Suche
Beiträge, die mit 38C3 getaggt sind
If you’ve owned a CD player or other piece of digital audio gear manufactured since the 1980s, the chances are highly to has a TOSLINK port on the back. This is a interface that sends I2S digital audio data down a short length of optical fibre, and it’s designed to run between audio gear & an external DAC.
https://blog.benjojo.co.uk/post/sfp-experiment-ultra-long-range-toslink
#toslink #longrange #experiment #it #engineer #media #38c3 #tech #news
![TOSLINK is a ancient technology in optical fibre terms, with a lowish data rate and plastic fibre, but consider for a minute whether it could be adapted for modern ultra-high-speed conenctions. It’s what [Ben Cartwright-Cox] has done, and he delivered a talk about it at the recent 38C3 event in Germany.
It’s an interesting experiment, but perhaps the most value here is in what it reveals to us about the way optical networking systems work. Most of us don’t spend our days in data centres, so that’s an interesting technology to learn about.
<https://youtu.be/3qojgJGtTos>](https://nerdculture.de/system/media_attachments/files/113/815/605/289/490/254/original/9c970a869a138422.jpeg "TOSLINK is a ancient technology in optical fibre terms, with a lowish data rate and plastic fibre, but consider for a minute whether it could be adapted for modern ultra-high-speed conenctions. It’s what [Ben Cartwright-Cox] has done, and he delivered a talk about it at the recent 38C3 event in Germany.
It’s an interesting experiment, but perhaps the most value here is in what it reveals to us about the way optical networking systems work. Most of us don’t spend our days in data centres, so that’s an interesting technology to learn about.
<https://youtu.be/3qojgJGtTos>")
![[ImageSource: Ben Cartwright-Cox]
If you’ve cast you eye over any fibre networking equipment recently, you’ll be familiar with SFP ports. These are a standard for plug-in fibre terminators, and they can be had in a wide variety of configurations for different speeds, topographies, and wavelengths. They’re often surprisingly simple inside, so he wondered if he could use them to carry TOSLINK instead of a more conventional network.
And it worked, with the simple expedient of driving an SFP module with an LVDS driver to make a differential signal. There follows a series of experiments calling in favours from friends with data centre space in various locations around London, finally ending up with a 140 km round trip for CD-quality audio.](https://nerdculture.de/system/media_attachments/files/113/815/606/043/646/649/original/ef261c1e77a6c9e3.png "[ImageSource: Ben Cartwright-Cox]
If you’ve cast you eye over any fibre networking equipment recently, you’ll be familiar with SFP ports. These are a standard for plug-in fibre terminators, and they can be had in a wide variety of configurations for different speeds, topographies, and wavelengths. They’re often surprisingly simple inside, so he wondered if he could use them to carry TOSLINK instead of a more conventional network.
And it worked, with the simple expedient of driving an SFP module with an LVDS driver to make a differential signal. There follows a series of experiments calling in favours from friends with data centre space in various locations around London, finally ending up with a 140 km round trip for CD-quality audio.")
BEESAT-1 is a 1U cubesat launched in 2009 by the TU of Berlin. It has redundant computers onboard, so when the first one failed in 2011, it just switched over to the second. And when the backup failed in 2013, well, the satellite was “dead” — or rather sending back all zeroes.
https://media.ccc.de/v/38c3-hacking-yourself-a-satellite-recovering-beesat-1
#beesat1 #satellite #recovering #space #science #it #engineer #media #38c3 #tech #news
![Getting the job done required debugging the firmware remotely [like 700 km remotely]. Because it was sending back all zeroes, but sending back valid zeroes, that meant there was something wrong either in the data collection or the assembly of the telemetry frames. A quick experiment confirmed that the assembly routine fired off very infrequently, which was a parameter that’s modifiable in SRAM. Setting a shorter assembly time lead to success: valid telemetry frame.
Then comes the job of patching the bird in flight. [PistonMiner] pulled the flash down, and cobbled together a model of the satellite to practice with in the lab. And that’s when they discovered that the satellite doesn’t support software upload to flash, but does allow writing parameter words. The hack was an abuse of the fact that the original code was written in C++. Intercepting the vtables let them run their own commands without the flash read and write conflicting.](https://nerdculture.de/system/media_attachments/files/113/775/884/503/863/177/original/f10605f43d59c6c8.jpeg "Getting the job done required debugging the firmware remotely [like 700 km remotely]. Because it was sending back all zeroes, but sending back valid zeroes, that meant there was something wrong either in the data collection or the assembly of the telemetry frames. A quick experiment confirmed that the assembly routine fired off very infrequently, which was a parameter that’s modifiable in SRAM. Setting a shorter assembly time lead to success: valid telemetry frame.
Then comes the job of patching the bird in flight. [PistonMiner] pulled the flash down, and cobbled together a model of the satellite to practice with in the lab. And that’s when they discovered that the satellite doesn’t support software upload to flash, but does allow writing parameter words. The hack was an abuse of the fact that the original code was written in C++. Intercepting the vtables let them run their own commands without the flash read and write conflicting.")
![[ImageSource: media.ccc.de]
Of course, nothing is that easy. Bugs upon bugs, combined with the short communication window, made it even more challenging. And then there was the bizarre bit with the camera firing off after every flash dump because of a missing break in a case statement. But the camera never worked anyway, because the firmware didn’t get finished before launch.
Challenge accepted: [PistonMiner] got it working, and after fifteen years in space and ten years of being “dead”, BEESAT-1 was taking photos again. What caused the initial problem? NAND flash memory needs to be cleared to zeroes before it’s written, and a bug in the code lead to a long pause between the two, during which a watchdog timeout fired and the satellite reset, blanking the flash.
This talk is absolutely fantastic, but may be of limited practical use unless you have a long-dormant satellite to play around with. I can nearly guarantee that after watching this talk, you will wish that you did.](https://nerdculture.de/system/media_attachments/files/113/775/885/346/238/637/original/163fe15294482862.png "[ImageSource: media.ccc.de]
Of course, nothing is that easy. Bugs upon bugs, combined with the short communication window, made it even more challenging. And then there was the bizarre bit with the camera firing off after every flash dump because of a missing break in a case statement. But the camera never worked anyway, because the firmware didn’t get finished before launch.
Challenge accepted: [PistonMiner] got it working, and after fifteen years in space and ten years of being “dead”, BEESAT-1 was taking photos again. What caused the initial problem? NAND flash memory needs to be cleared to zeroes before it’s written, and a bug in the code lead to a long pause between the two, during which a watchdog timeout fired and the satellite reset, blanking the flash.
This talk is absolutely fantastic, but may be of limited practical use unless you have a long-dormant satellite to play around with. I can nearly guarantee that after watching this talk, you will wish that you did.")
Hacking yourself a satellite - recovering BEESAT-1
In 2013, the satellite BEESAT-1 started returning invalid telemetry, rendering it effectively unusable. Because it is projected to remain...media.ccc.de
https://events.ccc.de/congress/2024/hub/en/event/lets-talk-about-the-not-talking-about-gaza/
#38C3
#Palestine
#HackerCulture
[38c3] Let's talk about the not talking about Gaza
To the Chaos Computer Club, and to the larger community that makes the Chaos Communication Congress happen. Congress has been a place for policitized hackers from all around the world to meet, share and learn. Yet this year's 38C3 event has bee...38c3
1. The answer is not to surpress the expressions of solidarity with victims of genocide, wtf.
2. The C3 community deserves more trust than that.
In general I was proud of the fact that we had more badassery and fighting the power this year. Let's bring that energy and do it right. Give voice to Palestinians, humanitarians, and Israeli protesters and opposition.
To the Chaos Computer Club, and to the larger community that makes the Chaos Communication Congress happen.
Congress has been a place for policitized hackers from all around the world to meet, share and learn. Yet this year's #38C3 event has been lived by many of us as an awkward space of silencing and self-censoring with regards to the Palestinian #genocide. We couldn't help but feel terrified at that, although not completely surprised.
It has been dreadful to once again hear discussions in which the only "argument" issued was "it's a complex situation" when trying to face the harsh reality of a 2 million people country being destroyed, blocked and bombed with barely any food or clean water, while one of the last running hospital was bombed three days before.
As an heterogeneous group of people that are part of communities that are interested, active or impacted by the struggle for liberation of the Palestinian people, we've felt necessary to start this discussion.
What follows is a series of experiences, questions and reflections that have been shared in the self-organized session "Let's talk about the not talking about Gaza" that was announced on the last day of the Congress.
⟶ https://pastebin.aquilenet.fr/?0d2333b41ea9c648#CK385sttKzd2VaWV1KfZHjYQ7diEf2Z94eoo9ezMnpbg
paste.aquilenet.fr
Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.paste.aquilenet.fr
https://pastebin.aquilenet.fr/?0d2333b41ea9c648#CK385sttKzd2VaWV1KfZHjYQ7diEf2Z94eoo9ezMnpbg
“"The building is on fire"; we need to talk about the fire. Not addressing it will only make it grow. Let's spray some paint on the invisible elephant in the room and facilitate discussions about it even if it means leaving our comfort zones and facing conflicts.“
paste.aquilenet.fr
Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.paste.aquilenet.fr
Hamburg, 30.12.2024, Chaos Communication Congress, @ccc
https://events.ccc.de/congress/2024/hub/de/event/lets-talk-about-the-not-talking-about-gaza/
#38C3 #CCC #palestine #gaza #genocide
[38c3] Let's talk about the not talking about Gaza
To the Chaos Computer Club, and to the larger community that makes the Chaos Communication Congress happen. Congress has been a place for policitized hackers from all around the world to meet, share and learn. Yet this year's 38C3 event has bee...38c3
The last year, 37C3 covered how a group of hackers discovered code that allegedly bricked public trains in Poland when they went into service at a competitor’s workshop. This year, the same group is back with tales of success, lawsuits and appearances in the Polish Parliament.
https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure
#polish #trains #bricked #it #security #engineer #media #tech #38c3 #news
![You’re not going to believe this, but it’s hilarious.
The short version of the story is that [Mr. Tick], [q3k] and [Redford] became minor stars in Poland, have caused criminal investigations to begin against the train company, and even made the front page of the New York Times. Newag, the train manufacturer in question has opened several lawsuits against them.
The lawsuit alleges the team is infringing on a Newag copyright — by publishing the code that locked the trains, no less! If that’s not enough, Newag goes on to claim that the white hat hackers are defaming the company.](https://nerdculture.de/system/media_attachments/files/113/748/029/565/338/678/original/f64291d3bc70182a.jpeg "You’re not going to believe this, but it’s hilarious.
The short version of the story is that [Mr. Tick], [q3k] and [Redford] became minor stars in Poland, have caused criminal investigations to begin against the train company, and even made the front page of the New York Times. Newag, the train manufacturer in question has opened several lawsuits against them.
The lawsuit alleges the team is infringing on a Newag copyright — by publishing the code that locked the trains, no less! If that’s not enough, Newag goes on to claim that the white hat hackers are defaming the company.")
![[ImageSource: media.ccc.de]
What I found fantastically refreshing was how the three take all of this in stride, as the ridiculous but incredibly inconvenient consequences of daring to tell the truth. Along the way they’ve used their platform to speak out for open-sourcing publicly funded code, and the right to repair — not just for consumers but also for large rail companies. They are truly fighting the good fight here, and it’s inspirational to see that they’re doing so with humor and dignity.
If you missed their initial, more technical, talk last year, go check it out on media.ccc.de. And if you ever find yourself in their shoes, don’t be afraid to do the right thing. Just get a good lawyer.](https://nerdculture.de/system/media_attachments/files/113/748/030/564/414/854/original/a630bb1d6a16b2ee.png "[ImageSource: media.ccc.de]
What I found fantastically refreshing was how the three take all of this in stride, as the ridiculous but incredibly inconvenient consequences of daring to tell the truth. Along the way they’ve used their platform to speak out for open-sourcing publicly funded code, and the right to repair — not just for consumers but also for large rail companies. They are truly fighting the good fight here, and it’s inspirational to see that they’re doing so with humor and dignity.
If you missed their initial, more technical, talk last year, go check it out on media.ccc.de. And if you ever find yourself in their shoes, don’t be afraid to do the right thing. Just get a good lawyer.")
We've not been trained for this: life after the Newag DRM disclosure
You've probably already heard the story: we got contracted to analyze a bunch of trains breaking down after being serviced by independent...media.ccc.de
https://catileptic.tech/posts/relationship-anarchy/
i am thankful to each person who offered their thoughts. thankful for all the lovely conversations we had around the subject.
the #relationshipgeeks assembly was a cozy and safe home for all these connections and the orga team has been phenomenal.
stay safe, folx!
Relationship Anarchy. Dreaming In the Belly of the Whale (zine)
This is an example descriptioncatileptic.tech
When: 30.12 (day4) - 17:00
Where: UAct! #assembly in #ChaosZone on #38c3
https://events.ccc.de/congress/2024/hub/event/media-as-weapon-in-ukraine-and-in-germany
#disinformation #hybrid #warfare #media #attacks #polarization
[38c3] Media as a weapon in Ukraine and in Germany
This is not an expert speech but a draft analysis - something we stumbled upon and would like to share for discussion, better soon than perfect. You are free to join :)38c3
Terabytes of Volkswagen customer details in Amazon cloud storage remained unprotected for months, allowing anyone with little technical knowledge to track drivers movement or gather personal information.
https://www.ccc.de/de/updates/2024/wir-wissen-wo-dein-auto-steht
#volkswagen #electric #car #amazon #cloud #cariad #exposed #data #it #security #privacy #engineer #ccc #media #technology #38c3 #news
![Volkswagen’s automotive software company [Cariad], exposed data collected from around 800,000 electric cars. The info could be linked to drivers names and reveal precise vehicle locations [for some of them being as precise as a few centimeters]. The exposed databases include details for VW, Seat, Audi and Skoda vehicles.
Cariad was informed on November 26 of the issue by the Chaos Computer Club (CCC), the largest organization of ethical hackers in Europe that for more than 30 years has promoted security, privacy, and free access to information.
<https://www.ccc.de/en/>
Access to the car data was possible due to Cariad’s incorrect configuration in two IT applications, a company representative said.
The CCC hackers could access the data only after bypassing several security mechanisms that required significant time and technical expertise. Additionally, because individual vehicle data was pseudonymized for privacy purposes, the CCC hackers had to combine different data sets to associate the details with a particular user.](https://nerdculture.de/system/media_attachments/files/113/741/823/000/349/357/original/c60a31a85c531c6d.jpeg "Volkswagen’s automotive software company [Cariad], exposed data collected from around 800,000 electric cars. The info could be linked to drivers names and reveal precise vehicle locations [for some of them being as precise as a few centimeters]. The exposed databases include details for VW, Seat, Audi and Skoda vehicles.
Cariad was informed on November 26 of the issue by the Chaos Computer Club (CCC), the largest organization of ethical hackers in Europe that for more than 30 years has promoted security, privacy, and free access to information.
<https://www.ccc.de/en/>
Access to the car data was possible due to Cariad’s incorrect configuration in two IT applications, a company representative said.
The CCC hackers could access the data only after bypassing several security mechanisms that required significant time and technical expertise. Additionally, because individual vehicle data was pseudonymized for privacy purposes, the CCC hackers had to combine different data sets to associate the details with a particular user.")
[video]https://media.ccc.de/v/38c3-bioterrorism-will-save-your-life-with-the-4-thieves-vinegar-collective
#ycombinator #316 #38c3 #2024 #Ethics #Society_Politics #Chaos_Computer_Club #Video #Media #Streaming #Hacker
BioTerrorism Will Save Your Life with the 4 Thieves Vinegar Collective
Governments have criminalized the practice of managing your own health. Despite the fact that for most of human history bodily autonomy, ...media.ccc.de
Boosts appreciated!
Now we have a stable app that can print random shenanigans to the cutest little heat-discharging cat.
Their repo: https://github.com/knobs-dials/catprinter
We're both attending #38c3 and we'll probably carry the thermal cat printer with us :3
GitHub - knobs-dials/catprinter
Contribute to knobs-dials/catprinter development by creating an account on GitHub.GitHub
Germany is the second largest supplier of weapons to the genocidal war-criminal apartheid state.
Culture jam it. Hack the feeds and spread the truth. Disrupt the billionaire media. Break the genocidal supply chains.
#freepalestine
