Reflections on hardware, talks, and other interactions at the 36th Chaos Communication Congress.

36c3 Talks and Toys

This is a continuation of 36c3 and Me

• Hardware
  • ChameleonMini
  • Black Crystal Crypto Wallet
  • Built on Lightning
    • M5Stacking Sats
    • Lightning Beer Tap
    • Raspiblitz
  • Fomu
  • TIF-IT Crypto Card
• Talks
  • Plundervolt
  • Open Source is Insufficient to Solve Trust Problems in Hardware
  • Science for Future?
  • Intel Management Deep Dive
  • Hacking with a TPM
  • Linux on Open Source Hardware with Open Source chip design
  • Infrastructure Review
  • HAL - The Open-Source Hardware Analyzer
  • Hacking an NFC toy with the ChameleonMini
  • Fundamentals of EEG based Brain-Computer Interfaces

Hardware

Congress is not really about the talks, it’s about the creatures and their toys–talks can always be watched later, in between Congresses.

I went to a lot of assemblies and talked to a variety of people. There were some self-organized sessions that I went to specifically to get closer to the hardware and the creatures that made them.

Kasper-Oswald ChameleonMini Rev.G

Dr.-Ing. Timo Kasper gave an introductionary workshop for the ChameleonMini. I saw this on Day 1 of Congress and realized I would have to miss a talk that I could watch later (a hardware talk titled Open Source is Insufficient to Solve Trust Problems in Hardware by bunnie, Sean “xobs” Cross and Tom Marble)

The workshop was a great introduction to the Chameleon. I had been exposed to this device before by my friend and fellow security researcher, Lance R. Vick.

a freely programmable, portable tool for NFC security analysis that can emulate and clone contactless cards, read RFID tags and sniff/log RF data.

-ChameleonMini README.md

Lance showed me how to clone an RFID badge that gets me into my office. It was a demonstration of just how easy it is to ‘bump’ someone and get access to their shiny badge key. It was a good demo–and that was how I was first exposed to the Red Chameleon.

I have not yet had time to install the toolchain and get things running. Docs are at github.com/emsec/ChameleonMini. I’m looking forward to exploring this device in the future.

Black Crystal Crypto Wallet (M5Stack Core – ESP32)

The black Crystal workshop was an educational workshop attempting to learn about better ways to host workshops for learning how to make your own hardware wallet with the trezor crypto library

The workshop was held at the Critical Decentralization Cluster by the #monero-ccc people, specifically Matthias Tarasiewicz and Alex.

At the beginning of the workshop, Matthias said that anyone who contributes via a git commit to the Black Crystal repo would be able to take the M5Stack Core device with them, in the hopes they would contribute more to the project. It’s a project who’s aim is to help people use cryptocurrency, so I was automatically intrigued and wanted to help.

My contribution was small, but I thought it would help in the long-run by documenting the various steps required to get the m5stack-monero example Arduino Sketch up and running on a linux environment running Ubuntu.

You can find that contribution here

I really like the ESP32 platform, and look forward to making more contributions to this project and upstream dependencies.

During the workshop there was work done to implement the esp_random() call to generate a bip39-compliant wallet. That contribution can be found here. Later on I learned about the “Stacking Sats” project, which was helping operate the beer dispenser/keg at the bitcoin assembly.

Built on Lightning

M5Stacking Sats

The M5Stack Core was a new wrapper on a device I really like–the esp32. I should have recognized this form factor though from my last time at Camp and Congress. It was fun to see this device at the 402 Payment Required assembly after working with it at the Balck Crystal Crypto Wallet workshop.

On one of the tables at the assembly were a set of Point-of-Sales devices that triggered certain actions when payment was received. One of the devices dispensed candy, the other one blew bubbles when payment was received.

• github.com/arcbtc/M5StackSats
• github.com/arcbtc/1.21

Lightning Beer Tap

The lightning beer tap at the 402 Payment Required assembly has been a regular there for some time.

I’m not sure if the tech stack comes from the puzzle/lightning-beer-tap project, but it certainly looks like it does.

Raspiblitz

Raspiblitz is a raspberry pi device serving as a lightning node. The code is available on github at rootzoll/raspiblitz. It’s straightforward to setup thanks to the documentation and tutorials.

Fomu

Who

Sean “xobs” Cross and Tom Marble

What

Fomu

an FPGA in your USB port! I have 128 kilobytes of RAM, and enough logic cells to run a RISC-V CPU and a USB softcore. I have four contact pads that can easily be used to make two buttons. And I have an RGB LED, because everyone loves blinky things!

How I got one

Friend: Get to the hardware hacking assembly fast,
        they're giving away Fomu's.
        All you have to do is install the toolchain.

Me:     Heading over <installs toolchain while walking>

The Workshop

fomu-workshop

Participants were told they would be given a free fomu board if they could prove that they had correctly installed the toolchain. From there they could run through the workshop at their own pace, asking questions and requesting troubleshooting help from xobs and Tom Marble.

Next Steps

Investigate tools like tinyusb and circuitpython and see if something like this keyboard example will work.

TIF-IT Crypto Cards

URL: https://pgp.tif-it.org/

TIF-IT is a company I had not heard until coming to Congress. The people working there showed up to the first and second YubiKey 101 workshops my friends and I hosted on Days 2 and 3 of Congress.

They were friendly enough to demonstrate their product after we finished with the Simple GPG setup demonstration.

My friends and I are always interested in getting our hands on different type of gpg smartcards. We had already introduced ourselves to the Nitrokey people, and are friends of Yubico.

I did not have time to use the two cards they gave me. But I plan on setting up the toolchain to do so and documenting it in the hashbang book under the personal-hsms section.

Talks

Some of the talks I attended in person (or bookmarked for later).

Plundervolt

Kit Murdock and Daniel Gruss present the Plundervolt attack

in which a privileged software adversary abuses an undocumented Intel Core voltage scaling interface to corrupt the integrity of Intel SGX enclave computations.

ccc media link

The presenters nailed the talk and had the crowd laughing and engaged during the entire presentation.

Open Source is Insufficient to Solve Trust Problems in Hardware

ccc media link

Science for Future?

ccc media link

It’s not too late to stop severe suffering of the human species, although our future does look bleak.

Intel Management Engine Deep Dive

This truly was a deep dive in the Intel Management Engine.

ccc media link

Hacking with a TPM

ccc media link

Great talk for anyone interested in learning about TPMs

Linux on Open Source Hardware with Open Source chip design

ccc media link

Infrastructure Review

ccc media link

The scale of CCC has always impressed me. Being a part of the Congress as an angel gave me a deeper understanding of how Congress runs so efficiently and smoothly.

HAL - The Open-Source Hardware Analyzer

ccc media link

Hacking an NFC toy with the ChameleonMini

ccc media link

Now that I have a Chameleon Mini, this talk will come in handy.

Fundamentals of EEG based Brain-Computer Interfaces

ccc media link

I spent a lot of time hacking on EEG projects with the Muse, Emotiv, and OpenBCI headsets. I wish I had known about this talk. It would have been great to attend and ask the speaker questions. Alas, there is so much at Congress, planning and organizing amidst all the chaos can be quite the challenge.