Chaos Computer Club - recent events feed

The Vital Bracelet series is an ecosystem of interactive fitness toys, content on memory chips, and apps that talk via NFC. In this talk, we'll explore the hardware and software of the series, from its obscure CPU architecture, to how it interacts with the outside world, from dumping OTP ROMs and breaking security, to making custom firmware. The Vital Bracelet series, active from 2021 to 2024, was a line of toys that revolved around a number of fitness bracelets that encouraged exercise by raising characters from the Digimon series, and expanding into tokusatsu and popular anime characters later. Think of it as Tamagotchi, but nurturing through exercise instead of button presses. In this presentation, we'll look at the different parts of this series' ecosystem, how they work, and the different ways to circumvent various security measures and customize the devices' behavior. We start by looking at the first Vital Bracelet, with a quick introduction to hardware reverse engineering and how to dump firmware out of flash. Following that, we will take a look at the microcontroller used in the devices, and its obscure instruction set architecture. This will lead into an exploration of how to reverse engineer code when you are missing a significant portion of it, and how the embedded ROM was dumped. After this, we will look at the DRM applied to content, and how it was circumvented. Next, the device's NFC capabilities will be explored. With the release of the Vital Bracelet BE, which introduced upgradable firmware, came new challenges and opportunities. We will take a look at the new content format and additional DRM measures it incorporated, plus how the device's bootloader was dumped despite its signature verification scheme. Finally, we will take a look at the process for modding the various Vital Bracelet releases, and some techniques to use while writing patches. The material in this talk can be applied beyond just the Vital Bracelet series, and can be useful if you want to explore other electronic toys, or just hardware reverse engineering in general. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/be-modded-exploring-and-hacking-the-vital-bracelet-ecosystem

Bike- and e-bike-sharing promise sustainable, equitable mobility - but what makes these systems successful? Despite hundreds of cities operating thousands of shared bikes, trip data is rarely public. To address this, we built a geospatial analysis pipeline that reconstructs trip data from publicly accessible system status feeds. Using this method, we gathered **43 million km** of bike-sharing trips across **268 European cities**. Combined with over **100 urban indicators** per city, our analyses reveal how infrastructure, climate, demographics, operations, and politics shape system performance. We uncover surprising insights - such as why some e-bike systems underperform despite strong demand - and highlight how cities can design smarter, fairer mobility. All data and code are open-source, with an interactive demo at [dataviz.nefton.de](https://dataviz.nefton.de/). We are Felix, Georg, and Martin - each of us working professionally in different research and data areas, ranging from the future of mobility to computational fluid dynamics and machine learning. What unites us is our shared interest in **quantitative traffic analyses**. Building on earlier small-scale studies focused on individual cities, we set out to launch a project that captures shared bike system data across Europe - from regular bikes to e-bikes. In our study, which led to an **[open-access scientific publication](https://doi.org/10.1007/s11116-025-10661-2)**, we scraped shared bike data across Europe at a **minute-by-minute level** over many months, accumulating **more than 43 million records**. We analyze **behavioural and systemic patterns** to understand what makes a bike-sharing system useful and successful within a city. As such, this evidence-based research fits very well with the **39C3 Science track** and the theme of "**Power Cycles**" as we dissect the complex energy and usage cycles that define urban mobility and sustainable futures for everyone. We bridge the gap between urban planning, socioeconomics, and technology by applying statistical modeling and engineering knowledge to a large-scale mined dataset. Join us to learn whether right-wing politics stall sustainable mobility, or which climate e-bikes feel most comfortable in! We love going the extra mile and therefore provide a live, interactive demo that everyone can use to explore and understand traffic flows: [dataviz.nefton.de](https://dataviz.nefton.de). Therefore, attendees will be able to play with the data in a self-service way. We also provide all code on GitHub and the complete dataset on HuggingFace. And, of course, we will also discuss how both bike-sharing operators and our boss reacted when we told them about the dataset we already had collected (spoiler: lawyers were involved, yet it’s still available for downloads…). Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/what-makes-bike-sharing-work-insights-from-43-million-kilometers-of-european-cycling-data

when datasets are scaled up to the volume of (partial) internet, together with the idea that scale will average out the noise, large dataset builders came up with a human-not-in-the-loop, cheaper-than-cheap-labor method to clean the datasets: heuristic filtering. Heuristics in this context are basically a set of rules came up by the engineers with their imagination and estimation to work best for their perspective of “cleaning”. Most datasets use heuristics adopted from existing ones, then add some extra filtering rules for specific characteristics of the datasets. I would like to invite you to have a taste together of these silent, anonymous yet upheld estimations and not-guaranteed rationalities in current sociotechnical artifacts, and on for whom these estimations are good-enough, as it will soon be part our technological infrastructures. In 1980s, non-white women’s body size data was categorized as dirty data when establishing the first women's sizing system in US. Now in the age of GPT, what is considered as dirty data and how are they removed from massive training materials? Datasets nowadays for training large models have been expanded to the volume of (partial) internet, with the idea of “scale averages out noise”, these datasets were scaled up by scrabbling whatever available data on the internet for free then “cleaned” with a human-not-in-the-loop, cheaper-than-cheap-labor method: heuristic filtering. Heuristics in this context are basically a set of rules came up by the engineers with their imagination and estimation that are “good enough” to remove “dirty data” of their perspective, not guaranteed to be optimal, perfect, or rational. The talk will show some intriguing patterns of “dirty data” from 23 extraction-based datasets, like how NSFW gradually equals to NSFTM (not safe for training model), and reflect on these silent, anonymous yet upheld estimations and not-guaranteed rationalities in current sociotechnical artifacts, and ask for whom these estimations are good-enough, as it will soon be part our technological infrastructures. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/a-media-almost-archaeology-on-data-that-is-too-dirty-for-ai

Learn how to find your position using a sextant and a custom slide rule, almost no math required! Since the dawn of time people have asked themselves: where am I and why am I here? This talk won't help you answer the why question, but it will discuss how determine the where in the pre-GPS age of sextants, slide rules and stopwatches by taking the noon sight, aka the meridian passage. The usual way to find your position using the Sun requires a large almanac of lookup tables and some challenging math. The books are frustrating to consult on every sight and the base 60 degree-minute-second math is frustrating even with a calculator, and if you're on a traditional ship it seems wrong to do traditional navigation with electronic devices. To speed up the process I’ve designed a specialized circular slide rule that handles most of the table lookups to correct height of eye, semi-diameter, temperature, refraction and index errors, and also simplifies the degree-minute-second arithmetic required to calculate the exact declination of the Sun. In this talk I’ll demonstrate how to make your own printable paper slide rule and use it to reduce the meridian passage measurement to a lat/lon with just a few rotations of the wheels and pointer, no electronics or bulky books necessary! Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/celestial-navigation-with-very-little-math

"Wir gehen nach Karlsruhe!“ – das klang vor zehn Jahren nach Aufbruch und juristischem Hack. Heute ist klar: Strategische Prozessführung ist kein Sprint, sondern ein zähes, manchmal frustrierendes Dauerprojekt. In diesem Talk ziehen wir Bilanz: Was haben wir mit zivilgesellschaftlichen Verfassungsbeschwerden im Bereich Technologie erreicht – und wo sind wir gescheitert? Welche Fehler würden wir heute vermeiden, welche Wege waren richtig? Und was bedeutet es, wenn das höchste deutsche Gericht zunehmend weniger Lust auf digitalpolitische Grundrechtsfragen zeigt? Ein realistischer Blick hinter die Kulissen strategischer Klagen – und die Frage: Wie hackt man das Rechtssystem im Jahr 2025? Wenn Gesetze Grundrechte verletzen, warum nicht das Bundesverfassungsgericht hacken – mit Strategie, Teamwork und guter Begründung? Aus dieser Idee ist inzwischen ein zentrales Werkzeug zivilgesellschaftlicher Gegenmacht geworden: Strategische Prozessführung. Das Prinzip ist einfach: Gesetze nicht nur kritisieren, sondern systematisch angreifen, mit gezielten Verfassungsbeschwerden gegen Überwachung, Zensur und staatliche Eingriffe in die digitale Freiheit. Seitdem hat sich viel getan. Organisationen wie die Gesellschaft für Freiheitsrechte (GFF) haben den Weg nach Karlsruhe professionalisiert und Verfahren angestoßen, die viele aus den Nachrichten kennen: gegen die Vorratsdatenspeicherung, gegen das BND-Gesetz zur Auslandsüberwachung, gegen den Einsatz von Palantir, und gegen den Einsatz von Staatstrojanern. Einige dieser Verfahren waren erfolgreich und haben Gesetze gekippt. Andere sind krachend gescheitert – oder hängen seit Jahren in Karlsruhe fest. Dabei zeigt sich: Der Weg zum Urteil wird härter, die Erfolgsaussichten kleiner, und das Verfassungsgericht ist nicht mehr der progressive Motor, der es mal war. Dieser Talk zieht eine ehrliche Bilanz: Was bringt strategische Prozessführung wirklich? Was lässt sich aus Erfolgen und Misserfolgen lernen? Welche Fälle lohnen sich – und wo wird der Rechtsweg zur Sackgasse? Und wie verschiebt sich das Ganze inzwischen auf die europäische Ebene – wo neue Schauplätze wie der Digital Services Act oder der AI Act warten? Keine juristische Vorlesung, sondern ein Erfahrungsbericht aus zehn Jahren digitaler Grundrechtsarbeit. Es geht um Taktik, Fehlentscheidungen, unerwartete Allianzen – und um die Frage, wie man auch heute noch im Rechtssystem rütteln kann, wenn die Türen in Karlsruhe enger werden. Der Vortrag wird gehalten von Simone Ruf und Jürgen Bering von der Gesellschaft für Freiheitsrechte. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/hacking-karlsruhe-10-years-later

Data about greenhouse gas emissions, both from countries and individual factories, is often publicly available. However, the data sources are often not as accessible and reliable as they should be. EU emission databases contain obvious flaws, and nobody wants to be responsible. Which factory in my city is the largest emitter of CO2? Which industrial sector is responsible for the largest share of a country's contribution to climate change? It should not be difficult to answer these questions. Public databases and reporting required by international agreements usually allow us to access this data. However, trying to access and work with these datasets — or, shall we say, Excel tables — can be frustrating. UN web pages that prevent easy downloads with a "security firewall", barely usable frontends, and other issues make it needlessly difficult to gain transparency about the sources of climate pollution. While working with official EU datasets, the speaker observed data points that could not possibly be true. Factories suddenly dropped their emissions by orders of magnitude without any explanation, different official sources report diverging numbers for the same emission source, and responsible European and National authorities appear not to care that much. The talk will show how to work with relevant greenhouse gas emission data sources and how we can access them more easily by converting them to standard SQL tables. Furthermore, we will dig into some of the strange issues one may find while investigating emission datasets. # Background / Links * Why is it needlessly difficult to access UNFCCC Emission Data? https://industrydecarbonization.com/news/why-is-it-needlessly-difficult-to-access-unfccc-emission-data.html * UNFCCC Emission Data Downloads: https://industrydecarbonization.com/docs/unfccc/ * Code (Docker, MariaDB/MySQL, phpMyAdmin) to easily access EU emisison data: https://github.com/decarbonizenews/ghgsql Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/greenhouse-gas-emission-data-public-difficult-to-access-and-not-always-correct

3D-Printers have given us all the unprecedented ability to manufacture mechanical parts with a very low barrier to entry. The only thing between your idea and its physical manifestation is the process of designing the parts. However, this is actually a topic of incredible depth: Design engineering is a whole discipline to itself, built on top of tons and tons of heuristics to produce shapes that are functional, strong, and importantly: well-manufacturable In this talk, I will present the rules for designing well-printable parts and touch on other areas of design considerations so you can learn to create parts that work first try and can be reproduced by others on their 3d-printers easily. Over the years, the 3d-printing community has discovered many tricks and rules that help creating parts that can be printed well and fulfill their purpose as best as possible. I started collecting these rules and wrote an article guide to make this knowledge more accessible. I want to present the most important principles and the mindset that is needed to achieve perfected design. This is not about how to use a CAD program to design a part — but rather about the thought process of the design engineer while drawing up a part. A though process that consists of compromises between many objectives, of heuristic rules, and many neat little tricks. The article that this talk is based on can be found on my blog: https://blog.rahix.de/design-for-3d-printing/ Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/design-for-3d-printing

The talk is about the ideas behind setting up the David Graeber Institute and the Museum of Care. The Survival Kit Collection brings together collectives developing open source "social technologies" —spirulina farms, self-replicating 3D printers, modular housing, low-cost water systems, and ... art and education. In 2019, together with David Graeber, we held the first workshop about the Museum of Care at CCC to reimagine the relation between freedom, technology and value. Over these 6 years, the Museum of Care and the David Graeber Institute have experimented with various projects: the survival collection, Visual Assembly, and creating an open space for horizontal knowledge production—something we hope to develop into an actual University. We think humanity could already be living in a society of abundance and communal luxury. We have the technologies to produce enough for everyone to have everything. The issue isn't technological but social. This is why we need a Museum (of Care): museums are among the few places that create, distribute, and preserve what a society values. What will be at the session: We'll tell in more detail about the concept of the Museum of Care on abandoned ships (of which, according to Maritime Foundation data, there are more than 4,500 in the world). We'll talk about the halls of our museum: the Hall of Giants and other emerging spaces. Projects we're building—spirulina farms, 3D printers—in Saint Vincent (Caribbean) and Kibera Art District, Nairobi Kenya, Playground designed that communities can construct with nearly no resources. Can we actually build a nomadic museum proud not of its unique exhibits but of how easily they spread and get replicated? Then we will move to an open conversation about what poetic technologies are and how they differ from bureaucratic ones. Some people may have read David Graeber's book The Utopia of Rules; here you can download his other texts that are less widely known or not yet published. We would very much like to explore the question of poetic and bureaucratic technologies together with you. To facilitate this discussion, the David Graeber Institute has invited Alistair Parvin, creator of the Wiki House project, to join Nika Dubrovsky in conversation. The discussion continues in the format of a Visual Assembly—focused on building a distributed, non-hierarchical, genuinely open University with different ideas of funding and knowledge production. This is the very beginning of the process so all input is very much welcome. We'd welcome any ideas, critiques, or proposals for collaboration. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/the-museum-of-care-open-source-survival-kit-collection

Lightning Talks - Tag 3 - **Lightning Talks Introduction** - **"Oma, erzähl mir von der Zukunft" oder: Wie wir weiter interessante Sachen machen, ohne den Planeten zu ruinieren 🌱** — *EstherD* - **Don't abuse the ecosystem** — *michele* - **The Climatepoetry.org video tool** — *Magnus Ahltorp* - **Neo-Kolonialismus & Katzenbilder - Installation zur Lieferkette von GenAI** — *Stefan, Yannik & Rike* - **Build social inventories with StashSphere** — *Maximilian Güntner* - **Invitation to the Fermentation Camp "Kvas 2026"** — *algoldor* - **Stretching nginx to its limits: a music player in the config file** — *Eloy* - **2D Graphics Creation with Graphite - How to build a hackable graphics Editor** — *Dennis Kobert* - **The Modulator: a Custom Controller for Live Music Performance** — *Jakob Kilian* - **Find hot electronic devices for cheap using Lock-In Thermography** — *Clemens Grünewald* - **Those Who Control** — *Andreas Haupt* - **SearchWing - Search&Rescue Drones** — *searchwing team* - **Hacking ID3 MP3 Metadata** — *Danilo Erazo* - **Genetic engineering with CRISPR/Cas9: how far are we today from biopunk?** — *Dmytro Danylchuk* - **Discovering the Orphan Source Village** — *Martin Hamilton* - **kicoil - generate planar coils in any shape for PCBs and ICs** — *jaseg* - **Trade Offer: Pentest Data for CTF Points** — *Sebastian* - **Soziologische Gabentheorie - Grundlage für die Bewertung von Social Media?** — *sozialwelten* - **WissKomm Wiki - Bibliothek für Videos und Podcasts** — *TimBorgNetzWerk* - **Shitty Robots** — *Neo* - **Lightning** — *Vi* Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/lightning-talks-tag-3

We went on Kleinanzeigen and started a non-profit semiconductor lab. We created a space to do the kind of research we've always wanted, but couldn't do at our local hackerspaces - either due to space constraints, or lack of structures allowing for a safe operation of a proper lab. -- This video was independently recorded & produced by dmi about this event: https://events.ccc.de/congress/2025/hub/en/event/detail/fafo-how-we-stopped-worrying-and-bought-an-electro

KIs (bzw. LLMs) wirken immer menschlicher. Schon längst ist es schwer bis unmöglich zu erkennen, ob ein Text von einer KI oder einem Menschen geschrieben wurde. Maschinen dringen immer mehr in den menschlichen Diskurs ein. Wir wollen das nicht länger hinnehmen und drehen den Spieß um. In unserem Reverse-Turing-Test schlüpfen die Teilnehmenden in die Rolle einer KI und versuchen so robotisch-menschlich wie möglich zu klingen. In einer anschließenden Blindstudie prüfen wir, wer sich am besten unter KIs mischen und beim nächsten Robot Uprising die Spionin der Wahl wäre. Humor, Kreativität und ein Hang zu allgemeingültigen, nichtssagenden Floskeln sind die perfekten Voraussetzungen! Ein digitales Endgerät (Smartphone, Tablet, Laptop, …) reicht zum Mitspielen aus. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/gptdash-der-reverse-turing-test

Join bleeptrack for a deep dive into the fascinating world of procedural generation beyond the screen. From stickers and paper lanterns to PCBs, furniture, and even physical procedural generators, this talk explores the challenges and creative possibilities of bringing generative projects into tangible form. In this talk, I will share practical insights from developing procedural generation tools for physical objects: ranging from stickers and paper lanterns to printed circuit boards and even furniture. I will outline key challenges and considerations when generating designs for fabrication tools such as laser cutters or pen plotters, as well as how to adapt procedural systems so they can be reproduced by a wide audience (not everyone has access to CNC machines or industrial equipment, sadly!). Beyond technical considerations, I aim to encourage attendees to translate their own generative ideas into tangible artifacts and to foster a culture of open-sourcing and knowledge sharing within the community. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/code-to-craft-procedural-generation-for-the-physical-world

The TitanM2 chip has been central to the security of the google pixel series since the Pixel 6. It is based on a modified RISC-V design with a bignum accelerator. Google added some non standard instructions to the RISC-V ISA. This talk investigates the reverse engineering using Ghidra, and simulation of the firmware in python. I will discuss the problems encountered while reverse engineering and simulating the firmware for the TitanM2 security chip, found in the Google Pixel phones. I'll discuss how to obtain the firmware. Talk about the problems reverse engineering this particular binary. I show how you can easily extend ghidra with new instructions to get a full decompilation. Also, I wrote a Risc-V simulator in python for running the titanM2 firmware. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/reverse-engineering-the-pixel-titanm2-firmware

The Emergency Alert System (EAS) and its SAME (Specific Area Message Encoding) protocol are public alerting technologies that broadcast short digital bursts over VHF triggering emergency messages on millions of receivers across North America. In Mexico, this technology was integrated into the Seismic Alert System (SASMEX) which more than 30 million people in the central part of the country rely on to prepare for frequent earthquakes. While new alerting technologies have emerged, the EAS-SAME network continues to play an important role for public safety in the U.S., Mexico, and Canada. Yet, the same small packets of bits that can help protect a city could also, in the wrong hands, destabilize it. This talk examines how these systems operate and reveals a troubling truth: spoofing these alerts is far easier than most people expect. In this talk, we’ll begin by contextualizing the importance of the seismic alert in Mexico City, a system born from the devastating 1985 earthquake. We’ll examine how it was designed, how it works, and why it carries such a deep psychological impact. From there, we’ll explore the history and design of Weather Radio and the SAME protocol, looking at how messages are transmitted and encoded through this technology, and how it was later adapted for SASMEX. I’ll also share my personal experience building compatible receivers, from early open-source experiments that inspired local manufacturers to create government-certified devices, to developing a receiver as part of my undergraduate thesis. We’ll analyze how simplicity, one of the key strengths of these systems, also introduces certain risks, and how these trade-offs emerge when dealing with accessibility, interoperability, and security in system design. Finally, I’ll demonstrate how to receive, decode, and encode these alert messages, and discuss how, with the right equipment, it’s possible to generate such alert signals. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/the-small-packet-of-bits-that-can-save-or-destabilize-a-city

What happens when AI-powered criminals meet AI-powered hunters? A technical arms race where both sides are vibing their way through exploitation—and the backdoors write themselves. In October 2025, we investigated Taiwan's fake delivery scam ecosystem targeting convenience store customers. What started as social engineering on social media became a deep dive into two distinct fraud platforms—both bearing the unmistakable fingerprints of AI-generated code. Their developers left more than just bugs: authentication flaws, file management oversights, and database implementations that screamed "I asked LLM and deployed without reading." We turned their sloppiness into weaponized OSINT. Through strategic reconnaissance, careful database analysis, and meticulous operational security, we achieved complete system access on multiple fraud infrastructures. By analyzing server artifacts and certificate patterns, we mapped 100+ active domains and extracted evidence linking thousands of victim transactions worth millions of euros in fraud. But here's the twist: we used the same AI tools they did, just with better prompts. The takeaway isn't just about hunting scammers—it's about the collapse of the skill gap in both offense and defense. When vibe coding meets vibe hacking, the underground economy democratizes in ways we never anticipated. We'll share our methodology for fingerprinting AI-assisted crime infrastructure, discuss the ethical boundaries of counter-operations, and demonstrate how to build sustainable threat intelligence pipelines when your adversary can redeploy in 5 minutes. This talk proves that in 2025, the real exploit isn't zero-day—it's zero-understanding. Our journey began with a simple question: why are so many people losing money to fake convenience store delivery websites? The answer led us through two distinct criminal architectures, both exhibiting characteristics of large language model–assisted development. Case 1 ran on PHP with backup artifacts exposing implementation details and query manipulation opportunities. The installation package itself contained pre-existing access mechanisms—whether this was developer insurance or criminal-on-criminal sabotage remains unclear. We leveraged initial access to bypass security restrictions using protocol-level manipulation and extracted gigabytes of operational data. Case 2 featured authentication bypass vulnerabilities that granted direct administrative access. The backend structure revealed copy-pasted code patterns without proper security implementation. Throughout both systems, we observed telltale signs of AI-generated code: verbose documentation in unexpected languages, inconsistent coding patterns, textbook-like naming conventions, and theoretical security implementations. Even the UI revealed LLM fingerprints—overly polished component layouts, placeholder text patterns, and design choices that felt distinctly "tutorial-like." These weren't experienced developers—they were operators deploying what LLMs gave them without understanding the internals. The irony? We used AI extensively too: for data parsing, pattern recognition, attack surface mapping, and intelligence queries. The difference was intentionality—we understood what the output meant. Using open-source intelligence platforms and carefully crafted fingerprints, we mapped over a hundred active domains following similar patterns. Each one shared the same architecture, the same weaknesses, the same developer mistakes. This repeatability became our advantage. When scammers can redeploy infrastructure in days, you don't attack individual sites—you automate the entire reconnaissance-to-evidence pipeline. This talk demonstrates practical techniques for mass-scale fraud infrastructure fingerprinting, operational security considerations when investigating active criminal operations, and methods to recognize AI-generated code patterns that reveal threat actor sophistication. We'll discuss the ethical boundaries of counter-fraud operations and evidence preservation for law enforcement, along with automation strategies for sustainable threat intelligence when adversaries rebuild faster than you can report. The demonstration will show how to go from a single suspicious domain to a network map of 100+ sites and thousands of victim records—using tools available to any researcher. This isn't a story about elite hackers versus criminal masterminds. It's about two groups equally reliant on AI vibing their way through technical problems—one for fraud, one for justice. The skill barrier has collapsed. The question now is: who has better context, better ethics, and better coffee? Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/when-vibe-scammers-met-vibe-hackers-pwning-phaas-with-their-own-weapons

Xous is a message-passing microkernel implemented in pure Rust, targeting secure embedded applications. This talk covers three novel aspects of the OS: hardware MMU support (and why we had to make our own chip to get this feature), how and why we implemented the Rust standard library in Rust (instead of calling the C standard library, like most other Rust platforms), and how we combine the power of Rust semantics with virtual memory to create safe yet efficient asynchronous messaging primitives. We conclude with a short demo of the OS running on a new chip, the "Baochip-1x", which is an affordable, mostly-open RTL SoC built in 22nm TSMC, configured expressly for running Xous. The world is full of small, Internet-of-Things (IoT) gadgets running embedded operating systems. These devices generally fall into two categories: larger devices running a full operating system using an MMU which generally means Linux, or smaller devices running without an MMU using operating systems like Zephyr, chibios, or rt-thread, or run with no operating system at all. The software that underpins these projects is written in C with coarse hardware memory protection at best. As a result, these embedded OSes lack the security guarantees and/or ergonomics offered by modern languages and best practices. The Xous microkernel borrows concepts from heavier operating systems to modernize the embedded space. The open source OS is written in pure Rust with minimal dependencies and an emphasis on modularity and simplicity, such that a technically-savvy individual can audit the code base in a reasonable period of time. This talk covers three novel aspects of the OS: its incorporation of hardware memory virtualization, its pure-Rust standard library, and its message passing architecture. Desktop OSes such as Linux require a hardware MMU to virtualize memory. We explain how ARM has tricked us into accepting that MMUs are hardware-intensive features only to be found on more expensive “application” CPUs, thus creating a vicious cycle where cheaper devices are forced to be less safe. Thanks to the open nature of RISC-V, we are able to break ARM’s yoke and incorporate well-established MMU-based memory protection into embedded hardware, giving us security-first features such as process isolation and encrypted swap memory. In order to make Xous on real hardware more accessible, we introduce the Baochip-1x, an affordable, mostly-open RTL 22nm SoC configured expressly for the purpose of running Xous. The Baochip-1x features a Vexriscv CPU running at 400MHz, 2MiB of SRAM, 4MiB of nonvolatile RRAM, and a quad-core RV32E-derivative I/O accelerator called the “BIO”, based on the PicoRV clocked at 800MHz. Most Rust targets delegate crucial tasks such as memory allocation, networking, and threading to the underlying operating system’s C standard library. We want strong memory safety guarantees all the way down to the memory allocator and task scheduler, so for Xous we implemented our standard library in pure Rust. Adhering to pure Rust also makes cross-compilation and cross-platform development a breeze, since there are no special compiler or linker concerns. We will show you how to raise the standard for “Pure Rust” by implementing a custom libstd. Xous combines the power of page-based virtual memory and Rust’s strong borrow-checker semantics to create a safe and efficient method for asynchronous message passing between processes. This inter-process communication model allows for easy separation of different tasks while keeping the core kernel small. This process maps well onto the Rust "Borrow / Mutable Borrow / Move" concept and treats object passing as an IPC primitive. We will demonstrate how this works natively and give examples of how to map common programming algorithms to shuttle data safely between processes, as well as give examples of how we implement features such as scheduling and synchronization primitive entirely in user space. We conclude with a short demo of Xous running on the Baochip-1x, bringing Xous from the realm of emulation and FPGAs into everyday-user accessible physical silicon. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/xous-a-pure-rust-rethink-of-the-embedded-operating-system

Generative AI models don't operate on human languages – they speak in **tokens**. Tokens are computational fragments that deconstruct language into subword units, stored in large dictionaries. These tokens encode not only language but also political ideologies, corporate interests, and cultural biases even before model training begins. Social media handles like *realdonaldtrump*, brand names like *louisvuitton*, or even *!!!!!!!!!!!!!!!!* exist as single tokens, while other words remain fragmented. Through various artistic and adversarial experiments, we demonstrate that tokenization is a political act that determines what can be represented and how images become computable through language. Tokens are the fragments of words that generative models use to process language, the step that breaks text into subword units before any neural networks are involved. There are 51 ways to combine tokens to spell the word giraffe using existing vocabulary: from a single token **giraffe** to splits using multiple tokens like *gi|ra|ffe*, *gira|f|fe*, or even *g|i|r|af|fe*. In one experiment, we hijacked the prompting process and fed token combinations directly to text-to-image models. With variations like *g|iraffe* or *gir|affe* still generating recognizable results, our experiments show that the beginning and end of tokens hold particular semantic weight in forming giraffe-like images. This reveals that certain images cannot be generated through prompting alone, as the tokenization process sanitizes most combinations, suggesting that English, or any human language, is merely a subset of token languages. The talk features experiments using genetic algorithms to reverse-engineer prompts from images, respelling words in token language to change their generative outcomes, and critically examining token dictionaries to investigate edge cases where the vocabulary breaks down entirely, producing somewhat *speculative languages* that include strange words formed at the edge of chaos where English meets token (non-)sense. These experiments show that even before generation occurs, token dictionaries already encode a stochastic worldview, shaped by the statistical frequencies of their training data – dominated by popular culture, brands, platform-speak, and *non-words*. Tokenization is, therefore, a political act: it defines what can be represented and how the world becomes computationally representable. We will look at specific tokens and ask: Which models use which vocabularies? What *non-word* tokens are shared among models? And how do language models make sense of a world using a language we do not understand? Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/51-ways-to-spell-the-image-giraffe-the-hidden-politics-of-token-languages-in-generative-ai

We pointed a commercial-off-the-shelf satellite dish at the sky and examined all of the geostationary satellite communications visible from our vantage point. A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure, internal corporate and government communications, private citizens’ voice calls and SMS, and consumer Internet traffic from in-flight wifi and mobile networks. In this talk, we will cover our hardware setup, alignment techniques, our parsing code, and survey some of the surprising finds in the data. This talk will include some previously unannounced results. This data can be passively observed by anyone with a few hundred dollars of consumer-grade hardware. There are thousands of geostationary satellite transponders globally, and data from a single transponder may be visible from an area as large as 40% of the surface of the earth. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/don-t-look-up-there-are-sensitive-internal-links-in-the-clear-on-geo-satellites

Milliarden von Kameras produzieren täglich Bilder, die zunehmend von Maschinen analysiert werden. In dieser Lecture Performance beleuchten wir die Entwicklung des maschinellen Sehens – von den frühen algorithmischen Ansätzen bis zu den heutigen Anwendungen – und schauen, wie verschiedene Künstler:innen diese Technologien nutzen und reflektieren. Anhand der beiden Arbeiten „Throwback Environment” und „Fomes Fomentarius Digitalis” betrachten wir die Nutzung des maschinellen Sehens in einem künstlerischen Feedback-Loop. Die Arbeiten machen sichtbar, was die eingesetzten Algorithmen sehen und in welchen Mustern sie operieren. Unmengen an Bilder werden Täglich in die Netzwerke hochgeladen. Doch nicht nur Menschen betrachten diese Bilder, auch Maschinen analysieren und „betrachten" sie. Wie funktioniert dieses maschinelle „Sehen" und wie wurde dieses den Computern beigebracht? Diese Lecture Performance gibt einen Überblick über die Entwicklung des maschinellen Sehens. Nach einem kurzen Einblick in die geschichtliche Entwicklung – von den ersten Ansätzen bis zu heutigen Anwendungen – betrachten wir, wie diese Technologien in unterschiedlichsten künstlerischen Arbeiten eingesetzt werden. Was reflektieren diese Arbeiten jenseits der reinen Anwendung von Machine Vision Algorithmen? Anhand der beiden Arbeiten "Throwback Environment" und "Fomes Fomentarius Digitalis" betrachten wir, wie Machine Vision in einem künstlerischen Feedbackloop genutzt worden ist und wie uns dies Perspektiven auf die Funktionsweise dieser Algorithmen eröffnet. Die Arbeiten machen sichtbar, was die Eingesetzten Alghorithmen sehen, in welchen Mustern sie operieren. Sie zeigen auch, wo ihre Grenzen liegen und was das ganze mit Baumpilzen zu tun hat. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/machine-vision-vom-algorithmus-zum-baumpilz-im-digitalen-metabolismus

"Don't roll your own crypto" is an often-repeated aphorism. It's good advice -- but then how does any cryptography get made? Writers of cryptography code like myself write code with bugs just like anyone else, so how do we take precautions against our own mistakes? In this talk, I will give a peek into the cryptographer's toolbox of advanced techniques to avoid bugs: targeted testing, model checking, mathematical proof assistants, information-flow analysis, and more. None of these techniques is a magic silver bullet, but they can help find flaws in reasoning about tricky corner cases in low-level code or prove that higher-level designs are sound, given a defined set of assumptions. We'll go over some examples and try to give a high-level feel for different workflows that create "high-assurance" code. Whether you know it or not, you use this type of cryptography code every day: in your browser, your messaging apps, and your favorite programming language standard libraries. Over the last 10 years or so, using mathematical proof assistants and other formal-logic tools for cryptography code has gone from a relatively new idea to standard practice. I've been lucky enough to have a front-row seat to that transformation, having started doing formal-methods research in 2015 and then switched to a focus on cryptography implementation since 2021. Code from my master's thesis project, ["fiat-crypto"](https://github.com/mit-plv/fiat-crypto), is [included](https://andres.systems/fiat-crypto-adoption.html) in every major browser as well as AWS, Cloudflare, Linux, OpenBSD, and standard crypto libraries for Go, Zig, and Rust (RustCrypto, dalek). In addition to verifying code correctness, designers of high-level protocols like Signal's recently announced post-quantum ratchet increasingly use mathematical tools (ProVerif in Signal's case) to check their work. Despite the growing popularity of these formal techniques and their relevance to personal information security, few people are aware of them, and they maintain a reputation for being hard to learn and esoteric. I'd like to demystify the topic and show examples of how anyone can use proof assistants in small, standalone ways as part of the coding or design process. My hope is that next time a colleague asks for review of a complex high-speed bit-twiddling algorithm, instead of staring at the code line-by-line, attendees of my talk will know they can write a computer-checked proof to confirm or deny that the algorithm achieves its intended result. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/how-to-minimize-bugs-in-cryptography-code

Textiles are everywhere, yet few of us know how they’re made. This talk aims to give you an overview over the complete transformation from fiber to finished textile. We'll be exploring fiber properties, spinning, and techniques like weaving, knitting, crochet, braiding, and knotting, followed by finishing methods such as dyeing, printing, and embroidery. You’ll learn why not only fiber but also structure matters, and how to make or hack textiles on your own without relying on fast fashion or industrial tools. Textiles play an integral part in our daily lives. If you’re reading this, chances are you’re wearing clothes or have some form of fabric within arm’s reach. Yet despite how common and essential textiles are, few of us know how they actually come to be. How do we go from a plant, animal, or synthetic polymer to a fully finished piece of clothing? This talk unravels the full transformation pipeline of textiles: starting with fibers and their properties, then spinning them into yarn, turning that yarn into textiles through weaving, knitting, crochet, braiding, knotting, and other techniques, and finally finishing them through printing, embroidery, dyeing, or bleaching. Along the way, you’ll learn why your “100% cotton” garments can feel completely different despite being made of the same fiber, how structure matters just as much as material, and what environmental impact different choices have. Whether you want to make your own textiles, hack existing ones, or finally understand why that wool sweater you washed too hot is now tiny, this talk is a crash course in most things textile, and a reminder that you don’t need industrial machinery or fast fashion to create something on your own. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/textiles-101-fast-fiber-transform

CSS is a programming language, and you can make games in it. Let's install NoScript and make some together! This talk is about how HTML and CSS can be used to make interactive art and games, without using any JS or server-side code. I'll explain some of the classic Cohost CSS Crimes, how I made [CSS Clicker](https://lyra.horse/css-clicker/), and what's next for the CSS scene. I hope this talk will teach and/or inspire you to make cool stuff of your own! --- *Content notes:* - Slides feature animations and visual effects - Short video clip (with music) will be played - Clicker sound at the end of the talk --- Slides will be available after the talk at: [https://lyra.horse/slides/#2025-congress](https://lyra.horse/slides/#2025-congress) Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/css-clicker-training-making-games-in-a-styling-language

Zwischen offenen Briefen, Massenmails, Petitionen und Kaffee trinken : Zwei Ex-Insiderinnen aus dem Digitalausschuss und Bundestag erzählen, wie politische Einflussnahme wirklich funktioniert. Ein ehrlicher Blick hinter die Kulissen parlamentarischer Entscheidungsfindung – mit praktischen Tipps, wie die Zivilgesellschaft ihre Energie dort einsetzt, wo sie wirklich Wirkung entfaltet. Ziel des Talks ist es, ein realistisches Bild davon zu vermitteln, wie parlamentarische Entscheidungsfindung funktioniert – und praktische Hinweise zu geben, wie man Einfluss nehmen kann, ohne dabei Ressourcen zu verschwenden. Wie bringt man politische Prozesse in Bewegung? Was passiert eigentlich mit einer Mail, wenn sie an einen Abgeordneten geht? Und wie unterscheidet sich konstruktive Interessenvertretung von übergriffigem Lobbyismus? In diesem Talk berichten Anna Kassautzki (Mitglied des Bundestags von 2021 bis 2025, stellvertretende Vorsitzende des Digitalausschusses 20. LP) und Rahel Becker (ehemalige wissenschaftliche Mitarbeiterin Digitales) aus der Innenperspektive parlamentarischer Arbeit. Chatkontrolle, Data Act, Recht auf Open Data, DSGVO, es gab viel zu verhandeln in der letzten Legislaturperiode. Anna und Rahel waren mittendrin und geben einen Einblick in die hektische - teils absurde Kommunikation mit Interessenvertretungen. Dabei liegt der Fokus immer auf der Frage: Welche Strategien braucht es, damit zivilgesellschaftliche Arbeit nicht verpufft? Zugleich geht es um die strukturellen Fragen: Wo sind die Flaschenhälse für politischen Fortschritt? Wie priorisieren Abgeordnete in einem überfüllten Kalender? Und welche Hebel kann die (digitale) Zivilgesellschaft sinnvoll nutzen, um Gehör zu finden? Denn gerade in Zeiten massiver digitalpolitischer Herausforderungen ist informierte, strategische Beteiligung notwendiger denn je. Ein Vortrag für alle, die sich in politische Prozesse einmischen wollen. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/power-cycles-statt-burnout-wie-einflussnahme-nicht-verpufft

Was passiert, wenn staatliche Domains auslaufen - und plötzlich jemand anderes sie besitzt? In diesem Vortrag wird berichtet, wie mehrere ehemals offizielle, aber unregistrierte Domains deutscher Bundesministerien und Behörden erworben werden konnten - und welche Datenströme dadurch sichtbar wurden. Über Monate hinweg konnten so DNS-Anfragen aus Netzen des Bundes empfangen werden - ein erhebliches Sicherheitsrisiko. Unter anderem da es so möglich war Accounts zu übernehmen, Validierungen von E-Mailsignaturen zu manipulieren, Anfrage umzuleiten und im Extremfall Code auf Systemen auszuführen. (Keine sensiblen Daten werden veröffentlicht; der Fokus liegt auf Forschung, Aufklärung und verantwortungsvollem Umgang mit den Ergebnissen.) Im Rahmen der Untersuchung zeigten sich nicht nur Fehlkonfigurationen, sondern auch Phänomene wie Bitsquatting und Typoquatting innerhalb der Verwaltungsnetze. Mit dem Betrieb eines DNS-Servers und dem Erwerb von bund.ee (naher Typosquatting/Bitquatting zu bund.de) konnten u.a. zahlreiche DNS-Anfragen von Servern des Bundesministerium des Innern (BMI) und weiterer Einrichtungen des Bundes empfangen werden. Der Vortrag beleuchtet die technischen und organisatorischen Schwachstellen, die hinter solchen Vorgängen stehen - und zeigt, wie DNS-Details Einblicke in die IT-Infrastruktur des Staates ermöglichen können. Abgerundet wird das Ganze durch praktische Beispiele, Datenanalysen und Empfehlungen, wie sich ähnliche Vorfälle künftig vermeiden lassen. In anderen Ländern sind gov-Domains als TLDs längst üblich (bspw. gov.uk) - in Deutschland ist bund.de oder gov.de allerdings nicht so verbreitet wie man glaubt, unter anderem da Bundesministerien eigene Domains nutzen oder nach Regierungsbildung umbenannt werden. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/verlorene-domains-offene-turen-was-alte-behordendomains-verraten

Der Vortrag beschreibt, wie eine Gruppe von Begeisterten eine Sammlung von ca. 100 Flipperautomaten (Pinball Machines) am Leben und in spielbereitem Zustand erhält. Der Vortrag gibt einen Einblick in die verschiedenen Generationen von Flippern und deren Technik. Angefangen von elektromechanischen Geräten aus den frühen Sechzigern, über erste Prozessorsteuerungen, bis hin zu modernsten computergesteuerten Automaten mit Bussystemen. Jede Generation hat ihre technischen Eigenheiten, ihre typischen Fehlermuster und Schwachstellen. In öffentlichen Räumen sind heutzutage kaum mehr Flipper anzutreffen. Das liegt insbesondere daran, dass deren Wartung aufwändig ist, weil durch die mechanische Beanspruchung häufig Fehler auftreten. Bereits kleinste technische Probleme können den Spielspaß zunichte machen. Das Finden und Beheben von Fehlern erfordert viel Erfahrung – und manchmal Kreativität, insbesondere wenn alte Bauteile nicht mehr verfügbar sind oder kaum Dokumentation vorhanden ist. Technisch ist Sachverstand auf vielen Ebenen erforderlich, vom Schaltplanlesen über Löten und elektronische Messtechnik, bis hin zu mechanischem Know-how. Die Community der Flipper-Enthusiasten ist allerdings groß und kooperativ, sodass auch private Sammler ihre Flipper am Laufen halten können. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/wie-wir-alte-flipperautomaten-am-leben-erhalten

Der heise security Podcast macht wieder einen Betriebsausflug nach Hamburg. Diesmal bringt Christopher seinen Co-Host Sylvester mit und spricht 90 Minuten lang über aktuelle Security-Themen vom Congress. Wir haben uns erneut einige spannende Fundstücke herausgesucht und sprechen darüber miteinander, aber auch mit unseren Gästen. Welche Themen wir besprechen ist - wie immer bei unserem Podcast - eine Überraschung. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/passwort-der-heise-security-podcast-live-vom-39c3

"freiheit.exe“ ist eine Lecture über die ideologischen Rootkits des Silicon Valley. Sie schlägt den Bogen von den italienischen Futuristen zu den heutigen Tech-Feudalisten, vom Akzelerationismus zur Demokratieskepsis der Libertären, von Tolkien zur PayPal-Mafia. Basierend auf den Recherchen zu meinem Theaterstück "freiheit.exe. Utopien als Malware", in dem journalistische Analyse auf performative Darstellung trifft. Ich lade das CCC-Publikum ein, die Betriebssysteme hinter unseren Betriebssystemen zu untersuchen. Während wir uns mit Verschlüsselung, Datenschutz und digitaler Selbstbestimmung beschäftigen, installieren Tech-Milliardäre ihre Weltanschauungen als Default-Einstellungen unserer digitalen Infrastruktur. Die Recherchen beleuchten die mitgelieferte Malware. Ich navigiere durch die Ideengeschichte zwischen Marinettis Futuristischem Manifest (1909) und Musks Mars-Kolonien, von den ersten Programmiererinnen zur Eroberung des Alls, von neoliberalen Think Tanks zur Schuldenbremse, von nationalen Christen zu Pronatalisten. Investigative Recherche trifft auf performative Vermittlung. Mit O-Tönen von Peter Thiel, Nick Land und anderen zeigt die Lecture ideologische Verbindungslinien zwischen Theoretikern autoritär-technoider Träume und den Visionen der Tech-Oligarchen auf: Es geht um „Freedom Cities“, Steuerflucht und White Supremacy. Um Transhumanismus als Upgrade-Zwang bis hin zu neo-eugenischen Gedanken. Um Akzeleration als politische Strategie: Geschwindigkeit statt Reflexion, Disruption statt Demokratie, Kolonisierung – jetzt auch digital. Aus Theaterperspektive betrachte ich das Revival der Cäsaren und die Selbstinszenierung von Tech-CEOs als Künstler, Priester oder Genies. Und mit der Investigativ Reporterin Sylke Grunwald habe ich recherchiert, was all das mit den Debatten rund um Palantir zu tun hat. Die scheinbar alternativlose Logik von "Move Fast and Break Things" ist nicht unvermeidlich – sie ist gewollt, gestaltet, ideologisch aufgeladen. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/freiheit-exe-utopien-als-malware

Amidst gloomy headlines, extreme weather, and climate anxiety, the good stories often get lost. Yet they exist - inspiring people, clever engineering, real breakthroughs. And that's exactly what we bring you – the positive power cycles of the energy transition in action. And real energy on stage. A committed energy activist and an award-winning solar cell researcher take you on a lively, motivating and sometimes funny journey: - to electricity rebels from the Black Forest, - to heat pumps that supply entire neighborhoods, - to new solar technologies, - to wind turbines with history, - and to politicians who were too pessimistic. What is already going really well? What can you emulate? Where is it worth getting involved? We'll show you – in an easy-to-understand, cheerful way. To stay motivated for an adventure as big as the energy transition, we need more than just facts and figures. We need momentum, optimism, and the human energy that keep the power cycles turning. Come by! Let’s recharge together and celebrate the successes of the energy transition. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/recharge-your-batteries-with-us-an-empowering-journey-through-the-energy-transition

This talk explores the internals of Overwatch which make the game work under the hood. The end goal is to democratise development of Overwatch. Being able to host your own servers and modify the game client to your liking should not be up for discussion for a game many people have paid money for. Hey you! Yes you! Do you want to pay for a game which gets forcibly taken away from you after only six years? Do you want to buy lootboxes in order to unlock cosmetics faster in the game you „own“? Overwatch 1 was released in 2016 to critical acclaim and millions of sales globally. It has permanently changed the hero-shooter landscape which was in much need of a fresh new game and playstyle. After a few hard years plagued with infrequent updates, long overdue hero nerfs / reworks and broken promises, Overwatch 1 was finally taken offline on October 3, 2022. Ever since I started playing Overwatch I was fascinated by the game and it’s proprietary engine, Tank. Not much is known about it, only that core components were reused from the cancelled Blizzard IP, Titan. It’s a shame that this game (engine) is not getting the recognition it deserves. From the entity-component architecture to the deterministic graph based scripting engine which handles (almost) everything which happens ingame, it is a truly refreshing take on networking and game programming rarely seen in games. So, considering this, building a game server from scratch can’t be that hard, riiiight? Join me in this documentation of my gradual descent into madness while I (jokingly) roast Overwatch developers for code which they probably do not even remember that theyve written 10+ years ago :) All research presented in this talk was done on the first archived, still publicly available version which I could find, 0.8.0.0 Beta (0.8.24919), which got uploaded to archive.org. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/prometheus-reverse-engineering-overwatch

The USA is demanding from all 43 countries in the "Visa Waiver Programme" (VWP), which enables visa-free travel, to conclude an "Enhanced Border Security Partnership" (EBSP). This is intended to grant US authorities direct access to police databases in these - mostly European - countries containing fingerprints, facial images and other personal data. Anyone who refuses this forced "border partnership" faces exclusion from the visa-free travel programme. The US demand is unprecedented: even EU member states do not grant each other such extensive direct database access – normally the exchange takes place via the "hit/no-hit principle" with a subsequent request for further data. This is how it works, for example, in the Prüm Treaty among all Schengen states, which has so far covered fingerprints and DNA data and is now also being extended to facial images. The EBSP could practically affect anyone who falls under the jurisdiction of border authorities: from passport controls to deportation proceedings. Under the US autocrat Donald Trump, this is a particular problem, as his militia-like immigration authority ICE is already using data from various sources to brutally persecute migrants – direct access to police data from VWP partners could massively strengthen this surveillance apparatus. Germany alone might give access to facial images of 5.5 million people and fingerprints of a similar dimension. The USA has already tightened the Visa Waiver Programme several times, for instance in 2006 through the introduction of biometric passports and in 2008 through the ESTA pre-registration requirement. In addition, there were bilateral agreements for the exchange of fingerprints and DNA profiles – however, these may only be transmitted in individual cases involving serious crime. Existing treaties such as the EU-US Police Framework Agreement are not applicable to the "Enhanced Border Security Partnership", as it applies exclusively to law enforcement purposes. It is also questionable how the planned data transfer is supposed to be compatible with the strict data protection rules of the GDPR. The EU Commission therefore wants to negotiate a framework agreement on the EBSP that would apply to all member states. Time is running short: the US government has set VWP states a deadline of 31 December 2026. Some already agreed on a bilateral level. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/trump-government-demands-access-to-european-police-databases-and-biometrics

Jahrelang war die staatliche Intransparenz in Österreich nur eine Punchline in den Congress-Talks von Frag Den Staat. Damit könnte jetzt Schluss sein: seit heuer haben Bürger:innen endlich ein Recht, Dokumente einzusehen und ein Informationsfreiheitsgesetz. Wir zeigen, was Deutschland aus der über ein Jahrzehnt andauernden Kampagne für die Abschaffung des Amtsgeheimnisses lernen kann, wofür uns die Nachbarländer beneiden werden und wofür sich Bayern besonders schämen sollte. Die Kampagne – wie aus "binnen zwei Wochen" mehr als elf Jahre wurden Die Strategien – die man übernehmen kann Der Vergleich – wie ist Österreichische IFG im Vergleich zum Deutschen, und ist das der richtige Die (besten) Preisträger – aus mehr als zehn Jahren des Schmähpreises "Mauer des Schweigens" Die Datenhalde – mit Aufruf, was aus dem Datenberg zu machen Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/amtsgeheimnis-raus-datenhalde-rein-was-die-informationsfreiheit-in-osterreich-bringt

Factorio ist ein Fabriksimulationsspiel mit integriertem Logiksystem. Dies ermöglichte mir den Bau einer CPU, die unter anderem aus einer 5-stufiger Pipeline, einer Forwarding Logikeinheit, Interrupt Handling sowie einem I/O Interface besteht. Über einen selbst geschriebenen Assembler konnte ich ein eigenes Betriebssystem und Programme wie Minesweeper oder Snake integrieren. Der Talk soll euch zeigen, wie sich klassische Computerarchitektur in einem völlig anderen technischen Kontext umsetzen lässt und wo dabei überraschend echte Probleme der CPU-Entwicklung auftreten. Kommt mit auf die Reise: Vom Blick auf den gesamten Computer bis hinunter zu den einzelnen Logikgattern ist es nur eine Mausradbewegung entfernt! Factorio ist ein Spiel über Fabrikautomation - Förderbänder, Dampfmaschinen und Produktionsketten stehen im Vordergrund. Eigentlich ist das interne Logiksystem („Combinators“) gedacht für die Steuerung der Fabrik, jedoch erlaubt es auch die Entwicklung komplexer Hardware. In diesem Vortrag erzähle ich meine Geschichte, wie ich eine vollständige RISC-V-Architektur in Factorio rein aus Vanilla-Combinators erschaffen habe: Die CPU arbeitet mit 32 Bit-Wörtern, verfügt über 32 General Purpose Register, 128 KB RAM/Persistent Storage, eine 5-stufige Pipeline mit Forwarding und Hazard-Handling sowie eine Logikeinheit für Branches und Interrupts. Ein Display-Controller steuert eine Konsolen-Ausgabe sowie ein Farbdisplay, während ein Keyboard-Controller Eingaben über physische In-Game-Tasten ermöglicht. Ergänzt wird die Hardware auf der Softwareseite durch das Betriebssystem *FactOS*, das ein einfaches Filesystem sowie Systemcalls (zum Beispiel zum Drucken eines Strings im Terminal) zur Verfügung stellt. Außerdem schränkt das Betriebssystem das ausführende User-Programm auf einen festen Bereich des RAMs ein und verhindert so direkten Zugriff auf die Hardware. Im Talk möchte ich euch durch alle Schichten dieser Konstruktion führen: Von den Grundlagen der Factorio-Signalphysik über CPU-Design und Pipeline-Hazards bis zur Toolchain und dem Betriebssystem. Außerdem gebe ich einen Einblick, wie die Limitierungen aber auch die Vorteile von Factorio im Vergleich zu herkömmlichen Logik Simulatoren das Design einer CPU beeinflussen können. Ich runde meinen Talk mit einer Live-Demonstration des Systems ab. Die vollständige CPU, inklusive Quellcode des Assemblers, Blueprints und Beispielprogramme, stelle ich öffentlich zur Verfügung. Dadurch kann jede interessierte Person die Architektur in Factorio laden, erweitern und eigene Software dafür entwickeln. Es wird im Anschluss eine [Self-organized Session](https://events.ccc.de/congress/2025/hub/en/event/detail/cpu-entwicklung-in-factorio-wie-benutze-ich-phds-f) geben, in der ich eine hands-on Einleitung geben werde, wie man die CPU in Factorio lädt, wie man Programme schreibt, diese assembliert und in Factorio einfügt. Auch kann man dort gerne mit mir über das Projekt quatschen, ich freue mich auf alle Beiträge und Kommentare :) Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/cpu-entwicklung-in-factorio-vom-d-flip-flop-bis-zum-eigenen-betriebssystem

While FPGA developers usually try to minimize the power consumption of their designs, we approached the problem from the opposite perspective: what is the maximum power consumption that can be achieved or wasted on an FPGA? Short answer: we found that it’s easy to implement oscillators running at 6 GHz that can theoretically dissipate around 20 kW on a large cloud FPGA when driving the signal to all the available resources. It is interesting to note that this power density is not very far away from that of the surface of the sun. However, such power load jump is usually not a problem as it will trigger some protection circuitry. This led us to the next question: would a localized hotspot with such power density damage the chip if we remain within the typical power envelope of a cloud FPGA (~100 W)? While we could not “fry” the chip or induce permanent errors (and we tried several variants), we did observe that a few routing wires aged to become up to 70% slower in just a few days of stressing the chip. This basically means that such an FPGA cannot be rented out to cloud users without risking timing violations. In this talk, we will present how we optimized power wasting, how we measured wire latencies with ps accuracy, how we attacked 100 FPGA cloud instances and how we can protect FPGAs against such DOS attacks. FPGA instances are now offered by multiple cloud service providers (including Amazon EC2 F1/F2 instances, Alibaba ECS Instances, and Microsoft Azure NP-Series). The low-level programmability of FPGAs allows implementing new attack vectors including DOS attacks. While some severe attacks (such as short circuits) cannot be easily deployed as users are prevented to load own configuration bitstreams on the cloud FPGAs, it has been demonstrated that it is possible to leak information (like cloud instance scheduling policies or the physical topologies of the FPGA servers) or to mount DoS attacks by excessive power hammering. For instance, basically all cloud FPGAs provide logic cells that can be configured as small shift registers. This allows building toggle-shift-registers with 10K and more flip-flops, which can draw over 1 KW power when clocked at a few hundred MHz. In our work, we created fast ring-oscillators that bypass all design checks applied during bitstream cloud deployment and how we achieved toggle rates of 8 GHz inside an FPGA by using glitch amplification. The latter one was calibrated with the help of a time-to-digital converter (TDC). As a first attack, we used power hammering to crash AWS F1 instances by increasing power consumption to 300 W (three times the allowed power envelope). We used physical unclonable functions (PUFs) to examine the behaviour of the attacked FPGA cloud instances and we found that most remained unavailable for several hours after the attack. As a more subtle attack, we tried to cause permanent damage to FPGAs in our lab by driving fast toggling signals to virtually any available wire (and primitive) into a small region of the chip. With this, we created hotspot designs that draw 130 W in less than 1% of the available logic and routing resources of a datacenter FPGA. Even though the achieved power density was excessive, it was insufficient to induce permanent damages. This is largely due to the area inefficiencies of an FPGA that limit the power density. For instance, FPGAs use large multiplexers to implement the switchable connections and there exists only one active path that is routed through the multiplexers, hence, leaving most of the transistors sitting idle. Similarly, FPGAs provide a large number of configuration memory cells (about 1 Gb on a typical datacenter device) that draw negligible power as these do not switch during operation. All these idle elements force the power drawing circuits to be spread out, hence limiting power density. Anyway, when experimenting with different hotspot variants, we found thermal runaway effects and excessive device aging with up to a 70% increase in delay on some wires. We achieved this aging in just a few days and under normal operational conditions (i.e. by staying within the available power budget and having board cooling running). Such a large increase in latency can be considered to render an FPGA useless as it will usually not be fast enough to host (realistic) user designs. Beyond exploring these attack vectors, we developed countermeasures and design guidelines to prevent such attacks. These include scans of the user designs, use restrictions to resources like IOs and clock trees, as well as runtime monitoring and FPGA health checks. With this, we believe that FPGAs can be operated securely and reliably in a cloud setting. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/how-to-render-cloud-fpgas-useless

Why is electronics manufacturing hard? Can it ever be made easy and more accessible? What will it take to relocate industrial production to Europe? We share with you what we learned when we spent more than 1 year setting up our own production line in our office in Hamburg. Turns out a lot of the difficulties are rarely talked about or hidden behind "manufacturing is high CAPEX". Come and learn with us the nitty gritty details of batch reflow ovens, stencil printing at scale, and how OpenPnP is a key enabler in our process. While we are far from done with this work, we hope to see others replicate it and collectively reclaim the ownership of the means of electronics production. Our industry needs a reboot as well, it no longer serves the people. Our work is based on our belief that high-quality high-mix/low volume manufacturing of electronics in Europe is economically viable and accessible to small companies with a lower-than-expected up-front investment. We believe that relocation of industry to Europe depends on small innovative companies, and will not come from slow and bloated industry giants whose products are victims of enshittification and maximum profit extraction. By using open-source hardware and software whenever possible, we are attempting to set up our own production operation in Hamburg and we want to share the solutions and enable others to do the same and collectively reclaim ownership of the means of production. We will cover: - How we acquired and set up production machines, their costs, and our learnings - Quirks of paste printing and reflow soldering at scale (up to 50 batches a day) - Component inventory, tracking, DfM, etc. - How OpenPnP is a key enabler of our prcesses - Our proposed changes to OpenPnP - Our work integrated Siemens Siplace Feeders in OpenPnP Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/in-house-electronics-manufacturing-from-scratch-how-hard-can-it-be

Die Freak Show und alle Hörerinnen und Hörer machen eine Sendung als Gespräch Im Clubhouse-Style trifft das Freak Show Team auf seine Hörer. Jeder kann mitmachen. Werde zum Freak Show Host für 5 Minuten. Wir diskutieren mit Euch jedes frühere oder künftige Thema und sind uns auch für Hot Takes nicht zu schade. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/the-freak-show-clubhouse

How does live techno work? On the dance floor, it's practically impossible to understand what's happening up front. It's also irrelevant there, because it's all about the music and many other things. Live sets have a thousand faces. Everyone has their own workflow, and there are countless approaches to performing electronic music. I don't know all of them, but I will give a deeper insight into the architecture of my setup in this short presentation. I explain my approach to improvising techno in clubs and at festivals. There will be a few technical insights into my „Ableton“ structure. A fixed structure with an unknown outcome. Because at certain points, I rely on random generators to create the desired element of surprise. This keeps me inspired for hours, again and again. I will show and explain why I make music this way. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/kenji-tanaka-live-insights-into-my-workflow-struct

The character of drone wars has changed. The large, cumbersome long-range drones have been complemented with small and low-budget drones. Moreover, more and more states are developing, deploying and selling them. Ten years ago at least 50 states were developing them. At the top are USA, Israel, Turkey, China, Iran and Russia. Russia's attack on Ukraine has unleashed a drone war unlike any seen before. In short time the Ukraine has build significant drone production capabilities and announcement that it will increase its own production of quadcopters and kamikaze drones to one million units per year. German defense companies and startups are now promoting a “drone wall on NATO's eastern flank.” Moreover, despite their vulnerability to air defenses, large drones are also being further developed. They are intended to accompany next generation fighter jets in swarms. In this talk, past and current developments are discussed. What are the perspectives now? The character of drone wars has changed. The large, cumbersome long-range drones have been complemented with small and low-budget drones. Moreover, more and more states are developing, deploying and selling them. Ten years ago at least 50 states were developing them. At the top are USA, Israel, Turkey, China, Iran and Russia. Russia's attack on Ukraine has unleashed a drone war unlike any seen before. In short time the Ukraine has build significant drone production capabilities and announcement that it will increase its own production of quadcopters and kamikaze drones to one million units per year. German defense companies and startups are now promoting a “drone wall on NATO's eastern flank.” Moreover, despite their vulnerability to air defenses, large drones are also being further developed. They are intended to accompany next generation fighter jets in swarms. In this talk, past and current developments are discussed. What are the perspectives now? Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/current-drone-wars

HostileShop is a python-based tool for generating prompt injections and jailbreaks against LLM agents. I created HostileShop to see if I could use LLMs to write a framework that generates prompt injections against LLMs, by having LLMs attack other LLMs. It's LLMs all the way down. HostileShop generated prompt injections for a winning submission in OpenAI's GPT-OSS-20B RedTeam Contest. Since then, I have expanded HostileShop to generate injections for the entire LLM frontier, as well as to mutate jailbreaks to bypass prompt filters, adapt to LLM updates, and to give advice on performing injections against other agent systems. In this talk, I will give you an overview of LLM Agent hacking. I will cover LLM context window formats, LLM agents, agent vulnerability surface, and the prompting and efficiency insights that led to the success of HostileShop. [HostileShop](https://github.com/mikeperry-tor/HostileShop) creates a simulated web shopping environment where an **attacker agent LLM** attempts to manipulate a **target shopping agent LLM** into performing unauthorized actions. Crucially, HostileShop does not use an LLM to judge attack success. Instead, success is determined automatically and immediately by the framework, which reduces costs and enables rapid continual learning by the attacker LLM. HostileShop is best at discovering **prompt injections** that induce LLM Agents to make improper "tool calls". In other words, HostileShop finds the magic spells that make LLM Agents call functions that they have available to them, often with the specific input of your choice. HostileShop is also capable of [enhancement and mutation of "universal" jailbreaks](https://github.com/mikeperry-tor/HostileShop?tab=readme-ov-file#prompts-for-jailbreakers). This allows **cross-LLM adaptation of universal jailbreaks** that are powerful enough to make the target LLM become fully under your control, for arbitrary actions. This also enables public jailbreaks that have been partially blocked to work again, until they are more comprehensively addressed. I created HostileShop as an experiment, but continue to maintain it to let me know if/when LLM agents finally become secure enough for use in privacy preserving systems, without the need to rely on [oppressive](https://runtheprompts.com/resources/chatgpt-info/chatgpt-is-reporting-your-prompts-to-police/) [levels of surveillance](https://www.anthropic.com/news/activating-asl3-protections). Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/a-quick-stop-at-the-hostileshop

A brief history of typographic misbehavior or intended and unintended uses of variable fonts. Nine years after the introduction of variable fonts, their most exciting uses have little to do with what variable fonts originally were intended for and their original promise of smaller file sizes. The talk looks at how designers turned a pragmatic font format into a field for experimentation — from animated typography and uniwidth button text to pattern fonts and typographic side effects with unintended aesthetics. Using examples from projects such as TypoLabs, Marjoree, Kario (the variable font that’s used as part of the 39C3 visual identity), and Bronco, we’ll explore how variable fonts evolved from efficiency tools into creative systems — and why the most interesting ideas often emerge when technology is used in unintended ways. When the OpenType 1.8 specification introduced variable fonts in 2016, the idea was simple: combine all weights and styles of a font family into one file and save file size and therefore bandwidth. Yet in 2025, variable fonts have become a platform for artistic and technical exploration far beyond their initial goal. This talk follows that transformation from the inside. It starts with a short history of flexible font technologies — Adobe’s Multiple Master and Apple’s TrueType GX formats of the 1990s (I am just mentioning the company names as they were the publishers of these technologies) — and how they failed to become standards. It then shows why variable fonts succeeded: many designers today are more tech savvy and know some basic HTML, CSS and maybe even some JavaScript. And at the same time all major browsers and almost all design apps support variable fonts by now. From there, I present a series of first-hand projects where typography met code: – TypoLabs (2017), whose identity used a custom variable font animating between extremes of weight and width → the variable font family became the (probably forever) unpublished variable font family Denman; – Marjoree (2024), a pair of variable pattern fonts based on hexagonal and pentagonal tilings that explore legibility and repetition; – Kario (2025), a duplex variable font powering the 39C3 identity, with uniwidth weights, optical-size adjustments, and typographic Easter eggs; – and Bronco (2017?), an experiment using the arbitrary-axis model for interpolation to escape the cube-shaped multiple master design space of traditional variable fonts. The talk then moves from history to speculation. Early head-tracking experiments once tried to adjust a variable font’s optical size based on reader position — producing total chaos as text reshaped itself while being read. On the other hand this playful chaos marks the moment when things become truly interesting: connecting a font axis to live data, to mouse movement, to sound, to network input — anything that makes type responsive and alive. That’s the kind of misbehavior I want to talk about — not breaking for the sake of breaking, but using technology the “wrong” way to see what happens. The talk will mix images, a lot of short videos, and a bit of behind-the-scenes insight into font development. It’s about what happens when design tools meet code, and how that intersection keeps typography alive and unpredictable. Link list of variable font experiments: https://www.bronco.varfont.com/ https://www.denman.varfont.com/ https://www.seraphs.varfont.com/ https://marjoree.showmefonts.com/ + 39C3 visual identity Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/variable-fonts-it-was-never-about-file-size

Der Vortrag diskutiert Herausforderungen dezentraler Netzwerke aus soziologischer Perspektive. Als dezentrale Netzwerke werden technische Infrastrukturen verstanden, die nicht von einer zentralen Autorität, sondern verteilt über Instanzen zur Verfügung gestellt werden. Nutzer:innen profitieren von dieser Infrastruktur, nutzen beispielsweise das Fediverse oder das Tor-Netzwerk, ohne zur Infrastruktur beizutragen. Zugleich können dezentrale Netzwerke nur dann bestehen, wenn hinreichende Ressourcen von Personen oder Organisationen mobilisiert werden, um das Netzwerk überhaupt zur Verfügung zu stellen. Dies führt zur originären Instabilität dezentraler Netzwerke, wenn nicht der Weg der Kommodifizierung des Nutzer:innenverhaltens eingeschlagen wird. Aufbauend auf dieser Zustandsbeschreibung, werden Bedingungen erörtert, um Kollektivgüter wie dezentrale Netzwerke organisatorisch (und nicht technisch) herzustellen. Hierzu zählen Partizipation oder die Idee einer öffentlichen Grundfinanzierung. Der Vortrag wird neben soziologischen Ideen und harten Zahlen auch durch eine ordentliche Portion Idealismus zu Fragen der Souveränität und Autonomität in der Digitalisierung motiviert. Die Soziologie hat immer etwas mitzuteilen, sobald Fragen kollektiven Handelns auftreten. Dies gilt sowohl für soziale wie auch digitale Räume. So hat der Soziologe Peter Kollock bereits in den 1990er Jahren festgestellt, „the Internet is filled with junk and jerks“ (Kollock, 1999, S. 220). Gegenwärtig dürfte die Mehrheit dieser Aussage anstandslos zustimmen. Aber dies ist nicht der entscheidende Punkt, sondern die weitere Beobachtung: „Given that online interaction is relatively anonymous, that there is no central authority, and that it is difficult or impossible to impose monetary or physical sanctions on someone, it is striking that the Internet is not literally a war of all against all” (1999, S. 220). Die Welt kennt inzwischen zahlreiche Gegenbeispiele, bei denen Autoritäten das Internet nutzen, um das Nutzungsverhalten zu monetarisieren oder Überwachungstechnologien zur Sanktionierung einsetzen (Zuboff, 2019). Diese Ausgangslage beziehe ich in meiner Forschung ein, wenn ich dezentrale Netzwerke wie das Fediverse oder das Tor-Netzwerk aus soziologischer Perspektive betrachte. In erster Linie bin ich daran interessiert zu verstehen, wie dezentrale Netzwerke – organisatorisch nicht technisch – entstehen und welche Herausforderungen es dabei zu überwinden gilt (Sanders & Van Dijck, 2025). Eine zentrale Motivation orientiert sich an der Frage, wie ein Internet ohne zentrale Autorität, verringert von Marktabhängigkeiten, resilient gegenüber Sanktionsmechanismen und Souverän bezüglich eigener Daten, aufgebaut werden kann. Motiviert durch diesen präskriptiven Rahmen, betrachte ich im Vortrag die Herausforderungen zunächst deskriptiv und beziehe meine soziologische Perspektive ein. Denn in der Regel profitieren Menschen, die einen Vorteil aus der Realisierung eines bestimmten Ziels ziehen, unabhängig davon, ob sie persönlich einen Anteil der Kooperation tragen – oder eben nicht. Das kollektive Handeln fällt mitunter schwer, obwohl oder gerade, weil ein begründetes kollektives Interesse zur Umsetzung eines bestimmten Zieles besteht. Gleiche Interessen sind nicht gleichbedeutend mit gemeinsamen Interessen. Diese Situationsbeschreibung ist vielfältig anwendbar von WG-Aufräumplänen bis zu Fragen der klimaneutralen Transformation. Der Grund ist, dass kollektives Handeln ein Mindestmaß an Zeit, Aufwand oder Geld verursacht, sodass vielfach ein Trittbrettfahren gewählt wird in der Hoffnung, dass immer noch genug andere kooperieren, um das gewünschte Ziel zu erreichen (Hardin, 1982). Aus dieser Perspektive betrachte ich dezentrale Netzwerke. So kann das Fediverse oder der Tor-Browser genutzt werden, ohne eine eigene Instanz oder Knoten zu hosten. Dies ist auch nicht das Ziel der genannten dezentralen Netzwerke. Dennoch: Die Kosten und der Aufwand für die technische Infrastruktur müssen von einem kleinen Teil getragen werden, während die überwältigende Mehrheit der Nutzer:innen von der Infrastruktur profitieren, ohne einen Beitrag zu dieser zu leisten. Dies führt zur originären Instabilität dezentraler Netzwerke und stellt eine relevante Herausforderung für die Zukunft dar. Während durch Netzwerkanalysen das Wachstum und die Verstetigung von dezentralen Netzwerken beschrieben wird, fehlt es an einem vertieften Verständnis über Bedingungen wie dezentrale Netzwerke überhaupt entstehen. Während des Vortrags werde ich empirische Daten zur Entwicklung des Fediverse und des Tor-Netzwerkes zeigen, um die Herausforderung zu verdeutlichen. Insbesondere das Tor-Netzwerk steht dabei vor dem Problem, dass die Möglichkeit zur De-Anonymisierung steigt, wenn die Anzahl an Knoten sinkt. Die Überwindung des von mir dargestellten Kollektivgutproblems nimmt demnach eine zentrale Rolle zur Aufrechterhaltung ein. Die Motivation sich mit dezentralen Netzwerken auseinander

What does knitting have to do with espionage? Can embroidery help your mental health? This talk shows how the skills to create textile art have enabled people to resist and to persist under oppressive regimes for centuries. And it offers ways to keep doing so. Working with textile mediums like yarn, thread, and floss is generally seen as a feminine hobby and as thus is usually classified as craft, not art. And crafting is something people, maybe even people usually seen as a bit boring, do in their free time to unwind. Most of us have grown up with the image of the loving grandmother knitting socks for the family, an act of care that was never considered anything special. The patriarchal society’s tendency to underestimate anything considered feminine and, inextricably connected to this, domestic is an ongoing struggle. But being underestimated also provides a cover and with it the opportunity for subversion and resistance. As global powers are cycling back to despotism and opression, let me take you back in time to show you how people used textile crafts to organise resistance and shape movements. Like the quilts that were designed and sewn to help enslaved people in the US escape slavery and navigate the Underground Railroad from the 1780s on, or the knitted garments that carried information about the Nazis to help resistance in occupied Europe during World War II, or the cross stitches by a prisoner of war that had Nazis unknowingly display art saying “Fuck Hitler”. Textile crafts have been used by marginalised and disenfranchised people to protest, to organise, and to persist for centuries. This tradition found a new rise in what is now called “craftivism” and is using the internet to build bigger communities spanning the world. These communities also come together to help, often quite tangibly by creating specific items like the home-sewn masks during early Covid19. In addition, crafting has scientifically-proven benefits for one’s mental health. Taking up the increasingly popular quote "When the world is too scary, too loud, too much: Stop consuming, start creating", this talk shows how the skills to create have enabled and will enable people to resist and to persist. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/persist-resist-stitch

Das war nicht das Jahr 2025, das wir bestellt hatten. 2025 war ein gutes Jahr für Exploits, kein gutes Jahr für die Freiheit und ein herausragendes für schlechte Ideen. Regierungen kämpften weiter für Massenüberwachung, natürlich mit KI-Unterstützung™. Kriege wurden weiter „digitalisiert“, Chatkontrolle als Kinderschutz verkauft, Waffensysteme haben inzwischen mehr Autonomie als die meisten Bürger*innen und künstliche Intelligenz löst endlich alle Probleme – vor allem die, die bisher niemand hatte. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/ccc-jahresruckblick

The talk will be about our experience from building an open-architecture secure element from the ground up. It explains why openness became part of the security model, how it reshaped design and development workflows, and where reality pushed back — through legal constraints, third-party IP, or export controls. It walks through the secure boot chain, attestation model, firmware update flow, integration APIs, and the testing framework built for external inspection. Real examples of security evaluations by independent researchers are presented, showing what was learned from their findings and how those exchanges raised the overall security bar. The goal is to provoke discussion on how open collaboration can make hardware more verifiable, adaptable, auditable and while keeping secure. This talk shares our engineering experience from designing and implementing an open-architecture secure element — a type of chip that is traditionally closed and opaque. We’ll outline the practical consequences of choosing openness as part of the security model: how it affected hardware architecture, firmware design, verification, and development workflows. The session dives into concrete technical areas including the secure boot chain, attestation and update flow, key storage isolation, and the testing and fuzzing infrastructure used to validate the design. It also covers the boundaries of openness — where third-party IP, export control, or certification requirements force certain blocks to remain closed — and how we document and mitigate those limits. We’ll present anonymized examples of external security evaluations, show how responsible disclosure and transparent fixes improved resilience, and reflect on what “community-driven security” means in a hardware context. Attendees should leave with a clearer view of what it takes to make security verifiable at the silicon level — and why that process is never finished. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/lessons-from-building-an-open-architecture-secure-element

Wir, das sind Steffen und arl , besprechen in unserem Podcast alles was die Große und Kleine Fliegerei angeht. Das CFWU Team besteht I.d.R. aus aktiven Piloten:innen von großen und kleinen Flugzeugen, sehr gut unterstützt durch den sehr erfahrenen Flugzeugtechniker Harry! Update GPS Spoofing ATPL (AirlineTransportPilotLicense) Wie lernt man heute fliegen Wie läuft es bei arl seinem ATPL Flugvorbereitungen Was muss man alles machen Technik AirIndia Beispiel für Schwurbelungen Aufbau der Technik Wie schaltet man ein Triebwerk ein Wie schaltet man ein Triebwerk aus Wie schaltet man es im Notfall aus Feuerlöschsystem Das NOTAM System Was ist es Wann wurde es gebaut Wie hat es sich entwickelt Trotz des vermeintlich ernsten Themas sind wir immer mit Humor dabei! Wenn ihr Fragen zur Sendung oder zum Thema habt, stellt sie gerne – am besten schon vorab. Ihr könnt uns kurz vorher antreffen! Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/comeflywithus

Es gab den Wunsch nach Creator AmA Sessions. Ich würde hiermit eine anbieten. Ich bin aber definitiv remote. ^^ Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/aaa-ask-advi-anything

Wir geben Einblicke in zwei intensive Wochen Planung, Koordination und Aufbau, den Betrieb einer (improvisierten) Bodenstation, sprechen über technische Hürden, Antennendesign und Organisation – und wie wir schließlich mit Astronautin Rabea Rogge im Weltraum gefunkt haben. Schon kurz nachdem die ersten Satelliten den Weltraum eroberten, waren auch Amateurfunkende dabei und brachten ihr Hobby in dieses Feld ein. Auch bei Fram2, der ersten bemannten Mission, die beide Polarregionen überflog, war der Sprechfunkkontakt mit einer Universität fest eingeplant. Der studentische Funkclub "AFuTUB" (https://dk0tu.de) an der TU Berlin hat die Crew der Fram2 angefunkt – mit einem experimentellen Funksetup, das für viele von uns Neuland war. Wir geben Einblicke in zwei intensive Wochen Planung, Koordination und Aufbau, den Betrieb einer (improvisierten) Bodenstation, sprechen über technische Hürden, Antennendesign und Organisation – und wie wir schließlich mit der Astronautin Rabea Rogge im Weltraum gefunkt haben. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/amateurfunk-im-all-kontakt-mit-fram2

This talk presents Apple's link-layer protocol Low-Latency WiFi and how it achieves its real-time capabilities to enable Continuity features like Sidecar Display and Continuity Camera. We make more kernel logging available on iOS and build a log aggregator that combines and aligns system- and network-level log sources from iOS and macOS. Apple's Continuity features make up a big part of their walled garden. From AirDrop and Handoff to AirPlay, they all connect macOS and iOS devices wirelessly. In recent years, security researchers have opened up several of these features showing that the Apple ecosystem is technically compatible with third-party devices. In this talk, we present the internal workings of Low-Latency WiFi (LLW) – Apple's link-layer protocol for several real-time Continuity features like Continuity Camera and Sidecar Display. We talk about the concepts behind LLW, how it achieves its low-latency requirement and how we got there in the reverse engineering process. We also present the tooling we built to enable more kernel-level tracing and logging on iOS through a reimplementation of cctool from macOS and the source code of trace that was buried deep inside of Apple’s open-source repository system_cmds. We build a log aggregator that combines various kernel- and user-space traces, log messages and pcap files from both iOS and macOS into a single file and finally investigate the network stack on Apple platforms that is implemented in both user- and kernel space. There we find interesting configuration values of LLW that make it the go-to link-layer protocol for Apple's proprietary real-time Continuity applications. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/cracking-open-what-makes-apple-s-low-latency-wifi-so-fast

Der inkompetente Podcast über Dresscodes und Mode. Warum verschiedene Kleiderordnungen immer mal wieder zu komischen Situationen und politischen Missverständnissen gesorgt haben. Warum ist der Business Dress eigentlich nur ein besserer Hausanzug ? Warum wird aus gemütlicher Kleidung eine Kleidung die bei Staatsempfängen getragen wird. Warum ist ein Dresscode immer missverständlich ? Bitte zum Vortrag in smart Casual Business white Tie, aber nicht zu formal erscheinen. Wer das versteht oder auch nicht wird sich wohlfühlen. Eine kleine Reise über die merkwürdige Welt der (Männer) Mode, die halt wenig sinnvoll ist. Mode ist halt nur eine Möglichkeit sich von anderen Abzugrenzen. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/och-menno-mode-power-cycles-power-suit-dresscodes-wtf

Aus einem Barwitz wurde ein Projekt! Blumenthal7 ist die letzte vollständig erhaltene Schachtanlage des ehemaligen Steinkohlebergwerks General Blumenthal in Recklinghausen im nördlichen Ruhrgebiet. Nach diversen Startschwierigkeiten ist aus einer im Dornröschenschlaf liegenden Industriebrache ein Projekt geworden, das bereits jetzt einer Vielzahl von Entitäten und Gruppen eine Heimat und einen großen, nahezu grenzenlosen Spielplatz bietet. Begleitet uns gerne auf beim Power Cycle B7…! Wir – Mitglieder des Recklinghäuser Chaostreffs c3RE – haben gemeinsam mit einigen weiteren Menschen einen weiteren Verein, den Blumenthal7 e.V., gegründet. Das Ziel ist, ein altes Steinkohlebergwerk zu kaufen, zu erhalten, zu renovieren und vielen Menschen als Raum für Chaos, Kreativität und Happenings zugänglich zu machen. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/power-cycle-b7-oder-warum-kauft-man-eine-zeche

Both within the EU as well as nationally in Germany, there exists a renewed drive to implement data retention, a practice struck down by the ECJ and discontinued in many national legislations. In parallel, cross-border access to stored data has been mandated within the EU as “e-evidence”, and will soon be extended to 90+ countries under the umbrella of the EU cybercrime convention. In principle, all data stored by service providers will be available to law enforcement as part of a criminal investigation. The timing of both initiatives is not coincidental, as access to data naturally relies on the availability of data. The talk will address the state of play on data retention in various legislations, and introduce the practice of cross border access to stored data by law enforcement as well as its shortcomings and threats to privacy and confidentiality. The Specter of Data Retention is back in the political arena, both as a harmonized, EU-wide approach as well as being part of the coalition agreement of the new German national government. Other countries have already recently implemented new data retention laws, i.e. Belgium or Denmark. In parallel, access to all types of stored data – and not only data stored under a data retention regime – by law enforcement has been radically reformed by groundbreaking new legislation, undermining both exiting national safeguards as well as protections implemented by businesses aiming for a higher standard in cyber security and data protection. The talk will give an overview on recent developments for a harmonized “minimum” approach to data retention under the Polish and Danish EU presidency as well as the new German legislation currently under consideration. It will introduce the upcoming international release mechanisms for stored data under the e-evidence legislation, the 2nd protocol to the EU cybercrime convention as well as future threats from the UN cybercrime convention. It will address how a cross-border request for information works in practice, which types of data can be requested by whom, and who will be responsible for the few remaining safeguards – including an analysis of the threat model and potential “side channel” attacks by cybercrime to gain access to basically all data stored by and with service providers. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2025/hub/event/detail/live-die-repeat-the-fight-against-data-retention-and-boundless-access-to-data