examining issues that range from state responsibility to the role of the spyware com pany behind Pegasus — in its creation\, sale\, and export — which maintain s a strong presence within the EU.\n\nAfter that\, we will take a step bac k to look at what is happening across Europe. We will highlight the most s ignificant cases currently moving forward\, as well as some of the PEGA co alition’s strategies for driving accountability\, strengthening safeguards \, and ensuring remedies. The coalition’s mission goes beyond legal action — it aims to prevent the devastating impact of spyware and push for syste mic change.\n DTEND;TZID=Europe/Berlin:20251228T131500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T121500 LOCATION:Ground SUMMARY:Suing spyware in Europe: news from the front! - Lori Roussey\, Celi a/Irídia [en] UID:d1a92d77-d8c6-524e-ba32-d2e9547723e0 URL:https://events.ccc.de/congress/2025/hub/event/detail/suing-spyware-in-e urope-news-from-the-front END:VEVENT BEGIN:VEVENT CATEGORIES:Science\, Talk CLASS:PUBLIC DESCRIPTION:It is 1976 and the USA long stopped going to the Moon when a So viet automatic landing station called Luna 24 descends to the Lunar surfac e. It touches down on 3.3 Billion year old rock formations at a place no m ission has ever gone before. What exactly happened remains a mystery to th is day\, but the space probe managed to take a 2.3 m long drill core from the Lunar regolith\, packaged the sample in a genius way and launched it f or its voyage to Earth. Some days later the sample entered earths atmosphe re and landed in remote Siberia and ended up in our hands more than 50 Yea rs later. We tell the story of the sample\, the people that brought it to Earth and how we analyzed it with the newest methods including µm sized hi gh intensity X-ray beams\, 30kV electron beams and LN2 cooled infrared spe ctrometers.\nIn this talk\, members of the Museum for Natural History in B erlin will present the story of a Luna 24 sample retrieved by the GDR from the USSR. The sample has been almost "lost" to time. When it fell into ou r hands\, we started understanding its historical and scientific significa nce\, produced specialized sample containers and initiated curation effort s of the sample while slowly understanding its history and geochemical com position.\n\n### Luna 24 Moon Mission\nWhat happened on the 18th & 19th of August 1976 on the moon? Why was this landing site chosen and how was the sample retrieved and brought back to Earth? Which way did the scientists handle these extremely precious samples? Picture: Музей Космонавтики (CC0 1.0)\n\n### Methods and Results\nWhich methods can be utilized to gather n ew information from such a sample without destroying it? Which storage and curation methods must be used to preserve its value for the scientists th at come after us? How did advanced analytical methods like µCT\, electron microscopes\, µ X-ray fluorescence spectrometers and nitrogen-cooled infra red spectrometers contribute to our understanding of the sample?\n\nFly wi th us to the moon!\n\nThis work has been developed together with Christoph er Hamann.\n DTEND;TZID=Europe/Berlin:20251228T143000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T133000 LOCATION:Ground SUMMARY:A space odyssey #2: How to study moon rocks from the Soviet sample return mission Luna 24 - Paul Koetter [en] UID:3ad7da57-ece4-5a75-9e52-f93d7df79734 URL:https://events.ccc.de/congress/2025/hub/event/detail/a-space-odyssey-2- how-to-study-moon-rocks-from-the-soviet-sample-return-mission-luna-24 END:VEVENT BEGIN:VEVENT CATEGORIES:Science\, Talk CLASS:PUBLIC DESCRIPTION:**Over the past few decades\, nucleic acids have increasingly b een investigated as alternative data storage media and platforms for molec ular computing. This talk builds on past research and introduces another b ranch to the field: DNA cryptography based on random chemistry. This techn ology provides a platform for conceiving new security architectures that b ridge the physical with the digital world.**\nNucleic acids have been theo rized as potential data storage and computation platforms since the mid-20 th century. In the meantime\, notable advances have been made in implement ing such systems\, combining academic research with industry efforts. \nAf ter providing a general introduction to the interdisciplinary field of DNA information technology\, in the second half of the talk focuses on DNA-ba sed cryptography and security systems\, in particular zooming in on the ex ample of chemical unclonable functions (CUFs) based on randomly generated\ , synthetic DNA sequences. Similar to Physical Unclonable Functions (PUFs) \, these DNA-based systems contain vast random elements that cannot be rec onstructed – neither algorithmically nor synthetically. Using biochemical processing\, we can operate these systems in a fashion comparable to crypt ographic hash functions\, enabling new authentication protocols. Aside fro m covering the basics\, we delve into the advantages\, as well as the draw backs\, of DNA as a medium. Finally\, we explore how CUFs could in the fut ure be implemented as physical security architectures: For example\, in an ti-counterfeiting of medicines or as personal signatures for artworks. \nI n a broader sense\, this talk aims to inspire a reconsideration of entropy \, randomness and information in the experimental sciences through a digit al lens. In doing so\, it provides examples of how looking at physical sys tems through an information perspective can unravel new synergies\, applic ations and even security architectures.\n DTEND;TZID=Europe/Berlin:20251228T152500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T144500 LOCATION:Ground SUMMARY:Chaos Communication Chemistry: DNA security systems based on molecu lar randomness - Anne Lüscher [en] UID:656a3c17-8cd8-516f-bf31-645c98af7990 URL:https://events.ccc.de/congress/2025/hub/event/detail/chaos-communicatio n-chemistry-dna-security-systems-based-on-molecular-randomness END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:*Der deutsche Buchmarkt gegen den Rest der Welt\noder auch: Ens hittification des Buchmarkts und keine API für ein Halleluja*\n\nEs gibt u nzählige wundervolle Geschichten und das Internet hat über die letzten Jah rzehnte viele großartige Autor*innen hervorgbracht. Doch Verlage haben beg renzte Kapazitäten und sind außerdem zumeist sehr konservativ in ihren Pro grammen. Die Lösung für beides: Selfpublishing. Neue und gewitzte\, genre- übergreifende Bücher an neugierige Lesende zu bringen\, könnte so einfach sein\; wären da nicht Barsortimente\, fehlende APIs und ein insgesamt schr eckliches Ökosystem\, die Indie-Autor:innen (und alle\, die versuchen\, au f dem deutschpsprachigen Buchmarkt irgend etwas Innovatives für Indies zu machen) das Leben schwer machen.\nDer Buchmarkt ist kaputt\; das ist keine neue Erkentnis. Wir dröseln auf\, an welchen Ecken es hakt und zeigen auf \, wie schlimm es wirklich ist. Dabei machen wir auch ein bisschen Name & Shame\, denn irgendwer ist ja schuld. Wir zeigen aber auch\, wo uns auf de m deutschen Markt noch fehlende APIs (im Gegensatz zum internationalen Buc hmarkt) das Leben deutlich leichter machen würden.\n DTEND;TZID=Europe/Berlin:20251228T162000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T154000 LOCATION:Ground SUMMARY:Burn Gatekeepers\, not Books! - tomate\, jinxx [de] [NOT RECORDED] UID:878d9a0c-0446-561d-9f85-c81033aad209 URL:https://events.ccc.de/congress/2025/hub/event/detail/burn-gatekeepers-n ot-books END:VEVENT BEGIN:VEVENT CATEGORIES:Art & Beauty\, Talk CLASS:PUBLIC DESCRIPTION:What does knitting have to do with espionage? Can embroidery he lp your mental health? This talk shows how the skills to create textile ar t have enabled people to resist and to persist under oppressive regimes fo r centuries. And it offers ways to keep doing so.\nWorking with textile me diums like yarn\, thread\, and floss is generally seen as a feminine hobby and as thus is usually classified as craft\, not art. And crafting is som ething people\, maybe even people usually seen as a bit boring\, do in the ir free time to unwind. Most of us have grown up with the image of the lov ing grandmother knitting socks for the family\, an act of care that was ne ver considered anything special.\nThe patriarchal society’s tendency to un derestimate anything considered feminine and\, inextricably connected to t his\, domestic is an ongoing struggle. But being underestimated also provi des a cover and with it the opportunity for subversion and resistance.\nAs global powers are cycling back to despotism and opression\, let me take y ou back in time to show you how people used textile crafts to organise res istance and shape movements. Like the quilts that were designed and sewn t o help enslaved people in the US escape slavery and navigate the Undergrou nd Railroad from the 1780s on\, or the knitted garments that carried infor mation about the Nazis to help resistance in occupied Europe during World War II\, or the cross stitches by a prisoner of war that had Nazis unknowi ngly display art saying “Fuck Hitler”.\nTextile crafts have been used by m arginalised and disenfranchised people to protest\, to organise\, and to p ersist for centuries. This tradition found a new rise in what is now calle d “craftivism” and is using the internet to build bigger communities spann ing the world. These communities also come together to help\, often quite tangibly by creating specific items like the home-sewn masks during early Covid19. In addition\, crafting has scientifically-proven benefits for one ’s mental health.\nTaking up the increasingly popular quote "When the worl d is too scary\, too loud\, too much: Stop consuming\, start creating"\, t his talk shows how the skills to create have enabled and will enable peopl e to resist and to persist.\n DTEND;TZID=Europe/Berlin:20251228T171500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T163500 LOCATION:Ground SUMMARY:Persist\, resist\, stitch - Philo [en] UID:985ef663-e1f8-54d2-8e3e-f0c5beb512e2 URL:https://events.ccc.de/congress/2025/hub/event/detail/persist-resist-sti tch END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:The character of drone wars has changed. The large\, cumbersome long-range drones have been complemented with small and low-budget drones . Moreover\, more and more states are developing\, deploying and selling t hem. Ten years ago at least 50 states were developing them. At the top are USA\, Israel\, Turkey\, China\, Iran and Russia.\n \nRussia's attack on U kraine has unleashed a drone war unlike any seen before.\nIn short time th e Ukraine has build significant drone production capabilities and announce ment that it will increase its own production of quadcopters and kamikaze drones to one million units per year.\n \nGerman defense companies and sta rtups are now promoting a “drone wall on NATO's eastern flank.” Moreover\, despite their vulnerability to air defenses\, large drones are also being further developed. They are intended to accompany next generation fighter jets in swarms.\n \nIn this talk\, past and current developments are disc ussed. What are the perspectives now?\nThe character of drone wars has cha nged. The large\, cumbersome long-range drones have been complemented with small and low-budget drones. Moreover\, more and more states are developi ng\, deploying and selling them. Ten years ago at least 50 states were dev eloping them. At the top are USA\, Israel\, Turkey\, China\, Iran and Russ ia.\n\nRussia's attack on Ukraine has unleashed a drone war unlike any see n before.\nIn short time the Ukraine has build significant drone productio n capabilities and announcement that it will increase its own production o f quadcopters and kamikaze drones to one million units per year.\n\nGerman defense companies and startups are now promoting a “drone wall on NATO's eastern flank.” Moreover\, despite their vulnerability to air defenses\, l arge drones are also being further developed. They are intended to accompa ny next generation fighter jets in swarms.\n\nIn this talk\, past and curr ent developments are discussed. What are the perspectives now?\n DTEND;TZID=Europe/Berlin:20251228T181500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T173500 LOCATION:Ground SUMMARY:Current Drone Wars - Leonard [en] UID:562f7db7-c4c4-5120-903d-a782e8a17894 URL:https://events.ccc.de/congress/2025/hub/event/detail/current-drone-wars END:VEVENT BEGIN:VEVENT CATEGORIES:Hardware\, Talk CLASS:PUBLIC DESCRIPTION:Factorio ist ein Fabriksimulationsspiel mit integriertem Logiks ystem. Dies ermöglichte mir den Bau einer CPU\, die unter anderem aus eine r 5-stufiger Pipeline\, einer Forwarding Logikeinheit\, Interrupt Handling sowie einem I/O Interface besteht. Über einen selbst geschriebenen Assemb ler konnte ich ein eigenes Betriebssystem und Programme wie Minesweeper od er Snake integrieren. \nDer Talk soll euch zeigen\, wie sich klassische Co mputerarchitektur in einem völlig anderen technischen Kontext umsetzen läs st und wo dabei überraschend echte Probleme der CPU-Entwicklung auftreten. \nKommt mit auf die Reise: Vom Blick auf den gesamten Computer bis hinunte r zu den einzelnen Logikgattern ist es nur eine Mausradbewegung entfernt!\ nFactorio ist ein Spiel über Fabrikautomation - Förderbänder\, Dampfmaschi nen und Produktionsketten stehen im Vordergrund. Eigentlich ist das intern e Logiksystem („Combinators“) gedacht für die Steuerung der Fabrik\, jedoc h erlaubt es auch die Entwicklung komplexer Hardware.\n\nIn diesem Vortrag erzähle ich meine Geschichte\, wie ich eine vollständige RISC-V-Architekt ur in Factorio rein aus Vanilla-Combinators erschaffen habe:\nDie CPU arb eitet mit 32 Bit-Wörtern\, verfügt über 32 General Purpose Register\, 128 KB RAM/Persistent Storage\, eine 5-stufige Pipeline mit Forwarding und Haz ard-Handling sowie eine Logikeinheit für Branches und Interrupts. Ein Disp lay-Controller steuert eine Konsolen-Ausgabe sowie ein Farbdisplay\, währe nd ein Keyboard-Controller Eingaben über physische In-Game-Tasten ermöglic ht.\n\nErgänzt wird die Hardware auf der Softwareseite durch das Betriebss ystem *FactOS*\, das ein einfaches Filesystem sowie Systemcalls (zum Beisp iel zum Drucken eines Strings im Terminal) zur Verfügung stellt. Außerdem schränkt das Betriebssystem das ausführende User-Programm auf einen feste n Bereich des RAMs ein und verhindert so direkten Zugriff auf die Hardware .\n\nIm Talk möchte ich euch durch alle Schichten dieser Konstruktion führ en:\nVon den Grundlagen der Factorio-Signalphysik über CPU-Design und Pipe line-Hazards bis zur Toolchain und dem Betriebssystem. Außerdem gebe ich e inen Einblick\, wie die Limitierungen aber auch die Vorteile von Factorio im Vergleich zu herkömmlichen Logik Simulatoren das Design einer CPU beein flussen können. Ich runde meinen Talk mit einer Live-Demonstration des Sys tems ab.\n\nDie vollständige CPU\, inklusive Quellcode des Assemblers\, Bl ueprints und Beispielprogramme\, stelle ich öffentlich zur Verfügung. Dadu rch kann jede interessierte Person die Architektur in Factorio laden\, erw eitern und eigene Software dafür entwickeln.\n\nEs wird im Anschluss eine [Self-organized Session](https://events.ccc.de/congress/2025/hub/en/event/ detail/cpu-entwicklung-in-factorio-wie-benutze-ich-phds-f) geben\, in der ich eine hands-on Einleitung geben werde\, wie man die CPU in Factorio läd t\, wie man Programme schreibt\, diese assembliert und in Factorio einfügt . Auch kann man dort gerne mit mir über das Projekt quatschen\, ich freue mich auf alle Beiträge und Kommentare :)\n DTEND;TZID=Europe/Berlin:20251228T195500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T191500 LOCATION:Ground SUMMARY:CPU Entwicklung in Factorio: Vom D-Flip-Flop bis zum eigenen Betrie bssystem - PhD (Philipp) [de] UID:6189eca4-8ac2-5606-af23-628b82eb4a54 URL:https://events.ccc.de/congress/2025/hub/event/detail/cpu-entwicklung-in -factorio-vom-d-flip-flop-bis-zum-eigenen-betriebssystem END:VEVENT BEGIN:VEVENT CATEGORIES:Science\, Talk CLASS:PUBLIC DESCRIPTION:Amidst gloomy headlines\, extreme weather\, and climate anxiety \, the good stories often get lost. Yet they exist - inspiring people\, cl ever engineering\, real breakthroughs. And that's exactly what we bring yo u – the positive power cycles of the energy transition in action. And real energy on stage.\nA committed energy activist and an award-winning solar cell researcher take you on a lively\, motivating and sometimes funny jour ney:\n\n- to electricity rebels from the Black Forest\,\n- to heat pumps t hat supply entire neighborhoods\,\n- to new solar technologies\,\n- to win d turbines with history\,\n- and to politicians who were too pessimistic.\ n\nWhat is already going really well? What can you emulate? Where is it wo rth getting involved?\nWe'll show you – in an easy-to-understand\, cheerfu l way.\nTo stay motivated for an adventure as big as the energy transition \, we need more than just facts and figures. We need momentum\, optimism\, and the human energy that keep the power cycles turning.\nCome by! Let’s recharge together and celebrate the successes of the energy transition.\n DTEND;TZID=Europe/Berlin:20251228T205000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T201000 LOCATION:Ground SUMMARY:Recharge your batteries with us - an empowering journey through the energy transition - Salacidre\, JulianeB [en] UID:372f7089-b6ae-50ed-bc35-f60c5e9fd6e1 URL:https://events.ccc.de/congress/2025/hub/event/detail/recharge-your-batt eries-with-us-an-empowering-journey-through-the-energy-transition END:VEVENT BEGIN:VEVENT CATEGORIES:Art & Beauty\, Talk CLASS:PUBLIC DESCRIPTION:CSS is a programming language\, and you can make games in it. L et's install NoScript and make some together!\nThis talk is about how HTML and CSS can be used to make interactive art and games\, without using any JS or server-side code.\n\nI'll explain some of the classic Cohost CSS Cr imes\, how I made [CSS Clicker](https://lyra.horse/css-clicker/)\, and wha t's next for the CSS scene.\n\nI hope this talk will teach and/or inspire you to make cool stuff of your own!\n\n---\n\n*Content notes:*\n- Slides f eature animations and visual effects\n- Short video clip (with music) will be played\n- Clicker sound at the end of the talk\n\n---\n\nSlides will b e available after the talk at: [https://lyra.horse/slides/#2025-congress] (https://lyra.horse/slides/#2025-congress)\n DTEND;TZID=Europe/Berlin:20251228T214500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T210500 LOCATION:Ground SUMMARY:CSS Clicker Training: Making games in a "styling" language - Lyra R ebane [en] UID:29678965-8b0b-5428-b63f-4de3a79b0a47 URL:https://events.ccc.de/congress/2025/hub/event/detail/css-clicker-traini ng-making-games-in-a-styling-language END:VEVENT BEGIN:VEVENT CATEGORIES:Hardware\, Talk CLASS:PUBLIC DESCRIPTION:Textiles are everywhere\, yet few of us know how they’re made. \n\nThis talk aims to give you an overview over the complete transformatio n from fiber to finished textile. We'll be exploring fiber properties\, sp inning\, and techniques like weaving\, knitting\, crochet\, braiding\, and knotting\, followed by finishing methods such as dyeing\, printing\, and embroidery.\n\nYou’ll learn why not only fiber but also structure matters\ , and how to make or hack textiles on your own without relying on fast fas hion or industrial tools.\nTextiles play an integral part in our daily liv es. If you’re reading this\, chances are you’re wearing clothes or have so me form of fabric within arm’s reach. Yet despite how common and essential textiles are\, few of us know how they actually come to be. How do we go from a plant\, animal\, or synthetic polymer to a fully finished piece of clothing?\n\nThis talk unravels the full transformation pipeline of textil es: starting with fibers and their properties\, then spinning them into ya rn\, turning that yarn into textiles through weaving\, knitting\, crochet\ , braiding\, knotting\, and other techniques\, and finally finishing them through printing\, embroidery\, dyeing\, or bleaching.\nAlong the way\, yo u’ll learn why your “100% cotton” garments can feel completely different d espite being made of the same fiber\, how structure matters just as much a s material\, and what environmental impact different choices have.\n\nWhet her you want to make your own textiles\, hack existing ones\, or finally u nderstand why that wool sweater you washed too hot is now tiny\, this talk is a crash course in most things textile\, and a reminder that you don’t need industrial machinery or fast fashion to create something on your own. \n DTEND;TZID=Europe/Berlin:20251228T224500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T220500 LOCATION:Ground SUMMARY:Textiles 101: Fast Fiber Transform - octoprog [en] UID:72f2a9b5-f646-584a-a3f1-e700657736a5 URL:https://events.ccc.de/congress/2025/hub/event/detail/textiles-101-fast- fiber-transform END:VEVENT BEGIN:VEVENT CATEGORIES:Art & Beauty\, Talk CLASS:PUBLIC DESCRIPTION:Generative AI models don't operate on human languages – they sp eak in **tokens**. Tokens are computational fragments that deconstruct lan guage into subword units\, stored in large dictionaries. These tokens enco de not only language but also political ideologies\, corporate interests\, and cultural biases even before model training begins. Social media handl es like *realdonaldtrump*\, brand names like *louisvuitton*\, or even *!!! !!!!!!!!!!!!!* exist as single tokens\, while other words remain fragmente d. Through various artistic and adversarial experiments\, we demonstrate t hat tokenization is a political act that determines what can be represente d and how images become computable through language.\nTokens are the fragm ents of words that generative models use to process language\, the step th at breaks text into subword units before any neural networks are involved. There are 51 ways to combine tokens to spell the word giraffe using exist ing vocabulary: from a single token **giraffe** to splits using multiple t okens like *gi|ra|ffe*\, *gira|f|fe*\, or even *g|i|r|af|fe*.\n\nIn one ex periment\, we hijacked the prompting process and fed token combinations di rectly to text-to-image models. With variations like *g|iraffe* or *gir|af fe* still generating recognizable results\, our experiments show that the beginning and end of tokens hold particular semantic weight in forming gir affe-like images. This reveals that certain images cannot be generated thr ough prompting alone\, as the tokenization process sanitizes most combinat ions\, suggesting that English\, or any human language\, is merely a subse t of token languages.\n\nThe talk features experiments using genetic algor ithms to reverse-engineer prompts from images\, respelling words in token language to change their generative outcomes\, and critically examining to ken dictionaries to investigate edge cases where the vocabulary breaks dow n entirely\, producing somewhat *speculative languages* that include stran ge words formed at the edge of chaos where English meets token (non-)sense .\n\nThese experiments show that even before generation occurs\, token dic tionaries already encode a stochastic worldview\, shaped by the statistica l frequencies of their training data – dominated by popular culture\, bran ds\, platform-speak\, and *non-words*. Tokenization is\, therefore\, a pol itical act: it defines what can be represented and how the world becomes c omputationally representable. We will look at specific tokens and ask: Whi ch models use which vocabularies? What *non-word* tokens are shared among models? And how do language models make sense of a world using a language we do not understand?\n DTEND;TZID=Europe/Berlin:20251228T234000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T230000 LOCATION:Ground SUMMARY:51 Ways to Spell the Image Giraffe: The Hidden Politics of Token La nguages in Generative AI - Ting-Chun Liu\, Leon-Etienne Kühr [en] UID:da752c1f-1231-5039-a2a9-9daa2f114606 URL:https://events.ccc.de/congress/2025/hub/event/detail/51-ways-to-spell-t he-image-giraffe-the-hidden-politics-of-token-languages-in-generative-ai END:VEVENT BEGIN:VEVENT CATEGORIES:Hardware\, Talk CLASS:PUBLIC DESCRIPTION:The TitanM2 chip has been central to the security of the google pixel series since the Pixel 6. It is based on a modified RISC-V design w ith a bignum accelerator. Google added some non standard instructions to t he RISC-V ISA. This talk investigates the reverse engineering using Ghidra \, and simulation of the firmware in python.\nI will discuss the problems encountered while reverse engineering and simulating the firmware for the TitanM2 security chip\, found in the Google Pixel phones. I'll discuss how to obtain the firmware. Talk about the problems reverse engineering this particular binary. I show how you can easily extend ghidra with new instru ctions to get a full decompilation. Also\, I wrote a Risc-V simulator in p ython for running the titanM2 firmware.\n DTEND;TZID=Europe/Berlin:20251229T003500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T235500 LOCATION:Ground SUMMARY:Reverse engineering the Pixel TitanM2 firmware - willem [en] UID:c553ee23-bc27-585a-b8d0-d8fee999e75a URL:https://events.ccc.de/congress/2025/hub/event/detail/reverse-engineerin g-the-pixel-titanm2-firmware END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:Könntest du jetzt noch sagen\, was du heute online gemacht hast ? Für viele ist das Internet so selbstverständlich\, dass sie es kaum noch merken\, wenn sie es benutzen. Dennoch sind viele Menschen unfreiwillig a us der digitalen Welt ausgeschlossen. Wie könnte das Internet für alle nut zbar werden?\nFür viele Menschen ist es selbstverständlich\, online unterw egs zu sein. Dennoch sind weiterhin viele Menschen mit Beeinträchtigung on line ausgeschlossen. Seit Juni 2025 sind durch das Barrierefreiheitsstärku ngsgesetz ist digitale Barrierefreiheit für Unternehmen verpflichtend. Dam it ist digitale Barrierefreiheit von einer Option zu einem Recht geworden. Trotz der gesetzlichen Vorgaben scheitert die digitale Barrierefreiheit i n der Praxis häufig an der fehlenden Expertise von Verantwortlichen. Wir m öchten aus drei Perspektiven auf Barrierefreiheit in der digitalen Welt sc hauen:\n\nLena Müller ist Entwicklerin und für die barrierefreie Gestaltun g von Inhalten verantwortlich. Kathrin Klapper promoviert und nutzt in ihr em Alltag zum Sprechen einen Sprachcomputer mit Augensteuerung. Und Jakob Sponholz setzt sich in seiner Forschung mit der Frage auseinander\, wie di gitale Medien zur Inklusion beitragen können.\n\nWir möchten zunächst eine n Einblick in die Mechanismen geben\, die digitale Inklusion verhindern - sowohl theoretisch als auch praktisch. Anschließend möchten wir anhand von einfachen Beispielen zeigen\, dass der Einstieg in die Gestaltung von bar rierefreien Inhalten eigentlich gar nicht so schwer ist und es sich lohnt\ , einfach anzufangen.\n DTEND;TZID=Europe/Berlin:20251228T120000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T110000 LOCATION:Fuse SUMMARY:Digitale Inklusion: Wie wir digitale Barrierefreiheit für alle erre ichen können - Jakob Sponholz\, Kathrin Klapper\, Lena Christina Müller [d e] UID:184bb132-6a17-5aa5-9ebe-08b1d5e3a767 URL:https://events.ccc.de/congress/2025/hub/event/detail/digitale-inklusion -wie-wir-digitale-barrierefreiheit-fur-alle-erreichen-konnen END:VEVENT BEGIN:VEVENT CATEGORIES:CCC & Community\, Talk CLASS:PUBLIC DESCRIPTION:Auf der Insel Rügen und in Österreich tut sich was - und zwar n eue Chaos Events. Wir möchten über Anforderungen\, Herausforderungen\, Hür den\, Erfahrungen und Glücksmomente aus unserer Sicht der Orga erzählen. D as InselChaos fand im LaGrange e.V. im September 2025 statt und bildet den Auftakt für weitere kreative\, informative und chaotische Events auf der Insel Rügen. Das Håck ma’s Castle wird mit etwas Humor auch über Herausfor derungen sprechen\, welche unter anderem durch dezentrale Teams aus divers en Hackspaces entstehen.\n**InselChaos**\nDer Port39 e.V. hatte den Traum\ , das Chaos nach MV zu holen und ein größeres Event an der Ostsee zu veran stalten. Gerade erst 3 Jahre alt\, haben wir mit der Planung in kleinem Kr eis begonnen. Eine Location musste gesucht\, Inspirationen und Ideen gesam melt\, bürokratische Hürden und sehr viele individuelle Probleme gelöst we rden\, bis es Anfang September soweit war\, dass wir unsere Gäste begrüßen durften. In diesem Talk sprechen wir darüber\, wie es ist\, als kleiner V erein mit einem vierköpfigen Orga-Team ein ChaosEvent mit über 150 Gästen zu koordinieren\, welche Schwierigkeiten wir dabei überwunden und vor alle m\, welche Learnings wir daraus gezogen haben\, um es nächstes Mal noch be sser zu machen.\n\n\n**Håck ma’s Castle**\nWir werden in unserem Talk\, da rüber sprechen\, welche Methoden und Meetingmodi wir ausgetestet haben\, g ute wie aber auch schlechte Entscheidungen welche getroffen wurden. Vorall em aber auch über die Herausforderung\, die es mit sich bringt\, wenn sich Wesen noch nicht kennen und wir zuerst auf menschlicher Ebene auch zusamm enkommen mussten\, damit es inhaltlich auch besser klappt.\n\nHard facts H åck ma's Castle:\n- 3 (+1) Tage Event\n- August 2024\n- mit Schloss\n- mit Camping\n- ~330 Wesen\n- inklusive 1 Schlosskatze *meow*\n- Orga verteilt in ganz Österreich und darüber hinaus:\n- metalab\, realraum\, C3W\, CCC Salzburg\, /dev/lol\, SegFaultDragons\, SegVault\, IT-Syndikat\, /usr/spac e\, Gebärdenverse\, female coders\, chaos.jetzt etc.\n DTEND;TZID=Europe/Berlin:20251228T131500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T121500 LOCATION:Fuse SUMMARY:Neue Chaos Events - InselChaos und Håck ma’s Castle plaudern aus de m Nähkästchen - Erwin Ernst "eest9" Steinhammer\, lasii\, Daniel\, Niklas [de] UID:8ba2a160-c00d-56c4-a84e-afb1536bc48b URL:https://events.ccc.de/congress/2025/hub/event/detail/neue-chaos-events- inselchaos-und-hack-ma-s-castle-plaudern-aus-dem-nahkastchen END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:Mit den Prozessen im Budapest-Komplex wird ein Exempel statuier t - nicht nur gegen Einzelne\, sondern gegen antifaschistische Praxis insg esamt. Die Behauptung einer kriminellen Vereinigung mit Mordabsichten stel lt eine absurde juristische Eskalation des staatlichen Vorgehens gegen Ant ifaschist*innen dar und steht in keinem Verhältnis zu den verhandelten Vor kommnissen. Die Verfahren in dieser Weise zu verfolgen\, lässt vor allem a uf ein hohes Ausforschungs- und Einschüchterungsinteresse schließen.\nMit dieser Prozesswelle und den Repressionen gegen Freund*innen und Angehörige wird antifaschistisches Engagement massiv kriminalisiert und ein verzerrt es Bild von politischem Widerstand gezeichnet - während gleichzeitig recht e Gewalt europaweit zunimmt und faschistische Parteien erstarken.\nWir seh en\, dass Angriffe auf Rechtsstaatlichkeit und Zivilgesellschaft immer wei ter zunehmen. Die Art und Weise\, wie gegen die Antifas im Budapest-Komple x und im Antifa-Ost Verfahren vorgegangen wird ist ein Vorgeschmack darauf \, wie politische Opposition in einer autoritären Zukunft behandelt werden könnte.\nWir sind alle von der rechtsautoritären Entwicklung\, von Faschi sierung betroffen. Die Kriminalisierung von Antifas als "terroristische Ve reinigung" ist Teil einer (weltweiten) Entdemokratisierung und Zersetzung von Rechtsstaatlichkeit.\nAm 26. September wurde gegen Hanna vor dem OLG M ünchen das erste Urteil gegen eine der Antifaschist*innen im Rahmen des Bu dapest-Komplexes gefällt: 5 Jahre für ein lediglich auf Indizien basierend es Urteil. Dem Mordvorwurf der Staatsanwaltschaft wurde nicht entsprochen\ , behauptet wurde aber die Existenz einer gewalttätigen „kriminellen Verei nigung“.\nAm 12. Januar 2026 wird nun vor dem OLG Düsseldorf der Prozess g egen Nele\, Emmi\, Paula\, Luca\, Moritz und Clara\, die seit Januar in ve rschiedenen Gefängnissen in U-Haft sitzen\, eröffnet. Die Anklage konstrui ert auch hier eine kriminelle Vereinigung nach §129 und enthält den Vorwur f des versuchten Mordes. Die Verfahren in dieser Weise zu verfolgen\, läss t vor allem auf ein hohes Ausforschungs- und Einschüchterungsinteresse sch ließen.\nZaid\, gegen den ein europäischer Haftbefehl aus Ungarn vorliegt\ , war Anfang Mai unter Meldeauflagen entlassen worden\; aufgrund seiner ni cht-deutschen Staatsangehörigkeit hatte der Generalbundesanwalt keine Ankl age gegen ihn erhoben. Da er in Deutschland nach wie vor von einer Überste llung nach Ungarn bedroht ist\, hält er sich seit Oktober 2025 in Paris au f. Er ist gegen Auflagen auf freiem Fuß.\nEin weiteres Verfahren im Budape st- Komplex wird in Dresden zusammen mit Vorwürfen aus dem Antifa Ost Verf ahren verhandelt. Der Prozess gegen Tobi\, Johann\, Thomas (Nanuk)\, Paul und zwei weitere Personen wird bereits im November beginnen.\nIn Budapest sitzt Maja – entgegen einer einstweiligen Verfügung des BVerfG und festges tellt rechtswidrig im Juni 2024 nach Ungarn überstellt - weiterhin in Isol ationshaft\; der Prozess soll erst im Januar fortgeführt werden und voraus sichtlich mit dem Urteil am 22.01. zu Ende gehen.\nMit den Prozessen im Bu dapest-Komplex wird ein Exempel statuiert – nicht nur gegen Einzelne\, son dern gegen antifaschistische Praxis insgesamt. Die Behauptung einer krimin ellen Vereinigung mit Mordabsichten stellt eine absurde juristische Eskala tion des staatlichen Vorgehens gegen Antifaschist*innen dar und steht in k einem Verhältnis zu den verhandelten Vorkommnissen.\nMit dieser Prozesswel le und den Repressionen gegen Freund*innen und Angehörige wird antifaschis tisches Engagement massiv kriminalisiert und ein verzerrtes Bild von polit ischem Widerstand gezeichnet – während gleichzeitig rechte Gewalt europawe it zunimmt und faschistische Parteien erstarken. Wir sehen\, dass Angriffe auf Rechtsstaatlichkeit und Zivilgesellschaf immer weiter zunehmen. Die A rt und Weise\, wie gegen die Antifas im Budapest-Komplex vorgegangen wird\ , ist ein Vorgeschmack darauf\, wie politische Opposition in einer autorit äreren Zukunft behandelt werden könnte. Wir sind alle von der rechtsautori tären Entwicklung\, von Faschisierung betroffen. Die Kriminalisierung von Antifas als „terroristische Vereinigung" ist Teil einer (weltweiten) Entde mokratisierung und Zersetzung von Rechtsstaatlichkeit.\n DTEND;TZID=Europe/Berlin:20251228T143000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T133000 LOCATION:Fuse SUMMARY:selbstverständlich antifaschistisch! Aktuelle Informationen zu den Verfahren im Budapest-Komplex - von family & friends Hamburg - Andreas fam ily & friends Hamburg\, Birgit family & friends Hamburg [de] UID:f33636a7-e2a3-5925-87e3-1ba270e73ff5 URL:https://events.ccc.de/congress/2025/hub/event/detail/selbstverstandlich -antifaschistisch-aktuelle-informationen-zu-den-verfahren-im-budapest-komp lex-von-family-friends-hamburg END:VEVENT BEGIN:VEVENT CATEGORIES:CCC & Community\, Talk CLASS:PUBLIC DESCRIPTION:Aus einem Barwitz wurde ein Projekt!\n\nBlumenthal7 ist die let zte vollständig erhaltene Schachtanlage des ehemaligen Steinkohlebergwerks General Blumenthal in Recklinghausen im nördlichen Ruhrgebiet. Nach diver sen Startschwierigkeiten ist aus einer im Dornröschenschlaf liegenden Indu striebrache ein Projekt geworden\, das bereits jetzt einer Vielzahl von En titäten und Gruppen eine Heimat und einen großen\, nahezu grenzenlosen Spi elplatz bietet.\n\nBegleitet uns gerne beim Power Cycle B7…!\nWir – Mitgli eder des Recklinghäuser Chaostreffs c3RE – haben gemeinsam mit einigen we iteren Menschen einen weiteren Verein gegründet\, den Blumenthal7 e.V. \nD as Ziel ist\, ein altes Steinkohlebergwerk zu kaufen\, zu erhalten\, zu re novieren und vielen Menschen als Raum für Chaos\, Kreativität und Happenin gs zugänglich zu machen.\n DTEND;TZID=Europe/Berlin:20251228T152500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T144500 LOCATION:Fuse SUMMARY:Power Cycle B7 oder Warum kauft man eine Zeche? - Kohlenpod\, kater \, Stephan [de] UID:cb8cd10b-f5d1-597d-a5c4-3cbd914fa6aa URL:https://events.ccc.de/congress/2025/hub/event/detail/power-cycle-b7-ode r-warum-kauft-man-eine-zeche END:VEVENT BEGIN:VEVENT CATEGORIES:Science\, Talk CLASS:PUBLIC DESCRIPTION:Der Trend geht dahin\, aus Gesundheitsdaten große zentralisiert e Datenbanken aufzubauen. Eine datensparsame Alternative dazu ist\, in ein em verschlüsseltem Netzwerk gemeinsam auf verteilten privaten Daten zu rec hnen\, ohne sie miteinander teilen zu müssen. Perspektivisch können so dem okratischere Datenströme geschaffen werden\, die Patient:innen als aktiv T eilhabende statt als passive Datenquellen einbinden. Kommt mit auf eine Re ise\, die vor sechs Jahren in Deutschland gestartet ist und jetzt die erst e europäische klinische Studie mit Secure Multiparty Computation (SMPC) re alisiert hat.\n**Klinische Forschung 101:** Warum sind "multizentrische" k linische Studien der Goldstandard und wie läuft das ab? Welche Daten werde n da gesammelt und wie funktioniert in der Praxis der Datenaustausch? Was sagt die DSGVO dazu?\n\n**Sicheres verteiltes Rechnen 101:** Wie kann man in verschlüsselten peer-to-peer Netzwerken gemeinsam auf verteilten Daten rechnen\, ohne die Eingabedaten untereinander austauschen zu müssen? Was s ind technische Vor- und Nachteile? Was ändert das an den Rollen der Akteur e im System?\n\n**Der Prototyp in Deutschland 2019:** Das LMU Klinikum in München kooperiert mit der Charité in Berlin und der TU München. Zum erste n Mal gelingt das gemeinsame Rechnen auf verteilten Patient:innendaten. Di verse lessons were learned.\n\n**Die erste europäische Studie 2024:** Das LMU Klinikum in München kooperiert mit der Policlinico Universitario Fonda zione Agostino Gemelli in Rom. Aus der Pilotstudie ergibt sich auch ein DS GVO-konformer Blueprint und eine wiederverwendbare Architektur.\n\n**Fazit und Ausblick:** Sicheres verteiltes Rechnen in der Wissenschaft und darüb er hinaus.\n DTEND;TZID=Europe/Berlin:20251228T162000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T154000 LOCATION:Fuse SUMMARY:Über europäische Grenzen hinweg auf klinischen Daten rechnen - aber sicher! - Hendrik Ballhausen [de] [NOT RECORDED] UID:0fdda2f0-88c1-518f-858f-fd41d48325f4 URL:https://events.ccc.de/congress/2025/hub/event/detail/uber-europaische-g renzen-hinweg-auf-klinischen-daten-rechnen-aber-sicher END:VEVENT BEGIN:VEVENT CATEGORIES:Science\, Talk CLASS:PUBLIC DESCRIPTION:Der Vortrag diskutiert Herausforderungen dezentraler Netzwerke aus soziologischer Perspektive. Als dezentrale Netzwerke werden technische Infrastrukturen verstanden\, die nicht von einer zentralen Autorität\, so ndern verteilt über Instanzen zur Verfügung gestellt werden. Nutzer:innen profitieren von dieser Infrastruktur\, nutzen beispielsweise das Fediverse oder das Tor-Netzwerk\, ohne zur Infrastruktur beizutragen. Zugleich könn en dezentrale Netzwerke nur dann bestehen\, wenn hinreichende Ressourcen v on Personen oder Organisationen mobilisiert werden\, um das Netzwerk überh aupt zur Verfügung zu stellen. Dies führt zur originären Instabilität deze ntraler Netzwerke\, wenn nicht der Weg der Kommodifizierung des Nutzer:inn enverhaltens eingeschlagen wird. Aufbauend auf dieser Zustandsbeschreibung \, werden Bedingungen erörtert\, um Kollektivgüter wie dezentrale Netzwerk e organisatorisch (und nicht technisch) herzustellen. Hierzu zählen Partiz ipation oder die Idee einer öffentlichen Grundfinanzierung. Der Vortrag wi rd neben soziologischen Ideen und harten Zahlen auch durch eine ordentlich e Portion Idealismus zu Fragen der Souveränität und Autonomität in der Dig italisierung motiviert.\nDie Soziologie hat immer etwas mitzuteilen\, soba ld Fragen kollektiven Handelns auftreten. Dies gilt sowohl für soziale wie auch digitale Räume. So hat der Soziologe Peter Kollock bereits in den 19 90er Jahren festgestellt\, „the Internet is filled with junk and jerks“ (K ollock\, 1999\, S. 220). Gegenwärtig dürfte die Mehrheit dieser Aussage an standslos zustimmen. Aber dies ist nicht der entscheidende Punkt\, sondern die weitere Beobachtung: „Given that online interaction is relatively ano nymous\, that there is no central authority\, and that it is difficult or impossible to impose monetary or physical sanctions on someone\, it is str iking that the Internet is not literally a war of all against all” (1999\, S. 220).\n\nDie Welt kennt inzwischen zahlreiche Gegenbeispiele\, bei den en Autoritäten das Internet nutzen\, um das Nutzungsverhalten zu monetaris ieren oder Überwachungstechnologien zur Sanktionierung einsetzen (Zuboff\, 2019). Diese Ausgangslage beziehe ich in meiner Forschung ein\, wenn ich dezentrale Netzwerke wie das Fediverse oder das Tor-Netzwerk aus soziologi scher Perspektive betrachte. In erster Linie bin ich daran interessiert zu verstehen\, wie dezentrale Netzwerke – organisatorisch nicht technisch – entstehen und welche Herausforderungen es dabei zu überwinden gilt (Sander s & Van Dijck\, 2025). Eine zentrale Motivation orientiert sich an der Fra ge\, wie ein Internet ohne zentrale Autorität\, verringert von Marktabhäng igkeiten\, resilient gegenüber Sanktionsmechanismen und Souverän bezüglich eigener Daten\, aufgebaut werden kann. Motiviert durch diesen präskriptiv en Rahmen\, betrachte ich im Vortrag die Herausforderungen zunächst deskri ptiv und beziehe meine soziologische Perspektive ein. Denn in der Regel pr ofitieren Menschen\, die einen Vorteil aus der Realisierung eines bestimmt en Ziels ziehen\, unabhängig davon\, ob sie persönlich einen Anteil der Ko operation tragen – oder eben nicht. Das kollektive Handeln fällt mitunter schwer\, obwohl oder gerade\, weil ein begründetes kollektives Interesse z ur Umsetzung eines bestimmten Zieles besteht. Gleiche Interessen sind nich t gleichbedeutend mit gemeinsamen Interessen. Diese Situationsbeschreibung ist vielfältig anwendbar von WG-Aufräumplänen bis zu Fragen der klimaneut ralen Transformation. Der Grund ist\, dass kollektives Handeln ein Mindest maß an Zeit\, Aufwand oder Geld verursacht\, sodass vielfach ein Trittbret tfahren gewählt wird in der Hoffnung\, dass immer noch genug andere kooper ieren\, um das gewünschte Ziel zu erreichen (Hardin\, 1982).\n\nAus dieser Perspektive betrachte ich dezentrale Netzwerke. So kann das Fediverse ode r der Tor-Browser genutzt werden\, ohne eine eigene Instanz oder Knoten zu hosten. Dies ist auch nicht das Ziel der genannten dezentralen Netzwerke. Dennoch: Die Kosten und der Aufwand für die technische Infrastruktur müss en von einem kleinen Teil getragen werden\, während die überwältigende Meh rheit der Nutzer:innen von der Infrastruktur profitieren\, ohne einen Beit rag zu dieser zu leisten. Dies führt zur originären Instabilität dezentral er Netzwerke und stellt eine relevante Herausforderung für die Zukunft dar . Während durch Netzwerkanalysen das Wachstum und die Verstetigung von dez entralen Netzwerken beschrieben wird\, fehlt es an einem vertieften Verstä ndnis über Bedingungen wie dezentrale Netzwerke überhaupt entstehen. Währe nd des Vortrags werde ich empirische Daten zur Entwicklung des Fediverse u nd des Tor-Netzwerkes zeigen\, um die Herausforderung zu verdeutlichen. In sbesondere das Tor-Netzwerk steht dabei vor dem Problem\, dass die Möglich keit zur De-Anonymisierung steigt\, wenn die Anzahl an Knoten sinkt. Die Ü berwindung des von mir dargestellten Kollektivgutproblems nimmt demnach ei ne zentrale Rolle zur Aufrechterhaltung ein.\n\nDie Motivation sich mit de zentralen Netzwerken auseinanderzusetzen\, resultiert aus der Umkehr der A rgumentation\, wenn Netzwerke über eine zentrale Autorität verfügen und zu gleich in der Lage sind\, Sanktionsmechanismen zu nutzen\, beispielsweise um unliebsame User:innen zu sperren\, das Nutzungsverhalten zu überwachen und zu monetarisieren (Zuboff\, 2019). Hierbei beziehe ich mich offensicht lich auf die Entwicklung sozialer Medien\, die das oben beschriebene Probl em kollektiven Handelns durch Kommodifizierung der Infrastruktur lösen. Äh nliches ist aus dem Bereich der Kryptowährung bekannt\, welche ebenfalls d urch den individualisierten monetären Vorteil\, das heißt der Verheißung e iner Kapitalakkumulation\, Kooperationsprobleme überwindet. Stellen wir un s so die Zukunft des Internets vor?\nDezentrale Netzwerke sind nicht per s e eine allumfassende technische Lösung für gesellschaftlich-soziale Proble me. Im Gegenteil: Dezentrale Netzwerke\, wenn sie nicht auf Kommodifizieru ng basieren\, unterliegen einer sozialen Ordnung\, die sich eben nicht tec hnisch lösen lässt. Ein Bewusstsein über die Notwendigkeit dezentraler Net zwerke ist hierbei leider nicht ausreichend\, sondern es braucht Menschen und Organisationen\, die bereit sind einen Teil der Infrastruktur zu trage n\, ohne einen direkten Vorteil hiervon zu erhalten. Diese Selbstorganisat ion steht im Vergleich zu profitorientierten Unternehmen immer im Nachteil (Offe & Wiesenthal\, 1980).\n\nIn meiner Forschung verbinde ich mein Inte resse an Grundstrukturen und Bedingungen sozialer Ordnung\, wie dem Kooper ationsproblem\, mit dem Anspruch gesellschaftlicher Gestaltung. Allein das Bewusstsein über diese Bedingungen kann noch kein Kooperationsproblem lös en. Es kann allerdings helfen\, den Rahmen dieser Bedingungen aktiv zu ges talten. Ich werde mich dabei zwischen kritischen Realitäten und hoffnungsv ollen Ausblicken bewegen\, denn ganz offensichtlich existieren dezentrale Netzwerke\, die eine organisatorische und technische Alternative anbieten. Doch wie der Titel suggeriert\, hilft hier auf die Dauer nur die (zivilge sellschaftliche) Power.\n\nLiteratur\nHardin\, R. (1982). Collective Actio n. Hopkins University Press.\nKollock\, P. (1999). The Economies of Online Cooperation: Gifts and Public Goods in Cyberspace. In M. A. Smith & P. Ko llock (Hrsg.)\, Communities in Cyberspace (S. 220–239). Routledge.\nOffe\, C.\, & Wiesenthal\, H. (1980). Two Logics of Collective Action: Theoretic al Notes on Social Class and Organizational Form. Political Power and Soci al Theory\, 1\, 67–115.\nSanders\, M.\, & Van Dijck\, J. (2025). Decentral ized Online Social Networks: Technological and Organizational Choices and Their Public Value Trade-offs. In J. Van Dijck\, K. Van Es\, A. Helmond\, & F. Van Der Vlist\, Governing the Digital Society. Amsterdam University P ress. https://doi.org/10.5117/9789048562718_ch01\nZuboff\, S. (2019). Surv eillance Capitalism—Überwachungskapitalismus. Aus Politik und Zeitgeschich te\, 24–26\, 4–9.\n DTEND;TZID=Europe/Berlin:20251228T171500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T163500 LOCATION:Fuse SUMMARY:Auf die Dauer hilft nur Power: Herausforderungen für dezentrale Ne tzwerke aus Sicht der Soziologie - Marco Wähner [de] UID:0425efd8-fec5-5dbc-860b-8478857dc9ac URL:https://events.ccc.de/congress/2025/hub/event/detail/auf-die-dauer-hilf t-nur-power-herausforderungen-fur-dezentrale-netzwerke-aus-sicht-der-sozio logie END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:HostileShop is a python-based tool for generating prompt inject ions and jailbreaks against LLM agents. I created HostileShop to see if I could use LLMs to write a framework that generates prompt injections again st LLMs\, by having LLMs attack other LLMs. It's LLMs all the way down. Ho stileShop generated prompt injections for a winning submission in OpenAI's GPT-OSS-20B RedTeam Contest. Since then\, I have expanded HostileShop to generate injections for the entire LLM frontier\, as well as to mutate jai lbreaks to bypass prompt filters\, adapt to LLM updates\, and to give advi ce on performing injections against other agent systems. In this talk\, I will give you an overview of LLM Agent hacking. I will cover LLM context w indow formats\, LLM agents\, agent vulnerability surface\, and the prompti ng and efficiency insights that led to the success of HostileShop.\n[Hosti leShop](https://github.com/mikeperry-tor/HostileShop) creates a simulated web shopping environment where an **attacker agent LLM** attempts to manip ulate a **target shopping agent LLM** into performing unauthorized actions . Crucially\, HostileShop does not use an LLM to judge attack success. Ins tead\, success is determined automatically and immediately by the framewor k\, which reduces costs and enables rapid continual learning by the attack er LLM.\n\nHostileShop is best at discovering **prompt injections** that i nduce LLM Agents to make improper "tool calls". In other words\, HostileSh op finds the magic spells that make LLM Agents call functions that they ha ve available to them\, often with the specific input of your choice.\n\nHo stileShop is also capable of [enhancement and mutation of "universal" jail breaks](https://github.com/mikeperry-tor/HostileShop?tab=readme-ov-file#pr ompts-for-jailbreakers). This allows **cross-LLM adaptation of universal j ailbreaks** that are powerful enough to make the target LLM become fully u nder your control\, for arbitrary actions. This also enables public jailbr eaks that have been partially blocked to work again\, until they are more comprehensively addressed.\n\nI created HostileShop as an experiment\, but continue to maintain it to let me know if/when LLM agents finally become secure enough for use in privacy preserving systems\, without the need to rely on [oppressive](https://runtheprompts.com/resources/chatgpt-info/chat gpt-is-reporting-your-prompts-to-police/) [levels of surveillance](https:/ /www.anthropic.com/news/activating-asl3-protections).\n DTEND;TZID=Europe/Berlin:20251228T181500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T173500 LOCATION:Fuse SUMMARY:A Quick Stop at the HostileShop - Mike Perry [en] UID:b3ef337e-bfb3-51bf-bcaa-0b2d697b9c7f URL:https://events.ccc.de/congress/2025/hub/event/detail/a-quick-stop-at-th e-hostileshop END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:While FPGA developers usually try to minimize the power consump tion of their designs\, we approached the problem from the opposite perspe ctive: what is the maximum power consumption that can be achieved or waste d on an FPGA? Short answer: we found that it’s easy to implement oscillato rs running at 6 GHz that can theoretically dissipate around 20 kW on a lar ge cloud FPGA when driving the signal to all the available resources. It i s interesting to note that this power density is not very far away from th at of the surface of the sun. However\, such power load jump is usually no t a problem as it will trigger some protection circuitry. This led us to t he next question: would a localized hotspot with such power density damage the chip if we remain within the typical power envelope of a cloud FPGA ( ~100 W)? While we could not “fry” the chip or induce permanent errors (and we tried several variants)\, we did observe that a few routing wires aged to become up to 70% slower in just a few days of stressing the chip. This basically means that such an FPGA cannot be rented out to cloud users wit hout risking timing violations.\nIn this talk\, we will present how we opt imized power wasting\, how we measured wire latencies with ps accuracy\, h ow we attacked 100 FPGA cloud instances and how we can protect FPGAs again st such DOS attacks.\nFPGA instances are now offered by multiple cloud ser vice providers (including Amazon EC2 F1/F2 instances\, Alibaba ECS Instanc es\, and Microsoft Azure NP-Series). The low-level programmability of FPGA s allows implementing new attack vectors including DOS attacks. While some severe attacks (such as short circuits) cannot be easily deployed as user s are prevented to load own configuration bitstreams on the cloud FPGAs\, it has been demonstrated that it is possible to leak information (like clo ud instance scheduling policies or the physical topologies of the FPGA ser vers) or to mount DoS attacks by excessive power hammering. For instance\, basically all cloud FPGAs provide logic cells that can be configured as s mall shift registers. This allows building toggle-shift-registers with 10K and more flip-flops\, which can draw over 1 KW power when clocked at a fe w hundred MHz. \nIn our work\, we created fast ring-oscillators that bypas s all design checks applied during bitstream cloud deployment and how we a chieved toggle rates of 8 GHz inside an FPGA by using glitch amplification . The latter one was calibrated with the help of a time-to-digital convert er (TDC).\nAs a first attack\, we used power hammering to crash AWS F1 ins tances by increasing power consumption to 300 W (three times the allowed p ower envelope). We used physical unclonable functions (PUFs) to examine th e behaviour of the attacked FPGA cloud instances and we found that most re mained unavailable for several hours after the attack.\nAs a more subtle a ttack\, we tried to cause permanent damage to FPGAs in our lab by driving fast toggling signals to virtually any available wire (and primitive) into a small region of the chip. With this\, we created hotspot designs that d raw 130 W in less than 1% of the available logic and routing resources of a datacenter FPGA. Even though the achieved power density was excessive\, it was insufficient to induce permanent damages. This is largely due to th e area inefficiencies of an FPGA that limit the power density. For instanc e\, FPGAs use large multiplexers to implement the switchable connections a nd there exists only one active path that is routed through the multiplexe rs\, hence\, leaving most of the transistors sitting idle. Similarly\, FPG As provide a large number of configuration memory cells (about 1 Gb on a t ypical datacenter device) that draw negligible power as these do not switc h during operation. All these idle elements force the power drawing circui ts to be spread out\, hence limiting power density. Anyway\, when experime nting with different hotspot variants\, we found thermal runaway effects a nd excessive device aging with up to a 70% increase in delay on some wires . We achieved this aging in just a few days and under normal operational c onditions (i.e. by staying within the available power budget and having bo ard cooling running). Such a large increase in latency can be considered t o render an FPGA useless as it will usually not be fast enough to host (re alistic) user designs.\nBeyond exploring these attack vectors\, we develop ed countermeasures and design guidelines to prevent such attacks. These in clude scans of the user designs\, use restrictions to resources like IOs a nd clock trees\, as well as runtime monitoring and FPGA health checks. Wit h this\, we believe that FPGAs can be operated securely and reliably in a cloud setting.\n DTEND;TZID=Europe/Berlin:20251228T195500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T191500 LOCATION:Fuse SUMMARY:How to render cloud FPGAs useless - Dirk [en] UID:039c6510-1a33-57fe-8bbf-08bcc31df8bb URL:https://events.ccc.de/congress/2025/hub/event/detail/how-to-render-clou d-fpgas-useless END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:The USA is demanding from all 43 countries in the "Visa Waiver Programme" (VWP)\, which enables visa-free travel\, to conclude an "Enhanc ed Border Security Partnership" (EBSP). This is intended to grant US autho rities direct access to police databases in these - mostly European - coun tries containing fingerprints\, facial images and other personal data. Any one who refuses this forced "border partnership" faces exclusion from the visa-free travel programme.\nThe US demand is unprecedented: even EU membe r states do not grant each other such extensive direct database access – n ormally the exchange takes place via the "hit/no-hit principle" with a sub sequent request for further data. This is how it works\, for example\, in the Prüm Treaty among all Schengen states\, which has so far covered finge rprints and DNA data and is now also being extended to facial images.\n\nT he EBSP could practically affect anyone who falls under the jurisdiction o f border authorities: from passport controls to deportation proceedings. U nder the US autocrat Donald Trump\, this is a particular problem\, as his militia-like immigration authority ICE is already using data from various sources to brutally persecute migrants – direct access to police data from VWP partners could massively strengthen this surveillance apparatus. Germ any alone might give access to facial images of 5.5 million people and fin gerprints of a similar dimension.\n\nThe USA has already tightened the Vis a Waiver Programme several times\, for instance in 2006 through the introd uction of biometric passports and in 2008 through the ESTA pre-registratio n requirement. In addition\, there were bilateral agreements for the excha nge of fingerprints and DNA profiles – however\, these may only be transmi tted in individual cases involving serious crime.\n\nExisting treaties suc h as the EU-US Police Framework Agreement are not applicable to the "Enhan ced Border Security Partnership"\, as it applies exclusively to law enforc ement purposes. It is also questionable how the planned data transfer is s upposed to be compatible with the strict data protection rules of the GDPR . The EU Commission therefore wants to negotiate a framework agreement on the EBSP that would apply to all member states. Time is running short: the US government has set VWP states a deadline of 31 December 2026. Some alr eady agreed on a bilateral level.\n DTEND;TZID=Europe/Berlin:20251228T205000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T201000 LOCATION:Fuse SUMMARY:Trump government demands access to European police databases and bi ometrics - Matthias Monroy [en] UID:f3ecee56-19f5-5c45-b5ec-799f710e0388 URL:https://events.ccc.de/congress/2025/hub/event/detail/trump-government-d emands-access-to-european-police-databases-and-biometrics END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:Zwischen offenen Briefen\, Massenmails\, Petitionen und Kaffee trinken : Zwei Ex-Insiderinnen aus dem Digitalausschuss und Bundestag erz ählen\, wie politische Einflussnahme wirklich funktioniert. Ein ehrlicher Blick hinter die Kulissen parlamentarischer Entscheidungsfindung – mit pra ktischen Tipps\, wie die Zivilgesellschaft ihre Energie dort einsetzt\, wo sie wirklich Wirkung entfaltet.\nZiel des Talks ist es\, ein realistische s Bild davon zu vermitteln\, wie parlamentarische Entscheidungsfindung fun ktioniert – und praktische Hinweise zu geben\, wie man Einfluss nehmen kan n\, ohne dabei Ressourcen zu verschwenden.\n\nWie bringt man politische Pr ozesse in Bewegung? Was passiert eigentlich mit einer Mail\, wenn sie an e inen Abgeordneten geht? Und wie unterscheidet sich konstruktive Interessen vertretung von übergriffigem Lobbyismus?\n\nIn diesem Talk berichten Anna Kassautzki (Mitglied des Bundestags von 2021 bis 2025\, stellvertretende V orsitzende des Digitalausschusses 20. LP) und Rahel Becker (ehemalige wiss enschaftliche Mitarbeiterin Digitales) aus der Innenperspektive parlamenta rischer Arbeit.\n\nChatkontrolle\, Data Act\, Recht auf Open Data\, DSGVO\ , es gab viel zu verhandeln in der letzten Legislaturperiode. Anna und Rah el waren mittendrin und geben einen Einblick in die hektische - teils abs urde Kommunikation mit Interessenvertretungen. Dabei liegt der Fokus immer auf der Frage: Welche Strategien braucht es\, damit zivilgesellschaftlich e Arbeit nicht verpufft?\n\nZugleich geht es um die strukturellen Fragen:\ nWo sind die Flaschenhälse für politischen Fortschritt? Wie priorisieren A bgeordnete in einem überfüllten Kalender? Und welche Hebel kann die (digit ale) Zivilgesellschaft sinnvoll nutzen\, um Gehör zu finden?\n\nDenn gerad e in Zeiten massiver digitalpolitischer Herausforderungen ist informierte\ , strategische Beteiligung notwendiger denn je. Ein Vortrag für alle\, die sich in politische Prozesse einmischen wollen.\n DTEND;TZID=Europe/Berlin:20251228T214500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T210500 LOCATION:Fuse SUMMARY:Power Cycles statt Burnout – Wie Einflussnahme nicht verpufft - Rah el Becker\, Anna Kassautzki [de] UID:d4b2186b-a1a9-521e-ac91-5dfe6deb2782 URL:https://events.ccc.de/congress/2025/hub/event/detail/power-cycles-statt -burnout-wie-einflussnahme-nicht-verpufft END:VEVENT BEGIN:VEVENT CATEGORIES:Art & Beauty\, Talk CLASS:PUBLIC DESCRIPTION:Milliarden von Kameras produzieren täglich Bilder\, die zunehme nd von Maschinen analysiert werden. In dieser Lecture Performance beleucht en wir die Entwicklung des maschinellen Sehens – von den frühen algorithmi schen Ansätzen bis zu den heutigen Anwendungen – und schauen\, wie verschi edene Künstler:innen diese Technologien nutzen und reflektieren. Anhand de r beiden Arbeiten „Throwback Environment” und „Fomes Fomentarius Digitalis ” betrachten wir die Nutzung des maschinellen Sehens in einem künstlerisch en Feedback-Loop. Die Arbeiten machen sichtbar\, was die eingesetzten Algo rithmen sehen und in welchen Mustern sie operieren.\nUnmengen an Bilder we rden Täglich in die Netzwerke hochgeladen. Doch nicht nur Menschen betrach ten diese Bilder\, auch Maschinen analysieren und „betrachten" sie. Wie fu nktioniert dieses maschinelle „Sehen" und wie wurde dieses den Computern b eigebracht?\nDiese Lecture Performance gibt einen Überblick über die Entwi cklung des maschinellen Sehens. Nach einem kurzen Einblick in die geschich tliche Entwicklung – von den ersten Ansätzen bis zu heutigen Anwendungen – betrachten wir\, wie diese Technologien in unterschiedlichsten künstleris chen Arbeiten eingesetzt werden. Was reflektieren diese Arbeiten jenseits der reinen Anwendung von Machine Vision Algorithmen?\nAnhand der beiden Ar beiten "Throwback Environment" und "Fomes Fomentarius Digitalis" betrachte n wir\, wie Machine Vision in einem künstlerischen Feedbackloop genutzt wo rden ist und wie uns dies Perspektiven auf die Funktionsweise dieser Algor ithmen eröffnet. Die Arbeiten machen sichtbar\, was die Eingesetzten Algho rithmen sehen\, in welchen Mustern sie operieren. Sie zeigen auch\, wo ihr e Grenzen liegen und was das ganze mit Baumpilzen zu tun hat.\n DTEND;TZID=Europe/Berlin:20251228T224500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T220500 LOCATION:Fuse SUMMARY:Machine Vision – Vom Algorithmus zum Baumpilz im digitalen Metaboli smus - Thomas Knüsel [de] UID:34f3d9a6-9164-58df-81e6-51c112362a89 URL:https://events.ccc.de/congress/2025/hub/event/detail/machine-vision-vom -algorithmus-zum-baumpilz-im-digitalen-metabolismus END:VEVENT BEGIN:VEVENT CATEGORIES:Entertainment\, Game show CLASS:PUBLIC DESCRIPTION:Come on stage and present things you are very bad in. Or just m ediocre. Get raging applause and love from the audience!\nHosted by the dr ag-quings Norman Müller-Schmitz and James Bonne d'age this open stage cele brates trying\, failing and the beauty of discovering hidden Talents toget her when the most beautiful cuties from the audience enter the stage to tr y something they have absolutely no experience in.\nThe show is an open fo rmat that gives people the space to show themselves\, be visible and make themselves vulnerable. We bring a queer format that celebrates people for simply being humans to Hamburgs neighborhood pubs\, autonomous stages and other easily accessible spaces. In doing so it's explicitly anti-capitalis t\, builds communities and unlikely alliances.\nNot just in the hacker/CCC community we applaud the cool things people can do: The big stage is ofte n reserved for outstanding achievements\; attention and social credits usu ally go to those who already have the network and skills. While we conside r celebrating success to be absolutely necessary\, we see the need to give people space to try things out\, to fail publicly without having to be as hamed\, and to celebrate Imperfection. Stage presence comes from trying on stage\, and the Maybe Talent Show is the place where this is possible for everyone. Inclusive\, hilarious and without making fun of anyone. Promise .\n DTEND;TZID=Europe/Berlin:20251229T003000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T230000 LOCATION:Fuse SUMMARY:The Maybe Talent Show - Norman Müller-Schmitz\, lukas-schmukas\, Ja mes Bonne d'age [en] [NOT RECORDED] UID:ce60f89c-fcdb-577f-89c2-5beb11b88ca7 URL:https://events.ccc.de/congress/2025/hub/event/detail/the-maybe-talent-s how END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:In this talk\, I will describe how my team and I systematically exploited around a dozen home-rolled network encryption protocols used by popular mobile apps like RedNote\, Alipay\, and some of the most popular mobile browsers in China to encrypt sensitive information. I'll demonstrat e how network eavesdroppers could access users' browsing history and mobil e activity.\n\nThis is a systemic issue\; despite our work on the above pr otocols and the resulting vulnerability disclosures\, this plague of home- rolled and proprietary encryption is still at large. I will end by discuss ing how we got here\, re-affirm the age-old adage\, “Don’t roll your own c rypto!”\, and call on hackers around the world to help us move towards HTT PS everywhere.\nTLS is not as universal as we might think. Applications wi th hundreds of millions of active users continue to use insecure\, home-ro lled proprietary network encryption to protect sensitive user data. This t alk demonstrates that this is a widespread and systemic issue affecting a large portion of the most popular applications in the world. These issues are particularly concentrated in mobile applications developed in China\, which have been overlooked by the global security community despite their massive popularity and influence.\n\nWe found that 47.6% of top Mi Store a pplications used proprietary network cryptography without any additional e ncryption\, compared to only 3.51% of top Google Play Store applications. We analyzed the most popular of these protocols\, including cryptosystems designed by Alibaba\, iQIYI\, Kuaishou\, and Tencent. Of the top 9 protoco l families\, we discovered vulnerabilities in 8 that allowed network eaves droppers to decrypt underlying data. We also discovered additional vulnera bilities in several other protocols used by apps with hundreds of millions of users.\n\nThrough the vulnerabilities fixed as a result of this work\, this research has directly improved the network security of up to one bil lion people. However\, there were hundreds more proprietary protocols used by popular applications that we discovered. Verifying all of their securi ty through manual reverse-engineering and vulnerability reporting is not f easible at this scale. What can we do as a community to fix this systemic issue and prevent such failures from occurring in the future?\n DTEND;TZID=Europe/Berlin:20251228T120000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T110000 LOCATION:One SUMMARY:Protecting the network data of one billion people: Breaking network crypto in popular Chinese mobile apps - Mona [en] [NOT RECORDED] UID:a19d5bca-7949-5353-abaf-1c43655f7c26 URL:https://events.ccc.de/congress/2025/hub/event/detail/protecting-the-net work-data-of-one-billion-people-breaking-network-crypto-in-popular-chinese -mobile-apps END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:We present a comprehensive security assessment of Unitree's rob otic ecosystem. We identified and exploited multiple security flaws across multiple communication channels\, including Bluetooth\, LoRa radio\, WebR TC\, and cloud management services. Besides pwning multiple traditional bi nary or web vulnerabilities\, we also exploit the embodied AI agent in the robots\, performing prompt injection and achieve root-level remote code e xecution. Furthermore\, we leverage a flaw in cloud management services to take over any Unitree G1 robot connected to the Internet. By deobfuscatin g and patching the customized\, VM-based obfuscated binaries\, we successf ully unlocked forbidden robotic movements restricted by the vendor firmwar e on consumer models such as the G1 AIR. We hope our findings could offer a roadmap for manufacturers to strengthen robotic designs\, while arming r esearchers and consumers with critical knowledge to assess security in nex t-generation robotic systems.\nUnitree is among the highest-volume makers of commercial robots\, and their newest humanoid platforms ship with multi ple control stacks and on-device AI agents. If the widespread\, intrusive presence of these robots in our lives is inevitable\, should we take the i nitiative to ensure they are completely under our control? What paths migh t attackers use to compromise these robots\, and to what extent could they threaten the physical world?\n\nIn this talk\, we first map the complete attack surface of Unitree humanoids\, covering hardware interfaces\, near- field radios and Internet-accessible channels. We demonstrate how a local attacker can hijack a robot by exploiting vulnerabilities in short-range r adio communications (Bluetooth\, LoRa) and local Wi-Fi. We also present a fun exploit of the embodied AI in the humanoid: With a single spoken/text sentence\, we jailbreak the on-device LLM Agent and pivot to root-priviled ged remote code execution. Combined with a flaw in the cloud management se rvice\, this forms a full path to gain complete control over any Unitree r obot connected to the Internet\, obtaining root shell\, camera livestreami ng\, and speaker control.\n\nTo achieve this\, we combined hardware inspec tion\, firmware extraction\, software-defined radio tooling\, and deobfusc ation of customized\, VM-based protected binaries. This reverse engineerin g breakthrough also allowed us to understand the overall control logic\, p atch decision points\, and unlock advanced robotic movements that were del iberately disabled on consumer models like G1 AIR.\n\nTakeaways. Modern hu manoids are networked\, AI-powered cyber-physical systems\; weaknesses acr oss radios\, cloud services\, and on-device agents could allow attackers t o remotely hijack robot operations\, extract sensitive data or camera live streams\, or even weaponize the physical capabilities. As robotics continu e their transition from controlled environments to everyday applications\, our work highlights the urgent need for security-by-design in this emergi ng technology landscape.\n DTEND;TZID=Europe/Berlin:20251228T131500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T121500 LOCATION:One SUMMARY:Skynet Starter Kit: From Embodied AI Jailbreak to Remote Takeover o f Humanoid Robots - Shipei Qu\, Zikai Xu\, Xuangan Xiao [en] UID:e6837a00-672c-532b-9bfa-319453667c03 URL:https://events.ccc.de/congress/2025/hub/event/detail/skynet-starter-kit -from-embodied-ai-jailbreak-to-remote-takeover-of-humanoid-robots END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:Trump has staged an unscheduled\, midair rapid disassembly of t he global system of trade. Ironically\, it is this system that prevented a ll of America's trading partners from disenshittifying their internet: the US trade representative threatened the world with tariffs unless they pas sed laws that criminalized reverse-engineering and modding. By banning "ad versarial interoperability\," America handcuffed the world's technologists \, banning them from creating the mods\, hacks\, alt clients\, scrapers\, and other tools needed to liberate their neighbours from the enshittificat ory predations of the ketamine-addled zuckermuskian tyrants of US Big Tech .\n\nWell\, when life gives you SARS\, you make sarsaparilla. The Trump ta riffs are here\, and it's time to pick the locks on the those handcuffs an d set the world's hackers loose on Big Tech. Happy Liberation Day\, everyo ne!\nEnshittification wasn't an accident. It also wasn't inevitable. This isn't the iron laws of economics at work\, nor is it the great forces of h istory.\n\nEnshittification was a choice: named individuals\, in living me mory\, enacted policies that created the enshittogenic environment. They c reated a world that encouraged tech companies to merge to monopoly\, trans forming the internet into "five giant websites\, each filled with screensh ots of the other four." They let these monopolists rip us off and spy on u s.\n\nAnd they banned us from fighting back\, claiming that anyone who mod ified a technology without permission from its maker was a pirate (or wors e\, a terrorist). They created a system of "felony contempt of business-mo del\," where it's literally a crime to change how your own devices work. T hey declared war on the general-purpose computer and demanded a computer t hat would do what the manufacturer told it to do (even if the owner of the computer didn't want that).\n\nWe are at a turning point in the decades-l ong war on general-purpose computing. Geopolitics are up for grabs. The fu ture is ours to seize.\n\nIn my 24 years with EFF\, I have seen many stran ge moments\, but never one quite like this. There's plenty of terrifying t hings going on right now\, but there's also a massive\, amazing\, incredib ly opportunity to seize the means of computation.\n\nLet's take it. '\n DTEND;TZID=Europe/Berlin:20251228T143000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T133000 LOCATION:One SUMMARY:A post-American\, enshittification-resistant internet - Cory Doctor ow [en] UID:c9f5a6df-6c79-5492-b3e0-110347358445 URL:https://events.ccc.de/congress/2025/hub/event/detail/a-post-american-en shittification-resistant-internet END:VEVENT BEGIN:VEVENT CATEGORIES:Hardware\, Talk CLASS:PUBLIC DESCRIPTION:In this talk\, we will give an introduction into the project (i .e. how it all started at 38c3 and why we are here now)\, provide an in-de pth review of how the development process of our pager worked and what our future goals are.\n\nIn our introduction\, we will talk about the origin and exploration phase of the inital pager idea (i.e. how we went from the idea of bringing POCSAG Pager transmitter to 38c3\, over a cable-bound pro totype\, to a first working pager on a proper PCB). We will also present o ur plans of connecting our POCSAG transmitter infrastructure to THOT (CERT s own dispatch software).\n\nFor our in-depth review about the project\, w e explain how we encountered major reception problems\, how we analyzed th em at easterhegg22 and conducted experiments there\, and why we are opting for a custom HF frontend design instead of an already-made one from chine se vendors. Moreover\, we provide an overview of our transmitter devices a nd give some advice on how to replicate those.\n\nLastly\, we will discuss further challenges and what our next goals are.\n\nIf we are reaching our milestone until 39c3\, we will also give a live demo of the system.\nAt 3 8c3\, we conducted an experiment to test out our self-built POCSAG Pager i nfrastructure. Together with DL0TUH and CERT\, we are now working on an op en pager solution leveraging well-known components in the maker commmunity (e.g. ESP32\, SX1262) to support the alarming of action forces at c3 even ts. In this talk\, we will guide you through the process of developing suc h a project\, problems that are occuring and what our future plans are.\n DTEND;TZID=Europe/Berlin:20251228T152500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T144500 LOCATION:One SUMMARY:Chaospager - How to construct an Open Pager System for c3 - Max\, J ulian [en] UID:f9204594-d3f2-5c45-ba71-542a99eb9e5d URL:https://events.ccc.de/congress/2025/hub/event/detail/chaospager-how-to- construct-an-open-pager-system-for-c3 END:VEVENT BEGIN:VEVENT CATEGORIES:Hardware\, Talk CLASS:PUBLIC DESCRIPTION:This talk presents Apple's link-layer protocol Low-Latency WiFi and how it achieves its real-time capabilities to enable Continuity featu res like Sidecar Display and Continuity Camera. We make more kernel loggin g available on iOS and build a log aggregator that combines and aligns sys tem- and network-level log sources from iOS and macOS.\nApple's Continuity features make up a big part of their walled garden. From AirDrop and Hand off to AirPlay\, they all connect macOS and iOS devices wirelessly. In rec ent years\, security researchers have opened up several of these features showing that the Apple ecosystem is technically compatible with third-part y devices.\n\nIn this talk\, we present the internal workings of Low-Laten cy WiFi (LLW) – Apple's link-layer protocol for several real-time Continui ty features like Continuity Camera and Sidecar Display. We talk about the concepts behind LLW\, how it achieves its low-latency requirement and how we got there in the reverse engineering process.\n\nWe also present the to oling we built to enable more kernel-level tracing and logging on iOS thro ugh a reimplementation of cctool from macOS and the source code of trace t hat was buried deep inside of Apple’s open-source repository system_cmds. We build a log aggregator that combines various kernel- and user-space tra ces\, log messages and pcap files from both iOS and macOS into a single fi le and finally investigate the network stack on Apple platforms that is im plemented in both user- and kernel space. There we find interesting config uration values of LLW that make it the go-to link-layer protocol for Apple 's proprietary real-time Continuity applications.\n DTEND;TZID=Europe/Berlin:20251228T162000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T154000 LOCATION:One SUMMARY:Cracking open what makes Apple's Low-Latency WiFi so fast - Henri J äger [en] UID:c8fe18e8-6cd5-5354-aad7-1a51e64fd529 URL:https://events.ccc.de/congress/2025/hub/event/detail/cracking-open-what -makes-apple-s-low-latency-wifi-so-fast END:VEVENT BEGIN:VEVENT CATEGORIES:CCC & Community\, Talk CLASS:PUBLIC DESCRIPTION:Das war nicht das Jahr 2025\, das wir bestellt hatten.\n2025 wa r ein gutes Jahr für Exploits\, kein gutes Jahr für die Freiheit und ein h erausragendes für schlechte Ideen. Regierungen kämpften weiter für Massenü berwachung\, natürlich mit KI-Unterstützung™. Kriege wurden weiter „digita lisiert“\, Chatkontrolle als Kinderschutz verkauft\, Waffensysteme haben i nzwischen mehr Autonomie als die meisten Bürger*innen und künstliche Intel ligenz löst endlich alle Probleme – vor allem die\, die bisher niemand hat te.\n DTEND;TZID=Europe/Berlin:20251228T181500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T163500 LOCATION:One SUMMARY:CCC-Jahresrückblick - Constanze Kurz\, khaleesi\, Matthias Marx\, L inus Neumann\, erdgeist [de] UID:49b35210-41ea-547d-86da-1ca62612c7b6 URL:https://events.ccc.de/congress/2025/hub/event/detail/ccc-jahresruckblic k END:VEVENT BEGIN:VEVENT CATEGORIES:Hardware\, Talk CLASS:PUBLIC DESCRIPTION:Why is electronics manufacturing hard? Can it ever be made easy and more accessible? What will it take to relocate industrial production to Europe?\n\nWe share with you what we learned when we spent more than 1 year setting up our own production line in our office in Hamburg. Turns ou t a lot of the difficulties are rarely talked about or hidden behind "manu facturing is high CAPEX". \n\nCome and learn with us the nitty gritty deta ils of batch reflow ovens\, stencil printing at scale\, and how OpenPnP is a key enabler in our process. While we are far from done with this work\, we hope to see others replicate it and collectively reclaim the ownership of the means of electronics production.\nOur industry needs a reboot as w ell\, it no longer serves the people.\n\nOur work is based on our belief t hat high-quality high-mix/low volume manufacturing of electronics in Europ e is economically viable and accessible to small companies with a lower-th an-expected up-front investment.\n\nWe believe that relocation of industry to Europe depends on small innovative companies\, and will not come from slow and bloated industry giants whose products are victims of enshittific ation and maximum profit extraction.\n\nBy using open-source hardware and software whenever possible\, we are attempting to set up our own productio n operation in Hamburg and we want to share the solutions and enable other s to do the same and collectively reclaim ownership of the means of produc tion.\n\nWe will cover:\n- How we acquired and set up production machines\ , their costs\, and our learnings\n- Quirks of paste printing and reflow s oldering at scale (up to 50 batches a day)\n- Component inventory\, tracki ng\, DfM\, etc.\n- How OpenPnP is a key enabler of our prcesses\n - Our proposed changes to OpenPnP\n - Our work integrated Siemens Siplace Fe eders in OpenPnP\n\nCheck out our ressources on the topic at https://eilbe k-research.de/blog/thank-you-for-attending-our-talk-at-39c3/\n DTEND;TZID=Europe/Berlin:20251228T195500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T191500 LOCATION:One SUMMARY:In-house electronics manufacturing from scratch: How hard can it be ? - Augustin Bielefeld\, Alexander Willer [en] UID:151d4fb0-5d25-586b-8063-c7706bbd9094 URL:https://events.ccc.de/congress/2025/hub/event/detail/in-house-electroni cs-manufacturing-from-scratch-how-hard-can-it-be END:VEVENT BEGIN:VEVENT CATEGORIES:Art & Beauty\, Theater / Performance CLASS:PUBLIC DESCRIPTION:"freiheit.exe“ ist eine Lecture über die ideologischen Rootkits des Silicon Valley. Sie schlägt den Bogen von den italienischen Futuriste n zu den heutigen Tech-Feudalisten\, vom Akzelerationismus zur Demokraties kepsis der Libertären\, von Tolkien zur PayPal-Mafia. \nBasierend auf den Recherchen zu meinem Theaterstück "freiheit.exe. Utopien als Malware"\, in dem journalistische Analyse auf performative Darstellung trifft.\nIch la de das CCC-Publikum ein\, die Betriebssysteme hinter unseren Betriebssyste men zu untersuchen.\nWährend wir uns mit Verschlüsselung\, Datenschutz und digitaler Selbstbestimmung beschäftigen\, installieren Tech-Milliardäre i hre Weltanschauungen als Default-Einstellungen unserer digitalen Infrastru ktur. Die Recherchen beleuchten die mitgelieferte Malware.\n\nIch navigier e durch die Ideengeschichte zwischen Marinettis Futuristischem Manifest (1 909) und Musks Mars-Kolonien\, von den ersten Programmiererinnen zur Erobe rung des Alls\, von neoliberalen Think Tanks zur Schuldenbremse\, von nati onalen Christen zu Pronatalisten.\nInvestigative Recherche trifft auf perf ormative Vermittlung. \nMit O-Tönen von Peter Thiel\, Nick Land und andere n zeigt die Lecture ideologische Verbindungslinien zwischen Theoretikern a utoritär-technoider Träume und den Visionen der Tech-Oligarchen auf:\n\nEs geht um „Freedom Cities“\, Steuerflucht und White Supremacy.\nUm Transhum anismus als Upgrade-Zwang bis hin zu neo-eugenischen Gedanken.\nUm Akzeler ation als politische Strategie: Geschwindigkeit statt Reflexion\, Disrupti on statt Demokratie\, Kolonisierung – jetzt auch digital.\n\nAus Theaterpe rspektive betrachte ich das Revival der Cäsaren und die Selbstinszenierung von Tech-CEOs als Künstler\, Priester oder Genies. \nUnd mit der Investig ativ Reporterin Sylke Grunwald habe ich recherchiert\, was all das mit den Debatten rund um Palantir zu tun hat.\n\nDie scheinbar alternativlose Log ik von "Move Fast and Break Things" ist nicht unvermeidlich – sie ist gewo llt\, gestaltet\, ideologisch aufgeladen.\n DTEND;TZID=Europe/Berlin:20251228T205000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T201000 LOCATION:One SUMMARY:freiheit.exe - Utopien als Malware - Christiane Mudra [de] UID:4c285dd4-58fc-5378-9434-628f7871ee9f URL:https://events.ccc.de/congress/2025/hub/event/detail/freiheit-exe-utopi en-als-malware END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:Was passiert\, wenn staatliche Domains auslaufen - und plötzlic h jemand anderes sie besitzt?\nIn diesem Vortrag wird berichtet\, wie mehr ere ehemals offizielle\, aber unregistrierte Domains deutscher Bundesminis terien und Behörden erworben werden konnten - und welche Datenströme dadur ch sichtbar wurden. Über Monate hinweg konnten so DNS-Anfragen aus Netzen des Bundes empfangen werden - ein erhebliches Sicherheitsrisiko. Unter and erem da es so möglich war Accounts zu übernehmen\, Validierungen von E-Mai lsignaturen zu manipulieren\, Anfrage umzuleiten und im Extremfall Code au f Systemen auszuführen.\n(Keine sensiblen Daten werden veröffentlicht\; de r Fokus liegt auf Forschung\, Aufklärung und verantwortungsvollem Umgang m it den Ergebnissen.)\nIm Rahmen der Untersuchung zeigten sich nicht nur Fe hlkonfigurationen\, sondern auch Phänomene wie Bitsquatting und Typoquatti ng innerhalb der Verwaltungsnetze. Mit dem Betrieb eines DNS-Servers und d em Erwerb von bund.ee (naher Typosquatting/Bitquatting zu bund.de) konnten u.a. zahlreiche DNS-Anfragen von Servern des Bundesministerium des Innern (BMI) und weiterer Einrichtungen des Bundes empfangen werden.\n\nDer Vort rag beleuchtet die technischen und organisatorischen Schwachstellen\, die hinter solchen Vorgängen stehen - und zeigt\, wie DNS-Details Einblicke in die IT-Infrastruktur des Staates ermöglichen können. Abgerundet wird das Ganze durch praktische Beispiele\, Datenanalysen und Empfehlungen\, wie si ch ähnliche Vorfälle künftig vermeiden lassen.\n\nIn anderen Ländern sind gov-Domains als TLDs längst üblich (bspw. gov.uk) - in Deutschland ist bun d.de oder gov.de allerdings nicht so verbreitet wie man glaubt\, unter and erem da Bundesministerien eigene Domains nutzen oder nach Regierungsbildun g umbenannt werden.\n DTEND;TZID=Europe/Berlin:20251228T214500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T210500 LOCATION:One SUMMARY:Verlorene Domains\, offene Türen - Was alte Behördendomains verrate n - Tim Philipp Schäfers (TPS) [de] UID:6a747cc1-1320-5027-b7f9-050a6f3b2134 URL:https://events.ccc.de/congress/2025/hub/event/detail/verlorene-domains- offene-turen-was-alte-behordendomains-verraten END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:We pointed a commercial-off-the-shelf satellite dish at the sky and examined all of the geostationary satellite communications visible fr om our vantage point. A shockingly large amount of sensitive traffic is be ing broadcast unencrypted\, including critical infrastructure\, internal c orporate and government communications\, private citizens’ voice calls and SMS\, and consumer Internet traffic from in-flight wifi and mobile networ ks.\nIn this talk\, we will cover our hardware setup\, alignment technique s\, our parsing code\, and survey some of the surprising finds in the data . This talk will include some previously unannounced results. This data can be passively observed by anyone with a few hundred dollars of consumer -grade hardware. There are thousands of geostationary satellite transponde rs globally\, and data from a single transponder may be visible from an ar ea as large as 40% of the surface of the earth.\n DTEND;TZID=Europe/Berlin:20251228T224500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T220500 LOCATION:One SUMMARY:Don’t look up: There are sensitive internal links in the clear on G EO satellites - Nadia Heninger\, Annie Dai [en] UID:832b4de9-1ee3-5905-a4dc-692a71ac87d3 URL:https://events.ccc.de/congress/2025/hub/event/detail/don-t-look-up-ther e-are-sensitive-internal-links-in-the-clear-on-geo-satellites END:VEVENT BEGIN:VEVENT CATEGORIES:Hardware\, Talk CLASS:PUBLIC DESCRIPTION:Xous is a message-passing microkernel implemented in pure Rust\ , targeting secure embedded applications. This talk covers three novel asp ects of the OS: hardware MMU support (and why we had to make our own chip to get this feature)\, how and why we implemented the Rust standard librar y in Rust (instead of calling the C standard library\, like most other Rus t platforms)\, and how we combine the power of Rust semantics with virtual memory to create safe yet efficient asynchronous messaging primitives. We conclude with a short demo of the OS running on a new chip\, the "Baochip -1x"\, which is an affordable\, mostly-open RTL SoC built in 22nm TSMC\, c onfigured expressly for running Xous.\nThe world is full of small\, Intern et-of-Things (IoT) gadgets running embedded operating systems. These devic es generally fall into two categories: larger devices running a full opera ting system using an MMU which generally means Linux\, or smaller devices running without an MMU using operating systems like Zephyr\, chibios\, or rt-thread\, or run with no operating system at all. The software that unde rpins these projects is written in C with coarse hardware memory protectio n at best. As a result\, these embedded OSes lack the security guarantees and/or ergonomics offered by modern languages and best practices.\n\nThe X ous microkernel borrows concepts from heavier operating systems to moderni ze the embedded space. The open source OS is written in pure Rust with min imal dependencies and an emphasis on modularity and simplicity\, such that a technically-savvy individual can audit the code base in a reasonable pe riod of time. This talk covers three novel aspects of the OS: its incorpor ation of hardware memory virtualization\, its pure-Rust standard library\, and its message passing architecture.\n\nDesktop OSes such as Linux requi re a hardware MMU to virtualize memory. We explain how ARM has tricked us into accepting that MMUs are hardware-intensive features only to be found on more expensive “application” CPUs\, thus creating a vicious cycle where cheaper devices are forced to be less safe. Thanks to the open nature of RISC-V\, we are able to break ARM’s yoke and incorporate well-established MMU-based memory protection into embedded hardware\, giving us security-fi rst features such as process isolation and encrypted swap memory. In order to make Xous on real hardware more accessible\, we introduce the Baochip- 1x\, an affordable\, mostly-open RTL 22nm SoC configured expressly for the purpose of running Xous. The Baochip-1x features a Vexriscv CPU running a t 400MHz\, 2MiB of SRAM\, 4MiB of nonvolatile RRAM\, and a quad-core RV32E -derivative I/O accelerator called the “BIO”\, based on the PicoRV clocked at 800MHz.\n\nMost Rust targets delegate crucial tasks such as memory all ocation\, networking\, and threading to the underlying operating system’s C standard library. We want strong memory safety guarantees all the way do wn to the memory allocator and task scheduler\, so for Xous we implemented our standard library in pure Rust. Adhering to pure Rust also makes cross -compilation and cross-platform development a breeze\, since there are no special compiler or linker concerns. We will show you how to raise the sta ndard for “Pure Rust” by implementing a custom libstd.\n\nXous combines th e power of page-based virtual memory and Rust’s strong borrow-checker sema ntics to create a safe and efficient method for asynchronous message passi ng between processes. This inter-process communication model allows for ea sy separation of different tasks while keeping the core kernel small. This process maps well onto the Rust "Borrow / Mutable Borrow / Move" concept and treats object passing as an IPC primitive. We will demonstrate how thi s works natively and give examples of how to map common programming algori thms to shuttle data safely between processes\, as well as give examples o f how we implement features such as scheduling and synchronization primiti ve entirely in user space.\n\nWe conclude with a short demo of Xous runnin g on the Baochip-1x\, bringing Xous from the realm of emulation and FPGAs into everyday-user accessible physical silicon.\n DTEND;TZID=Europe/Berlin:20251228T234000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T230000 LOCATION:One SUMMARY:Xous: A Pure-Rust Rethink of the Embedded Operating System - bunnie \, Sean "xobs" Cross [en] UID:d92af8c4-40fb-54e2-9535-bcc683f4a010 URL:https://events.ccc.de/congress/2025/hub/event/detail/xous-a-pure-rust-r ethink-of-the-embedded-operating-system END:VEVENT BEGIN:VEVENT CATEGORIES:Art & Beauty\, Talk CLASS:PUBLIC DESCRIPTION:Join bleeptrack for a deep dive into the fascinating world of p rocedural generation beyond the screen. From stickers and paper lanterns t o PCBs\, furniture\, and even physical procedural generators\, this talk e xplores the challenges and creative possibilities of bringing generative p rojects into tangible form.\nIn this talk\, I will share practical insight s from developing procedural generation tools for physical objects: rangin g from stickers and paper lanterns to printed circuit boards and even furn iture. I will outline key challenges and considerations when generating de signs for fabrication tools such as laser cutters or pen plotters\, as wel l as how to adapt procedural systems so they can be reproduced by a wide a udience (not everyone has access to CNC machines or industrial equipment\, sadly!).\n\nBeyond technical considerations\, I aim to encourage attendee s to translate their own generative ideas into tangible artifacts and to f oster a culture of open-sourcing and knowledge sharing within the communit y.\n DTEND;TZID=Europe/Berlin:20251229T003500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251228T235500 LOCATION:One SUMMARY:Code to Craft: Procedural Generation for the Physical World - bleep track [en] UID:6938a1f1-4ee3-5fca-ae37-d59274e529de URL:https://events.ccc.de/congress/2025/hub/event/detail/code-to-craft-proc edural-generation-for-the-physical-world END:VEVENT BEGIN:VEVENT CATEGORIES:Entertainment\, Game show CLASS:PUBLIC DESCRIPTION:KIs (bzw. LLMs) wirken immer menschlicher. Schon längst ist es schwer bis unmöglich zu erkennen\, ob ein Text von einer KI oder einem Men schen geschrieben wurde. Maschinen dringen immer mehr in den menschlichen Diskurs ein. Wir wollen das nicht länger hinnehmen und drehen den Spieß um .\nIn unserem Reverse-Turing-Test schlüpfen die Teilnehmenden in die Rolle einer KI und versuchen so robotisch-menschlich wie möglich zu klingen. In einer anschließenden Blindstudie prüfen wir\, wer sich am besten unter KI s mischen und beim nächsten Robot Uprising die Spionin der Wahl wäre.\n\nH umor\, Kreativität und ein Hang zu allgemeingültigen\, nichtssagenden Flos keln sind die perfekten Voraussetzungen! Ein digitales Endgerät (Smartphon e\, Tablet\, Laptop\, …) reicht zum Mitspielen aus.\n DTEND;TZID=Europe/Berlin:20251229T023000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T010000 LOCATION:One SUMMARY:GPTDash – Der Reverse-Turing-Test - Benny\, KI-lian\, BratscherBen [de] UID:9c8bec33-f71a-5090-857d-1648a027c8a9 URL:https://events.ccc.de/congress/2025/hub/event/detail/gptdash-der-revers e-turing-test END:VEVENT BEGIN:VEVENT CATEGORIES:CCC & Community\, Talk CLASS:PUBLIC DESCRIPTION:Jedes Jahr zwischen Weihnachten und Neujahr treffen sich tausen de Hacker*innen zum Chaos Communication Congress in Hamburg. Der Azubi-Tag ist eine günstige Gelegenheit für Auszubildende\, den Congress zu besuche n\, den CCC kennenzulernen und viel über IT-Security\, Technik und Gesells chaft zu lernen. Wir freuen uns\, diesen Tag nun zum dritten Mal anbieten zu können.\nWeitere Informationen findest du auf [https://events.ccc.de/co ngress/2025/infos/azubi-tag.html](https://events.ccc.de/congress/2025/info s/azubi-tag.html)\n DTEND;TZID=Europe/Berlin:20251229T104500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T093000 LOCATION:Ground SUMMARY:Azubi-Tag Einführung [de] [NOT RECORDED] UID:970c40cb-3332-5e64-97f4-465a56f1b96a URL:https://events.ccc.de/congress/2025/hub/event/detail/azubi-tag-einfuhru ng END:VEVENT BEGIN:VEVENT CATEGORIES:Hardware\, Talk CLASS:PUBLIC DESCRIPTION:3D-Printers have given us all the unprecedented ability to manu facture mechanical parts with a very low barrier to entry. The only thing between your idea and its physical manifestation is the process of design ing the parts. However\, this is actually a topic of incredible depth: Des ign engineering is a whole discipline to itself\, built on top of tons and tons of heuristics to produce shapes that are functional\, strong\, and i mportantly: well-manufacturable\n\nIn this talk\, I will present the rules for designing well-printable parts and touch on other areas of design con siderations so you can learn to create parts that work first try and can b e reproduced by others on their 3d-printers easily.\nOver the years\, the 3d-printing community has discovered many tricks and rules that help creat ing parts that can be printed well and fulfill their purpose as best as po ssible. I started collecting these rules and wrote an article guide to mak e this knowledge more accessible. I want to present the most important pri nciples and the mindset that is needed to achieve perfected design.\n\nThi s is not about how to use a CAD program to design a part — but rather abou t the thought process of the design engineer while drawing up a part. A t hough process that consists of compromises between many objectives\, of he uristic rules\, and many neat little tricks.\n\nThe article that this talk is based on can be found on my blog: https://blog.rahix.de/design-for-3d- printing/\n DTEND;TZID=Europe/Berlin:20251229T114000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T110000 LOCATION:Ground SUMMARY:Design for 3D-Printing - rahix [en] UID:1adb7e54-9bc5-5947-a7ff-dc286b0b14c2 URL:https://events.ccc.de/congress/2025/hub/event/detail/design-for-3d-prin ting END:VEVENT BEGIN:VEVENT CATEGORIES:Art & Beauty\, Talk CLASS:PUBLIC DESCRIPTION:when datasets are scaled up to the volume of (partial) internet \, together with the idea that scale will average out the noise\, large d ataset builders came up with a human-not-in-the-loop\, cheaper-than-cheap- labor method to clean the datasets: heuristic filtering. Heuristics in thi s context are basically a set of rules came up by the engineers with their imagination and estimation to work best for their perspective of “cleanin g”. Most datasets use heuristics adopted from existing ones\, then add som e extra filtering rules for specific characteristics of the datasets. I wo uld like to invite you to have a taste together of these silent\, anonymou s yet upheld estimations and not-guaranteed rationalities in current socio technical artifacts\, and on for whom these estimations are good-enough\, as it will soon be part our technological infrastructures.\nIn 1980s\, non -white women’s body size data was categorized as dirty data when establish ing the first women's sizing system in US. Now in the age of GPT\, what is considered as dirty data and how are they removed from massive training m aterials?\n\nDatasets nowadays for training large models have been expande d to the volume of (partial) internet\, with the idea of “scale averages out noise”\, these datasets were scaled up by scrabbling whatever availabl e data on the internet for free then “cleaned” with a human-not-in-the-loo p\, cheaper-than-cheap-labor method: heuristic filtering. Heuristics in th is context are basically a set of rules came up by the engineers with thei r imagination and estimation that are “good enough” to remove “dirty data” of their perspective\, not guaranteed to be optimal\, perfect\, or ration al.\n\nThe talk will show some intriguing patterns of “dirty data” from 23 extraction-based datasets\, like how NSFW gradually equals to NSFTM (not safe for training model)\, and reflect on these silent\, anonymous yet uph eld estimations and not-guaranteed rationalities in current sociotechnical artifacts\, and ask for whom these estimations are good-enough\, as it wi ll soon be part our technological infrastructures.\n DTEND;TZID=Europe/Berlin:20251229T123500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T115500 LOCATION:Ground SUMMARY:a media-almost-archaeology on data that is too dirty for "AI" - jia wen uffline [en] UID:8a09918c-9b59-53b2-ab8e-4f2cfdb460d5 URL:https://events.ccc.de/congress/2025/hub/event/detail/a-media-almost-arc haeology-on-data-that-is-too-dirty-for-ai END:VEVENT BEGIN:VEVENT CATEGORIES:CCC & Community\, Talk CLASS:PUBLIC DESCRIPTION:Die Teckids-Gemeinschaft bringt Kinder\, Jugendliche und Erwach sene zusammen\, um gemeinsam aktiv für eine verstehbare (digitale) Welt zu sein.\nBei Teckids geht es nicht "nur" um Technikbasteln und Programmiere n mit Kindern\, sondern darum\, mit anderen\, für andere\, bei Events und gesellschaftlich aktiv zu werden.\n\nIn letzter Zeit haben wir viele Proje kte dafür unternommen. Unter anderem haben wir den neuen Themen-Slot "Jung und überwacht" bei den BigBrotherAwards 2025 gestaltet und bereiten Jugen dthemen für das nächste Jahr vor. Zum zweiten Mal laden wir beim 39c3 Kind er beim Fairydust-Türöffner-Tag "hinter die Kulissen" der Chaos-Teams ein. \n\nUnser Slogan mit dem etwas merkwürdigen Wort "Verstehbarkeit" steht da für\, dass alle nicht nur die Fähigkeiten\, sondern auch das Recht behalte n sollen\, mit ihrer Technik zu machen\, was sie wollen\, und alles zu hin terfragen und zu verstehen. Dafür wollen wir noch mehr junge Menschen und auch Erwachsene erreichen.\n DTEND;TZID=Europe/Berlin:20251229T133000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T125000 LOCATION:Ground SUMMARY:Teckids – eine verstehbare (digitale) Welt - Keno\, Darius Auding [ de] UID:cd3af7ee-3204-5404-8714-f18d33f08bd8 URL:https://events.ccc.de/congress/2025/hub/event/detail/teckids-eine-verst ehbare-digitale-welt END:VEVENT BEGIN:VEVENT CATEGORIES:Science\, Talk CLASS:PUBLIC DESCRIPTION:Humanity has already crossed the point where simply reducing em issions will no longer be enough to keep global warming below 2°C. Accordi ng to the IPCC (AR6\, WGIII)\, it is now essential to actively remove gree nhouse gases from the atmosphere in order to meet global climate targets\, maintain net-zero (or even net-negative emissions)\, and address the burd en of historical emissions. At the same time\, degraded soils and the clim ate crisis are a threat to global food security.\nTwo years ago\, I presen ted an overview of different methods available for carbon dioxide removal. Today\, I want to show you an example of how CO₂ can be removed from the atmosphere while simultaneously improving the lives of local communities:\ n\nHuman shit.\n\nHuman shit is a high abundant biomass\, contains critica l nutrients for global food security\, and causes serious health and envir onmental issues from poor or non-existent treatment outside industrial cou ntries. Converting shit into biochar presents a powerful solution: the pro cess eliminates contaminants\, stabilizes and locks away carbon\, and can be used to improve agricultural soils. The challenge is that most nutrient s in this biochar are not accessible to plants. To overcome this\, I mixed human and chicken shit and produced a “Superchar” that releases far more nutrients. It’s not magic\, it’s just some chemistry and putting aside you r prejudices and disgust. I’ll show you how I did some shit experiments in Hamburg and Guatemala and how you can do it too.\nToday’s science mostly follows worn-out pathways and lack big discoveries and innovations. Scient ists often don’t want to take a risk because the competition for a permane nt position in academia is so high\, which pressures them into conservativ e research topics supported by their supervisors. Even when science provid es helpful solutions for urgent problems\, the knowledge mostly ends up in libraries\, written in papers that nobody understands. I want to show tha t it is worthwhile to follow research ideas that are unconventional\, upse t your boss af and explore topics that are unpopular like working with shi t. I hope that sharing stories of how a funny idea turned into a solution encourage others to start making impact in their environment.\n DTEND;TZID=Europe/Berlin:20251229T143000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T135000 LOCATION:Ground SUMMARY:Shit for Future: turning human shit into a climate solution - Elena [en] UID:f392f7c4-841b-5922-8fdf-ff8eb8150825 URL:https://events.ccc.de/congress/2025/hub/event/detail/shit-for-future-tu rning-human-shit-into-a-climate-solution END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:Die automatisierten Zielsysteme des israelischen Militärs zeige n gut\, wie KI-baserte Kriegsautomatisierung aktuell aussieht\, was daran falsch läuft und warum wir Techies uns einmischen müssen\nDas Thema „KI in der Militärtechnik“ und die Beziehung zwischen Mensch und Maschine ist se it Jahrzehnten ein Thema in der Friedensbewegung\, der Konfliktforschung\, der Philosophie\, den Sozialwissenschaften und den kritischen Data & Algo rithm Studies. Doch in den letzten Jahren wurden Waffensysteme mit KI-Komp onenten entwickelt und auch praktisch in bewaffneten Konflikten eingesetzt . Dabei reicht die Anwendung von Drohnensteuerung über optische Zielerfass ung bis hin zur logistischen Zielauswahl. Am Beispiel KI-gestützter Zielwa hlsysteme\, die vom israelischen Militär seit Mai 2021 und insbesondere je tzt im Genozid in Gaza eingesetzt werden\, können die aktuellen technische n Entwicklungen aufgezeigt und analysiert werden. Im Fokus dieses Talks st ehen vier KI-unterstützte Systeme: Das System Gospel zur militärischen Bew ertung von Gebäuden\, das System Lavender zur militärischen Bewertung von Personen\, das System Where's Daddy? zur Zeitplanung von Angriffen und ein experimentelles System auf Basis großer Sprachmodelle zur Erkennung milit ärisch relevanter Nachrichten in palästinensischen Kommunikationsdaten.\n\ nAuf Basis der Aussagen von Whistleblower:innen des israelischen Militärs und Angestellten beteiligter Unternehmen wie Amazon\, Google oder Microsof t sowie internen Dokumenten\, die durch investigative Recherchen von mehre ren internationalen Teams von Journalist:innen veröffentlicht wurden\, kön nen die Systeme und Designentscheidungen technisch detailliert beschrieben \, kritisch analysiert sowie die militärischen und gesellschaftlichen Impl ikationen herausgearbeitet und diskutiert werden. Dabei entstehen auch Fra gen bezüglich Verantwortungsverlagerung durch KI\, Umgehung des Völkerrech ts sowie die grundsätzliche Rolle von automatisierter Kriegsführung.\n\nAm Schluss geht der Vortrag noch auf die Verantwortung von IT-Fachleuten ein \, die ja das Wissen und Verständnis dieser Systeme mitbringen und daher ü berhaupt erst problematisieren können\, wenn Systeme erweiterte oder gänzl ich andere Funktionen erfüllen\, als öffentlich und politisch oft kommuniz iert und diskutiert wird. Überlegungen zu Handlungsoptionen und Auswegen l eiten zuletzt die Diskussion ein.\n DTEND;TZID=Europe/Berlin:20251229T154500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T144500 LOCATION:Ground SUMMARY:Programmierte Kriegsverbrechen? Über KI-Systeme im Kriegseinsatz in Gaza und warum IT-Fachleute sich dazu äußern müssen - Rainer Rehak [de] UID:7f6e6dff-5f85-5c03-8f07-373b3acce367 URL:https://events.ccc.de/congress/2025/hub/event/detail/programmierte-krie gsverbrechen-uber-ki-systeme-im-kriegseinsatz-in-gaza-und-warum-it-fachleu te-sich-dazu-auern-mussen END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:3 years ago\, 3 Maltese students were arrested and charged with computer misuse after disclosing a vulnerability to a local company that developed a mobile app for students. Through persistent media pressure\, t he students managed to obtain a presidential pardon to drop the case and f unding for their lawyers. However\, through this journey\, there were ment ions of punishment for retaliating through media disclosure. The story has not concluded\, and there will be no amendments to the Maltese computer m isuse law for the foreseeable future.\nThe talk goes through the full jour ney\,\n\n1. The talk describes in more detail how the arrests were carried out on November 12th\, 2022 including the confiscation of all computer eq uipment\, the time spent in a cell and the interrogation before being rele ased.\n2. How the decision was made to go to the media 5 months later\, th e consequences of that and why it was beneficial.\n3. The later fallout in cluding the university disassociating itself from the students + even disa llowing one of the students to tutor at the university\n4. How this led to a pause in Malta's participation in the European Cyber Security Challenge with one specific meeting involving the national IT agency and the 3 stud ents.\n5. mentions of a grant of a pardon after the prime minister visited the office of a student\n6. The start of the initial court sessions and t he outcomes from that.\n7. A super interesting meeting where the justice m inister told the students that even though they'll be given a pardon -- if this happens again they will be arrested again.\n8. What it meant to get a pardon and how that technically still hasn't ended our situation in cour t yet.\n DTEND;TZID=Europe/Berlin:20251229T170000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T160000 LOCATION:Ground SUMMARY:There is NO WAY we ended up getting arrested for this (Malta editio n) - mixy1\, Luke Bjorn Scerri\, girogio [en] UID:f7806034-b88e-559b-9c11-7ce6ffc72a82 URL:https://events.ccc.de/congress/2025/hub/event/detail/there-is-no-way-we -ended-up-getting-arrested-for-this-malta-edition END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:The French ISP 'Free' was the first to introduce a set-top box in France in 2002\, named the Freebox. Four years later\, the fifth versio n of the Freebox was released and distributed to customers. It comprises t wo devices: a router\, and a PVR called the Freebox HD\, both running Linu x. The Freebox HD had innovative features at the time\, such as live telev ision control and HD capabilities.\n\nSuch a device has a lot of potential for running homebrew\, so I decided to hack it. I present how I got arbit rary code execution on the Freebox HD and then root privileges\, using a c hain of two 0-day exploits\, one of which is in the Linux kernel. I then a nalyze the device\, run homebrew software\, and explain the structure of t he ISP's private network that I uncovered while exploring the device.\nThe Freebox HD is a set-top box with media player capabilities designed and b uilt by the French ISP 'Free' in 2006\, and distributed to customers since (including me). It is still in use and will be maintained until the end o f 2025.\n\nWhen I got it\, I wanted to run homebrew software on it\, so I decided to reverse engineer it. The initial goal was to get arbitrary code execution. The Freebox HD being largely undocumented\, this talk shows th e full process of reverse engineering it from scratch:\n* Initial visual i nspection\n* Disassembly and inspection of the insides\n* Attack surface a nalysis and choice of the target\n* Search and exploitation of a vulnerabi lity in PrBoom (a Doom source port running on the Freebox HD)\n* Analysis of the Linux system running on the Freebox HD\n* Search and exploitation o f a Linux kernel exploit to escape the sandbox and gain root privileges\n* Decryption and dump of the firmware\n* Analysis of the Linux system and t he programs of the Freebox HD\n* Playing with the remote control capabilit ies\n* Reverse engineering of the private networks of the ISP\n\nThe two e xploits used to gain full root access were both discovered for this specif ic hack\, which makes them 0-day exploits.\n\nThe analysis leads to some i nteresting discoveries about the device itself\, but also the ISP\, how th eir technical support works and accesses the devices remotely\, and much m ore!\n DTEND;TZID=Europe/Berlin:20251229T181500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T171500 LOCATION:Ground SUMMARY:Set-top box Hacking: freeing the 'Freebox' - Frédéric Hoguin [en] UID:032fdd30-9488-55b8-968c-dbce19a3f446 URL:https://events.ccc.de/congress/2025/hub/event/detail/set-top-box-hackin g-freeing-the-freebox END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:Mobile phones are central to everyday life: we communicate\, en tertain ourselves\, and keep vast swaths of our digital lives on them. Tha t ubiquity makes high-risk groups such as journalists\, activists\, and di ssidents prime targets for sophisticated spyware that exploits device vuln erabilities.\n\nOn Android devices\, GPU drivers have repeatedly served as the final escalation vector into the kernel. To study and mitigate that r isk\, we undertook a research project to virtualize the Qualcomm Android k ernel and the KGSL graphics driver from scratch in QEMU. This new environm ent enables deep debugging\, efficient coverage collection\, and large-sca le fuzzing across server farms\, instead of relying on a handful of prepro duction devices.\n\nThis talk will highlight the technical aspects of our research\, starting with the steps required to boot the Qualcomm mobile ke rnel in QEMU\, all the way up to the partial emulation of the GPU. Then\, we will present how we moved from our emulation prototype to a full-fledge d fuzzer based on LibAFL QEMU.\nMobile phone manufacturers ship competitiv e hardware supported by increasingly complex software stacks\, ranging fro m firmware and bootloaders to kernel modules\, hypervisors\, and other Tru stZone environments. In an effort to keep their products secure\, these co mpanies rely on state-of-the-art testing techniques such as fuzzing. They commonly perform their fuzzing campaigns on-device to find vulnerabilities . Unfortunately\, this approach is expensive to scale and does not always provide fine-grained control over the target. To address these issues\, we approached the problem through the prism of emulation\, by partially reim plementing the hardware as a normal software to run on a computer. That wa y\, we could scale fuzzing instances\, and gain full control over the emul ated target.\n\nThe presentation will outline how we made the full emulati on of Qualcomm’s Android ecosystem possible by tweaking the complex build system of the Android image and implementing a custom board (including mor e than 10 custom devices) in QEMU. We will review the steps required and t he technical challenges encountered along the way.\n\nAfter providing a qu ick recap and the latest updates on LibAFL QEMU (presented at 37C3) by one of the LibAFL maintainers\, we will delve into the gory details of how we partially emulated the latest version of Adreno—the GPU designed by Qualc omm—and built a fuzzer for its Android kernel driver. In particular\, we w ill show how LibAFL QEMU was integrated into our custom board and the few improvements we made to the kernel to get better coverage with KCOV. Final ly\, we will demonstrate how our approach enabled us to find a new critica l vulnerability in the GPU kernel driver.\n DTEND;TZID=Europe/Berlin:20251229T195500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T191500 LOCATION:Ground SUMMARY:Build a Fake Phone\, Find Real Bugs: Qualcomm GPU Emulation and Fuz zing with LibAFL QEMU - Romain Malmain [en] UID:5454618f-fcfb-568a-b82b-eb0b10bf89cb URL:https://events.ccc.de/congress/2025/hub/event/detail/build-a-fake-phone -find-real-bugs-qualcomm-gpu-emulation-and-fuzzing-with-libafl-qemu END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:Im Osten stehen nächstes Jahr schon wieder Wahlen an und schon wieder sieht alles danach aus\, als ob die AfD eine Regierungsbeteiligung bekommen könnte. Ganz konkret: In Sachsen-Anhalt und Mecklenburg-Vorpommer n. Nicht nur diese "rosigen" Aussichten\, sondern auch aktuelle Bevölkerun gsprognosen werfen gar kein günstiges Licht auf die Regionen. Linke Akteur :innen vor Ort kämpfen täglich dagegen an und sie brauchen unsere Solidari tät. Wir müssen dem etwas entgegensetzen. Egal ob als Hacker:innen auf dem Congress oder Westdeutsche in (noch) Grünen Gemeinden. \n\nWo kommt das a lles her? Wer macht aktuell etwas dagegen und wie können wir dem rechten S og begegnen?\nMit dem „Super-Ost-Wahljahr“ 2024 (Landtagswahlen in Sachsen \, Thüringen und Brandenburg) wurden bereits alle möglichen AfD-Regierungs -Horrorszenarien in Ostdeutschland in den Medien diskutiert und ausgemalt. Nächstes Jahr stehen jedoch noch die Landtagswahlen in Sachsen-Anhalt und Mecklenburg-Vorpommern an. Und die Prognosen sehen auch dort übel aus. Wä ren morgen Wahlen\, würde die AfD in Sachsen-Anhalt 39% der Stimmen und in Mecklenburg-Vorpommern 38% bekommen. Um dem etwas entgegenzusetzen müsste n wüste Bündnisse aus CDU\, Die Linke\, SPD und BSW entstehen. Kurzum: LSA und MV sind verloren!\n\nZusätzlich schrumpfen beide Bundesländer und alt ern gleichzeitig. In Sachsen-Anhalt gibt es keinen einzigen „wachsenden“ O rt. Weniger Kinder\, immer mehr ältere Menschen\, Fachkräftemangel und ein „Männerüberschuss“ – wer will da schon noch Leben und dem rechten Sog die Stirn bieten? Emanzipatorische Akteur:innen verlassen das Land\, denn sie werden angegriffen und kriminalisiert. Also: Mauer drum und sich selbst ü berlassen? Ganz nach dem alten Tocotronic Song „Aber hier Leben? Nein dank e!“\n\nWir wollen den Osten aber nicht aufgeben\, deshalb beleuchten wir i n unserem Talk\, wie wir mit einer gemeinsamen Kraftanstrengung die Mauer vermeiden können – denn es gibt sie (noch): Die Gegenstimmen und Linken Ak tiven die in beiden Bundesländern täglich die Fähnchen hochhalten. Ob die „Zora“ in Halberstadt\, das „AZ Kim Hubert“ in Salzwedel oder das „Zentrum für Randale und Melancholie“ in Schwerin: Sie organisieren Austauschräume \, alternative Konzerte und Orte\, die für alle Menschen offen sind. Sie b rauchen unseren Support und wir zeigen euch Möglichkeiten wie dieser ausse hen könnte.\n\nAußerdem wollen wir ins Gespräch kommen. Was hat eigentlich „der Westen“ mit all dem zu tun? Warum können wir es uns nicht länger lei sten unpolitisch oder inaktiv zu sein? Wie kann die Chaos-Bubble sich in d ie ostdeutschen Herzen hacken? Und was können wir alle tun\, um gemeinsam zu preppen und uns den Herausforderungen zu stellen?\n DTEND;TZID=Europe/Berlin:20251229T213000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T203000 LOCATION:Ground SUMMARY:Aber hier Leben? Nein danke! …oder doch? Wie wir der autoritären Zu spitzung begegnen können. - Jaša Hiergeblieben\, Polylux\, Lisa Zugezogen [de] UID:fa59ce23-205c-5cd9-a7de-8ba768e3bf3f URL:https://events.ccc.de/congress/2025/hub/event/detail/aber-hier-leben-ne in-danke-oder-doch-wie-wir-der-autoritaren-zuspitzung-begegnen-konnen END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:WhiteDate ist eine Plattform weißer Suprematist:innen\, die sic h an Rassist:innen und Antisemit:innen richtet – und auf veralteter Infras truktur basiert. Was die 8000 Mitglieder nicht wussten: Einige der Nazis f lirteten dieses Jahr mit realistisch wirkenden Chatbots - und verliebten sich sogar in sie. Mit einer Kombination aus automatisierter Konversations analyse\, Web-Scraping und klassischen OSINT-Methoden verfolgten wir öffen tliche Spuren und identifizierten die Personen hinter der Seite. Dieser Vo rtrag zeigt\, wie KI-Personas und investigatives Denken extremistische Net zwerke aufdecken und wie Algorithmen gegen Extremismus eingesetzt werden k önnen.\nMonatelang tauchte Martha in die verborgene Welt von WhiteDate\, W hiteChild und WhiteDeal ein\, drei Plattformen\, die von einer Rechtsextre mistin aus Deutschland betrieben werden. Sie glaubt an die Verschwörung ei ner weißen Vorherrschaft und einer „rassisch reinen“ weißen Gemeinschaft. Was als Neugier begann\, entwickelte sich schnell zu einem Experiment übe r menschliches Verhalten\, Technologie und Absurdität.\n\nMartha infiltrie rte das Portal mit „realistischen“ KI-Chatbots. Die Bots waren so überzeug end\, dass sie die Überprüfungen umgingen und sogar als „weiß“ verifiziert worden. Durch die Gespräche und Recherche von digitalen Spuren dieser Gem einschaft\, die sich in Sicherheit wähnte\, konnte sie Nutzer identifizier en.\n\nGemeinsam mit Reporter:innen der „Die Zeit“ konnten wir die Person hinter der Plattform enttarnen und ihre Radikalisierung von einer erfolgre ichen Pianistin zu einer Szene-Unternehmerin nachzeichnen. Um ihr Dating-P ortal hat sie ein Netzwerk von Websites aufgebaut\, dass seinen Nutzern Li ebe\, Treue und Tradition vermarktet. WhiteDate verspricht romantische Bez iehungen\, WhiteChild propagiert Familien- und Abstammungsideale und White Deal ermöglicht berufliches Networking und „gegenseitige Unterstützung“ un ter einem rassistischen Weltbild. Gemeinsam zeigen sie\, wie Ideologie und Einsamkeit auf bizarre Weise miteinander verwoben sein können.\n\nNach mo natelanger Beobachtung\, klassischer OSINT-Recherche\, automatisierter Ges prächsanalyse und Web-Scraping haben wir herausgefunden\, wer hinter diese n Plattformen steckt und wie ihre Infrastruktur funktioniert. Dabei deckte n wir die Widersprüche und Absurditäten extremistischer Gemeinschaften auf \, verdeutlichten ihre Anfälligkeit für technologische Eingriffe und brach ten sogar den einen oder anderen Nazi zum Weinen.\n\nDieser Vortrag erzähl t von Beobachtung\, Schabernack und Einblicken in die digitale Welt extrem istischer Gruppen. Er zeigt\, wie Algorithmen\, KI-Personas und investigat ives Denken Hass entlarven\, seine Narrative hinterfragen und seine Echoka mmern aufbrechen können. Wir zeigen\, wie Technologie im Kampf gegen Extre mismus eingesetzt werden kann.\n DTEND;TZID=Europe/Berlin:20251229T224500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T214500 LOCATION:Ground SUMMARY:The Heartbreak Machine: Nazis in the Echo Chamber - Martha Root\, E va Hoffmann\, . [de] UID:958d3055-3929-56b8-b71c-25b3a64f1902 URL:https://events.ccc.de/congress/2025/hub/event/detail/the-heartbreak-mac hine-nazis-in-the-echo-chamber END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:Oder: Wie die Hamburger Polizei queere Menschen auf öffentliche n Toiletten observierte\, und wie ein anonymes Kollektiv im Juli 1980 dies es Überwachungsystem wortwörtlich mit dem Hammer zerschlagen hat. Ein anal oger Überwachungskrimi mit sauberen Städten\, lichtscheuen Elementen\, que erem Aktivismus\, und kollektiver Selbstorganisation\; und mit einer Anlei tung wie man Beamten Anfang der 80er das Handwerk legen konnte.\nIn den 19 70er Jahren nutzt die Hamburger Polizei auf zehn öffentlichen Herrentoilet ten in der Wand eingelassene Spionspiegel\, um zu beobachten welche Männer am Pissoir ihrer Meinung nach etwas zu lange nebeneinander stehen. In ein em Überwachungszeitraum von gut 18 Jahren sprechen Hamburger Beamte mit Be rufung auf ‚Jugendschutz‘ und ‚Sauberkeit‘ hunderte Hausverbote an öffentl ichen Toiletten aus\, nehmen Personalien auf und legen dabei illegalerweis e ‚Rosa Listen‘ genannte Homosexuellenregister an. \nDie unfreiwillige Pee p-Show endet im Sommer 1980\, als die Polizei völlig indiskret die Teilneh menden der ersten lesbisch-trans-schwulen Demonstration in Hamburg fotogra fiert um nach Selbstaussage „die Karteien aufzufrischen“. Ein anonymes Kol lektiv zerschlägt die Überwachungsspiegel und bringt die illegale Polizeip raxis ans Licht der Öffentlichkeit.\nMit zwei Fragen tauchen wir in diesem Vortrag in die Aborte der Geschichte: Wie ist das polizeiliche Toilettenü berwachungssystem in Hamburg entstanden? Welche technischen und sozialen L ücken nutzten die Aktivist:innen für den Exploit dieses Systems? Und was h at das eigentlich mit heute zu tun?\n DTEND;TZID=Europe/Berlin:20251230T000000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T230000 LOCATION:Ground SUMMARY:Peep-Show für die Polizei. Staatliche Überwachung von Queers in Ham burger Toiletten bis 1980 - Simon Schultz [de] UID:ad9fa823-820f-5846-825e-42e2b5934ef6 URL:https://events.ccc.de/congress/2025/hub/event/detail/peep-show-fur-die- polizei-staatliche-uberwachung-von-queers-in-hamburger-toiletten-bis-1980 END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:Eine zwar profane Methode der Überwachung\, die Polizeibehörden in Deutschland jedoch hunderttausendfach anwenden\, ist das Auslesen von Daten beschlagnahmter Smartphones und Computer. Dazu nutzt die Polizei Sic herheitslücken der Geräte mithilfe forensischer Software von Herstellern w ie Cellebrite oder Magnet aus. Die Verfassungsmäßigkeit der Rechtsgrundlag en ist zweifelhaft. Im Vortrag werden anhand aktueller Fälle technische un d juristische Hintergründe erörtert.\nStaatstrojaner\, Chat-Kontrolle\, Wa nzen. Die Mittel staatlicher Überwachung sind vielfältig und teilweise tec hnisch sehr komplex. Dabei ist es leicht\, den Überblick zu verlieren. Ein relativ profanes Mittel\, das Polizeibehörden in Deutschland hunderttause ndfach anwenden\, ist die Beschlagnahme von Smartphones und Laptops sowie das Auslesen ihrer Daten. Genaue Statistiken gibt es nicht. Es dürften jed och mehr Fälle sein als bei der einfachen Telekommunikationsüberwachung. A llein in Sachsen-Anhalt waren es innerhalb von fünf Jahren 13.000 Smartpho nes.\n\nAuch bei leichten Straftaten und Ordnungswidrigkeiten beschlagnahm t die Polizei regelmäßig Datenträger - insbesondere Smartphones und Laptop s - etwa beim Verdacht einer Beleidigung oder bei der Handynutzung im Stra ßenverkehr. Oft werden auch Hausdurchsuchungen durchgeführt und dabei alle technischen Geräte beschlagnahmt und durchsucht. Die Verfassungsmäßigkeit dieser polizeilichen Praxis ist sehr zweifelhaft. Das Bundesinnenminister ium plante in der letzten Legislatur sogar\, die Kompetenzen der Polizei a uszuweiten wodurch auch heimliche Hausdurchsuchungen möglich werden sollte n. Damit könnte die Polizei heimlich Staatrojaner installieren oder sog. E vil-Maid-Angriffe vorbereiten. Die Strafverfolgungsbehörden stützen sich a uf die Beschlagnahmevorschriften der §§ 94 ff. Strafprozessordnung\, die s eit 1877 im Wesentlichen unverändert geblieben sind und in ihrem Wortlaut weder die Möglichkeit eines Datenzugriffs noch die Modalitäten und Grenzen einer Datenauswertung regeln. Auch wird die Maßnahme nicht auf Straftaten einer gewissen Schwere begrenzt und es fehlen Vorgaben zum Schutz besonde rs sensibler Daten\, die etwa in den Kernbereich der persönlichen Lebensfü hrung fallen. Im Rahmen einer Durchsuchung ermöglicht es der §§ 110 Strafp rozessordnung eine vorläufige Sicherung und Durchsicht der Speichermedien. Auch diese Vorschrift reicht nicht aus\, um Grundrechte angemessen zu sch ützen\, da mit der kompletten Ausforschung des gesamten Datenbestandes ein gravierender Grundrechtseingriff in die Privatsphäre der Betroffenen verb unden ist und gesetzlich keine angemessenen Grenzen gesetzt werden.\n\nGer ade auf Smartphones befinden sich oft höchstpersönliche Daten wie Chats mi t der Familie oder dem*der Partner*in\, Fotos\, Kontakte\, Standortdaten u nd Dating-Apps. Darüber hinaus sind die Geräte regelmäßig mit Cloud-Dienst en und anderen Datenträgern verbunden. Auf all diese Daten können Polizeib ehörden dann zugreifen.\nMöglich wird das durch Software von Firmen wie Ce llebrite\, MSAB oder Magnet. Diese nutzen Sicherheitslücken aus\, um die V erschlüsselung von Smartphones zu knacken. Wie auch bei Sicherheitslücken für Staatstrojaner sind die Sicherheitslücken\, die diese Firmen ausnutzen \, den Herstellern nicht bekannt. Damit unterstützen deutsche Behörden ein System\, dass die Geräte aller unsicher macht. Auch die Bitlocker-Verschl üsselung von Windows-Computern lässt sich oft umgehen. Dies ermöglicht den Strafverfolgungsbehörden den freien und unbeschränkten Zugang zu allen pe rsönlichen Daten\, ohne angemessene gesetzliche oder gerichtliche Kontroll e und Überprüfung. Auch für die betroffenen Personen wird nicht erkennbar\ , in welchem Ausmaß Daten durchsucht und ausgewertet wurden. Im Vortrag wi rd der aktuelle Stand und die Probleme von Verschlüsselung von Windows und Linux Computern sowie Android und iOS Smartphones erläutert.\n\nAm Beispi el des Journalisten Hendrik Torners\, dessen Smartphone beschlagnahmt wurd e\, nachdem er eine polizeiliche Maßnahme nach einer Klimademonstration be obachtet hatte und nun im Rahmen einer Verfassungsbeschwerde dagegen vorge ht\, sowie weiterer öffentlich diskutierter Fälle wie [#Pimmelgate](https: //events.ccc.de/congress/2025/hub/tag/Pimmelgate) besprechen die Vortragen den die technischen und juristischen Hintergründe.\n DTEND;TZID=Europe/Berlin:20251230T005500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251230T001500 LOCATION:Ground SUMMARY:Verschlüsselung brechen durch physischen Zugriff - Smartphone Besch lagnahme durch Polizei - Davy Wang\, Viktor Schlüter [de] UID:4972548a-618e-56a1-8328-3abe474a31ab URL:https://events.ccc.de/congress/2025/hub/event/detail/verschlusselung-br echen-durch-physischen-zugriff-smartphone-beschlagnahme-durch-polizei END:VEVENT BEGIN:VEVENT CATEGORIES:Art & Beauty\, Talk CLASS:PUBLIC DESCRIPTION:The talk is about the ideas behind setting up the David Graeber Institute and the Museum of Care. The Survival Kit Collection brings toge ther collectives developing open source "social technologies" —spirulina f arms\, self-replicating 3D printers\, modular housing\, low-cost water sys tems\, and ... art and education. In 2019\, together with David Graeber\, we held the first workshop about the Museum of Care at CCC to reimagine th e relation between freedom\, technology and value. Over these 6 years\, th e Museum of Care and the David Graeber Institute have experimented with va rious projects: the survival collection\, Visual Assembly\, and creating a n open space for horizontal knowledge production—something we hope to deve lop into an actual University.\nWe think humanity could already be living in a society of abundance and communal luxury. We have the technologies to produce enough for everyone to have everything. The issue isn't technolog ical but social. This is why we need a Museum (of Care): museums are among the few places that create\, distribute\, and preserve what a society val ues.\n\nWhat will be at the session:\nWe'll tell in more detail about the concept of the Museum of Care on abandoned ships (of which\, according to Maritime Foundation data\, there are more than 4\,500 in the world). We'll talk about the halls of our museum: the Hall of Giants and other emerging spaces. Projects we're building—spirulina farms\, 3D printers—in Saint Vi ncent (Caribbean) and Kibera Art District\, Nairobi Kenya\, Playground des igned that communities can construct with nearly no resources. Can we actu ally build a nomadic museum proud not of its unique exhibits but of how ea sily they spread and get replicated?\n\nThen we will move to an open conve rsation about what poetic technologies are and how they differ from bureau cratic ones. Some people may have read David Graeber's book The Utopia of Rules\; here you can download his other texts that are less widely known o r not yet published. We would very much like to explore the question of po etic and bureaucratic technologies together with you. To facilitate this d iscussion\, the David Graeber Institute has invited Alistair Parvin\, crea tor of the Wiki House project\, to join Nika Dubrovsky in conversation.\n\ nThe discussion continues in the format of a Visual Assembly—focused on bu ilding a distributed\, non-hierarchical\, genuinely open University with d ifferent ideas of funding and knowledge production. This is the very begin ning of the process so all input is very much welcome. We'd welcome any id eas\, critiques\, or proposals for collaboration.\n DTEND;TZID=Europe/Berlin:20251229T114000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T110000 LOCATION:Fuse SUMMARY:The Museum of Care: Open-Source Survival Kit Collection - Nika Dubr ovsky [en] UID:dcf9ec1c-9755-5757-8f1d-91ec6e0f0661 URL:https://events.ccc.de/congress/2025/hub/event/detail/the-museum-of-care -open-source-survival-kit-collection END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:"Wir gehen nach Karlsruhe!“ – das klang vor zehn Jahren nach Au fbruch und juristischem Hack. Heute ist klar: Strategische Prozessführung ist kein Sprint\, sondern ein zähes\, manchmal frustrierendes Dauerprojekt .\n\nIn diesem Talk ziehen wir Bilanz: Was haben wir mit zivilgesellschaft lichen Verfassungsbeschwerden im Bereich Technologie erreicht – und wo sin d wir gescheitert? Welche Fehler würden wir heute vermeiden\, welche Wege waren richtig? Und was bedeutet es\, wenn das höchste deutsche Gericht zun ehmend weniger Lust auf digitalpolitische Grundrechtsfragen zeigt?\n\nEin realistischer Blick hinter die Kulissen strategischer Klagen – und die Fra ge: Wie hackt man das Rechtssystem im Jahr 2025?\nWenn Gesetze Grundrechte verletzen\, warum nicht das Bundesverfassungsgericht hacken – mit Strateg ie\, Teamwork und guter Begründung? Aus dieser Idee ist inzwischen ein zen trales Werkzeug zivilgesellschaftlicher Gegenmacht geworden: Strategische Prozessführung. Das Prinzip ist einfach: Gesetze nicht nur kritisieren\, s ondern systematisch angreifen\, mit gezielten Verfassungsbeschwerden gegen Überwachung\, Zensur und staatliche Eingriffe in die digitale Freiheit.\n Seitdem hat sich viel getan. Organisationen wie die Gesellschaft für Freih eitsrechte (GFF) haben den Weg nach Karlsruhe professionalisiert und Verfa hren angestoßen\, die viele aus den Nachrichten kennen:\ngegen die Vorrats datenspeicherung\,\ngegen das BND-Gesetz zur Auslandsüberwachung\,\ngegen den Einsatz von Palantir\,\nund gegen den Einsatz von Staatstrojanern.\nEi nige dieser Verfahren waren erfolgreich und haben Gesetze gekippt. Andere sind krachend gescheitert – oder hängen seit Jahren in Karlsruhe fest. Dab ei zeigt sich: Der Weg zum Urteil wird härter\, die Erfolgsaussichten klei ner\, und das Verfassungsgericht ist nicht mehr der progressive Motor\, de r es mal war.\nDieser Talk zieht eine ehrliche Bilanz: Was bringt strategi sche Prozessführung wirklich? Was lässt sich aus Erfolgen und Misserfolgen lernen? Welche Fälle lohnen sich – und wo wird der Rechtsweg zur Sackgass e? Und wie verschiebt sich das Ganze inzwischen auf die europäische Ebene – wo neue Schauplätze wie der Digital Services Act oder der AI Act warten? \nKeine juristische Vorlesung\, sondern ein Erfahrungsbericht aus zehn Jah ren digitaler Grundrechtsarbeit. Es geht um Taktik\, Fehlentscheidungen\, unerwartete Allianzen – und um die Frage\, wie man auch heute noch im Rech tssystem rütteln kann\, wenn die Türen in Karlsruhe enger werden.\nDer Vor trag wird gehalten von Simone Ruf und Jürgen Bering von der Gesellschaft f ür Freiheitsrechte.\n DTEND;TZID=Europe/Berlin:20251229T123500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T115500 LOCATION:Fuse SUMMARY:Hacking Karlsruhe - 10 years later - Jürgen Bering\, Simone Ruf [de ] UID:418f57a7-435b-5835-98ad-85158338b6c4 URL:https://events.ccc.de/congress/2025/hub/event/detail/hacking-karlsruhe- 10-years-later END:VEVENT BEGIN:VEVENT CATEGORIES:Hardware\, Talk CLASS:PUBLIC DESCRIPTION:The Vital Bracelet series is an ecosystem of interactive fitnes s toys\, content on memory chips\, and apps that talk via NFC. In this tal k\, we'll explore the hardware and software of the series\, from its obscu re CPU architecture\, to how it interacts with the outside world\, from du mping OTP ROMs and breaking security\, to making custom firmware.\nThe Vit al Bracelet series\, active from 2021 to 2024\, was a line of toys that re volved around a number of fitness bracelets that encouraged exercise by ra ising characters from the Digimon series\, and expanding into tokusatsu an d popular anime characters later. Think of it as Tamagotchi\, but nurturin g through exercise instead of button presses.\n\nIn this presentation\, we 'll look at the different parts of this series' ecosystem\, how they work\ , and the different ways to circumvent various security measures and custo mize the devices' behavior.\n\nWe start by looking at the first Vital Brac elet\, with a quick introduction to hardware reverse engineering and how t o dump firmware out of flash. Following that\, we will take a look at the microcontroller used in the devices\, and its obscure instruction set arch itecture. This will lead into an exploration of how to reverse engineer co de when you are missing a significant portion of it\, and how the embedded ROM was dumped. After this\, we will look at the DRM applied to content\, and how it was circumvented. Next\, the device's NFC capabilities will be explored.\n\nWith the release of the Vital Bracelet BE\, which introduced upgradable firmware\, came new challenges and opportunities. We will take a look at the new content format and additional DRM measures it incorpora ted\, plus how the device's bootloader was dumped despite its signature ve rification scheme.\n\nFinally\, we will take a look at the process for mod ding the various Vital Bracelet releases\, and some techniques to use whil e writing patches.\n\nThe material in this talk can be applied beyond just the Vital Bracelet series\, and can be useful if you want to explore othe r electronic toys\, or just hardware reverse engineering in general.\n DTEND;TZID=Europe/Berlin:20251229T133000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T125000 LOCATION:Fuse SUMMARY:BE Modded: Exploring and hacking the Vital Bracelet ecosystem - cya nic [en] UID:678b899b-7d32-56e3-9d1d-7f2208cfe2d7 URL:https://events.ccc.de/congress/2025/hub/event/detail/be-modded-explorin g-and-hacking-the-vital-bracelet-ecosystem END:VEVENT BEGIN:VEVENT CATEGORIES:Hardware\, Talk CLASS:PUBLIC DESCRIPTION:Over the last half year I have explored the Motorola mc14500 - a CPU with a true one-bit architecture - and made it simulate Conway's Gam e of Life. This talk gives a look into how implementing a design for such a simplistic CPU can work\, and how it's possible to address 256 LEDs and half a kiloword of memory with just four bits of address space.\nIn the la te seventies\, Motorola created a very cheap CPU\, intended to replace log ic circuits made from electromechanical relays. The resulting IC is so min imalistic that it can hardly be recognized as a CPU: Its data bus is just a single bit wide\, it has no program counter\, and the address bus isn't connected to the cpu at all. Yet\, with just a few support components\, an d some clever programming\, it can be made to do all sorts of things.\n\nW e'll explore hardware design and programming by taking a look at my implem entation of Conway's Game of Life\, and answer the question of how one can address 512 words of memory\, as well as some other peripherals\, using j ust four bits of address space.\n\nOutline:\n* History and theory of opera tion of the mc14500\n* Writing programs that process one bit at a time\n* A closer look at the hardware I built\, including its wacky peripherals\n* Demonstration\n* Q&A\n DTEND;TZID=Europe/Berlin:20251229T143000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T135000 LOCATION:Fuse SUMMARY:When 8 Bits is Overkill: Making Blinkenlights with a 1-bit CPU - gi rst (Tobi) [en] UID:d304dbd5-b055-5742-a134-417b0adbfa14 URL:https://events.ccc.de/congress/2025/hub/event/detail/when-8-bits-is-ove rkill-making-blinkenlights-with-a-1-bit-cpu END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:2025 was a bad year for South Korean mobile network operators. All three operators (SK Telecom\, KT\, LG U+) were affected by breach in s ome part of their respective network: HSS of SK Telecom\, femtocells of KT . Meanwhile\, handling of the breach by each operators and post-mortem ana lysis of each breaches have stark differences. The technical details and i mplemented mitigations are often buried under the vague terms\, and occasi onally got lost in translation to English. In this talk\, I will cover the technical aspects of SK Telecom and KT's breach\, and how the operators a re coping to the breach and what kind of measurements have been performed to secure their network.\nThis talk will cover the public information and experiments related to the South Korean telco breaches in 2025. This talk will cover SK Telecom's HSS breach (final results announced)\, KT's femtoc ell breach (investigation ongoing) and related operator billing fraud\, an d revisit Phrack report on KT and LG U+ breach. We also give a light on th e detail regarding the implemented mitigation and diaster response of each operators.\n\nSK Telecom's HSS breach is attributed to a variant of BPFDo or malware\, resulting leakage of critical operator data related to subscr iber authentication and accounting. They replaced the SIM cards of all 23 million subscribers\, and implemented additional mechanism to track the po ssible cloning of the SIM card. We analyze the aftermath and how it will e ffectively protect against the said attack.\n\nKT's femtocell and operator billing breach (investigation still ongoing as the time of writing) is at tributed to the mismanagement of KT's femtocell\, allowing an external att acker to mimick the behavior of KT's legitimate femtocell and use as a cel lular interception device. This is a modern implementation of the remarkab le research "Weaponizing Femtocells" back in 2012\, and new cellular techn ologies like VoLTE have changed the possible attack vectors. We provide a possible theory on how the attack would be possible\, based on the publicl y available information and previous researches.\n\nFinally\, we also cove r the characteristics of South Korean mobile market and how the media caus ed the inaccurate analysis and FUD (fear\, uncertainty\, and doubt). In pa rticular\, how SMS-based 2FA is tied to personal authentication and how ev erything is strongly bound to the personal identity. Early media reports c ould be attributed to the information "lost in translation" and inaccurate information in English-language articles when the details of the breach w ere not widely shared. We try to correct the information (also in the offi cial incidence report) and showcase how not to report the breach in genera l.\n DTEND;TZID=Europe/Berlin:20251229T154500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T144500 LOCATION:Fuse SUMMARY:Learning from South Korean Telco Breaches - Shinjo "peremen" Park\, Yonghyu "perillamint" Ban [en] UID:272591e8-0754-5fa1-8472-50f00dab31ac URL:https://events.ccc.de/congress/2025/hub/event/detail/learning-from-sout h-korean-telco-breaches END:VEVENT BEGIN:VEVENT CATEGORIES:Science\, Talk CLASS:PUBLIC DESCRIPTION:Die Arktis ist eine Region\, in der die Sonne monatelang weg is t\, dickes Meereis den Weg versperrt und deshalb Forschungsdaten ziemlich rar sind. Kompliziert also\, herauszufinden was im Wasser blüht! Mit einer Kombination aus Satellitenbildern\, Expeditionen und Modellsimulationen a uf Hochleistungsrechnern versuche ich\, das Verborgene sichtbar zu machen: die faszinierende\, farbenfrohe Welt des arktischen Phytoplanktons.\nIm A rktischen Ozean wird immer deutlicher\, wie stark die globale Erwärmung de n Rückgang des Meereises und das marine Ökosystem beeinflussen. Winzige Or ganismen\, das Phytoplankton\, bilden die Grundlage des Nahrungsnetzes dur ch den Aufbau von Biomasse und spielen so eine zentrale Rolle im globalen Kohlenstoffkreislauf. Dabei werden sie in der Arktis stark von den jahresz eitlichen Schwankungen der Polarnacht/-tag\, der Meereisausdehnung und der sich verändernden Umwelt beeinflusst. Doch das Phytoplankton ist nicht nu r ökologisch bedeutsam\, sondern auch erstaunlich vielfältig und farbenfro h – wie eine bunte Blumenwiese im Ozean! \nSpannend bleiben dabei auch die Fragen\, was die Vielfalt des Phytoplanktons ausmacht\, wie diese eine An passung an die Umweltveränderungen ermöglicht und wie sich das arktische Ö kosystem unter verschiedenen Klimawandelszenarien entwickeln könnte.\nDies er Vortrag lädt euch ein\, in die eisigen Welten des arktischen Ozeans ein zutauchen\, um dem grundlegenden Baustein des arktischen Ökosystems\, dem Phytoplankton\, auf den Grund zu gehen.\n DTEND;TZID=Europe/Berlin:20251229T170000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T160000 LOCATION:Fuse SUMMARY:Von wegen Eisblumen! Wie man mit Code\, Satelliten und Schiffsexped itionen die bunte Welt des arktischen Phytoplanktons sichtbar macht - Mori tz Zeising (er/he) [de] UID:75dadf9f-5f43-5cc5-b344-b0d402af7092 URL:https://events.ccc.de/congress/2025/hub/event/detail/von-wegen-eisblume n-wie-man-mit-code-satelliten-und-schiffsexpeditionen-die-bunte-welt-des-a rktischen-phytoplanktons-sichtbar-macht END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:The virus of surveillance is spreading across the European Unio n. In the form of its "ProtectEU" Internal Security Strategy\, the Europea n Commission is planning to attack encryption\, re-introduce mandatory dat a retention and strengthen Europol and Frontex\, the main agents of its op pressive law enforcement infrastructure. In this talk\, we will journey th e wastelands of the EU surveillance apocalypse together: We will take a cl ose look at what politicians are planning to undermine our fundamental rig hts\, the technology involved\, and the real harms we must fight. From the re\, we will chart pathways to resistance and collective immunity against a surveillance agenda that requires us to form new alliances and re-think mobilization.\nAdmidst its current push to remove the rules that have prot ected the EU's environment\, consumer and fundamental rights\, there is on e area the European Commission happily calls for more regulation: Internal security. The recent "ProtectEU" Internal Security Strategy does little t o protect Europeans\, and instead foresees attacks on encryption\, the re- introduction of mandatory data retention and the strengthening of Europol and Frontex\, the main agents of the EU's oppressive law enforcement infra structure. In this talk\, we will introduce the strategy and its main pill ars\, explain its political and legal contexts\, and take a look at what i t would mean for our fundamental rights\, access to encryption\, and IT se curity if enacted. But not all hope is lost (yet)\, and together we want t o chart pathways to meaningful resistance. To do so\, we will help underst and the maze of the EU's lawmaking process and identify pressure points. W e will then look back at past fights\, lessons learned and new opportuniti es to act in solidarity against a surveillance agenda that is truly apocal yptic.\n DTEND;TZID=Europe/Berlin:20251229T181500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T171500 LOCATION:Fuse SUMMARY:The Last of Us - Fighting the EU Surveillance Law Apocalypse - Sve a Windwehr\, Chloé Berthélémy [en] UID:973af772-1dae-58a1-b979-ea890cbdfe09 URL:https://events.ccc.de/congress/2025/hub/event/detail/the-last-of-us-fig hting-the-eu-surveillance-law-apocalypse END:VEVENT BEGIN:VEVENT CATEGORIES:CCC & Community\, Talk CLASS:PUBLIC DESCRIPTION:Auch in der Schweizer Netzpolitik ging es im auslaufenden Jahr drunter und drüber. Wir blicken mit gewohntem Schalk auf das netzpolitisch e Jahr 2025 zwischen Bodensee und Matterhorn zurück - und diskutieren jene Themen\, die relevant waren und relevant bleiben.\n**Themen sind unter an derem:**\n\n\n**E-ID und E-Collecting:** Die netzpolitische Community hat nicht nur eine privatisierte E-ID verhindert sondern auch den Datenschutz als zentrales Prinzip verankert und einen beispielhaften Gesetzgebungsproz ess begleitet. Das Gleiche haben wir bei E-Collecting vor\, mit dem wir di e direkte Demokratie der Schweiz auf ein neues Level heben wollen.\n\n\n** Elektronisches Gesundheitsdossier:** Was macht man\, um eine Verschlechter ung bei einem Produkt zu kaschieren? Richtig\, man nimmt ein Rebranding vo r. Und so heisst das E-PD nun E-GD.\n\n\n**Kabelaufklärung:** Im Dezember überraschte uns das Bundesverwaltungsgericht mit einem wegweisenden Urteil : Es beurteilte die Kabelaufklärung als nicht vereinbar mit der Bundesverf assung und der Europäischen Menschenrechtskonvention. Lässt das ganze aber 5 Jahr laufen.\n\n\n**What the VÜPF:** Wie die Schweiz zudem plant\, das freie Internet weitgehend abzuschaffen. Wie der Stand der Verschärfung ist . Was wir und du dagegen tun können?\n\n\n**Plattformregulierung:** Ein Vo rschlag zur Plattformregulierung wurde vom Bund ausgearbeitet - und nach d er Verhängung von 39% Strafzoll still und heimlich in der Schublade versen kt. Doch der Bund fasste Mut - und wagt einen zaghaften Aufbruch.\n\n\n**K I-Regulierung & Leistungsschutzrecht:** Und wieso getraut sich der Bund\, ein Leistungsschuzrecht einzuführen? Und mit der Motion «Gössi» KI-Sprachm odelle mit Schweizer Daten zu gefährden? (Spoiler: wegen der Verleger-Lobb y)\n\n\n**Community in der Schweiz:** Winterkongress\, Diversity und ander e Aktivitäten.\n\n\nNach dem Vortrag sind alle interessierten Personen ein geladen\, die [Diskussion in einer self-organized Session](https://events. ccc.de/congress/2025/hub/en/event/detail/treffen-der-netzpolitischen-commu nity-der-sch_uoca) fortzusetzen. Es werden Aktivist:innen von verschiedene n Organisationen der Netzpolitik in der Schweiz anwesend sein.\n DTEND;TZID=Europe/Berlin:20251229T195500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T191500 LOCATION:Fuse SUMMARY:Netzpolitik in der Schweiz: Zwischen Bodensee und Matterhorn - Kire \, Rahel [de] UID:fb08402b-1b8c-533b-b1fc-6daaa4fdc60f URL:https://events.ccc.de/congress/2025/hub/event/detail/netzpolitik-in-der -schweiz-zwischen-bodensee-und-matterhorn END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:EntrySign opened the door to custom microcode on AMD Zen CPUs e arlier this year. Using a weakness in the signature verification we can lo ad custom microcode updates and modify behavior of stock AMD Zen 1-5 CPUs. While AMD has released patches to address this weakness on some CPUs\, we can still use unpatched systems for our analysis.\n\nIn this talk we cove r what we found out about microcode\, what we saw in the microcode ROM\, t he tooling we build\, how we worked to find out more and how you can write & test your own microcode on your own AMD Zen systems. We have our tools up on https://github.com/AngryUEFI for everyone to play around with and ho pefully help us understand microcode more than we currently do.\nModern CP Us often translate the complex\, user visible instruction set like x86_64 into a simpler\, less feature rich internal instruction set. For simple in structions this translation is done by a fast path decoding unit. However some instructions\, like `wrmsr` or `rdrand` are too complex to decode tha t way. These instructions instead are translated using a microcode decoder that can act almost like an execution engine. The microcode decoder still emits internal instructions into the pipeline\, but allows for features l ike conditional branches and calls & returns. All of this logic happens du ring a single x86_64 instruction and is usually hidden from the outside wo rld. At least since AMD K8\, launched in 2003\, AMD CPUs allowed updating this microcode to fix bugs made in the original implementation.\n\nBuildin g on our [previous](https://media.ccc.de/v/34c3-9058-everything_you_want_t o_know_about_x86_microcode_but_might_have_been_afraid_to_ask) [experience] (https://media.ccc.de/v/35c3-9614-inside_the_amd_microcode_rom) with AMD K 8 & K10 microcode and [EntrySign](https://bughunters.google.com/blog/54248 42357473280/zen-and-the-art-of-microcode-hacking) [published](https://medi a.ccc.de/v/why2025-156-entrysign-create-your-own-x86-microcode-for-fun-and -profit) earlier this year\, we took a closer look at AMD Zen 1-5 CPUs. We build on top of [Zentool](https://github.com/google/security-research/tre e/master/pocs/cpus/entrysign/zentool) to understand more instructions and created a set of tools to easily create microcode patches as well as apply them on CPUs. We can modify the behavior of instructions and observe some usually not visible internal state by supplying our own microcode update. \n\nLike on K8\, we extracted the physical ROM on the CPU using an electro n microscope to read the hardcoded microcode on a Zen 1 CPU. Using the und erstanding of the microcode encoding we could then start disassembling the contents and understand how some instructions are implemented. While ther e are still a lot of things we don't understand\, we could follow control flow and analyze algorithms like the XXTEA decryption of the microcode upd ate.\n\nTo start off this work\, we implemented a set of tools that allow easy testing of microcode updates without the need for a fully featured OS . That way we can run timing tests with low noise and don't risk data corr uption if we corrupt a vital instruction. To continue our naming scheme fr om our work on K8 we dubbed this the AngryTools\, all of them available on [GitHub](https://github.com/AngryUEFI). The core components are a UEFI ap plication running from RAM\, AngryUEFI\, and a Python framework for test w riting on a client computer\, AngryCAT. AngryUEFI starts on the test syste m and waits for AngryCAT tests supplied via TCP. These tests usually consi st of a microcode update that gets loaded on the target CPU core and a buf fer with x64 instructions that get run afterwards. AngryUEFI then sends ba ck information about the test execution. AngryUEFI also recovers most faul ts caused by invalid microcode\, often even allowing reuse of a CPU core a fter a failed test run. We also added some syscall-like interfaces to supp ort more complex data collection like [IBS](https://reflexive.space/zen2-i bs/).\n\nTo make it easier to write custom microcode updates we also imple mented [ZenUtils](https://github.com/AngryUEFI/ZenUtils)\, a set of Python tools. So far we support single line assembly and disassembly based on ar chitecture specification for Zen 1 & 2 with limited support for other Zen architectures. We also include a macro assembler that can create a full mi crocode update from an assembly-like input file. Later we will also extend ZenUtils with utilities to sign and en/decrypt microcode updates. Current ly we rely on Zentool for these tasks.\n\nWe also show some basic examples of how microcode programs work\, from a simple CString strlen implementat ion in a single x64 instruction to a [subleq](https://esolangs.org/wiki/Su bleq) VM implemented entirely in microcode. These show off the basics of m icrocode programming\, like memory loads & stores\, arithmetic and conditi onal branches. We are also currently looking at other examples and more co mplex programs.\n\nWe hope this talk shows you how to start throwing rando m bits at your own AMD Zen CPU to figure out what each bit does and help u s in further understanding the instruction set. We welcome improvements to the tooling and even entirely new tools to help analyze microcode updates and the ROM.\n\nIf you are already familiar with EntrySign\, we only cove r the very basics of it and focus more on what we learned after having a f oothold in the microcode.\n DTEND;TZID=Europe/Berlin:20251229T205000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T201000 LOCATION:Fuse SUMMARY:The Angry Path to Zen: AMD Zen Microcode Tools and Insights - Benja min Kollenda [en] UID:d921f5af-9d6b-5ff3-8fe8-147467b23c65 URL:https://events.ccc.de/congress/2025/hub/event/detail/the-angry-path-to- zen-amd-zen-microcode-tools-and-insights END:VEVENT BEGIN:VEVENT CATEGORIES:Art & Beauty\, Talk CLASS:PUBLIC DESCRIPTION:Hegemony Eroding is an ongoing art project exploring how genera tive AI reflects and distorts cultural representation. Its name speaks to its core ambition: to bear witness to the slow erosion of Western cultural hegemony by exposing the cracks in which other cultures shine through.\n\ nThis talk will discuss the blurry boundary between legitimate cultural re presentation and prejudice in AI-generated media and how generative AI can be used as a tool to explore humanity's digital foot print.\nIt is permea ted by a critique of purely profit-driven AI development and it's tendency to blunt artistic exploration and expression.\nGenerative AI models inges t huge datasets gathered all over the web. Unsurprisingly\, they reflect d ecades of Western cultural hegemony. Yet\, the hegemony is not absolute.\n \nNon-Western motifs\, that is\, recurring patterns and themes with deep c ultural resonance\, can be discovered and reproduced across different gene rative AI models.\n\nIn this talk I will explain the methods I developed t o draw out motifs\, the journey I took and what I learned along the way. I will present motifs and use them to outline a space stretching from repre sentation to prejudice on the one hand and western to non-western depictio n on the other.\n\nFinally\, I will make a case for AI as a tool for cultu ral exploration and discuss how monetary incentives jeopardise this endeav our\, adding to the long list of reasons to break up monopolies with trans parent\, publicly-funded AI-models.\n DTEND;TZID=Europe/Berlin:20251229T214500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T210500 LOCATION:Fuse SUMMARY:Hegemony Eroding: Excavating Diversity in Latent Space - Karim Hamd i [en] UID:c31906d3-4cd5-5b05-aebe-5ce1538c70b8 URL:https://events.ccc.de/congress/2025/hub/event/detail/hegemony-eroding-e xcavating-diversity-in-latent-space END:VEVENT BEGIN:VEVENT CATEGORIES:CCC & Community\, Talk CLASS:PUBLIC DESCRIPTION:The Spectrum is a newly founded queer-feminist\, intersectional hackspace centering FLINTA+\, disabled\, and marginalized beings. We see hacking as playful exploration—of technology\, art\, and ideas—to reimagin e what inclusion and collaboration can be. At 39C3\, we share how awarenes s\, accessibility\, and transdisciplinary creation can transform community and hack the norm.\nThe Spectrum is a new queer-feminist\, intersectional and transdisciplinary hackspace centering FLINTA+\, creatures with disabi lities\, and other marginalized communities founded in 2025. We see hackin g as more than code and machines—it’s a way of exploring the world through curiosity\, play\, and care. By taking things\, systems\, and ideas apart \, we uncover new perspectives and possibilities for change. Our space is built around awareness\, inclusion\, and open access to knowledge. We aim to create an environment where everyone can learn\, share\, and experiment freely—without the constraints of “normality.” From art and music to acti vism and technology\, The Spectrum brings together diverse disciplines and beings to co-create\, collaborate\, and imagine better futures.\n\nAt 39C 3\, we want to share our experiences of building such a space: how awarene ss work and accessibility can shape community dynamics\, what transdiscipl inary hacking can look like\, and how centering marginalized perspectives transforms collective creation. Join us to explore what it means to hack n ot only systems\, but also art\, expectations\, and realities.\n\nhttps:// the-spectrum.space/en/\n DTEND;TZID=Europe/Berlin:20251229T224500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T220500 LOCATION:Fuse SUMMARY:The Spectrum - Hackspace Beyond Hacking - sjaelv\, MultisampledNigh t [en] UID:f7a3c3ba-a9d0-5aab-bf31-f63a034a8d22 URL:https://events.ccc.de/congress/2025/hub/event/detail/the-spectrum-hacks pace-beyond-hacking END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:Die AI Cyber Challenge (AIxCC) der DARPA hatte zum Ziel\, die G renzen der autonomen Cybersicherheit zu erweitern: Können AI-Systeme Softw are-Schwachstellen unabhängig\, in Echtzeit und ohne menschliche Hilfe ide ntifizieren\, verifizieren und beheben?\nIm Laufe von zwei Jahren entwicke lten Teams aus aller Welt „Cyber Reasoning Systems“ (CRS)\, die in der Lag e sind\, komplexe Open-Source-Software zu analysieren\, Code zu analysiere n\, reproducer zu generieren\, um zu zeigen\, dass ein gemeldeter Fehler k ein Fehlalarm ist\, und schließlich Patches zu synthetisieren.\nUnser Team nahm an dieser Challenge teil und entwickelte von Grund auf ein eigenes C RS. In diesem Vortrag geben wir Einblicke in den Wettbewerb: Wie funktioni ert die LLM-gesteuerte Schwachstellenerkennung tatsächlich\, welche Design entscheidungen sind wichtig und wie sind die Finalisten-Teams an das Probl em herangegangen?\nDie AIxCC (DARPA’s AI Cyber Challenge) ist ein zweijähr iger Wettbewerb\, dessen Ziel es war\, die Möglichkeiten der automatisiert en Erkennung und Behebung von Sicherheitslücken zu verbessern.\nDabei soll te ein autonomes\, in sich geschlossenes System entwickelt werden\, das So ftware analysiert\, Schwachstellen erkennt\, diese mithilfe von Reproducer n nachweist und anschließend sichere Patches erzeugt.\n\nUnser Team hat si ch diesem globalen Experiment angeschlossen und ein eigenes Cyber Reasonin g System (CRS) von Grund auf neu entwickelt. Dazu haben wir mehrere Agente n entwickelt. Unser System profitierte von der Kombination klassischer Tec hniken wie Fuzzing mit modernen Large Language Models (LLMs). Die Synergie zwischen diesen Ansätzen erwies sich als leistungsfähiger als jede der be iden Techniken für sich allein\, sodass unser CRS Software auf eine Weise untersuchen und patchen konnte\, wie es weder Fuzzing noch LLMs allein lei sten konnten.\n\nIn diesem Vortrag werden wir:\n- das Konzept und die Ziel e hinter AIxCC erläutern\n- durchgehen\, wie ein CRS tatsächlich funktioni ert und wie wir unseres entwickelt haben\n- zeigen\, wie LLMs traditionell e Fuzzing- und Analyse-Techniken unterstützen können\n- Beobachtungen zu d en Strategien der Finalisten-Teams teilen\n DTEND;TZID=Europe/Berlin:20251230T000000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T230000 LOCATION:Fuse SUMMARY:Von Fuzzern zu Agenten: Entwicklung eines Cyber Reasoning Systems f ür die AIxCC - Mischa Meier (mmisc)\, Annika Kuntze [de] UID:11ede3bc-662b-580b-9ecb-e84edabee369 URL:https://events.ccc.de/congress/2025/hub/event/detail/von-fuzzern-zu-age nten-entwicklung-eines-cyber-reasoning-systems-fur-die-aixcc END:VEVENT BEGIN:VEVENT CATEGORIES:Science\, Talk CLASS:PUBLIC DESCRIPTION:Data about greenhouse gas emissions\, both from countries and i ndividual factories\, is\noften publicly available. However\, the data sou rces are often not as accessible and\nreliable as they should be. EU emiss ion databases contain obvious flaws\, and nobody\nwants to be responsible. \nWhich factory in my city is the largest emitter of CO2? Which industrial sector is\nresponsible for the largest share of a country's contribution to climate change? It\nshould not be difficult to answer these questions. Public databases and reporting\nrequired by international agreements usual ly allow us to access this data.\n\nHowever\, trying to access and work wi th these datasets — or\, shall we say\, Excel tables\n— can be frustrating . UN web pages that prevent easy downloads with a "security\nfirewall"\, b arely usable frontends\, and other issues make it needlessly difficult to\ ngain transparency about the sources of climate pollution.\n\nWhile workin g with official EU datasets\, the speaker observed data points that could not\npossibly be true. Factories suddenly dropped their emissions by order s of magnitude\nwithout any explanation\, different official sources repor t diverging numbers for the\nsame emission source\, and responsible Europe an and National authorities appear not to\ncare that much.\n\nThe talk wil l show how to work with relevant greenhouse gas emission data sources and\ nhow we can access them more easily by converting them to standard SQL tab les. Furthermore\, we will dig into some of the\nstrange issues one may fi nd while investigating emission datasets.\n\n# Background / Links\n\n* Why is it needlessly difficult to access UNFCCC Emission Data? https://indust rydecarbonization.com/news/why-is-it-needlessly-difficult-to-access-unfccc -emission-data.html\n* UNFCCC Emission Data Downloads: https://industrydec arbonization.com/docs/unfccc/\n* Code (Docker\, MariaDB/MySQL\, phpMyAdmin ) to easily access EU emisison data: https://github.com/decarbonizenews/gh gsql\n* Errors and Inconsistencies in European Emission Databases: https:/ /industrydecarbonization.com/news/errors-and-inconsistencies-in-european-e mission-databases.html\n DTEND;TZID=Europe/Berlin:20251229T114000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T110000 LOCATION:One SUMMARY:Greenhouse Gas Emission Data: Public\, difficult to access\, and no t always correct - Hanno Böck [en] UID:dd990a78-1e11-5c5e-aef4-6eb0214c772a URL:https://events.ccc.de/congress/2025/hub/event/detail/greenhouse-gas-emi ssion-data-public-difficult-to-access-and-not-always-correct END:VEVENT BEGIN:VEVENT CATEGORIES:Hardware\, Talk CLASS:PUBLIC DESCRIPTION:Learn how to find your position using a sextant and a custom sl ide rule\, almost no math required!\nSince the dawn of time people have as ked themselves: where am I and why am I here? This talk won't help you an swer the why question\, but it will discuss how determine the where in the pre-GPS age of sextants\, slide rules and stopwatches by taking the noon sight\, aka the meridian passage.\n\nThe usual way to find your position u sing the Sun requires a large almanac of lookup tables and some challengin g math. The books are frustrating to consult on every sight and the base 60 degree-minute-second math is frustrating even with a calculator\, and i f you're on a traditional ship it seems wrong to do traditional navigation with electronic devices.\n\nTo speed up the process I’ve designed a speci alized circular slide rule that handles most of the table lookups to corre ct height of eye\, semi-diameter\, temperature\, refraction and index erro rs\, and also simplifies the degree-minute-second arithmetic required to c alculate the exact declination of the Sun.\n\nIn this talk I’ll demonstrat e how to make your own printable paper slide rule and use it to reduce the meridian passage measurement to a lat/lon with just a few rotations of th e wheels and pointer\, no electronics or bulky books necessary!\n DTEND;TZID=Europe/Berlin:20251229T123500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T115500 LOCATION:One SUMMARY:Celestial navigation with very little math - Trammell Hudson [en] UID:967b7f53-aa2b-578b-9403-e1ba380cda15 URL:https://events.ccc.de/congress/2025/hub/event/detail/celestial-navigati on-with-very-little-math END:VEVENT BEGIN:VEVENT CATEGORIES:Science\, Talk CLASS:PUBLIC DESCRIPTION:Bike- and e-bike-sharing promise sustainable\, equitable mobili ty - but what makes these systems successful? Despite hundreds of cities o perating thousands of shared bikes\, trip data is rarely public. To addres s this\, we built a geospatial analysis pipeline that reconstructs trip da ta from publicly accessible system status feeds. Using this method\, we ga thered **43 million km** of bike-sharing trips across **268 European citie s**. Combined with over **100 urban indicators** per city\, our analyses r eveal how infrastructure\, climate\, demographics\, operations\, and polit ics shape system performance. We uncover surprising insights - such as why some e-bike systems underperform despite strong demand - and highlight ho w cities can design smarter\, fairer mobility. All data and code are open- source\, with an interactive demo at bikesharingflowmap.de.\nWe are Felix\ , Georg\, and Martin - each of us working professionally in different rese arch and data areas\, ranging from the future of mobility to computational fluid dynamics and machine learning. What unites us is our shared interes t in **quantitative traffic analyses**. Building on earlier small-scale st udies focused on individual cities\, we set out to launch a project that c aptures shared bike system data across Europe - from regular bikes to e-bi kes.\n\nIn our study\, which led to an **[open-access scientific publicati on](https://doi.org/10.1007/s11116-025-10661-2)**\, we scraped shared bike data across Europe at a **minute-by-minute level** over many months\, acc umulating **more than 43 million records**. We analyze **behavioural and s ystemic patterns** to understand what makes a bike-sharing system useful a nd successful within a city. As such\, this evidence-based research fits v ery well with the **39C3 Science track** and the theme of "**Power Cycles* *" as we dissect the complex energy and usage cycles that define urban mob ility and sustainable futures for everyone. We bridge the gap between urba n planning\, socioeconomics\, and technology by applying statistical model ing and engineering knowledge to a large-scale mined dataset. Join us to l earn whether right-wing politics stall sustainable mobility\, or which cli mate e-bikes feel most comfortable in!\n\nWe love going the extra mile and therefore provide a live\, interactive demo that everyone can use to expl ore and understand traffic flows: [bikesharingflowmap.de](https://bikeshar ingflowmap.de/). Therefore\, attendees will be able to play with the data in a self-service way. We also provide all code on GitHub and the complete dataset on HuggingFace. And\, of course\, we will also discuss how both b ike-sharing operators and our boss reacted when we told them about the dat aset we already had collected (spoiler: lawyers were involved\, yet it’s s till available for downloads…).\n DTEND;TZID=Europe/Berlin:20251229T133000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T125000 LOCATION:One SUMMARY:What Makes Bike-Sharing Work? Insights from 43 Million Kilometers o f European Cycling Data - Martin Lellep\, Georg Balke\, Felix Waldner [en] UID:4914b889-5003-561f-90a8-5371fc09a946 URL:https://events.ccc.de/congress/2025/hub/event/detail/what-makes-bike-sh aring-work-insights-from-43-million-kilometers-of-european-cycling-data END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:Wer überhaupt „neutral“ sein muss\, was das bedeutet\, und wer sich jetzt wehren muss.\n„Neutralität“ wird zum neuen Kampfbegriff: Weil s ie gegen die menschenfeindliche Politik von Friedrich Merz protestieren\, wirft die CDU Gruppen wie Omas gegen Rechts\, Greenpeace und Correctiv vor \, nicht neutral zu sein. Unter Berufung auf ein angeblich verletztes Neut ralitätsgebot werden staatliche Förderungen gestrichen und NGOs geraten un ter Beobachtung des Verfassungsschutzes.\nJulia Klöckner verbietet im Name n der „Neutralität“ Palestine-Shirts\, Anstecknadeln und Regenbogenflaggen im Parlament. Die AfD fordert dazu auf\, Lehrkräfte zu melden\, die sich gegen Rechtsextremismus einsetzen oder entsprechende Positionen innerhalb der AfD kritisieren.\nDoch was steckt dahinter?\nWas bedeutet das sogenann te Neutralitätsgebot – und für wen gilt es überhaupt?\nUnd für wen gilt es nicht?\nZivilcourage kann nicht neutral sein – und soll es auch nicht sei n. Genauso wie AfD-Hetze gegen Migrant*innen nicht „neutral“ ist\, ist die Kritik menschenfeindlicher Äußerungen nicht nur legitim\, sondern Pflicht demokratischer Bürger*innen. Das Beschwören eines „Neutralitätsgebots“ fü r NGOs ist ein durchschaubarer\, aber gefährlicher Versuch\, sie der eigen en Position zu unterwerfen.\nDie Rechtsanwältinnen Vivian Kube und Hannah Vos erklären den verfassungsrechtlichen Hintergrund\, zeigen die autoritär en Strategien hinter dem Ruf nach „Neutralität“ auf und geben Tipps\, wie man sich dagegen wehren kann.\nSie engagieren sich im Projekt Gegenrechtsc hutz\, um demokratische Prinzipien und Betroffene vor rechtlichen Angriffe n zu verteidigen.\n DTEND;TZID=Europe/Berlin:20251229T143000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T135000 LOCATION:One SUMMARY:Wer hat Angst vor dem Neutralitätsgebot? - Hannah Vos\, Vivian Kube [de] UID:94c5aafc-0742-500b-92bd-ca6f2ceb37a1 URL:https://events.ccc.de/congress/2025/hub/event/detail/wer-hat-angst-vor- dem-neutralitatsgebot END:VEVENT BEGIN:VEVENT CATEGORIES:Science\, Talk CLASS:PUBLIC DESCRIPTION:Nicht zuletzt durch die Werbung in den sozialen Medien werden i n Deutschland immer mehr Nahrungsergänzungsmittel verkauft. Einige Influen cer bringen sogar ihre eigenen Präparate auf den Markt. Gleichzeitig häufe n sich Fälle\, in denen die Einnahme von vermeintlich harmlosen „Supplemen ts“ zu Gesundheitsschäden geführt hat. Der Vortrag will daher die Mechanis men hinter dem Supplement-Hype aufzeigen\, zudem erklären\, warum aktuell ein ausreichender Verbraucherschutz insbesondere im Internet nicht gewährl eistet werden kann\, wo Handlungsbedarf für die Politik besteht und wie ma n sich selbst vor fragwürdigen Produkten schützen kann.\nDer Markt für Nah rungsergänzungsmittel boomt seit Jahren. Dafür sorgen unter anderem versch iedenste Influencer\, die die Präparate in den sozialen Medien bewerben. S tatt nur Produkte der großen Player in diesem Bereich anzupreisen\, wie Mo re Nutrition\, ESN oder Holy Energy\, haben einige Influencer mittlerweile sogar ihre eigenen Nahrungsergänzungsmittelmarken auf den Markt gebracht. \n\nVersprochen wird dabei vieles: Pre-Workout-Booster sollen die Leistung beim Krafttraining erhöhen und blitzschnell zum Traumkörper verhelfen\, w ährend Gaming-Booster Wachheit und eine Top-Performance beim Zocken verspr echen. Wieder andere Kapseln oder auch Gummibärchen sollen für eine makell ose Haut oder einen ruhigen Schlaf sorgen. Manche Präparate können angebli ch sogar Krankheiten vorbeugen oder heilen.\n\nDoch was steckt tatsächlich in diesen Mitteln\, die online regelrecht gehypt werden? Rein rechtlich h andelt es sich um Lebensmittel\, was wiederum bedeutet\, dass sie ohne beh ördliche Zulassung auf den Markt gebracht werden dürfen. Es genügt schon\, wenn der Unternehmer für die Sicherheit garantiert. Die Hürden für einen Marktzutritt sind damit denkbar niedrig\, während gleichzeitig Gewinnmarge n locken\, die sogar den illegalen Drogenhandel übertreffen.\n\nDas Ergebn is zeigt sich in den Berichten der amtlichen Lebensmittelüberwachung: Bei den Proben\, die das Niedersächsische Landesamt für Verbraucherschutz und Lebensmittelsicherheit im Jahr 2024 untersucht hat\, entsprachen rund neun von zehn Proben (89 %) nicht den rechtlichen Vorgaben. Neben Mängeln bei der Kennzeichnung und Bewerbung\, wodurch Verbraucher viel Geld für wirkun gslose Pulver ausgeben\, ist die stoffliche Zusammensetzung der Produkte b esonders kritisch. So kann beispielsweise die Einnahme von überdosierten V itamin-D-Präparaten zu Störungen des Calciumstoffwechsels führen (sog. Hyp ercalcämien). Vermeintlich harmlose pflanzliche Präparate\, wie Kurkuma od er Ashwaganda\, können zu Leberschäden bis hin zum Leberversagen führen. B esonders brisant ist dabei\, dass die Wahrscheinlichkeit für die Erforderl ichkeit einer Lebertransplantation oder den Tod des Patienten höher ist al s bei Leberschäden durch Arzneimittel (83 vs. 66 %). Es kommen also Mensch en durch die Einnahme von Präparaten zu Schaden\, mit deren Hilfe sie ihre r Gesundheit eigentlich etwas Gutes tun wollten.\n\nDer Vortrag beleuchtet daher die aktuelle Marktsituation unter besonderer Berücksichtigung des I nfluencer-Marketings kritisch\, erklärt den Unterschied zwischen Nahrungse rgänzungs- und Arzneimitteln und stellt die rechtlichen Rahmenbedingungen für das Inverkehrbringen und die Bewerbung von Nahrungsergänzungsmitteln d ar. Zudem wird aufgezeigt\, warum ein ausreichender Verbraucherschutz durc h die aktuellen Möglichkeiten des Lebensmittelrechts insbesondere im Inter net nicht gewährleistet werden kann\, wo Handlungsbedarf für die Politik b esteht und wie man sich selbst vor fragwürdigen Produkten schützen kann.\n DTEND;TZID=Europe/Berlin:20251229T154500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T144500 LOCATION:One SUMMARY:Supplements und Social Media – wenn der Online-Hype zur realen Gesu ndheitsgefahr wird - Christoph Wiedmer [de] UID:e5377df9-07f4-5c8c-b510-8f64e58d95e3 URL:https://events.ccc.de/congress/2025/hub/event/detail/supplements-und-so cial-media-wenn-der-online-hype-zur-realen-gesundheitsgefahr-wird END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:Sind mehr Infos wirklich die Lösung? Ob Jens Spahn\, Philipp Am thor oder Friedrich Merz - sie alle sagen offen\, was sie vorhaben und mac hen keinen Hehl aus ihren Verbindungen zur Trump-Regierung\, zu Milliardär en und der fossilen Lobby. Was bringt Transparenz in Zeiten der autoritäre n Wende?\nTransparenz braucht Rechenschaft. Ohne Konsequenzen bleibt Trans parenz wirkungslos. Wie können wir also eine wirksame Gegenmacht schaffen\ , die Veränderungen durchsetzt?\n\nPhilipp Amthors Angriff aufs Informatio nsfreiheitsgesetz konnten wir erst einmal abwehren - jetzt geht's in die O ffensive! Mit den Highlights aus Strafanzeigen gegen Alexandeer Dobrindt\, Spahns geleaktem Maskenbericht\, der Milliardärslobby im Wirtschaftsminis terium und allen Steueroasen in Deutschland.\n DTEND;TZID=Europe/Berlin:20251229T170000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T160000 LOCATION:One SUMMARY:Gegenmacht - Best of Informationsfreiheit - Arne Semsrott [de] UID:755f1d78-c910-56cb-a37e-13870013bff6 URL:https://events.ccc.de/congress/2025/hub/event/detail/gegenmacht-best-of -informationsfreiheit END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:Seit Mitte 2025 steht die elektronische Patientenakte für alle zur Verfügung – nach ein paar kleineren oder größeren Sicherheitsproblemen im Vorfeld\, sei es vor einem Jahr auf dem 38C3 oder Ende April zum deuts chlandweiten Start. \nZeit ein Fazit zu ziehen: Ist die ePA jetzt sicher? Wurden nachhaltige Veränderungen durchgeführt\, die zu mehr Sicherheit füh ren? Kann der Umgang mit der IT-Sicherheit «eines der größten IT-Projekte der Bundesrepublik» für zukünftige Digitalprojekte hilfreich sein?\n\nZeit \, mit etwas Abstand auf das zu blicken\, was war\, was ist und was sich a bzeichnet nicht nur bei der ePA\, sondern auch beim Umgang mit IT-Sicherhe it bei ähnlichen Vorhaben in Deutschland. Eine umfassende Analyse der Hist orie und der Ursachen einer der weitreichendsten Fehlentwicklungen im Bere ich der IT-Sicherheit der letzten Jahre\, die sich in weit mehr zeigt\, al s nur in schlechter Prüfung der Anwesenheit von Gesundheitskarten im Gesun dheitswesen.\nZum letzten Chaos Communication Congress konnten Martin Tsch irsich und Bianca Kastl eine Ansammlung größerer und kleiner Sicherheitspr obleme in der elektronischen Patientenakte für alle aufzuzeigen – sei es i n der Ausgabe von Identifikationsmitteln\, in Systemen in der Telematikinf rastruktur oder in angebundenen Systemen. All diese Probleme kumulierten i n einem veränderten und reduzierten Rollout der ePA für alle in den Modell regionen Anfang 2025\, bei dem bereits erste Maßnahmen zur Schadensminimie rung unternommen wurden. \nEnde April 2025 wurde die ePA für alle dann auc h wirklich für alle deutschlandweit bereitgestellt – allerdings traten am gleichen Tag die scheinbar sicher gelösten Sicherheitslücken im Zugangsman agement wieder zu Tage und wurden alsbald wieder nur provisorisch abgedich tet.\n\nDieser Talk will etwas zurückblicken auf die Geschichte und die Ur sachen dieser Sicherheitsprobleme der ePA für alle. Als «eines der größten IT-Projekte der Bundesrepublik» steht die ePA sinnbildlich für den digita lpolitischen Umgang mit Sicherheitsversprechen und interessensgetriebenen Anforderungen über die Köpfe von Patient*innen oder Bürger*innen hinweg.\n \nDabei geht es nicht nur um technische Probleme und deren Behebungsversuc he\, sondern auch um die strukturellen Ursachen\, die große digitale Vorha ben immer wieder in manchen Bereichen scheitern lassen. Diese tiefergehend e Betrachtung kann uns dabei helfen\, die Ursachen für schlechte IT-Sicher heit auch bei zukünftigen digitalpolitischen Vorhaben in Deutschland besse r zu verstehen. Nicht für die ePA für alle und Anwendungen im Bereich der Telematikinfrastruktur\, sondern auch weit darüber hinaus.\n\nTiefergehend e Analyse und Nachwirkungen zu 38C3 „Konnte bisher noch nie gehackt werden “: Die elektronische Patientenakte kommt - jetzt für alle!\n DTEND;TZID=Europe/Berlin:20251229T181500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T171500 LOCATION:One SUMMARY:Schlechte Karten - IT-Sicherheit im Jahr null der ePA für alle - Bi anca Kastl [de] UID:2b5a6a8e-327e-594d-8f92-b91201d18a02 URL:https://events.ccc.de/congress/2025/hub/event/detail/schlechte-karten-i t-sicherheit-im-jahr-null-der-epa-fur-alle END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:Agentic AI is the catch-all term for AI-enabled systems that pr opose to complete more or less complex tasks on their own\, without stoppi ng to ask permission or consent. What could go wrong? These systems are be ing integrated directly into operating systems and applications\, like web browsers. This move represents a fundamental paradigm shift\, transformin g them from relatively neutral resource managers into an active\, goal-ori ented infrastructure ultimately controlled by the companies that develop t hese systems\, not by users or application developers. Systems like Micros oft's "Recall\," which create a comprehensive "photographic memory" of all user activity\, are marketed as productivity enhancers\, but they functio n as OS-level surveillance and create significant privacy vulnerabilities. In the case of Recall\, we’re talking about a centralized\, high-value ta rget for attackers that poses an existential threat to the privacy guarant ees of meticulously engineered applications like Signal. This shift also f undamentally undermines personal agency\, replacing individual choice and discovery with automated\, opaque recommendations that can obscure commerc ial interests and erode individual autonomy.\n\nThis talk will review the immediate and serious danger that the rush to shove agents into our device s and digital lives poses to our fundamental right to privacy and our capa city for genuine personal agency. Drawing from Signal's analysis\, it move s beyond outlining the problem to also present a "tourniquet" solution: lo oking at what we need to do *now* to ensure that privacy at the applicatio n layer isn’t eliminated\, and what the hacker community can do to help. W e will outline a path for ensuring developer agency\, granular user contro l\, radical transparency\, and the role of adversarial research.\nThe talk will provide a critical technical and political economy analysis of the n ew privacy crisis emerging from OS and application level AI agents\, aimed at the 39C3 "Ethics\, Society & Politics" audience.\n\n1. Defining the Th reat: The OS as a Proactive Participant (5 mins)\n We will begin by defi ning "Agentic AI" in two contexts - imbibed into the operating system and deployed via critical gateway applications such as web browsers. Tradition ally\, the operating systems and browsers are largely neutral enforcers of user agency\, managing resources and providing APIs for applications to r un reliably. We will argue that this neutrality is close to being eliminat ed. The new paradigm shifts these applications into a proactive agent that actively observes\, records\, and anticipates user actions across all app lications.The prime example for this analysis will be Microsoft’s "Recall" feature\, Google’s Magic Cue\, and OpenAI’s Atlas. Politically\, we will frame this not as a "feature" but as the implementation of pervasive\, non -consensual surveillance and remote-control infrastructure. This "photogra phic memory" of and demand for non-differentiated access to everything fro m private Signal messages to financial data to health data creates a catas trophic single point of failure\, making a single security breach an exist ential threat to a user's entire digital life. Ultimately\, we hope to ill ustrate how putting our brains in a jar (with agentic systems) is effectiv ely a prompt injection attack against our own humanity.\n\n2. The Existent ial Threat to Application-Level Privacy (10 mins)\n The core of the talk will focus on what this means for privacy-first applications like Signal. We will explain the "blood-brain barrier" analogy: secure apps are meticu lously engineered to minimize data and protect communications\, relying on the OS to be a stable\, neutral foundation on which to build. This new OS trend breaks that barrier. We will demonstrate how OS-level surveillance renders application-level privacy features\, including end-to-end encrypti on\, effectively useless. If the OS can screenshot a message before it's e ncrypted or after it's decrypted\, the promise of privacy is broken\, rega rdless of the app's design. We will also discuss the unsustainable "clever hacks" (like Signal using a DRM feature) that developers are forced to im plement\, underscoring the need for a structural solution.\n\n3. An Action able Framework for Remediation (20 mins)\n The final\, and most importan t\, part of the talk will move from critique to action. We will present an actionable four-point framework as a "tourniquet" to address these immedi ate dangers:\n\na. Empower Developers: Demand clear\, officially supported APIs for developers to designate individual applications as "sensitive" w ith the default posture being for such applications being opted-out of acc ess by agentic systems (either OS or application based) (default opt-out)\ n\nb. Granular User Control: Move beyond all-or-nothing permissions. Users must have explicit\, fine-grained control to grant or deny AI access on a n app-by-app basis.\n\nc. Mandate Radical Transparency: OS vendors and app lication developers must clearly disclose what data is accessed\, how it's used\, and how it's protected—in human-readable terms\, not buried in leg alese. Laws and regulations must play an essential role but we cannot just wait for them to be enforced\, or it will be too late.\n\nd. Encourage an d Protect Adversarial Research: We will conclude by reinforcing the need f or a pro-privacy\, pro-security architecture by default\, looking at the l egal frameworks that govern these processes and why they need to be enforc ed\, and finally asking the attendees to continue exposing vulnerabilities in such systems. It was only due to technically-grounded collective outra ge that Recall was re-architected by Microsoft and we will need that energ y if we are to win this war.\n DTEND;TZID=Europe/Berlin:20251229T201500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T191500 LOCATION:One SUMMARY:AI Agent\, AI Spy - Udbhav Tiwari\, Meredith Whittaker [en] UID:3e87bab2-575a-53be-8101-5d8144253646 URL:https://events.ccc.de/congress/2025/hub/event/detail/ai-agent-ai-spy END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:Wer nutzt in Deutschland Software von Palantir und wer hat das in naher Zukunft vor? Was sind die rechtlichen Voraussetzungen für den Ein satz solcher Analysewerkzeuge? Und was plant Innenminister Alexander Dobri ndt in Sachen Palantir für die Polizeien des Bundes?\nSoftware von Palanti r analysiert für Polizeien und Militär deren Daten – dafür lizenzieren auc h deutsche Polizeibehörden seit Jahren die Analysesoftware Gotham des US-U nternehmens. Die Software verarbeitet strukturierte und unstrukturierte In formationen aus Polizeidatenbanken. Die genauen Funktionsweisen sind für d ie Öffentlichkeit\, Gesetzgeber und Kontrollbehörden jedoch nicht einsehba r.\n\nDas US-Unternehmen ist hochumstritten und auch in Deutschland seit e inigen Gesetzesinitiativen wieder umkämpft – wegen seiner intransparenten Analysemethoden\, seiner Zusammenarbeit mit autoritären Staaten und seiner Nähe zur US-Regierung.\n\nRechtlich ist der Einsatz von Analysetools wie von Palantir in Deutschland ohnehin komplex\, denn das Bundesverfassungsge richt hat 2023 deutliche Grenzen für polizeiliche Datenanalysen gezogen. D ennoch haben mehrere Bundesländer für ihre Polizeien Verträge oder streben sie an. Auch auf Bundesebene wird der Einsatz für das Bundeskriminalamt u nd die Bundespolizei hitzig diskutiert.\n\nWie funktioniert Gotham und wel che Gefahren gehen damit einher?\nWelche Entwicklungen sind im Bund und i n den Ländern zu beobachten? Wie geht es weiter?\n\nWir wollen über den St and der Dinge in Bund und Ländern informieren und auch zeigen\, wie wir ve rsuchen\, rechtliche Vorgaben durchzusetzen. Denn die GFF und der CCC sind an Verfassungsbeschwerden beteiligt\, unter anderem in Hessen\, Hamburg u nd zuletzt in Bayern.\n DTEND;TZID=Europe/Berlin:20251229T213000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T203000 LOCATION:One SUMMARY:Blackbox Palantir - Constanze Kurz\, Franziska Görlitz [de] UID:bf34e289-afe1-59a8-8c1c-018b755772e3 URL:https://events.ccc.de/congress/2025/hub/event/detail/blackbox-palantir END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:Let's have a (hopefully) final look at Diesel emission cheating . This technical talk summarizes what I learned by reverse-engineering doz ens of engine ECU software\, how I found and characterized "interesting lo gic" which\, more often than not\, ended up being a court-approved "defeat device".\n\nWhat started as a "curious investigation" in 2015 to obtain a ground truth to widespread media reports of "VW being caught for cheating " ended up as a full-blown journey through the then-current state of the D iesel car industry.\n\nIn this talk\, Karsten and Felix will walk through the different implementation of defeat devices\, their impact on emissions \, and the challenges in documenting seemingly black boxes in court-proven expert reports.\n10 years ago\, Felix spent a lot of sleepless nights on reverse-engineering the Diesel software that implemented the (by now) well -known "Acoustic Function" defeat device\; he presented my findings at the 32c3 and 33c3 in 2015 and 2016\, expecting this to be the last time we ne eded to hear about this.\n\nLittle did he know about the extent of the Die sel emissions cheating. Since then he has analyzed many more vehicles\, le arned a bit or two about mechanical engineering problems of cars.\n\nKarst en\, working as a court-appraised expert\, will add his unique view on the challenges in documenting software that was never meant to be understood by the public.\n\nThis talk will discuss methodologies of independent anal ysis of highly dynamic systems that many people see as black boxes (but th at\, of course\, are not: they are just machines running software).\n DTEND;TZID=Europe/Berlin:20251229T224500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T214500 LOCATION:One SUMMARY:10 years of Dieselgate - Felix Domke\, Karsten Burger [en] UID:a877c904-f887-588e-9637-9b1df2f019dd URL:https://events.ccc.de/congress/2025/hub/event/detail/10-years-of-diesel gate END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:Last year at 38c3\, we gave a talk titled "Ten Years of Rowhamm er: A Retrospect (and Path to the Future)."\nIn this talk\, we summarized 10 years of Rowhammer research and highlighted gaps in our understanding.\ nFor instance\, although nearly all DRAM generations from DDR3 to DDR5 are vulnerable to the Rowhammer effect\, we still do not know its real-world prevalence.\nFor that reason\, we invited everyone at 38c3 last year to pa rticipate in our large-scale Rowhammer prevalence study.\nIn this year's t alk\, we will first provide an update on Rowhammer research and present ou r results from that study. \n\nA lot has happened in Rowhammer research in 2025.\nWe have evidence that DDR5 is as vulnerable to Rowhammer as previo us generations.\nOther research shows that not only can adversaries target rows\, but columns can also be addressed and used for bit flips.\nBrowser -based Rowhammer attacks are back on the table with Posthammer and with EC C. fail\, we can mount Rowhammer attacks on DDR4 with ECC memory.\n\nIn ou r large-scale study\, we measure Rowhammer prevalence in a fully automated cross-platform framework\, FlippyR.AM\, using the available state-of-the- art software-based DRAM and Rowhammer tools.\nOur framework automatically gathers information about the DRAM and uses 5 tools to reverse-engineer th e DRAM addressing functions\, and based on the reverse-engineered function s\, uses 7 tools to mount Rowhammer.\nWe distributed the framework online and via USB thumb drives to thousands of participants from December 30\, 2 024\, to June 30\, 2025. Overall\, we collected 1006 datasets from 822 sys tems with various CPUs\, DRAM generations\, and vendors.\nOur study reveal s that out of 1006 datasets\, 453 (371 of the 822 unique systems) succeede d in the first stage of reverse-engineering the DRAM addressing functions\ , indicating that successfully and reliably recovering DRAM addressing fun ctions remains a significant open problem.\nIn the second stage\, 126 (12. 5 % of all datasets) exhibited bit flips in our fully automated Rowhammer attacks.\nOur results show that fully automated\, i.e.\, weaponizable\, Ro whammer attacks work on a lower share of systems than FPGA-based and lab e xperiments indicated\, but at 12.5%\, are still a practical vector for thr eat actors.\nFurthermore\, our results highlight that the two most pressin g research challenges around Rowhammer exploitability are more reliable re verse-engineering tools for DRAM addressing functions\, as 50 % of dataset s without bit flips failed in the DRAM reverse-engineering stage\, and rel iable Rowhammer attacks across diverse processor microarchitectures\, as o nly 12.5 % of datasets contained bit flips.\nAddressing each of these chal lenges could double the number of systems susceptible to Rowhammer and mak e Rowhammer a more pressing threat in real-world scenarios.\nThis will be a followup talk after our talk "Ten Years of Rowhammer: A Retrospect (and Path to the Future)" at 38C3.\nIn the talk last year we gave an overview o f the current state of Rowhammer and highlighted that there are no large-s cale prevalence studies.\nWe wanted to change that and asked the audience to participate in our large-scale study on Rowhammer prevalence.\n\nWe per formed the large-scale study on Rowhammer prevalence thanks to many volunt eers supporting our study by measuring their systems.\nIn total\, we colle cted 1006 datasets on 822 different systems (some systems were measured mu ltiple times).\nWe show that 126 of them (12.5%) are affected by Rowhammer with our fully-automated setup.\nThis should be seen as a lower bound\, s ince the preconditions required for effective tools failed on ~50% of the systems.\nAmong many other insights\, we learned that the fully-automated reverse-engineering of DRAM addressing functions is still an open problem and we assume the actual number of affected systems to be higher as the 12 .5% we measured in our study.\n\nNow\, one year after our talk at the 38C3 \, we want to give an update on the current state of Rowhammer\, since mul tiple new insights were published in the last year:\nThe first reliable Ro whammer exploit on DDR5\, a JavaScript implementation of Rowhammer that wo rks on current DDR4 systems\, and an ECC bypass on DDR4\, just to name a f ew.\nAdditionally\, we want to present the results of our large-scale stud y on Rowhammer prevalence which was supported by the audience from last ye ar's talk.\n DTEND;TZID=Europe/Berlin:20251229T234000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251229T230000 LOCATION:One SUMMARY:Rowhammer in the Wild: Large-Scale Insights from FlippyR.AM - Marti n Heckel\, Florian Adamsky\, Daniel Gruss [en] UID:1627c5c1-db61-5117-aa41-991850cc20a8 URL:https://events.ccc.de/congress/2025/hub/event/detail/rowhammer-in-the-w ild-large-scale-insights-from-flippyr-am END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:PRÜF! Prüfung Rettet übrigens Freiheit!\nAlles wird in Deutschl and geprüft. Warum nicht auch mutmaßlich verfassungswidrige Parteien? Hier stelle ich vor\, was PRÜF! anders machen will als bisherige Kampagnen.\nW ir haben eine Forderung: „Alle Parteien\, die vom Verfassungsschutz als re chtsextremer Verdachtsfall oder gesichert rechtsextrem eingestuft werden\, sollen durch das Bundesverfassungsgericht überprüft werden.“ Wir demonstr ieren so lange\, bis der Bundesrat die Prüfung formal beantragt hat. PRÜF- Demos. Bald in allen Landeshauptstädten. Am 2. Samstag. Jeden Monat.\n\nWa rum beim Schutz der Demokratie nicht mal einen Ansatz wählen\, der so noch nicht probiert wurde? Nicht auf die anderen gucken\, sondern auf uns? Auf das gemeinsame? Auf Spaß? Das nutzen\, was wir haben und was wir können? Wir haben das Grundgesetz\, dessen Stärken eingesetzt werden müssen. Wir h aben uns\, Millionen Menschen\, die wir uns organisieren können. Wir haben Ideen\, wir haben Geld\, wir haben Macht\, wir haben Wissen. Bisher haben wir nicht einmal ansatzweise unsere Möglichkeiten ausgeschöpft und es wär e absurd\, wenn wir das nicht schaffen würden\, die Freiheitliche Demokrat ische Grundordnung zu schützen.\n\nVortrag kann Spuren von Prüfen enthalte n.\n DTEND;TZID=Europe/Berlin:20251230T005500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251230T001500 LOCATION:One SUMMARY:PRÜF - Nico Semsrott [de] UID:35e68e53-852a-56a2-8b3c-1bc27ce7fbb0 URL:https://events.ccc.de/congress/2025/hub/event/detail/pruf END:VEVENT BEGIN:VEVENT CATEGORIES:Entertainment\, Game show CLASS:PUBLIC DESCRIPTION:Datenschutz darf auch Spaß machen\, und alle können dabei etwas lernen\, egal ob Einsteiger oder Profi-Hacker: Bei dem Datenschutz- und D atenpannen-Quiz kämpfen vier Kandidat:innen aus dem Publikum zusammen mit dem Publikum um den Sieg. Nicht nur Wissen rund um IT-Sicherheit und Daten schutz sondern auch eine schnelle Reaktion und das nötige Quäntchen Glück entscheiden über Sieg und Niederlage. Die Unterhaltsame Datenschutz-Quiz-S how mit Bildungsauftrag!\nDatenschutz wird oftmals als lästige Pflicht wah rgenommen – aber was will und macht Datenschutz\, für was ist er sinnvoll und was ist zu beachten? In welche Stolperfallen können auch Nerds hineinf allen? **Die Datenschutz- und DSGVO-Show vermittelt spielerisch Datenschut zgrundlagen\,** bietet einen Einblick in die Praxis der Datenschutz-Aufsic htsbehörden und zeigt typische technische wie rechtliche Fehler im Umgang mit personenbezogenen Daten. Aber auch für Datenschutz-Profis und Superhir ne sind einige harte Nüsse dabei.\n\nDer Moderator arbeitet beim Landesbea uftragten für den Datenschutz und die Informationsfreiheit Baden-Württembe rg und berichtet aus der praktischen Arbeit einer Aufsichtsbehörde\, nennt rechtliche Grundlagen\, gibt Hinweise zu notwendigen technischen Maßnahme n nach Artikel 32 DS-GVO und die oftmals schwierige Risikoabschätzung nach „wir wurden gecybert“-Sicherheitsvorfällen.\n\nIm Quiz selbst müssen die Kandidat:innen in ihren Antworten praktische Lösungsvorschläge für häufige technische und rechtliche Probleme vorschlagen\, zum Beispiel welche tech nischen Maßnahmen bei bestimmten Datenpannen nach dem „Stand der Technik“ angebracht sind\, ob man als Website-Betreiber denn nun Google Analytics n utzen darf oder wie man sich gegen (rechtswidrige) Datensammler wehrt. Dad urch können Teilnehmer wie Zuschauer die praktische Anwendung der DS-GVO s pielerisch lernen.\n DTEND;TZID=Europe/Berlin:20251230T023000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251230T010000 LOCATION:One SUMMARY:Die große Datenschutz-\, Datenpannen- und DS-GVO-Show - Alvar C.H. Freude [de] UID:6396165e-0c44-58d3-a345-a63966473508 URL:https://events.ccc.de/congress/2025/hub/event/detail/die-groe-datenschu tz-datenpannen-und-ds-gvo-show END:VEVENT BEGIN:VEVENT CATEGORIES:Hardware\, Talk CLASS:PUBLIC DESCRIPTION:In this talk\, you will learn how Apple Silicon hardware differ s from regular laptops or desktops.\nWe'll cover how we reverse engineered the hardware without staring at disassembly but by using a thin hyperviso r that traces all MMIO access and then wrote Linux drivers.\nWe'll also ta lk about how upstreaming to the Linux kernel works and how we've significa ntly decreased our downstream patches in the past year.\n\nAs an example\, we will use support for the Type-C ports and go into details why these ar e so complex and required changes across multi subsystems.\n\nIn the end\, we'll briefly talk about M3/M4/M5 and what challenges we will have to ove rcome to get these supported.\nIn this talk\, you will learn how Apple Sil icon hardware differs from regular laptops or desktops.\nWe'll cover how w e reverse engineered the hardware without staring at disassembly but by us ing a thin hypervisor that traces all MMIO access and then wrote Linux dri vers.\nWe'll also talk about how upstreaming to the Linux kernel works and how we've significantly decreased our downstream patches in the past year .\n\nAs an example\, we will use support for the Type-C ports and go into details why these are so complex and required changes across multi subsyst ems.\n\nIn the end\, we'll briefly talk about M3/M4/M5 and what challenges we will have to overcome to get these supported.\n DTEND;TZID=Europe/Berlin:20251230T114000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251230T110000 LOCATION:One SUMMARY:Asahi Linux - Porting Linux to Apple Silicon - sven [en] UID:e0739bd6-f804-5fde-8cf6-fc940567bf45 URL:https://events.ccc.de/congress/2025/hub/event/detail/asahi-linux-portin g-linux-to-apple-silicon END:VEVENT BEGIN:VEVENT CATEGORIES:Science\, Talk CLASS:PUBLIC DESCRIPTION:How can we predict soil moisture by measuring cosmic ray produc ts and what have trains to do with it? Ever wondered how this Dürremonitor works\, that you heared about in ther german news? These question and som e more I will try to answer while I give an overview of some of the resear ch that is done by the Helmholtz Centre for Environmental Research (UFZ).\ nThe Dürremonitor is a programme that is often mentioned in the German new s when some regions experience drought. Alongside the Dürremonitor and the underlying Mesoscale Hydrological Model (MHM)\, there is ongoing research at the UFZ concerning soil moisture. Some of these studies involve measur ing soil moisture using a technique called cosmic ray neutron sensing (CRN S). Rather than taking measurements\, the MHM uses a physics-based model i ncorporating precipitation forecasts to predict drought or flood. These tw o strategies for quantifying soil moisture are therefore in opposition: th e measurement-based approach (CRNS) and the modelling-based approach (MHM/ Dürremonitor). CRNS is a relatively new method of measuring soil moisture based on the proportion of neutrons reflected by the soil (the principles were discovered in the 1980s\, but it has only recently become commerciall y applicable). This method has several advantages over previous soil moist ure measurement methods: it is non-invasive\, easy to set up\, portable an d can therefore be used on trains.\n\nIn the talk I will give an overview of the Dürremonitor and MHM and then focus on CRNS. I will explain the phy sical principles behind the method\, how it is implemented in practice by making serveys using trains.\n DTEND;TZID=Europe/Berlin:20251230T123500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251230T115500 LOCATION:One SUMMARY:CCC&T - Cosmic ray\, the Climate Catastrophe and Trains. - Fantasti cMisterFux [en] UID:471f65aa-7729-5e51-b849-4603cfac762f URL:https://events.ccc.de/congress/2025/hub/event/detail/ccc-t-cosmic-ray-t he-climate-catastrophe-and-trains END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:Cardiac Implantable Electronic Devices (CIED)\, such as cardiac pacemakers and defibrillators\, are a fairly niche target for security re searchers\, in part due to a lack of manufacturer cooperation and device a ccessibility. This talk aims to provide insights into the challenges in de vice development and methods with which to research device security. Data accessibility to patients will be touched upon.\nCIEDs may adversely affec t patients implanted with such devices should their security be compromise d. Although some efforts to secure these devices can be noted\, it has qui te often been lacking and may thus enable patient harm or data confidentia lity compromise by malicious actors. Given the vast consequences of securi ty vulnerabilities within this industry\, the author aims to provide insig ht into the challenges associated with designing security architectures fo r such platforms\, as well as possible methodology of researching these de vices safely even when lacking manufacturer cooperation and access to devi ce programmers.\n\nData collected by CIEDs and transmitted through remote monitoring is an additional concern for patients. Whilst research has show n that most manufacturers do respond in a timely and comprehensive fashion to GDPR requests\, immediate data access is not yet possible and requires the patient to reach out to their doctors to obtain the requisite (event) data. A proposed solution is presented on how a patient communicator may be designed to allow patients interested in their autonomy to perform limi ted device interrogation in a safe and secure manner.\n DTEND;TZID=Europe/Berlin:20251230T133000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251230T125000 LOCATION:One SUMMARY:Security of Cardiac Implantable Electronic Devices - dilucide [en] [NOT RECORDED] UID:0cd9234b-1abb-5fa2-85a9-af1ec76569bb URL:https://events.ccc.de/congress/2025/hub/event/detail/security-of-cardia c-implantable-electronic-devices END:VEVENT BEGIN:VEVENT CATEGORIES:Security\, Talk CLASS:PUBLIC DESCRIPTION:After we announced our results\, CTFs like Splunk's Boss of the SOC (BOTS) started prohibiting AI agents. For science & profit\, we keep doing it anyways. In BOTS\, the AIs solve most of it in under 10 minutes i nstead of taking the full day. Our recipe was surprisingly simple: Teach A I agents to self-plan their investigation steps\, adapt their plans to new information\, work with the SIEM DB\, and reason about log dumps. No exot ic models\, no massive lab budgets - just publicly available LLMs mixed wi th a bit of science and perseverance. We'll walk through how that works\, including videos of the many ways AI trips itself up that marketers would rather hide\, and how to do it at home with free and open-source tools.\n\ nCTF organizers can't detect this - the arms race is probably over before it really began. But the real question isn't "can we cheat at CTFs?" It's what happens when investigations evolve from analysts-who-investigate to a nalysts-who-manage-AI-investigators. We'll show you what that transition a lready looks like today and peek into some uncomfortable questions about w hat comes next.\nTHE PLAN\n\nLive demonstrations of AI agents speed-runnin g blue team challenges\, including the failure modes that break investigat ions. We'll show both what happens when we try the trivial approaches like “just have claude do it”\, “AI workflows”\, and what ultimately worked\, like managed self-planning\, semantic SIEM layers\, and log agents. Most c an be done with free and open tools and techniques on the cheap\, so we wi ll walk through that as well.\n\nTHE DEEP DIVE\n\n* Why normal prompts and static AI workflows fail\n* Self-planning investigation agents that evolv e task lists dynamically\n* What we mean by semantic layers for calling da tabases and APIs\n* How to handle millions of log events without bankrupti ng yourself\n* Why "no AI" rules are misguided technically and conceptuall y\n\nGOING BEYOND CTFS\n\nThe same patterns that trivialize training exerc ises work on real SOC investigations. We're watching blue team work fundam entally transform - from humans investigating to humans managing AI invest igators. Training programs teaching skills AI already automates. Hiring pr actices that can't verify who's doing the work. Certifications losing mean ing. More fundamentally\, when we talk about who watches the watchers\, a lot is about to shift again.\n DTEND;TZID=Europe/Berlin:20251230T143000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251230T135000 LOCATION:One SUMMARY:Breaking BOTS: Cheating at Blue Team CTFs with AI Speed-Runs - Leo Meyerovich\, Sindre Breda [en] UID:3d82c56b-fb2f-545f-b8f1-264c220c8f09 URL:https://events.ccc.de/congress/2025/hub/event/detail/breaking-bots-chea ting-at-blue-team-ctfs-with-ai-speed-runs END:VEVENT BEGIN:VEVENT CATEGORIES:CCC & Community\, Talk CLASS:PUBLIC DESCRIPTION:Was hat sich im Jahr 2025 im Bereich IT-Sicherheit getan? Welch e neuen Methoden\, Buzzwords und Trends waren zu sehen? Was waren die fies esten Angriffe und die teuersten Fehler?\nWir wagen auch den IT-Security-A usblick auf das Jahr 2026. Der ist wie immer mit Vorsicht zu genießen.\n DTEND;TZID=Europe/Berlin:20251230T154500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251230T144500 LOCATION:One SUMMARY:Security Nightmares - Constanze Kurz\, Ron [de] UID:a481eb2e-8b78-5f97-bfee-a47d1a271010 URL:https://events.ccc.de/congress/2025/hub/event/detail/security-nightmare s END:VEVENT BEGIN:VEVENT CATEGORIES:CCC & Community\, Ceremony CLASS:PUBLIC DESCRIPTION:Power off! Nach vier wunderbaren Tagen kommt der Congress nun l angsam zum Ende. Lasst uns zurückblicken\, die Eindrücke sortieren und die se inspirierte Stimmung nach draußen tragen.\n \n DTEND;TZID=Europe/Berlin:20251230T170000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251230T160000 LOCATION:One SUMMARY:Closing Ceremony - Stella\, pajowu [de] UID:319c31a2-af90-5db9-89f0-fe9ac582726e URL:https://events.ccc.de/congress/2025/hub/event/detail/closing-ceremony END:VEVENT BEGIN:VEVENT CATEGORIES:Science\, Talk CLASS:PUBLIC DESCRIPTION:*What are atoms doing in space anyways?* This talk will provide a brief overview of applications of quantum technologies in space ranging from precise timing and inertial measurements to fundamental physics.\nQu antum technologies have seen a wide field of applications in medicine\, ge osciences\, computing and communications\, in many cases bridging the gap from laboratory experiments to commercial products in the last decade. For terrestrial applications that is. But what about going to space?\n\nQuant um physics based sensors and experiments promise higher accuracy\, sensiti vity or better long term stability as they rely on immutable properties of atoms. When properly manipulated\, these (ultra-)cold atoms are likely to outperform state of the art instruments. Experiments conducted on soundin g rockets demonstrated important steps like Bose-Einstein Condensate creat ion during a few minutes in microgravity\, enabling more advanced quantum experiments in the future. The International Space Station and the Tiango ng Space Station host dedicated experiments like ultrastable clocks as wel l as flexible research infrastructure for fundamental research benefitting from long free-fall times. However\, the deployment of such technologies on satellites is not as advanced. Satellite missions utilizing quantum sen sors or performing long term experiments are subject to studies and propos als backed by a broad scientific community aiming at better understanding of climate change\, interplanetary navigation or tests of general relativi ty. First steps towards realization of such missions are taken by ESA\, NA SA and various national space agencies as well as universities funded by n ational agencies or the EU.\n\nThis talk will detect the current state of atoms in space and give an overview of active programs to deploy quantum s ensors on operational satellite missions. The focus is on future applicati ons in geosciences and related fields employing the same technology.\n DTEND;TZID=Europe/Berlin:20251230T114000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251230T110000 LOCATION:Ground SUMMARY:Atoms in Space - manuel [en] UID:dac63c75-58d4-5d97-9910-c9ec9c9c63b7 URL:https://events.ccc.de/congress/2025/hub/event/detail/atoms-in-space END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:Stellt euch vor\, eine private Organisation aus milliardenschwe ren Konzernen entscheidet\, welche Webseiten ihr nicht besuchen dürft - oh ne Richter\, ohne öffentliche Kontrolle oder Transparenz. \nGenau das mach t die CUII in Deutschland seit Jahren.\nIn Deutschland entscheidet eine pr ivate Organisation aus Internetanbietern und großen Unterhaltungskonzernen \, welche Webseiten für den Großteil der Bevölkerung nicht mehr erreichbar sind. \nDie selbsternannte "Clearingstelle Urheberrecht im Internet" sper rt ohne richterliche Beschlüsse den Zugriff auf Hunderte von Domains. \nWi r haben daraufhin cuiiliste.de ins Leben gerufen\, um die geheim gehaltene Liste von Domains zu veröffentlichen und so mehr Transparenz in die heiml iche Zensur der Konzerne zu bringen.\nUnsere Auswertung der Liste zeigte: Fast ein Drittel der gesperrten Domains erfüllte – teils seit Jahren – nic ht mehr die Kriterien für eine Sperre.\nWir werden uns ansehen\, wie dutze nde Domains nach öffentlichem Druck wieder entsperrt wurden\, während Prov ider gleichzeitig deren Sperren noch mehr verschleierten.\nVor ein paar Mo naten soll sich angeblich viel geändert haben bei der CUII - doch diese Än derung sieht leider verdächtig nach einem PR-Stunt aus\, um weiterhin Seit en ohne Transparenz sperren zu können.\n DTEND;TZID=Europe/Berlin:20251230T123500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251230T115500 LOCATION:Ground SUMMARY:CUII: Wie Konzerne heimlich Webseiten in Deutschland sperren - Lina Lastname\, Northernside [de] UID:910d24ff-efce-5adc-8b86-0f9c55fb1cda URL:https://events.ccc.de/congress/2025/hub/event/detail/cuii-wie-konzerne- heimlich-webseiten-in-deutschland-sperren END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:Abbreviations such as WSIS+20\, IGF\, IETF\, DIEM\, ICANN\, PDP \, ITU or W3C regularly appear in discussions about the Internet\, yet oft en remain vague. This talk provides an update on the current state of Inte rnet governance and explains why decisions made in United Nations processe s have direct implications for technical standards\, digital infrastructur e\, and power asymmetries.\nThe starting point is the UN’s WSIS+20 review process\, which negotiated the future of the Internet Governance Forum and the roles of stakeholders within it. Against this backdrop\, the talk tra ces the origins of the so-called multistakeholder approach and examines ho w it works in practice and where its limits lie.\n\nWhat role do technical standardization organizations such as the IETF\, ICANN\, ITU or the W3C p lay in an increasingly geopolitical environment? Who sets the rules\, who defines the standards\, and who is left out of these processes?\n\nThe aim of the talk is to make the connections between technology and internation al politics visible and to explain why Internet governance matters to ever yone interested in an open\, global\, and interoperable Internet.\n DTEND;TZID=Europe/Berlin:20251230T133000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251230T125000 LOCATION:Ground SUMMARY:Who runs the www? WSIS+20 and the future of Internet governance - S ophia Longwe [en] UID:9bdb9e0b-10c1-5543-81f5-d51da1c86367 URL:https://events.ccc.de/congress/2025/hub/event/detail/who-runs-the-www-w sis20-and-the-future-of-internet END:VEVENT BEGIN:VEVENT CATEGORIES:CCC & Community\, Talk CLASS:PUBLIC DESCRIPTION:Willkommen in der Zukunft: Beim LUG Camp in Wipperfürth und bei den Datenspuren in Dresden wurde digital bezahlt - mit GNU Taler als Even t-Bezahlsystem. Noch einfacher als Bargeld\, billiger als Kartenzahlung un d ohne Eingriff in die Privatsphäre der Besucher*innen. Wir zeigen euch\, wie auch ihr das bei eurer nächsten (Chaos-)Veranstaltung anbieten könnt!\ nAnonymes Bezahlen ganz ohne Bargeld? Digitales Bezahlen ohne Gebühren auf jede einzelne Transaktion? Keine zentrale Datensammelei bei US-amerikanis chen Zahlungsanbietern\, und trotzdem keine Blockchain?\n\nGeht nicht? Geh t doch! Schon auf mehreren Veranstaltungen wurde [GNU Taler](https://www.t aler.net/) erfolgreich als lokales Event-Bezahlsystem eingesetzt: Sämtlich e Zahlungen beim [LUG Camp 2024](https://lugcamp.wuplug.org/) wurden dank GNU Taler ausschließlich digital durchgeführt. Ebenso wurde mehr als ein V iertel des Umsatzes bei den [Datenspuren 2025](https://datenspuren.de/2025 /) mit GNU Taler digital abgewickelt.\n\nWährend die GLS Bank im Rahmen de s EU-geförderten Projekts NGI Taler ein [deutschlandweites Angebot](https: //www.gls.de/taler) vorbereitet\, hatten unsere Besucher*innen bereits jet zt die Gelegenheit\, anonymes digitales Bezahlen in der echten Welt zu tes ten. Das positive Feedback und der reibungslose Ablauf haben uns gezeigt: GNU Taler ist einsatzbereit und kommt in der Community super an!\n\nDeshal b wollen wir unsere Erfahrungen mit GNU Taler als Eventbezahlsystem gerne an Orgateams von anderen (Chaos-)Veranstaltungen weitergeben. Nach einer E inführung zur Funktionsweise von GNU Taler berichten wir von der praktisch en Umsetzung beim LUGCamp und bei den Datenspuren und geben Tipps für alle \, die GNU Taler auch bei ihrem nächsten Event anbieten wollen.\n DTEND;TZID=Europe/Berlin:20251230T143000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251230T135000 LOCATION:Ground SUMMARY:Von Groschen und SpurLos - GNU Taler auch auf eurem Event! - Mikola i Gütschow\, signum [de] UID:8d964e8f-4853-5ca9-8a0e-6afc215dae7d URL:https://events.ccc.de/congress/2025/hub/event/detail/von-groschen-und-s purlos-gnu-taler-auch-auf-eurem-event END:VEVENT BEGIN:VEVENT CATEGORIES:Ethics\, Society & Politics\, Talk CLASS:PUBLIC DESCRIPTION:The Four Freedoms (defined ~40 years ago) and the Four Opens (~ 15 years ago) for Open Source provided canonical definitions for what are the cornerstones of Open Source Software communities today. While the etho s still applies today\, the cultural norms that blossomed to put it into p ractice are from an era with different challenges.\n\nTo build a better wo rld\, we need to both keep and protect the value system of the Four Freedo ms and Four Opens. To do that\, we need to re-assess our risk and threat m odels to balance that allows beautiful minds to flourish as well as introd uce responsible friction to prevent harm from coming to them.\nThe state o f the internet\, c 1990:\n\n* Limited\, opt-in connectivity: people had to both have access to a computer and that computer had to have access to th e internet.\n* Tooling required some in-industry knowledge to be able to r un and use\, not only for development but also for communication.\n* Open source was a young movement. The "common source" was proprietary.\n\nThe s tate of the internet\, c 2025:\n\n* Always online\, might-not-even-be-to-o pt-out connectivity: devices are almost always collecting and transmitting data\, including audio/visual\, in some cases even if "turned off".\n* Ea sy to use tooling has made it easier for everyone to come together. The pe rvasiveness of technology also means that most people\, of any background\ , can easily access other people in the thousands or even millions.\n* Ope n source is common\, accessible\, and matured. A $9 **_trillion_** resourc e. Yes\, **_trillion_**.\n\nThese three significant changes drastically ch ange the threat model for OSS communities. In the beginning\, someone had to have both knowledge and resources to harm or otherwise compromise a com munity of developers. Now\, anyone with a grudge can make a bot army with seamless integrations and gracious freemium tiers for AI/LLMs. Likewise\, when open source was small\, the "who" who would be motivated to harm and otherwise disrupt those communities was limited. Now there is both massive social and economic benefit to harm and disrupt. This means that risks an d threats now still include the motivated and resourced **_with the additi on of_** those who are scarce in both.\n\nWe need to come together to buil d new organizational threat models that account for how this consequence h as posed new risks to our communities. With care and attention to detail\, we can introduce responsible friction that will protect our communication infrastructure\, the lifeblood of what allows open source to grow.\n\nThe re will also be a workshop with this presentation\, with the outcome of cr eating an ongoing working group dedicated to helping OSS Foundations of al l sizes protect their communities.\n\nThere will be a workshop about the s ame topic on 12.30\, Day 4: [https://events.ccc.de/congress/2025/hub/de/ev ent/detail/how-to-keep-open-source-open-without-leaving-our-c](https://eve nts.ccc.de/congress/2025/hub/de/event/detail/how-to-keep-open-source-open- without-leaving-our-c)\n DTEND;TZID=Europe/Berlin:20251230T114000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251230T110000 LOCATION:Fuse SUMMARY:How to keep Open Source open without leaving our communities open t o threats - Quintessence [en] UID:b472503f-7336-586b-aa63-d082c14e0945 URL:https://events.ccc.de/congress/2025/hub/event/detail/how-to-keep-open-s ource-open-without-leaving-our-communities-open-to-threats END:VEVENT BEGIN:VEVENT CATEGORIES:Art & Beauty\, Talk CLASS:PUBLIC DESCRIPTION:Encoding isn’t just for machines — it’s how humans shape meanin g. This talk traces 35 years of hacking text through the Text Encoding Ini tiative (TEI)\, a community-driven\, open-source standard for describing t he deep structure of texts. We’ll explore how TEI turns literature\, resea rch\, and even hacker lore into machine-readable\, remixable data — and ho w it enables minimal\, sustainable self-publishing without gatekeepers. Fr om alphabets to XML and the Hacker Bible\, we’ll look at text as a living system: something we can read\, write\, and hack together.\nComputers can’ t do much without encoding. They need ways to turn bytes into symbols\, wo rds\, and meaning — to make text readable for both humans and machines. Bu t encoding isn’t just for machines. Humans also encode: we describe\, stru cture\, and translate our thoughts into text. And while the number of text formats seems endless (and keeps growing)\, that’s not a bug — it’s a fea ture. Diversity in encoding is how we learn what works and what doesn’t.\n \nLong before ASCII tables or Unicode\, text encoding already existed — in alphabets\, printing presses\, and typographic systems. Every technology of writing has been a way of hacking language into matter: from clay table ts to lead letters\, from code pages to Markdown. Each era brings new form ats and new constraints — and with them\, new genres\, new rules\, new cul tural codes. Think of poetry and protocol manuals\, fairy tales and README files\, the Hacker Bible itself — all shaped by the tools and conventions that carry them.\n\nSo here’s the question: can we encode not only what w e see\, but what we mean? Can we capture a poem’s rhythm\, a play’s voices \, or the alternate endings of a story — and do it in a way that’s open\, remixable\, and machine-readable?\n\nTurns out\, yes — and the solution ha s existed since 1988. It’s called the Text Encoding Initiative (TEI)\, a l ong-running open-source standard that lets you describe the structure\, se mantics\, and context of texts using XML. You can think of it as a humanit ies fork of hypertext — an extensible markup language for everything from medieval manuscripts to memes.\n\nTEI is more than a format: it’s a collab orative\, living standard maintained by an international community of rese archers\, librarians\, and digital humanists. It evolves with the world — adding elements for new text types (like social media posts) and for chang ing cultural realities (like non-binary gender markers). It embodies open science principles and keeps publishing in the hands of its creators.\n\nY ou don’t need a publisher\, a platform\, or a big server farm. Just an XML -aware text editor\, a few lines of CSS\, and maybe a Git repo. From there \, you can transform your encoded text into websites\, PDFs\, e-books — or share it directly in its raw\, readable\, hackable form. It’s sustainable \, transparent\, and low-energy. It even challenges the academic prestige economy by making every individual contribution visible — from editors to annotators to script writers.\n\nIn this talk\, we’ll look at text as code and code as culture\, from alphabets to XML\, and explore how TEI can be a tool for hacking not machines but meaning itself. We’ll end with a pract ical example: a TEI-encoded page of the first Hacker Bible — because our o wn history also deserves to be archived\, shared\, and forked.\n DTEND;TZID=Europe/Berlin:20251230T123500 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251230T115500 LOCATION:Fuse SUMMARY:What You Hack Is What You Mean: 35 Years of Wiring Sense into Text - Torsten Roeder [en] UID:ba5269c3-88f7-50e8-b12c-63510ee697e8 URL:https://events.ccc.de/congress/2025/hub/event/detail/what-you-hack-is-w hat-you-mean-35-years-of-wiring-sense-into-text END:VEVENT BEGIN:VEVENT CATEGORIES:Hardware\, Talk CLASS:PUBLIC DESCRIPTION:Stored memory in hardware has had a long history of being influ enced by light\, by design. For instance\, as memory is represented by the series of transistors\, and their physical state represents 1's and 0's\, original EPROM memory could be erased via the utilization of UV light\, i n preparation for flashing new memory.\nNaturally\, whilst useful\, this h as proven to be an avenue of opportunity to be leveraged by attackers\, al lowing them to selectively influence memory via a host of optical/light-ba sed techniques. As chips became more advanced\, the usage of opaque resin was used as a "temporary" measure to combat this flaw\, by coating chips i n a material that would reflect UV.\nPresent day opinions are that laser ( or light) based hardware attacks\, are something that only nation state ac tors are capable of doing Currently\, sophisticated hardware labs use expe nsive\, high frequency IR beams to penetrate the resin.\nThis project demo nstrates that with a limited budget and hacker-and-maker mentality and by leveraging more inexpensive technology alternatives\, we implement a tool that does laser fault injection\, can detect hardware malware\, detect sup ply chain chip replacements\, and delve into the realm of laser logic stat e imaging.\nStored memory in hardware has had a long history of being infl uenced by light\, by design. For instance\, as memory is represented by th e series of transistors\, and their physical state represents 1's and 0's\ , original EPROM memory could be erased via the utilization of UV light\, in preparation for flashing new memory.\n\nNaturally\, whilst useful\, thi s also has proven to be an avenue of opportunity to be leveraged by attack ers\, allowing them to selectively influence memory via a host of optical/ light-based techniques. As chips became more advanced\, the usage of opaqu e resin was used as a "temporary" measure to combat this flaw\, by coating chips in a material that would reflect undesirable UV.\n\nPresent day opi nions are that laser (or light) based hardware attacks\, are something tha t only nation state actors are capable of doing\; due to both limitations of cost in tooling as well as personnel expertise required. Currently\, so phisticated hardware labs use expensive\, high frequency IR beams to penet rate the resin.\n\nThis project demonstrates that with a limited budget an d hacker-and-maker mentality\, similar results can be obtained at a fracti on of the cost\, from the comfort of your home or garage. With the modific ations of an opensource low-cost microscope\, addition of a home-built bea m splitter and interchangeable diode laser\, it has been shown that consum er-grade diodes are capable of producing results similar to the high-cost variants\, such as the YAG lasers.\n\nOne example of results includes intr oducing affordable avenues to conduct laser-based fault injection\, via th e usage of such budget-friendly tooling. We are opening the study of these low-level hardware attacking methodologies to more entry-level security t esters\, without the need for hundreds of thousands of dollars in startup capital.\n\nBy leveraging more affordable technology alternatives\, we hav e embarked on a mission to uncover hardware malware\, detect supply-chain chip replacements\, and delve into the realm of laser-logic-state imaging. Our approach integrates optics\, laser selection\, and machine learning c omponents.\n DTEND;TZID=Europe/Berlin:20251230T133000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251230T125000 LOCATION:Fuse SUMMARY:Laser Beams & Light Streams: Letting Hackers Go Pew Pew\, Building Affordable Light-Based Hardware Security Tooling - Patch\, Sam. Beaumont ( PANTH13R) [en] UID:8ddb3a95-bce6-56a7-89f6-d2d50d084e9f URL:https://events.ccc.de/congress/2025/hub/event/detail/laser-beams-light- streams-letting-hackers-go-pew-pew-building-affordable-light-based-hardwar e-security-tooling END:VEVENT BEGIN:VEVENT CATEGORIES:Hardware\, Talk CLASS:PUBLIC DESCRIPTION:Keeping old projects working can be an uphill battle. This tal k explores how the laser tag system Q-Zar (Quasar in the UK) has been kept alive since the company behind it failed in the 90s. The challenges enc ountered\, the lessons learnt\, and how those can be applied to our own fu ture projects to maximise the project lifetime.\nLooking at the effects of obsolescence in the context of a laser tag system from the 1980s Q-Zar (Q uasar in the UK)\, what needed to happen to keep it going to enable people to continue playing. What lessons we can learn from that and some good e xamples from other projects\, and how that can be applied to our own proje cts.\n\nThis talk covers the electronics involved in the laser tag system\ , why the continued availability of components has varied a lot. The need to develop new computer software that continues to work years later. The way the physical equipment can have its life extended.\n\nTopics covered range from electronics design through to software coding and onto physical unit repair. A look at the tooling created to help maintain\, support and repair the laser tag packs. The challenges Covid-19 created and how thin gs were rapidly pivoted to enable continued playing in challenging times.\ nThis is about how we all can make simple decisions that help build someth ing that will last the maximum time possible with the least amount of effo rt.\n DTEND;TZID=Europe/Berlin:20251230T143000 DTSTAMP:20251230T153001Z DTSTART;TZID=Europe/Berlin:20251230T135000 LOCATION:Fuse SUMMARY:Battling Obsolescence – Keeping an 80s laser tag system alive - Tri kkitt [en] UID:d1174c82-6e99-5acb-98f2-3c0f55b046c7 URL:https://events.ccc.de/congress/2025/hub/event/detail/battling-obsolesce nce-keeping-an-80s-laser-tag-sys END:VEVENT END:VCALENDAR