Conference 39th Chaos Communications Congress

One

Skynet Starter Kit: From Embodied AI Jailbreak to Remote Takeover of Humanoid Robots (en)

Shipei Qu, Zikai Xu, Xuangan Xiao

We present a comprehensive security assessment of Unitree's robotic ecosystem. We identified and exploited multiple security flaws across multiple communication channels, including Bluetooth, LoRa radio, WebRTC, and cloud management services. Besides pwning multiple traditional binary or web vulnerabilities, we also exploit the embodied AI agent in the robots, performing prompt injection and achieve root-level remote code execution. Furthermore, we leverage a flaw in cloud management services to take over any Unitree G1 robot connected to the Internet. By deobfuscating and patching the customized, VM-based obfuscated binaries, we successfully unlocked forbidden robotic movements restricted by the vendor firmware on consumer models such as the G1 AIR. We hope our findings could offer a roadmap for manufacturers to strengthen robotic designs, while arming researchers and consumers with critical knowledge to assess security in next-generation robotic systems.

A post-American, enshittification-resistant internet (en)

Cory Doctorow

Trump has staged an unscheduled, midair rapid disassembly of the global system of trade. Ironically, it is this system that prevented all of America's trading partners from disenshittifying their internet: the US trade representative threatened the world with tariffs unless they passed laws that criminalized reverse-engineering and modding. By banning "adversarial interoperability," America handcuffed the world's technologists, banning them from creating the mods, hacks, alt clients, scrapers, and other tools needed to liberate their neighbours from the enshittificatory predations of the ketamine-addled zuckermuskian tyrants of US Big Tech. Well, when life gives you SARS, you make sarsaparilla. The Trump tariffs are here, and it's time to pick the locks on the those handcuffs and set the world's hackers loose on Big Tech. Happy Liberation Day, everyone!

Chaospager - How to construct an Open Pager System for c3 (en)

Max, Julian

In this talk, we will give an introduction into the project (i.e. how it all started at 38c3 and why we are here now), provide an in-depth review of how the development process of our pager worked and what our future goals are. In our introduction, we will talk about the origin and exploration phase of the inital pager idea (i.e. how we went from the idea of bringing POCSAG Pager transmitter to 38c3, over a cable-bound prototype, to a first working pager on a proper PCB). We will also present our plans of connecting our POCSAG transmitter infrastructure to THOT (CERTs own dispatch software). For our in-depth review about the project, we explain how we encountered major reception problems, how we analyzed them at easterhegg22 and conducted experiments there, and why we are opting for a custom HF frontend design instead of an already-made one from chinese vendors. Moreover, we provide an overview of our transmitter devices and give some advice on how to replicate those. Lastly, we will discuss further challenges and what our next goals are. If we are reaching our milestone until 39c3, we will also give a live demo of the system.

Cracking open what makes Apple's Low-Latency WiFi so fast (en)

Henri Jäger

This talk presents Apple's link-layer protocol Low-Latency WiFi and how it achieves its real-time capabilities to enable Continuity features like Sidecar Display and Continuity Camera. We make more kernel logging available on iOS and build a log aggregator that combines and aligns system- and network-level log sources from iOS and macOS.

CCC-Jahresrückblick (de)

Constanze Kurz, khaleesi, Matthias Marx, Linus Neumann, erdgeist

Das war nicht das Jahr 2025, das wir bestellt hatten.

Ground

Suing spyware in Europe: news from the front! (en)

Lori Roussey, Celia/Irídia

In 2022, CitizenLab contacted a member of the Spanish non-profit Irídia to tell them that one of their members had likely been hacked with Pegasus spyware. The target, a lawyer, had been spied on by the Spanish government in 2020 because he represented a Catalan politician who was in prison. His phone was infected with Pegasus during the COVID-19 lockdown, on the same day he was having an online meeting with other lawyers working on the case. Irídia and the lawyer (Andreu) decided to take the case to court. A few years later, he met with Data Rights and invited them to join forces and bring in partners from across Europe to increase the impact. This collaboration led to the creation of the PEGA coalition in May 2025. This talk goes over the status of the case and work we have done across Europe to bring spyware use in court.

A space odyssey #2: How to study moon rocks from the Soviet sample return mission Luna 24 (en)

Paul Koetter

It is 1976 and the USA long stopped going to the Moon when a Soviet automatic landing station called Luna 24 descends to the Lunar surface. It touches down on 3.3 Billion year old rock formations at a place no mission has ever gone before. What exactly happened remains a mystery to this day, but the space probe managed to take a 2.3 m long drill core from the Lunar regolith, packaged the sample in a genius way and launched it for its voyage to Earth. Some days later the sample entered earths atmosphere and landed in remote Siberia and ended up in our hands more than 50 Years later. We tell the story of the sample, the people that brought it to Earth and how we analyzed it with the newest methods including µm sized high intensity X-ray beams, 30kV electron beams and LN2 cooled infrared spectrometers.

Chaos Communication Chemistry: DNA security systems based on molecular randomness (en)

Anne Lüscher

**Over the past few decades, nucleic acids have increasingly been investigated as alternative data storage media and platforms for molecular computing. This talk builds on past research and introduces another branch to the field: DNA cryptography based on random chemistry. This technology provides a platform for conceiving new security architectures that bridge the physical with the digital world.**

Persist, resist, stitch (en)

Philo

What does knitting have to do with espionage? Can embroidery help your mental health? This talk shows how the skills to create textile art have enabled people to resist and to persist under oppressive regimes for centuries. And it offers ways to keep doing so.

Current Drone Wars (en)

Leonard

The character of drone wars has changed. The large, cumbersome long-range drones have been complemented with small and low-budget drones. Moreover, more and more states are developing, deploying and selling them. Ten years ago at least 50 states were developing them. At the top are USA, Israel, Turkey, China, Iran and Russia. Russia's attack on Ukraine has unleashed a drone war unlike any seen before. In short time the Ukraine has build significant drone production capabilities and announcement that it will increase its own production of quadcopters and kamikaze drones to one million units per year. German defense companies and startups are now promoting a “drone wall on NATO's eastern flank.” Moreover, despite their vulnerability to air defenses, large drones are also being further developed. They are intended to accompany next generation fighter jets in swarms. In this talk, past and current developments are discussed. What are the perspectives now?

Zero

Agentic ProbLLMs: Exploiting AI Computer-Use and Coding Agents (en)

Johann Rehberger

This talk demonstrates end-to-end prompt injection exploits that compromise agentic systems. Specifically, we will discuss exploits that target computer-use and coding agents, such as Anthropic's Claude Code, GitHub Copilot, Google Jules, Devin AI, ChatGPT Operator, Amazon Q, AWS Kiro, and others. Exploits will impact confidentiality, system integrity, and the future of AI-driven automation, including remote code execution, exfiltration of sensitive information such as access tokens, and even joining Agents to traditional command and control infrastructure. Which are known as "ZombAIs", a term first coined by the presenter as well as long-term prompt injection persistence in AI coding agents. Additionally, we will explore how nation state TTPs such as ClickFix apply to Computer-Use systems and how they can trick AI systems and lead to full system compromise (AI ClickFix). Finally, we will cover current mitigation strategies and forward-looking recommendations and strategic thoughts.

Live, Die, Repeat: The fight against data retention and boundless access to data (en)

Klaus Landefeld

Both within the EU as well as nationally in Germany, there exists a renewed drive to implement data retention, a practice struck down by the ECJ and discontinued in many national legislations. In parallel, cross-border access to stored data has been mandated within the EU as “e-evidence”, and will soon be extended to 90+ countries under the umbrella of the EU cybercrime convention. In principle, all data stored by service providers will be available to law enforcement as part of a criminal investigation. The timing of both initiatives is not coincidental, as access to data naturally relies on the availability of data. The talk will address the state of play on data retention in various legislations, and introduce the practice of cross border access to stored data by law enforcement as well as its shortcomings and threats to privacy and confidentiality.

Amateurfunk im All – Kontakt mit Fram2 (de)

akira25, flx, Gato

Wir geben Einblicke in zwei intensive Wochen Planung, Koordination und Aufbau, den Betrieb einer (improvisierten) Bodenstation, sprechen über technische Hürden, Antennendesign und Organisation – und wie wir schließlich mit Astronautin Rabea Rogge im Weltraum gefunkt haben.

Lessons from Building an Open-Architecture Secure Element (en)

Jan Pleskac

The talk will be about our experience from building an open-architecture secure element from the ground up. It explains why openness became part of the security model, how it reshaped design and development workflows, and where reality pushed back — through legal constraints, third-party IP, or export controls. It walks through the secure boot chain, attestation model, firmware update flow, integration APIs, and the testing framework built for external inspection. Real examples of security evaluations by independent researchers are presented, showing what was learned from their findings and how those exchanges raised the overall security bar. The goal is to provoke discussion on how open collaboration can make hardware more verifiable, adaptable, auditable and while keeping secure.

Variable Fonts — It Was Never About File Size (en)

Bernd

A brief history of typographic misbehavior or intended and unintended uses of variable fonts. Nine years after the introduction of variable fonts, their most exciting uses have little to do with what variable fonts originally were intended for and their original promise of smaller file sizes. The talk looks at how designers turned a pragmatic font format into a field for experimentation — from animated typography and uniwidth button text to pattern fonts and typographic side effects with unintended aesthetics. Using examples from projects such as TypoLabs, Marjoree, Kario (the variable font that’s used as part of the 39C3 visual identity), and Bronco, we’ll explore how variable fonts evolved from efficiency tools into creative systems — and why the most interesting ideas often emerge when technology is used in unintended ways.

Fuse

Neue Chaos Events - InselChaos und Håck ma’s Castle plaudern aus dem Nähkästchen (de)

Erwin Ernst "eest9" Steinhammer, lasii, Daniel, Niklas

Auf der Insel Rügen und in Österreich tut sich was - und zwar neue Chaos Events. Wir möchten über Anforderungen, Herausforderungen, Hürden, Erfahrungen und Glücksmomente aus unserer Sicht der Orga erzählen. Das InselChaos fand im LaGrange e.V. im September 2025 statt und bildet den Auftakt für weitere kreative, informative und chaotische Events auf der Insel Rügen. Das Håck ma’s Castle wird mit etwas Humor auch über Herausforderungen sprechen, welche unter anderem durch dezentrale Teams aus diversen Hackspaces entstehen.

selbstverständlich antifaschistisch! Aktuelle Informationen zu den Verfahren im Budapest-Komplex - von family & friends Hamburg (de)

Andreas family & friends Hamburg, Birgit family & friends Hamburg

Mit den Prozessen im Budapest-Komplex wird ein Exempel statuiert - nicht nur gegen Einzelne, sondern gegen antifaschistische Praxis insgesamt. Die Behauptung einer kriminellen Vereinigung mit Mordabsichten stellt eine absurde juristische Eskalation des staatlichen Vorgehens gegen Antifaschist*innen dar und steht in keinem Verhältnis zu den verhandelten Vorkommnissen. Die Verfahren in dieser Weise zu verfolgen, lässt vor allem auf ein hohes Ausforschungs- und Einschüchterungsinteresse schließen. Mit dieser Prozesswelle und den Repressionen gegen Freund*innen und Angehörige wird antifaschistisches Engagement massiv kriminalisiert und ein verzerrtes Bild von politischem Widerstand gezeichnet - während gleichzeitig rechte Gewalt europaweit zunimmt und faschistische Parteien erstarken. Wir sehen, dass Angriffe auf Rechtsstaatlichkeit und Zivilgesellschaft immer weiter zunehmen. Die Art und Weise, wie gegen die Antifas im Budapest-Komplex und im Antifa-Ost Verfahren vorgegangen wird ist ein Vorgeschmack darauf, wie politische Opposition in einer autoritären Zukunft behandelt werden könnte. Wir sind alle von der rechtsautoritären Entwicklung, von Faschisierung betroffen. Die Kriminalisierung von Antifas als "terroristische Vereinigung" ist Teil einer (weltweiten) Entdemokratisierung und Zersetzung von Rechtsstaatlichkeit.

Power Cycle B7 oder Warum kauft man eine Zeche? (de)

Kohlenpod, kater, Stephan

Aus einem Barwitz wurde ein Projekt! Blumenthal7 ist die letzte vollständig erhaltene Schachtanlage des ehemaligen Steinkohlebergwerks General Blumenthal in Recklinghausen im nördlichen Ruhrgebiet. Nach diversen Startschwierigkeiten ist aus einer im Dornröschenschlaf liegenden Industriebrache ein Projekt geworden, das bereits jetzt einer Vielzahl von Entitäten und Gruppen eine Heimat und einen großen, nahezu grenzenlosen Spielplatz bietet. Begleitet uns gerne beim Power Cycle B7…!

Auf die Dauer hilft nur Power: Herausforderungen für dezentrale Netzwerke aus Sicht der Soziologie (de)

Marco Wähner

Der Vortrag diskutiert Herausforderungen dezentraler Netzwerke aus soziologischer Perspektive. Als dezentrale Netzwerke werden technische Infrastrukturen verstanden, die nicht von einer zentralen Autorität, sondern verteilt über Instanzen zur Verfügung gestellt werden. Nutzer:innen profitieren von dieser Infrastruktur, nutzen beispielsweise das Fediverse oder das Tor-Netzwerk, ohne zur Infrastruktur beizutragen. Zugleich können dezentrale Netzwerke nur dann bestehen, wenn hinreichende Ressourcen von Personen oder Organisationen mobilisiert werden, um das Netzwerk überhaupt zur Verfügung zu stellen. Dies führt zur originären Instabilität dezentraler Netzwerke, wenn nicht der Weg der Kommodifizierung des Nutzer:innenverhaltens eingeschlagen wird. Aufbauend auf dieser Zustandsbeschreibung, werden Bedingungen erörtert, um Kollektivgüter wie dezentrale Netzwerke organisatorisch (und nicht technisch) herzustellen. Hierzu zählen Partizipation oder die Idee einer öffentlichen Grundfinanzierung. Der Vortrag wird neben soziologischen Ideen und harten Zahlen auch durch eine ordentliche Portion Idealismus zu Fragen der Souveränität und Autonomität in der Digitalisierung motiviert.

A Quick Stop at the HostileShop (en)

Mike Perry

HostileShop is a python-based tool for generating prompt injections and jailbreaks against LLM agents. I created HostileShop to see if I could use LLMs to write a framework that generates prompt injections against LLMs, by having LLMs attack other LLMs. It's LLMs all the way down. HostileShop generated prompt injections for a winning submission in OpenAI's GPT-OSS-20B RedTeam Contest. Since then, I have expanded HostileShop to generate injections for the entire LLM frontier, as well as to mutate jailbreaks to bypass prompt filters, adapt to LLM updates, and to give advice on performing injections against other agent systems. In this talk, I will give you an overview of LLM Agent hacking. I will cover LLM context window formats, LLM agents, agent vulnerability surface, and the prompting and efficiency insights that led to the success of HostileShop.

CDC Triangle

iroh p2p chat over gossip (en)

Floris Bruynooghe

In this workshop we'll look at how iroh establishes p2p QUIC connections. Using holepunching to create direct connections where possible. Then we'll build on top of this by using the gossip protocol to build a group chat.

Embedding Anonymity Directly in your Application (en)

idk

A deep dive into using Embedded I2P to seamlessly anonymize your applications

Zero-Knowledge Proofs Workshop (en)

Freeman Slaughter

Zero-knowledge proofs (ZKPs) are reshaping the landscape of privacy, scalability, and trust in decentralized systems. In this workshop, we’ll explore how ZKPs let one party convince another that a statement is true, without revealing anything else about it. We aim to demystify the core ideas behind interactive protocols, walk through modern ZKP constructions, and examine how they’re deployed in cryptocurrencies and modern privacy-preserving designs. Participants will leave with a clear understanding of how the "prove without revealing" paradigm is shaping blockchain technology, verifiable computation, and the next generation of cryptographic standards.

Radicle: P2P, Censorship-Resistant Code Collaboration Based on Git (en)

Lorenz Leutgeb

[Radicle](https://radicle.xyz/) is an open source, peer-to-peer code collaboration stack built on Git. Unlike centralized code hosting platforms, such as GitHub or GitLab, there is no single entity controlling the network. Repositories are replicated across peers in a decentralized manner, and users retain sovereignty over their data and workflow. *Free your code!*

The Bitcoin Security Budget and Its Implications A Look at the Security, Scaling and Spam Resistance of Proof of Work Cryptocurrencies (en)

Francisco "ArticMine" Cabañas

The Bitcoin security budget has profound implications for the long term security of Bitcoin and similar proof of work cryptocurrencies. In this talk we discuss the various types of transaction fee markets for different cryptocurrencies and the possibility of transaction fees replacing falling block rewards to provide security in the future. The results from our analysis of the Monero fee market in particular do pose some very serious questions regarding the long term security and viability of cryptocurrencies that do not have a minimum fixed block reward or tail emission. We will discuss these questions and their implications for the possibility of a worldwide peer-to-peer electronic cash system.

CDC Circle

The DarkFi super-app (en)

Yuki

Anonymous, Uncensored, Sovereign: How DarkFi gives birth to a new Paradigm of Society.

Making own Z-Wave (or Zigbee) device from scratch and assemble a Z-Wave (or Zigbee/Matter) controller (en)

PoltoS

We will program a Z-Wave or a Zigbee device and add it into a Z-Way smart home controller installed on Linux or flashed into an ESP32.

Radicle: Setup and Introduction (en)