Trammell Hudson spoke about his spispy project, which is developing open source hardware and software for emulating SPI flash.
Modern computers store firmware in a flash memory accessible via the SPI bus. In order to write the firmware to this flash-memory, a programmer is used. But the write operation takes a considerable time, which causes firmware developers huge inconvenience. In order to get rid of this problem, there are emulators SPI flash. The spispy project is an open source SPI flash emulator with FPGA on board.
In addition to being convenient for firmware developers, this tool provides new opportunities for firmware security researchers. In particular, Trammel and Peter Bosch used it to search and exploit vulnerabilities like Time-of-check to time-of-use (TOCTOU) in the implementation of Intel Boot Guard.
Recording performance:
The Librem 5 project is well known in narrow circles. As part of this project, a smartphone is being created, which ideally should preserve the privacy of its owner and give him full control over the built-in communications and software. Purism Nicole Faerber from Purism spoke about the progress of the project, which has been going on for two years and is still far from complete.
I was especially interested in an overview of the main technical solutions of Librem 5:
Recording performance:
An excellent report on my favorite topic - on the search for vulnerabilities in operating systems.
The speaker surprised: he went out to act in the mask of Batman. He talked about the RUMP anykernel technology, which allows executing portions of NetBSD kernel code in user space. This allows you to fuzz NetBSD code without additional tools in kernel space.
As an example, Batman showed how he crafted a fuzzer on the NetBSD network stack using RUMP. By the way, this project appeared even before BSD support was added to the syzkaller fuzzer .
Recording performance:
Very good performance on hardware security.
The speakers shared their experience in researching the security of embedded systems - typical tasks, difficulties due to closed specifications, and features of the coordinated disclosure of information about hardware vulnerabilities.
In particular, researchers have uncovered several methods to bypass the protection against reading firmware. In the report, they cheerfully told how they reported these vulnerabilities to microcontroller manufacturers, and what came of it all.
Recording performance:
A truly spectacular performance about breaking locks with Bluetooth LE. And if the last time, the researchers cracked down on the "smart" padlocks, now they have set about hacking hotel access systems.
It turns out that expensive hotels in Las Vegas offer a new service - direct access to your room via online booking. The client now does not need to wait at the registration desk: booking in the application on the smartphone allows you to unlock the elevator and open the "smart" door to your room. A smartphone exchanges data with these devices connected to a single access system using Bluetooth LE.
In their report, the researchers talked about the techniques and tools that they developed during the interception of BLE traffic and the reverse development of a data exchange protocol. As a result, hacking a room on the 37th floor of a luxury hotel. It was spectacular.
Recording performance:
A sophisticated talk for cryptography enthusiasts. The topic is mixed networks.
The concept appeared in the early 80s of the last century. Mixed networks provide anonymization through multi-layer encryption and routing through a chain of independent nodes (mixes). Based on this idea, Tor technology is built. However, the original mixed networks have special properties that protect against some types of attacks to which the Tor network is exposed.
The report explains the historical reasons and shortcomings due to which mixed networks lost their popularity at the time, as well as an improved Katzenpost mixed network.
Recording performance:
ICANN (Internet Corporation for Assigned Names and Numbers) has long made it possible to use Unicode in domain names. But along with this functionality, a whole class of attacks came to light, called IDN homograph attacks. The report talks about what it is and also demonstrates attacks of this type in Signal, Telegram and Tor Browser. An interesting feature: some vendors do not want to provide technical means against homograph attacks, calling them social engineering.
Recording performance:
This report will be of interest to those interested in circuitry. Chris Gammell talked about his professional career from a beginner in circuit design to a specialist in radio engineering. He tried to compactly outline the main features and differences of high-frequency signals. I recommend watching this presentation for those who want to take their first step in creating devices with a wireless data transfer function.
Recording performance:
As one of the organizers told me, the main value of Chaos Communication Camp is not in lectures and reports, but in the opportunity to personally communicate with specialists in your subject field.
For example, I had the opportunity to participate in a meeting of Arch Linux developers. There were several reports from the project maintainers and then free communication. I was surprised to learn that this rather popular distribution lives on through the efforts of its community and does not have a corporate component.
I also found out that Arch Linux supplies a hardened kernel , the configuration for which is compiled using my kconfig-hardened-check project. The maintainers also expressed a desire to supply kconfig-hardened-check as a package as part of Arch. For this, I introduced versioning in the project.
This report presented a comprehensive approach to securing the IoT platform:
This is an interesting set of ideas that developers of embedded systems and information security specialists should pay attention to.
At the same time, in my opinion, the speaker missed such aspects as self-defense of the Linux kernel and means of increasing the security of user programs. (I indicated this at the Q&A session at the end of the presentation.)
Recording performance:
A fascinating report about an unusual way of spending leisure time - Game Jam. People alone or in small groups over the weekend create small video games on a given topic. Sebastian Morr, a game developer and pixelart artist, interestingly shared his considerable experience in participating in such competitions.
I want to note that personally I am very grateful to Sebastian for this work of his . A poster hangs on my desk, pleases my heart and reminds me of the times when the Chaos Communication Congress was held in Hamburg.
Recording performance:
A wonderful report on how the guys from the Berlin CCC hackspace pumped the LED message board. This is a hefty monochrome display that hangs at train stations and airports.
Peter Stuge (Peter Stuge) and Felix Niklas (Felix Niklas) told the whole way from the reverse of the original hardware and software to the device to its final architecture.
A lot of hardware, software and even mechanical improvements and tricks - I highly recommend watching this performance.
In addition, for a live demonstration, the speakers installed their brainchild on the stage and played videos on it. A heavy thing (I later helped lower it from the stage).
Recording performance:
Original report on visualization of large graphs.
The speaker draws a parallel between complex graphs and physical objects - snowflakes, soap bubbles, crystals and molecules. And in order to arrange the peaks and edges as beautifully as in natural objects, the researcher applies physical laws to them. It emulates the physical interaction between parts of the graph and allows the system to go into a configuration with minimal energy, where symmetry, strongly connected components, and other unexpected effects are manifested.
Recording performance:
The next CCCamp will be in only four years ...