Chaos Communication Camp 2015 14 Aug 2015

Last weekend I visited the Chaos Communication Camp 2015. The camp took place in Mildenberg, in the Ziegeleipark. The Chaos Communication Camp is an international meeting of hackers.

In the Wiki you can find more details. Most of the talks have been recorded.

I will sum up the most interesting stuff I discovered while participating.

rad1o Badge

The rad1o badge is a microcontroller every camp visitor gets. At least in theory. There have been rumors of not enough badges available for all visitors. This caused some panic around the participants. The rad1o is an enhancement to the r0ket which was given out on the previous camp.

The rad1o should be an introduction to [Software defined Radio][https://en.wikipedia.org/wiki/Software-defined_radio]. It is compatible to the HackRF project. The rad1o has a half-duplex transceiver which operated between 50 - 4000 MHz.

It’s possible to write software for your rad1o badge.

A lot of people did modify there badge. For example by soldering a antenna adapter on the circuit borad or by creating cases with a laser cutter.

Unfortunately I did not find the time to play around with the badge. More information about the badge can be found in the wiki.

3D Printing High-Quality Low-Cost Free Medical Hardware

This was one of the talks which could have a profound influence on the world. Tarek Loubani talked about using 3D printers to print medical hardware like a stethoscope. All the devices Tarek talked about could be useful for regions which don’t have access to regular devices.

All of the mentioned devices have expired patents, so using open source absolutely makes sense.

I highly recommend watching the talk. You can checkout the GitHub Profile to have a look at the project.

NixOs Workshop

I wanted to play around with NixOS for some time now. NixOS is a purely functional linux distribution.

On the camp I had the chance to attend a NixOs Workshop done by Joachim Schiele. I learned quite a bit about NixOs Programming. If you want to do the workshops you can find the sources in the wiki.

What I find attractive about NixOs

• declarative configuration. All configuration is done in one file (which packages are installed, which users use the system, how the firewall is configured) and can be persisted in git
• NixOs can persist previous configurations and you can boot them in case something went wrong. (No praying if your gentoo update survived the reboot)
• A lot of packages are already available; I expected way less package in nix

Documentation is a bit sparse.

By the way. There is a NixOs conference in Berlin this November. You should join.

Fuzzing mit AFL

This was a workshop I attended shortly. The workshop introduced me to American Fuzzy Lop. AFL is a new fuzzer which uses genetic algorithms to detect security problems in applications.

Would be nice to spent some time with AFL to detect some security problems in own programs or tools.

Capture the Flag

There was also a Jeopardy-style Capture the Flag competition running. It would be great if the competition would be available after the camp. So it would be possible to hack on the problems without beeing distracted from all the awesome workshops and talks.

However, if you want to evaluate or enhance your security skills you can check out nebula. Alternatively you can have a look at ctftime for upcoming CTF events.

Lightning Talk NFC Bridge

Another interesting lightning talk was about creating a nfc bridge between two devices over a long distance network. A lightning talk has a time window of 15 minutes. With the nfc bridge it’s possible to relay the communication between a nfc reader and a card. This also allows to analyze the traffice sent between the reader and the card. You can find the project on GitHub.

Encrypted Email for Planet Earth

This talk was about usability opportunities regarding security software. https://events.ccc.de/camp/2015/Fahrplan/events/6889.html

An interesting project I discovered through the talk was mailpile.is an open source mail client.

Keys? Where we’re going we don’t need keys.

This was a talk about the current security state of digital keylocks. Unfortunately the talk was not recorded. Damien explained how he could open looks with an intercepted key with a bit of key manipulation.c I also learned about bluetooth sniffers like ubertooth one or adafruit ble sniffer

DECT Phones SIM Cards, Phone Net

Another fun thing is the phone network which was covering the camp. The Phone Operation Center deployed a DECT infrastructure on the campsite. In our village we had a village phone which could be called from anybody on the camp. It was also possible to write text messages to each other.

Lockpicking Workshop

One village was focusing on lockpicking. It was possible to attend workshops on how to learn lockpicking. It was quite interesting to learn how locks work and how it’s possible to unlock them without a key.

What to do different

For the next camp I will preorder a shirt/hoodie to avoid waiting in queue. I also would preorder parts and extension for the badge which would allow to start hacking on the badge immediately.