Almost a week ago we published the Camp Fahrplan (schedule). Follow this link for more information.
Posts Tagged ‘Schedule’
Crypto Talk at 27C3: Automatic Identification of Cryptographic Primitives in Software, Day1, 16:00, Saal 3Monday, December 27th, 2010
Many applications, including closed source applications like malware or DRM-enabled multimedia players (you might consider them as malware too) use cryptography. When analyzing these applications, a first step is the identification and localization of the cryptographic building blocks (cryptographic primitives, for example AES, DES, RSA…) in the applications. When these blocks have been localized, the input and output of the cryptographic primitives and the key management can be observed and the application can be analyzed further. Fortunately, many cryptographic algorithms use special constants or have a typical fingerprint and there are only a few different public implementations of the algorithm. This allows us to automate this first, Felix Gröbert will show us how:
Using dynamic binary instrumentation, we record instructions of a program during runtime and create a fine-grained trace. We implement a trace analysis tool, which also provides methods to reconstruct high-level information from a trace, for example control flow graphs or loops, to detect cryptographic algorithms and their parameters.
- Because the program is analyzed at runtime, it is immediately known which parts of the code are used at which time, so that they might be correlated with runtime decryption of the code or with network communication.
- Inputs and outputs of the primitives as well as the keys are recorded, even if the originate from a remote server or botnet. This allows us to immediately distinguish between long term keys and session keys, if multiple executions of the same program can be recorded.
- This is also highly interesting if private keys are included in an obfuscated binary, for example private RSA keys.
- Dead or unused code is automatically excluded, so that one can proceed with the main parts of the code first.
- If additional code is loaded from a server, it is included in the analysis. This would be hard to impossible using static analysis.
Of course, trace driven analysis has it disadvantages, for example if a malware needs to communicate with a command-and-control server, which has already been taken down or behaves differently on different systems or at different times.
Personally, I am interested in this talk because it might make ease up the analysis of closed source applications using cryptography. Even if the application, the DRM scheme, or the cryptographic primitive has no special weaknesses or bugs, just he recording of every input and output of all cryptographic building blocks in the application might be sufficient to extract a DRM free version of DRM protected digital content. Please also note that even if an application uses only well analyzed cryptographic primitives as AES and RSA, it might still be insecure, if these primitives are used in the wrong way.
Author: Erik Tews
Hackers of all ages can (learn how to) make things at the Hardware Hacking Area of the 27c3!
The HHA is open to everyone and open the entire congress! Hackers of all ages and skill levels are welcome! Round-the-clock hands on workshops will be led by lots of experienced teachers like Mitch Altman, Jimmie P. Rodgers, fbz, Wim Vandeputte and…you!
Learn to solder, then help teach others! Make cool things with electronics, design and print 3D models on the Makerbot, break RFID, or give your own workshop on the projects you’ve been hacking on this year. Last year there was a Cantenna workshop, a Mikrocopter workshop, and a GSM workshop among many others.
Lots of kits for you to make will be available including Brain Machines, TV-B-Gones, Trippy RGB Waves, Mignonette Games, LEDcubes, LOL shields, Atari Punk Consoles…and there’s always room for yours!
To accommodate all this hardware hacking goodness, the HHA will be twice the size it was during the 26c3, but still conveniently located near the Hackcenter.
Even if you don’t have a ticket to Congress, you can stop by the HHA with a Night Pass good from Midnight to 6 AM. Night passes are only €5 and will be sold shortly before midnight each day of the 27c3.
Want four minutes on stage at the 27c3? You can have it! Registration is now open for the Lightning Talk sessions at the 27c3.
Taking place at 12:45 in Saal 3 on Days 2, 3 and 4, these fast paced sessions are perfect for pitching new software or hardware projects, exploits, creative pranks or strange ideas you need to share with the world.
Lightning talks are also good for getting publicity for your workshop at the 27c3, or for recruiting people to join in on things like a high calorie flash mob.
In order to maximize the available time, registrations will be granted to presenters who submit their graphics (i.e. slides, background picture, contact info, etc.) in advance. Exceptions will be made very selectively on a case-by-case basis. Register soon, as we anticipate the available slots will go quickly. (Proposals started coming in a few minutes after we put up a draft of the wiki page!)
Photo Courtesy Matt Biddulph via flickr.
During all the years there were really great workshops at the Chaos Communication Congress. Unfortunately they were a bit hard to find, because we only announced them in the wiki and some workshops weren’t in there either. So it is clear, that the lack of attendees in some workshops was surely not because of uninteresting topics but merely because of our laziness to make them easier to find.
Our approach to that problem is to ask all visitors who want to give a workshop at 27C3 to hand it in before the conference so we can release an official schedule for workshops before day 1 of the congress.
We should have enough time and rooms so there is hopefully no need for rejecting a workshop proposal unless you:
- simply hand in a rejected talk as a workshop (a workshop is not meant to be a lecture)
- simply want to sell a product (selling a kit for the workshop for a fair price is OK, of course)
- forget to at least fill out the Title, Abstract and Description fields in the submission interface (so that visitors know what skills and what tools they need and whether you provide them, price of needed components, etc).
If your talk submission got accepted and the workshop depends on your talk, please drop a note so that we can schedule your workshop after your lecture.
Fellows who already handed in a workshop during the talk submission phase (and whose submission has the state “candidate” in Pentabarf) should find their submission also in the new submission interface. Ingenious, we know ;)
To submit a workshop for the conference please visit:
If you have further questions that can’t wait ’til the end of December, you can comment here or include your question in the
Workshop-ALOAQ (At least once asked questions) page in the wiki.
Please note that there is also the possibility to do a workshop in the “Makers”-Room in the basement and/or at other tables in the BCC.
Sorry to say that, but even when doing a workshop, you still need a ticket to buy a normal ticket.
For the English version, see below.
Vergangenen Sonntag ging das zweite und letzte Content-Meeting für den 27C3 zu Ende. Wir haben uns alle eingereichten 223 Submissions angesehen und 98 der besten Einreichungen für Euch ausgewählt. Vielen Dank für die zahlreichen interessanten Einreichungen, die allen Beteiligten die ehrenamtliche Arbeit versüßt haben!
Nachdem wir zuletzt noch hochmoderne Zettelchen auf dem Boden herumgeschoben haben, können wir ihn endlich präsentieren: den Fahrplan Version 0.1. Bitte beachtet: Das ist Version 0.1. Die Lücken werden nach und nach mit weiterem coolen Stuff gefüllt, sobald die Referenten confirmed sind. Änderungen wie immer vorbehalten, alle Angaben ohne Gewähr.
Dieses Jahr wird es auch Vorträge geben, die 30 Minuten lang sind. Damit wollen wir spannenden Themen einen angemessenen Rahmen geben, die zu komplex für einen Lightning Talk sind, aber keine Stunde füllen würden. Durch das Mehr an Vorträgen wird das Programm vielfältiger und die Aufmerksamkeitsspanne in den frühen Stunden des Congress-Tages nicht überstrapaziert.
Um Euch einen kleinen Ein- und Überblick zu geben, werden einige der angenommenen Vorträge demnächst hier vorgestellt. Stay tuned. :-)