jaliAug 19, 2023
Thank you for listening to the lecture "FIDO2 - the superior Multi Factor Authentication Framework " (https://pretalx.c3voc.de/camp2023/talk/R3ETSG/) at #CCCAmp23 on #CCCAmp23milliways.The Q&A is closed now
FIDO2 - the superior Multi Factor Authentication Framework Chaos Communication Camp 2023

Passwords suck, Multi Factor Authentication is hip, everyone wants to use it, but most methods rely on some kind of generated One-Time passcode, which are as vulnerable to phishing as the passwords they should help protect. Other possible factors, like app-based authentication also bring similar design flaws to the table A good alternative to insecure factors is the FIDO2 Standard, also sometimes referred to as WebAuthn, and its latest addition, passkeys. This presentation will demonstrate the functionality of FIDO2/WebAuthn and compare it to other possible (multiple) factors. It will also demo setup and some basic configuration. Special emphasis will be brought to passwordless authentication and the benefits and drawbacks of passkeys.

jaliAug 19, 2023

Hello and welcome to the lecture "FIDO2 - the superior Multi Factor Authentication Framework " (https://pretalx.c3voc.de/camp2023/talk/R3ETSG/).

I am your signal angel for this talk. If you have a question during the talk, please ask right away, and not just at the end, and give me a mention in it. I will collect your questions, and ask them in your stead in the Q&A.

Please tell, if you do not want me to read your nick.
#CCCamp23milliways

FIDO2 - the superior Multi Factor Authentication Framework Chaos Communication Camp 2023

Passwords suck, Multi Factor Authentication is hip, everyone wants to use it, but most methods rely on some kind of generated One-Time passcode, which are as vulnerable to phishing as the passwords they should help protect. Other possible factors, like app-based authentication also bring similar design flaws to the table A good alternative to insecure factors is the FIDO2 Standard, also sometimes referred to as WebAuthn, and its latest addition, passkeys. This presentation will demonstrate the functionality of FIDO2/WebAuthn and compare it to other possible (multiple) factors. It will also demo setup and some basic configuration. Special emphasis will be brought to passwordless authentication and the benefits and drawbacks of passkeys.

jaliAug 19, 2023
There is no more time for questions left, so the Q&A is skipped for this talk
#CCCamp23milliways
jaliAug 19, 2023

Hello and welcome to the lecture "Bootloader Crimes - Building disposable Windows VMs " (https://pretalx.c3voc.de/camp2023/talk/LLV8KV/).

I am your signal angel for this talk. If you have a question during the talk, please ask right away, and not just at the end, and give me a mention in it. I will collect your questions, and ask them in your stead in the Q&A.

Please tell, if you do not want me to read your nick.
#CCCamp23milliways

Bootloader Crimes - Building disposable Windows VMs Chaos Communication Camp 2023

Sometimes Windows can't be avoided, usually to run or dissect some weird piece of software. Fortunately, we have virtual machines for that, but installing or maintaining such an image is always a hassle. I built a web-tool based on open-source tools to make the experience of building such images much more enjoyable and discovered some interesting quirks and ways to run and install Windows.

jaliAug 19, 2023
Thank you for listening to the lecture "Unlock the Door to my Secrets, but don’t Forget to Glitch" (https://pretalx.c3voc.de/camp2023/talk/AS9MQY/) at #CCCAmp23 on #CCCAmp23milliways.
Unlock the Door to my Secrets, but don’t Forget to Glitch Chaos Communication Camp 2023

Microcontrollers are used in numerous applications and even in security-relevant areas, for example in form of hardware security tokens or crypto wallets. Hence, the non-volatile flash memory of microcontrollers contains sensitive assets such as cryptographic secrets or intellectual property, that need to be protected from being read out by adversaries. In order to prevent illegal extraction through the integrated debug interface, dedicated protection features are in place. In this talk, we take a look at an attack vector that we call *flash erase suppression*. This attack vector leverages that many microcontrollers allow to deactivate their debug interface protection under the condition that the entire flash memory is erased first. The attack suppresses this mass erase with a glitch whereby its contents are preserved and accessible through the activated debug interface. This type of attack was first presented by Schink et al. at CHES 2021, but only received little attention so far. The talk provides an introduction to this attack vector and gives a foretaste of a comprehensive analysis that will be published soon. The attack will be demonstrated live on stage with an exemplary microcontroller.

jaliAug 19, 2023

ello and welcome to the lecture "Unlock the Door to my Secrets, but don’t Forget to Glitch" (https://pretalx.c3voc.de/camp2023/talk/AS9MQY/).

I am your signal angel for this talk. If you have a question during the talk, please ask right away, and not just at the end, and give me a mention in it. I will collect your questions, and ask them in your stead in the Q&A.

Please tell, if you do not want me to read your nick.
#CCCamp23milliways

Unlock the Door to my Secrets, but don’t Forget to Glitch Chaos Communication Camp 2023

Microcontrollers are used in numerous applications and even in security-relevant areas, for example in form of hardware security tokens or crypto wallets. Hence, the non-volatile flash memory of microcontrollers contains sensitive assets such as cryptographic secrets or intellectual property, that need to be protected from being read out by adversaries. In order to prevent illegal extraction through the integrated debug interface, dedicated protection features are in place. In this talk, we take a look at an attack vector that we call *flash erase suppression*. This attack vector leverages that many microcontrollers allow to deactivate their debug interface protection under the condition that the entire flash memory is erased first. The attack suppresses this mass erase with a glitch whereby its contents are preserved and accessible through the activated debug interface. This type of attack was first presented by Schink et al. at CHES 2021, but only received little attention so far. The talk provides an introduction to this attack vector and gives a foretaste of a comprehensive analysis that will be published soon. The attack will be demonstrated live on stage with an exemplary microcontroller.

jaliAug 19, 2023
The next talk will be at 2:00 PM and is called "Unlock the Door to my Secrets, but don’t Forget to Glitch" (https://pretalx.c3voc.de/camp2023/talk/AS9MQY/).
Please remember to stay hydrated, it's going to be a hot day!
#CCCamp23milliways
Unlock the Door to my Secrets, but don’t Forget to Glitch Chaos Communication Camp 2023

Microcontrollers are used in numerous applications and even in security-relevant areas, for example in form of hardware security tokens or crypto wallets. Hence, the non-volatile flash memory of microcontrollers contains sensitive assets such as cryptographic secrets or intellectual property, that need to be protected from being read out by adversaries. In order to prevent illegal extraction through the integrated debug interface, dedicated protection features are in place. In this talk, we take a look at an attack vector that we call *flash erase suppression*. This attack vector leverages that many microcontrollers allow to deactivate their debug interface protection under the condition that the entire flash memory is erased first. The attack suppresses this mass erase with a glitch whereby its contents are preserved and accessible through the activated debug interface. This type of attack was first presented by Schink et al. at CHES 2021, but only received little attention so far. The talk provides an introduction to this attack vector and gives a foretaste of a comprehensive analysis that will be published soon. The attack will be demonstrated live on stage with an exemplary microcontroller.

jaliAug 19, 2023

Thank you for listening to the lecture ""Hack My handicap " (https://pretalx.c3voc.de/camp2023/talk/38XP9W/). at #CCCAmp23 on #CCCAmp23milliways.

Q&A is closed now.

If you have further questions for our speaker, or you would like to participate in the "bootchoo" project, send an email to <mailto:[email protected]>s

#CCCamp23milliways

Hack My handicap Chaos Communication Camp 2023

Our environment is full of technologies, connected objects and other gadgets that make our daily life much easier. It is indeed, quite easy to remotely command all kind of devices from our smartphones, with a single click. These technologies are also very efficient to help compensate certain handicaps but they have limits when it regards people whose handicap – or combination thereof - prevents them from manipulating a smartphone, reading a screen or using vocal commands. The good news is that it is not necessary to reinvent the wheel as alternative ways to interact with our technological environment, already exist. These solutions however, often stay inaccessible because their usage is judged too complex, their implementation considered time-consuming but mostly because of their (outrageous) price. As a patient, it can be very frustrating to be shut down from these possibilities to improve our quality of life and become more independent. That’s why I turned all my hopes to open-source hardware and tools, right after my I soldered my first TV-B-Gone, about 10 years ago :) I’ve been working on this “Impossible Interface” ever since. I can only describe it as a universal remote control that can also interact with non connected physical objects like the buttons of a lift or a simple light switch. The name Impossible Interface was chosen because of the amount of time I was told it was impossible to build such a device, especially for less than 500 euros but ... Bootchoo II, my latest prototype basically is a Arduino compatible 5 Axis Robot Arm (https://www.adeept.com/robotic-arm-uno_p0118.html) to which I just added a Bluetooth module and I am currently testing several ways of controls it. Ideally, commanding that little bot could be personalized depending on the type of handicap(s) that needs to be compensated. I am currently focusing on patients with low finger mobility, testing different sizes of joysticks as well as other “alternative remote” possibilities such as the ones offered by the MCH2022 badge and the Flipper Zero. As for the reason why I submitting this small talk – even though I am very shy – is because it is precisely not about me. Being as autonomous as possible is a need we all share and it should not be considered a luxury. I’ve mostly worked alone on this project but I got a lot of support from the Hacking Health Besançon association (https://hacking-health.org/fr/besancon-fr/), since I submitted this project during their latest edition. I’ll also admit that it is also time to ask for help to make this open-source assistive robot, safer, stronger and smarter and I can’t think of a better place to share my humble experiments, than at CCCamp.

jaliAug 19, 2023

Hello and welcome to the lecture "Hack My handicap " (https://pretalx.c3voc.de/camp2023/talk/38XP9W/).

I am your signal angel for this talk. If you have a question during the talk, please ask right away, and not just at the end, and give me a mention in it. I will collect your questions, and ask them in your stead in the Q&A.

Please use the hashtag #cccamp23milliways for your questions.

Please tell, if you do not want me to read your nick.
#CCCamp23milliways

Hack My handicap Chaos Communication Camp 2023

Our environment is full of technologies, connected objects and other gadgets that make our daily life much easier. It is indeed, quite easy to remotely command all kind of devices from our smartphones, with a single click. These technologies are also very efficient to help compensate certain handicaps but they have limits when it regards people whose handicap – or combination thereof - prevents them from manipulating a smartphone, reading a screen or using vocal commands. The good news is that it is not necessary to reinvent the wheel as alternative ways to interact with our technological environment, already exist. These solutions however, often stay inaccessible because their usage is judged too complex, their implementation considered time-consuming but mostly because of their (outrageous) price. As a patient, it can be very frustrating to be shut down from these possibilities to improve our quality of life and become more independent. That’s why I turned all my hopes to open-source hardware and tools, right after my I soldered my first TV-B-Gone, about 10 years ago :) I’ve been working on this “Impossible Interface” ever since. I can only describe it as a universal remote control that can also interact with non connected physical objects like the buttons of a lift or a simple light switch. The name Impossible Interface was chosen because of the amount of time I was told it was impossible to build such a device, especially for less than 500 euros but ... Bootchoo II, my latest prototype basically is a Arduino compatible 5 Axis Robot Arm (https://www.adeept.com/robotic-arm-uno_p0118.html) to which I just added a Bluetooth module and I am currently testing several ways of controls it. Ideally, commanding that little bot could be personalized depending on the type of handicap(s) that needs to be compensated. I am currently focusing on patients with low finger mobility, testing different sizes of joysticks as well as other “alternative remote” possibilities such as the ones offered by the MCH2022 badge and the Flipper Zero. As for the reason why I submitting this small talk – even though I am very shy – is because it is precisely not about me. Being as autonomous as possible is a need we all share and it should not be considered a luxury. I’ve mostly worked alone on this project but I got a lot of support from the Hacking Health Besançon association (https://hacking-health.org/fr/besancon-fr/), since I submitted this project during their latest edition. I’ll also admit that it is also time to ask for help to make this open-source assistive robot, safer, stronger and smarter and I can’t think of a better place to share my humble experiments, than at CCCamp.

jaliAug 19, 2023
We've just been informed, that the speaker, betalars is ill. So he will not be able to deliver the talk at this time. We all hope he get's well soon, and wish you a great camp. #CCCamp23milliways