Theme
Conference my congress Visitors
You must be logged in to use the filter favorited.
You must be logged in to use the filter favorited.

Schedule

Theme
Der Hub wird spätestens Ende Januar archiviert, alle nutzerbezogenen Inhalte, Boards und auch einige Wiki-Seiten werden dabei entfernt. Alle öffentlichen Assemblies, Projekte und Veranstaltungen bleiben. // The hub will be archived by end of January. All user-provided content, boards and several wiki pages will be deleted. All public assemblies, projects and events will remain.
Schedule
all curated only assembly only self_organized only
Day 1 Day 2 Day 3 Day 4
recorded only not recorded only
Tracks
CCC & Community Hardware Security Art & Beauty Ethics, Society & Politics Science Live Performance DJ-Set Entertainment Clear track filter

 

Day 3
11:00

11:30

12:00

12:30

13:00

13:30

14:00

14:30

15:00

15:30

16:00

16:30

17:00

17:30

18:00

18:30

19:00

19:30

20:00

20:30

21:00

21:30

22:00

22:30

23:00

23:30

00:00

00:30

01:00

01:30

02:00

02:30

One
Celestial navigation with very little math (en)

Trammell Hudson

Learn how to find your position using a sextant and a custom slide rule, almost no math required!
What Makes Bike-Sharing Work? Insights from 43 Million Kilometers of European Cycling Data (en)

Martin Lellep, Georg Balke, Felix Waldner

Bike- and e-bike-sharing promise sustainable, equitable mobility - but what makes these systems successful? Despite hundreds of cities operating thousands of shared bikes, trip data is rarely public. To address this, we built a geospatial analysis pipeline that reconstructs trip data from publicly accessible system status feeds. Using this method, we gathered **43 million km** of bike-sharing trips across **268 European cities**. Combined with over **100 urban indicators** per city, our analyses reveal how infrastructure, climate, demographics, operations, and politics shape system performance. We uncover surprising insights - such as why some e-bike systems underperform despite strong demand - and highlight how cities can design smarter, fairer mobility. All data and code are open-source, with an interactive demo at bikesharingflowmap.de.
Supplements und Social Media – wenn der Online-Hype zur realen Gesundheitsgefahr wird (de)

Christoph Wiedmer

Nicht zuletzt durch die Werbung in den sozialen Medien werden in Deutschland immer mehr Nahrungsergänzungsmittel verkauft. Einige Influencer bringen sogar ihre eigenen Präparate auf den Markt. Gleichzeitig häufen sich Fälle, in denen die Einnahme von vermeintlich harmlosen „Supplements“ zu Gesundheitsschäden geführt hat. Der Vortrag will daher die Mechanismen hinter dem Supplement-Hype aufzeigen, zudem erklären, warum aktuell ein ausreichender Verbraucherschutz insbesondere im Internet nicht gewährleistet werden kann, wo Handlungsbedarf für die Politik besteht und wie man sich selbst vor fragwürdigen Produkten schützen kann.
Schlechte Karten - IT-Sicherheit im Jahr null der ePA für alle (de)

Bianca Kastl

Seit Mitte 2025 steht die elektronische Patientenakte für alle zur Verfügung – nach ein paar kleineren oder größeren Sicherheitsproblemen im Vorfeld, sei es vor einem Jahr auf dem 38C3 oder Ende April zum deutschlandweiten Start. Zeit ein Fazit zu ziehen: Ist die ePA jetzt sicher? Wurden nachhaltige Veränderungen durchgeführt, die zu mehr Sicherheit führen? Kann der Umgang mit der IT-Sicherheit «eines der größten IT-Projekte der Bundesrepublik» für zukünftige Digitalprojekte hilfreich sein? Zeit, mit etwas Abstand auf das zu blicken, was war, was ist und was sich abzeichnet nicht nur bei der ePA, sondern auch beim Umgang mit IT-Sicherheit bei ähnlichen Vorhaben in Deutschland. Eine umfassende Analyse der Historie und der Ursachen einer der weitreichendsten Fehlentwicklungen im Bereich der IT-Sicherheit der letzten Jahre, die sich in weit mehr zeigt, als nur in schlechter Prüfung der Anwesenheit von Gesundheitskarten im Gesundheitswesen.
10 years of Dieselgate (en)

Felix Domke, Karsten Burger

Let's have a (hopefully) final look at Diesel emission cheating. This technical talk summarizes what I learned by reverse-engineering dozens of engine ECU software, how I found and characterized "interesting logic" which, more often than not, ended up being a court-approved "defeat device". What started as a "curious investigation" in 2015 to obtain a ground truth to widespread media reports of "VW being caught for cheating" ended up as a full-blown journey through the then-current state of the Diesel car industry. In this talk, Karsten and Felix will walk through the different implementation of defeat devices, their impact on emissions, and the challenges in documenting seemingly black boxes in court-proven expert reports.
Rowhammer in the Wild: Large-Scale Insights from FlippyR.AM (en)

Martin Heckel, Florian Adamsky, Daniel Gruss

Last year at 38c3, we gave a talk titled "Ten Years of Rowhammer: A Retrospect (and Path to the Future)." In this talk, we summarized 10 years of Rowhammer research and highlighted gaps in our understanding. For instance, although nearly all DRAM generations from DDR3 to DDR5 are vulnerable to the Rowhammer effect, we still do not know its real-world prevalence. For that reason, we invited everyone at 38c3 last year to participate in our large-scale Rowhammer prevalence study. In this year's talk, we will first provide an update on Rowhammer research and present our results from that study. A lot has happened in Rowhammer research in 2025. We have evidence that DDR5 is as vulnerable to Rowhammer as previous generations. Other research shows that not only can adversaries target rows, but columns can also be addressed and used for bit flips. Browser-based Rowhammer attacks are back on the table with Posthammer and with ECC. fail, we can mount Rowhammer attacks on DDR4 with ECC memory. In our large-scale study, we measure Rowhammer prevalence in a fully automated cross-platform framework, FlippyR.AM, using the available state-of-the-art software-based DRAM and Rowhammer tools. Our framework automatically gathers information about the DRAM and uses 5 tools to reverse-engineer the DRAM addressing functions, and based on the reverse-engineered functions, uses 7 tools to mount Rowhammer. We distributed the framework online and via USB thumb drives to thousands of participants from December 30, 2024, to June 30, 2025. Overall, we collected 1006 datasets from 822 systems with various CPUs, DRAM generations, and vendors. Our study reveals that out of 1006 datasets, 453 (371 of the 822 unique systems) succeeded in the first stage of reverse-engineering the DRAM addressing functions, indicating that successfully and reliably recovering DRAM addressing functions remains a significant open problem. In the second stage, 126 (12.5 % of all datasets) exhibited bit flips in our fully automated Rowhammer attacks. Our results show that fully automated, i.e., weaponizable, Rowhammer attacks work on a lower share of systems than FPGA-based and lab experiments indicated, but at 12.5%, are still a practical vector for threat actors. Furthermore, our results highlight that the two most pressing research challenges around Rowhammer exploitability are more reliable reverse-engineering tools for DRAM addressing functions, as 50 % of datasets without bit flips failed in the DRAM reverse-engineering stage, and reliable Rowhammer attacks across diverse processor microarchitectures, as only 12.5 % of datasets contained bit flips. Addressing each of these challenges could double the number of systems susceptible to Rowhammer and make Rowhammer a more pressing threat in real-world scenarios.

Ground
Teckids – eine verstehbare (digitale) Welt (de)

Keno, Darius Auding

Die Teckids-Gemeinschaft bringt Kinder, Jugendliche und Erwachsene zusammen, um gemeinsam aktiv für eine verstehbare (digitale) Welt zu sein.
Shit for Future: turning human shit into a climate solution (en)

Elena

Humanity has already crossed the point where simply reducing emissions will no longer be enough to keep global warming below 2°C. According to the IPCC (AR6, WGIII), it is now essential to actively remove greenhouse gases from the atmosphere in order to meet global climate targets, maintain net-zero (or even net-negative emissions), and address the burden of historical emissions. At the same time, degraded soils and the climate crisis are a threat to global food security. Two years ago, I presented an overview of different methods available for carbon dioxide removal. Today, I want to show you an example of how CO₂ can be removed from the atmosphere while simultaneously improving the lives of local communities: Human shit. Human shit is a high abundant biomass, contains critical nutrients for global food security, and causes serious health and environmental issues from poor or non-existent treatment outside industrial countries. Converting shit into biochar presents a powerful solution: the process eliminates contaminants, stabilizes and locks away carbon, and can be used to improve agricultural soils. The challenge is that most nutrients in this biochar are not accessible to plants. To overcome this, I mixed human and chicken shit and produced a “Superchar” that releases far more nutrients. It’s not magic, it’s just some chemistry and putting aside your prejudices and disgust. I’ll show you how I did some shit experiments in Hamburg and Guatemala and how you can do it too.
There is NO WAY we ended up getting arrested for this (Malta edition) (en)

mixy1, Luke Bjorn Scerri, girogio

3 years ago, 3 Maltese students were arrested and charged with computer misuse after disclosing a vulnerability to a local company that developed a mobile app for students. Through persistent media pressure, the students managed to obtain a presidential pardon to drop the case and funding for their lawyers. However, through this journey, there were mentions of punishment for retaliating through media disclosure. The story has not concluded, and there will be no amendments to the Maltese computer misuse law for the foreseeable future.
Set-top box Hacking: freeing the 'Freebox' (en)

Frédéric Hoguin

The French ISP 'Free' was the first to introduce a set-top box in France in 2002, named the Freebox. Four years later, the fifth version of the Freebox was released and distributed to customers. It comprises two devices: a router, and a PVR called the Freebox HD, both running Linux. The Freebox HD had innovative features at the time, such as live television control and HD capabilities. Such a device has a lot of potential for running homebrew, so I decided to hack it. I present how I got arbitrary code execution on the Freebox HD and then root privileges, using a chain of two 0-day exploits, one of which is in the Linux kernel. I then analyze the device, run homebrew software, and explain the structure of the ISP's private network that I uncovered while exploring the device.
Build a Fake Phone, Find Real Bugs: Qualcomm GPU Emulation and Fuzzing with LibAFL QEMU (en)

Romain Malmain

Mobile phones are central to everyday life: we communicate, entertain ourselves, and keep vast swaths of our digital lives on them. That ubiquity makes high-risk groups such as journalists, activists, and dissidents prime targets for sophisticated spyware that exploits device vulnerabilities. On Android devices, GPU drivers have repeatedly served as the final escalation vector into the kernel. To study and mitigate that risk, we undertook a research project to virtualize the Qualcomm Android kernel and the KGSL graphics driver from scratch in QEMU. This new environment enables deep debugging, efficient coverage collection, and large-scale fuzzing across server farms, instead of relying on a handful of preproduction devices. This talk will highlight the technical aspects of our research, starting with the steps required to boot the Qualcomm mobile kernel in QEMU, all the way up to the partial emulation of the GPU. Then, we will present how we moved from our emulation prototype to a full-fledged fuzzer based on LibAFL QEMU.

Zero
Watch Your Kids: Inside a Children's Smartwatch (en)

Nils Rollshausen

Join us as we hack at a popular children's smartwatch and expose the secrets of every fifth child in Norway, their parents, and millions more.
Making the Magic Leap past NVIDIA's secure bootchain and breaking some Tesla Autopilots along the way (en)

Elise Amber Katze

The Tegra X2 is an SoC used in devices such as the Magic Leap One, and Tesla's Autopilot 2 & 2.5 promising a secure bootchain. But how secure really is the secure boot? In this talk I go over how I went from a secured Magic Leap One headset, to exploiting the bootloader over USB, to doing fault injection to dump the BootROM, to finding and exploiting an unpatchable vulnerability in the BootROM's USB recovery mode affecting all Tegra X2s.
APT Down and the mystery of the burning data centers (en)

Christopher Kunz, Sylvester

In August 2025 Phrack published the dump of an APT member's workstation. It was full of exploits and loot from government networks, cell carriers and telcos. The dump sparked a government investigation, and corpos like LG and Korea Telecom were asked to explain themselves. Hours before an onsite audit, the data center mysteriously caught fire, destroying almost a hundred servers. Then another data center burned - and unfortunately, there was even one death. The talk aims to revisit this mysterious sequence of tragic incidents. [TW: Suicide, self-harm]
Race conditions, transactions and free parking (en)

Benjamin W. Broersma

ORM's and/or developers don't understand databases, transactions, or concurrency.
Light in the Dark(net) (en)

Tobias Höller

Science is hard and research into the usage of the Tor network is especially so. Since it was designed to counter suveillance, it gathering reliable information is difficult. As a consequence, the studies we do have, have yielded very different results. This talk investigates the root causes of contradicting studies by highlighting how slight changes in methodology or data selection completely change the results and thereby our understanding of what the Darknet is. Whether you consider it the last bastion of freedom or a haven of crime, this talk will tell you where to look and what to ignore in order to confirm your current opinion. And in case you are open to changing it, we have some food for thought for you.
Human microservices at the Dutch Railways: modern architecture, ancient hardware? (en)

Maarten W

The Dutch railways have been operating an increasingly complicated network of trains for over 80 years. The task of overseeing it is far too complex for a single human. As such, a network of specifically scoped humans has been connected. Over time, computers and software have been introduced into the system, but today there is still a significant role for humans. This talk describes the network of "human microservices" that is involved in the Dutch Railways' day to day operation from the eyes of a software developer.
Spectre in the real world: Leaking your private data from the cloud with CPU vulnerabilities (en)

Thijs Raymakers

Transient execution CPU vulnerabilities, like Spectre, have been making headlines since 2018. However, their most common critique is that these types of vulnerabilities are not really practical. Even though it is cool to leak `/etc/shadow` with a CPU bug, it has limited real-world impact. In this talk, we take Spectre out for a walk and let it see the clouds, by leaking memory across virtual machine boundaries at a public cloud provider, bypassing mitigations against these types of attacks. Our report was awarded with a $151,515 bug bounty, Google Cloud's highest bounty yet.

Fuse
BE Modded: Exploring and hacking the Vital Bracelet ecosystem (en)

cyanic

The Vital Bracelet series is an ecosystem of interactive fitness toys, content on memory chips, and apps that talk via NFC. In this talk, we'll explore the hardware and software of the series, from its obscure CPU architecture, to how it interacts with the outside world, from dumping OTP ROMs and breaking security, to making custom firmware.
When 8 Bits is Overkill: Making Blinkenlights with a 1-bit CPU (en)

girst (Tobi)

Over the last half year I have explored the Motorola mc14500 - a CPU with a true one-bit architecture - and made it simulate Conway's Game of Life. This talk gives a look into how implementing a design for such a simplistic CPU can work, and how it's possible to address 256 LEDs and half a kiloword of memory with just four bits of address space.
Learning from South Korean Telco Breaches (en)

Shinjo "peremen" Park, Yonghyu "perillamint" Ban

2025 was a bad year for South Korean mobile network operators. All three operators (SK Telecom, KT, LG U+) were affected by breach in some part of their respective network: HSS of SK Telecom, femtocells of KT. Meanwhile, handling of the breach by each operators and post-mortem analysis of each breaches have stark differences. The technical details and implemented mitigations are often buried under the vague terms, and occasionally got lost in translation to English. In this talk, I will cover the technical aspects of SK Telecom and KT's breach, and how the operators are coping to the breach and what kind of measurements have been performed to secure their network.
Von wegen Eisblumen! Wie man mit Code, Satelliten und Schiffsexpeditionen die bunte Welt des arktischen Phytoplanktons sichtbar macht (de)

Moritz Zeising (er/he)

Die Arktis ist eine Region, in der die Sonne monatelang weg ist, dickes Meereis den Weg versperrt und deshalb Forschungsdaten ziemlich rar sind. Kompliziert also, herauszufinden was im Wasser blüht! Mit einer Kombination aus Satellitenbildern, Expeditionen und Modellsimulationen auf Hochleistungsrechnern versuche ich, das Verborgene sichtbar zu machen: die faszinierende, farbenfrohe Welt des arktischen Phytoplanktons.
Netzpolitik in der Schweiz: Zwischen Bodensee und Matterhorn (de)

Kire, Rahel

Auch in der Schweizer Netzpolitik ging es im auslaufenden Jahr drunter und drüber. Wir blicken mit gewohntem Schalk auf das netzpolitische Jahr 2025 zwischen Bodensee und Matterhorn zurück - und diskutieren jene Themen, die relevant waren und relevant bleiben.
The Angry Path to Zen: AMD Zen Microcode Tools and Insights (en)

Benjamin Kollenda

EntrySign opened the door to custom microcode on AMD Zen CPUs earlier this year. Using a weakness in the signature verification we can load custom microcode updates and modify behavior of stock AMD Zen 1-5 CPUs. While AMD has released patches to address this weakness on some CPUs, we can still use unpatched systems for our analysis. In this talk we cover what we found out about microcode, what we saw in the microcode ROM, the tooling we build, how we worked to find out more and how you can write & test your own microcode on your own AMD Zen systems. We have our tools up on https://github.com/AngryUEFI for everyone to play around with and hopefully help us understand microcode more than we currently do.
The Spectrum - Hackspace Beyond Hacking (en)

sjaelv, MultisampledNight

The Spectrum is a newly founded queer-feminist, intersectional hackspace centering FLINTA+, disabled, and marginalized beings. We see hacking as playful exploration—of technology, art, and ideas—to reimagine what inclusion and collaboration can be. At 39C3, we share how awareness, accessibility, and transdisciplinary creation can transform community and hack the norm.
Von Fuzzern zu Agenten: Entwicklung eines Cyber Reasoning Systems für die AIxCC (de)

Mischa Meier (mmisc), Annika Kuntze

Die AI Cyber Challenge (AIxCC) der DARPA hatte zum Ziel, die Grenzen der autonomen Cybersicherheit zu erweitern: Können AI-Systeme Software-Schwachstellen unabhängig, in Echtzeit und ohne menschliche Hilfe identifizieren, verifizieren und beheben? Im Laufe von zwei Jahren entwickelten Teams aus aller Welt „Cyber Reasoning Systems“ (CRS), die in der Lage sind, komplexe Open-Source-Software zu analysieren, Code zu analysieren, reproducer zu generieren, um zu zeigen, dass ein gemeldeter Fehler kein Fehlalarm ist, und schließlich Patches zu synthetisieren. Unser Team nahm an dieser Challenge teil und entwickelte von Grund auf ein eigenes CRS. In diesem Vortrag geben wir Einblicke in den Wettbewerb: Wie funktioniert die LLM-gesteuerte Schwachstellenerkennung tatsächlich, welche Designentscheidungen sind wichtig und wie sind die Finalisten-Teams an das Problem herangegangen?

Chaos Computer Music Club
Ninsn (de)

Nina

Soundcloud: https://soundcloud.com/ninsnberlin
Wante (DJ Set) (de)

Wante

Wante (Cologne) is drawn to dark, tunnely sets. With a soft spot for long, atmospheric, break-driven intros, her carefully curated selections evolve into relentless, hypnotic techno with ambient soundscapes.
Rob StrobE (de)

Rob StrobE

THE SECOND DECADE Born `78 in Germany Rob StrobE grew up and being influenced with classical music, swing and jazz in his childhood. He early discovered the likes of Depeche Mode, Michael Jackson, Kraftwerk and more early electronic music approaches. In his late youth/early adult life he frequently travelled to Frankfurt attending nights at the Omen. Those nights and weekends were filled with DJs like Sven Vaeth, Dj Rush, Chris Liebing, G-Man aka Gez Varley, Hardfloor and so many more, celebrating and transporting the spirit of those days! After the closing of the Omen in late 1998 he went on to clubs like u60311, Tanzhaus West, MTW and others and eventually started his career as professional (sound) technician and light jockey. Around the year 2002 he started music production - mostly for personal fun and recreational purposes - but some records and remixes have been released since then...some of this older work can still be found on his Soundcloud! Since then he developed his own company specialized on music studio technology, room acoustic, signal flow schemes and studio furniture. Meanwhile his own studio transformed from a small Home Studio to a „room-in-room“ environment in the Logic Haus - the former home of Harthouse, Eye-Q and Snap! If he had to describe his musical style and give it a name: it would be „DubHouseTechno with a pinch of Detroit" ;) FastFoward: Year 2021 - after a 7 year break of releasing music, Rob StrobE is back with releases on imprints like Lucidflow, ASrecords, Tantara, Motech and numerous others! Rob used the time to do a major swap from software based production over to the modular and hardware world and the output speaks for itself! Enjoy his music and come pass for a visit on his social media outlets and say „hello“! THANKS FOR YOUR SUPPORT!!! COLLABORATIONS with G-Man aka Gez Varley (Swim/Quo Vadis/UK) Bo_Irion (Conaisseur/FFM) APro (Audio Emissions/FFM) Voodoe (Audio Emissions/FFM) Frank Kusserow (Data Punk/WhiteNoise/FFM) Israel Toledo (ASRecords/Mexico)

Chill Floor
Der feine Schliv (de)

Der feine Schliv

Zwischen Rap, Tanz und Poesie, erschließt Der feine Schliv neue Räume. In ihren Performances changiert sie zwischen provokanten Auf-die-Fresse-Ansagen an das Patriarchat und empathischen Erzählungen vom Versuchen und Scheitern. Sie tritt unter anderem mit dem serbischen Nachwuchs Duo “Slezga” sowie mit den Hamburger Gruppen “Fallbeil” und “Yummy Air”auf. An der Diverstität ihrer Begleitungen zeichnet sich ihr musikalisches Universum ab, von balladigen Conscious Raps, Chansons und Witchy Toasting.
Betontes Schonen (de)

Jeanette

Dj Set
Der verlängerte Atem pres. Ghost Processes (de)

Martin, Fiona, Jil

Der verlängerte Atem pres. Ghost Processes Seit 2020 sendet Der verlängerte Atem regelmäßig auf HALLO:Radio und tourt mit Gastauftritten auf Festivals und Veranstaltungen in und um Hamburg. Als offenes Radiolabor zwischen Musik, Redebeiträgen und thematisch passenden Audio-Snippets, verweben die Vinyl-DJs, Künstlerinnen und Radiomacherinnen Fiona Grassl, Jil Lahr und Martin Ramacher analoge Klänge, Stimmen und Gedanken zu thematischen Sendungen. Für den 39C3 fährt Der Verlängerte Atem das System herunter - und wieder hoch. Und findet dazwischen: Prozesse ohne Besitzer, Threads ohne Aufgaben, Routinen, die längst beendet sein sollten und doch weiterlaufen. Geisterprozesse flüstern im Hintergrund, aktualisieren sich selbst, verlieren den Takt oder schlafen zu tief, um je zurückzukehren. Zwischen knisterndem Vinyl, digitalem Summen, Glitches und verspielten Redebeiträgen entstehen live Sound-Landschaften, in denen nichts ganz verschwindet - und alles wiederkehrt. Spooky.
kathadingsda (en)

dingsda

kathadingsda vereint treibende Beats und sanfte Grooves mit dubbigen Elementen und experimentellen Klängen. So entstehen warme, organische Soundwelten, die sich stetig verändern und in Bewegung bleiben.
Nixe (de)

Nixe

Dj Set

Vorglühmarkt
HolleLang (en)

HolleLang

HolleLang has been supplying the dance floor with his ever evolving personal blend of Dub infected Techno, rooted both in House and flashing Rave music alike. A seasoned vinyl dj HolleLang does not overestimate the medium but focuses on the music and atmosphere. No punishing jockey from the dark side, his sets are known to vibrate with well wishing force and sometimes fierce intensity though while keeping a good sexy groove going. Former resident of well received "No f**ing Day Can Destroy My Love" party series, and long running host of Gumbo Frisst Schmidt/Nachtschleifer radio live broadcast on Hamburg‘s decades old independent station FSK, HolleLang unites both ceremonial dj talent and activist attitude to serve the community. He loves music so much, especially house music ❤️ Look at https://soundcloud.com/hollelang.