It was my first attendance of Germany's largest hacker conference and mostly met my expectations. Prior to travelling and judging from the "Fahrplan" (that's how the overview of scheduled talks is called) hardcore tech talks had only a minor role this year which was kind of sad. So from that point of view it was a bit disappointing for me personally, as I had experienced two great technical conferences in 2012 already, REcon and a very familial and special one on binary occultism.
However, with about 6000 attendees, 29c3 was a great chance to meet people again that I knew from before, fill up some formerly pure digital contacts with real life interactions and randomly get to know new people. Shouts out to all of you who enjoyed the time spent together as much as I did.
Apart from that, in one of the workshops and over the days I obtained some basic skills of lock picking. I never thought I would enjoy it that much, but lock picking pretty much resembles my activities of reverse engineering but projected onto physical objects with a additional need for manual / mechanical skill. It's pretty much like Mastermind, I guess. I immediately bought myself some equipment and practice "materials". Maybe I will blog about my progress at a later time as well.
To be useful to my readers, here is my personal selection of some talks I visited (in chronological order) and which I would like to highlight because of their awesomeness.
SCADA Strangelove
The talk I
appreciated the most on the first day was one of the last to be held,
given by Sergey Gordeychik, Gleb Gritsai, and Denis Baranov (Project's Twitter).
While we all now that SCADA still has a lot of potential for future
catastrophes, this talk gave a nice overview on how (NOT) hard it
actually seems to pwn SCADA equipment. Very scary.
Aaron Portnoy's recent adventure
into SCADA software already gave a nice impression on the state of
security but this talk completed the picture in a very entertaining way.
Many Tamagotchis Were Harmed in the Making of this Presentation
On
the one hand, with a title like this, it was only natural to join this
talk as it implicated low level focus and hardware hacking. My
expectations were more than met when Natalie Silvanovich
explained here journey towards making her Tamagotchis the happiest in
the world and finally achieved it by setting the respective variable to
0xFFFF. ;)
Due
to Tamagotchis being hip during my time in school, I well remembered
those little plastic eggs (never owned one). Natalie outlined the
evolution of the devices since the 90ies, showing pluggable bonus
devices and explaining the IR communication capabilities of recent
releases.
Having
reversed the IR protocol gave her already plenty power to mess with the
little creatures but left some aspects unresolved that required
reversing the chip. She continued by detailing her attempts to uncover
and identify the micro controller. In probably numerous hours of work
she was able to fiddle around with the EEPROM and Figure ROM, finally
being able to extract some data such as the animations stored in this
memory.
The talk was very informative and was presented in an awesome way.
How I met your pointer
First: I have
to admit that I didn't visit that one in person because I was a bit late
at the lecture hall, but hey, I watched the live stream!
I kind of knew Carlos Garcia Prado only from Twitter before his talk. He was the first person I followed because I wanted to stay up to date on his Daemon Enterprises challenges during the time he published them. :)
His talk's topic was using binary instrumentation targeting client / server software in order to improve fuzzing.
He
started out with a very short introduction to fuzzing as being a
technique to cause crashes in proprietary software by feeding
pseudo-randomly crafted and thus hopefully invalid but acceptable
content to interfaces.
Next,
he validly argued against dumb fuzzing. As alternative approach he came
up with a comparison to biotech / protein manipulation. The binary
equivalent in that sense would be interfering with a programs DNA (code)
and partly using / altering it to create custom behaviour.
He achieved this by combining hooking and instrumentation, namely through using Detours and PIN.
Detours is used to intercept execution and save / manipulate program
state, PIN is used to differentially debug the program to spot
interesting parts / functionality.
He finally gave a demo showing his framework's functionality on a little network based crackme.
He
spiced up his presentation by including tons of pictures from various
movies and series on whose characters' identities he asked the audience
about. Correct answers were gifted with pieces of chocolate. I would
have loved to see that in person, on the stream it looks like he was
throwing pretty hard. :)
Page Fault Liberation Army or Gained in Translation
This talk by Julian Bangert and Sergey Bratus gave an excellent insight on how weird x86 actually is.
Julian
constructed a Turing complete machine just based on the behaviour of
the trap flag. Instruction set completeness is achieved by only one instruction,
case-dependent representing an arithmetic (SP decrement) or branching
(CPU double fault) operation. This is enough to represent
arbitrary programs.
It's
noticeable that using double faults in such a way is very
transcendental as such an error under normal circumstances is most
likely connected to a buggy kernel and will lead to a reboot in case the
DF handler fails (= triple fault). Therefore, it's pretty impressive
how Julian has abused the specifications of x86 to create this weird
machine.
Don't
expect this behaviour to be demonstrated easily, out of the emulation
systems tried by Julian (QEMU, Bochs, Simics, KVM, PLTSim), only Bochs
was able to show this functionality properly.
kayseriescortu.com - alacam.org - xescortun.com
ReplyDeleteçekmeköy mitsubishi klima servisi
ReplyDeletekartal samsung klima servisi
beykoz vestel klima servisi
beykoz bosch klima servisi
tuzla bosch klima servisi
ataşehir samsung klima servisi
ataşehir mitsubishi klima servisi
kadıköy bosch klima servisi
maltepe arçelik klima servisi
başakşehir
ReplyDeletebayrampaşa
beşiktaş
beykoz
beylikdüzü
TCH
mecidiyeköy
ReplyDeletesakarya
istanbul
kayseri
ordu
GRFLT
A "trip report" serves as a post-adventure reflection. Detailing experiences, challenges, and highlights, it immortalizes memories and offers insights to fellow travelers. Play VPN Game Beyond being a personal record.
ReplyDeletearnavutköy
ReplyDeleteartvin
avcılar
aydın
bağcılar
XNFBİ
etiler
ReplyDeletegümüşhane
siirt
üsküdar
karabük
PWVQYU