My personal favourite from 24C3: Xbox 360 hacking

I've seen quite a number of presentations live at 24C3 as well as recorded ones in the days following the event. While many of them cover important subjects, there is one lecture that is outstanding: "Deconstructing Xbox 360 Security".

The level of technicality of this presentation was just right. Finally something that went deep down into the technical details. Explaining what kind of flaws they found in the disassembled power PC object code.

I definitely want to see more lectures/presentations like this. Don't be afraid to overload the audience with technical details. Just go ahead with it :)

Also, this presentation has shown how far advanced the game console hacking is compared to mobile phone hacking (at least from what I've seen in the ETC (Ada-developers) and and Motorola hacker communities). The problems are similar: Completely undocumented hardware, cryptographic authentication of code by the boot loader (sometimes down to mask ROM), ...

So I hope that the mobile phone hacker community will grow and more people with this skillet, attitude and time will join. Free your phones!

Personal reflection on the 24th annual Chaos Communication Congress

It's great to be at 24C3, the 24th incarnation of the Chaos Computer Clubs annual congress in Berlin.

In fact, this is my 10th anniversary at this congress, i.e. the first one I visited was 15C3. I ended up at 15C3 as somewhat of a coincidence by just following a fellow Linux hacker from the Linux User Group Nuernberg to whom I've since lost all contact.

What's actually worth mentioning is that this is the first CCC congress that I visit as a pure guest. I have no lecture, and I am not actively involved with any of the things I have been involved before, such as the video recording/streaming team or the Sputnik RFID location system.

Interestingly, I felt the first day much more tiring than usually, despite having slept more than in any of the previous years. Apparently the lack of constant adrenaline caused by last-minute-problem-solving has its impact..

The congress is a lot of fun, I've been talking to many old friends, colleagues and fellow hackers from all over the world, involved in all of the projects and/or companies that I've remotely had any contact throughout that ten year time period.

It's a very nice feeling. I doubt there is any other event or occasion where I would feel more at home than at this annual congress. This is my culture. This is where I belong. Here are people who understand, or rather: understood.

Looking forward to the Chaos Camp 2007

In about 24 hours I'll be on my flight 'back' to Germany. In fact it's not really a flight back to Germany, but more like a temporary break of my extended stay in Taipei for the sake of OpenMoko.

The main reason for this trip is to attend the Chaos Camp 2007 of the CCC. I've so far dropped every conference or other technical event this year to concentrate on my work for OpenMoko, but I'm not able to compromise on the camp.

On the one hand, I'm looking forward to finally not having any official function at a CCC event. More than one year after vacating my task as leader of the video documentation effort, and after my somewhat minor involvement with the sputnik RFID tracking project at the congress last December, this is not really the first CCC event which I'll visit as a pure visitor. I haven't even submitted any paper.

So the camp will be holiday. Time to relax, talk with fellow hackers. Sure, lots of the German OpenMoko guys (roh, stefan, alphaone, and our newcomer gismo) will be there. So there will definitely be some kind of productive outcome for the OpenMoko project, too. But in a very different setting. Doing thighs that are fun, rather than all the things that have to be done :)

Chaos Communication Camp 2007

The date and location for the 2007 Chaos Communication Camp have been announced, which is really good news.

First two days of 23C3

I'm currently at the 23rd annual Chaos Communication Congress in my home town Berlin, Germany.

After having dropped out of my usual volunteer work in the Audio/Video recording team, I thought that this year would be slightly more relaxing. Then came the Sputnik system, which suddenly started to eat some of my time weeks and months before the congress, as well as the last couple days before the congress, during the build-up. In fact, given my many other projects, I was close to going crazy and thus dropped out of the project and disappeared completely from the congress for about one day. Sorry about that, but I just needed to relax and calm down.

After a very stressful 26th of December, the team actually managed to set the whole back-end and middleware system up on the first day of the event, and the 3D visualization was running by 4am of the second day.

Now I'm back to normal mode, present at the event almost all day, which I intend to do for the next two days, too.

CCC Berlin now proud owner of USRP

Finally the Berlin Section of the CCC has managed to obtain some donations (courtesy of ) for the purchase of a USRP with all major front-ends (BasicRX, BasicTX, RFX2400, RFX1800, RFX900, DBSRX, ..).

I sincerely hope that this device will be able to fuel even more interest in RF communications and research of security aspects of popular RF systems such as DECT. At least a bunch of interested hackers now have all the tools they need :)

Chaosradio 114: Software project management

Tomorrow I'll again be participating in Chaosradio. This months Chaosradio 114 issue is about software project management, both in the proprietary and FOSS world.

Upcoming Chaosradio show on encryption

After quite some time of absence, I'm finally going to participate in Chaosradio again. The subject of the upcoming show is encryption for personal use, mostly focusing on hard disk and email encryption.

22C3 is over

Two days ago, 22C3 was closed. This years incarnation of Europe's largest hacker conference can be seen as a full success. Some 3000 attendees, about 180 lectures, a 10Gigabit Internet Uplink and our own /16.

The video recordings have turned out fine. We've had working WMV live streams, and somewhat intermittently working MPEG2 and MPEG4 live streams, as well as working OGG and MP3 audio streams of all four lecture tracks.

For archival, we have MPEG2Video (5Mbit) as well as the original DV tapes, and a FLAC audio recocrding.

Looking at the tremendous amount of work that went into the A/V recordings, and the fact that I'm involved with the A/V team since seven years, I'm actually thinking about looking for some other area where I can get involved next year.

My two lectures (on OpenEZX and librfid/libmrtd) went fine, even though they both had very little preparation ;)

In the next couple of days I'll be cutting the fourth day of the video recording, and then slowly getting back into netfilter and OpenEZX related development. Oh yes, and I'll also promise more blog updates.

For some strange reason, my git tree seems to have become corrupted over the last two weeks, so I first need to sort this out before getting any reasonable work done.

22C3 preparations

The main reason why this blog has been so quite since my return from Bangalore: I'm spending every free minute in preparations for 22C3, the annual Chaos Communication Congress. As usual, my job is to take care of the audio and video recording and streaming.

So for the last days I've been hunting numerous bugs related to this, mainly in ffmpeg, but also radeonfb, vlc, Debian ffmpeg / x264 packages, etc.

I'll be back on track after 22C3 is over. More blog updates then, I promise.

Lecture on privacy and data protection issues at Potsdam University

Today I had the honour of holding a guest lecture at the Institute of European Media Studies of the University of Applied Sciences in Potsdam. The lecture was entitled "Privacy, Data Protection and Surveillance - Risks and side effects of modern communication technology".

To my big surprise, the lecture was very well received, and members of the institute have suggested that they are interested in some follow-up lectures on other topics such as copyright / software patent / GPL issues.

Big Brother Awards 2005

Today, the sixth "Oscar awards for data leeches" will be awarded. The BBA is a "negative award" or "anti award" for persons, organizations, companies, government agencies that disrespect civil liberties, data protection and privacy.

I've always been a big fan of those awards (which are now even awarded in a number of countries outside of Germany, too). They provide an excellent opportunity to publicly point at (and rant about) those who further restrict the [digital] freedom of individuals.

This year I'm going to be present at the ceremony for the first time.

Chaosradio on ePassport and Biometrics

Due to the importance of the subject, we will do the second Chaosradio show this year dedicated to electronic passports and biometric identification.

Germany will issue them starting with November this year... so now is about the last possible time to apply for a brand new, shiny, glossy, cheap "old-style" passport that doesn't contain any biometric information.

Chaosradio 105: Embedded Systems

This month's Chaosradio show (held today) will be looking into the plethora of embedded devices that are present in todays world.

CCC "residents" will be Tim Pritlove and myself.

The main focus will be on consumer embedded systems, especially those running free operating systems and those with good "hack value".

Chaosradio on Electronic Health Card

Today I'll be moderating this months' episode of Chaosradio on the upcoming German Gesundheitskarte (Electronic Health Card, EHC).

This is the latest incarnation of the ever-increasing number of large-scale IT projects in public atministration. Following-up infamous examples such as TollCollect, the ALG2 software, INPOL-NEU, ELSTER, and last but not least the RFID enabled electronic Passport. And it will affect the data privacy and data protection of even more German citizens than any of the beforementioned systems!

I'm very pleased to announce Thomas Maus (ThoMaus), one (if not the) most prominent critical experts on the EHC as a live guest in the radio studio.

This subject is actually one that I think fits best into the idea of Chaosradio: Technical, but with vast implications on society. Even more than my last "favourite" data retention, but less than the upcoming Chaosradio show on "voting machines".

From my point of view there are too many issues currently at this border between technology, politics and society that need to be adressed. Too many to just talk about geeky technological stuff that is certainly also happening and woth covering it in Chaosradio.

Chaosradio 100: Energy consumption of the IT industry

Today we again had our monthly chaosradio live show. The subject that we picked from the list of suggested topics, and it definitely was worth doing a 3 hour show on it.

Computers always get faster. The downside of this is that they always consume more energy. From 1W of a 80386 to 15W of a Pentium I, we've now arrived at more than 100W for the latest PC CPU generations. The PowerPC architecture was quite promising for some time, but at least since the G5, power consumption is almost equal with the Intel world. About the only promising figures come from ARM based CPU designs at the moment - something that you will find in PDA's and embedded devices, but not in desktop machines.

Apart from the power consumption we're also talking a bit about the ecology in general, like the amount of energy and raw materials required to build a new PC. It is quite considerable, especially taking into account that most PC's are not used for more than two to three years.

In case you're now interested (and understand German): A recording of the live is available for download.

CCCeBIT negative award for Bundesdruckerei

The CCC has presented it's 2005 CCCeBIT negative award to the Bundesdruckerei, the formerly state-owned now-privatized company in charge of printing passports in Germany.

They are one of the strong forces in Germany behind the announced introduction of biometric information in passports. To understand this, you have to know that the law still requires passports being produced by Bundesdruckerei, even though they're now a private company.

Our Agilest 54622D mixed signal oscilloscope arrived

Due to the generous donation of TomTom, we were finally able to purchase a second hand digital oscilloscope.

The 54622D has two analog channels with 100MHz bandwidth (200Ms/s) and 16 digital channels with 200/400MS/s. The really nice features include stuff like CAN-, I2C-, USB- and SPI trigger modes :)

Let's see how this new toy is getting used to explore yet more technology...

Allnet donates network switches to CCC Berlin

In very short amount of time, two 19" rack-mountable Ethernet switches went dead at the Berlin Chaos Communication Club.

The chairman of the friendly company Allnet was immediately willing to donate two replacements. Very kind of him :)

Chaosradio 99 - Telekommunikationsueberwachungsverorndung

After about four months, the first Chaosradio radio show that I was participating in. Subject of the show was the telecommunications surveillance act (TKUeV) and the corresponding technical directive. Starting from 1st January 2005, any "provider of telecommunication services" has to provide lawful interception interfaces for government and police authorities.

The big issue is that it isn't only about providers, but about anybody who runs more than 1000 mailboxes on an email server, even if it is non-for-profit.

If you're interested in the full show, you can download it from the usual location on ftp.ccc.de.