"description":"The iPhone's Lightning connector was a proprietary beast with a lot of hidden features: By sending custom SDQ commands there, it was possible to get it to expose hardware debugging features such as JTAG and UART. For a long time, this was only easily possible using either gray and black-market cables such as the Kanzi-Cable, or proprietary tools such as the Bonobo Cable. Last year, we released an open-source tool to get access to the iPhone debugging features called the Tamarin Cable - finally allowing anyone to get JTAG and UART on the iPhone for just a couple of $ in parts.\nBut then the iPhone 15 came along, and with that USB-C: All previous hardware and software tooling basically became useless, but that did not stop us from trying: We knew from the Apple Silicon macs and the work of t8012-team and the AsahiLinux project that Apple uses USB-C's VDM feature - Vendor Defined Messages - to allow access to features such as the UART console, and so chances were high that we could use something similar to get access to the hardware debugging features on the iPhone 15.\nSo we pre-ordered the iPhone 15, a couple of PCBs, a case of Club Mate and got started: And less than 48 hours after the launch we got JTAG working on the iPhone 15.\nIn this talk we will start by looking at the history of iPhone and Lightning hardware hacking, and then look at how USB-C is used for debugging on Apple Silicon devices, and what we had to do to get JTAG on the iPhone 15.\nWe will also use this talk to release the new version of the open-source Tamarin Cable firmware: Tamarin-C. A fully integrated, open-source debugging probe for the iPhone 15 and other Apple Silicon devices. Tamarin-C is also able to give access to a DFU mode that you can't access without sending VDMs.\nNote: This talk will not contain any 0days or previously unknown vulnerabilities. Production iPhones are locked, and so while we get access to some of the device's busses we can't for example access the CPU core.\nThis talk is about building tooling for future work.",
"liked":true,
"attended":true
},
{
"title":"Please Identify Yourself!",
"subtitle":"Digital Identity Systems in the EU & around the world",
"description":"After over two years of intense negotiations, the EU recently agreed to their Digital Identity Reform (eIDAS). In this talk we analyse the result, what safeguards we can realistically expect and how our online and offline interactions might change because of this new European Digital Identity Wallet. Other regions in the world are much further ahead in this issue and we will also try to learn from the experiences from India and Kenya. Both countries had unique strategies from civil society to fight back against the introduction of digital identity systems, focusing on interrogating their design, raising awareness, strategic litigation and civil disobedience post deployment . Lastly, this issue pops up in many countries and is actively promoted as \"Digital Public Infrastructure\" by global organisations like UNDP and the World Bank - often with little to know credence to privacy or local realities. This global trend is very worrying due to the shiny veneer hiding their dark reality of exploitation by local and foreign actors. We will showcase strategies how local actors have resisted and shaped the introduction of these systems with a combination of technical, advocacy, and interdisciplinary ally building. Our goal is to provide knowledge about how exactly these systems work, who benefits from them and what strategies could be deployed against them.",
"liked":true,
"attended":true
},
{
"title":"Operation Triangulation",
"subtitle":"What You Get When Attack iPhones of Researchers",
"description":"Imagine discovering a zero-click attack targeting Apple mobile devices of your colleagues and managing to capture all the stages of the attack. That’s exactly what happened to us! This led to the fixing of four zero-day vulnerabilities and discovering of a previously unknown and highly sophisticated spyware that had been around for years without anyone noticing. We call it Operation Triangulation. We've been teasing this story for almost six months, while thoroughly analyzing every stage of the attack. Now, for the first time, we're ready to tell you all about it. This is the story of the most sophisticated attack chain and spyware ever discovered by Kaspersky.",
"liked":true,
"attended":true
},
{
"title":"YOU'VE JUST BEEN FUCKED BY PSYOPS",
"subtitle":"UFOS, MAGIC, MIND CONTROL, ELECTRONIC WARFARE, AI, AND THE DEATH OF THE INTERNET",
"description":"How the history of military and government PSYOPS involving mind-control, UFOs, magic, and remote-control zombies, explains the future of AI and generative media. Along the way, talk attendees will be given an enrollment code to join a specialized CTF/ARG game called CYCLOPS that explores these themes and that will run the duration of Congress.\nAs AI-generated content, social-media influence operations, micro-targeted advertising, and ubiquitous surveillance have become the norm on the Internet and in the market in general, we have entered an era of PSYOP Capitalism. This is an era of hallucinations designed to transform each of us into a “targeted individual” through the manipulation of perception. This talk explores a secret history of reality-altering military and intelligence programs that serve as antecedents to a phantasmagoric present.\nAt the talk, attendees will be given a registration code to play “CYCLOPS,” a CTF/ARG game that will run the duration of Congress. CYCLOPS explores the themes of the mind-control and PSYOPS through an interactive parafictional narrative taking place in the context of an obscure CIA cognitive warfare program from the early days of the Cold War.",
"liked":true,
"attended":true
},
{
"title":"Mobile phone privacy with silent.link (Workshop)",
"speakers":["anonymous-speaker"],
"date":"2023-12-27T17:00:00",
"location":"37C3",
"tags":["anonimity","esim"],
"notes":"Couldn't hear anything, left after paper data eSIM giveaway.",
"description":"ZeroKYC Anonymous eSIM service: security and privacy implications for mobile users. Use cases. Advantages and limitations. Questions and answers. Hands-on experience.",
"description":"SMTP, the Simple Mail Transfer Protocol, allows e-mailing since 1982. This easily makes it one of the oldest technologies amongst the Internet. However, even though it seems to have stood the test of time, there was still a trivial but novel exploitation technique just waiting to be discovered – SMTP smuggling! In this talk, we'll explore how SMTP smuggling breaks the interpretation of the SMTP protocol in vulnerable server constellations worldwide, allowing some more than unwanted behavior. Sending e-mails as admin@microsoft.com to fortune 500 companies – while still passing SPF checks – will be the least of our problems! From identifying this novel technique to exploiting it in one of the most used e-mail services on the Internet, we'll dive into all the little details this attack has to offer. Therefore, in this talk, we'll embark on an expedition beyond the known limits of SMTP, and venture into the uncharted territories of SMTP smuggling!",
"liked":true,
"attended":true
},
{
"title":"Sucking dust and cutting grass: reversing robots and bypassing security",
"description":"For the past 5 years we have been presenting ways to hack and root vacuum robots at various events like the c3 or the DEFCON. In all these cases it covered vacuum robots by Roborock, Dreame, Xiaomi and some smaller companies. However, did we ever take a look at other vendors and maybe some new interesting device classes? In this talk we do exactly that, and will take a deep dive into Ecovacs robots!\nWe will present the result of the research that started back in 2018. Explore with us the development on the last years. How did the security and privacy of \"Ecovacs\" change in contrast to other companies? What kind of cool hardware is out there? Can the devices be used to potentially spy on you?\nLearn how reverse engineering works and how to get root access on the devices. Let us show you how you maintain persistence on the devices and run your own software.\nCome with us on a journey of having fun hacking interesting devices while exploring bad oversights and real problems. You will be surprised what we found. Let's discuss together what impact this devices will have on our (social) life and what the future of vacuum robot hacking will bring.",
"liked":true,
"attended":true
},
{
"title":"(Looking at) Functional Programming in Assembly",
"description":"While Functional Programming usually happens quite far away from Assembly programming, in order to get functional programs performant, quite some tricks are used that have effects that reach down into the dark abyss of Assembly.\nIn this talk I want to focus on the optimizing strategy \"Tail Call Elimination\", a compiler optimization of particular importance for recursive function calls. Every functional programmer will tell you that writing your code using tail recursion (it doesn't matter whether you know what that is, you'll see then!) or using Haskell's \"foldl\" is \"generally faster than foldr (Terms and Conditions apply)\". But even seasoned developers often struggle explaining why and quickly resort to pointing to benchmarks or giving some vague answers around \"you need less stack\".\nIn this talk I want to introduce you to what recursion is, some of the reasons why it's computationally expensive, what tail recursion is and why it's better, and why tail call elimination makes it even more awesome. We will go through some example programs implemented in Assembly (for those who ask: I'll use x86 and maybe aarch64 examples) where we, step-by-step, transform our function from head recursive to tail recursive and then will go further by eliminating the recursive call altogether.",
"liked":true,
"attended":true
},
{
"title":"The impact of quantum computers in cybersecurity",
"subtitle":"Estimating the costs of algorithms for attacks and defense applications",
"speakers":["Alessandro Luongo"],
"date":"2023-12-28T12:55:00",
"location":"37C3",
"tags":["quantum","security"],
"notes":"The font size defeated my squinting abilities.",
"description":"In in this talk we explore the potential ramifications of quantum computing in the field of cybersecurity We'll delve into two critical aspects: the application of quantum machine learning algorithms for defence and the impact of quantum attacks on cryptography and post-quantum cryptography for offence. We'll present insights on the theoretical advantages of quantum algorithms, improvements in factoring large numbers, and the impacts of post-quantum crypto attacks. While the hype around quantum technologies is growing, the estimates in the resources needed to run a quantum algorithm and the current number of qubits pose caution in the enthusiasm. The limitations in terms of available qubits, error rates, and scalability are critical factors that need to be considered when assessing the real-world applicability of quantum computing.",
"description":"Over the years, many talks about console jailbreaks have been presented at CCC. However, one console has been left overlooked: the Nintendo DSi. It didn't see any serious hacks in its active lifetime, the ones that eventually appeared aren't completely satisfactory, and several components (such as its boot ROMs) were left untouched. In this presentation, we rectify the situation, explain how to extract the boot ROMs, and demonstrate new jailbreaks that can take over the console at an even deeper level. As a bonus, this work makes it possible to revive consoles with worn-out eMMC NAND chips.\nThis presentation will start with an introduction to the hardware of the Nintendo DSi and the history of earlier hacking attempts. This is followed by an explanation on how to extract, analyze, and exploit the boot ROMs of the console, leading to a complete defeat of the security of the system.\nThis presentation will not shy away from technical explanations involving software exploitation, fault injection, cryptography, and hardware design. We will however try to make it understandable and enjoyable to less technically-inclined audiences.",
"liked":true,
"attended":true
},
{
"title":"Honey I federated the search engine - finding stuff online post-big tech",
"description":"It's getting harder and harder to find stuff on the Internet as search engines fill up with ads, SEO spam and AI generated hallucinations. In this talk I'll sketch out some possible options for truly personal Internet search that don't require nation state levels of resources, piggybacking on widely deployed standards like RSS and XML sitemaps, and meta search engines like SearXNG.",
"liked":true
},
{
"title":"Current status on post-quantum cryptography and ongoing standardization and implementations/protocols",
"description":"This lightning talk will give a brief and up-to-date overview of the on-going standardization processes of post-quantum cryptography (PQC) algorithms and methods (also called \"Quantum-Safe Cryptography\").\nThe main focus will be the relevant current developments of specific technical standards such as IETF RFC drafts for implementation and usage of post-quantum cryptography both on a conceptual and protocol level. A concise and rough timeline what to expect in terms of PQC will also be provided.",
"description":"The Sorbus Computer is a cheap 8-bit software defined computer. For under 15 Euros you can build a machine that you can run like an Apple 1, an educational system or a totally new machine.",
"description":"We recently installed a self-built photovoltaic system at our makerspace in Freiburg, utilizing repurposed solar panels. This eco-friendly initiative allows us to directly feed the generated energy into our power grid, enabling us to produce our own sustainable energy.\nI'll be presenting a brief overview of how we collaboratively constructed this innovative photovoltaic system within our community, highlighting the shared effort and ingenuity that went into its creation.",
"description":"You like coding and tinkering with software or hardware? And you are up for a challenge? Then the “Youth Hacking 4 Freedom” is the perfect competition to test your skills.\nThe third round of the FSFE's programming competition “Youth Hacking 4 Freedom” is open for registration. \"Youth Hacking 4 Freedom\" is a programming competition for European teenagers from 14 to 18 years old. The participants have the chance to work on their own project idea with the guidance of experts from the Free Software universe. There are no limitations for the projects as long as they are published under a Free Software license. In this competition young people can test their skills, learn how to work on a project under a deadline, and most importantly have fun while meeting different people from Europe. Hear all about the competition and how to participate in this lightning talk.",
"description":"I tracked down a four decade old TeX file Knuth used in a lecture from 1981 and restored the printed version.\nOn a whim I tried to find the handout Donald E. Knuth used in an intro course for TeX back in 1981, which I watched on YouTube. After finding a few specific search strings I came across files generated during that course in a big archive of the first Stanford A.I. Laboratory, where I found much more than I had hoped, including all the original TeX files for the course, which can still be processed by TeX today, after some adjustments.",
"liked":true,
"attended":true
},
{
"title":"Synthetic Sentience",
"subtitle":"Can Artificial Intelligence become conscious?",
"description":"Despite the rapid progress of AI capabilities, the core question of Artificial Intelligence seems to be still unanswered: What does it take to create a mind? Let us explore the boundaries of AI: sentience, self awareness, and the possibility of machine consciousness.\nAfter many attempts to build AI models that are smarter than human beings, we find ourselves confronted with a family of surprisingly successful systems that match many of our abilities through text prediction and text/image correlation. The limits of these approaches are presently unclear, and while they work in very different ways than our minds, they pose the question whether consciousness, embodiment and motivation are necessary for achieving general intelligence. What are the differences between human (and animal) minds and the current generation of AI models? When we compare perspectives on mind and consciousness that have been developed in neuroscience, philosophy of mind, theoretical and therapeutic psychology, and numerous cultural traditions, and translate them into the metaphysics and conceptual frameworks of artificial intelligence, we may gain insights into this question.",
"liked":true,
"attended":true
},
{
"title":"Demoscene now and then",
"subtitle":"The demoscene is an underground computer art culture.",
"speakers":["Lord/Spreadpoint"],
"date":"2023-12-28T20:15:00",
"location":"37C3",
"tags":["amiga","art","commodore","demoscene"],
"notes":"This one is good but it felt more like a fever dream.",
"description":"The demoscene is an underground computer art culture. The Speaker is a member of the Demoscene since the 1980ies and gives insights how it is now and how it was back in the days and how you can participate!\nThe term demoscene comes from the word demo, short for demonstration. In the context of the demoscene the word demo means a realtime audiovisual application which is demonstrating the capabilities of the machine it runs on.\nDemosceners (\"sceners\") are what we call the folks with too much free time that abuse their computer skills to create releases under the demoscene.\nDemosceners often use nicknames (\"nicks\" or \"handles\") to identify themselves. They also tend to hang out in so-called demogroups. Some demosceners are active members of multiple demogroups, with or without using the same nickname.\nLet's get one thing clear: the demoscene has no commercial purpose. The only thing you'll get out of the demoscene, and this only comes after investing a significant amount of your free time into it, is a few useful soft skills and a large community of computer nerd friends.\nDemoscene releases are meant to show the limits of the machines, the technical skills and artistic sensibility of the makers. There are no rules to what kind of release you can make on the demoscene. Some demos are made as technical benchmarks, others as conceptual art, most are done just for fun. It is entirely up to you to explore what you like doing and share it with other demosceners.\nDemoscene releases can be divided into certain categories:\nTrack, an audio piece, can be in an executable format, in a tracker module format or in a pre-rendered wav/mp3 format Graphics entry, drawn or rendered images with fixed resolutions and/or a restricted color palette Demo, an audiovisual real-time executable demonstration for a certain platform Intro, typically a demo with file size limitation all packed into a single executable file that includes all the assets (popular size formats are 256bytes, 512bytes, 1kb, 4kb, 8kb, 64kb) Animation, rendered graphics videos Demopack, a collection of demos in a single disk Musicdisk, a collection of demoscene tracks with an executable player interface Diskmag, a collection of texts about the demoscene with an executable graphics interface Wild entry, everything else (including live performances, videos of demos on uncommon platforms, videos about demomaking, etc) Releases typically occur at demoparties, gathering events for demosceners.",
"liked":true,
"attended":true
},
{
"title":"Tor censorship attempts in Russia, Iran, Turkmenistan",
"description":"In December 2021, months before the world watched Russia invade Ukraine, Russia rolled out comprehensive censorship of the Tor network and related Tor protocols. Then in October 2022, the latest wave of protests in Iran saw a huge spike in Tor usage followed by a swift crackdown of the most successful techniques. Meanwhile in 2023, Turkmenistan has blocked popular CDNs like Cloudflare and Akamai, most hosting providers like Hetzner and OVH, and much more.\nOn the depressing side, the global censorship trend continues to gain momentum, with some European countries alarmingly eager to get in on it. But resignation is boring: here we are, a tiny community of activists and relay/bridge operators around the world continuing to provide safe and private internet reachability for hundreds of thousands of people who are trying to be human beings under authoritarian regimes.\nWe will walk through \\*how\\* each of these countries deployed their Tor blocks, and what changes we made to let citizens continue to reach the Tor network. Looking at each case study through a Tor lens will let us compare/contrast the censorship attempts from each country, discuss future ideas for how to make sure the bytes can keep flowing, and talk through the political impacts.",
"liked":true,
"attended":true
},
{
"title":"Formalizing mathematics in the proof assistant Agda",
"description":"Some day, computers will help working mathematicians of all disciplines in finding and checking proofs. It will feel easy, effortless and natural. Computers might even surpass us, creating a new exciting niche for mathematicians: understanding the mathematical advances put forward by computers. The univalent foundations program by the late Vladimir Voevodsky was an important step towards this vision. However, we aren't there yet.\nStill even the current generation of theorem provers is very exciting. It's fun to talk the computer into accepting our proofs, and invariably we learn something about our proofs in the process.\nIn this workshop, we'll cover the basics of Agda, one of the well-known proof assistants. The workshop will start as a guided tour. You belong to the target audience iff you have some experience in writing down mathematical proofs, for instance if at some point you proved Gauß's sum formula using induction. Knowledge of Haskell is beneficiary (modulo syntax, Agda is a superset of a subset of Haskell), but not required.\nYou don't need to install Agda beforehand, we will use the online version at https://agdapad.quasicoherent.io/.\nLiterature: https://plfa.github.io/\nNote to other people planning self-organized sessions: We don't actually need the full size of Saal D. A room with about 20 seats is sufficient. On Day 0, we will scout the building for alternative options.",
"liked":true,
"attended":true
},
{
"title":"About Gamma-Ray Bursts And Boats",
"subtitle":"What We (Don't) Know About the Most Energetic Events in the Universe",
"description":"In October 2022 a gamma-ray burst dubbed the 'Brightest Of All Times' smashed records. But what is that actually, a gamma-ray burst? How do we detect it? And why was the BOAT so special?\nGamma-ray bursts are the biggest explosions in our Universe since the Big Bang: In just a few seconds, they release as much energy as the Sun will radiate over its entire lifetime. Even though they occur in far-away galaxies, their emission dominates the high-energy astrophysical sky during their seconds-long duration. They come from the cataclysmic deaths of very massive stars or the mergers of two compact objects such as neutron stars and black holes. In both cases the energy is concentrated in an astrophysical jet moving at approximately the speed of light.\nIn October 2022, a once-in-a-lifetime gamma-ray burst smashed records and was dubbed the 'Brightest of All Time,' or the BOAT. In fact, it was so bright that it oversaturated the most sensitive gamma-ray burst monitors, posing a challenge for data reconstruction and analysis. But why was it so bright? And how long do we have to wait until the next one?\nUsing the BOAT as an example, we will give an introduction about the fascinating phenomena called gamma-ray bursts. From their accidental discovery during the Cold War to our still surprisingly limited understanding of their nature. The talk will revisit the state-of-the-art of theoretical modelling/interpretations (how are jets launched? what produces the gamma rays?), as well as current detector techniques (how do we catch a gamma-ray photon on Earth or in space?). Naturally, we will also discuss what we really learn from prominent, outstanding events such as the BOAT -- and the questions that still give scientists headaches.",
"attended":true
},
{
"title":"How Many Planets in Our Solar System? Glad You Asked!",
"subtitle":"How Astronomy Knew 6 Planets, Then Found 20 More, Then Went Back To 8 (For Now)",
"description":"The Solar System has had 8 planets ever since Pluto was excluded in 2006. This has made a lot of people very angry and been widely regarded as a bad move. But did you know Neptune was discovered as the 12th planet? Or that, 80 years before Star Trek, astronomers seriously suspected a planet called Vulcan near the Sun? This talk will take you through centuries of struggling with the question: Do you even planet?!\nIn antiquity, scientists counted the 7 classical planets: the Moon, Mercury, Venus, the Sun, Mars, Jupiter and Saturn - but their model of the universe was wrong. Two thousand years later, a new model was introduced. It was less wrong, and it brought the number of planets down to 6: Mercury, Venus, Earth, Mars, Jupiter, Saturn. Since then, it's been a roller coaster ride of planet discoveries and dismissals.\nIn this talk, we stagger through the smoke and mirrors of scientific history. We meet old friends like Uranus and Neptune, forgotten lovers like Ceres, Psyche and Eros, fallen celebrities like Pluto, regicidal interlopers like Eris and Makemake as well as mysterious strangers like Vulcan, Planet X and Planet Nine.\nFind out how science has been tricked by its own vanity, been hampered by too little (or too much!) imagination, and how human drama can make a soap opera out of a question as simple as: How Many Planets in Our Solar System?",
"attended":true
},
{
"title":"How to build a submarine and survive",
"subtitle":"Wie wir mit begrenzten Mitteln ein U-Boot gebaut haben und was ihr draus lernen könnt.",
"speakers":["Elias","quirsh"],
"date":"2023-12-29T21:45:00",
"location":"37C3",
"tags":["engineering"],
"notes":"This one was as funny as it was insightful.",
"description":"3,4 Tonnen schwer, 4,3 Meter lang, Material: Stahl, Farbe: Orange und der Fahrzeugtyp ist „Sporttauchboot”. Vom Fund eines Drucktanks bis zum ersten Tauchgang auf den Grund eines Tagebausees – wir erzählen von unseren größten Herausforderungen sowie Fehlschlägen.\nWir laden euch ein zu einem technischen Beratungsgespräch für alle, die schonmal mit dem Gedanken gespielt haben, ein U-Boot zu bauen.\nDie einzelnen Systeme eines U-Boots sind nicht kompliziert. Aber die Schwierigkeit liegt in der Summe der Einzelsysteme, die auf engem Raum im Zusammenspiel sicher funktionieren müssen. Der Fokus des Vortrags liegt neben unserer kurzweiligen Geschichte auf den technischen Schwierigkeiten, zu denen sich in der Literatur wenig findet oder wegen derer es nicht gleich auf Anhieb funktioniert hat. Damit ihr, falls ihr ähnliches plant, einen besseren Start habt und von unseren Fehlern profitieren könnt.\nWas gibt es bei der Wahl eines geeigneten Drucktanks zu beachten?\nWie lässt sich eine wasserdichte Luke konstruieren?\nDrahtlose Unterwasserkommunikation mittels Ultraschall?\nWie bauen wir Redundanz in die Systeme ein?\nWie werden wir das CO2 los, um nicht zu ersticken?\nWarum sind auf einmal Risse in den Scheiben?\nWas tun, wenn nichts mehr geht?\nUnd was, wenn dann auch noch die Polizei kommt?\nIn dem Vortrag geht es nicht um Probleme anderer kaputter U-Boote. Wir werden das Titan-Desaster mit maximal einer Folie behandeln.\nMit Fotos von Selene Magnolia",
"liked":true,
"attended":true
},
{
"title":"Breathing Life into Legacy: An Open-Source Emulator of Legacy Apple Devices",
"subtitle":"A Dive into Reverse Engineering and Understanding the iPod Touch",
"description":"This talk presents QEMU-iOS, an open-source emulator of legacy Apple devices. I outline the process of emulating an iPod Touch 2G, discussing the technical challenges and reverse engineering methodologies applied. The talk starts with an overview of the project's goals and then outlines the reverse engineering process, utilizing tools like Ghidra for disassembling the Apple bootloader, XNU kernel, and other binaries. Then, I describe QEMU, a popular framework for emulation, and show how essential iPod Touch peripherals such as the touchscreen, storage, and display have been implemented. Finally, this talk touches upon the implications of open-sourcing this project, its contribution to the emulation and reverse engineering landscape, and its potential for future efforts to emulate newer Apple devices.\nDuring the past decades, Apple has created iconic devices that have found a place in the hands and hearts of millions of people around the world. As many of these devices have become obsolete, the importance of preserving their digital essence has grown. The emulation of legacy devices with software allows enthusiasts and researchers to explore and interact with them long after the original hardware has ceased to be available. Emulation, therefore, allows the digital preservation of obsolete hardware, ensuring these devices are accessible to future generations.\nThis talk describes a multi-year project named QEMU-iOS that lays the groundwork for emulating legacy Apple devices. In particular, we have focussed on emulating the iPod Touch 2G using QEMU, an open-source framework for hardware emulation. Yet, even emulating an old device with a few peripherals compared to contemporary devices is challenging since the specifications and inner workings of many peripherals are proprietary and completely undocumented.\nThe talk first describes the overall project motivation, goals, and vision. Then, I will discuss the reverse engineering process where multiple undocumented peripherals of the iPod Touch have been analyzed to understand and replicate their specifications in software. A key talking point will be the working of essential peripherals, including the cryptographic engines, the LCD, the Flash memory controller, various hardware communication protocols, the touchscreen driver, and other peripherals. The talk will also detail the booting procedure of the iPod Touch, elaborating on the emulation of the iBoot bootloader, the XNU kernel, and the Springboard application in iOS. Getting the boot chain up and running required extensive debugging efforts using powerful reverse engineering tools such as Ghidra to disassemble and analyze all essential binaries in the boot procedure. After outlining the reverse engineering process, I will present the implementation of QEMU-iOS, which entails a functional emulator that boots the iOS operating system, renders the display, and responds to touches on the screen.\nThe final part of this talk will touch upon the implications of open-sourcing this project, its contribution to the broader emulation and reverse engineering landscape, and the potential it holds for future efforts in emulating other legacy Apple devices, as well as the viability of emulating newer devices with advanced peripherals such as the Neural Engine. I will also discuss existing approaches, highlight where QEMU-iOS differs, and summarize the lessons learned while emulating these devices.\nThis talk is designed for a wide range of people, whether you are new to reverse engineering and emulation or have experience in these fields. The goal is to explain the technical challenges faced during this project in a way that's easy for beginners to understand while also providing more in-depth insights I discovered while working on QEMU-iOS. Through this talk, the aim is not only to share the technical knowledge gained from this project but also to explore the merits of emulation and reverse engineering to keep old devices alive.",
"description":"Do you have what it takes to become a Prompt Designer? Based on the Rap Battle format, Prompt Battle is a game show in which people compete against each other with the performative use of language. AI-supported text-to-image software enables the candidates to generate complex photos, images, and illustrations, seemingly out of thin air, by typing in image descriptions, so-called prompts. The audience will decide who will elicit the most surprising, disturbing or beautiful images from the latent space, and who will walk away carrying the prestigious title Prompt Battle Winner. \nThe Prompt Battle is a game show format with audience involvement that questions the meaning of prompt engineering in a playful and critical way. Based on the format of the Rap Battle, eight candidates compete against each other under time pressure on stage in a tournament to solve image and text tasks set for them. The audience decides who has won after each round. The rounds are interrupted by video interludes that illuminate the implications of text-to-image tools from different perspectives. The aim of the Prompt Battle is to address the numerous controversial questions that tools such as DALL·E, Stable Diffusion and Midjourney raise for professional creatives. Questions about the origin of training data, the value of creative work, the inflation of images, and the intellectual property of the content produced.\nSince 2022, rapid technological advances in the field of AI-generated content have raised a series of fundamental questions. For artists and designers, the first question is whether creativity can really be automated, and whether prompt engineering really is the future-proof key capability that some believe it to be. Behind the hype, far-reaching ethical, economic, copyright and aesthetic challenges and contradictions are emerging. The Prompt Battle uses the game show format to address these questions in a playful way by confronting the candidates and the audience with prompt engineering tasks tailored to the occasion.\nThe original Prompt Battle was developed at HTW Dresden by Sebastian Schmieg, Florian A. Schmidt, Bernadette Geiger, Robert Hellwig, Emily Krause, Levi Stein, Lina Schwarzenberg and Ella Zickerick.",
"attended":true
},
{
"title":"From Hacker to Furry - Why cat ears are just the beginning",
"speakers":["CheetahSpottycat"],
"date":"2023-12-30T00:15:00",
"location":"37C3",
"tags":["furries","hacking-lore"],
"notes":"This talk was extremely good, I didn't expect such an experience.",
"description":"The chairman of Europe's biggest furry conference explores the metaphysical and historical connection between furries and the information technology / hacker sphere through a bunch of war stories, anecdotes and drunken shower thoughts. Also a chance to ask a fandom veteran anything you can come up with you always (or never) wanted to know about furries.",
"liked":true,
"attended":true
},
{
"title":"Science-based psychedelic pharmacology",
"subtitle":"Recreational harm reduction",
"speakers":["hummuscience"],
"date":"2023-12-30T16:00:00",
"location":"37C3",
"tags":["psychedelics"],
"notes":"Most of the information from the slides comes from PsychonautWiki.",
"description":"I know we are all experts... But are we really? Most of our knowledge about mental enhancement comes from experience, friends or social context. Some of it is true, some of it is not. In this workshop we will try to go through some of the common myths and misconceptions in recreational contexts. Safety and Common mistakes. Backed by science 🤓! Let's make our spaces safer, for ourselves and our surroundings ❤️ This is not a Nootropic talk.",
"liked":true,
"attended":true
},
{
"title":"10 Tips for failing badly at Microservices",
"description":"Microservices are just a bunch hip new framework plus some AngularJS frontend or React, right? So, if you want to make sure that you absolutely and definitely fail at your Microservice project, then watch this talk and learn how. Using real world experience from multiple green field and brown field projects, I can show you: - how to ignore the mandatory organizational impact - how to focus on the code only without any regard towards ops and testing - continuous deployment is for losers. Real projects use their meat cloud for delivery - jumping onto every new and untested framework is a must - EventSourcing and CQRS are both free lunches. So, you can add complexity without any real need - ...and more. If you mind my tips, then surely you will fail at Microservices and your boss will never again try to move away from your beloved vintage monolith.",
"description":"An exploration from the chips on the PCB to how Linux makes the phone work. We'll go into how the hardware and the Linux device tree files are connected, how the different chips communicate, etc. Things I wish I had learned years ago!",