Theme
Conference my congress Visitors
You must be logged in to use the filter favorited.
You must be logged in to use the filter favorited.

Schedule

Theme
Der Hub wird spätestens Ende Januar archiviert, alle nutzerbezogenen Inhalte, Boards und auch einige Wiki-Seiten werden dabei entfernt. Alle öffentlichen Assemblies, Projekte und Veranstaltungen bleiben. // The hub will be archived by end of January. All user-provided content, boards and several wiki pages will be deleted. All public assemblies, projects and events will remain.
Schedule
all curated only assembly only self_organized only
Day 1 Day 2 Day 3 Day 4
recorded only not recorded only
Tracks
CCC & Community Hardware Security Art & Beauty Ethics, Society & Politics Science Live Performance DJ-Set Entertainment Clear track filter

 

Day 1
11:00

11:30

12:00

12:30

13:00

13:30

14:00

14:30

15:00

15:30

16:00

16:30

17:00

17:30

18:00

18:30

19:00

19:30

20:00

20:30

21:00

21:30

22:00

22:30

23:00

23:30

00:00

00:30

01:00

01:30

02:00

02:30

03:00

03:30

04:00

04:30

05:00

05:30
Day 2
06:00

06:30

One
Building hardware - easier than ever - harder than it should be (en)

Kliment

Building electronics has never been easier, cheaper, or more accessible than the last few years. It's also becoming a precious skill in a world where commercially made electronics are the latest victim of enshittification and vibe coding. And yet, while removing technical and financial barriers to building things, we've not come as far as we should have in removing social barriers. The electronics and engineering industry and the cultures around them are hostile to newcomers and self-taught practitioners, for no good reason at all. I've been teaching advanced electronics manufacturing skills to absolute beginners for a decade now, and they've consistently succeeded at acquiring them. I'm here to tell you why it's not as hard as it seems, how to get into it, and why more people who think they can't should try.
Liberating Bluetooth on the ESP32 (en)

Antonio Vázquez Blanco (Antón)

Despite how widely used the ESP32 is, its Bluetooth stack remains closed source. Let’s dive into the low-level workings of a proprietary Bluetooth peripheral. Whether you are interested in reverse engineering, Bluetooth security, or just enjoy poking at undocumented hardware, this talk may inspire you to dig deeper.
Opening pAMDora's box and unleashing a thousand paths on the journey to play Beatsaber custom songs (en)

tihmstar

While trying to apply fault injection to the AMD Platform Security Processor with unusual (self-imposed) requirements/restrictions, it were software bugs which stopped initial glitching attempts. Once discovered, the software bug was used as an entry to explore the target, which in turn lead to uncovering (and exploiting) more and more bugs, ending up in EL3 of the most secure core on the chip. This talk is about the story of trying to glitch the AMD Platform Security Processor, then accidentally discovering several bugs and getting a good look inside the target, before returning to trying to hammer it with novel physical strategies.
All my Deutschlandtickets gone: Fraud at an industrial scale (en)

Q Misell, 551724 / maya boeckh

The Deutschlandticket was the flagship transport policy of the last government, rolled out in an impressive timescale for a political project; but this speed came with a cost - a system ripe for fraud at an industrial scale. German public transport is famously decentralised, with thousands of individual companies involved in ticketing and operations. Unifying all of these under one national, secure, system has proven a challenge too far for politicians. The end result: losses in the hundreds of millions of Euros, compensated to the transport companies from state and federal budgets to keep the system afloat, and nobody willing to take responsibility. This talk will cover the political, policy, and technical mistakes that lead to this mess; how we can learn from these mistakes; and what we can do to ensure the Deutschlandticket has a viable future.
To sign or not to sign: Practical vulnerabilities in GPG & friends (en)

49016, Liam

Might contain zerodays. https://gpg.fail/ From secure communications to software updates: PGP implementations such as *GnuPG* ubiquitously relied on to provide cryptographic assurances. Many applications from secure communications to software updates fundamentally rely on these utilities. Since these have been developed for decades, one might expect mature codebases, a multitude of code audit reports, and extensive continuous testing. When looking into various PGP-related codebases for some personal use cases, we found these expectations not met, and discovered multiple vulnerabilities in cryptographic utilities, namely in *GnuPG*, *Sequoia PGP*, *age*, and *minisign*. The vulnerabilities have implementation bugs at their core, for example in parsing code, rather than bugs in the mathematics of the cryptography itself. A vulnerability in a parser could for example lead to a confusion about what data was actually signed, allowing attackers without the private key of the signer to swap the plain text. As we initially did not start with the intent of conducting security research, but rather were looking into understanding some internals of key management and signatures for personal use, we also discuss the process of uncovering these bugs. Furthermore, we touch on the role of the OpenPGP specification, and the disclosure process.
Die Känguru-Rebellion: Digital Independence Day (de)

Marc-Uwe Kling, Linus Neumann

Marc-Uwe Kling liest neues vom Känguru vor.
Hacking washing machines (en)

Severin von Wnuck-Lipinski, Hajo Noerenberg

Almost everyone has a household appliance at home, whether it's a washing machine, dishwasher, or dryer. Despite their ubiquity, little is publicly documented about how these devices actually work or how their internal components communicate. This talk takes a closer look at proprietary bus systems, hidden diagnostic interfaces, and approaches to cloud-less integration of appliances from two well-known manufacturers into modern home automation systems.
Bluetooth Headphone Jacking: A Key to Your Phone (en)

Dennis Heinze, Frieder Steinmetz

Bluetooth headphones and earbuds are everywhere, and we were wondering what attackers could abuse them for. Sure, they can probably do things like finding out what the person is currently listening to. But what else? During our research we discovered three vulnerabilities (CVE-2025-20700, CVE-2025-20701, CVE-2025-20702) in popular Bluetooth audio chips developed by Airoha. These chips are used by many popular device manufacturers in numerous Bluetooth headphones and earbuds. The identified vulnerabilities may allow a complete device compromise. We demonstrate the immediate impact using a pair of current-generation headphones. We also demonstrate how a compromised Bluetooth peripheral can be abused to attack paired devices, like smartphones, due to their trust relationship with the peripheral. This presentation will give an overview over the vulnerabilities and a demonstration and discussion of their impact. We also generalize these findings and discuss the impact of compromised Bluetooth peripherals in general. At the end, we briefly discuss the difficulties in the disclosure and patching process. Along with the talk, we will release tooling for users to check whether their devices are affected and for other researchers to continue looking into Airoha-based devices. Examples of affected vendors and devices are Sony (e.g., WH1000-XM5, WH1000-XM6, WF-1000XM5), Marshall (e.g. Major V, Minor IV), Beyerdynamic (e.g. AMIRON 300), or Jabra (e.g. Elite 8 Active).
Unnecessarily Complicated Kitchen – Die Wissenschaft des guten Geschmacks (de)

LukasQ

In unserer „Unnecessarily Complicated Kitchen“ hacken wir die Gesetze der Kulinarik. Ich zeige live, wie Hitze, Chemie und Chaos zusammenwirken, wenn Moleküle tanzen, Dispersionen emulgieren und Geschmack zu Wissenschaft wird. Zwischen Pfanne und Physik entdecken wir, warum Kochen im Grunde angewandtes Debugging ist – und wie man Naturgesetze so würzt, dass sie schmecken.

Ground
Chaos macht Küche (de)

Ingwer Andersen

Ihr macht eine Veranstaltung für viele Menschen? Dann haben viele Menschen auch viel Hunger. Jetzt wird euch gezeigt wie man für viele (mehr als 75) Menschen Essen zubereitet. Es braucht nur etwas Vorbereitung und Motivation!
Of Boot Vectors and Double Glitches: Bypassing RP2350's Secure Boot (en)

stacksmashing, nsr

In August 2024, Raspberry Pi released their newest MCU: The RP2350. Alongside the chip, they also released the RP2350 Hacking Challenge: A public call to break the secure boot implementation of the RP2350. This challenge concluded in January 2025 and led to five exciting attacks discovered by different individuals. In this talk, we will provide a technical deep dive in the RP2350 security architecture and highlight the different attacks. Afterwards, we talk about two of the breaks in detail---each of them found by one of the speakers. In particular, we first discuss how fault injection can force an unverified vector boot, completely bypassing secure boot. Then, we showcase how double glitches enable direct readout of sensitive secrets stored in the one-time programmable memory of the RP2350. Last, we discuss the mitigation of the attacks implemented in the new revision of the chip and the lessons we learned while solving the RP2350 security challenge. Regardless of chip designer, manufacturer, hobbyist, tinkerer, or hacker: this talk will provide valuable insights for everyone and showcase why security through transparency is awesome.
Excuse me, what precise time is It? (en)

Oliver Ettlin

With PTP 1588, AES67, and SMPTE 2110, we can transmit synchronous audio and video with sub-millisecond latency over the asynchronous medium Ethernet. But how do you make hundreds of devices agree on the exact same nanosecond on a medium that was never meant to care about time? Precision Time Protocol (IEEE 1588) tries to do just that. It's the invisible backbone of realtime media standards like AES67 and SMPTE 2110, proprietary technologies such as Dante, and even critical systems powering high-frequency trading, cellular networks, and electric grids.
Breaking architecture barriers: Running x86 games and apps on ARM (en)

Tony Wasserka

Presenting FEX, a translation layer to run x86 apps and games on ARM devices: Learn why x86 is such a pain to emulate, what tricks and techniques make your games fly with minimal translation overhead, and how we are seamless enough that you'll forget what CPU you're using in the first place!

Zero
A Tale of Two Leaks: How Hackers Breached the Great Firewall of China (en)

Jade Sheffey

The Great Firewall of China (GFW) is one of, if not arguably the most advanced Internet censorship systems in the world. Because repressive governments generally do not simply publish their censorship rules, the task of determining exactly what is and isn’t allowed falls upon the censorship measurement community, who run experiments over censored networks. In this talk, we’ll discuss two ways censorship measurement has evolved from passive experimentation to active attacks against the Great Firewall.
ISDN + POTS Telephony at Congress and Camp (en)

Harald "LaF0rge" Welte

Like 39C3, the last CCC camp (2023) and congress (38C3) have seen volunteer-driven deployments of legacy ISDN and POTS networks using a mixture of actual legacy telephon tech and custom open source software. This talk explains how this is achieved, and why this work plays an important role in preserving parts of our digital communications heritage.
FeTAp 611 unplugged: Taking a rotary dial phone to the mobile age (en)

Michael Weiner

This project transforms a classic rotary phone into a mobile device. Previous talks have analyzed various aspects of analogue phone technology, such as rotary pulse detection or ringing voltage generation. Now this project helps you get rid of the cable: it equips the classic German FeTAp 611 with battery power and a flyback SMPS based ringing voltage generator - but still maintains the classical look and feel. The talk demonstrates the journey of bridging analog and digital worlds, explaining how careful design connects a vintage phone to today’s mobile environment - in a way that will make your grandparents happy.
KIM 1.5: Noch mehr Kaos In der Medizinischen Telematikinfrastruktur (TI) (de)

Christoph Saatjohann

Zwei Jahre nach dem ersten KIM-Vortrag auf dem 37C3: Die gezeigten Schwachstellen wurden inzwischen geschlossen. Weiterhin können mit dem aktuellen KIM 1.5+ nun große Dateien bis 500 MB übertragen werden, das Signaturhandling wurde für die Nutzenden vereinfacht, indem die Detailinformationen der Signatur nicht mehr einsehbar sind. Aber ist das System jetzt sicher oder gibt es neue Probleme?
Pwn2Roll: Who Needs a 595€ Remote When You Have wheelchair.py? (en)

elfy

A 595€ wheelchair remote that sends a handful of Bluetooth commands. A 99.99€ app feature that does exactly what the 595€ hardware does. A speed upgrade from 6 to 8.5 km/h locked behind a 99.99€ paywall - because apparently catching the bus is a premium feature. Welcome to the wonderful world of DRM in assistive devices, where already expensive basic mobility costs extra and comes with in-app purchases! And because hackers gonna hack, this just could not be left alone.
BitUnlocker: Leveraging Windows Recovery to Extract BitLocker Secrets (en)

Alon Leviev

This talk reveals our in-depth vulnerability research on the Windows Recovery Environment (WinRE) and its implications for BitLocker, Windows’ cornerstone for data protection. We will walk through the research methodology, uncover new 0-day vulnerabilities, and showcase full-chain exploitations that enabled us to bypass BitLocker and extract all the protected data in several different ways. This talk goes beyond theory - as each vulnerability will be accompanied by a demo video showcasing the complete exploitation chain. To conclude the talk, we will share Microsoft’s key takeaways from this research and outline our approach to hardening WinRE and BitLocker.
Building a NOC from scratch (de)

lilly

Learn from our mistakes during the first iteration of Network Operations for Europe's largest furry convention, Eurofurence. Dieses Jahr hat ein kleines Team aus dem Chaos, Furries und Chaos-Furries ein neues Netzwerk-OC gegründet, um die Eurofurence mit gutem premium 👌 Internetz auszustatten. Wir erzählen von unseren Erfahrungen und den sozialen sowie technischen Herausforderungen.

Fuse
OpenAutoLab: photographic film processing machine. Fully automatic and DIY-friendly. (en)

Kauz

OpenAutoLab, an open source machine, that is capable of processing contemporary color and black-and-white films for analogue photography, is being presented here. It made its first public appearance at 37C3 and was already seen there in action, but had no organized talk or proper presentation. Now it is better documented, waits to be built by more people and to be further developed by the community. This talk is about motivation behind developing OpenAutoLab and about the technical decisions made during it. It is argued that any dedicated film photographer is able to get one built.
Who cares about the Baltic Jammer? – Terrestrial Navigation in the Baltic Sea Region (en)

Lars, Niklas Hehenkamp, Markus

Reports of GNSS interference in the Baltic Sea have become almost routine — airplanes losing GPS, ships drifting off course, and timing systems failing. But what happens when a group of engineers decides to build a navigation system that simply *doesn’t care* about the jammer? Since 2017, we’ve been developing **R-Mode**, a terrestrial navigation system that uses existing radio beacons and maritime infrastructure to provide independent positioning — no satellites needed. In this talk, we’ll share our journey from an obscure research project that “nobody needs” to a system now seen as crucial for resilience and sovereignty. Expect technical insights, field stories from ships in the Baltic, and reflections on what it means when a civilian backup system suddenly attracts military interest.
Chaos all year round (de)

Deanna

Neben dem Congress gibt es noch viele andere Chaos-Events, die über das ganze Jahr verteilt stattfinden. Das Easterhegg, die GPN und die MRMCD kennen vermutlich die meisten Chaos-Wesen. Aber was ist eigentlich mit den ganzen kleineren Veranstaltungen?
Escaping Containment: A Security Analysis of FreeBSD Jails (en)

ilja, Michael Smith

FreeBSD’s jail mechanism promises strong isolation—but how strong is it really? In this talk, we explore what it takes to escape a compromised FreeBSD jail by auditing the kernel’s attack surface, identifying dozens of vulnerabilities across exposed subsystems, and developing practical proof-of-concept exploits. We’ll share our findings, demo some real escapes, and discuss what they reveal about the challenges of maintaining robust OS isolation.
Not To Be Trusted - A Fiasco in Android TEEs (en)

0ddc0de, gannimo, Philipp

Trusted Execution Environments (TEEs) based on ARM TrustZone form the backbone of modern Android devices' security architecture. The word "Trusted" in this context means that **you**, as in "the owner of the device", don't get to execute code in this execution environment. Even when you unlock the bootloader and Magisk-root your device, only vendor-signed code will be accepted by the TEE. This unfortunate setup limits third-party security research to the observation of input/output behavior and static manual reverse engineering of TEE components. In this talk, we take you with us on our journey to regain power over the highest privilege level on Xiaomi devices. Specifically, we are targeting the Xiaomi Redmi 11s and will walk through the steps necessary to escalate our privileges from a rooted user space (N-EL0) to the highest privilege level in the Secure World (S-EL3). We will revisit old friends like Trusted Application rollback attacks and GlobalPlatform's design flaw, and introduce novel findings like the literal fiasco you can achieve when you're introducing micro kernels without knowing what you're doing. In detail, we will elaborate on the precise exploitation steps taken and mitigations overcome at each stage of our exploit chain, and finally demo our exploits on stage. Regaining full control over our devices is the first step to deeply understand popular TEE-protected use cases including, but not limited to, mobile payment, mobile DRM solutions, and the mechanisms protecting your biometric authentication data.
DNGerousLINK: A Deep Dive into WhatsApp 0-Click Exploits on iOS and Samsung Devices (en)

Zhongrui Li, Yizhe Zhuang, Kira Chen

The spyware attack targeting WhatsApp, disclosed in August as an in-the-wild exploit, garnered significant attention. By simply knowing a victim's phone number, an attacker could launch a remote, zero-interaction attack against the WhatsApp application on Apple devices, including iPhones, iPads, and Macs. Subsequent reports indicated that WhatsApp on Samsung devices was also targeted by similar exploits. In this presentation, we will share our in-depth analysis of this attack, deconstructing the 0-click exploit chain built upon two core vulnerabilities: CVE-2025-55177 and CVE-2025-43300. We will demonstrate how attackers chained these vulnerabilities to remotely compromise WhatsApp and the underlying iOS system without any user interaction or awareness. Following our analysis, we successfully reproduced the exploit chain and constructed an effective PoC capable of simultaneously crashing the target application on iPhones, iPads, and Macs. Finally, we will present our analysis of related vulnerabilities affecting Samsung devices (such as CVE-2025-21043) and share how this investigation led us to discover additional, previously unknown 0-day vulnerabilities.
From Silicon to Darude Sand-storm: breaking famous synthesizer DSPs (en)

giulioz

Have you ever wondered how the chips and algorithms that made all those electronic music hits work? Us too! At The Usual Suspects we create open source emulations of famous music hardware, synthesizers and effect units. After releasing some emulations of devices around the Motorola 563xx DSP chip, we made further steps into reverse engineering custom silicon chips to achieve what no one has done before: a real low-level emulation of the JP-8000. This famous synthesizer featured a special "SuperSaw" oscillator algorithm, which defined an entire generation of electronic and trance music. The main obstacle was emulating the 4 custom DSP chips the device used, which ran software written with a completely undocumented instruction set. In this talk I will go through the story of how we overcame that obstacle, using a mixture of automated silicon reverse engineering, probing the chip with an Arduino, statistical analysis of the opcodes and fuzzing. Finally, I will talk about how we made the emulator run in real-time using JIT, and what we found by looking at the SuperSaw code.

Am Spätverkauf
Störmoment (en)

Vale

All styles Punk from hc, grunge and garage to indie, pop and post, female fronted only.

Chaos Computer Music Club
Katja Ruge (en)

Katja Ruge

„Planetary Visions“ with Katja Ruge (Can Love Be Synth/Synthesizerstudio HH, Electric Lights/Planetarium HH) Katja Ruge’s DJ sets are a seamless fusion of Italo, New Wave, Cosmic Sounds, 80s, Dark Disco, and Electro.
Analog to Algorithm: RSS Disco’s Underground Journey (en)

RSS Disco

From crackling Kraut and Disco records to hyper produced Techno tracks - dance music has come a long way in the last six decades, and was always strongly influenced by evolving technology. Dance music’s history is a feedback system between culture and circuitry. Each new invention—from the disco subwoofer to today’s neural-driven mastering tools—reshapes sound itself. RSS Disco’s timeline approach celebrates this continuum: a story of machines learning to groove, and humans learning to listen differently through them.
Steve Simon (de)

Steve

Als Part der ToxicFamily, die seit mittlerweile 25 Jahren Label, elektronisches Magazin, Veranstalter und einfach eine Institution in Frankfurt ist, fördert Steve, der übrigens einer der dienstältesten Residents des Tanzhaus West in Frankfurt ist, aktiv die Frankfurter Underground Clubszene und vor allem den Nachwuchs. Ob es ein Gig bei der Toxic Family Radio Show im lokalen FM Radio ist, ein CDJ Lehrgang oder einfach nur aufmunterte Worte während eines Sets - viele Frankfurter DJs haben eine Geschichte über Steve zu erzählen. Wenn Steve House Musik spielt, sieht man oft DJ Kollegen mit gespitzen Ohren an der Bar stehen - oder auch mal mitten auf der Tanzfläche - weil das Barpersonal selbst auf der Theke tanzt.
Angie Taylor (en)

Angie Taylor

Angie Taylor is specialized in Hybrid Techno LIVE-DJ SETS, often blending it with live bass guitar and vocals to create a unique, electrifying hybrid Techno experience.
YMNA (en)

Nina_art&play

Heute Nacht wird der Dancefloor zur globalen Schnittstelle. YMNA kalibriert mit ihrem Mix aus global inspirierten Soundscapes und moderner Club-Musik unsere Sinne neu. Es ist die perfekte Balance zwischen dem Rohen, Ursprünglichen und der polierten Kraft des heutigen melodischen Techno.

Chill Floor
Festnacht (de)

Festnacht

Festnacht is a fixture in Hamburg’s music scene. Together with L.F.T., he has steered the Neoprimitive label and event series for nearly a decade, releasing a broad range of mostly experimental electronic music from artists like Rosaceae, Children of Leir, and Alobhe, and inviting names such as Skee Mask, Anthony Rother, Bloody Mary, and Interstellar Funk to the iconic Golden Pudel Club. His DJ sets span the spectrum of Detroit-rooted techno and electro - always unpredictable, shaped by the night’s energy, and known for his skill in slowly and subtly warming up a room.
bushfya (de)

bushfya

For the Love of Music. Nothing else.
Afidissima & Alice (de)

Afidissima & Alice

Afidissima and Alice, two millennial stereotypes sharing music tips as emotional currency. Gabby radio host Afidissima delivers genre-chaotic sets drenched in dubby vibes and oozing with groove. A relentless cratedigger with questionable priorities. Alice unites musical moments and moods that refuse to be united. Seductive, whimsical, followed by familiar paths, so as not to upset the ear and inner balance. Mixed feelings becoming multiple emotions. Everything as usual – just enhanced momentum.
BarbNerdy (en)

BarbNerdy

Sharing Means Caring: Most of the music of this series was recorded at a Chaos Event in the last 10 (or more) years. It is time for a new episode: https://soundcloud.com/barbnerdy/sets/mixtape-sharing-means-caring-1
Dj Sloush + Zarrt (de)

Dj Sloush aka Spitz + Zarrt

The berlin based artist duo is working under different alias solo, in duos or collectives since 2011. They are sound artists, DJs, part of Cashmere Radio (Berlin), curators, event organizers, performers and multimedia artists. “Dj Sloush aka Spitz + Zarrt aka Fellmaus will make you happy. There’s gonna be these sounds coming from the speakers, new otherworldly ones mixed with seemingly familiar yet undiscovered natural feeling waves of moods, or maybe hot and twirling rapid fire bass jumping trippin balls ones. Either way they’ll provide you with a guaranteed enjoyment of the infinite kind.”
Babooshka (de)

Babooshka

Babooshka is Marian Bodenstein, who played with several punk bands such as LASSIE, LAFFF BOX, NICK NORMAL and DBR at the moment. Under the moniker FUZZZGUN Marian is working as a graphic designer for bands, labels and other "multinational corporations". Normally Babooshka would serve you a high octane dance set rooted in 70s power pop, punk and rocknroll but for the CCCChillfloor you’ll get a certain mixture of their favorite relaxin, beautiful and tearjerking tracks, combined with some broken records to serve as analog loops and audioplay records. Babooshka is happy to play records that are normally reserved for the end of an emotional night of dance and shenanigans or even never would see the lights of the dance floor under „normal“ circumstances.
g00d news (de)

g00d news

g00d news lebt und arbeitet seit 2009 in Hamburg und ist als Vinyl-DJ Teil der lokalen Underground-Szene. Er war langjähriger Resident und Kurator im Golden Pudel Club und ist Mitbetreiber des Plattenladens Remoto-Rec. sowie des Vinyl- und Kassettenlabels V I S mit Fokus auf experimenteller Musik. Seine Sets reichen von Ambient, Experimental und outernationalen Sounds bis hin zu UK-Rave, Darkside Jungle, Hardcore, Breakbeats, Deep Techno und Freetekno. Zudem ist er kuratorisch und organisatorisch im BEEK e.V. aktiv.

Vorglühmarkt
stornoline (de)

Sassi

service for dance trips ⏰✨💫⏰✨💫⏰✨💫⏰✨💫 zocke für euch housy rave essentials mit nostalgischen vocals und acid lines & mache sachen bei @diskobabel 💕 und @entropiefestival ⚡️
Aladdin (de)

Hamdi

Hamdi (Berlin) House and minimal techno built for immersion. Extended mixes, controlled pacing, and Fog-filled rooms where the story unfolds gradually.