You must be logged in to use the filter favorited.

Schedule

Der Hub wird spätestens Ende Januar archiviert, alle nutzerbezogenen Inhalte, Boards und auch einige Wiki-Seiten werden dabei entfernt. Alle öffentlichen Assemblies, Projekte und Veranstaltungen bleiben. // The hub will be archived by end of January. All user-provided content, boards and several wiki pages will be deleted. All public assemblies, projects and events will remain.

List
Calendar

Day 1 Day 2 Day 3 Day 4

recorded only not recorded only

Tracks

CCC & Community Hardware Security Art & Beauty Ethics, Society & Politics Science Live Performance DJ-Set Entertainment Clear track filter

Day 1
11:00

11:30

12:00

12:30

13:00

13:30

14:00

14:30

15:00

15:30

16:00

16:30

17:00

17:30

18:00

18:30

19:00

19:30

20:00

20:30

21:00

21:30

22:00

22:30

23:00

23:30

00:00

00:30

01:00

01:30

02:00

02:30

03:00

03:30

04:00

04:30

05:00

05:30

Day 2
06:00

06:30

07:00

07:30

08:00

08:30

09:00

09:30

10:00

10:30

11:00

11:30

12:00

12:30

13:00

13:30

14:00

14:30

15:00

15:30

16:00

16:30

17:00

17:30

18:00

18:30

19:00

19:30

20:00

20:30

21:00

21:30

22:00

22:30

23:00

23:30

00:00

00:30

01:00

01:30

02:00

02:30

03:00

03:30

04:00

04:30

05:00

05:30

Day 3
06:00

06:30

07:00

07:30

08:00

08:30

09:00

09:30

10:00

10:30

11:00

11:30

12:00

12:30

13:00

13:30

14:00

14:30

15:00

15:30

16:00

16:30

17:00

17:30

18:00

18:30

19:00

19:30

20:00

20:30

21:00

21:30

22:00

22:30

23:00

23:30

00:00

00:30

01:00

01:30

02:00

02:30

03:00

03:30

04:00

04:30

05:00

05:30

Day 4
06:00

06:30

07:00

07:30

08:00

08:30

09:00

09:30

10:00

10:30

11:00

11:30

12:00

12:30

13:00

13:30

14:00

14:30

15:00

15:30

16:00

16:30

17:00

17:30

18:00

18:30

19:00

19:30

20:00

20:30

21:00

21:30

22:00

22:30

23:00

23:30

One

All Sorted by Machines of Loving Grace? "AI", Cybernetics, and Fascism and how to Intervene (en)

Katika Kühnreich

While the extreme right is on the rise in many countries and climate change is unrolling, a promising future seems to be written: According to Elon Musk, Sam Altman, and some other “tech bros” it is to leave the dying planet to go to space. With the help of something called “A(G)I”. But what kind of future is the one that is promised? And what is the connection between power cycles of tech company owners and people who's believes can be called fascist? As we moved power through data in the hands of very view, it is important to examine what ideas these view have in their heads. This talk will explore the roots of today's tech fascism and its love for tech. From the early thoughts and movements in the US and Europe to Futurism and the Holocaust, organised with Hollerith punching cards. It will dive into the its blooming relationship with cybernetics, and take a look in the future the “tech bros” want to lure us in. This talk will address the often overlooked topic of how and when people get comfy with diving into movements of hate and how to stop a white supremacy future where we will be sorted by machines. And, in taking a look on past movements opposing authoritarianism and will examine mindsets and possibilities of resistance as well as the possibility of restarting everything. Because we have a planet and loved ones to lose. Wear your safety cat-ears, buckle up, it will be a wild, but entertaining ride.

Building hardware - easier than ever - harder than it should be (en)

Kliment

Building electronics has never been easier, cheaper, or more accessible than the last few years. It's also becoming a precious skill in a world where commercially made electronics are the latest victim of enshittification and vibe coding. And yet, while removing technical and financial barriers to building things, we've not come as far as we should have in removing social barriers. The electronics and engineering industry and the cultures around them are hostile to newcomers and self-taught practitioners, for no good reason at all. I've been teaching advanced electronics manufacturing skills to absolute beginners for a decade now, and they've consistently succeeded at acquiring them. I'm here to tell you why it's not as hard as it seems, how to get into it, and why more people who think they can't should try.

Liberating Bluetooth on the ESP32 (en)

Antonio Vázquez Blanco (Antón)

Despite how widely used the ESP32 is, its Bluetooth stack remains closed source. Let’s dive into the low-level workings of a proprietary Bluetooth peripheral. Whether you are interested in reverse engineering, Bluetooth security, or just enjoy poking at undocumented hardware, this talk may inspire you to dig deeper.

Opening pAMDora's box and unleashing a thousand paths on the journey to play Beatsaber custom songs (en)

tihmstar

While trying to apply fault injection to the AMD Platform Security Processor with unusual (self-imposed) requirements/restrictions, it were software bugs which stopped initial glitching attempts. Once discovered, the software bug was used as an entry to explore the target, which in turn lead to uncovering (and exploiting) more and more bugs, ending up in EL3 of the most secure core on the chip. This talk is about the story of trying to glitch the AMD Platform Security Processor, then accidentally discovering several bugs and getting a good look inside the target, before returning to trying to hammer it with novel physical strategies.

All my Deutschlandtickets gone: Fraud at an industrial scale (en)

Q Misell, 551724 / maya boeckh

The Deutschlandticket was the flagship transport policy of the last government, rolled out in an impressive timescale for a political project; but this speed came with a cost - a system ripe for fraud at an industrial scale. German public transport is famously decentralised, with thousands of individual companies involved in ticketing and operations. Unifying all of these under one national, secure, system has proven a challenge too far for politicians. The end result: losses in the hundreds of millions of Euros, compensated to the transport companies from state and federal budgets to keep the system afloat, and nobody willing to take responsibility. This talk will cover the political, policy, and technical mistakes that lead to this mess; how we can learn from these mistakes; and what we can do to ensure the Deutschlandticket has a viable future.

To sign or not to sign: Practical vulnerabilities in GPG & friends (en)

49016, Liam

Might contain zerodays. https://gpg.fail/ From secure communications to software updates: PGP implementations such as *GnuPG* ubiquitously relied on to provide cryptographic assurances. Many applications from secure communications to software updates fundamentally rely on these utilities. Since these have been developed for decades, one might expect mature codebases, a multitude of code audit reports, and extensive continuous testing. When looking into various PGP-related codebases for some personal use cases, we found these expectations not met, and discovered multiple vulnerabilities in cryptographic utilities, namely in *GnuPG*, *Sequoia PGP*, *age*, and *minisign*. The vulnerabilities have implementation bugs at their core, for example in parsing code, rather than bugs in the mathematics of the cryptography itself. A vulnerability in a parser could for example lead to a confusion about what data was actually signed, allowing attackers without the private key of the signer to swap the plain text. As we initially did not start with the intent of conducting security research, but rather were looking into understanding some internals of key management and signatures for personal use, we also discuss the process of uncovering these bugs. Furthermore, we touch on the role of the OpenPGP specification, and the disclosure process.

Chatkontrolle - Ctrl+Alt+Delete (de)

khaleesi, Markus Reuter

Seit jetzt schon vier Jahren droht aus der EU die Chatkontrolle. In Deutschland ist das Thema nach den Protesten im Oktober aktueller denn je - und sogar Jens Spahn und Rainer Wendt sind plötzlich gegen diese Form der Überwachung. In diesem Vortrag schauen wir zurück und erklären was, vor allem im Hintergrund, passiert ist. Wir nehmen die Position der Bundesregierung genau unter die Lupe und werfen einen Blick auf die Schritte, die auf EU-Ebene vor uns liegen.

Hacking washing machines (en)

Severin von Wnuck-Lipinski, Hajo Noerenberg

Almost everyone has a household appliance at home, whether it's a washing machine, dishwasher, or dryer. Despite their ubiquity, little is publicly documented about how these devices actually work or how their internal components communicate. This talk takes a closer look at proprietary bus systems, hidden diagnostic interfaces, and approaches to cloud-less integration of appliances from two well-known manufacturers into modern home automation systems.

Bluetooth Headphone Jacking: A Key to Your Phone (en)

Dennis Heinze, Frieder Steinmetz

Bluetooth headphones and earbuds are everywhere, and we were wondering what attackers could abuse them for. Sure, they can probably do things like finding out what the person is currently listening to. But what else? During our research we discovered three vulnerabilities (CVE-2025-20700, CVE-2025-20701, CVE-2025-20702) in popular Bluetooth audio chips developed by Airoha. These chips are used by many popular device manufacturers in numerous Bluetooth headphones and earbuds. The identified vulnerabilities may allow a complete device compromise. We demonstrate the immediate impact using a pair of current-generation headphones. We also demonstrate how a compromised Bluetooth peripheral can be abused to attack paired devices, like smartphones, due to their trust relationship with the peripheral. This presentation will give an overview over the vulnerabilities and a demonstration and discussion of their impact. We also generalize these findings and discuss the impact of compromised Bluetooth peripherals in general. At the end, we briefly discuss the difficulties in the disclosure and patching process. Along with the talk, we will release tooling for users to check whether their devices are affected and for other researchers to continue looking into Airoha-based devices. Examples of affected vendors and devices are Sony (e.g., WH1000-XM5, WH1000-XM6, WF-1000XM5), Marshall (e.g. Major V, Minor IV), Beyerdynamic (e.g. AMIRON 300), or Jabra (e.g. Elite 8 Active).

Protecting the network data of one billion people: Breaking network crypto in popular Chinese mobile apps (en)

Mona

In this talk, I will describe how my team and I systematically exploited around a dozen home-rolled network encryption protocols used by popular mobile apps like RedNote, Alipay, and some of the most popular mobile browsers in China to encrypt sensitive information. I'll demonstrate how network eavesdroppers could access users' browsing history and mobile activity. This is a systemic issue; despite our work on the above protocols and the resulting vulnerability disclosures, this plague of home-rolled and proprietary encryption is still at large. I will end by discussing how we got here, re-affirm the age-old adage, “Don’t roll your own crypto!”, and call on hackers around the world to help us move towards HTTPS everywhere.

Skynet Starter Kit: From Embodied AI Jailbreak to Remote Takeover of Humanoid Robots (en)

Shipei Qu, Zikai Xu, Xuangan Xiao

We present a comprehensive security assessment of Unitree's robotic ecosystem. We identified and exploited multiple security flaws across multiple communication channels, including Bluetooth, LoRa radio, WebRTC, and cloud management services. Besides pwning multiple traditional binary or web vulnerabilities, we also exploit the embodied AI agent in the robots, performing prompt injection and achieve root-level remote code execution. Furthermore, we leverage a flaw in cloud management services to take over any Unitree G1 robot connected to the Internet. By deobfuscating and patching the customized, VM-based obfuscated binaries, we successfully unlocked forbidden robotic movements restricted by the vendor firmware on consumer models such as the G1 AIR. We hope our findings could offer a roadmap for manufacturers to strengthen robotic designs, while arming researchers and consumers with critical knowledge to assess security in next-generation robotic systems.

A post-American, enshittification-resistant internet (en)

Cory Doctorow

Trump has staged an unscheduled, midair rapid disassembly of the global system of trade. Ironically, it is this system that prevented all of America's trading partners from disenshittifying their internet: the US trade representative threatened the world with tariffs unless they passed laws that criminalized reverse-engineering and modding. By banning "adversarial interoperability," America handcuffed the world's technologists, banning them from creating the mods, hacks, alt clients, scrapers, and other tools needed to liberate their neighbours from the enshittificatory predations of the ketamine-addled zuckermuskian tyrants of US Big Tech. Well, when life gives you SARS, you make sarsaparilla. The Trump tariffs are here, and it's time to pick the locks on the those handcuffs and set the world's hackers loose on Big Tech. Happy Liberation Day, everyone!

Chaospager - How to construct an Open Pager System for c3 (en)

Max, Julian

In this talk, we will give an introduction into the project (i.e. how it all started at 38c3 and why we are here now), provide an in-depth review of how the development process of our pager worked and what our future goals are. In our introduction, we will talk about the origin and exploration phase of the inital pager idea (i.e. how we went from the idea of bringing POCSAG Pager transmitter to 38c3, over a cable-bound prototype, to a first working pager on a proper PCB). We will also present our plans of connecting our POCSAG transmitter infrastructure to THOT (CERTs own dispatch software). For our in-depth review about the project, we explain how we encountered major reception problems, how we analyzed them at easterhegg22 and conducted experiments there, and why we are opting for a custom HF frontend design instead of an already-made one from chinese vendors. Moreover, we provide an overview of our transmitter devices and give some advice on how to replicate those. Lastly, we will discuss further challenges and what our next goals are. If we are reaching our milestone until 39c3, we will also give a live demo of the system.

Cracking open what makes Apple's Low-Latency WiFi so fast (en)

Henri Jäger

This talk presents Apple's link-layer protocol Low-Latency WiFi and how it achieves its real-time capabilities to enable Continuity features like Sidecar Display and Continuity Camera. We make more kernel logging available on iOS and build a log aggregator that combines and aligns system- and network-level log sources from iOS and macOS.

In-house electronics manufacturing from scratch: How hard can it be? (en)

Augustin Bielefeld, Alexander Willer

Why is electronics manufacturing hard? Can it ever be made easy and more accessible? What will it take to relocate industrial production to Europe? We share with you what we learned when we spent more than 1 year setting up our own production line in our office in Hamburg. Turns out a lot of the difficulties are rarely talked about or hidden behind "manufacturing is high CAPEX". Come and learn with us the nitty gritty details of batch reflow ovens, stencil printing at scale, and how OpenPnP is a key enabler in our process. While we are far from done with this work, we hope to see others replicate it and collectively reclaim the ownership of the means of electronics production.

Verlorene Domains, offene Türen - Was alte Behördendomains verraten (de)

Tim Philipp Schäfers (TPS)

Was passiert, wenn staatliche Domains auslaufen - und plötzlich jemand anderes sie besitzt? In diesem Vortrag wird berichtet, wie mehrere ehemals offizielle, aber unregistrierte Domains deutscher Bundesministerien und Behörden erworben werden konnten - und welche Datenströme dadurch sichtbar wurden. Über Monate hinweg konnten so DNS-Anfragen aus Netzen des Bundes empfangen werden - ein erhebliches Sicherheitsrisiko. Unter anderem da es so möglich war Accounts zu übernehmen, Validierungen von E-Mailsignaturen zu manipulieren, Anfrage umzuleiten und im Extremfall Code auf Systemen auszuführen. (Keine sensiblen Daten werden veröffentlicht; der Fokus liegt auf Forschung, Aufklärung und verantwortungsvollem Umgang mit den Ergebnissen.)

Don’t look up: There are sensitive internal links in the clear on GEO satellites (en)

Nadia Heninger, Annie Dai

We pointed a commercial-off-the-shelf satellite dish at the sky and examined all of the geostationary satellite communications visible from our vantage point. A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure, internal corporate and government communications, private citizens’ voice calls and SMS, and consumer Internet traffic from in-flight wifi and mobile networks.

Xous: A Pure-Rust Rethink of the Embedded Operating System (en)

bunnie, Sean "xobs" Cross

Xous is a message-passing microkernel implemented in pure Rust, targeting secure embedded applications. This talk covers three novel aspects of the OS: hardware MMU support (and why we had to make our own chip to get this feature), how and why we implemented the Rust standard library in Rust (instead of calling the C standard library, like most other Rust platforms), and how we combine the power of Rust semantics with virtual memory to create safe yet efficient asynchronous messaging primitives. We conclude with a short demo of the OS running on a new chip, the "Baochip-1x", which is an affordable, mostly-open RTL SoC built in 22nm TSMC, configured expressly for running Xous.

Celestial navigation with very little math (en)

Trammell Hudson

Learn how to find your position using a sextant and a custom slide rule, almost no math required!

Wer hat Angst vor dem Neutralitätsgebot? (de)

Hannah Vos, Vivian Kube

Wer überhaupt „neutral“ sein muss, was das bedeutet, und wer sich jetzt wehren muss.

Gegenmacht - Best of Informationsfreiheit (de)

Arne Semsrott

Sind mehr Infos wirklich die Lösung? Ob Jens Spahn, Philipp Amthor oder Friedrich Merz - sie alle sagen offen, was sie vorhaben und machen keinen Hehl aus ihren Verbindungen zur Trump-Regierung, zu Milliardären und der fossilen Lobby. Was bringt Transparenz in Zeiten der autoritären Wende?

Schlechte Karten - IT-Sicherheit im Jahr null der ePA für alle (de)

Bianca Kastl

Seit Mitte 2025 steht die elektronische Patientenakte für alle zur Verfügung – nach ein paar kleineren oder größeren Sicherheitsproblemen im Vorfeld, sei es vor einem Jahr auf dem 38C3 oder Ende April zum deutschlandweiten Start. Zeit ein Fazit zu ziehen: Ist die ePA jetzt sicher? Wurden nachhaltige Veränderungen durchgeführt, die zu mehr Sicherheit führen? Kann der Umgang mit der IT-Sicherheit «eines der größten IT-Projekte der Bundesrepublik» für zukünftige Digitalprojekte hilfreich sein? Zeit, mit etwas Abstand auf das zu blicken, was war, was ist und was sich abzeichnet nicht nur bei der ePA, sondern auch beim Umgang mit IT-Sicherheit bei ähnlichen Vorhaben in Deutschland. Eine umfassende Analyse der Historie und der Ursachen einer der weitreichendsten Fehlentwicklungen im Bereich der IT-Sicherheit der letzten Jahre, die sich in weit mehr zeigt, als nur in schlechter Prüfung der Anwesenheit von Gesundheitskarten im Gesundheitswesen.

AI Agent, AI Spy (en)

Udbhav Tiwari, Meredith Whittaker

Agentic AI is the catch-all term for AI-enabled systems that propose to complete more or less complex tasks on their own, without stopping to ask permission or consent. What could go wrong? These systems are being integrated directly into operating systems and applications, like web browsers. This move represents a fundamental paradigm shift, transforming them from relatively neutral resource managers into an active, goal-oriented infrastructure ultimately controlled by the companies that develop these systems, not by users or application developers. Systems like Microsoft's "Recall," which create a comprehensive "photographic memory" of all user activity, are marketed as productivity enhancers, but they function as OS-level surveillance and create significant privacy vulnerabilities. In the case of Recall, we’re talking about a centralized, high-value target for attackers that poses an existential threat to the privacy guarantees of meticulously engineered applications like Signal. This shift also fundamentally undermines personal agency, replacing individual choice and discovery with automated, opaque recommendations that can obscure commercial interests and erode individual autonomy. This talk will review the immediate and serious danger that the rush to shove agents into our devices and digital lives poses to our fundamental right to privacy and our capacity for genuine personal agency. Drawing from Signal's analysis, it moves beyond outlining the problem to also present a "tourniquet" solution: looking at what we need to do *now* to ensure that privacy at the application layer isn’t eliminated, and what the hacker community can do to help. We will outline a path for ensuring developer agency, granular user control, radical transparency, and the role of adversarial research.

Blackbox Palantir (de)

Constanze Kurz, Franziska Görlitz

Wer nutzt in Deutschland Software von Palantir und wer hat das in naher Zukunft vor? Was sind die rechtlichen Voraussetzungen für den Einsatz solcher Analysewerkzeuge? Und was plant Innenminister Alexander Dobrindt in Sachen Palantir für die Polizeien des Bundes?

10 years of Dieselgate (en)

Felix Domke, Karsten Burger

Let's have a (hopefully) final look at Diesel emission cheating. This technical talk summarizes what I learned by reverse-engineering dozens of engine ECU software, how I found and characterized "interesting logic" which, more often than not, ended up being a court-approved "defeat device". What started as a "curious investigation" in 2015 to obtain a ground truth to widespread media reports of "VW being caught for cheating" ended up as a full-blown journey through the then-current state of the Diesel car industry. In this talk, Karsten and Felix will walk through the different implementation of defeat devices, their impact on emissions, and the challenges in documenting seemingly black boxes in court-proven expert reports.

Rowhammer in the Wild: Large-Scale Insights from FlippyR.AM (en)

Martin Heckel, Florian Adamsky, Daniel Gruss

Last year at 38c3, we gave a talk titled "Ten Years of Rowhammer: A Retrospect (and Path to the Future)." In this talk, we summarized 10 years of Rowhammer research and highlighted gaps in our understanding. For instance, although nearly all DRAM generations from DDR3 to DDR5 are vulnerable to the Rowhammer effect, we still do not know its real-world prevalence. For that reason, we invited everyone at 38c3 last year to participate in our large-scale Rowhammer prevalence study. In this year's talk, we will first provide an update on Rowhammer research and present our results from that study. A lot has happened in Rowhammer research in 2025. We have evidence that DDR5 is as vulnerable to Rowhammer as previous generations. Other research shows that not only can adversaries target rows, but columns can also be addressed and used for bit flips. Browser-based Rowhammer attacks are back on the table with Posthammer and with ECC. fail, we can mount Rowhammer attacks on DDR4 with ECC memory. In our large-scale study, we measure Rowhammer prevalence in a fully automated cross-platform framework, FlippyR.AM, using the available state-of-the-art software-based DRAM and Rowhammer tools. Our framework automatically gathers information about the DRAM and uses 5 tools to reverse-engineer the DRAM addressing functions, and based on the reverse-engineered functions, uses 7 tools to mount Rowhammer. We distributed the framework online and via USB thumb drives to thousands of participants from December 30, 2024, to June 30, 2025. Overall, we collected 1006 datasets from 822 systems with various CPUs, DRAM generations, and vendors. Our study reveals that out of 1006 datasets, 453 (371 of the 822 unique systems) succeeded in the first stage of reverse-engineering the DRAM addressing functions, indicating that successfully and reliably recovering DRAM addressing functions remains a significant open problem. In the second stage, 126 (12.5 % of all datasets) exhibited bit flips in our fully automated Rowhammer attacks. Our results show that fully automated, i.e., weaponizable, Rowhammer attacks work on a lower share of systems than FPGA-based and lab experiments indicated, but at 12.5%, are still a practical vector for threat actors. Furthermore, our results highlight that the two most pressing research challenges around Rowhammer exploitability are more reliable reverse-engineering tools for DRAM addressing functions, as 50 % of datasets without bit flips failed in the DRAM reverse-engineering stage, and reliable Rowhammer attacks across diverse processor microarchitectures, as only 12.5 % of datasets contained bit flips. Addressing each of these challenges could double the number of systems susceptible to Rowhammer and make Rowhammer a more pressing threat in real-world scenarios.

PRÜF (de)

Nico Semsrott

PRÜF! Prüfung Rettet übrigens Freiheit! Alles wird in Deutschland geprüft. Warum nicht auch mutmaßlich verfassungswidrige Parteien? Hier stelle ich vor, was PRÜF! anders machen will als bisherige Kampagnen.

Asahi Linux - Porting Linux to Apple Silicon (en)

sven

In this talk, you will learn how Apple Silicon hardware differs from regular laptops or desktops. We'll cover how we reverse engineered the hardware without staring at disassembly but by using a thin hypervisor that traces all MMIO access and then wrote Linux drivers. We'll also talk about how upstreaming to the Linux kernel works and how we've significantly decreased our downstream patches in the past year. As an example, we will use support for the Type-C ports and go into details why these are so complex and required changes across multi subsystems. In the end, we'll briefly talk about M3/M4/M5 and what challenges we will have to overcome to get these supported.

Security of Cardiac Implantable Electronic Devices (en)

dilucide

Cardiac Implantable Electronic Devices (CIED), such as cardiac pacemakers and defibrillators, are a fairly niche target for security researchers, in part due to a lack of manufacturer cooperation and device accessibility. This talk aims to provide insights into the challenges in device development and methods with which to research device security. Data accessibility to patients will be touched upon.

Breaking BOTS: Cheating at Blue Team CTFs with AI Speed-Runs (en)

Leo Meyerovich, Sindre Breda

After we announced our results, CTFs like Splunk's Boss of the SOC (BOTS) started prohibiting AI agents. For science & profit, we keep doing it anyways. In BOTS, the AIs solve most of it in under 10 minutes instead of taking the full day. Our recipe was surprisingly simple: Teach AI agents to self-plan their investigation steps, adapt their plans to new information, work with the SIEM DB, and reason about log dumps. No exotic models, no massive lab budgets - just publicly available LLMs mixed with a bit of science and perseverance. We'll walk through how that works, including videos of the many ways AI trips itself up that marketers would rather hide, and how to do it at home with free and open-source tools. CTF organizers can't detect this - the arms race is probably over before it really began. But the real question isn't "can we cheat at CTFs?" It's what happens when investigations evolve from analysts-who-investigate to analysts-who-manage-AI-investigators. We'll show you what that transition already looks like today and peek into some uncomfortable questions about what comes next.

Ground

Not an Impasse: Child Safety, Privacy, and Healing Together (en)

Kate Sim

From the EU’s “Chat Control” to the UK’s age verification, there is a growing legislative momentum across jurisdictions to regulate the Internet in the name of protecting children. The monstrosity of child sexual abuse looms large in shaping how policymakers, advocates, and the public understand the problem area of and propose solutions for detecting, reporting, and removing harmful/illegal content. Children’s safety and adults’ privacy are thus pitted against each other, deadlocked into an impasse. As technologists deeply concerned with safety and privacy, where do we go from here?

Of Boot Vectors and Double Glitches: Bypassing RP2350's Secure Boot (en)

stacksmashing, nsr

In August 2024, Raspberry Pi released their newest MCU: The RP2350. Alongside the chip, they also released the RP2350 Hacking Challenge: A public call to break the secure boot implementation of the RP2350. This challenge concluded in January 2025 and led to five exciting attacks discovered by different individuals. In this talk, we will provide a technical deep dive in the RP2350 security architecture and highlight the different attacks. Afterwards, we talk about two of the breaks in detail---each of them found by one of the speakers. In particular, we first discuss how fault injection can force an unverified vector boot, completely bypassing secure boot. Then, we showcase how double glitches enable direct readout of sensitive secrets stored in the one-time programmable memory of the RP2350. Last, we discuss the mitigation of the attacks implemented in the new revision of the chip and the lessons we learned while solving the RP2350 security challenge. Regardless of chip designer, manufacturer, hobbyist, tinkerer, or hacker: this talk will provide valuable insights for everyone and showcase why security through transparency is awesome.

Handy weg bis zur Ausreise – Wie Cellebrite ins Ausländeramt kam (de)

Chris Köver

Seit Anfang 2024 dürfen Ausländerbehörden Smartphones von ausreisepflichtigen Menschen nicht nur durchsuchen, sondern gleich ganz behalten – „bis zur Ausreise“. Was als geringfügige Änderung im Aufenthaltsgesetz daherkommt, erweist sich als massiver Eingriff in Grundrechte: Menschen verlieren nicht nur die Kontrolle über ihre Daten, sondern auch ihr wichtigstes Kommunikationsmittel – auf unbestimmte Zeit. Hier hört ihr, welche absurden Blüten das treibt. Von Bayern bis NRW haben Bundesländer inzwischen eigene IT-forensische Tools für ihre Behörden angeschafft, um auf den Geräten nach “Indizien” für die Herkunft zu suchen. Sie setzen Methoden ein, wie wir sie sonst aus Ermittlungsverfahren oder von Geheimdiensten kennen – um die Geräte von Menschen zu durchsuchen, die nichts verbrochen haben.

And so it begins - Wie unser Rechtsstaat auf dem Highway Richtung Trumpismus rast – und warum afghanische Kläger*innen für uns die Notbremse ziehen (de)

Eva, Elaha

Wenn die Regierung sich nicht mehr an das eigene Recht gebunden fühlt, markiert das nicht nur einen politischen Spurwechsel, sondern die Auffahrt auf den Highway to Trumpism. Zeit die Notbremse zu ziehen! Normalerweise trifft es in solchen Situationen immer zuerst diejenigen, die sich am wenigsten wehren können. Doch was passiert, wenn genau diese Menschen mit juristischen Werkzeugen bewaffnet werden, um zurückzuschlagen? Anhand von über 100 Klagen afghanischer Schutzsuchender zeigen wir, wie Ministerien das Bundesaufnahmeprogramm sabotieren, Gerichte sie zurückpfeifen – und die Zivilgesellschaft zum letzten Schutzwall des Rechtsstaats wird. Und wir verraten, warum sich Beamte im BAMF vielleicht lieber krankmelden sollten und welche anderen Möglichkeiten sie haben, um nicht straffällig zu werden.

Excuse me, what precise time is It? (en)

Oliver Ettlin

With PTP 1588, AES67, and SMPTE 2110, we can transmit synchronous audio and video with sub-millisecond latency over the asynchronous medium Ethernet. But how do you make hundreds of devices agree on the exact same nanosecond on a medium that was never meant to care about time? Precision Time Protocol (IEEE 1588) tries to do just that. It's the invisible backbone of realtime media standards like AES67 and SMPTE 2110, proprietary technologies such as Dante, and even critical systems powering high-frequency trading, cellular networks, and electric grids.

Doomsday-Porn, Schäferhunde und die „niedliche Abschiebung“ von nebenan: Wie autoritäre Akteure KI-generierte Inhalte für Social Media nutzen (de)

Katharina Nocun

Der amtierende US-Präsident postet ein Video, in dem er Demonstrierende aus einem Kampfjet heraus mit Fäkalien bewirft und das Weiße Haus zelebriert den „Star Wars Day“ mit einem pompösen Trump-Bild mit Lichtschwert. Accounts von AfD-Sympathisanten posten KI-Kitsch einer vermeintlich heilen Welt voller blonder Kinder und Frauen im Dirndl. Ist das lediglich eine geschmackliche Entgleisung oder steckt da mehr dahinter?

Breaking architecture barriers: Running x86 games and apps on ARM (en)

Tony Wasserka

Presenting FEX, a translation layer to run x86 apps and games on ARM devices: Learn why x86 is such a pain to emulate, what tricks and techniques make your games fly with minimal translation overhead, and how we are seamless enough that you'll forget what CPU you're using in the first place!

AI-generated content in Wikipedia - a tale of caution (en)

Mathias Schindler

I successfully failed with a literature related project and accidentally built a ChatGPT detector. Then I spoke to the people who uploaded ChatGPT generated content on Wikipedia.

Hatupangwingwi: The story how Kenyans fought back against intrusive digital identity systems (en)

Mustafa Mahmoud Yousif

The session title is fashioned after the Kenyan movement building rhetoric “Hatupangwingwi” which is Kenyan slang meant as a call to action to counter anti-movement building techniques by the political class and resist infiltration and corruption. This is true for the organisation and movement building towards inclusive identity regimes in Kenya. The session seeks to explore the lessons from Kenya’s journey to digitalization of public services and the uptake of Digital Public infrastructure. It digs deeper on the power of us and how civil society could stop a destructive surveillance driven digitalisation thus protecting millions of Kenyans.

Suing spyware in Europe: news from the front! (en)

Lori Roussey, Celia/Irídia

In 2022, CitizenLab contacted a member of the Spanish non-profit Irídia to tell them that one of their members had likely been hacked with Pegasus spyware. The target, a lawyer, had been spied on by the Spanish government in 2020 because he represented a Catalan politician who was in prison. His phone was infected with Pegasus during the COVID-19 lockdown, on the same day he was having an online meeting with other lawyers working on the case. Irídia and the lawyer (Andreu) decided to take the case to court. A few years later, he met with Data Rights and invited them to join forces and bring in partners from across Europe to increase the impact. This collaboration led to the creation of the PEGA coalition in May 2025. This talk goes over the status of the case and work we have done across Europe to bring spyware use in court.

Burn Gatekeepers, not Books! (de)

tomate, jinxx

*Der deutsche Buchmarkt gegen den Rest der Welt oder auch: Enshittification des Buchmarkts und keine API für ein Halleluja* Es gibt unzählige wundervolle Geschichten und das Internet hat über die letzten Jahrzehnte viele großartige Autor*innen hervorgbracht. Doch Verlage haben begrenzte Kapazitäten und sind außerdem zumeist sehr konservativ in ihren Programmen. Die Lösung für beides: Selfpublishing. Neue und gewitzte, genre-übergreifende Bücher an neugierige Lesende zu bringen, könnte so einfach sein; wären da nicht Barsortimente, fehlende APIs und ein insgesamt schreckliches Ökosystem, die Indie-Autor:innen (und alle, die versuchen, auf dem deutschpsprachigen Buchmarkt irgend etwas Innovatives für Indies zu machen) das Leben schwer machen.

Current Drone Wars (en)

Leonard

The character of drone wars has changed. The large, cumbersome long-range drones have been complemented with small and low-budget drones. Moreover, more and more states are developing, deploying and selling them. Ten years ago at least 50 states were developing them. At the top are USA, Israel, Turkey, China, Iran and Russia. Russia's attack on Ukraine has unleashed a drone war unlike any seen before. In short time the Ukraine has build significant drone production capabilities and announcement that it will increase its own production of quadcopters and kamikaze drones to one million units per year. German defense companies and startups are now promoting a “drone wall on NATO's eastern flank.” Moreover, despite their vulnerability to air defenses, large drones are also being further developed. They are intended to accompany next generation fighter jets in swarms. In this talk, past and current developments are discussed. What are the perspectives now?

CPU Entwicklung in Factorio: Vom D-Flip-Flop bis zum eigenen Betriebssystem (de)

PhD (Philipp)

Factorio ist ein Fabriksimulationsspiel mit integriertem Logiksystem. Dies ermöglichte mir den Bau einer CPU, die unter anderem aus einer 5-stufiger Pipeline, einer Forwarding Logikeinheit, Interrupt Handling sowie einem I/O Interface besteht. Über einen selbst geschriebenen Assembler konnte ich ein eigenes Betriebssystem und Programme wie Minesweeper oder Snake integrieren. Der Talk soll euch zeigen, wie sich klassische Computerarchitektur in einem völlig anderen technischen Kontext umsetzen lässt und wo dabei überraschend echte Probleme der CPU-Entwicklung auftreten. Kommt mit auf die Reise: Vom Blick auf den gesamten Computer bis hinunter zu den einzelnen Logikgattern ist es nur eine Mausradbewegung entfernt!

Textiles 101: Fast Fiber Transform (en)

octoprog

Textiles are everywhere, yet few of us know how they’re made. This talk aims to give you an overview over the complete transformation from fiber to finished textile. We'll be exploring fiber properties, spinning, and techniques like weaving, knitting, crochet, braiding, and knotting, followed by finishing methods such as dyeing, printing, and embroidery. You’ll learn why not only fiber but also structure matters, and how to make or hack textiles on your own without relying on fast fashion or industrial tools.

Reverse engineering the Pixel TitanM2 firmware (en)

willem

The TitanM2 chip has been central to the security of the google pixel series since the Pixel 6. It is based on a modified RISC-V design with a bignum accelerator. Google added some non standard instructions to the RISC-V ISA. This talk investigates the reverse engineering using Ghidra, and simulation of the firmware in python.

Design for 3D-Printing (en)

rahix

3D-Printers have given us all the unprecedented ability to manufacture mechanical parts with a very low barrier to entry. The only thing between your idea and its physical manifestation is the process of designing the parts. However, this is actually a topic of incredible depth: Design engineering is a whole discipline to itself, built on top of tons and tons of heuristics to produce shapes that are functional, strong, and importantly: well-manufacturable In this talk, I will present the rules for designing well-printable parts and touch on other areas of design considerations so you can learn to create parts that work first try and can be reproduced by others on their 3d-printers easily.

Programmierte Kriegsverbrechen? Über KI-Systeme im Kriegseinsatz in Gaza und warum IT-Fachleute sich dazu äußern müssen (de)

Rainer Rehak

Die automatisierten Zielsysteme des israelischen Militärs zeigen gut, wie KI-baserte Kriegsautomatisierung aktuell aussieht, was daran falsch läuft und warum wir Techies uns einmischen müssen

There is NO WAY we ended up getting arrested for this (Malta edition) (en)

mixy1, Luke Bjorn Scerri, girogio

3 years ago, 3 Maltese students were arrested and charged with computer misuse after disclosing a vulnerability to a local company that developed a mobile app for students. Through persistent media pressure, the students managed to obtain a presidential pardon to drop the case and funding for their lawyers. However, through this journey, there were mentions of punishment for retaliating through media disclosure. The story has not concluded, and there will be no amendments to the Maltese computer misuse law for the foreseeable future.

Set-top box Hacking: freeing the 'Freebox' (en)

Frédéric Hoguin

The French ISP 'Free' was the first to introduce a set-top box in France in 2002, named the Freebox. Four years later, the fifth version of the Freebox was released and distributed to customers. It comprises two devices: a router, and a PVR called the Freebox HD, both running Linux. The Freebox HD had innovative features at the time, such as live television control and HD capabilities. Such a device has a lot of potential for running homebrew, so I decided to hack it. I present how I got arbitrary code execution on the Freebox HD and then root privileges, using a chain of two 0-day exploits, one of which is in the Linux kernel. I then analyze the device, run homebrew software, and explain the structure of the ISP's private network that I uncovered while exploring the device.

Build a Fake Phone, Find Real Bugs: Qualcomm GPU Emulation and Fuzzing with LibAFL QEMU (en)

Romain Malmain

Mobile phones are central to everyday life: we communicate, entertain ourselves, and keep vast swaths of our digital lives on them. That ubiquity makes high-risk groups such as journalists, activists, and dissidents prime targets for sophisticated spyware that exploits device vulnerabilities. On Android devices, GPU drivers have repeatedly served as the final escalation vector into the kernel. To study and mitigate that risk, we undertook a research project to virtualize the Qualcomm Android kernel and the KGSL graphics driver from scratch in QEMU. This new environment enables deep debugging, efficient coverage collection, and large-scale fuzzing across server farms, instead of relying on a handful of preproduction devices. This talk will highlight the technical aspects of our research, starting with the steps required to boot the Qualcomm mobile kernel in QEMU, all the way up to the partial emulation of the GPU. Then, we will present how we moved from our emulation prototype to a full-fledged fuzzer based on LibAFL QEMU.

Aber hier Leben? Nein danke! …oder doch? Wie wir der autoritären Zuspitzung begegnen können. (de)

Jaša Hiergeblieben, Polylux, Lisa Zugezogen

Im Osten stehen nächstes Jahr schon wieder Wahlen an und schon wieder sieht alles danach aus, als ob die AfD eine Regierungsbeteiligung bekommen könnte. Ganz konkret: In Sachsen-Anhalt und Mecklenburg-Vorpommern. Nicht nur diese "rosigen" Aussichten, sondern auch aktuelle Bevölkerungsprognosen werfen gar kein günstiges Licht auf die Regionen. Linke Akteur:innen vor Ort kämpfen täglich dagegen an und sie brauchen unsere Solidarität. Wir müssen dem etwas entgegensetzen. Egal ob als Hacker:innen auf dem Congress oder Westdeutsche in (noch) Grünen Gemeinden. Wo kommt das alles her? Wer macht aktuell etwas dagegen und wie können wir dem rechten Sog begegnen?

The Heartbreak Machine: Nazis in the Echo Chamber (de)

Martha Root, Eva Hoffmann, Christian Fuchs

WhiteDate ist eine Plattform weißer Suprematist:innen, die sich an Rassist:innen und Antisemit:innen richtet – und auf veralteter Infrastruktur basiert. Was die 8000 Mitglieder nicht wussten: Einige der Nazis flirteten dieses Jahr mit realistisch wirkenden Chatbots - und verliebten sich sogar in sie. Mit einer Kombination aus automatisierter Konversationsanalyse, Web-Scraping und klassischen OSINT-Methoden verfolgten wir öffentliche Spuren und identifizierten die Personen hinter der Seite. Dieser Vortrag zeigt, wie KI-Personas und investigatives Denken extremistische Netzwerke aufdecken und wie Algorithmen gegen Extremismus eingesetzt werden können.

Peep-Show für die Polizei. Staatliche Überwachung von Queers in Hamburger Toiletten bis 1980 (de)

Simon Schultz

Oder: Wie die Hamburger Polizei queere Menschen auf öffentlichen Toiletten observierte, und wie ein anonymes Kollektiv im Juli 1980 dieses Überwachungsystem wortwörtlich mit dem Hammer zerschlagen hat. Ein analoger Überwachungskrimi mit sauberen Städten, lichtscheuen Elementen, queerem Aktivismus, und kollektiver Selbstorganisation; und mit einer Anleitung wie man Beamten Anfang der 80er das Handwerk legen konnte.

Verschlüsselung brechen durch physischen Zugriff - Smartphone Beschlagnahme durch Polizei (de)

Davy Wang, Viktor Schlüter

Eine zwar profane Methode der Überwachung, die Polizeibehörden in Deutschland jedoch hunderttausendfach anwenden, ist das Auslesen von Daten beschlagnahmter Smartphones und Computer. Dazu nutzt die Polizei Sicherheitslücken der Geräte mithilfe forensischer Software von Herstellern wie Cellebrite oder Magnet aus. Die Verfassungsmäßigkeit der Rechtsgrundlagen ist zweifelhaft. Im Vortrag werden anhand aktueller Fälle technische und juristische Hintergründe erörtert.

CUII: Wie Konzerne heimlich Webseiten in Deutschland sperren (de)

Lina Lastname, Northernside

Stellt euch vor, eine private Organisation aus milliardenschweren Konzernen entscheidet, welche Webseiten ihr nicht besuchen dürft - ohne Richter, ohne öffentliche Kontrolle oder Transparenz. Genau das macht die CUII in Deutschland seit Jahren.

Who runs the www? WSIS+20 and the future of Internet governance (en)

Sophia Longwe

Abbreviations such as WSIS+20, IGF, IETF, DIEM, ICANN, PDP, ITU or W3C regularly appear in discussions about the Internet, yet often remain vague. This talk provides an update on the current state of Internet governance and explains why decisions made in United Nations processes have direct implications for technical standards, digital infrastructure, and power asymmetries.

Zero

A Tale of Two Leaks: How Hackers Breached the Great Firewall of China (en)

Jade Sheffey

The Great Firewall of China (GFW) is one of, if not arguably the most advanced Internet censorship systems in the world. Because repressive governments generally do not simply publish their censorship rules, the task of determining exactly what is and isn’t allowed falls upon the censorship measurement community, who run experiments over censored networks. In this talk, we’ll discuss two ways censorship measurement has evolved from passive experimentation to active attacks against the Great Firewall.

ISDN + POTS Telephony at Congress and Camp (en)

Harald "LaF0rge" Welte

Like 39C3, the last CCC camp (2023) and congress (38C3) have seen volunteer-driven deployments of legacy ISDN and POTS networks using a mixture of actual legacy telephon tech and custom open source software. This talk explains how this is achieved, and why this work plays an important role in preserving parts of our digital communications heritage.

FeTAp 611 unplugged: Taking a rotary dial phone to the mobile age (en)

Michael Weiner

This project transforms a classic rotary phone into a mobile device. Previous talks have analyzed various aspects of analogue phone technology, such as rotary pulse detection or ringing voltage generation. Now this project helps you get rid of the cable: it equips the classic German FeTAp 611 with battery power and a flyback SMPS based ringing voltage generator - but still maintains the classical look and feel. The talk demonstrates the journey of bridging analog and digital worlds, explaining how careful design connects a vintage phone to today’s mobile environment - in a way that will make your grandparents happy.

KIM 1.5: Noch mehr Kaos In der Medizinischen Telematikinfrastruktur (TI) (de)

Christoph Saatjohann

Zwei Jahre nach dem ersten KIM-Vortrag auf dem 37C3: Die gezeigten Schwachstellen wurden inzwischen geschlossen. Weiterhin können mit dem aktuellen KIM 1.5+ nun große Dateien bis 500 MB übertragen werden, das Signaturhandling wurde für die Nutzenden vereinfacht, indem die Detailinformationen der Signatur nicht mehr einsehbar sind. Aber ist das System jetzt sicher oder gibt es neue Probleme?

„KI“, Digitalisierung und Longevity als Fix für ein kaputtes Gesundheitssystem? (de)

Manuel Hofmann

Großen Herausforderungen im Gesundheitswesen soll mittels Technik und Eigenverantwortung begegnet werden. Die Hoffnung: „KI“ und Digitalisierung machen das System effizienter; Selbstoptimierung und mehr Eigenverantwortung halten die Menschen länger gesund. Der Vortrag analysiert aktuelle Diskurse rund um Digitalisierung und Gesundheit, und fragt kritisch, wie diese Entwicklung ohnehin bestehende soziale Ungleichheiten verschärfen könnte. Am Ende bleibt die Frage: Wie könnten tragfähige Lösungen fürs Gesundheitssystem aussehen?

Pwn2Roll: Who Needs a 595€ Remote When You Have wheelchair.py? (en)

elfy

A 595€ wheelchair remote that sends a handful of Bluetooth commands. A 99.99€ app feature that does exactly what the 595€ hardware does. A speed upgrade from 6 to 8.5 km/h locked behind a 99.99€ paywall - because apparently catching the bus is a premium feature. Welcome to the wonderful world of DRM in assistive devices, where already expensive basic mobility costs extra and comes with in-app purchases! And because hackers gonna hack, this just could not be left alone.

BitUnlocker: Leveraging Windows Recovery to Extract BitLocker Secrets (en)

Alon Leviev

This talk reveals our in-depth vulnerability research on the Windows Recovery Environment (WinRE) and its implications for BitLocker, Windows’ cornerstone for data protection. We will walk through the research methodology, uncover new 0-day vulnerabilities, and showcase full-chain exploitations that enabled us to bypass BitLocker and extract all the protected data in several different ways. This talk goes beyond theory - as each vulnerability will be accompanied by a demo video showcasing the complete exploitation chain. To conclude the talk, we will share Microsoft’s key takeaways from this research and outline our approach to hardening WinRE and BitLocker.

Throwing your rights under the Omnibus - how the EU's reform agenda threatens to erase a decade of digital rights (en)

Thomas Lohninger, Ralf Bendrath

A spectre is haunting Europe—the spectre of bureaucracy. All the Powers of old Europe have entered into an unholy alliance to exorcise this spectre: The EU Commission, Member States, industry, even J.D. Vance. This threatens the digital rights and rules built up in the last decade.

Agentic ProbLLMs: Exploiting AI Computer-Use and Coding Agents (en)

Johann Rehberger

This talk demonstrates end-to-end prompt injection exploits that compromise agentic systems. Specifically, we will discuss exploits that target computer-use and coding agents, such as Anthropic's Claude Code, GitHub Copilot, Google Jules, Devin AI, ChatGPT Operator, Amazon Q, AWS Kiro, and others. Exploits will impact confidentiality, system integrity, and the future of AI-driven automation, including remote code execution, exfiltration of sensitive information such as access tokens, and even joining Agents to traditional command and control infrastructure. Which are known as "ZombAIs", a term first coined by the presenter as well as long-term prompt injection persistence in AI coding agents. Additionally, we will explore how nation state TTPs such as ClickFix apply to Computer-Use systems and how they can trick AI systems and lead to full system compromise (AI ClickFix). Finally, we will cover current mitigation strategies and forward-looking recommendations and strategic thoughts.

Live, Die, Repeat: The fight against data retention and boundless access to data (en)

Klaus Landefeld

Both within the EU as well as nationally in Germany, there exists a renewed drive to implement data retention, a practice struck down by the ECJ and discontinued in many national legislations. In parallel, cross-border access to stored data has been mandated within the EU as “e-evidence”, and will soon be extended to 90+ countries under the umbrella of the EU cybercrime convention. In principle, all data stored by service providers will be available to law enforcement as part of a criminal investigation. The timing of both initiatives is not coincidental, as access to data naturally relies on the availability of data. The talk will address the state of play on data retention in various legislations, and introduce the practice of cross border access to stored data by law enforcement as well as its shortcomings and threats to privacy and confidentiality.

Amateurfunk im All – Kontakt mit Fram2 (de)

akira25, flx, Gato

Wir geben Einblicke in zwei intensive Wochen Planung, Koordination und Aufbau, den Betrieb einer (improvisierten) Bodenstation, sprechen über technische Hürden, Antennendesign und Organisation – und wie wir schließlich mit Astronautin Rabea Rogge im Weltraum gefunkt haben.

Lessons from Building an Open-Architecture Secure Element (en)

Jan Pleskac

The talk will be about our experience from building an open-architecture secure element from the ground up. It explains why openness became part of the security model, how it reshaped design and development workflows, and where reality pushed back — through legal constraints, third-party IP, or export controls. It walks through the secure boot chain, attestation model, firmware update flow, integration APIs, and the testing framework built for external inspection. Real examples of security evaluations by independent researchers are presented, showing what was learned from their findings and how those exchanges raised the overall security bar. The goal is to provoke discussion on how open collaboration can make hardware more verifiable, adaptable, auditable and while keeping secure.

Amtsgeheimnis raus, Datenhalde rein: was die Informationsfreiheit in Österreich bringt (de)

Markus (fin) Hametner, Erwin Ernst "eest9" Steinhammer

Jahrelang war die staatliche Intransparenz in Österreich nur eine Punchline in den Congress-Talks von Frag Den Staat. Damit könnte jetzt Schluss sein: seit heuer haben Bürger:innen endlich ein Recht, Dokumente einzusehen und ein Informationsfreiheitsgesetz. Wir zeigen, was Deutschland aus der über ein Jahrzehnt andauernden Kampagne für die Abschaffung des Amtsgeheimnisses lernen kann, wofür uns die Nachbarländer beneiden werden und wofür sich Bayern besonders schämen sollte.

Prometheus: Reverse-Engineering Overwatch (en)

breakingbread

This talk explores the internals of Overwatch which make the game work under the hood. The end goal is to democratise development of Overwatch. Being able to host your own servers and modify the game client to your liking should not be up for discussion for a game many people have paid money for.

Wie wir alte Flipperautomaten am Leben erhalten (de)

Axel Böttcher

Der Vortrag beschreibt, wie eine Gruppe von Begeisterten eine Sammlung von ca. 100 Flipperautomaten (Pinball Machines) am Leben und in spielbereitem Zustand erhält.

How To Minimize Bugs in Cryptography Code (en)

Jade

"Don't roll your own crypto" is an often-repeated aphorism. It's good advice -- but then how does any cryptography get made? Writers of cryptography code like myself write code with bugs just like anyone else, so how do we take precautions against our own mistakes? In this talk, I will give a peek into the cryptographer's toolbox of advanced techniques to avoid bugs: targeted testing, model checking, mathematical proof assistants, information-flow analysis, and more. None of these techniques is a magic silver bullet, but they can help find flaws in reasoning about tricky corner cases in low-level code or prove that higher-level designs are sound, given a defined set of assumptions. We'll go over some examples and try to give a high-level feel for different workflows that create "high-assurance" code. Whether you know it or not, you use this type of cryptography code every day: in your browser, your messaging apps, and your favorite programming language standard libraries.

When Vibe Scammers Met Vibe Hackers: Pwning PhaaS with Their Own Weapons (en)

Chiao-Lin Yu (Steven Meow)

What happens when AI-powered criminals meet AI-powered hunters? A technical arms race where both sides are vibing their way through exploitation—and the backdoors write themselves. In October 2025, we investigated Taiwan's fake delivery scam ecosystem targeting convenience store customers. What started as social engineering on social media became a deep dive into two distinct fraud platforms—both bearing the unmistakable fingerprints of AI-generated code. Their developers left more than just bugs: authentication flaws, file management oversights, and database implementations that screamed "I asked LLM and deployed without reading." We turned their sloppiness into weaponized OSINT. Through strategic reconnaissance, careful database analysis, and meticulous operational security, we achieved complete system access on multiple fraud infrastructures. By analyzing server artifacts and certificate patterns, we mapped 100+ active domains and extracted evidence linking thousands of victim transactions worth millions of euros in fraud. But here's the twist: we used the same AI tools they did, just with better prompts. The takeaway isn't just about hunting scammers—it's about the collapse of the skill gap in both offense and defense. When vibe coding meets vibe hacking, the underground economy democratizes in ways we never anticipated. We'll share our methodology for fingerprinting AI-assisted crime infrastructure, discuss the ethical boundaries of counter-operations, and demonstrate how to build sustainable threat intelligence pipelines when your adversary can redeploy in 5 minutes. This talk proves that in 2025, the real exploit isn't zero-day—it's zero-understanding.

The Small Packet of Bits That Can Save (or Destabilize) a City (en)

Manuel Rábade

The Emergency Alert System (EAS) and its SAME (Specific Area Message Encoding) protocol are public alerting technologies that broadcast short digital bursts over VHF triggering emergency messages on millions of receivers across North America. In Mexico, this technology was integrated into the Seismic Alert System (SASMEX) which more than 30 million people in the central part of the country rely on to prepare for frequent earthquakes. While new alerting technologies have emerged, the EAS-SAME network continues to play an important role for public safety in the U.S., Mexico, and Canada. Yet, the same small packets of bits that can help protect a city could also, in the wrong hands, destabilize it. This talk examines how these systems operate and reveals a troubling truth: spoofing these alerts is far easier than most people expect.

Watch Your Kids: Inside a Children's Smartwatch (en)

Nils Rollshausen

Join us as we hack at a popular children's smartwatch and expose the secrets of every fifth child in Norway, their parents, and millions more.

Making the Magic Leap past NVIDIA's secure bootchain and breaking some Tesla Autopilots along the way (en)

Elise Amber Katze

The Tegra X2 is an SoC used in devices such as the Magic Leap One, and Tesla's Autopilot 2 & 2.5 promising a secure bootchain. But how secure really is the secure boot? In this talk I go over how I went from a secured Magic Leap One headset, to exploiting the bootloader over USB, to doing fault injection to dump the BootROM, to finding and exploiting an unpatchable vulnerability in the BootROM's USB recovery mode affecting all Tegra X2s.

APT Down and the mystery of the burning data centers (en)

Christopher Kunz, Sylvester

In August 2025 Phrack published the dump of an APT member's workstation. It was full of exploits and loot from government networks, cell carriers and telcos. The dump sparked a government investigation, and corpos like LG and Korea Telecom were asked to explain themselves. Hours before an onsite audit, the data center mysteriously caught fire, destroying almost a hundred servers. Then another data center burned - and unfortunately, there was even one death. The talk aims to revisit this mysterious sequence of tragic incidents. [TW: Suicide, self-harm]

Wer liegt hier wem auf der Tasche? Genug mit dem Bürgergeld-Fetisch. Stürmt die Paläste! (de)

Helena Steinhaus

Das Bürgergeld ist Geschichte. An seine Stelle tritt eine Grundsicherung, die auf kalkulierten Verfassungsbruch setzt. Totalsanktionen, Vermittlungsvorrang, Quadratmeterdeckel, jeder Move bedeutet umfassendere staatliche Überwachung. Die Bezahlkarte soll in Hamburg perspektivisch zunächst auf Sozialhilfe‑ und Jugendhilfebeziehende ausgeweitet werden. Sind Bürgergeldbeziehende als nächstes dran?

Race conditions, transactions and free parking (en)

Benjamin W. Broersma

ORM's and/or developers don't understand databases, transactions, or concurrency.

Human microservices at the Dutch Railways: modern architecture, ancient hardware? (en)

Maarten W

The Dutch railways have been operating an increasingly complicated network of trains for over 80 years. The task of overseeing it is far too complex for a single human. As such, a network of specifically scoped humans has been connected. Over time, computers and software have been introduced into the system, but today there is still a significant role for humans. This talk describes the network of "human microservices" that is involved in the Dutch Railways' day to day operation from the eyes of a software developer.

Spectre in the real world: Leaking your private data from the cloud with CPU vulnerabilities (en)

Thijs Raymakers

Transient execution CPU vulnerabilities, like Spectre, have been making headlines since 2018. However, their most common critique is that these types of vulnerabilities are not really practical. Even though it is cool to leak `/etc/shadow` with a CPU bug, it has limited real-world impact. In this talk, we take Spectre out for a walk and let it see the clouds, by leaking memory across virtual machine boundaries at a public cloud provider, bypassing mitigations against these types of attacks. Our report was awarded with a $151,515 bug bounty, Google Cloud's highest bounty yet.

Fossile Industrie liebt KI! (de)

Rike, Moritz Leiner

Der Hype um generative KI und die Gasindustrie bilden in Zeiten der Klimakrise eine bedrohliche Allianz für die Zukunft des Planeten.

Fuse

OpenAutoLab: photographic film processing machine. Fully automatic and DIY-friendly. (en)

Kauz

OpenAutoLab, an open source machine, that is capable of processing contemporary color and black-and-white films for analogue photography, is being presented here. It made its first public appearance at 37C3 and was already seen there in action, but had no organized talk or proper presentation. Now it is better documented, waits to be built by more people and to be further developed by the community. This talk is about motivation behind developing OpenAutoLab and about the technical decisions made during it. It is argued that any dedicated film photographer is able to get one built.

Brennende Wälder und Kommentarspalten - Klimaupdate mit dem FragDenStaat Climate Helpdesk (de)

Joschi Wolf

Das Klima-Update vom FragDenStaat Climate Helpdesk.

Who cares about the Baltic Jammer? – Terrestrial Navigation in the Baltic Sea Region (en)

Lars, Niklas Hehenkamp, Markus

Reports of GNSS interference in the Baltic Sea have become almost routine — airplanes losing GPS, ships drifting off course, and timing systems failing. But what happens when a group of engineers decides to build a navigation system that simply *doesn’t care* about the jammer? Since 2017, we’ve been developing **R-Mode**, a terrestrial navigation system that uses existing radio beacons and maritime infrastructure to provide independent positioning — no satellites needed. In this talk, we’ll share our journey from an obscure research project that “nobody needs” to a system now seen as crucial for resilience and sovereignty. Expect technical insights, field stories from ships in the Baltic, and reflections on what it means when a civilian backup system suddenly attracts military interest.

RedScout42 – Zur digitalen Wohnungsfrage (de)

Sandra, Leonard

Wer heutzutage eine Wohnung sucht, kommt kaum noch darum herum, sich einen Account bei Immoscout24 & Co. zu erstellen. Diese „Platform Real Estate“ sind eine besondere Art der „Walled Gardens“, die ihr Geschäftsmodell auf die sich immer weiter verschärfende Wohnungskrise ausgerichtet haben. Und das ist äußerst profitabel für die Besitzer dieser Strukturen der Daseinsvorsorge: Im September 2025 stieg Scout24 in den DAX auf und reiht sich damit in Unternehmen wie BMW, Rheinmetall und SAP ein.

Escaping Containment: A Security Analysis of FreeBSD Jails (en)

ilja, Michael Smith

FreeBSD’s jail mechanism promises strong isolation—but how strong is it really? In this talk, we explore what it takes to escape a compromised FreeBSD jail by auditing the kernel’s attack surface, identifying dozens of vulnerabilities across exposed subsystems, and developing practical proof-of-concept exploits. We’ll share our findings, demo some real escapes, and discuss what they reveal about the challenges of maintaining robust OS isolation.

Life on Hold: What Does True Solidarity Look Like Beyond Duldung, Camps, Deportation, and Payment Cards? (en)

H-Shaaib, Eric Noel Mbiakeu

Lager, Duldung, Bezahlkarte, Essensscheine – Criminalization, Radicalization, Reality for Many People in East Germany This talk sheds light on how these terms shape everyday life. We dive into an existence marked by uncertainty, isolation, and psychological strain, both in anonymous big cities and rural areas of East Germany. We ask: What does “solidarity” really mean in this context?

Not To Be Trusted - A Fiasco in Android TEEs (en)

0ddc0de, gannimo, Philipp

Trusted Execution Environments (TEEs) based on ARM TrustZone form the backbone of modern Android devices' security architecture. The word "Trusted" in this context means that **you**, as in "the owner of the device", don't get to execute code in this execution environment. Even when you unlock the bootloader and Magisk-root your device, only vendor-signed code will be accepted by the TEE. This unfortunate setup limits third-party security research to the observation of input/output behavior and static manual reverse engineering of TEE components. In this talk, we take you with us on our journey to regain power over the highest privilege level on Xiaomi devices. Specifically, we are targeting the Xiaomi Redmi 11s and will walk through the steps necessary to escalate our privileges from a rooted user space (N-EL0) to the highest privilege level in the Secure World (S-EL3). We will revisit old friends like Trusted Application rollback attacks and GlobalPlatform's design flaw, and introduce novel findings like the literal fiasco you can achieve when you're introducing micro kernels without knowing what you're doing. In detail, we will elaborate on the precise exploitation steps taken and mitigations overcome at each stage of our exploit chain, and finally demo our exploits on stage. Regaining full control over our devices is the first step to deeply understand popular TEE-protected use cases including, but not limited to, mobile payment, mobile DRM solutions, and the mechanisms protecting your biometric authentication data.

DNGerousLINK: A Deep Dive into WhatsApp 0-Click Exploits on iOS and Samsung Devices (en)

Zhongrui Li, Yizhe Zhuang, Kira Chen

The spyware attack targeting WhatsApp, disclosed in August as an in-the-wild exploit, garnered significant attention. By simply knowing a victim's phone number, an attacker could launch a remote, zero-interaction attack against the WhatsApp application on Apple devices, including iPhones, iPads, and Macs. Subsequent reports indicated that WhatsApp on Samsung devices was also targeted by similar exploits. In this presentation, we will share our in-depth analysis of this attack, deconstructing the 0-click exploit chain built upon two core vulnerabilities: CVE-2025-55177 and CVE-2025-43300. We will demonstrate how attackers chained these vulnerabilities to remotely compromise WhatsApp and the underlying iOS system without any user interaction or awareness. Following our analysis, we successfully reproduced the exploit chain and constructed an effective PoC capable of simultaneously crashing the target application on iPhones, iPads, and Macs. Finally, we will present our analysis of related vulnerabilities affecting Samsung devices (such as CVE-2025-21043) and share how this investigation led us to discover additional, previously unknown 0-day vulnerabilities.

From Silicon to Darude Sand-storm: breaking famous synthesizer DSPs (en)

giulioz

Have you ever wondered how the chips and algorithms that made all those electronic music hits work? Us too! At The Usual Suspects we create open source emulations of famous music hardware, synthesizers and effect units. After releasing some emulations of devices around the Motorola 563xx DSP chip, we made further steps into reverse engineering custom silicon chips to achieve what no one has done before: a real low-level emulation of the JP-8000. This famous synthesizer featured a special "SuperSaw" oscillator algorithm, which defined an entire generation of electronic and trance music. The main obstacle was emulating the 4 custom DSP chips the device used, which ran software written with a completely undocumented instruction set. In this talk I will go through the story of how we overcame that obstacle, using a mixture of automated silicon reverse engineering, probing the chip with an Arduino, statistical analysis of the opcodes and fuzzing. Finally, I will talk about how we made the emulator run in real-time using JIT, and what we found by looking at the SuperSaw code.

Digitale Inklusion: Wie wir digitale Barrierefreiheit für alle erreichen können (de)

Jakob Sponholz, Kathrin Klapper, Lena Christina Müller

Könntest du jetzt noch sagen, was du heute online gemacht hast? Für viele ist das Internet so selbstverständlich, dass sie es kaum noch merken, wenn sie es benutzen. Dennoch sind viele Menschen unfreiwillig aus der digitalen Welt ausgeschlossen. Wie könnte das Internet für alle nutzbar werden?

selbstverständlich antifaschistisch! Aktuelle Informationen zu den Verfahren im Budapest-Komplex - von family & friends Hamburg (de)

Andreas family & friends Hamburg, Birgit family & friends Hamburg

Mit den Prozessen im Budapest-Komplex wird ein Exempel statuiert - nicht nur gegen Einzelne, sondern gegen antifaschistische Praxis insgesamt. Die Behauptung einer kriminellen Vereinigung mit Mordabsichten stellt eine absurde juristische Eskalation des staatlichen Vorgehens gegen Antifaschist*innen dar und steht in keinem Verhältnis zu den verhandelten Vorkommnissen. Die Verfahren in dieser Weise zu verfolgen, lässt vor allem auf ein hohes Ausforschungs- und Einschüchterungsinteresse schließen. Mit dieser Prozesswelle und den Repressionen gegen Freund*innen und Angehörige wird antifaschistisches Engagement massiv kriminalisiert und ein verzerrtes Bild von politischem Widerstand gezeichnet - während gleichzeitig rechte Gewalt europaweit zunimmt und faschistische Parteien erstarken. Wir sehen, dass Angriffe auf Rechtsstaatlichkeit und Zivilgesellschaft immer weiter zunehmen. Die Art und Weise, wie gegen die Antifas im Budapest-Komplex und im Antifa-Ost Verfahren vorgegangen wird ist ein Vorgeschmack darauf, wie politische Opposition in einer autoritären Zukunft behandelt werden könnte. Wir sind alle von der rechtsautoritären Entwicklung, von Faschisierung betroffen. Die Kriminalisierung von Antifas als "terroristische Vereinigung" ist Teil einer (weltweiten) Entdemokratisierung und Zersetzung von Rechtsstaatlichkeit.

A Quick Stop at the HostileShop (en)

Mike Perry

HostileShop is a python-based tool for generating prompt injections and jailbreaks against LLM agents. I created HostileShop to see if I could use LLMs to write a framework that generates prompt injections against LLMs, by having LLMs attack other LLMs. It's LLMs all the way down. HostileShop generated prompt injections for a winning submission in OpenAI's GPT-OSS-20B RedTeam Contest. Since then, I have expanded HostileShop to generate injections for the entire LLM frontier, as well as to mutate jailbreaks to bypass prompt filters, adapt to LLM updates, and to give advice on performing injections against other agent systems. In this talk, I will give you an overview of LLM Agent hacking. I will cover LLM context window formats, LLM agents, agent vulnerability surface, and the prompting and efficiency insights that led to the success of HostileShop.

How to render cloud FPGAs useless (en)

Dirk

While FPGA developers usually try to minimize the power consumption of their designs, we approached the problem from the opposite perspective: what is the maximum power consumption that can be achieved or wasted on an FPGA? Short answer: we found that it’s easy to implement oscillators running at 6 GHz that can theoretically dissipate around 20 kW on a large cloud FPGA when driving the signal to all the available resources. It is interesting to note that this power density is not very far away from that of the surface of the sun. However, such power load jump is usually not a problem as it will trigger some protection circuitry. This led us to the next question: would a localized hotspot with such power density damage the chip if we remain within the typical power envelope of a cloud FPGA (~100 W)? While we could not “fry” the chip or induce permanent errors (and we tried several variants), we did observe that a few routing wires aged to become up to 70% slower in just a few days of stressing the chip. This basically means that such an FPGA cannot be rented out to cloud users without risking timing violations. In this talk, we will present how we optimized power wasting, how we measured wire latencies with ps accuracy, how we attacked 100 FPGA cloud instances and how we can protect FPGAs against such DOS attacks.

Trump government demands access to European police databases and biometrics (en)

Matthias Monroy

The USA is demanding from all 43 countries in the "Visa Waiver Programme" (VWP), which enables visa-free travel, to conclude an "Enhanced Border Security Partnership" (EBSP). This is intended to grant US authorities direct access to police databases in these - mostly European - countries containing fingerprints, facial images and other personal data. Anyone who refuses this forced "border partnership" faces exclusion from the visa-free travel programme.

Power Cycles statt Burnout – Wie Einflussnahme nicht verpufft (de)

Rahel Becker, Anna Kassautzki

Zwischen offenen Briefen, Massenmails, Petitionen und Kaffee trinken : Zwei Ex-Insiderinnen aus dem Digitalausschuss und Bundestag erzählen, wie politische Einflussnahme wirklich funktioniert. Ein ehrlicher Blick hinter die Kulissen parlamentarischer Entscheidungsfindung – mit praktischen Tipps, wie die Zivilgesellschaft ihre Energie dort einsetzt, wo sie wirklich Wirkung entfaltet.

Hacking Karlsruhe - 10 years later (de)

Jürgen Bering, Simone Ruf

"Wir gehen nach Karlsruhe!“ – das klang vor zehn Jahren nach Aufbruch und juristischem Hack. Heute ist klar: Strategische Prozessführung ist kein Sprint, sondern ein zähes, manchmal frustrierendes Dauerprojekt. In diesem Talk ziehen wir Bilanz: Was haben wir mit zivilgesellschaftlichen Verfassungsbeschwerden im Bereich Technologie erreicht – und wo sind wir gescheitert? Welche Fehler würden wir heute vermeiden, welche Wege waren richtig? Und was bedeutet es, wenn das höchste deutsche Gericht zunehmend weniger Lust auf digitalpolitische Grundrechtsfragen zeigt? Ein realistischer Blick hinter die Kulissen strategischer Klagen – und die Frage: Wie hackt man das Rechtssystem im Jahr 2025?

BE Modded: Exploring and hacking the Vital Bracelet ecosystem (en)

cyanic

The Vital Bracelet series is an ecosystem of interactive fitness toys, content on memory chips, and apps that talk via NFC. In this talk, we'll explore the hardware and software of the series, from its obscure CPU architecture, to how it interacts with the outside world, from dumping OTP ROMs and breaking security, to making custom firmware.

When 8 Bits is Overkill: Making Blinkenlights with a 1-bit CPU (en)

girst (Tobi)

Over the last half year I have explored the Motorola mc14500 - a CPU with a true one-bit architecture - and made it simulate Conway's Game of Life. This talk gives a look into how implementing a design for such a simplistic CPU can work, and how it's possible to address 256 LEDs and half a kiloword of memory with just four bits of address space.

Learning from South Korean Telco Breaches (en)

Shinjo "peremen" Park, Yonghyu "perillamint" Ban

2025 was a bad year for South Korean mobile network operators. All three operators (SK Telecom, KT, LG U+) were affected by breach in some part of their respective network: HSS of SK Telecom, femtocells of KT. Meanwhile, handling of the breach by each operators and post-mortem analysis of each breaches have stark differences. The technical details and implemented mitigations are often buried under the vague terms, and occasionally got lost in translation to English. In this talk, I will cover the technical aspects of SK Telecom and KT's breach, and how the operators are coping to the breach and what kind of measurements have been performed to secure their network.

The Last of Us - Fighting the EU Surveillance Law Apocalypse (en)

Svea Windwehr, Chloé Berthélémy

The virus of surveillance is spreading across the European Union. In the form of its "ProtectEU" Internal Security Strategy, the European Commission is planning to attack encryption, re-introduce mandatory data retention and strengthen Europol and Frontex, the main agents of its oppressive law enforcement infrastructure. In this talk, we will journey the wastelands of the EU surveillance apocalypse together: We will take a close look at what politicians are planning to undermine our fundamental rights, the technology involved, and the real harms we must fight. From there, we will chart pathways to resistance and collective immunity against a surveillance agenda that requires us to form new alliances and re-think mobilization.

The Angry Path to Zen: AMD Zen Microcode Tools and Insights (en)

Benjamin Kollenda

EntrySign opened the door to custom microcode on AMD Zen CPUs earlier this year. Using a weakness in the signature verification we can load custom microcode updates and modify behavior of stock AMD Zen 1-5 CPUs. While AMD has released patches to address this weakness on some CPUs, we can still use unpatched systems for our analysis. In this talk we cover what we found out about microcode, what we saw in the microcode ROM, the tooling we build, how we worked to find out more and how you can write & test your own microcode on your own AMD Zen systems. We have our tools up on https://github.com/AngryUEFI for everyone to play around with and hopefully help us understand microcode more than we currently do.

Von Fuzzern zu Agenten: Entwicklung eines Cyber Reasoning Systems für die AIxCC (de)

Mischa Meier (mmisc), Annika Kuntze

Die AI Cyber Challenge (AIxCC) der DARPA hatte zum Ziel, die Grenzen der autonomen Cybersicherheit zu erweitern: Können AI-Systeme Software-Schwachstellen unabhängig, in Echtzeit und ohne menschliche Hilfe identifizieren, verifizieren und beheben? Im Laufe von zwei Jahren entwickelten Teams aus aller Welt „Cyber Reasoning Systems“ (CRS), die in der Lage sind, komplexe Open-Source-Software zu analysieren, Code zu analysieren, reproducer zu generieren, um zu zeigen, dass ein gemeldeter Fehler kein Fehlalarm ist, und schließlich Patches zu synthetisieren. Unser Team nahm an dieser Challenge teil und entwickelte von Grund auf ein eigenes CRS. In diesem Vortrag geben wir Einblicke in den Wettbewerb: Wie funktioniert die LLM-gesteuerte Schwachstellenerkennung tatsächlich, welche Designentscheidungen sind wichtig und wie sind die Finalisten-Teams an das Problem herangegangen?

How to keep Open Source open without leaving our communities open to threats (en)

Quintessence

The Four Freedoms (defined ~40 years ago) and the Four Opens (~15 years ago) for Open Source provided canonical definitions for what are the cornerstones of Open Source Software communities today. While the ethos still applies today, the cultural norms that blossomed to put it into practice are from an era with different challenges. To build a better world, we need to both keep and protect the value system of the Four Freedoms and Four Opens. To do that, we need to re-assess our risk and threat models to balance that allows beautiful minds to flourish as well as introduce responsible friction to prevent harm from coming to them.

Laser Beams & Light Streams: Letting Hackers Go Pew Pew, Building Affordable Light-Based Hardware Security Tooling (en)

Patch, Sam. Beaumont (PANTH13R)

Stored memory in hardware has had a long history of being influenced by light, by design. For instance, as memory is represented by the series of transistors, and their physical state represents 1's and 0's, original EPROM memory could be erased via the utilization of UV light, in preparation for flashing new memory. Naturally, whilst useful, this has proven to be an avenue of opportunity to be leveraged by attackers, allowing them to selectively influence memory via a host of optical/light-based techniques. As chips became more advanced, the usage of opaque resin was used as a "temporary" measure to combat this flaw, by coating chips in a material that would reflect UV. Present day opinions are that laser (or light) based hardware attacks, are something that only nation state actors are capable of doing Currently, sophisticated hardware labs use expensive, high frequency IR beams to penetrate the resin. This project demonstrates that with a limited budget and hacker-and-maker mentality and by leveraging more inexpensive technology alternatives, we implement a tool that does laser fault injection, can detect hardware malware, detect supply chain chip replacements, and delve into the realm of laser logic state imaging.

Battling Obsolescence – Keeping an 80s laser tag system alive (en)

Trikkitt

Keeping old projects working can be an uphill battle. This talk explores how the laser tag system Q-Zar (Quasar in the UK) has been kept alive since the company behind it failed in the 90s. The challenges encountered, the lessons learnt, and how those can be applied to our own future projects to maximise the project lifetime.

Am Spätverkauf

No-Input (de)

CooperfrauMelissengeist

Ein geschlossener Kreislauf aus Klang und Störung. Kein Instrument, kein Ursprung, nur das Rauschen, das sich selbst gebiert. Frequenzen kratzen an der Grenze zum Bewusstsein, Feedback wird zum Atem einer Maschine ohne Körper. Aus dem Dunkel des Signals erhebt sich ein sirrendes Mantra — chaotisch, unheilig, autark. Eine Beschwörung der Leere durch elektrische Selbstzerstörung.

Tippeln am Rande des Abgrunds (de)

tippel radio

Das "tipple radio" ist eine Collage von Singer-Songwriter-Konzert und szenischer Lesung. Es trägt gecoverte und selbstgeschriebene Songs und Medleys von Punk über Hamburger Schule bis Schlager mit Gitarre und Gesang vor und verknüpft die Inhalte der Songs miteinander. Es entsteht ein Geflecht von Musik und Text, dass Aufbrüche in Abgründen aufzeigt und Hoffnung macht sich gegen die Faschisierung in der Gesellschaft zusammen zu schließen.

Mittagspausenpunk live (de)

Einschiss

Einschiss ist DER Ausnahmekünstler zwischen den Stationen Paracelsus Bad und Rathaus Reinickendorf der U8. Gefangen im Körper eines Mannes mit Charaktermodell German_default_3_bearded.obj macht Einschiss Musik gegen die Dinge die nerven: Nazis, Arbeit und Consent Forms (und Arbeit). Dabei setzt er modernste Technologien ein, um einen Typen so klingen zu lassen, als wäre es ein Typ mit Backing Track. Für mehr Musiker:innen hat das Bier nicht gereicht. Sorry.

Gepflegtes Grölen am Späti: Antifa-Jodler, Punkrock und Umverteilungs-Hits (de)

elenos

Das Konzept ist simpel: Wir singen zusammen. Im Angebot haben wir vier Kategorien: Politische Classics, Punkrock-Hymnen, Antifaschistische Jodler und Umverteilungs-Hits des Quartiersmanagements Grunewald in der ansprechenden Karaoke-Variante. Man muss nichts können. Mit charmanter Anleitung manövrieren wir uns zusammen durch kollektive Dissonanzen!

Punkrock-Songtext-Lesung (de)

tomate, anna

Kultivierte Personen rezitieren Punkrock-Songtexte mit der ganzen Ernsthaftigkeit und dem dramatischen Pathos, wie sonst nur von Goethe-Abenden im Literaturhaus bekannt. Anarchie meets Bildungsbürgertum. Chaos meets Chaiselongue.

Antifaschistischer Akkordeon-Punk - Grölen gegen Rechts (de)

Pianostein

Klassiker des antifaschistischen Deutschpunk-Liedguts – von Die Ärzte über Die Toten Hosen bis WIZO und Terrorgruppe – neu interpretiert auf dem Akkordeon. Laut, links und garantiert mitgröltauglich.

Von Berlin ins Exil - Lieder der 20er und 30er Jahre (de)

Kurt Tucholsky, Bertolt Brecht, Friedrich Hollaender, Claire Waldoff: Sie alle waren feste Größen des Berliner Kulturlebens. Es war wild, es war queer, es war jüdisch. Dann kamen die Nationalsozialisten an die Macht. Wer anders dachte – und sang! – wurde systematisch aus dem Land getrieben. Wer konnte, flüchtete ins ungewisse Exil.

Der Untergang* (de)

Der Untergang*

Späti Punk Karaoke Special mit Der Untergang* Wir sind der Untergang*. Wir sind Julia Wilton (Das Bierbeben, Pop Tarts) und Thies Mynther (Das Bierbeben, Superpunk, Phantom Ghost, Chaos Communication Choir). Wir werden ein kleines Konzert spielen, tragen aber auch gern etwas zum sehr guten Punk Karaoke bei. Zum Mitsingen und Mikrophonhijacking wird unbedingt eingeladen. Eventuell schaut auch der Chaos Communication Choir dabei.

inPunkto (de)

Takakalle

Schrammelpunk aus Hamburg

Steuerkarten für Freunde (post-punk, experimental, spoken word) (en)

Steuerkarten für Freunde

Minimal bis Post-Punk Cringe aus dem Bedroom. Endlich mal wieder aus sich heraus- und einander näher kommen. Für die Friends von den Friends mit guten Texten, meistens Punk, manchmal sanft, aber Hauptsache Spaß.

Chaos Computer Music Club

GAYLIENZ (en)

Oliotronix

Gaylienz is the new project of 3 gayliens coming from various universes. They got united to bring us an audio-visual glitch rave experience where we surf with an alien cats thru chaos and love cosmos. The audience is invited to participate too and of course to dance. Expect acid basslines, circuit bent, gayboy noise, beat constructions and analog glitch and videogame visuals - by Yelo555, Oliotronix and Maria Mam. https://www.instagram.com/gali3nz/ https://www.instagram.com/yelough.strobez/

The 39c3 Drag Show (en)

Keks

Finally a drag show at the chaos! Blinking lights, colorful outfits, and queers everywhere already seems normal at the congress. So how can it be, that all of this did not come together as drag on stage?! It is time for a really awesome, great drag show at the 39c3! And to show right away how divers drag is, a wonderful cast of drag artists of various genders and expressions can spread their queer joy and art for the audience. The show is hosted by Milky Gay, the nerdiest drag king from NRW, who does not only want to throw glitter at the congress incognito this year. And he is bringing an amazing cast with him Bingus Bongus (Drag Queen, Hamburg) Neuro Spicy (Drag King, NRW) Missass Nostalgia (Drag Queen, NRW) and Kaín Mensch (Drag Thing, Hamburg) will bring their queer art to finally merge chaos and drag! Everyone is welcome, we are trying to have as little barriers as possible to come and watch. No blinking lights during the show (no guarantee for the path there and acts before and after), Music Club accessible with mobility aids and wheel chairs (ask assigned angles). Mostly standing room, few seats at the side might not allow for a good view of the show. Content notes for certain parts of the show include death, cancer, violence, fake weapons, and sexual violence, and will be announced in time so people can leave and come back afterwards. Cheering is encouraged, so it might get loud. (more details tba). Please be nice to each other and especially help short people as well as queers to find a spot where they can see enough. Also, as drag is expensive, there will be a tipping round in the end - please bring some cash if you consider tipping the artists, but of course you are also welcome either way.

Kenji Tanaka Live (en)

Kenji Tanak

In my improvised live set, my random generators and I bounce ideas off each other. This approach allows previously created loops to flow into endless new combinations.

Denise Frey Electro-Acoustic Ambient Music (de)

Denise Frey

Denise Frey macht elektroakustische Ambient-Musik – ruhig, vielschichtig, atmosphärisch. Mit Saxophon, MPC, Effektgeräten und einem feinen Gespür für Klang formt sie in ihren Konzerten Klanglandschaften, die einladen zum Loslassen, Lauschen, Entspannen. Ihre Musik entsteht live – improvisiert, organisch, unmittelbar.

Tinabel vs Nintendo DS - Chiptune punk and new-wave from Tina Belmont, using Rhythm Core Alpha 2 on Nintendo DSi and 3DS (en)

Tinabel

Tinabel (Tina Belmont) plays a set of her punky electronic rock songs using "Rhythm Core Alpha 2", software which she created herself, on the Nintendo DSi & 3DS game consoles. See http://www.tinabelmont.com and http://www.whitecollarpunk.com to hear the music, or http://rhythmcorealpha.com to learn about the software!

Jan Dalvik (en)

Jan Dalvik

Techno. Live. Modular.

ARKIFEL + nanoloop (en)

ARKIFEL

Dance to an internet tanuki playing live upbeat techno on a Gameboy Advance using nanoloop two, a software sequencer cartridge. Everything you hear is coming from one GBA!

Chill Floor

The Uncontrolled Manifold : dancing with sympoetic machines (de)

Christian Faubel

The Uncontrolled Manifold works with electronics and machines that possess autonomy and obstinacy. These machines are brought into interaction with each other, creating danceable polyrhythms and, at the same time, a fascinating shadow play, because the machines are mounted on an overhead projector and their interaction is projected. Analog oscillators generate self-organizing coordination dynamics and organic patterns, while motors strike rubber strings producing deep, resonant bass sounds reminiscent of shamanic drumming. Supported by the visuals spectators may feel like being dragged into the vortex of a living clock, compelled to join the performance through movement and dance.

Lila-Zoé Krauß (de)

Lila-Zoé Krauß

L Twills aka Lila-Zoé Krauß ist Musikerin, Performerin und Multimedia-Künstlerin. In ihrer Arbeit entwickelt sie eine transdisziplinäre Opernpraxis, um Fragen zur (post-)moderner Subjektivität und ihrer Beziehung zu Medien, Trauma und Erinnerung zu thematisieren. Sie studierte Bildende Kunst an der HFBK Hamburg und dem CalArts Los Angeles sowie Sound Studies an der UdK Berlin. In ihrer Musik kombiniert sie Elemente aus Downtempo, Experimentalmusik, Breakbeat und Oper mit eigens entwickelten Sounddesign-Techniken. Krauß veröffentlichte 2020 und 2024 die Vinylalben [Freedom/Fiction] und [After her Destruction] und performte auf diversen Bühnen, u.a.: Documenta Fifteen (Kassel), Kampnagel (Hamburg), Volkstheater (Wien), Montez-Press Radio (NYC), NAVEL (Los Angeles).

Gajek (de)

Unnamed user

Gajek produces and performs electronic music. Since 2014 He released five studio albums on Labels such as STROOM, Infinite Greyscale, Throttle Records and more. Gajek composes music for films and theatre. He has performed at major international venues and festivals such like Berghain, silent green, Printworks London, Traumabar Und Kino, ADE Amsterdam, Melt Festival and many more. Gajek lives and works in Berlin.

Cloud Management (de)

Cloud Management

Operating in a mode of Kluster via Pole, Dub Syndicate at Conny Plank's, or even fang-baring flashes of The Bug and Bryn Jones or Peak Oil modernism, the trio approach the project from the more oblique angles of respective projects Datashock, Phantom Horse and Love-Songs, to probe a more soft-centred, dematerialised and heady sound, but also reserve the right to go tuffer, more venomous, when they feel it.

Vorglühmarkt

lisaholic (live beatset) (en)

lisaholic

Lisaholic - breakbeat / bass / vocals liveloopset with a drum computer and a loopstation.

Theme

Schedule

Theme

One

Ground

Zero

Fuse

Am Spätverkauf

Chaos Computer Music Club

Chill Floor

Vorglühmarkt