{"acronym":"39c3","aspect_ratio":"16:9","updated_at":"2026-04-07T12:45:08.202+02:00","title":"39C3: Power Cycles","schedule_url":"","slug":"congress/2025","event_last_released_at":"2026-02-03T00:00:00.000+01:00","link":"https://events.ccc.de/congress/2025/","description":"The 39th Chaos Communication Congress (39C3) takes place in Hamburg on 27-30 Dec 2025, and is the 2025 edition of the annual four-day conference on technology, society and utopia organized by the Chaos Computer Club (CCC) and volunteers. Congress offers lectures and workshops and various events on a multitude of topics including (but not limited to) information technology and generally a critical-creative attitude towards technology and the discussion about the effects of technological advances on society.","webgen_location":"congress/2025","logo_url":"https://static.media.ccc.de/media/congress/2025/logo.svg","images_url":"https://static.media.ccc.de/media/congress/2025","recordings_url":"https://cdn.media.ccc.de/congress/2025","url":"https://api.media.ccc.de/public/conferences/39c3","events":[{"guid":"3f442497-4f90-5868-ac13-3f4b0f857c59","title":"How To Minimize Bugs in Cryptography Code","subtitle":null,"slug":"39c3-how-to-minimize-bugs-in-cryptography-code","link":"https://events.ccc.de/congress/2025/hub/event/detail/how-to-minimize-bugs-in-cryptography-code","description":"\"Don't roll your own crypto\" is an often-repeated aphorism. It's good advice -- but then how does any cryptography get made? Writers of cryptography code like myself write code with bugs just like anyone else, so how do we take precautions against our own mistakes? In this talk, I will give a peek into the cryptographer's toolbox of advanced techniques to avoid bugs: targeted testing, model checking, mathematical proof assistants, information-flow analysis, and more. None of these techniques is a magic silver bullet, but they can help find flaws in reasoning about tricky corner cases in low-level code or prove that higher-level designs are sound, given a defined set of assumptions. We'll go over some examples and try to give a high-level feel for different workflows that create \"high-assurance\" code. Whether you know it or not, you use this type of cryptography code every day: in your browser, your messaging apps, and your favorite programming language standard libraries.\n\nOver the last 10 years or so, using mathematical proof assistants and other formal-logic tools for cryptography code has gone from a relatively new idea to standard practice. I've been lucky enough to have a front-row seat to that transformation, having started doing formal-methods research in 2015 and then switched to a focus on cryptography implementation since 2021. Code from my master's thesis project, [\"fiat-crypto\"](https://github.com/mit-plv/fiat-crypto), is [included](https://andres.systems/fiat-crypto-adoption.html) in every major browser as well as AWS, Cloudflare, Linux, OpenBSD, and standard crypto libraries for Go, Zig, and Rust (RustCrypto, dalek). In addition to verifying code correctness, designers of high-level protocols like Signal's recently announced post-quantum ratchet increasingly use mathematical tools (ProVerif in Signal's case) to check their work.\n\nDespite the growing popularity of these formal techniques and their relevance to personal information security, few people are aware of them, and they maintain a reputation for being hard to learn and esoteric. I'd like to demystify the topic and show examples of how anyone can use proof assistants in small, standalone ways as part of the coding or design process. My hope is that next time a colleague asks for review of a complex high-speed bit-twiddling algorithm, instead of staring at the code line-by-line, attendees of my talk will know they can write a computer-checked proof to confirm or deny that the algorithm achieves its intended result.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Jade"],"tags":["1989","2025","39c3","Security","Zero","39c3-eng","39c3-deu","Day 2"],"view_count":6262,"promoted":false,"date":"2025-12-28T22:05:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-07T07:15:03.005+02:00","length":2403,"duration":2403,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1989-3f442497-4f90-5868-ac13-3f4b0f857c59.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1989-3f442497-4f90-5868-ac13-3f4b0f857c59_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1989-3f442497-4f90-5868-ac13-3f4b0f857c59.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1989-3f442497-4f90-5868-ac13-3f4b0f857c59.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-how-to-minimize-bugs-in-cryptography-code","url":"https://api.media.ccc.de/public/events/3f442497-4f90-5868-ac13-3f4b0f857c59","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"832b4de9-1ee3-5905-a4dc-692a71ac87d3","title":"Don’t look up: There are sensitive internal links in the clear on GEO satellites","subtitle":null,"slug":"39c3-don-t-look-up-there-are-sensitive-internal-links-in-the-clear-on-geo-satellites","link":"https://events.ccc.de/congress/2025/hub/event/detail/don-t-look-up-there-are-sensitive-internal-links-in-the-clear-on-geo-satellites","description":"We pointed a commercial-off-the-shelf satellite dish at the sky and examined all of the geostationary satellite communications visible from our vantage point. A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure, internal corporate and government communications, private citizens’ voice calls and SMS, and consumer Internet traffic from in-flight wifi and mobile networks.\n\nIn this talk, we will cover our hardware setup, alignment techniques, our parsing code, and survey some of the surprising finds in the data.  This talk will include some previously unannounced results.  This data can be passively observed by anyone with a few hundred dollars of consumer-grade hardware. There are thousands of geostationary satellite transponders globally, and data from a single transponder may be visible from an area as large as 40% of the surface of the earth.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Nadia Heninger","Annie Dai"],"tags":["1827","2025","39c3","Security","One","39c3-eng","39c3-deu","39c3-fra","Day 2"],"view_count":14459,"promoted":false,"date":"2025-12-28T22:05:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-07T12:45:05.551+02:00","length":2304,"duration":2304,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1827-832b4de9-1ee3-5905-a4dc-692a71ac87d3.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1827-832b4de9-1ee3-5905-a4dc-692a71ac87d3_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1827-832b4de9-1ee3-5905-a4dc-692a71ac87d3.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1827-832b4de9-1ee3-5905-a4dc-692a71ac87d3.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-don-t-look-up-there-are-sensitive-internal-links-in-the-clear-on-geo-satellites","url":"https://api.media.ccc.de/public/events/832b4de9-1ee3-5905-a4dc-692a71ac87d3","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"a481eb2e-8b78-5f97-bfee-a47d1a271010","title":"Security Nightmares","subtitle":null,"slug":"39c3-security-nightmares","link":"https://events.ccc.de/congress/2025/hub/event/detail/security-nightmares","description":"Was hat sich im Jahr 2025 im Bereich IT-Sicherheit getan? Welche neuen Methoden, Buzzwords und Trends waren zu sehen? Was waren die fiesesten Angriffe und die teuersten Fehler?\n\nWir wagen auch den IT-Security-Ausblick auf das Jahr 2026. Der ist wie immer mit Vorsicht zu genießen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Constanze Kurz","Ron"],"tags":["1965","2025","39c3","CCC \u0026 Community","One","39c3-deu","39c3-eng","39c3-fra","Day 4"],"view_count":110677,"promoted":false,"date":"2025-12-30T14:45:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-07T12:45:06.636+02:00","length":3787,"duration":3787,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1965-a481eb2e-8b78-5f97-bfee-a47d1a271010.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1965-a481eb2e-8b78-5f97-bfee-a47d1a271010_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1965-a481eb2e-8b78-5f97-bfee-a47d1a271010.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1965-a481eb2e-8b78-5f97-bfee-a47d1a271010.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-security-nightmares","url":"https://api.media.ccc.de/public/events/a481eb2e-8b78-5f97-bfee-a47d1a271010","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"4972548a-618e-56a1-8328-3abe474a31ab","title":"Verschlüsselung brechen durch physischen Zugriff - Smartphone Beschlagnahme durch Polizei","subtitle":null,"slug":"39c3-verschlusselung-brechen-durch-physischen-zugriff-smartphone-beschlagnahme-durch-polizei","link":"https://events.ccc.de/congress/2025/hub/event/detail/verschlusselung-brechen-durch-physischen-zugriff-smartphone-beschlagnahme-durch-polizei","description":"Eine zwar profane Methode der Überwachung, die Polizeibehörden in Deutschland jedoch hunderttausendfach anwenden, ist das Auslesen von Daten beschlagnahmter Smartphones und Computer. Dazu nutzt die Polizei Sicherheitslücken der Geräte mithilfe forensischer Software von Herstellern wie Cellebrite oder Magnet aus. Die Verfassungsmäßigkeit der Rechtsgrundlagen ist zweifelhaft. Im Vortrag werden anhand aktueller Fälle technische und juristische Hintergründe erörtert.\n\nStaatstrojaner, Chat-Kontrolle, Wanzen. Die Mittel staatlicher Überwachung sind vielfältig und teilweise technisch sehr komplex. Dabei ist es leicht, den Überblick zu verlieren. Ein relativ profanes Mittel, das Polizeibehörden in Deutschland hunderttausendfach anwenden, ist die Beschlagnahme von Smartphones und Laptops sowie das Auslesen ihrer Daten. Genaue Statistiken gibt es nicht. Es dürften jedoch mehr Fälle sein als bei der einfachen Telekommunikationsüberwachung. Allein in Sachsen-Anhalt waren es innerhalb von fünf Jahren 13.000 Smartphones.\n\nAuch bei leichten Straftaten und Ordnungswidrigkeiten beschlagnahmt die Polizei regelmäßig Datenträger - insbesondere Smartphones und Laptops - etwa beim Verdacht einer Beleidigung oder bei der Handynutzung im Straßenverkehr. Oft werden auch Hausdurchsuchungen durchgeführt und dabei alle technischen Geräte beschlagnahmt und durchsucht. Die Verfassungsmäßigkeit dieser polizeilichen Praxis ist sehr zweifelhaft. Das Bundesinnenministerium plante in der letzten Legislatur sogar, die Kompetenzen der Polizei auszuweiten wodurch auch heimliche Hausdurchsuchungen möglich werden sollten. Damit könnte die Polizei heimlich Staatrojaner installieren oder sog. Evil-Maid-Angriffe vorbereiten. Die Strafverfolgungsbehörden stützen sich auf die Beschlagnahmevorschriften der §§ 94 ff. Strafprozessordnung, die seit 1877 im Wesentlichen unverändert geblieben sind und in ihrem Wortlaut weder die Möglichkeit eines Datenzugriffs noch die Modalitäten und Grenzen einer Datenauswertung regeln. Auch wird die Maßnahme nicht auf Straftaten einer gewissen Schwere begrenzt und es fehlen Vorgaben zum Schutz besonders sensibler Daten, die etwa in den Kernbereich der persönlichen Lebensführung fallen. Im Rahmen einer Durchsuchung ermöglicht es der §§ 110 Strafprozessordnung eine vorläufige Sicherung und Durchsicht der Speichermedien. Auch diese Vorschrift reicht nicht aus, um Grundrechte angemessen zu schützen, da mit der kompletten Ausforschung des gesamten Datenbestandes ein gravierender Grundrechtseingriff in die Privatsphäre der Betroffenen verbunden ist und gesetzlich keine angemessenen Grenzen gesetzt werden.\n\nGerade auf Smartphones befinden sich oft höchstpersönliche Daten wie Chats mit der Familie oder dem*der Partner*in, Fotos, Kontakte, Standortdaten und Dating-Apps. Darüber hinaus sind die Geräte regelmäßig mit Cloud-Diensten und anderen Datenträgern verbunden. Auf all diese Daten können Polizeibehörden dann zugreifen.\nMöglich wird das durch Software von Firmen wie Cellebrite, MSAB oder Magnet. Diese nutzen Sicherheitslücken aus, um die Verschlüsselung von Smartphones zu knacken. Wie auch bei Sicherheitslücken für Staatstrojaner sind die Sicherheitslücken, die diese Firmen ausnutzen, den Herstellern nicht bekannt. Damit unterstützen deutsche Behörden ein System, dass die Geräte aller unsicher macht. Auch die Bitlocker-Verschlüsselung von Windows-Computern lässt sich oft umgehen. Dies ermöglicht den Strafverfolgungsbehörden den freien und unbeschränkten Zugang zu allen persönlichen Daten, ohne angemessene gesetzliche oder gerichtliche Kontrolle und Überprüfung. Auch für die betroffenen Personen wird nicht erkennbar, in welchem Ausmaß Daten durchsucht und ausgewertet wurden. Im Vortrag wird der aktuelle Stand und die Probleme von Verschlüsselung von Windows und Linux Computern sowie Android und iOS Smartphones erläutert.\n\nAm Beispiel des Journalisten Hendrik Torners, dessen Smartphone beschlagnahmt wurde, nachdem er eine polizeiliche Maßnahme nach einer Klimademonstration beobachtet hatte und nun im Rahmen einer Verfassungsbeschwerde dagegen vorgeht, sowie weiterer öffentlich diskutierter Fälle wie [#Pimmelgate](https://events.ccc.de/congress/2025/hub/tag/Pimmelgate) besprechen die Vortragenden die technischen und juristischen Hintergründe.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Davy Wang","Viktor Schlüter"],"tags":["1882","2025","39c3","Ethics, Society \u0026 Politics","Ground","39c3-deu","39c3-eng","Day 3"],"view_count":19073,"promoted":false,"date":"2025-12-30T00:15:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-07T12:45:05.476+02:00","length":2296,"duration":2296,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1882-4972548a-618e-56a1-8328-3abe474a31ab.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1882-4972548a-618e-56a1-8328-3abe474a31ab_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1882-4972548a-618e-56a1-8328-3abe474a31ab.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1882-4972548a-618e-56a1-8328-3abe474a31ab.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-verschlusselung-brechen-durch-physischen-zugriff-smartphone-beschlagnahme-durch-polizei","url":"https://api.media.ccc.de/public/events/4972548a-618e-56a1-8328-3abe474a31ab","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"d921f5af-9d6b-5ff3-8fe8-147467b23c65","title":"The Angry Path to Zen: AMD Zen Microcode Tools and Insights","subtitle":null,"slug":"39c3-the-angry-path-to-zen-amd-zen-microcode-tools-and-insights","link":"https://events.ccc.de/congress/2025/hub/event/detail/the-angry-path-to-zen-amd-zen-microcode-tools-and-insights","description":"[EntrySign](https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking) opened the door to custom microcode on AMD Zen CPUs earlier this year. Using a weakness in the signature verification we can load custom microcode updates and modify behavior of stock AMD Zen 1-5 CPUs. While AMD has released patches to address this weakness on some CPUs, we can still use unpatched systems for our analysis.\n\nIn this talk we cover what we found out about microcode, what we saw in the microcode ROM, the tooling we build, how we worked to find out more and how you can write \u0026 test your own microcode on your own AMD Zen systems. We have our tools up on [GitHub](https://github.com/AngryUEFI) for everyone to play around with and hopefully help us understand microcode more than we currently do.\n\nModern CPUs often translate the complex, user visible instruction set like x86_64 into a simpler, less feature rich internal instruction set. For simple instructions this translation is done by a fast path decoding unit. However some instructions, like `wrmsr` or `rdrand` are too complex to decode that way. These instructions instead are translated using a microcode decoder that can act almost like an execution engine. The microcode decoder still emits internal instructions into the pipeline, but allows for features like conditional branches and calls \u0026 returns. All of this logic happens during a single x86_64 instruction and is usually hidden from the outside world. At least since AMD K8, launched in 2003, AMD CPUs allowed updating this microcode to fix bugs made in the original implementation.\n\nBuilding on our [previous](https://media.ccc.de/v/34c3-9058-everything_you_want_to_know_about_x86_microcode_but_might_have_been_afraid_to_ask) [experience](https://media.ccc.de/v/35c3-9614-inside_the_amd_microcode_rom) with AMD K8 \u0026 K10 microcode and [EntrySign](https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking) [published](https://media.ccc.de/v/why2025-156-entrysign-create-your-own-x86-microcode-for-fun-and-profit) earlier this year, we took a closer look at AMD Zen 1-5 CPUs. We build on top of [Zentool](https://github.com/google/security-research/tree/master/pocs/cpus/entrysign/zentool) to understand more instructions and created a set of tools to easily create microcode patches as well as apply them on CPUs. We can modify the behavior of instructions and observe some usually not visible internal state by supplying our own microcode update.\n\nLike on K8, we extracted the physical ROM on the CPU using an electron microscope to read the hardcoded microcode on a Zen 1 CPU. Using the understanding of the microcode encoding we could then start disassembling the contents and understand how some instructions are implemented. While there are still a lot of things we don't understand, we could follow control flow and analyze algorithms like the XXTEA decryption of the microcode update.\n\nTo start off this work, we implemented a set of tools that allow easy testing of microcode updates without the need for a fully featured OS. That way we can run timing tests with low noise and don't risk data corruption if we corrupt a vital instruction. To continue our naming scheme from our work on K8 we dubbed this the AngryTools, all of them available on [GitHub](https://github.com/AngryUEFI). The core components are a UEFI application running from RAM, AngryUEFI, and a Python framework for test writing on a client computer, AngryCAT. AngryUEFI starts on the test system and waits for AngryCAT tests supplied via TCP. These tests usually consist of a microcode update that gets loaded on the target CPU core and a buffer with x64 instructions that get run afterwards. AngryUEFI then sends back information about the test execution. AngryUEFI also recovers most faults caused by invalid microcode, often even allowing reuse of a CPU core after a failed test run. We also added some syscall-like interfaces to support more complex data collection like [IBS](https://reflexive.space/zen2-ibs/).\n\nTo make it easier to write custom microcode updates we also implemented [ZenUtils](https://github.com/AngryUEFI/ZenUtils), a set of Python tools. So far we support single line assembly and disassembly based on architecture specification for Zen 1 \u0026 2 with limited support for other Zen architectures. We also include a macro assembler that can create a full microcode update from an assembly-like input file. Later we will also extend ZenUtils with utilities to sign and en/decrypt microcode updates. Currently we rely on Zentool for these tasks.\n\nWe also show some basic examples of how microcode programs work, from a simple CString strlen implementation in a single x64 instruction to a [subleq](https://esolangs.org/wiki/Subleq) VM implemented entirely in microcode. These show off the basics of microcode programming, like memory loads \u0026 stores, arithmetic and conditional branches. We are also currently looking at other examples and more complex programs.\n\nWe hope this talk shows you how to start throwing random bits at your own AMD Zen CPU to figure out what each bit does and help us in further understanding the instruction set. We welcome improvements to the tooling and even entirely new tools to help analyze microcode updates and the ROM.\n\nIf you are already familiar with EntrySign, we only cover the very basics of it and focus more on what we learned after having a foothold in the microcode.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Benjamin Kollenda"],"tags":["1729","2025","39c3","Security","Fuse","39c3-eng","39c3-deu","Day 3"],"view_count":3652,"promoted":false,"date":"2025-12-29T20:10:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-07T12:45:08.199+02:00","length":2194,"duration":2194,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1729-d921f5af-9d6b-5ff3-8fe8-147467b23c65.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1729-d921f5af-9d6b-5ff3-8fe8-147467b23c65_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1729-d921f5af-9d6b-5ff3-8fe8-147467b23c65.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1729-d921f5af-9d6b-5ff3-8fe8-147467b23c65.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-the-angry-path-to-zen-amd-zen-microcode-tools-and-insights","url":"https://api.media.ccc.de/public/events/d921f5af-9d6b-5ff3-8fe8-147467b23c65","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"49b35210-41ea-547d-86da-1ca62612c7b6","title":"CCC-Jahresrückblick","subtitle":null,"slug":"39c3-ccc-jahresruckblick","link":"https://events.ccc.de/congress/2025/hub/event/detail/ccc-jahresruckblick","description":"Das war nicht das Jahr 2025, das wir bestellt hatten.\n\n2025 war ein gutes Jahr für Exploits, kein gutes Jahr für die Freiheit und ein herausragendes für schlechte Ideen. Regierungen kämpften weiter für Massenüberwachung, natürlich mit KI-Unterstützung™. Kriege wurden weiter „digitalisiert“, Chatkontrolle als Kinderschutz verkauft, Waffensysteme haben inzwischen mehr Autonomie als die meisten Bürger*innen und künstliche Intelligenz löst endlich alle Probleme – vor allem die, die bisher niemand hatte.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Constanze Kurz","khaleesi","Matthias Marx","Linus Neumann","erdgeist"],"tags":["2397","2025","39c3","CCC \u0026 Community","One","39c3-deu","39c3-eng","39c3-fra","Day 2"],"view_count":86900,"promoted":false,"date":"2025-12-28T16:35:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-07T11:45:06.660+02:00","length":5513,"duration":5513,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2397-49b35210-41ea-547d-86da-1ca62612c7b6.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2397-49b35210-41ea-547d-86da-1ca62612c7b6_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2397-49b35210-41ea-547d-86da-1ca62612c7b6.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2397-49b35210-41ea-547d-86da-1ca62612c7b6.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-ccc-jahresruckblick","url":"https://api.media.ccc.de/public/events/49b35210-41ea-547d-86da-1ca62612c7b6","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"a4d303fc-6761-551a-834e-204bc539eab4","title":"Breaking architecture barriers: Running x86 games and apps on ARM","subtitle":null,"slug":"39c3-breaking-architecture-barriers-running-x86-games-and-apps-on-arm","link":"https://events.ccc.de/congress/2025/hub/event/detail/breaking-architecture-barriers-running-x86-games-and-apps-on-arm","description":"Presenting FEX, a translation layer to run x86 apps and games on ARM devices: Learn why x86 is such a pain to emulate, what tricks and techniques make your games fly with minimal translation overhead, and how we are seamless enough that you'll forget what CPU you're using in the first place!\n\nARM-powered hardware in laptops promises longer battery life at the same compute performance as before, but a translation layer like FEX is needed to run existing x86 software. We'll look at the technical challenges involved in making this possible: designing a high-performance binary recompiler, translating Linux system calls across architectures, and forwarding library calls to their ARM counterparts.\n\nGaming in particular poses extreme demands on FEX and raises further questions: How do we enable GPU acceleration in an emulated environment? How can we integrate Wine to run Windows games on Linux ARM? Why is Steam itself the ultimate boss battle for x86 emulation? And why in the world do we care more about page sizes than German standardization institutes?\n\nThis talk will be accessible to a technical audience and gaming enthusiasts alike. However, be prepared to learn cursed knowledge you won't be able to forget!\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Tony Wasserka"],"tags":["2079","2025","39c3","Hardware","Ground","39c3-eng","39c3-deu","39c3-pol","Day 1"],"view_count":10244,"promoted":false,"date":"2025-12-27T23:00:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-07T12:45:05.888+02:00","length":2315,"duration":2315,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2079-a4d303fc-6761-551a-834e-204bc539eab4.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2079-a4d303fc-6761-551a-834e-204bc539eab4_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2079-a4d303fc-6761-551a-834e-204bc539eab4.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2079-a4d303fc-6761-551a-834e-204bc539eab4.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-breaking-architecture-barriers-running-x86-games-and-apps-on-arm","url":"https://api.media.ccc.de/public/events/a4d303fc-6761-551a-834e-204bc539eab4","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"a877c904-f887-588e-9637-9b1df2f019dd","title":"10 years of Dieselgate","subtitle":null,"slug":"39c3-10-years-of-dieselgate","link":"https://events.ccc.de/congress/2025/hub/event/detail/10-years-of-dieselgate","description":"Let's have a (hopefully) final look at Diesel emission cheating. This technical talk summarizes what I learned by reverse-engineering dozens of engine ECU software, how I found and characterized \"interesting logic\" which, more often than not, ended up being a court-approved \"defeat device\".\n\nWhat started as a \"curious investigation\" in 2015 to obtain a ground truth to widespread media reports of \"VW being caught for cheating\" ended up as a full-blown journey through the then-current state of the Diesel car industry.\n\nIn this talk, Karsten and Felix will walk through the different implementation of defeat devices, their impact on emissions, and the challenges in documenting seemingly black boxes in court-proven expert reports.\n\n10 years ago, Felix spent a lot of sleepless nights on reverse-engineering the Diesel software that implemented the (by now) well-known \"Acoustic Function\" defeat device; he presented my findings at the 32c3 and 33c3 in 2015 and 2016, expecting this to be the last time we needed to hear about this.\n\nLittle did he know about the extent of the Diesel emissions cheating. Since then he has analyzed many more vehicles, learned a bit or two about mechanical engineering problems of cars.\n\nKarsten, working as a court-appraised expert, will add his unique view on the challenges in documenting software that was never meant to be understood by the public.\n\nThis talk will discuss methodologies of independent analysis of highly dynamic systems that many people see as black boxes (but that, of course, are not: they are just machines running software).\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Felix Domke","Karsten Burger"],"tags":["1451","2025","39c3","Security","One","39c3-eng","39c3-deu","39c3-fra","Day 3"],"view_count":19389,"promoted":false,"date":"2025-12-29T21:45:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-07T08:15:05.509+02:00","length":3536,"duration":3536,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1451-a877c904-f887-588e-9637-9b1df2f019dd.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1451-a877c904-f887-588e-9637-9b1df2f019dd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1451-a877c904-f887-588e-9637-9b1df2f019dd.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1451-a877c904-f887-588e-9637-9b1df2f019dd.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-10-years-of-dieselgate","url":"https://api.media.ccc.de/public/events/a877c904-f887-588e-9637-9b1df2f019dd","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"49ceb68c-bcbe-592f-9c62-b1085f657190","title":"Fossile Industrie liebt KI!","subtitle":null,"slug":"39c3-fossile-industrie-liebt-ki","link":"https://events.ccc.de/congress/2025/hub/event/detail/fossile-industrie-liebt-ki","description":"Der Hype um generative KI und die Gasindustrie bilden in Zeiten der Klimakrise eine bedrohliche Allianz für die Zukunft des Planeten.\n\nObwohl die negativen Klimaauswirkungen generativer KI immer deutlicher werden, sollen in ganz Europa Großrechenzentren gebaut werden und Deutschland „KI-Nation“ werden, was ungeahnte „Wirtschaftskräfte freisetzen soll“ – zumindest, wenn es nach der Bundesregierung geht.\n\nDer Ausbau der Recheninfrastruktur für generative KI benötigt viel Energie, Wasser und Ressourcen, was global zu Umweltschäden führt. Prognosen für die EU zeigen, dass der Energieverbrauch in Zukunft so groß werden könnte, dass der Ausbau der erneuerbaren Energien nicht mithalten kann – doch die fossile Industrie steht bereits in den Startlöchern.\n\nDer Hype um generative KI liefert ihnen die perfekte Begründung für den Ausbau fossiler Infrastruktur- mitten in der eskalierenden Klimakrise. Tech- und Fossilkonzerne investieren massiv in neue Gaskraftwerke für energiehungrige Rechenzentren.  Dabei ist der wirtschaftliche Nutzen und die Wertschöpfung durch die Technologie weiterhin unklar.\nKlar ist: wir erleben derzeit eine fossile Gegenoffensive im Gewand digitaler Versprechen. Auf Kosten des Klimas und der Zukunft.\n\nDieser Vortrag schließt an den Talk \"Klimaschädlich by Design\" vom 38C3 an und gibt Updates zu Entwicklungen in Deutschland und Europa.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Stefan","Yannik \u0026 Rike","Moritz Leiner"],"tags":["1668","2025","39c3","Ethics, Society \u0026 Politics","Zero","39c3-deu","39c3-eng","39c3-fra","Day 4"],"view_count":5412,"promoted":false,"date":"2025-12-30T12:50:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-07T12:15:05.492+02:00","length":2274,"duration":2274,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1668-49ceb68c-bcbe-592f-9c62-b1085f657190.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1668-49ceb68c-bcbe-592f-9c62-b1085f657190_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1668-49ceb68c-bcbe-592f-9c62-b1085f657190.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1668-49ceb68c-bcbe-592f-9c62-b1085f657190.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-fossile-industrie-liebt-ki","url":"https://api.media.ccc.de/public/events/49ceb68c-bcbe-592f-9c62-b1085f657190","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"e0739bd6-f804-5fde-8cf6-fc940567bf45","title":"Asahi Linux - Porting Linux to Apple Silicon","subtitle":null,"slug":"39c3-asahi-linux-porting-linux-to-apple-silicon","link":"https://events.ccc.de/congress/2025/hub/event/detail/asahi-linux-porting-linux-to-apple-silicon","description":"In this talk, you will learn how Apple Silicon hardware differs from regular laptops or desktops.\nWe'll cover how we reverse engineered the hardware without staring at disassembly but by using a thin hypervisor that traces all MMIO access and then wrote Linux drivers.\nWe'll also talk about how upstreaming to the Linux kernel works and how we've significantly decreased our downstream patches in the past year.\n\nAs an example, we will use support for the Type-C ports and go into details why these are so complex and required changes across multi subsystems.\n\nIn the end, we'll briefly talk about M3/M4/M5 and what challenges we will have to overcome to get these supported.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["sven"],"tags":["1611","2025","39c3","Hardware","One","39c3-eng","39c3-deu","39c3-jpn","Day 4"],"view_count":45174,"promoted":false,"date":"2025-12-30T11:00:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-07T12:15:05.954+02:00","length":2276,"duration":2276,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1611-e0739bd6-f804-5fde-8cf6-fc940567bf45.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1611-e0739bd6-f804-5fde-8cf6-fc940567bf45_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1611-e0739bd6-f804-5fde-8cf6-fc940567bf45.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1611-e0739bd6-f804-5fde-8cf6-fc940567bf45.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-asahi-linux-porting-linux-to-apple-silicon","url":"https://api.media.ccc.de/public/events/e0739bd6-f804-5fde-8cf6-fc940567bf45","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"fa59ce23-205c-5cd9-a7de-8ba768e3bf3f","title":"Aber hier Leben? Nein danke! …oder doch? Wie wir der autoritären Zuspitzung begegnen können.","subtitle":null,"slug":"39c3-aber-hier-leben-nein-danke-oder-doch-wie-wir-der-autoritaren-zuspitzung-begegnen-konnen","link":"https://events.ccc.de/congress/2025/hub/event/detail/aber-hier-leben-nein-danke-oder-doch-wie-wir-der-autoritaren-zuspitzung-begegnen-konnen","description":"Im Osten stehen nächstes Jahr schon wieder Wahlen an und schon wieder sieht alles danach aus, als ob die AfD eine Regierungsbeteiligung bekommen könnte. Ganz konkret: In Sachsen-Anhalt und Mecklenburg-Vorpommern. Nicht nur diese \"rosigen\" Aussichten, sondern auch aktuelle Bevölkerungsprognosen werfen gar kein günstiges Licht auf die Regionen. Linke Akteur:innen vor Ort kämpfen täglich dagegen an und sie brauchen unsere Solidarität. Wir müssen dem etwas entgegensetzen. Egal ob als Hacker:innen auf dem Congress oder Westdeutsche in (noch) Grünen Gemeinden. \n\nWo kommt das alles her? Wer macht aktuell etwas dagegen und wie können wir dem rechten Sog begegnen?\n\nMit dem „Super-Ost-Wahljahr“ 2024 (Landtagswahlen in Sachsen, Thüringen und Brandenburg) wurden bereits alle möglichen AfD-Regierungs-Horrorszenarien in Ostdeutschland in den Medien diskutiert und ausgemalt. Nächstes Jahr stehen jedoch noch die Landtagswahlen in Sachsen-Anhalt und Mecklenburg-Vorpommern an. Und die Prognosen sehen auch dort übel aus. Wären morgen Wahlen, würde die AfD in Sachsen-Anhalt 39% der Stimmen und in Mecklenburg-Vorpommern 38% bekommen. Um dem etwas entgegenzusetzen müssten wüste Bündnisse aus CDU, Die Linke, SPD und BSW entstehen. Kurzum: LSA und MV sind verloren!\n\nZusätzlich schrumpfen beide Bundesländer und altern gleichzeitig. In Sachsen-Anhalt gibt es keinen einzigen „wachsenden“ Ort. Weniger Kinder, immer mehr ältere Menschen, Fachkräftemangel und ein „Männerüberschuss“ – wer will da schon noch Leben und dem rechten Sog die Stirn bieten? Emanzipatorische Akteur:innen verlassen das Land, denn sie werden angegriffen und kriminalisiert. Also: Mauer drum und sich selbst überlassen? Ganz nach dem alten Tocotronic Song „Aber hier Leben? Nein danke!“\n\nWir wollen den Osten aber nicht aufgeben, deshalb beleuchten wir in unserem Talk, wie wir mit einer gemeinsamen Kraftanstrengung die Mauer vermeiden können – denn es gibt sie (noch): Die Gegenstimmen und Linken Aktiven die in beiden Bundesländern täglich die Fähnchen hochhalten. Ob die „Zora“ in Halberstadt, das „AZ Kim Hubert“ in Salzwedel oder das „Zentrum für Randale und Melancholie“ in Schwerin: Sie organisieren Austauschräume, alternative Konzerte und Orte, die für alle Menschen offen sind. Sie brauchen unseren Support und wir zeigen euch Möglichkeiten wie dieser aussehen könnte.\n\nAußerdem wollen wir ins Gespräch kommen. Was hat eigentlich „der Westen“ mit all dem zu tun? Warum können wir es uns nicht länger leisten unpolitisch oder inaktiv zu sein? Wie kann die Chaos-Bubble sich in die ostdeutschen Herzen hacken? Und was können wir alle tun, um gemeinsam zu preppen und uns den Herausforderungen zu stellen?\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Jaša Hiergeblieben","Lisa Zugezogen"],"tags":["1776","2025","39c3","Ethics, Society \u0026 Politics","Ground","39c3-deu","39c3-eng","39c3-por","Day 3"],"view_count":7223,"promoted":false,"date":"2025-12-29T20:30:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-07T10:15:04.758+02:00","length":3469,"duration":3469,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1776-fa59ce23-205c-5cd9-a7de-8ba768e3bf3f.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1776-fa59ce23-205c-5cd9-a7de-8ba768e3bf3f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1776-fa59ce23-205c-5cd9-a7de-8ba768e3bf3f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1776-fa59ce23-205c-5cd9-a7de-8ba768e3bf3f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-aber-hier-leben-nein-danke-oder-doch-wie-wir-der-autoritaren-zuspitzung-begegnen-konnen","url":"https://api.media.ccc.de/public/events/fa59ce23-205c-5cd9-a7de-8ba768e3bf3f","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"1bbd6873-6f69-59a8-8eb2-926acc763d7e","title":"Of Boot Vectors and Double Glitches: Bypassing RP2350's Secure Boot","subtitle":null,"slug":"39c3-of-boot-vectors-and-double-glitches-bypassing-rp2350-s-secure-boot","link":"https://events.ccc.de/congress/2025/hub/event/detail/of-boot-vectors-and-double-glitches-bypassing-rp2350-s-secure-boot","description":"In August 2024, Raspberry Pi released their newest MCU: The RP2350. Alongside the chip, they also released the RP2350 Hacking Challenge: A public call to break the secure boot implementation of the RP2350. This challenge concluded in January 2025 and led to five exciting attacks discovered by different individuals.\n\nIn this talk, we will provide a technical deep dive in the RP2350 security architecture and highlight the different attacks. Afterwards, we talk about two of the breaks in detail---each of them found by one of the speakers. In particular, we first discuss how fault injection can force an unverified vector boot, completely bypassing secure boot. Then, we showcase how double glitches enable direct readout of sensitive secrets stored in the one-time programmable memory of the RP2350.\n\nLast, we discuss the mitigation of the attacks implemented in the new revision of the chip and the lessons we learned while solving the RP2350 security challenge. Regardless of chip designer, manufacturer, hobbyist, tinkerer, or hacker: this talk will provide valuable insights for everyone and showcase why security through transparency is awesome.\n\nThe RP2350 is one of the first generally available microcontrollers with active security-features against fault-injection such as glitch-detectors, the redundancy co-processor, and other pieces to make FI attacks more difficult.\n\nBut security on paper often does not mean security in real-life. Luckily for us, Raspberry Pi also ran the RP2350 Hacking Challenge: A public bug bounty that has exactly these attacks in-scope. During the hacking challenge 5 different attacks were found on the secure-boot process - one of which was shown at 38C3 by Aedan Cullen.\n\nIn this talk, we talk about all successful attacks - including laser fault-injection, a reset glitch, and a double-glitch during execution of the bootrom - to show all the different ways in which a chip can be attacked.\n\nWe also talk about the awesomeness of an open security-ecosystem for chips: Raspberry Pi was very transparent on the findings, and worked with researchers to improve the new revision of the chip.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["stacksmashing","nsr"],"tags":["2149","2025","39c3","Security","Ground","39c3-eng","39c3-deu","Day 1"],"view_count":8630,"promoted":false,"date":"2025-12-27T16:00:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-07T12:30:08.151+02:00","length":3088,"duration":3088,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2149-1bbd6873-6f69-59a8-8eb2-926acc763d7e.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2149-1bbd6873-6f69-59a8-8eb2-926acc763d7e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2149-1bbd6873-6f69-59a8-8eb2-926acc763d7e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2149-1bbd6873-6f69-59a8-8eb2-926acc763d7e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-of-boot-vectors-and-double-glitches-bypassing-rp2350-s-secure-boot","url":"https://api.media.ccc.de/public/events/1bbd6873-6f69-59a8-8eb2-926acc763d7e","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"8ddb3a95-bce6-56a7-89f6-d2d50d084e9f","title":"Laser Beams \u0026 Light Streams: Letting Hackers Go Pew Pew, Building Affordable Light-Based Hardware Security Tooling","subtitle":null,"slug":"39c3-laser-beams-light-streams-letting-hackers-go-pew-pew-building-affordable-light-based-hardware-security-tooling","link":"https://events.ccc.de/congress/2025/hub/event/detail/laser-beams-light-streams-letting-hackers-go-pew-pew-building-affordable-light-based-hardware-security-tooling","description":"Stored memory in hardware has had a long history of being influenced by light, by design. For instance, as memory is represented by the series of transistors, and their physical state represents 1's and 0's, original EPROM memory could be erased via the utilization of UV light, in preparation for flashing new memory.\nNaturally, whilst useful, this has proven to be an avenue of opportunity to be leveraged by attackers, allowing them to selectively influence memory via a host of optical/light-based techniques. As chips became more advanced, the usage of opaque resin was used as a \"temporary\" measure to combat this flaw, by coating chips in a material that would reflect UV.\nPresent day opinions are that laser (or light) based hardware attacks, are something that only nation state actors are capable of doing Currently, sophisticated hardware labs use expensive, high frequency IR beams to penetrate the resin.\nThis project demonstrates that with a limited budget and hacker-and-maker mentality and by leveraging more inexpensive technology alternatives, we implement a tool that does laser fault injection, can detect hardware malware, detect supply chain chip replacements, and delve into the realm of laser logic state imaging.\n\nStored memory in hardware has had a long history of being influenced by light, by design. For instance, as memory is represented by the series of transistors, and their physical state represents 1's and 0's, original EPROM memory could be erased via the utilization of UV light, in preparation for flashing new memory.\n\nNaturally, whilst useful, this also has proven to be an avenue of opportunity to be leveraged by attackers, allowing them to selectively influence memory via a host of optical/light-based techniques. As chips became more advanced, the usage of opaque resin was used as a \"temporary\" measure to combat this flaw, by coating chips in a material that would reflect undesirable UV.\n\nPresent day opinions are that laser (or light) based hardware attacks, are something that only nation state actors are capable of doing; due to both limitations of cost in tooling as well as personnel expertise required. Currently, sophisticated hardware labs use expensive, high frequency IR beams to penetrate the resin.\n\nThis project demonstrates that with a limited budget and hacker-and-maker mentality, similar results can be obtained at a fraction of the cost, from the comfort of your home or garage. With the modifications of an opensource low-cost microscope, addition of a home-built beam splitter and interchangeable diode laser, it has been shown that consumer-grade diodes are capable of producing results similar to the high-cost variants, such as the YAG lasers.\n\nOne example of results includes introducing affordable avenues to conduct laser-based fault injection, via the usage of such budget-friendly tooling. We are opening the study of these low-level hardware attacking methodologies to more entry-level security testers, without the need for hundreds of thousands of dollars in startup capital.\n\nBy leveraging more affordable technology alternatives, we have embarked on a mission to uncover hardware malware, detect supply-chain chip replacements, and delve into the realm of laser-logic-state imaging. Our approach integrates optics, laser selection, and machine learning components.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Patch","Sam. Beaumont (PANTH13R)"],"tags":["1924","2025","39c3","Hardware","Fuse","39c3-eng","39c3-deu","Day 4"],"view_count":3675,"promoted":false,"date":"2025-12-30T12:50:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-07T12:15:05.162+02:00","length":2502,"duration":2502,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1924-8ddb3a95-bce6-56a7-89f6-d2d50d084e9f.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1924-8ddb3a95-bce6-56a7-89f6-d2d50d084e9f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1924-8ddb3a95-bce6-56a7-89f6-d2d50d084e9f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1924-8ddb3a95-bce6-56a7-89f6-d2d50d084e9f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-laser-beams-light-streams-letting-hackers-go-pew-pew-building-affordable-light-based-hardware-security-tooling","url":"https://api.media.ccc.de/public/events/8ddb3a95-bce6-56a7-89f6-d2d50d084e9f","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"94c5aafc-0742-500b-92bd-ca6f2ceb37a1","title":"Wer hat Angst vor dem Neutralitätsgebot?","subtitle":null,"slug":"39c3-wer-hat-angst-vor-dem-neutralitatsgebot","link":"https://events.ccc.de/congress/2025/hub/event/detail/wer-hat-angst-vor-dem-neutralitatsgebot","description":"Wer überhaupt „neutral“ sein muss, was das bedeutet, und wer sich jetzt wehren muss.\n\n„Neutralität“ wird zum neuen Kampfbegriff: Weil sie gegen die menschenfeindliche Politik von Friedrich Merz protestieren, wirft die CDU Gruppen wie Omas gegen Rechts, Greenpeace und Correctiv vor, nicht neutral zu sein. Unter Berufung auf ein angeblich verletztes Neutralitätsgebot werden staatliche Förderungen gestrichen und NGOs geraten unter Beobachtung des Verfassungsschutzes.\nJulia Klöckner verbietet im Namen der „Neutralität“ Palestine-Shirts, Anstecknadeln und Regenbogenflaggen im Parlament. Die AfD fordert dazu auf, Lehrkräfte zu melden, die sich gegen Rechtsextremismus einsetzen oder entsprechende Positionen innerhalb der AfD kritisieren.\nDoch was steckt dahinter?\nWas bedeutet das sogenannte Neutralitätsgebot – und für wen gilt es überhaupt?\nUnd für wen gilt es nicht?\nZivilcourage kann nicht neutral sein – und soll es auch nicht sein. Genauso wie AfD-Hetze gegen Migrant*innen nicht „neutral“ ist, ist die Kritik menschenfeindlicher Äußerungen nicht nur legitim, sondern Pflicht demokratischer Bürger*innen. Das Beschwören eines „Neutralitätsgebots“ für NGOs ist ein durchschaubarer, aber gefährlicher Versuch, sie der eigenen Position zu unterwerfen.\nDie Rechtsanwältinnen Vivian Kube und Hannah Vos erklären den verfassungsrechtlichen Hintergrund, zeigen die autoritären Strategien hinter dem Ruf nach „Neutralität“ auf und geben Tipps, wie man sich dagegen wehren kann.\nSie engagieren sich im Projekt Gegenrechtschutz, um demokratische Prinzipien und Betroffene vor rechtlichen Angriffen zu verteidigen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Hannah Vos","Vivian Kube"],"tags":["2199","2025","39c3","Ethics, Society \u0026 Politics","One","39c3-deu","39c3-eng","39c3-fra","Day 3"],"view_count":13853,"promoted":false,"date":"2025-12-29T13:50:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-07T12:45:05.234+02:00","length":2521,"duration":2521,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2199-94c5aafc-0742-500b-92bd-ca6f2ceb37a1.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2199-94c5aafc-0742-500b-92bd-ca6f2ceb37a1_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2199-94c5aafc-0742-500b-92bd-ca6f2ceb37a1.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2199-94c5aafc-0742-500b-92bd-ca6f2ceb37a1.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-wer-hat-angst-vor-dem-neutralitatsgebot","url":"https://api.media.ccc.de/public/events/94c5aafc-0742-500b-92bd-ca6f2ceb37a1","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"62f556ab-b1b4-51fb-9c86-b49ea1f3c45f","title":"Excuse me, what precise time is It?","subtitle":null,"slug":"39c3-excuse-me-what-precise-time-is-it","link":"https://events.ccc.de/congress/2025/hub/event/detail/excuse-me-what-precise-time-is-it","description":"With PTP 1588, AES67, and SMPTE 2110, we can transmit synchronous audio and video with sub-millisecond latency over the asynchronous medium Ethernet. But how do you make hundreds of devices agree on the exact same nanosecond on a medium that was never meant to care about time?\nPrecision Time Protocol (IEEE 1588) tries to do just that. It's the invisible backbone of realtime media standards like AES67 and SMPTE 2110, proprietary technologies such as Dante, and even critical systems powering high-frequency trading, cellular networks, and electric grids.\n\nWhere even a few microseconds of drift can turn perfect sync into complete chaos.\nThis talk takes a deep dive into the mysterious world of precise time distribution in large networks. We’ll start by exploring how PTP 1588 actually works, from announce, sync, and follow-up messages to delay measurements and the magic of hardware timestamping. We’ll look at why PTP is critical for modern audio/video-over-IP standards like AES67 and SMPTE 2110, and how they push Ethernet to its absolute temporal limits.\nAlong the way, we’ll discover how transparent and boundary clocks fight jitter, and why your switch’s buffer might secretly hate you. We will do live Wireshark dissections of real PTP traffic, demos showing what happens when timing breaks, and some hands-on hardware experiments with grandmasters and followers trying to stay in sync.\nExpect packets, graphs, oscilloscopes, crashing live demos and at least one bad joke about time travel.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Oliver Ettlin"],"tags":["1832","2025","39c3","Hardware","Ground","39c3-eng","39c3-deu","39c3-fra","Day 1"],"view_count":18786,"promoted":false,"date":"2025-12-27T20:30:00.000+01:00","release_date":"2025-12-27T00:00:00.000+01:00","updated_at":"2026-04-07T10:45:04.982+02:00","length":3360,"duration":3360,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1832-62f556ab-b1b4-51fb-9c86-b49ea1f3c45f.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1832-62f556ab-b1b4-51fb-9c86-b49ea1f3c45f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1832-62f556ab-b1b4-51fb-9c86-b49ea1f3c45f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1832-62f556ab-b1b4-51fb-9c86-b49ea1f3c45f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-excuse-me-what-precise-time-is-it","url":"https://api.media.ccc.de/public/events/62f556ab-b1b4-51fb-9c86-b49ea1f3c45f","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"a2dd3dc7-ecae-50b3-82d9-266ad02f7a40","title":"All my Deutschlandtickets gone: Fraud at an industrial scale","subtitle":null,"slug":"39c3-all-my-deutschlandtickets-gone-fraud-at-an-industrial-scale","link":"https://events.ccc.de/congress/2025/hub/event/detail/all-my-deutschlandtickets-gone-fraud-at-an-industrial-scale","description":"The Deutschlandticket was the flagship transport policy of the last government, rolled out in an impressive timescale for a political project; but this speed came with a cost - a system ripe for fraud at an industrial scale.\n\nGerman public transport is famously decentralised, with thousands of individual companies involved in ticketing and operations. Unifying all of these under one national, secure, system has proven a challenge too far for politicians. The end result: losses in the hundreds of millions of Euros, compensated to the transport companies from state and federal budgets to keep the system afloat, and nobody willing to take responsibility.\n\nThis talk will cover the political, policy, and technical mistakes that lead to this mess; how we can learn from these mistakes; and what we can do to ensure the Deutschlandticket has a viable future.\n\nAt last years Congress Q presented [a deep-dive into the technical details of train ticketing](https://media.ccc.de/v/38c3-what-s-inside-my-train-ticket) and its [Zügli](https://zügli.app) platform for this; since then, things have gone rather out of hand. The little side-project for looking into the details of train tickets turned into a full-time project for detecting ticketing fraud. This talk details an executive summary of the madness that has been the past year, and how we accidentally ended up in national and international politics working to secure the Deutschlandticket.\n\nShortly after last year's talk, we were contacted about some *interesting* looking tickets someone noticed, issued by the Vetter GmbH Omnibus- und Mietwagenbetrieb - or so they claimed to be. These were normal Deutschlandtickets, but with a few weird mistakes in them. At first, we thought nothing much of it; mistakes happen. But, on further investigation, these turned out to not be legitimate tickets at all, but rather from a fraudulent website by the name of d-ticket.su, using the private signing key obtained under suspicious circumstances. How exactly this key came into the wrong hands remains unclear, but we present the possible explanations for how this could've happened, how many responsible have been thoroughly uncooperative in getting to the bottom of this, and how the supporting systems and processes of the Deutschlandticket were unable to cope with this situation.\n\nParallel to this, another fraud has been draining the transport companies of their much-needed cash: SEPA Direct Debit fraud. Often, a direct debit payment can be setup online with little more than an IBAN and ticking a box; and most providers of the Deutschlandticket offer an option to pay via direct debit. Fraudsters have noticed this, and mass purchase Deutschlandtickets with invalid or stolen IBANs before flipping them for a discounted price on Telegram; made easier because most transport companies issue a ticket immediately, before the direct debit has been fully processed. The supporting systems of the Deutschlandticket in many cases don't even provide for the revocation of such tickets. We will detail the hallmarks of this fraud, how transport companies can work to prevent it, and how we tracked down the fraudsters by their own careless mistakes.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Q Misell","551724 / maya boeckh"],"tags":["1254","2025","39c3","Security","One","39c3-eng","39c3-deu","39c3-fra","Day 1"],"view_count":118258,"promoted":false,"date":"2025-12-27T16:00:00.000+01:00","release_date":"2025-12-27T00:00:00.000+01:00","updated_at":"2026-04-07T12:45:07.848+02:00","length":3610,"duration":3610,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1254-a2dd3dc7-ecae-50b3-82d9-266ad02f7a40.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1254-a2dd3dc7-ecae-50b3-82d9-266ad02f7a40_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1254-a2dd3dc7-ecae-50b3-82d9-266ad02f7a40.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1254-a2dd3dc7-ecae-50b3-82d9-266ad02f7a40.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-all-my-deutschlandtickets-gone-fraud-at-an-industrial-scale","url":"https://api.media.ccc.de/public/events/a2dd3dc7-ecae-50b3-82d9-266ad02f7a40","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"f8587f46-8a0e-58d7-8d1d-82928b8220e2","title":"Not To Be Trusted - A Fiasco in Android TEEs","subtitle":null,"slug":"39c3-not-to-be-trusted-a-fiasco-in-android-tees","link":"https://events.ccc.de/congress/2025/hub/event/detail/not-to-be-trusted-a-fiasco-in-android-tees","description":"Trusted Execution Environments (TEEs) based on ARM TrustZone form the backbone \nof modern Android devices' security architecture. The word \"Trusted\" in \nthis context means that **you**, as in \"the owner of the device\", don't \nget to execute code in this execution environment. Even when you unlock \nthe bootloader and Magisk-root your device, only vendor-signed code will\n be accepted by the TEE. This unfortunate setup limits third-party \nsecurity research to the observation of input/output behavior and static\n manual reverse engineering of TEE components.\n\nIn this talk, we take you with us on our journey to regain power over \nthe highest privilege level on Xiaomi devices. Specifically, we are \ntargeting the Xiaomi Redmi 11s and will walk through the steps necessary\n to escalate our privileges from a rooted user space (N-EL0) to the \nhighest privilege level in the Secure World (S-EL3). We will revisit old\n friends like Trusted Application rollback attacks and GlobalPlatform's \ndesign flaw, and introduce novel findings like the literal fiasco you \ncan achieve when you're introducing micro kernels without knowing what \nyou're doing. In detail, we will elaborate on the precise exploitation \nsteps taken and mitigations overcome at each stage of our exploit chain,\n and finally demo our exploits on stage.\n\nRegaining full control over our devices is the first step to deeply \nunderstand popular TEE-protected use cases including, but not limited \nto, mobile payment, mobile DRM solutions, and the mechanisms protecting your biometric \nauthentication data.\n\nWe present novel insights into the current state of TEE security on \nAndroid focusing on two widespread issues: missing TA rollback \nprotection and a type confusion bug arising from the GlobalPlatform TEE \nInternal Core API specification.\nOur results demonstrate that these issues are so widespread that on most\ndevices, attackers with code execution at N-EL1 (kernel) have a buffet \nof n-days to choose from to achieve code execution at S-EL0 (TA).\n\nFurther, we demonstrate how these issues can be weaponized to fully \ncompromise an Android device. We discuss how we exploit CVE-2023-32835, a\ntype confusion bug in the keyinstall TA, on a fully updated Xiaomi \nRedmi Note 11.\nWhile the keyinstall TA shipped in the newest firmware version is not \nvulnerable anymore, the vulnerability remains triggerable due to missing\nrollback protections.\n\nTo further demonstrate how powerful code execution as a TA is, we'll \nexploit a vulnerability in the BeanPod TEE (used on Xiaomi Mediatek \nSoCs), to achieve code execution at S-EL3. Full privilege escalations in\nthe TEE are rarely seen on stage, and we are targeting the BeanPod TEE \nwhich is based on the Fiasco micro kernel. This target has never been \npublicly exploited, to the best of our knowledge.\n\nOur work empowers security researchers by demonstrating how to regain control over \nvendor-locked TEEs, enabling deeper analysis of critical security \nmechanisms like mobile payments, DRM, and biometric authentication.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["0ddc0de","gannimo","Philipp"],"tags":["2119","2025","39c3","Security","Fuse","39c3-eng","39c3-deu","39c3-pol","Day 1"],"view_count":11067,"promoted":false,"date":"2025-12-27T20:30:00.000+01:00","release_date":"2025-12-27T00:00:00.000+01:00","updated_at":"2026-04-07T11:30:06.198+02:00","length":2956,"duration":2956,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2119-f8587f46-8a0e-58d7-8d1d-82928b8220e2.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2119-f8587f46-8a0e-58d7-8d1d-82928b8220e2_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2119-f8587f46-8a0e-58d7-8d1d-82928b8220e2.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2119-f8587f46-8a0e-58d7-8d1d-82928b8220e2.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-not-to-be-trusted-a-fiasco-in-android-tees","url":"https://api.media.ccc.de/public/events/f8587f46-8a0e-58d7-8d1d-82928b8220e2","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"c9f5a6df-6c79-5492-b3e0-110347358445","title":"A post-American, enshittification-resistant internet","subtitle":null,"slug":"39c3-a-post-american-enshittification-resistant-internet","link":"https://events.ccc.de/congress/2025/hub/event/detail/a-post-american-enshittification-resistant-internet","description":"Trump has staged an unscheduled, midair rapid disassembly of the global system of trade. Ironically, it is this system that prevented all of America's trading partners from disenshittifying their internet: the US trade representative threatened the world with tariffs unless they passed laws that criminalized reverse-engineering and modding. By banning \"adversarial interoperability,\" America handcuffed the world's technologists, banning them from creating the mods, hacks, alt clients, scrapers, and other tools needed to liberate their neighbours from the enshittificatory predations of the ketamine-addled zuckermuskian tyrants of US Big Tech.\n\nWell, when life gives you SARS, you make sarsaparilla. The Trump tariffs are here, and it's time to pick the locks on the those handcuffs and set the world's hackers loose on Big Tech. Happy Liberation Day, everyone!\n\nEnshittification wasn't an accident. It also wasn't inevitable. This isn't the iron laws of economics at work, nor is it the great forces of history.\n\nEnshittification was a choice: named individuals, in living memory, enacted policies that created the enshittogenic environment. They created a world that encouraged tech companies to merge to monopoly, transforming the internet into \"five giant websites, each filled with screenshots of the other four.\" They let these monopolists rip us off and spy on us.\n\nAnd they banned us from fighting back, claiming that anyone who modified a technology without permission from its maker was a pirate (or worse, a terrorist). They created a system of \"felony contempt of business-model,\" where it's literally a crime to change how your own devices work. They declared war on the general-purpose computer and demanded a computer that would do what the manufacturer told it to do (even if the owner of the computer didn't want that).\n\nWe are at a turning point in the decades-long war on general-purpose computing. Geopolitics are up for grabs. The future is ours to seize.\n\nIn my 24 years with EFF, I have seen many strange moments, but never one quite like this. There's plenty of terrifying things going on right now, but there's also a massive, amazing, incredibly opportunity to seize the means of computation.\n\nLet's take it. '\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Cory Doctorow"],"tags":["1421","2025","39c3","Ethics, Society \u0026 Politics","One","39c3-eng","39c3-deu","39c3-fra","Day 2"],"view_count":183787,"promoted":false,"date":"2025-12-28T13:30:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-07T12:00:05.962+02:00","length":3672,"duration":3672,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1421-c9f5a6df-6c79-5492-b3e0-110347358445.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1421-c9f5a6df-6c79-5492-b3e0-110347358445_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1421-c9f5a6df-6c79-5492-b3e0-110347358445.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1421-c9f5a6df-6c79-5492-b3e0-110347358445.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-a-post-american-enshittification-resistant-internet","url":"https://api.media.ccc.de/public/events/c9f5a6df-6c79-5492-b3e0-110347358445","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"cc16de00-c31f-5c44-a34a-615e6beba883","title":"FeTAp 611 unplugged","subtitle":"Taking a rotary dial phone to the mobile age","slug":"39c3-fetap-611-unplugged-taking-a-rotary-dial-phone-to-the-mobile-age","link":"https://events.ccc.de/congress/2025/hub/event/detail/fetap-611-unplugged-taking-a-rotary-dial-phone-to-the-mobile-age","description":"This project transforms a classic rotary phone into a mobile device. Previous talks have analyzed various aspects of analogue phone technology, such as rotary pulse detection or ringing voltage generation. Now this project helps you get rid of the cable: it equips the classic German FeTAp 611 with battery power and a flyback SMPS based ringing voltage generator - but still maintains the classical look and feel. The talk demonstrates the journey of bridging analog and digital worlds, explaining how careful design connects a vintage phone to today’s mobile environment - in a way that will make your grandparents happy.\r\n\r\nThere are people who throw away old telephones - and then there are those who find them in the garbage and think, „How can a microcontroller actually read the digits from a rotary dial?“\r\nThis talk follows the journey of transforming a classic German FeTAp 611 rotary phone into a mobile device while keeping its vintage charm. Building on earlier retrofits, this project aims to combine the following design goals into a mobile version of the Fernsprechtischapparat:\r\n\r\n- Grandparents-compatible – The phone shall be easy to use by non-technical people, showing the same look and feel as the original phones, including details such as a dial tone.\r\n- easy phone switching – Switching between FeTAp and regular cellphone shall not require unscrewing the phone to switch SIM cards.\r\n- standard components – PCB/PCBA suppliers shall be capable of manufacturing boards at a reasonable price.\r\n- device-agnostic circuit design – Adapting to different phones (e.g. W48, FeTAp 791, FeTAp 611) shall minimize the need for changes in the schematic. This includes a ringing voltage generator that shall be powerful enough to drive an old W48 phone.\r\n\r\nThis talk will walk you through certain aspects of the German analog telephony standard 1TR110-1, and the challenges faced when implementing those on a battery-powered device with little space. It explains\r\n- the state machine implemented on an STM32 microcontroller,\r\n- how to connect old carbon microphones to modern audio electronics,\r\n- designing (and avoiding mistakes in) a flyback based SMPS to generate 32V - 75V ringing voltage,\r\n- how to generate 25 Hz AC using an H-bridge,\r\n- and how to layout the PCB such that the ancient second handset connector can now be used for USB-C charging.\r\n\r\nIn the course of the development, I discovered that the project is not only a good way to get a glimpse into various aspects of ancient and modern types of electronics - but also into people’s reactions when such a phone suddenly starts ringing on a flea market… :-)\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Michael Weiner"],"tags":["1973","2025","39c3","Hardware","Zero","39c3-eng","39c3-deu","Day 1"],"view_count":6790,"promoted":false,"date":"2025-12-27T12:50:00.000+01:00","release_date":"2025-12-27T00:00:00.000+01:00","updated_at":"2026-04-06T22:15:07.163+02:00","length":2059,"duration":2059,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1973-cc16de00-c31f-5c44-a34a-615e6beba883.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1973-cc16de00-c31f-5c44-a34a-615e6beba883_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1973-cc16de00-c31f-5c44-a34a-615e6beba883.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1973-cc16de00-c31f-5c44-a34a-615e6beba883.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-fetap-611-unplugged-taking-a-rotary-dial-phone-to-the-mobile-age","url":"https://api.media.ccc.de/public/events/cc16de00-c31f-5c44-a34a-615e6beba883","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"2b5a6a8e-327e-594d-8f92-b91201d18a02","title":"Schlechte Karten - IT-Sicherheit im Jahr null der ePA für alle","subtitle":null,"slug":"39c3-schlechte-karten-it-sicherheit-im-jahr-null-der-epa-fur-alle","link":"https://events.ccc.de/congress/2025/hub/event/detail/schlechte-karten-it-sicherheit-im-jahr-null-der-epa-fur-alle","description":"Seit Mitte 2025 steht die elektronische Patientenakte für alle zur Verfügung – nach ein paar kleineren oder größeren Sicherheitsproblemen im Vorfeld, sei es vor einem Jahr auf dem 38C3 oder Ende April zum deutschlandweiten Start. \nZeit ein Fazit zu ziehen: Ist die ePA jetzt sicher? Wurden nachhaltige Veränderungen durchgeführt, die zu mehr Sicherheit führen? Kann der Umgang mit der IT-Sicherheit «eines der größten IT-Projekte der Bundesrepublik» für zukünftige Digitalprojekte hilfreich sein?\n\nZeit, mit etwas Abstand auf das zu blicken, was war, was ist und was sich abzeichnet nicht nur bei der ePA, sondern auch beim Umgang mit IT-Sicherheit bei ähnlichen Vorhaben in Deutschland. Eine umfassende Analyse der Historie und der Ursachen einer der weitreichendsten Fehlentwicklungen im Bereich der IT-Sicherheit der letzten Jahre, die sich in weit mehr zeigt, als nur in schlechter Prüfung der Anwesenheit von Gesundheitskarten im Gesundheitswesen.\n\nZum letzten Chaos Communication Congress konnten Martin Tschirsich und Bianca Kastl eine Ansammlung größerer und kleiner Sicherheitsprobleme in der elektronischen Patientenakte für alle aufzuzeigen – sei es in der Ausgabe von Identifikationsmitteln, in Systemen in der Telematikinfrastruktur oder in angebundenen Systemen. All diese Probleme kumulierten in einem veränderten und reduzierten Rollout der ePA für alle in den Modellregionen Anfang 2025, bei dem bereits erste Maßnahmen zur Schadensminimierung unternommen wurden. \nEnde April 2025 wurde die ePA für alle dann auch wirklich für alle deutschlandweit bereitgestellt – allerdings traten am gleichen Tag die scheinbar sicher gelösten Sicherheitslücken im Zugangsmanagement wieder zu Tage und wurden alsbald wieder nur provisorisch abgedichtet.\n\nDieser Talk will etwas zurückblicken auf die Geschichte und die Ursachen dieser Sicherheitsprobleme der ePA für alle. Als «eines der größten IT-Projekte der Bundesrepublik» steht die ePA sinnbildlich für den digitalpolitischen Umgang mit Sicherheitsversprechen und interessensgetriebenen Anforderungen über die Köpfe von Patient*innen oder Bürger*innen hinweg.\n\nDabei geht es nicht nur um technische Probleme und deren Behebungsversuche, sondern auch um die strukturellen Ursachen, die große digitale Vorhaben immer wieder in manchen Bereichen scheitern lassen. Diese tiefergehende Betrachtung kann uns dabei helfen, die Ursachen für schlechte IT-Sicherheit auch bei zukünftigen digitalpolitischen Vorhaben in Deutschland besser zu verstehen. Nicht für die ePA für alle und Anwendungen im Bereich der Telematikinfrastruktur, sondern auch weit darüber hinaus.\n\nTiefergehende Analyse und Nachwirkungen zu 38C3 „Konnte bisher noch nie gehackt werden“: Die elektronische Patientenakte kommt - jetzt für alle!\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Bianca Kastl"],"tags":["2403","2025","39c3","Security","One","39c3-deu","39c3-eng","39c3-spa","Day 3"],"view_count":33059,"promoted":false,"date":"2025-12-29T17:15:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-07T11:30:06.538+02:00","length":3619,"duration":3619,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2403-2b5a6a8e-327e-594d-8f92-b91201d18a02.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2403-2b5a6a8e-327e-594d-8f92-b91201d18a02_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2403-2b5a6a8e-327e-594d-8f92-b91201d18a02.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2403-2b5a6a8e-327e-594d-8f92-b91201d18a02.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-schlechte-karten-it-sicherheit-im-jahr-null-der-epa-fur-alle","url":"https://api.media.ccc.de/public/events/2b5a6a8e-327e-594d-8f92-b91201d18a02","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"d397c338-c631-5a03-a335-e3043d49188c","title":"We, the EU, and 1064 Danes decided to look into YouTube: A story about how the EU gave us a law, 1064 Danes gave us their YouTube histories, and reality gave us a headache","subtitle":null,"slug":"39c3-we-the-eu-and-1064-danes-decided-to-look-into-youtube-a-story-about-how-the-eu-gave-us-a-law-1064-danes-gave-us-their-youtube-histories-and-reality-ga","link":"https://events.ccc.de/congress/2025/hub/event/detail/we-the-eu-and-1064-danes-decided-to-look-into-youtube-a-story-about-how-the-eu-gave-us-a-law-1064-danes-gave-us-their-youtube-histories-and-reality-ga","description":"We explore what happens when Europe’s ambitious data access laws meet the messy realities of studying major digital platforms. Using YouTube as a central case, we show how the European Union’s efforts to promote transparency through the GDPR, the Digital Services Act (DSA), and the Digital Markets Act (DMA) are reshaping the possibilities and limits of independent platform research.\n\nAt the heart of the discussion is a paradox: while these laws promise unprecedented access to the data that shape our digital lives, the information researchers and citizens actually receive is often incomplete, inconsistent, and difficult to interpret. \n\nIn this talk, we take a close look at data donations from over a thousand Danish YouTube users, which at first glance did not reveal neat insights but sprawling file structures filled with cryptic data points. Still, if the work is put in, these digital traces offer glimpses of engagement and attention, and help us understand what users truly encountered or how the platform influenced their experiences.\n\nThe talk situates this challenge within a broader European context, showing how data access mechanisms are set up in ways that strengthen existing power imbalances. Application processes for research data vary widely, requests are rejected or delayed without clear justification, and the datasets that do arrive frequently lack the granularity required for meaningful analysis.\n\nYet the picture is not purely bleak. Citizens, researchers, and civil society already have multiple legal levers to demand greater transparency and accountability. The fundamental question is no longer whether democratic oversight is possible, but how we can use the tools at hand to make it real.\n\n**Talk Description**\nIn this talk, we explore what happens when the European Union’s data access laws meet the practical realities of platform research. The talk opens with a shared introduction, where David and LK set the stage: why social media platforms like YouTube matter for democracy and what the EU has done to make them more transparent.\n\nLK will then provide a short introduction into the legally mandated ways we can currently use to access platform data: from the GDPR’s right of access, the research data access provisions in the DSA, to the portability obligations into the DMA. But access is not the same as insight, a lesson David learned the hard way. Along with his team he invited over a thousand Danes to make use of their GDPR-right to their own data and donate their YouTube watch histories, searches, subscriptions and comments. Using the DSA, the team then obtained meta-data on the millions of videos the data donors had interacted with. The goal: Seeing what the digital data traces YouTube collects from its users can tell us about the platform’s effect on people’s lives and society. Are the data carrying indicators of polarization, loneliness, political extremism or any of the numerous other ails of society that YouTube has been suspected to cause? However, the data are difficult to get a hold of, messy, not properly annotated, and parsing them requires an almost archeological mindset. Together, we will peek behind the Youtube curtain, shine a light on what platform data actually looks like, and sketch out what can and cannot be learned from them.\n\nAll around Europe, researchers are currently facing similar challenges, parsing cryptic user and platform data from Facebook and TikTok to porn sites and Zalando. The platforms implement the data access laws to achieve minimal compliance but not to provide meaningful transparency. Data gathered by the DSA40 Data Access Collaboratory shows that application forms vary widely, researchers are rejected for non-compliant reasons, and applications artificially stalled. Other researchers have shown that the data received through some of the APIs is incomplete and inaccurate. In short: there is a lot of space for improvement. But we do not need to wait for investigations into platform compliance to conclude.. The basic conditions for democratic oversight have been set, which means that theoretically various legal ways into the platforms exist for citizens, researchers and civil society. The question that remains is which levers to use to practically realise as much of this potential as possible.\n\n**About the Presenters**\nDavid Wegmann is a PhD student at Aarhus University, Denmark. He researches social media and its societal effects using data science. As part of DATALAB, he led the analysis of donated data for “Data donation as a method for investigating trends and challenges in digital media landscapes at national scale: The Danish population’s use of YouTube as an illustrative case” by Bechmann and colleagues (2025).\n\nLK Seiling coordinates the DSA40 Data Access Collaboratory, where they research the implementation of the DSA’s data access provisions. At the Weizenbaum Institute Berlin, they are also looking into research engineering and data access as well as technologically mediated risks for individuals, society, and science.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["David","LK Seiling"],"tags":["2135","2025","39c3","Science","Zero","39c3-eng","39c3-deu","39c3-fra","Day 4"],"view_count":5095,"promoted":false,"date":"2025-12-30T13:50:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T22:30:04.799+02:00","length":2305,"duration":2305,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2135-d397c338-c631-5a03-a335-e3043d49188c.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2135-d397c338-c631-5a03-a335-e3043d49188c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2135-d397c338-c631-5a03-a335-e3043d49188c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2135-d397c338-c631-5a03-a335-e3043d49188c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-we-the-eu-and-1064-danes-decided-to-look-into-youtube-a-story-about-how-the-eu-gave-us-a-law-1064-danes-gave-us-their-youtube-histories-and-reality-ga","url":"https://api.media.ccc.de/public/events/d397c338-c631-5a03-a335-e3043d49188c","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"3d82c56b-fb2f-545f-b8f1-264c220c8f09","title":"Breaking BOTS: Cheating at Blue Team CTFs with AI Speed-Runs","subtitle":null,"slug":"39c3-breaking-bots-cheating-at-blue-team-ctfs-with-ai-speed-runs","link":"https://events.ccc.de/congress/2025/hub/event/detail/breaking-bots-cheating-at-blue-team-ctfs-with-ai-speed-runs","description":"After we announced our results, CTFs like Splunk's Boss of the SOC (BOTS) started prohibiting AI agents. For science \u0026 profit, we keep doing it anyways. In BOTS, the AIs solve most of it in under 10 minutes instead of taking the full day. Our recipe was surprisingly simple: Teach AI agents to self-plan their investigation steps, adapt their plans to new information, work with the SIEM DB, and reason about log dumps. No exotic models, no massive lab budgets - just publicly available LLMs mixed with a bit of science and perseverance. We'll walk through how that works, including videos of the many ways AI trips itself up that marketers would rather hide, and how to do it at home with free and open-source tools.\n\nCTF organizers can't detect this - the arms race is probably over before it really began. But the real question isn't \"can we cheat at CTFs?\" It's what happens when investigations evolve from analysts-who-investigate to analysts-who-manage-AI-investigators. We'll show you what that transition already looks like today and peek into some uncomfortable questions about what comes next.\n\nTHE PLAN\n\nLive demonstrations of AI agents speed-running blue team challenges, including the failure modes that break investigations. We'll show both what happens when we try the trivial approaches like “just have claude do it”, “AI workflows”, and what ultimately worked, like managed self-planning, semantic SIEM layers, and log agents. Most can be done with free and open tools and techniques on the cheap, so we will walk through that as well.\n\nTHE DEEP DIVE\n\n* Why normal prompts and static AI workflows fail\n* Self-planning investigation agents that evolve task lists dynamically\n* What we mean by semantic layers for calling databases and APIs\n* How to handle millions of log events without bankrupting yourself\n* Why \"no AI\" rules are misguided technically and conceptually\n\nGOING BEYOND CTFS\n\nThe same patterns that trivialize training exercises work on real SOC investigations. We're watching blue team work fundamentally transform - from humans investigating to humans managing AI investigators. Training programs teaching skills AI already automates. Hiring practices that can't verify who's doing the work. Certifications losing meaning. More fundamentally, when we talk about who watches the watchers, a lot is about to shift again.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Leo Meyerovich","Sindre Breda"],"tags":["2308","2025","39c3","Security","One","39c3-eng","39c3-deu","39c3-fra","Day 4"],"view_count":7109,"promoted":false,"date":"2025-12-30T13:50:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-06T13:15:04.105+02:00","length":2427,"duration":2427,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2308-3d82c56b-fb2f-545f-b8f1-264c220c8f09.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2308-3d82c56b-fb2f-545f-b8f1-264c220c8f09_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2308-3d82c56b-fb2f-545f-b8f1-264c220c8f09.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2308-3d82c56b-fb2f-545f-b8f1-264c220c8f09.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-breaking-bots-cheating-at-blue-team-ctfs-with-ai-speed-runs","url":"https://api.media.ccc.de/public/events/3d82c56b-fb2f-545f-b8f1-264c220c8f09","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"958d3055-3929-56b8-b71c-25b3a64f1902","title":"The Heartbreak Machine: Nazis in the Echo Chamber","subtitle":null,"slug":"39c3-the-heartbreak-machine-nazis-in-the-echo-chamber","link":"https://events.ccc.de/congress/2025/hub/event/detail/the-heartbreak-machine-nazis-in-the-echo-chamber","description":"WhiteDate ist eine Plattform weißer Suprematist:innen, die sich an Rassist:innen und Antisemit:innen richtet – und auf veralteter Infrastruktur basiert. Was die 8000 Mitglieder nicht wussten: Einige der Nazis flirteten dieses Jahr mit realistisch wirkenden Chatbots -  und verliebten sich sogar in sie. Mit einer Kombination aus automatisierter Konversationsanalyse, Web-Scraping und klassischen OSINT-Methoden verfolgten wir öffentliche Spuren und identifizierten die Personen hinter der Seite. Dieser Vortrag zeigt, wie KI-Personas und investigatives Denken extremistische Netzwerke aufdecken und wie Algorithmen gegen Extremismus eingesetzt werden können.\n\nMonatelang tauchte Martha in die verborgene Welt von WhiteDate, WhiteChild und WhiteDeal ein, drei Plattformen, die von einer Rechtsextremistin aus Deutschland betrieben werden. Sie glaubt an die Verschwörung einer weißen Vorherrschaft und einer „rassisch reinen“ weißen Gemeinschaft.  Was als Neugier begann, entwickelte sich schnell zu einem Experiment über menschliches Verhalten, Technologie und Absurdität.\n\nMartha infiltrierte das Portal mit „realistischen“ KI-Chatbots. Die Bots waren so überzeugend, dass sie die Überprüfungen umgingen und sogar als „weiß“ verifiziert worden. Durch die Gespräche und Recherche von digitalen Spuren dieser Gemeinschaft, die sich in Sicherheit wähnte, konnte sie Nutzer identifizieren.\n\nGemeinsam mit Reporter:innen der „Die Zeit“ konnten wir die Person hinter der Plattform enttarnen und ihre Radikalisierung von einer erfolgreichen Pianistin zu einer Szene-Unternehmerin nachzeichnen. Um ihr Dating-Portal hat sie ein Netzwerk von Websites aufgebaut, dass seinen Nutzern Liebe, Treue und Tradition vermarktet. WhiteDate verspricht romantische Beziehungen, WhiteChild propagiert Familien- und Abstammungsideale und WhiteDeal ermöglicht berufliches Networking und „gegenseitige Unterstützung“ unter einem rassistischen Weltbild. Gemeinsam zeigen sie, wie Ideologie und Einsamkeit auf bizarre Weise miteinander verwoben sein können.\n\nNach monatelanger Beobachtung, klassischer OSINT-Recherche, automatisierter Gesprächsanalyse und Web-Scraping haben wir herausgefunden, wer hinter diesen Plattformen steckt und wie ihre Infrastruktur funktioniert. Dabei deckten wir die Widersprüche und Absurditäten extremistischer Gemeinschaften auf, verdeutlichten ihre Anfälligkeit für technologische Eingriffe und brachten sogar den einen oder anderen Nazi zum Weinen.\n\nDieser Vortrag erzählt von Beobachtung, Schabernack und Einblicken in die digitale Welt extremistischer Gruppen. Er zeigt, wie Algorithmen, KI-Personas und investigatives Denken Hass entlarven, seine Narrative hinterfragen und seine Echokammern aufbrechen können. Wir zeigen, wie Technologie im Kampf gegen Extremismus eingesetzt werden kann.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Martha Root","Eva Hoffmann","Christian Fuchs"],"tags":["1695","2025","39c3","Ethics, Society \u0026 Politics","Ground","39c3-deu","39c3-eng","Day 3"],"view_count":423191,"promoted":true,"date":"2025-12-29T21:45:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-07T12:15:04.976+02:00","length":2691,"duration":2691,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1695-958d3055-3929-56b8-b71c-25b3a64f1902.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1695-958d3055-3929-56b8-b71c-25b3a64f1902_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1695-958d3055-3929-56b8-b71c-25b3a64f1902.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1695-958d3055-3929-56b8-b71c-25b3a64f1902.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-the-heartbreak-machine-nazis-in-the-echo-chamber","url":"https://api.media.ccc.de/public/events/958d3055-3929-56b8-b71c-25b3a64f1902","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"eeb77e44-8a29-5235-960b-e50575570c5c","title":"KIM 1.5: Noch mehr Kaos In der Medizinischen Telematikinfrastruktur (TI)","subtitle":null,"slug":"39c3-kim-1-5-noch-mehr-kaos-in-der-medizinischen-telematikinfrastruktur-ti","link":"https://events.ccc.de/congress/2025/hub/event/detail/kim-1-5-noch-mehr-kaos-in-der-medizinischen-telematikinfrastruktur-ti","description":"Zwei Jahre nach dem ersten KIM-Vortrag auf dem 37C3: Die gezeigten Schwachstellen wurden inzwischen geschlossen. Weiterhin können mit dem aktuellen KIM 1.5+ nun große Dateien bis 500 MB übertragen werden, das Signaturhandling wurde für die Nutzenden vereinfacht, indem die Detailinformationen der Signatur nicht mehr einsehbar sind. Aber ist das System jetzt sicher oder gibt es neue Probleme?\n\nKIM hat sich als Dienst für medizinische E-Mails etabliert: Elektronische Arbeitsunfähigkeitsbescheinigungen (eAU), zahnärztliche Heil- und Kostenpläne, Laborinformationen, und Medikamentendosierungen sollen sicher per KIM übermittelt werden. Die Sicherheit soll unauffällig und automatisiert im Hintergrund, ohne Interaktion mit den Benutzenden gewährleistet werden. Dazu werden die Ver- und Entschlüsselung sowie die Signierungsfunktionalitäten in einer extra Software, dem sogenannten Clientmodul, abstrahiert.\n\nIn diesem Vortrag wird das Design dieser Sicherheits-Abstraktion und dadurch bedingte Schwachstellen, wie das Fälschen oder Entschlüsseln von KIMs, beleuchtet.\n\nFortsetzung von 37C3: KIM: Kaos In der Medizinischen Telematikinfrastruktur (TI) [https://media.ccc.de/v/37c3-12030-kim_kaos_in_der_medizinischen_telematikinfrastruktur_ti]\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Christoph Saatjohann"],"tags":["1440","2025","39c3","Security","Zero","39c3-deu","39c3-eng","Day 1"],"view_count":25904,"promoted":false,"date":"2025-12-27T14:45:00.000+01:00","release_date":"2025-12-27T00:00:00.000+01:00","updated_at":"2026-04-07T12:15:05.216+02:00","length":3297,"duration":3297,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1440-eeb77e44-8a29-5235-960b-e50575570c5c.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1440-eeb77e44-8a29-5235-960b-e50575570c5c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1440-eeb77e44-8a29-5235-960b-e50575570c5c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1440-eeb77e44-8a29-5235-960b-e50575570c5c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-kim-1-5-noch-mehr-kaos-in-der-medizinischen-telematikinfrastruktur-ti","url":"https://api.media.ccc.de/public/events/eeb77e44-8a29-5235-960b-e50575570c5c","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"d304dbd5-b055-5742-a134-417b0adbfa14","title":"When 8 Bits is Overkill: Making Blinkenlights with a 1-bit CPU","subtitle":null,"slug":"39c3-when-8-bits-is-overkill-making-blinkenlights-with-a-1-bit-cpu","link":"https://events.ccc.de/congress/2025/hub/event/detail/when-8-bits-is-overkill-making-blinkenlights-with-a-1-bit-cpu","description":"Over the last half year I have explored the Motorola mc14500 - a CPU with a true one-bit architecture - and made it simulate Conway's Game of Life. This talk gives a look into how implementing a design for such a simplistic CPU can work, and how it's possible to address 256 LEDs and half a kiloword of memory with just four bits of address space.\n\nIn the late seventies, Motorola created a very cheap CPU, intended to replace logic circuits made from electromechanical relays. The resulting IC is so minimalistic that it can hardly be recognized as a CPU: Its data bus is just a single bit wide, it has no program counter, and the address bus isn't connected to the cpu at all. Yet, with just a few support components, and some clever programming, it can be made to do all sorts of things.\n\nWe'll explore hardware design and programming by taking a look at my implementation of Conway's Game of Life, and answer the question of how one can address 512 words of memory, as well as some other peripherals, using just four bits of address space.\n\nOutline:\n* History and theory of operation of the mc14500\n* Writing programs that process one bit at a time\n* A closer look at the hardware I built, including its wacky peripherals\n* Demonstration\n* Q\u0026A\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["girst (Tobi)"],"tags":["1601","2025","39c3","Hardware","Fuse","39c3-eng","39c3-deu","39c3-fra","Day 3"],"view_count":2854,"promoted":false,"date":"2025-12-29T13:50:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-04T21:15:06.688+02:00","length":1886,"duration":1886,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1601-d304dbd5-b055-5742-a134-417b0adbfa14.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1601-d304dbd5-b055-5742-a134-417b0adbfa14_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1601-d304dbd5-b055-5742-a134-417b0adbfa14.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1601-d304dbd5-b055-5742-a134-417b0adbfa14.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-when-8-bits-is-overkill-making-blinkenlights-with-a-1-bit-cpu","url":"https://api.media.ccc.de/public/events/d304dbd5-b055-5742-a134-417b0adbfa14","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"032fdd30-9488-55b8-968c-dbce19a3f446","title":"Set-top box Hacking: freeing the 'Freebox'","subtitle":null,"slug":"39c3-set-top-box-hacking-freeing-the-freebox","link":"https://events.ccc.de/congress/2025/hub/event/detail/set-top-box-hacking-freeing-the-freebox","description":"The French ISP 'Free' was the first to introduce a set-top box in France in 2002, named the Freebox. Four years later, the fifth version of the Freebox was released and distributed to customers. It comprises two devices: a router, and a PVR called the Freebox HD, both running Linux. The Freebox HD had innovative features at the time, such as live television control and HD capabilities.\n\nSuch a device has a lot of potential for running homebrew, so I decided to hack it. I present how I got arbitrary code execution on the Freebox HD and then root privileges, using a chain of two 0-day exploits, one of which is in the Linux kernel. I then analyze the device, run homebrew software, and explain the structure of the ISP's private network that I uncovered while exploring the device.\n\nThe Freebox HD is a set-top box with media player capabilities designed and built by the French ISP 'Free' in 2006, and distributed to customers since (including me). It is still in use and will be maintained until the end of 2025.\n\nWhen I got it, I wanted to run homebrew software on it, so I decided to reverse engineer it. The initial goal was to get arbitrary code execution. The Freebox HD being largely undocumented, this talk shows the full process of reverse engineering it from scratch:\n* Initial visual inspection\n* Disassembly and inspection of the insides\n* Attack surface analysis and choice of the target\n* Search and exploitation of a vulnerability in PrBoom (a Doom source port running on the Freebox HD)\n* Analysis of the Linux system running on the Freebox HD\n* Search and exploitation of a Linux kernel exploit to escape the sandbox and gain root privileges\n* Decryption and dump of the firmware\n* Analysis of the Linux system and the programs of the Freebox HD\n* Playing with the remote control capabilities\n* Reverse engineering of the private networks of the ISP\n\nThe two exploits used to gain full root access were both discovered for this specific hack, which makes them 0-day exploits.\n\nThe analysis leads to some interesting discoveries about the device itself, but also the ISP, how their technical support works and accesses the devices remotely, and much more!\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Frédéric Hoguin"],"tags":["2122","2025","39c3","Security","Ground","39c3-eng","39c3-deu","39c3-fra","Day 3"],"view_count":7138,"promoted":false,"date":"2025-12-29T17:15:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-04T16:45:06.841+02:00","length":3103,"duration":3103,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2122-032fdd30-9488-55b8-968c-dbce19a3f446.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2122-032fdd30-9488-55b8-968c-dbce19a3f446_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2122-032fdd30-9488-55b8-968c-dbce19a3f446.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2122-032fdd30-9488-55b8-968c-dbce19a3f446.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-set-top-box-hacking-freeing-the-freebox","url":"https://api.media.ccc.de/public/events/032fdd30-9488-55b8-968c-dbce19a3f446","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"11d5c612-0e50-500b-b071-c4ba0dd076cd","title":"APT Down and the mystery of the burning data centers","subtitle":null,"slug":"39c3-apt-down-and-the-mystery-of-the-burning-data-centers","link":"https://events.ccc.de/congress/2025/hub/event/detail/apt-down-and-the-mystery-of-the-burning-data-centers","description":"In August 2025 Phrack published the dump of an APT member's workstation. It was full of exploits and loot from government networks, cell carriers and telcos. \nThe dump sparked a government investigation, and corpos like LG and Korea Telecom were asked to explain themselves. Hours before an onsite audit, the data center mysteriously caught fire, destroying almost a hundred servers. Then another data center burned - and unfortunately, there was even one death.\nThe talk aims to revisit this mysterious sequence of tragic incidents.\n[TW: Suicide, self-harm]\n\nIn August 2025 Phrack published the dump of an APT member's workstation. The attacker was most likely Chinese, working on targets aligned with North Korea's doctrine. The dump was full of exploits, attacker tools and loot. Data from government networks, cell carriers and telcos, including server databases and loads or private keys stemming from the government PKI. The attacker had maintained a steady foothold in various targets in South Korea and Taiwan before accidentally \"losing\" their workstation.\n\nThe dump sparked a government investigation, and big corporations like LG, Lotte and Korea Telecom were asked to explain themselves. The government also mandated an on-site audit in the data center where the hacks had taken place. On the day of the audit, some li-ion batteries in the data center mysteriously caught fire. The blaze destroyed close to 100 servers (which had no backup) and plunged public service in South Korea into disarray. \nShortly after, the Lotte data center burned as well - the corporation had been victim of a breach recently, albeit by a different threat actor. In the beginning of October, one of the officers examining the government data center fire tragically died by his own hand.\n\nThe talk aims to revisit this mysterious sequence of events that was started by an article in Phrack [#72](https://events.ccc.de/congress/2025/hub/tag/72). It doesn't hope to give answers or a solution, but narrates a story that could be from a spy thriller. Caution: Conspiracies and technical gore could be present.\n[TW: Suicide, self-harm]\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Christopher Kunz","Sylvester"],"tags":["1492","2025","39c3","Security","Zero","39c3-eng","39c3-deu","39c3-lav","Day 3"],"view_count":12785,"promoted":false,"date":"2025-12-29T16:00:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-07T10:45:04.965+02:00","length":3522,"duration":3522,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1492-11d5c612-0e50-500b-b071-c4ba0dd076cd.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1492-11d5c612-0e50-500b-b071-c4ba0dd076cd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1492-11d5c612-0e50-500b-b071-c4ba0dd076cd.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1492-11d5c612-0e50-500b-b071-c4ba0dd076cd.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-apt-down-and-the-mystery-of-the-burning-data-centers","url":"https://api.media.ccc.de/public/events/11d5c612-0e50-500b-b071-c4ba0dd076cd","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"90cb7149-ec4d-5499-9649-9091374100ad","title":"Chaos macht Küche","subtitle":null,"slug":"39c3-chaos-macht-kuche","link":"https://events.ccc.de/congress/2025/hub/event/detail/chaos-macht-kuche","description":"Ihr macht eine Veranstaltung für viele Menschen? Dann haben viele Menschen auch viel Hunger.\nJetzt wird euch gezeigt wie man für viele (mehr als 75) Menschen Essen zubereitet.\nEs braucht nur etwas Vorbereitung und Motivation!\n\nBei vielen Zeltlagern, Sommerfesten, ICMP, Village beim Chaos-Camp und ähnlichem habe ich gelernt wie man für viele Menschen kochen kann und wie nicht. Damit Du nicht die gleiche Lernkurve machen musst, möchte ich Dir zeigen mit welchen Überlegungen Du mit 2-3 Freunden Essen für viele Menschen zubereiten kannst.\n\nPlanen, einkaufen, Logistik, vorbereiten, kochen, Hygiene, servieren und aufräumen, das kann jeder. \nDas so zu machen das es Spaß macht, sich nicht nach Arbeit anfühlt und dann auch noch allen schmeckt, das möchte ich Dir mit diesem Vortrag vermitteln.\n\nWenn dein Space in Zukunft ein großes Event plant und Du darüber nachdenkst ob man vor Ort kochen kann und will, dann komme vorbei und lass Dir zeigen was man dafür braucht und wie das geht.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Ingwer Andersen"],"tags":["2005","2025","39c3","CCC \u0026 Community","Ground","39c3-deu","39c3-eng","Day 1"],"view_count":5893,"promoted":false,"date":"2025-12-27T13:50:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-05T20:00:05.120+02:00","length":2383,"duration":2383,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2005-90cb7149-ec4d-5499-9649-9091374100ad.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2005-90cb7149-ec4d-5499-9649-9091374100ad_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2005-90cb7149-ec4d-5499-9649-9091374100ad.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2005-90cb7149-ec4d-5499-9649-9091374100ad.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-chaos-macht-kuche","url":"https://api.media.ccc.de/public/events/90cb7149-ec4d-5499-9649-9091374100ad","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"cb8cd10b-f5d1-597d-a5c4-3cbd914fa6aa","title":"Power Cycle B7 oder Warum kauft man eine Zeche?","subtitle":null,"slug":"39c3-power-cycle-b7-oder-warum-kauft-man-eine-zeche","link":"https://events.ccc.de/congress/2025/hub/event/detail/power-cycle-b7-oder-warum-kauft-man-eine-zeche","description":"Aus einem Barwitz wurde ein Projekt!\n\nBlumenthal7 ist die letzte vollständig erhaltene Schachtanlage des ehemaligen Steinkohlebergwerks General Blumenthal in Recklinghausen im nördlichen Ruhrgebiet. Nach diversen Startschwierigkeiten ist aus einer im Dornröschenschlaf liegenden Industriebrache ein Projekt geworden, das bereits jetzt einer Vielzahl von Entitäten und Gruppen eine Heimat und einen großen, nahezu grenzenlosen Spielplatz bietet.\n\nBegleitet uns gerne auf beim Power Cycle B7…!\n\nWir – Mitglieder des Recklinghäuser Chaostreffs c3RE –  haben gemeinsam mit einigen weiteren Menschen einen weiteren Verein, den Blumenthal7 e.V., gegründet. Das Ziel ist, ein altes Steinkohlebergwerk zu kaufen, zu erhalten, zu renovieren und vielen Menschen als Raum für Chaos, Kreativität und Happenings zugänglich zu machen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Kohlenpod","kater","Stephan"],"tags":["1899","2025","39c3","CCC \u0026 Community","Fuse","39c3-deu","39c3-eng","Day 2"],"view_count":13619,"promoted":false,"date":"2025-12-28T14:45:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-06T22:00:07.420+02:00","length":2435,"duration":2435,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1899-cb8cd10b-f5d1-597d-a5c4-3cbd914fa6aa.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1899-cb8cd10b-f5d1-597d-a5c4-3cbd914fa6aa_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1899-cb8cd10b-f5d1-597d-a5c4-3cbd914fa6aa.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1899-cb8cd10b-f5d1-597d-a5c4-3cbd914fa6aa.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-power-cycle-b7-oder-warum-kauft-man-eine-zeche","url":"https://api.media.ccc.de/public/events/cb8cd10b-f5d1-597d-a5c4-3cbd914fa6aa","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"c8fe18e8-6cd5-5354-aad7-1a51e64fd529","title":"Cracking open what makes Apple's Low-Latency WiFi so fast","subtitle":null,"slug":"39c3-cracking-open-what-makes-apple-s-low-latency-wifi-so-fast","link":"https://events.ccc.de/congress/2025/hub/event/detail/cracking-open-what-makes-apple-s-low-latency-wifi-so-fast","description":"This talk presents Apple's link-layer protocol Low-Latency WiFi and how it achieves its real-time capabilities to enable Continuity features like Sidecar Display and Continuity Camera. We make more kernel logging available on iOS and build a log aggregator that combines and aligns system- and network-level log sources from iOS and macOS.\n\nApple's Continuity features make up a big part of their walled garden. From AirDrop and Handoff to AirPlay, they all connect macOS and iOS devices wirelessly. In recent years, security researchers have opened up several of these features showing that the Apple ecosystem is technically compatible with third-party devices.\n\nIn this talk, we present the internal workings of Low-Latency WiFi (LLW) – Apple's link-layer protocol for several real-time Continuity features like Continuity Camera and Sidecar Display. We talk about the concepts behind LLW, how it achieves its low-latency requirement and how we got there in the reverse engineering process.\n\nWe also present the tooling we built to enable more kernel-level tracing and logging on iOS through a reimplementation of cctool from macOS and the source code of trace that was buried deep inside of Apple’s open-source repository system_cmds. We build a log aggregator that combines various kernel- and user-space traces, log messages and pcap files from both iOS and macOS into a single file and finally investigate the network stack on Apple platforms that is implemented in both user- and kernel space. There we find interesting configuration values of LLW that make it the go-to link-layer protocol for Apple's proprietary real-time Continuity applications.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Henri Jäger"],"tags":["1874","2025","39c3","Hardware","One","39c3-eng","39c3-deu","39c3-fra","Day 2"],"view_count":10275,"promoted":false,"date":"2025-12-28T15:40:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-02T14:30:09.954+02:00","length":2380,"duration":2380,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1874-c8fe18e8-6cd5-5354-aad7-1a51e64fd529.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1874-c8fe18e8-6cd5-5354-aad7-1a51e64fd529_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1874-c8fe18e8-6cd5-5354-aad7-1a51e64fd529.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1874-c8fe18e8-6cd5-5354-aad7-1a51e64fd529.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-cracking-open-what-makes-apple-s-low-latency-wifi-so-fast","url":"https://api.media.ccc.de/public/events/c8fe18e8-6cd5-5354-aad7-1a51e64fd529","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"910e5f22-945b-5196-8e21-246acbcaadd3","title":"“End Of 10”: How the FOSS Community is Combatting Software-Driven Resource and Energy Consumption","subtitle":null,"slug":"39c3-end-of-10-how-the-foss-community-is-combatting-software-drive-resource-and-energy-consumption","link":"https://events.ccc.de/congress/2025/hub/event/detail/end-of-10-how-the-foss-community-is-combatting-software-drive-resource-and-energy-consumption","description":"The end of free support for Windows 10 was 14 October 2025. Well, sort of. Microsoft moved the date to 2026, one more year the FOSS community can introduce users to sustainable software. 14 October is also KDE's birthday, International E-Waste Day, with International Repair Day following on 18 October. The irony is deep, but what is not ironic is that millions of functioning computers will end up becoming security risks or discarded as e-waste. This means manufacturing and transporting new ones, the biggest waste of all: hardware production accounts for over 75% of a device's CO2 emissions over its lifespan.\n\nThe FOSS community had an opportunity and we took it! In 2024, KDE Eco's Opt Green project began a global, unified campaign across FOSS and repair communities to upgrade unsupported Windows 10 computers to Linux. We held BoFs at SFSCon, CCC, and FOSDEM. We thought big and acted boldly. In this talk End Of 10 contributors will discuss the campaign, what has worked and what the challenges have been, and how FOSS provides a solution to software-driven resource and energy consumption.\n\nThis is a talk about digital sustainability and the role software plays in hardware longevity. At the 38C3, the End Of 10 campaign held a workshop to co-ordinate contributions across FOSS communities. Many people currently involved started contributing after this workshop, including 2 of the 3 presenters.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Joseph P. De Veaugh-Geiss","Carolina Silva Rode","Bettina Louis"],"tags":["1980","2025","39c3","CCC \u0026 Community","Zero","39c3-eng","39c3-deu","39c3-fra","Day 4"],"view_count":2471,"promoted":false,"date":"2025-12-30T11:55:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-05T21:15:06.019+02:00","length":2372,"duration":2372,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1980-910e5f22-945b-5196-8e21-246acbcaadd3.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1980-910e5f22-945b-5196-8e21-246acbcaadd3_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1980-910e5f22-945b-5196-8e21-246acbcaadd3.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1980-910e5f22-945b-5196-8e21-246acbcaadd3.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-end-of-10-how-the-foss-community-is-combatting-software-drive-resource-and-energy-consumption","url":"https://api.media.ccc.de/public/events/910e5f22-945b-5196-8e21-246acbcaadd3","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"c43046a1-bac9-54d3-a551-d86630e7ab3b","title":"I Hated All The Cross-Stitch Software So I Made My Own: My Deranged Outsider Software Suite For Making Deranged Outsider Art","subtitle":null,"slug":"39c3-i-hated-all-the-cross-stitch-software-so-i-made-my-own-my-deranged-outsider-software-suite-for-making-deranged-outsider-art","link":"https://events.ccc.de/congress/2025/hub/event/detail/i-hated-all-the-cross-stitch-software-so-i-made-my-own-my-deranged-outsider-software-suite-for-making-deranged-outsider-art","description":"I wanted to design beautiful header diagrams and ASCII tables suitable for stitching on throw pillows, but found existing tools for cross-stitch design to be all wrong. I made my own set of command-line tools for building this chunky, pixelated visual art. If you've never seen a cross-stitch sampler that had bitrot, this talk will fix it.\n\nDesigning cross-stitch patterns, I got frustrated with all the programs which expected me to click around a canvas setting individual pixels. I wanted a cross-stitch design software suite that I could drive with a Makefile, which could give me an interactive interface for stitching or compile them to PDF. In short, I wanted to say `echo \"shutdown -h now\" | embellish --border | export pattern --pdf` and get a design worthy of stitching on a pillow.\n\nSo, I made the thing I wanted. I'll discuss the many yak shaves along the way (proprietary file format reverse-engineering, OAuth2, what 'color' even means, unikernel hosting, and more). I'll talk a bit about the joy of making something so you can make something, and how it feels to craft software that is unapologetically personal.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["yomimono"],"tags":["2130","2025","39c3","Art \u0026 Beauty","Zero","39c3-eng","39c3-deu","39c3-fra","Day 4"],"view_count":3667,"promoted":false,"date":"2025-12-30T11:00:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-05T07:00:02.846+02:00","length":2186,"duration":2186,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2130-c43046a1-bac9-54d3-a551-d86630e7ab3b.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2130-c43046a1-bac9-54d3-a551-d86630e7ab3b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2130-c43046a1-bac9-54d3-a551-d86630e7ab3b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2130-c43046a1-bac9-54d3-a551-d86630e7ab3b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-i-hated-all-the-cross-stitch-software-so-i-made-my-own-my-deranged-outsider-software-suite-for-making-deranged-outsider-art","url":"https://api.media.ccc.de/public/events/c43046a1-bac9-54d3-a551-d86630e7ab3b","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"7fe75d23-5966-5dca-a736-e7664a475be3","title":"Lightning Talks - Tag 3","subtitle":null,"slug":"39c3-lightning-talks-tag-3","link":"https://events.ccc.de/congress/2025/hub/event/detail/lightning-talks-tag-3","description":"Lightning Talks - Tag 3\n\n- **Lightning Talks Introduction**\n- **\"Oma, erzähl mir von der Zukunft\" oder: Wie wir weiter interessante Sachen machen, ohne den Planeten zu ruinieren  🌱** — *EstherD*\n- **Don't abuse the ecosystem** — *michele*\n- **The Climatepoetry.org video tool** — *Magnus Ahltorp*\n- **Neo-Kolonialismus \u0026 Katzenbilder - Installation zur Lieferkette von GenAI** — *Stefan, Yannik \u0026 Rike*\n- **Build social inventories with StashSphere** — *Maximilian Güntner*\n- **Invitation to the Fermentation Camp \"Kvas 2026\"** — *algoldor*\n- **Stretching nginx to its limits: a music player in the config file** — *Eloy*\n- **2D Graphics Creation with Graphite - How to build a hackable graphics Editor** — *Dennis Kobert*\n- **The Modulator: a Custom Controller for Live Music Performance** — *Jakob Kilian*\n- **Find hot electronic devices for cheap using Lock-In Thermography** — *Clemens Grünewald*\n- **Those Who Control** — *Andreas Haupt*\n- **SearchWing - Search\u0026Rescue Drones** — *searchwing team*\n- **Hacking ID3 MP3 Metadata** — *Danilo Erazo*\n- **Genetic engineering with CRISPR/Cas9: how far are we today from biopunk?** — *Dmytro Danylchuk*\n- **Discovering the Orphan Source Village** — *Martin Hamilton*\n- **kicoil - generate planar coils in any shape for PCBs and ICs** — *jaseg*\n- **Trade Offer: Pentest Data for CTF Points** — *Sebastian*\n- **Soziologische Gabentheorie - Grundlage für die Bewertung von Social Media?** — *sozialwelten*\n- **WissKomm Wiki - Bibliothek für Videos und Podcasts** — *TimBorgNetzWerk*\n- **Shitty Robots** — *Neo*\n- **Lightning** — *Vi*\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Bonnie","keldo","Andi Bräu"],"tags":["2399","2025","39c3","CCC \u0026 Community","Zero","39c3-deu","39c3-eng","39c3-fra","Day 3"],"view_count":5596,"promoted":false,"date":"2025-12-29T11:00:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-06T14:15:04.610+02:00","length":7145,"duration":7145,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2399-7fe75d23-5966-5dca-a736-e7664a475be3.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2399-7fe75d23-5966-5dca-a736-e7664a475be3_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2399-7fe75d23-5966-5dca-a736-e7664a475be3.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2399-7fe75d23-5966-5dca-a736-e7664a475be3.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-lightning-talks-tag-3","url":"https://api.media.ccc.de/public/events/7fe75d23-5966-5dca-a736-e7664a475be3","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"718be695-c840-5eed-9c67-b8d5089f8042","title":"RedScout42 – Zur digitalen Wohnungsfrage","subtitle":null,"slug":"39c3-redscout42-zur-digitalen-wohnungsfrage","link":"https://events.ccc.de/congress/2025/hub/event/detail/redscout42-zur-digitalen-wohnungsfrage","description":"Wer heutzutage eine Wohnung sucht, kommt kaum noch darum herum, sich einen Account bei Immoscout24 \u0026 Co. zu erstellen. Diese „Platform Real Estate“ sind eine besondere Art der „Walled Gardens“, die ihr Geschäftsmodell auf die sich immer weiter verschärfende Wohnungskrise ausgerichtet haben. Und das ist äußerst profitabel für die Besitzer dieser Strukturen der Daseinsvorsorge: Im September 2025 stieg Scout24 in den DAX auf und reiht sich damit in Unternehmen wie BMW, Rheinmetall und SAP ein.\n\nIn unserem Vortrag zeigen wir, wie Immoscout \u0026 Co. mit einem ausgeklügelten technischen System Monopolprofite generiert, die Mieten in die Höhe treibt und ein Vermieterparadies aufgebaut hat, das die Mieter:innen in den Wahnsinn treibt.\n\nWir bleiben aber nicht bei der Kritik stehen, sondern zeigen, wie durch die Vergesellschaftung von Plattformen der Daseinsvorsorge ein Werkzeug entstehen kann, das den Mittellosen auf dem Wohnungsmarkt hilft. Vermieter in ihre Schranken zu weisen und Markttransparenz für alle statt nur für die Besitzenden zu schaffen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Sandra","Leonard"],"tags":["2257","2025","39c3","Ethics, Society \u0026 Politics","Fuse","39c3-deu","39c3-eng","Day 1"],"view_count":18989,"promoted":false,"date":"2025-12-27T14:45:00.000+01:00","release_date":"2025-12-27T00:00:00.000+01:00","updated_at":"2026-04-04T21:45:07.768+02:00","length":2312,"duration":2312,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2257-718be695-c840-5eed-9c67-b8d5089f8042.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2257-718be695-c840-5eed-9c67-b8d5089f8042_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2257-718be695-c840-5eed-9c67-b8d5089f8042.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2257-718be695-c840-5eed-9c67-b8d5089f8042.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-redscout42-zur-digitalen-wohnungsfrage","url":"https://api.media.ccc.de/public/events/718be695-c840-5eed-9c67-b8d5089f8042","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"c99513e3-06f5-5b86-86be-37e239db92fb","title":"Denkangebot: Rainer Mühlhoff über KI und autoritäre Sehnsüchte im Silicon Valley","subtitle":"","slug":"39c3-denkangebot-rainer-mhlhoff-ber-ki-und-autoritre-sehnschte-im-silicon-valley","link":"https://events.ccc.de/congress/2025/hub/event/detail/denkangebot-rainer-mhlhoff-ber-ki-und-autoritre-sehnschte-im-silicon-valley","description":"Der Hype um künstliche Intelligenz ist allgegenwärtig. Selbst Donald Trump postet KI-generierte Videos, in denen er sich wahlweise als Rockstar oder Kampfjetpilot inszeniert. Elon Musk prahlte öffentlich damit, dass in seinem \"Department of Goverment Efficiency\" der soziale Kahlschlag mit Unterstützung Künstlicher Intelligenz vorangetrieben wird. Und Peter Thiel meint allen ernstes, KI-Regulierung und das Erscheinen des Antichristen gingen Hand in Hand. Müssen wir uns Sorgen machen?\r\n\r\nRainer Mühlhoff ist Professor für Ethik und kritische Theorien der Künstlichen Intelligenz an der Universität Osnabrück. In seinem kürzlich erschienen Buch \"Künstliche Intelligenz und der neue Faschismus\" setzt er sich kritisch mit dem KI-Hype auseinander. Und er erklärt, welche toxischen Ideologien zentraler Akteure aus dem Silicon Valley Menschen empfänglich für autoritäre Gesellschaftsbilder machen.\r\n\r\nWir sprechen über die Zyklen von KI-Hypes, das problematische Narrativ vom \"Bürokratieabbau durch AI\" und die Funktion apokalyptischer Zukunftsvisionen. Vor allem aber will ich von Rainer wissen: Welche Bedeutung haben bei dieser Debatte die in Teilen des Silicon Valley einflussreichen ideologischen Strömungen – von radikalem Cyberlibertarismus über Longtermismus bis hin zum \"Dark Enlightment\"?\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Katharina Nocun"],"tags":["83758","2025","39c3","Sendezentrum Bühne (Saal X 07)","Podcast","39c3-deu","Day 3"],"view_count":6028,"promoted":false,"date":"2025-12-29T20:30:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-06T21:00:06.053+02:00","length":5515,"duration":5515,"thumb_url":"https://static.media.ccc.de/media/congress/2025/83758-c99513e3-06f5-5b86-86be-37e239db92fb.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/83758-c99513e3-06f5-5b86-86be-37e239db92fb_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/83758-c99513e3-06f5-5b86-86be-37e239db92fb.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/83758-c99513e3-06f5-5b86-86be-37e239db92fb.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-denkangebot-rainer-mhlhoff-ber-ki-und-autoritre-sehnschte-im-silicon-valley","url":"https://api.media.ccc.de/public/events/c99513e3-06f5-5b86-86be-37e239db92fb","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"413ea353-3fa6-5b40-b502-d51cb84fb779","title":"Landtagsrevue Live - AUA (Ask us Anything)","subtitle":null,"slug":"39c3-landtagsrevue-live","link":"https://events.ccc.de/congress/2025/hub/event/detail/landtagsrevue-live","description":"Live-Sonderausgabe der Landtagsrevue - dem Landespolitik-Ableger der Parlamentsrevue.\n\nWir schauen zurück auf das erste Jahr der Landtagsrevue und beantworten eure Fragen rund um die Parlamente - wie funktioniert das eigentlich alles? Wo können wir als Zivilgesellschaft am besten Einfluss nehmen? Wer sind all diese Leute?? Schickt uns eure Fragen gern vorab an landtag@parlamentsrevue.de - so können wir auch Antworten aus den Ländern mitbringen, die nicht live dabei sind.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Sabrina","Lukas (veti)","Karo"],"tags":["83768","2025","39c3","Sendezentrum Bühne (Saal X 07)","39c3-deu","Day 1"],"view_count":1516,"promoted":false,"date":"2025-12-27T20:30:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-01T08:15:04.700+02:00","length":5492,"duration":5492,"thumb_url":"https://static.media.ccc.de/media/congress/2025/83768-413ea353-3fa6-5b40-b502-d51cb84fb779.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/83768-413ea353-3fa6-5b40-b502-d51cb84fb779_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/83768-413ea353-3fa6-5b40-b502-d51cb84fb779.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/83768-413ea353-3fa6-5b40-b502-d51cb84fb779.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-landtagsrevue-live","url":"https://api.media.ccc.de/public/events/413ea353-3fa6-5b40-b502-d51cb84fb779","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"bc5b663a-1e48-5525-afbd-1e6895b71db0","title":"Throwing your rights under the Omnibus","subtitle":"How the EU's reform agenda threatens to erase a decade of digital rights","slug":"39c3-throwing-your-rights-under-the-omnibus-how-the-eu-s-reform-agenda-threatens-to-erase-a-decade-of-digital-rights","link":"https://events.ccc.de/congress/2025/hub/event/detail/throwing-your-rights-under-the-omnibus-how-the-eu-s-reform-agenda-threatens-to-erase-a-decade-of-digital-rights","description":"A spectre is haunting Europe—the spectre of bureaucracy. All the Powers of old Europe have entered into an unholy alliance to exorcise this spectre: The EU Commission, Member States, industry, even J.D. Vance. This threatens the digital rights and rules built up in the last decade.\r\n\r\nThe new EU Commission has an agenda. What started with the report of former European Central Bank chief Mario Draghi on Europe's \"competitiveness\" has quickly turned into \"getting rid of bureaucracy\", then into \"simplification\", and finally open \"deregulation\". What this means is that a large number of European laws that were adopted in the last decade to ensure sustanabiliy, protect human rights along the whole supply chain, or to ensure our digital rights, are watered down, and core elements are scrapped.\r\n\r\nIn terms of the EU's digital rulebook, it has already started in May with the deletion of a core compliance element in the General Data Protection Regulation (GDPR) - the obligation to keep records of your processing activities. While it sounds harmless - all the other rights and obligations still appy - it means that companies have no clue anymore what personal data they process, for which purposes, and how.\r\n\r\nA much larger revision has been proposed on 19th November 2025, with the \"omnibus\" legislation dubbed \"Digital Simplification Package\". This will affect rules on data protection, data governance, AI, obligations to report cybersecurity incidents, and protections against cookies and other tracking technologies. Furthermore, the EU's net neutrality rules are scheduled to be opened for reform in December by the so called Digital Networks Act.\r\n\r\nIn this talk we discuss what to expect from the new EU agenda, who is driving it and how to resists. Our goal is to leave you better informed and equipped to fight back against this deregulatory trend. This talk may contain hope.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Thomas Lohninger","Ralf Bendrath"],"tags":["1733","2025","39c3","Ethics, Society \u0026 Politics","Zero","39c3-eng","39c3-deu","39c3-fra","Day 1"],"view_count":6179,"promoted":false,"date":"2025-12-27T21:45:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-07T04:15:03.515+02:00","length":3649,"duration":3649,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1733-bc5b663a-1e48-5525-afbd-1e6895b71db0.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1733-bc5b663a-1e48-5525-afbd-1e6895b71db0_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1733-bc5b663a-1e48-5525-afbd-1e6895b71db0.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1733-bc5b663a-1e48-5525-afbd-1e6895b71db0.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-throwing-your-rights-under-the-omnibus-how-the-eu-s-reform-agenda-threatens-to-erase-a-decade-of-digital-rights","url":"https://api.media.ccc.de/public/events/bc5b663a-1e48-5525-afbd-1e6895b71db0","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"d08f6f41-a731-57f7-ba40-8f38464f2dcd","title":"Prometheus: Reverse-Engineering Overwatch","subtitle":null,"slug":"39c3-prometheus-reverse-engineering-overwatch","link":"https://events.ccc.de/congress/2025/hub/event/detail/prometheus-reverse-engineering-overwatch","description":"This talk explores the internals of Overwatch which make the game work under the hood. \n\nThe end goal is to democratise development of Overwatch. Being able to host your own servers and modify the game client to your liking should not be up for discussion for a game many people have paid money for.\n\nHey you! Yes you! Do you want to pay for a game which gets forcibly taken away from you after only six years? Do you want to buy lootboxes in order to unlock cosmetics faster in the game you „own“?\n\nOverwatch 1 was released in 2016 to critical acclaim and millions of sales globally. It has permanently changed the hero-shooter landscape which was in much need of a fresh new game and playstyle. After a few hard years plagued with infrequent updates, long overdue hero nerfs / reworks and broken promises, Overwatch 1 was finally taken offline on October 3, 2022.\n\nEver since I started playing Overwatch I was fascinated by the game and it’s proprietary engine, Tank. Not much is known about it, only that core components were reused from the cancelled Blizzard IP, Titan. It’s a shame that this game (engine) is not getting the recognition it deserves. From the entity-component architecture to the deterministic graph based scripting engine which handles (almost) everything which happens ingame, it is a truly refreshing take on networking and game programming rarely seen in games. So, considering this, building a game server from scratch can’t be that hard, riiiight?\n\nJoin me in this documentation of my gradual descent into madness while I (jokingly) roast Overwatch developers for code which they probably do not even remember that theyve written 10+ years ago :)\n\nAll research presented in this talk was done on the first archived, still publicly available version which I could find, 0.8.0.0 Beta (0.8.24919), which got uploaded to archive.org.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["breakingbread"],"tags":["1266","2025","39c3","Hardware","Zero","39c3-eng","39c3-deu","39c3-pol","Day 2"],"view_count":6620,"promoted":false,"date":"2025-12-28T20:10:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-07T06:00:03.292+02:00","length":2278,"duration":2278,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1266-d08f6f41-a731-57f7-ba40-8f38464f2dcd.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1266-d08f6f41-a731-57f7-ba40-8f38464f2dcd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1266-d08f6f41-a731-57f7-ba40-8f38464f2dcd.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1266-d08f6f41-a731-57f7-ba40-8f38464f2dcd.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-prometheus-reverse-engineering-overwatch","url":"https://api.media.ccc.de/public/events/d08f6f41-a731-57f7-ba40-8f38464f2dcd","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"fae65b90-30c4-5ce1-8d59-d8f3600c7845","title":"And so it begins - Wie unser Rechtsstaat auf dem Highway Richtung Trumpismus rast – und warum afghanische Kläger*innen für uns die Notbremse ziehen","subtitle":null,"slug":"39c3-and-so-it-begins-wie-unser-rechtsstaat-auf-den-highway-richtung-trumpismus-rast-und-warum-afghanische-klager-innen-fur-uns-die-notbremse-ziehen","link":"https://events.ccc.de/congress/2025/hub/event/detail/and-so-it-begins-wie-unser-rechtsstaat-auf-den-highway-richtung-trumpismus-rast-und-warum-afghanische-klager-innen-fur-uns-die-notbremse-ziehen","description":"Wenn die Regierung sich nicht mehr an das eigene Recht gebunden fühlt, markiert das nicht nur einen politischen Spurwechsel, sondern die Auffahrt auf den Highway to Trumpism. Zeit die Notbremse zu ziehen!\nNormalerweise trifft es in solchen Situationen immer zuerst diejenigen, die sich am wenigsten wehren können. Doch was passiert, wenn genau diese Menschen mit juristischen Werkzeugen bewaffnet werden, um zurückzuschlagen?\nAnhand von über 100 Klagen afghanischer Schutzsuchender zeigen wir, wie Ministerien das Bundesaufnahmeprogramm sabotieren, Gerichte sie zurückpfeifen – und die Zivilgesellschaft zum letzten Schutzwall des Rechtsstaats wird. Und wir verraten, warum sich Beamte im BAMF vielleicht lieber krankmelden sollten und welche anderen Möglichkeiten sie haben, um nicht straffällig zu werden.\n\n•\tVersprochen ist versprochen und wird auch nicht gebrochen“ – das lernen wir schon als Kinder. Aber der Kindergarten ist schon lange her, und Politiker*innen haben zwar oft das Auftreten eines Elefanten, aber das Gedächtnis eines Goldfischs.\n•\tDeswegen hätte die Bundesregierung auch fast 2.500 Afghan*innen mit deutschen Aufnahmezusagen in Islamabad „vergessen“, die dort seit Monaten auf die Ausstellung ihrer deutschen Visa warten\n•\tDas Kalkül dahinter: Pakistan erledigt die Drecksarbeit und schiebt sie früher oder später ab, Problem solved! - selbst wenn dabei Menschenleben auf dem Spiel stehen.\n•\tWie kann die Zivilgesellschaft die Notbremse ziehen, wenn sich Regierung und Verwaltung nicht mehr an das eigene Recht gebunden fühlen?\n•\tEine Möglichkeit: wir vernetzen die afghanischen Familien mit Anwält*innen, damit sie Dobrindt und Wadephul verklagen - und sie gewinnen! Die Gerichtsbeschlüsse sind eindeutig: Visa sofort erteilen – sonst Strafzahlungen! Inzwischen laufen über 100 Verfahren an vier Verwaltungsgerichten, weitere kommen täglich hinzu. \n•\tDas dürfte nicht ganz das gewesen sein, was die neue Bundesregierung meinte, als sie im Koalitionsvertrag verkündete, „freiwillige Aufnahmeprogramme so weit wie möglich zu beenden“. \nÜbersetzung der politischen Realitätsversion: Wenn es nach Dobrindt und dem Kanzler geht, sollen möglichst gar keine Schutzsuchenden aus Afghanistan mehr nach Deutschland kommen – rechtsverbindliche Aufnahmezusagen hin oder her. Einreisen dürfen nur noch anerkannte Terroristen aus der Taliban-Regierung, um hier in Deutschland die afghanischen Botschaften und Konsulate zu übernehmen\n•\tDurch die Klagen konnten bereits 78 Menschen einreisen, etwa 80 weitere Visa sind in Bearbeitung – und weitere werden vorbereitet.\n•\tDoch wie in jedem Drehbuch gilt: The Empire strikes back! Die Regierung entwickelt laufend neue Methoden, um Urteile ins Leere laufen zu lassen und Einreisen weiterhin zu blockieren.\n•\tWillkommen im „Trumpismus made in Germany“.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Eva","Elaha"],"tags":["2393","2025","39c3","Ethics, Society \u0026 Politics","Ground","39c3-deu","39c3-eng","39c3-fra","Day 1"],"view_count":5402,"promoted":false,"date":"2025-12-27T19:15:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-06T16:15:05.017+02:00","length":2983,"duration":2983,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2393-fae65b90-30c4-5ce1-8d59-d8f3600c7845.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2393-fae65b90-30c4-5ce1-8d59-d8f3600c7845_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2393-fae65b90-30c4-5ce1-8d59-d8f3600c7845.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2393-fae65b90-30c4-5ce1-8d59-d8f3600c7845.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-and-so-it-begins-wie-unser-rechtsstaat-auf-den-highway-richtung-trumpismus-rast-und-warum-afghanische-klager-innen-fur-uns-die-notbremse-ziehen","url":"https://api.media.ccc.de/public/events/fae65b90-30c4-5ce1-8d59-d8f3600c7845","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"1adb7e54-9bc5-5947-a7ff-dc286b0b14c2","title":"Design for 3D-Printing","subtitle":null,"slug":"39c3-design-for-3d-printing","link":"https://events.ccc.de/congress/2025/hub/event/detail/design-for-3d-printing","description":"3D-Printers have given us all the unprecedented ability to manufacture mechanical parts with a very low barrier to entry.  The only thing between your idea and its physical manifestation is the process of designing the parts. However, this is actually a topic of incredible depth: Design engineering is a whole discipline to itself, built on top of tons and tons of heuristics to produce shapes that are functional, strong, and importantly: well-manufacturable\n\nIn this talk, I will present the rules for designing well-printable parts and touch on other areas of design considerations so you can learn to create parts that work first try and can be reproduced by others on their 3d-printers easily.\n\nOver the years, the 3d-printing community has discovered many tricks and rules that help creating parts that can be printed well and fulfill their purpose as best as possible. I started collecting these rules and wrote an article guide to make this knowledge more accessible. I want to present the most important principles and the mindset that is needed to achieve perfected design.\n\nThis is not about how to use a CAD program to design a part — but rather about the thought process of the design engineer while drawing up a part.  A though process that consists of compromises between many objectives, of heuristic rules, and many neat little tricks.\n\nThe article that this talk is based on can be found on my blog: https://blog.rahix.de/design-for-3d-printing/\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["rahix"],"tags":["2250","2025","39c3","Hardware","Ground","39c3-eng","39c3-deu","39c3-pol","Day 3"],"view_count":6560,"promoted":false,"date":"2025-12-29T11:00:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-04T19:15:05.267+02:00","length":2255,"duration":2255,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2250-1adb7e54-9bc5-5947-a7ff-dc286b0b14c2.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2250-1adb7e54-9bc5-5947-a7ff-dc286b0b14c2_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2250-1adb7e54-9bc5-5947-a7ff-dc286b0b14c2.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2250-1adb7e54-9bc5-5947-a7ff-dc286b0b14c2.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-design-for-3d-printing","url":"https://api.media.ccc.de/public/events/1adb7e54-9bc5-5947-a7ff-dc286b0b14c2","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"c31906d3-4cd5-5b05-aebe-5ce1538c70b8","title":"Hegemony Eroding: Excavating Diversity in Latent Space","subtitle":null,"slug":"39c3-hegemony-eroding-excavating-diversity-in-latent-space","link":"https://events.ccc.de/congress/2025/hub/event/detail/hegemony-eroding-excavating-diversity-in-latent-space","description":"Hegemony Eroding is an ongoing art project exploring how generative AI reflects and distorts cultural representation. Its name speaks to its core ambition: to bear witness to the slow erosion of Western cultural hegemony by exposing the cracks in which other cultures shine through.\n\nThis talk will discuss the blurry boundary between legitimate cultural representation and prejudice in AI-generated media and how generative AI can be used as a tool to explore humanity's digital foot print.\nIt is permeated by a critique of purely profit-driven AI development and it's tendency to blunt artistic exploration and expression.\n\nGenerative AI models ingest huge datasets gathered all over the web. Unsurprisingly, they reflect decades of Western cultural hegemony. Yet, the hegemony is not absolute.\n\nNon-Western motifs, that is, recurring patterns and themes with deep cultural resonance, can be discovered and reproduced across different generative AI models.\n\nIn this talk I will explain the methods I developed to draw out motifs, the journey I took and what I learned along the way. I will present motifs and use them to outline a space stretching from representation to prejudice on the one hand and western to non-western depiction on the other.\n\nFinally, I will make a case for AI as a tool for cultural exploration and discuss how monetary incentives jeopardise this endeavour, adding to the long list of reasons to break up monopolies with transparent, publicly-funded AI-models.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Karim Hamdi"],"tags":["1420","2025","39c3","Art \u0026 Beauty","Fuse","39c3-eng","39c3-deu","Day 3"],"view_count":1077,"promoted":false,"date":"2025-12-29T21:05:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-01T09:15:05.224+02:00","length":2103,"duration":2103,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1420-c31906d3-4cd5-5b05-aebe-5ce1538c70b8.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1420-c31906d3-4cd5-5b05-aebe-5ce1538c70b8_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1420-c31906d3-4cd5-5b05-aebe-5ce1538c70b8.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1420-c31906d3-4cd5-5b05-aebe-5ce1538c70b8.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-hegemony-eroding-excavating-diversity-in-latent-space","url":"https://api.media.ccc.de/public/events/c31906d3-4cd5-5b05-aebe-5ce1538c70b8","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"6938a1f1-4ee3-5fca-ae37-d59274e529de","title":"Code to Craft: Procedural Generation for the Physical World","subtitle":null,"slug":"39c3-code-to-craft-procedural-generation-for-the-physical-world","link":"https://events.ccc.de/congress/2025/hub/event/detail/code-to-craft-procedural-generation-for-the-physical-world","description":"Join bleeptrack for a deep dive into the fascinating world of procedural generation beyond the screen. From stickers and paper lanterns to PCBs, furniture, and even physical procedural generators, this talk explores the challenges and creative possibilities of bringing generative projects into tangible form.\n\nIn this talk, I will share practical insights from developing procedural generation tools for physical objects: ranging from stickers and paper lanterns to printed circuit boards and even furniture. I will outline key challenges and considerations when generating designs for fabrication tools such as laser cutters or pen plotters, as well as how to adapt procedural systems so they can be reproduced by a wide audience (not everyone has access to CNC machines or industrial equipment, sadly!).\n\nBeyond technical considerations, I aim to encourage attendees to translate their own generative ideas into tangible artifacts and to foster a culture of open-sourcing and knowledge sharing within the community.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["bleeptrack"],"tags":["2042","2025","39c3","Art \u0026 Beauty","One","39c3-eng","39c3-deu","Day 2"],"view_count":2032,"promoted":false,"date":"2025-12-28T23:55:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-05T23:30:07.408+02:00","length":2157,"duration":2157,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2042-6938a1f1-4ee3-5fca-ae37-d59274e529de.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2042-6938a1f1-4ee3-5fca-ae37-d59274e529de_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2042-6938a1f1-4ee3-5fca-ae37-d59274e529de.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2042-6938a1f1-4ee3-5fca-ae37-d59274e529de.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-code-to-craft-procedural-generation-for-the-physical-world","url":"https://api.media.ccc.de/public/events/6938a1f1-4ee3-5fca-ae37-d59274e529de","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"d9459a91-792a-5e64-aea1-b20f7bd33535","title":"The Freak Show Clubhouse","subtitle":null,"slug":"39c3-the-freak-show-clubhouse","link":"https://events.ccc.de/congress/2025/hub/event/detail/the-freak-show-clubhouse","description":"Die Freak Show und alle Hörerinnen und Hörer machen eine Sendung als Gespräch\n\nIm Clubhouse-Style trifft das Freak Show Team auf seine Hörer. Jeder kann mitmachen. Werde zum Freak Show Host für 5 Minuten. Wir diskutieren mit Euch jedes frühere oder künftige Thema und sind uns auch für Hot Takes nicht zu schade.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Tim Pritlove"],"tags":["83762","2025","39c3","Sendezentrum Bühne (Saal X 07)","39c3-deu","Day 2"],"view_count":19834,"promoted":false,"date":"2025-12-28T18:45:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-07T10:00:04.178+02:00","length":5798,"duration":5798,"thumb_url":"https://static.media.ccc.de/media/congress/2025/83762-d9459a91-792a-5e64-aea1-b20f7bd33535.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/83762-d9459a91-792a-5e64-aea1-b20f7bd33535_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/83762-d9459a91-792a-5e64-aea1-b20f7bd33535.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/83762-d9459a91-792a-5e64-aea1-b20f7bd33535.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-the-freak-show-clubhouse","url":"https://api.media.ccc.de/public/events/d9459a91-792a-5e64-aea1-b20f7bd33535","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"4bfb9f9c-a8cd-5bcb-8b0f-ce20509f2a36","title":"Building hardware - easier than ever - harder than it should be","subtitle":null,"slug":"39c3-building-hardware-easier-than-ever-harder-than-it-should-be","link":"https://events.ccc.de/congress/2025/hub/event/detail/building-hardware-easier-than-ever-harder-than-it-should-be","description":"Building electronics has never been easier, cheaper, or more accessible than the last few years. It's also becoming a precious skill in a world where commercially made electronics are the latest victim of enshittification and vibe coding. And yet, while removing technical and financial barriers to building things, we've not come as far as we should have in removing social barriers. The electronics and engineering industry and the cultures around them are hostile to newcomers and self-taught practitioners, for no good reason at all. I've been teaching advanced electronics manufacturing skills to absolute beginners for a decade now, and they've consistently succeeded at acquiring them. I'm here to tell you why it's not as hard as it seems, how to get into it, and why more people who think they can't should try.\n\nElectronics is easier and more fun to get into than it's ever been before. All the tools and resources are easily accessible and super cheap or free. There's an enormous amount of things to build from and build on.\n\nIt's also never been more important to be able to build and understand electronics, as assholes running corporations are wasting their workers' unpaid overtime on making all the electronics in our lives shittier, more full of ads, slop, and spyware, and more frustrating to use. Encountering a device that works for you instead of against you is a breath of fresh air. Building one is an act of resistance and power. Not depending on the whims of corporate assholes is freedom.\n\nHowever, the culture around electronics and the electronics industry is one of exclusion and gatekeeping. It doesn't need to be. It would be stupidly easy to make things better, and we should. I've been teaching absolute beginners advanced electronics manufacturing skills for many years now. It's absolutely shocking how much more diverse the people who I teach are compared to the industry. The \"hardware is hard\" meme is true in some cases but toxic when worn as a badge of pride or a warning to people attempting it.\n\nI will tell you why designing and building electronics is not nearly as hard as it seems, how it's almost never been easier to get into it, and why it's very important that people who think or have been told they can't do it should be doing more of it. I'll tell you my experiences of what building devices is like, show and tell a few useful skills, and tell the story of how trying to prove someone wrong on the internet turned into a decade of teaching people with zero experience how to handle the most complex electronic components at all sorts of community events.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Kliment"],"tags":["2271","2025","39c3","Hardware","One","39c3-eng","39c3-deu","39c3-spa","Day 1"],"view_count":17529,"promoted":false,"date":"2025-12-27T12:50:00.000+01:00","release_date":"2025-12-27T00:00:00.000+01:00","updated_at":"2026-04-07T10:45:04.289+02:00","length":2128,"duration":2128,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2271-4bfb9f9c-a8cd-5bcb-8b0f-ce20509f2a36.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2271-4bfb9f9c-a8cd-5bcb-8b0f-ce20509f2a36_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2271-4bfb9f9c-a8cd-5bcb-8b0f-ce20509f2a36.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2271-4bfb9f9c-a8cd-5bcb-8b0f-ce20509f2a36.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-building-hardware-easier-than-ever-harder-than-it-should-be","url":"https://api.media.ccc.de/public/events/4bfb9f9c-a8cd-5bcb-8b0f-ce20509f2a36","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"151d4fb0-5d25-586b-8063-c7706bbd9094","title":"In-house electronics manufacturing from scratch: How hard can it be?","subtitle":null,"slug":"39c3-in-house-electronics-manufacturing-from-scratch-how-hard-can-it-be","link":"https://events.ccc.de/congress/2025/hub/event/detail/in-house-electronics-manufacturing-from-scratch-how-hard-can-it-be","description":"Why is electronics manufacturing hard? Can it ever be made easy and more accessible? What will it take to relocate industrial production to Europe?\n\nWe share with you what we learned when we spent more than 1 year setting up our own production line in our office in Hamburg. Turns out a lot of the difficulties are rarely talked about or hidden behind \"manufacturing is high CAPEX\". \n\nCome and learn with us the nitty gritty details of batch reflow ovens, stencil printing at scale, and how OpenPnP is a key enabler in our process. While we are far from done with this work, we hope to see others replicate it and collectively reclaim the ownership of the means of electronics production.\n\nOur industry needs a reboot as well, it no longer serves the people.\n\nOur work is based on our belief that high-quality high-mix/low volume manufacturing of electronics in Europe is economically viable and accessible to small companies with a lower-than-expected up-front investment.\n\nWe believe that relocation of industry to Europe depends on small innovative companies, and will not come from slow and bloated industry giants whose products are victims of enshittification and maximum profit extraction.\n\nBy using open-source hardware and software whenever possible, we are attempting to set up our own production operation in Hamburg and we want to share the solutions and enable others to do the same and collectively reclaim ownership of the means of production.\n\nWe will cover:\n- How we acquired and set up production machines, their costs, and our learnings\n- Quirks of paste printing and reflow soldering at scale (up to 50 batches a day)\n- Component inventory, tracking, DfM, etc.\n- How OpenPnP is a key enabler of our prcesses\n    - Our proposed changes to OpenPnP\n    - Our work integrated Siemens Siplace Feeders in OpenPnP\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Augustin Bielefeld","Alexander Willer"],"tags":["1374","2025","39c3","Hardware","One","39c3-eng","39c3-deu","39c3-fra","Day 2"],"view_count":30886,"promoted":false,"date":"2025-12-28T19:15:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-07T12:00:07.548+02:00","length":2370,"duration":2370,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1374-151d4fb0-5d25-586b-8063-c7706bbd9094.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1374-151d4fb0-5d25-586b-8063-c7706bbd9094_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1374-151d4fb0-5d25-586b-8063-c7706bbd9094.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1374-151d4fb0-5d25-586b-8063-c7706bbd9094.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-in-house-electronics-manufacturing-from-scratch-how-hard-can-it-be","url":"https://api.media.ccc.de/public/events/151d4fb0-5d25-586b-8063-c7706bbd9094","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"1e0b17f8-d1e2-5d75-b052-811b8f722b38","title":"Wer liegt hier wem auf der Tasche?","subtitle":"Genug mit dem Bürgergeld-Fetisch. Stürmt die Paläste!","slug":"39c3-wer-liegt-hier-wem-auf-der-tasche-genug-mit-dem-burgergeld-fetisch-sturmt-die-palaste","link":"https://events.ccc.de/congress/2025/hub/event/detail/wer-liegt-hier-wem-auf-der-tasche-genug-mit-dem-burgergeld-fetisch-sturmt-die-palaste","description":"Das Bürgergeld ist Geschichte. An seine Stelle tritt eine Grundsicherung, die auf kalkulierten Verfassungsbruch setzt. Totalsanktionen, Vermittlungsvorrang, Quadratmeterdeckel, jeder Move bedeutet umfassendere staatliche Überwachung. Die Bezahlkarte soll in Hamburg perspektivisch zunächst auf Sozialhilfe‑ und Jugendhilfebeziehende ausgeweitet werden. Sind Bürgergeldbeziehende als nächstes dran?\r\n\r\nDie neue Grundsicherung trumpft Hartz IV in seiner Grausamkeit und ist ein Damoklesschwert über Erwerbslosen und allen, die Lohnarbeit machen. Zugleich nimmt die Zahl der Milliardäre und Mulitmillionäre stetig zu. Finanzbetrug durch Überreiche wird mehr oder weniger tatenlos zugesehen, während das Phantom des Bürgergeld-Totalverweigerers seit Jahren durch die Medien getrieben wird.\r\n\r\nWie der Angriff auf den Sozialstaat sich auf die Betroffenen in der Praxis auswirkt und was wir als Zivilgesellschaft tun können, um nicht nur tatenlos zusehen zu müssen, darum geht es in diesem Talk.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Helena Steinhaus"],"tags":["1495","2025","39c3","Ethics, Society \u0026 Politics","Zero","39c3-deu","39c3-eng","39c3-fra","Day 3"],"view_count":41996,"promoted":false,"date":"2025-12-29T17:15:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-07T10:45:07.046+02:00","length":3419,"duration":3419,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1495-1e0b17f8-d1e2-5d75-b052-811b8f722b38.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1495-1e0b17f8-d1e2-5d75-b052-811b8f722b38_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1495-1e0b17f8-d1e2-5d75-b052-811b8f722b38.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1495-1e0b17f8-d1e2-5d75-b052-811b8f722b38.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-wer-liegt-hier-wem-auf-der-tasche-genug-mit-dem-burgergeld-fetisch-sturmt-die-palaste","url":"https://api.media.ccc.de/public/events/1e0b17f8-d1e2-5d75-b052-811b8f722b38","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"f894f246-6bd4-5750-a66b-d073e37b7acd","title":"Human microservices at the Dutch Railways: modern architecture, ancient hardware?","subtitle":null,"slug":"39c3-human-microservices-at-the-dutch-railways-modern-architecture-ancient-hardware","link":"https://events.ccc.de/congress/2025/hub/event/detail/human-microservices-at-the-dutch-railways-modern-architecture-ancient-hardware","description":"The Dutch railways have been operating an increasingly complicated network of trains for over 80 years. The task of overseeing it is far too complex for a single human. As such, a network of specifically scoped humans has been connected. Over time, computers and software have been introduced into the system, but today there is still a significant role for humans.\n\nThis talk describes the network of \"human microservices\" that is involved in the Dutch Railways' day to day operation from the eyes of a software developer.\n\nWhen a train breaks down in the Netherlands, a system of interconnected humans is shifted into gear. The current state of that system has been developed for over 80 years and as such should be seen as an architectural marvel. Even though there is nowadays a significant amount of software involved in the process, the people involved are still very much necessary.\n\nThis talk describes the processes and roles involved in the Dutch railway day to day operations. We will start at a broken down train on a busy track and work our way towards solutions including dragging the train, evacuating travelers and redirecting other trains on that trajectory. We will explore this from a software developer's perspective. We will consider the people involved as an ancient form of hardware, and the protocols between them as software. We will also go over the more modern additions to the system: phone lines and software running on actual computers.\n\nAfter our investigation you will have a new understanding of the complexity of running a railway network. And we will ask ourselves: is this an outdated system that needs to be digitized? Or is this actually a modern system with microservices and a \"human in the loop\"?\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Maarten W"],"tags":["1856","2025","39c3","Hardware","Zero","39c3-eng","39c3-deu","39c3-spa","Day 3"],"view_count":3300,"promoted":false,"date":"2025-12-29T23:00:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-07T12:15:05.181+02:00","length":3648,"duration":3648,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1856-f894f246-6bd4-5750-a66b-d073e37b7acd.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1856-f894f246-6bd4-5750-a66b-d073e37b7acd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1856-f894f246-6bd4-5750-a66b-d073e37b7acd.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1856-f894f246-6bd4-5750-a66b-d073e37b7acd.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-human-microservices-at-the-dutch-railways-modern-architecture-ancient-hardware","url":"https://api.media.ccc.de/public/events/f894f246-6bd4-5750-a66b-d073e37b7acd","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"3aa9e859-d4b0-5e7d-8f5c-7741e6c9856e","title":"Opening pAMDora's box and unleashing a thousand paths on the journey to play Beatsaber custom songs","subtitle":null,"slug":"39c3-opening-pamdora-s-box-and-unleashing-a-thousand-paths-on-the-journey-to-play-beatsaber-custom-songs","link":"https://events.ccc.de/congress/2025/hub/event/detail/opening-pamdora-s-box-and-unleashing-a-thousand-paths-on-the-journey-to-play-beatsaber-custom-songs","description":"While trying to apply fault injection to the AMD Platform Security Processor with unusual (self-imposed) requirements/restrictions, it were software bugs which stopped initial glitching attempts. Once discovered, the software bug was used as an entry to explore the target, which in turn lead to uncovering (and exploiting) more and more bugs, ending up in EL3 of the most secure core on the chip.\nThis talk is about the story of trying to glitch the AMD Platform Security Processor, then accidentally discovering several bugs and getting a good look inside the target, before returning to trying to hammer it with novel physical strategies.\n\n# BACKSTORY\n---------------\nSo here is the backstory of how it all started:\n- I bought a commercial gaming console\n- Then bought a VR headset (for this console) because of exclusive game\n- But also wanted to play beatsaber\n- I could, but builtin song selection was very limited\n- Custom songs exist (for example on steam), but not for this console\n- I didn't want to buy a second headset for steam\n  That's when i decided i want to hack this console so that i can port community created customs songs to the console and play them there with the VR headset i already have.\n\nInitially starting with an approach similar to the usual \"entrypoint through browser\", then go for kernel and call it a day, but quickly annoying hurdles blocked my way. For one, the Hypervisor makes your live just miserable with it's execute only kernel text blind exploitation. Other issues were that one needs to be on latest version to download the game, which exists only as digital purchase title, preventing me to share my efforts with others even if i can get it working on my console.\nThough, what finally put the nail in the coffin was when porting a kernel zeroday to the console failed because of heavy sandboxing, unreachable syscalls or even entirely stripped kernel functions. \nSome may call it \"skill issue\". Anyways, that's when i was full of it and decided to bring this thing down for good.  \nEverybody does glitching nowadays and according to rumors people did have success on this thing with glitching before, so how hard can it really be, right?\n\nSo the question became: Is it possible to build a modchip, which glitches the board and lets me play beatsaber custom songs?  \nStuff like that has been done on other consoles before (minus the beatsaber part :P)\n\nTurns out that when manufacturing produces chips with broken GPUs, they are sold as spinoff desktop mainboards (with disabled GPU) rather than thrown away. Which is great, because those mainboards are much cheaper, especially if you buy broken spinoff mainboards on ebay.\n\nSo on the journey to beatsaber custom songs, breaking this desktop mainboard became a huge chunk of the road. Because if i can glitch this and build a modchip for it, surely i can also do it for the console, right? I mean it's the exact same SoC afterall! \nBack when i started i didn't know i would be about to open pAMDoras box and discover so many bugs and hacks.\n\n# Actual talk description\n---------------\n**Disclaimer: This is not a console hacking talk!**  \nThis talk is gonna be about breaking nearly every aspect of the AMD Platform Security Processor of the desktop mainboard with the same SoC as the console. While certainly usefuly for _several_  other AMD targets, unfortunately not every finding can directly be ported to the console. Still, it remains very useful nonetheless!\n\nNote: The final goal of custom songs on beatsaber has not been reached yet, this talk is presenting the current state of things.\n\nIn this talk you'll be taken on a ride on how everything started and how almost every aspect of the chip was broken. How bugs were discovered, what strategies were used to move along.  \nNot only will several novel techniques be presented for applying existing physical attacks to targets where those couldn't really be applied before, but also completely new approaches are shared which bring a whole different perspective on glitching despite having lots of capacitors (which we don't really want to remove) and extremely powerfull mosfets (which smooth out crowbar attempts in a blink of an eye).\n\nBut that's not all!  \nWhile trying to perform physical attacks on the hardware, the software would just start falling apart by itself. Which means, at least **6 unpatchable\\* bugs** were discovered, which are gonna be presented in the talk alongside with **5 zero-day exploits**. Getting EL3 code execution on the most secure core inside AMDs SoC? No Problem! \nApart from just bugs and exploits, many useful techniques and discovery strategies are shared which will provide an excellent knowedgle base and attack inspiration for following along or going for other targets.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["tihmstar"],"tags":["1423","2025","39c3","Security","One","39c3-eng","39c3-deu","39c3-pol","Day 1"],"view_count":10853,"promoted":false,"date":"2025-12-27T14:45:00.000+01:00","release_date":"2025-12-27T00:00:00.000+01:00","updated_at":"2026-04-07T11:15:05.620+02:00","length":2693,"duration":2693,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1423-3aa9e859-d4b0-5e7d-8f5c-7741e6c9856e.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1423-3aa9e859-d4b0-5e7d-8f5c-7741e6c9856e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1423-3aa9e859-d4b0-5e7d-8f5c-7741e6c9856e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1423-3aa9e859-d4b0-5e7d-8f5c-7741e6c9856e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-opening-pamdora-s-box-and-unleashing-a-thousand-paths-on-the-journey-to-play-beatsaber-custom-songs","url":"https://api.media.ccc.de/public/events/3aa9e859-d4b0-5e7d-8f5c-7741e6c9856e","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"11ede3bc-662b-580b-9ecb-e84edabee369","title":"Von Fuzzern zu Agenten: Entwicklung eines Cyber Reasoning Systems für die AIxCC","subtitle":null,"slug":"39c3-von-fuzzern-zu-agenten-entwicklung-eines-cyber-reasoning-systems-fur-die-aixcc","link":"https://events.ccc.de/congress/2025/hub/event/detail/von-fuzzern-zu-agenten-entwicklung-eines-cyber-reasoning-systems-fur-die-aixcc","description":"Die AI Cyber Challenge (AIxCC) der DARPA hatte zum Ziel, die Grenzen der autonomen Cybersicherheit zu erweitern: Können AI-Systeme Software-Schwachstellen unabhängig, in Echtzeit und ohne menschliche Hilfe identifizieren, verifizieren und beheben?\nIm Laufe von zwei Jahren entwickelten Teams aus aller Welt „Cyber Reasoning Systems“ (CRS), die in der Lage sind, komplexe Open-Source-Software zu analysieren, Code zu analysieren, reproducer zu generieren, um zu zeigen, dass ein gemeldeter Fehler kein Fehlalarm ist, und schließlich Patches zu synthetisieren.\nUnser Team nahm an dieser Challenge teil und entwickelte von Grund auf ein eigenes CRS. In diesem Vortrag geben wir Einblicke in den Wettbewerb: Wie funktioniert die LLM-gesteuerte Schwachstellenerkennung tatsächlich, welche Designentscheidungen sind wichtig und wie sind die Finalisten-Teams an das Problem herangegangen?\n\nDie AIxCC (DARPA’s AI Cyber Challenge) ist ein zweijähriger Wettbewerb, dessen Ziel es war, die Möglichkeiten der automatisierten Erkennung und Behebung von Sicherheitslücken zu verbessern.\nDabei sollte ein autonomes, in sich geschlossenes System entwickelt werden, das Software analysiert, Schwachstellen erkennt, diese mithilfe von Reproducern nachweist und anschließend sichere Patches erzeugt.\n\nUnser Team hat sich diesem globalen Experiment angeschlossen und ein eigenes Cyber Reasoning System (CRS) von Grund auf neu entwickelt. Dazu haben wir mehrere Agenten entwickelt. Unser System profitierte von der Kombination klassischer Techniken wie Fuzzing mit modernen Large Language Models (LLMs). Die Synergie zwischen diesen Ansätzen erwies sich als leistungsfähiger als jede der beiden Techniken für sich allein, sodass unser CRS Software auf eine Weise untersuchen und patchen konnte, wie es weder Fuzzing noch LLMs allein leisten konnten.\n\nIn diesem Vortrag werden wir:\n- das Konzept und die Ziele hinter AIxCC erläutern\n- durchgehen, wie ein CRS tatsächlich funktioniert und wie wir unseres entwickelt haben\n- zeigen, wie LLMs traditionelle Fuzzing- und Analyse-Techniken unterstützen können\n- Beobachtungen zu den Strategien der Finalisten-Teams teilen\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Mischa Meier (mmisc)","Annika Kuntze"],"tags":["1908","2025","39c3","Security","Fuse","39c3-deu","39c3-eng","Day 3"],"view_count":2429,"promoted":false,"date":"2025-12-29T23:00:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-07T11:30:05.479+02:00","length":3167,"duration":3167,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1908-11ede3bc-662b-580b-9ecb-e84edabee369.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1908-11ede3bc-662b-580b-9ecb-e84edabee369_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1908-11ede3bc-662b-580b-9ecb-e84edabee369.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1908-11ede3bc-662b-580b-9ecb-e84edabee369.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-von-fuzzern-zu-agenten-entwicklung-eines-cyber-reasoning-systems-fur-die-aixcc","url":"https://api.media.ccc.de/public/events/11ede3bc-662b-580b-9ecb-e84edabee369","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"35e68e53-852a-56a2-8b3c-1bc27ce7fbb0","title":"PRÜF","subtitle":null,"slug":"39c3-pruf","link":"https://events.ccc.de/congress/2025/hub/event/detail/pruf","description":"PRÜF! Prüfung Rettet übrigens Freiheit!\nAlles wird in Deutschland geprüft. Warum nicht auch mutmaßlich verfassungswidrige Parteien? Hier stelle ich vor, was PRÜF! anders machen will als bisherige Kampagnen.\n\nWir haben eine Forderung: „Alle Parteien, die vom Verfassungsschutz als rechtsextremer Verdachtsfall oder gesichert rechtsextrem eingestuft werden, sollen durch das Bundesverfassungsgericht überprüft werden.“ Wir demonstrieren so lange, bis der Bundesrat die Prüfung formal beantragt hat. PRÜF-Demos. Bald in allen Landeshauptstädten. Am 2. Samstag. Jeden Monat.\n\nWarum beim Schutz der Demokratie nicht mal einen Ansatz wählen, der so noch nicht probiert wurde? Nicht auf die anderen gucken, sondern auf uns? Auf das gemeinsame? Auf Spaß? Das nutzen, was wir haben und was wir können? Wir haben das Grundgesetz, dessen Stärken eingesetzt werden müssen. Wir haben uns, Millionen Menschen, die wir uns organisieren können. Wir haben Ideen, wir haben Geld, wir haben Macht, wir haben Wissen. Bisher haben wir nicht einmal ansatzweise unsere Möglichkeiten ausgeschöpft und es wäre absurd, wenn wir das nicht schaffen würden, die Freiheitliche Demokratische Grundordnung zu schützen.\n\nVortrag kann Spuren von Prüfen enthalten.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Nico Semsrott"],"tags":["2427","2025","39c3","Ethics, Society \u0026 Politics","One","39c3-deu","39c3-eng","39c3-spa","Day 3"],"view_count":36598,"promoted":false,"date":"2025-12-30T00:15:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-07T12:30:05.959+02:00","length":2305,"duration":2305,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2427-35e68e53-852a-56a2-8b3c-1bc27ce7fbb0.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2427-35e68e53-852a-56a2-8b3c-1bc27ce7fbb0_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2427-35e68e53-852a-56a2-8b3c-1bc27ce7fbb0.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2427-35e68e53-852a-56a2-8b3c-1bc27ce7fbb0.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-pruf","url":"https://api.media.ccc.de/public/events/35e68e53-852a-56a2-8b3c-1bc27ce7fbb0","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b","title":"To sign or not to sign: Practical vulnerabilities in GPG \u0026 friends","subtitle":null,"slug":"39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i","link":"https://events.ccc.de/congress/2025/hub/event/detail/to-sign-or-not-to-sign-practical-vulnerabilities-i","description":"Might contain zerodays. https://gpg.fail/\n\nFrom secure communications to software updates: PGP implementations such as *GnuPG* ubiquitously relied on to provide cryptographic assurances. Many applications from secure communications to software updates fundamentally rely on these utilities.\nSince these have been developed for decades, one might expect mature codebases, a multitude of code audit reports, and extensive continuous testing.\nWhen looking into various PGP-related codebases for some personal use cases, we found these expectations not met, and discovered multiple vulnerabilities in cryptographic utilities, namely in *GnuPG*, *Sequoia PGP*, *age*, and *minisign*.\nThe vulnerabilities have implementation bugs at their core, for example in parsing code, rather than bugs in the mathematics of the cryptography itself. A vulnerability in a parser could for example lead to a confusion about what data was actually signed, allowing attackers without the private key of the signer to swap the plain text. As we initially did not start with the intent of conducting security research, but rather were looking into understanding some internals of key management and signatures for personal use, we also discuss the process of uncovering these bugs. Furthermore, we touch on the role of the OpenPGP specification, and the disclosure process.\n\nBeyond the underlying mathematics of cryptographic algorithms, there is a whole other layer of implementation code, assigning meaning to the processed data. For example, a signature verification operation both needs robust cryptography **and** assurance that the verified data is indeed the same as was passed into the signing operation. To facilitate the second part, software such as *GnuPG* implement parsing and processing code of a standardized format. Especially when implementing a feature rich and evolving standard, there is the risk of ambivalent specification, and classical implementation bugs.\n\nThe impact of the vulnerabilities we found reaches from various signature verification bypasses, breaking encryption in transit and encryption at rest, undermining key signatures, to exploitable memory corruption vulnerabilities.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["49016","Liam"],"tags":["1854","2025","39c3","Security","One","39c3-eng","39c3-deu","39c3-fra","Day 1"],"view_count":80524,"promoted":false,"date":"2025-12-27T17:15:00.000+01:00","release_date":"2025-12-27T00:00:00.000+01:00","updated_at":"2026-04-07T11:45:05.277+02:00","length":2939,"duration":2939,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1854-e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1854-e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1854-e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1854-e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i","url":"https://api.media.ccc.de/public/events/e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"887fe87e-6ef2-5d94-98c8-f582cb22f442","title":"Bluetooth Headphone Jacking: A Key to Your Phone","subtitle":null,"slug":"39c3-bluetooth-headphone-jacking-a-key-to-your-phone","link":"https://events.ccc.de/congress/2025/hub/event/detail/bluetooth-headphone-jacking-a-key-to-your-phone","description":"Bluetooth headphones and earbuds are everywhere, and we were wondering what attackers could abuse them for. Sure, they can probably do things like finding out what the person is currently listening to. But what else? During our research we discovered three vulnerabilities (CVE-2025-20700, CVE-2025-20701, CVE-2025-20702) in popular Bluetooth audio chips developed by Airoha. These chips are used by many popular device manufacturers in numerous Bluetooth headphones and earbuds.\n\nThe identified vulnerabilities may allow a complete device compromise. We demonstrate the immediate impact using a pair of current-generation headphones. We also demonstrate how a compromised Bluetooth peripheral can be abused to attack paired devices, like smartphones, due to their trust relationship with the peripheral.\n\nThis presentation will give an overview over the vulnerabilities and a demonstration and discussion of their impact. We also generalize these findings and discuss the impact of compromised Bluetooth peripherals in general. At the end, we briefly discuss the difficulties in the disclosure and patching process. Along with the talk, we will release tooling for users to check whether their devices are affected and for other researchers to continue looking into Airoha-based devices.\n\nExamples of affected vendors and devices are Sony (e.g., WH1000-XM5, WH1000-XM6, WF-1000XM5), Marshall (e.g. Major V, Minor IV), Beyerdynamic (e.g. AMIRON 300), or Jabra (e.g. Elite 8 Active).\n\nAiroha is a vendor that, amongst other things, builds Bluetooth SoCs and offers reference designs and implementations incorporating these chips. They have become a large supplier in the Bluetooth audio space, especially in the area of True Wireless Stereo (TWS) earbuds. Several reputable headphone and earbud vendors have built products based on Airoha’s SoCs and reference implementations using Airoha’s Software Development Kit (SDK).\n\nDuring our Bluetooth Auracast research we stumbled upon a pair of these headphones. During the process of obtaining the firmware for further research we initially discovered the powerful custom Bluetooth protocol called *RACE*. The protocol provides functionality to take full control of headphones. Data can be written to and read from the device's flash and RAM.\n\nThe goal of this presentation is twofold. Firstly, we want to inform about the vulnerabilities. It is important that headphone users are aware of the issues. In our opinion, some of the device manufacturers have done a bad job of informing their users about the potential threats and the available security updates. We also want to provide the technical details to understand the issues and enable other researchers to continue working with the platform. With the protocol it is possible to read and write firmware. This opens up the possibility to patch and potentially customize the firmware.\n\nSecondly, we want to discuss the general implications of compromising Bluetooth peripherals. As smart phones are becoming increasingly secure, the focus for attackers might shift to other devices in the environment of the smart phone. For example, when the Bluetooth Link Key, that authenticates a Bluetooth connection between the smart phone and the peripheral is stolen, an attacker might be able to impersonate the peripheral and gain its capabilities.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Dennis Heinze","Frieder Steinmetz"],"tags":["1491","2025","39c3","Security","One","39c3-eng","39c3-deu","39c3-fra","Day 1"],"view_count":55853,"promoted":false,"date":"2025-12-27T23:00:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-07T11:15:07.919+02:00","length":3552,"duration":3552,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1491-887fe87e-6ef2-5d94-98c8-f582cb22f442.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1491-887fe87e-6ef2-5d94-98c8-f582cb22f442_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1491-887fe87e-6ef2-5d94-98c8-f582cb22f442.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1491-887fe87e-6ef2-5d94-98c8-f582cb22f442.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-bluetooth-headphone-jacking-a-key-to-your-phone","url":"https://api.media.ccc.de/public/events/887fe87e-6ef2-5d94-98c8-f582cb22f442","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"dcf9ec1c-9755-5757-8f1d-91ec6e0f0661","title":"The Museum of Care: Open-Source Survival Kit Collection","subtitle":null,"slug":"39c3-the-museum-of-care-open-source-survival-kit-collection","link":"https://events.ccc.de/congress/2025/hub/event/detail/the-museum-of-care-open-source-survival-kit-collection","description":"The talk is about the ideas behind setting up the David Graeber Institute and the Museum of Care. The Survival Kit Collection brings together collectives developing open source \"social technologies\" —spirulina farms, self-replicating 3D printers, modular housing, low-cost water systems, and ... art and education. In 2019, together with David Graeber, we held the first workshop about the Museum of Care at CCC to reimagine the relation between freedom, technology and value. Over these 6 years, the Museum of Care and the David Graeber Institute have experimented with various projects: the survival collection, Visual Assembly, and creating an open space for horizontal knowledge production—something we hope to develop into an actual University.\n\nWe think humanity could already be living in a society of abundance and communal luxury. We have the technologies to produce enough for everyone to have everything. The issue isn't technological but social. This is why we need a Museum (of Care): museums are among the few places that create, distribute, and preserve what a society values.\n\nWhat will be at the session:\nWe'll tell in more detail about the concept of the Museum of Care on abandoned ships (of which, according to Maritime Foundation data, there are more than 4,500 in the world). We'll talk about the halls of our museum: the Hall of Giants and other emerging spaces. Projects we're building—spirulina farms, 3D printers—in Saint Vincent (Caribbean) and Kibera Art District, Nairobi Kenya, Playground designed that communities can construct with nearly no resources. Can we actually build a nomadic museum proud not of its unique exhibits but of how easily they spread and get replicated?\n\nThen we will move to an open conversation about what poetic technologies are and how they differ from bureaucratic ones. Some people may have read David Graeber's book The Utopia of Rules; here you can download his other texts that are less widely known or not yet published. We would very much like to explore the question of poetic and bureaucratic technologies together with you. To facilitate this discussion, the David Graeber Institute has invited Alistair Parvin, creator of the Wiki House project, to join Nika Dubrovsky in conversation.\n\nThe discussion continues in the format of a Visual Assembly—focused on building a distributed, non-hierarchical, genuinely open University with different ideas of funding and knowledge production. This is the very beginning of the process so all input is very much welcome. We'd welcome any ideas, critiques, or proposals for collaboration.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Nika Dubrovsky"],"tags":["2407","2025","39c3","Art \u0026 Beauty","Fuse","39c3-eng","39c3-deu","39c3-fra","Day 3"],"view_count":2176,"promoted":false,"date":"2025-12-29T11:00:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-04T21:45:07.667+02:00","length":2263,"duration":2263,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2407-dcf9ec1c-9755-5757-8f1d-91ec6e0f0661.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2407-dcf9ec1c-9755-5757-8f1d-91ec6e0f0661_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2407-dcf9ec1c-9755-5757-8f1d-91ec6e0f0661.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2407-dcf9ec1c-9755-5757-8f1d-91ec6e0f0661.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-the-museum-of-care-open-source-survival-kit-collection","url":"https://api.media.ccc.de/public/events/dcf9ec1c-9755-5757-8f1d-91ec6e0f0661","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"f33636a7-e2a3-5925-87e3-1ba270e73ff5","title":"selbstverständlich antifaschistisch!","subtitle":"Aktuelle Informationen zu den Verfahren im Budapest-Komplex - von family \u0026 friends Hamburg","slug":"39c3-selbstverstandlich-antifaschistisch-aktuelle-informationen-zu-den-verfahren-im-budapest-komplex-von-family-friends-hamburg","link":"https://events.ccc.de/congress/2025/hub/event/detail/selbstverstandlich-antifaschistisch-aktuelle-informationen-zu-den-verfahren-im-budapest-komplex-von-family-friends-hamburg","description":"Mit den Prozessen im Budapest-Komplex wird ein Exempel statuiert - nicht nur gegen Einzelne, sondern gegen antifaschistische Praxis insgesamt. Die Behauptung einer kriminellen Vereinigung mit Mordabsichten stellt eine absurde juristische Eskalation des staatlichen Vorgehens gegen Antifaschist*innen dar und steht in keinem Verhältnis zu den verhandelten Vorkommnissen. Die Verfahren in dieser Weise zu verfolgen, lässt vor allem auf ein hohes Ausforschungs- und Einschüchterungsinteresse schließen.\r\nMit dieser Prozesswelle und den Repressionen gegen Freund*innen und Angehörige wird antifaschistisches Engagement massiv kriminalisiert und ein verzerrtes Bild von politischem Widerstand gezeichnet - während gleichzeitig rechte Gewalt europaweit zunimmt und faschistische Parteien erstarken.\r\nWir sehen, dass Angriffe auf Rechtsstaatlichkeit und Zivilgesellschaft immer weiter zunehmen. Die Art und Weise, wie gegen die Antifas im Budapest-Komplex und im Antifa-Ost Verfahren vorgegangen wird ist ein Vorgeschmack darauf, wie politische Opposition in einer autoritären Zukunft behandelt werden könnte.\r\nWir sind alle von der rechtsautoritären Entwicklung, von Faschisierung betroffen. Die Kriminalisierung von Antifas als \"terroristische Vereinigung\" ist Teil einer (weltweiten) Entdemokratisierung und Zersetzung von Rechtsstaatlichkeit.\r\n\r\nAm 26. September wurde gegen Hanna vor dem OLG München das erste Urteil gegen eine der Antifaschist*innen im Rahmen des Budapest-Komplexes gefällt: 5 Jahre für ein lediglich auf Indizien basierendes Urteil. Dem Mordvorwurf der Staatsanwaltschaft wurde nicht entsprochen, behauptet wurde aber die Existenz einer gewalttätigen „kriminellen Vereinigung“.\r\nAm 12. Januar 2026 wird nun vor dem OLG Düsseldorf der Prozess gegen Nele, Emmi, Paula, Luca, Moritz und Clara, die seit Januar in verschiedenen Gefängnissen in U-Haft sitzen, eröffnet. Die Anklage konstruiert auch hier eine kriminelle Vereinigung nach §129 und enthält den Vorwurf des versuchten Mordes. Die Verfahren in dieser Weise zu verfolgen, lässt vor allem auf ein hohes Ausforschungs- und Einschüchterungsinteresse schließen.\r\nZaid, gegen den ein europäischer Haftbefehl aus Ungarn vorliegt, war Anfang Mai unter Meldeauflagen entlassen worden; aufgrund seiner nicht-deutschen Staatsangehörigkeit hatte der Generalbundesanwalt keine Anklage gegen ihn erhoben. Da er in Deutschland nach wie vor von einer Überstellung nach Ungarn bedroht ist, hält er sich seit Oktober 2025 in Paris auf. Er ist gegen Auflagen auf freiem Fuß.\r\nEin weiteres Verfahren im Budapest- Komplex wird in Dresden zusammen mit Vorwürfen aus dem Antifa Ost Verfahren verhandelt. Der Prozess gegen Tobi, Johann, Thomas (Nanuk), Paul und zwei weitere Personen wird bereits im November beginnen.\r\nIn Budapest sitzt Maja – entgegen einer einstweiligen Verfügung des BVerfG und festgestellt rechtswidrig im Juni 2024 nach Ungarn überstellt - weiterhin in Isolationshaft; der Prozess soll erst im Januar fortgeführt werden und voraussichtlich mit dem Urteil am 22.01. zu Ende gehen.\r\nMit den Prozessen im Budapest-Komplex wird ein Exempel statuiert – nicht nur gegen Einzelne, sondern gegen antifaschistische Praxis insgesamt. Die Behauptung einer kriminellen Vereinigung mit Mordabsichten stellt eine absurde juristische Eskalation des staatlichen Vorgehens gegen Antifaschist*innen dar und steht in keinem Verhältnis zu den verhandelten Vorkommnissen.\r\nMit dieser Prozesswelle und den Repressionen gegen Freund*innen und Angehörige wird antifaschistisches Engagement massiv kriminalisiert und ein verzerrtes Bild von politischem Widerstand gezeichnet – während gleichzeitig rechte Gewalt europaweit zunimmt und faschistische Parteien erstarken. Wir sehen, dass Angriffe auf Rechtsstaatlichkeit und Zivilgesellschaf immer weiter zunehmen. Die Art und Weise, wie gegen die Antifas im Budapest-Komplex vorgegangen wird, ist ein Vorgeschmack darauf, wie politische Opposition in einer autoritäreren Zukunft behandelt werden könnte. Wir sind alle von der rechtsautoritären Entwicklung, von Faschisierung betroffen. Die Kriminalisierung von Antifas als „terroristische Vereinigung\" ist Teil einer (weltweiten) Entdemokratisierung und Zersetzung von Rechtsstaatlichkeit.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Andreas family \u0026 friends Hamburg","Birgit family \u0026 friends Hamburg"],"tags":["1849","2025","39c3","Ethics, Society \u0026 Politics","Fuse","39c3-deu","39c3-eng","39c3-por","Day 2"],"view_count":9207,"promoted":false,"date":"2025-12-28T13:30:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-06T22:15:10.025+02:00","length":3489,"duration":3489,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1849-f33636a7-e2a3-5925-87e3-1ba270e73ff5.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1849-f33636a7-e2a3-5925-87e3-1ba270e73ff5_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1849-f33636a7-e2a3-5925-87e3-1ba270e73ff5.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1849-f33636a7-e2a3-5925-87e3-1ba270e73ff5.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-selbstverstandlich-antifaschistisch-aktuelle-informationen-zu-den-verfahren-im-budapest-komplex-von-family-friends-hamburg","url":"https://api.media.ccc.de/public/events/f33636a7-e2a3-5925-87e3-1ba270e73ff5","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"6189eca4-8ac2-5606-af23-628b82eb4a54","title":"CPU Entwicklung in Factorio","subtitle":"Vom D-Flip-Flop bis zum eigenen Betriebssystem","slug":"39c3-cpu-entwicklung-in-factorio-vom-d-flip-flop-bis-zum-eigenen-betriebssystem","link":"https://events.ccc.de/congress/2025/hub/event/detail/cpu-entwicklung-in-factorio-vom-d-flip-flop-bis-zum-eigenen-betriebssystem","description":"Factorio ist ein Fabriksimulationsspiel mit integriertem Logiksystem. Dies ermöglichte mir den Bau einer CPU, die unter anderem aus einer 5-stufiger Pipeline, einer Forwarding Logikeinheit, Interrupt Handling sowie einem I/O Interface besteht. Über einen selbst geschriebenen Assembler konnte ich ein eigenes Betriebssystem und Programme wie Minesweeper oder Snake integrieren. \r\nDer Talk soll euch zeigen, wie sich klassische Computerarchitektur in einem völlig anderen technischen Kontext umsetzen lässt und wo dabei überraschend echte Probleme der CPU-Entwicklung auftreten.\r\nKommt mit auf die Reise: Vom Blick auf den gesamten Computer bis hinunter zu den einzelnen Logikgattern ist es nur eine Mausradbewegung entfernt!\r\n\r\nFactorio ist ein Spiel über Fabrikautomation - Förderbänder, Dampfmaschinen und Produktionsketten stehen im Vordergrund. Eigentlich ist das interne Logiksystem („Combinators“) gedacht für die Steuerung der Fabrik, jedoch erlaubt es auch die Entwicklung komplexer Hardware.\r\n\r\nIn diesem Vortrag erzähle ich meine Geschichte, wie ich eine vollständige RISC-V-Architektur in Factorio  rein aus Vanilla-Combinators erschaffen habe:\r\nDie CPU arbeitet mit 32 Bit-Wörtern, verfügt über 32 General Purpose Register, 128 KB RAM/Persistent Storage, eine 5-stufige Pipeline mit Forwarding und Hazard-Handling sowie eine Logikeinheit für Branches und Interrupts. Ein Display-Controller steuert eine Konsolen-Ausgabe sowie ein Farbdisplay, während ein Keyboard-Controller Eingaben über physische In-Game-Tasten ermöglicht.\r\n\r\nErgänzt wird die Hardware auf der Softwareseite durch das Betriebssystem *FactOS*, das ein einfaches Filesystem sowie Systemcalls (zum Beispiel zum Drucken eines Strings im Terminal) zur Verfügung stellt.  Außerdem schränkt das Betriebssystem das ausführende User-Programm auf einen festen Bereich des RAMs ein und verhindert so direkten Zugriff auf die Hardware.\r\n\r\nIm Talk möchte ich euch durch alle Schichten dieser Konstruktion führen:\r\nVon den Grundlagen der Factorio-Signalphysik über CPU-Design und Pipeline-Hazards bis zur Toolchain und dem Betriebssystem. Außerdem gebe ich einen Einblick, wie die Limitierungen aber auch die Vorteile von Factorio im Vergleich zu herkömmlichen Logik Simulatoren das Design einer CPU beeinflussen können. Ich runde meinen Talk mit einer Live-Demonstration des Systems ab.\r\n\r\nDie vollständige CPU, inklusive Quellcode des Assemblers, Blueprints und Beispielprogramme, stelle ich öffentlich zur Verfügung. Dadurch kann jede interessierte Person die Architektur in Factorio laden, erweitern und eigene Software dafür entwickeln.\r\n\r\nEs wird im Anschluss eine [Self-organized Session](https://events.ccc.de/congress/2025/hub/en/event/detail/cpu-entwicklung-in-factorio-wie-benutze-ich-phds-f) geben, in der ich eine hands-on Einleitung geben werde, wie man die CPU in Factorio lädt, wie man Programme schreibt, diese assembliert und in Factorio einfügt. Auch kann man dort gerne mit mir über das Projekt quatschen, ich freue mich auf alle Beiträge und Kommentare :)\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["PhD (Philipp)"],"tags":["1562","2025","39c3","Hardware","Ground","39c3-deu","39c3-eng","Day 2"],"view_count":15878,"promoted":false,"date":"2025-12-28T19:15:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-06T07:45:03.603+02:00","length":2312,"duration":2312,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1562-6189eca4-8ac2-5606-af23-628b82eb4a54.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1562-6189eca4-8ac2-5606-af23-628b82eb4a54_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1562-6189eca4-8ac2-5606-af23-628b82eb4a54.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1562-6189eca4-8ac2-5606-af23-628b82eb4a54.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-cpu-entwicklung-in-factorio-vom-d-flip-flop-bis-zum-eigenen-betriebssystem","url":"https://api.media.ccc.de/public/events/6189eca4-8ac2-5606-af23-628b82eb4a54","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"efa55b63-86b6-56c5-88ab-46408b59b18d","title":"Hacking washing machines","subtitle":null,"slug":"39c3-hacking-washing-machines","link":"https://events.ccc.de/congress/2025/hub/event/detail/hacking-washing-machines","description":"Almost everyone has a household appliance at home, whether it's a washing machine, dishwasher, or dryer. Despite their ubiquity, little is publicly documented about how these devices actually work or how their internal components communicate. This talk takes a closer look at proprietary bus systems, hidden diagnostic interfaces, and approaches to cloud-less integration of appliances from two well-known manufacturers into modern home automation systems.\n\nModern home appliances may seem simple from the outside, but inside they contain complex electronic systems, proprietary communication protocols, and diagnostic interfaces rarely documented outside the manufacturer. In this talk, we'll explore the challenges of reverse-engineering these systems: from analyzing appliance control boards and internal communication buses to decompiling and modifying firmware to better understand device functionality.\n\nWe'll also look at the security mechanisms designed to protect diagnostic access and firmware readout, and how these protections can be bypassed to enable deeper insight into device operation. Finally, this talk will demonstrate how the results of this research can be used to integrate even legacy home appliances into popular home automation platforms.\n\nThis session combines examples and insights from the reverse-engineering of B/S/H/ and Miele household appliances.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Severin von Wnuck-Lipinski","Hajo Noerenberg"],"tags":["2405","2025","39c3","Hardware","One","39c3-eng","39c3-deu","39c3-por","Day 1"],"view_count":100404,"promoted":false,"date":"2025-12-27T21:45:00.000+01:00","release_date":"2025-12-27T00:00:00.000+01:00","updated_at":"2026-04-07T10:30:05.554+02:00","length":3417,"duration":3417,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2405-efa55b63-86b6-56c5-88ab-46408b59b18d.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2405-efa55b63-86b6-56c5-88ab-46408b59b18d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2405-efa55b63-86b6-56c5-88ab-46408b59b18d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2405-efa55b63-86b6-56c5-88ab-46408b59b18d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-hacking-washing-machines","url":"https://api.media.ccc.de/public/events/efa55b63-86b6-56c5-88ab-46408b59b18d","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"f09b0595-daf8-52ac-89cb-5cf5e222c3dc","title":"BitUnlocker: Leveraging Windows Recovery to Extract BitLocker Secrets","subtitle":null,"slug":"39c3-bitunlocker-leveraging-windows-recovery-to-extract-bitlocker-secrets","link":"https://events.ccc.de/congress/2025/hub/event/detail/bitunlocker-leveraging-windows-recovery-to-extract-bitlocker-secrets","description":"This talk reveals our in-depth vulnerability research on the Windows Recovery Environment (WinRE) and its implications for BitLocker, Windows’ cornerstone for data protection. We will walk through the research methodology, uncover new 0-day vulnerabilities, and showcase full-chain exploitations that enabled us to bypass BitLocker and extract all the protected data in several different ways. This talk goes beyond theory - as each vulnerability will be accompanied by a demo video showcasing the complete exploitation chain. To conclude the talk, we will share Microsoft’s key takeaways from this research and outline our approach to hardening WinRE and BitLocker.\n\nIn Windows, the cornerstone of data protection is BitLocker, a Full Volume Encryption technology designed to secure sensitive data on disk. This ensures that even if an adversary gains physical access to the device, the data remains secure and inaccessible.\n\nOne of the most critical aspects of any data protection feature is its ability to support recovery operations in case of failure. To enable BitLocker recovery, significant design changes were implemented in the Windows Recovery Environment (WinRE). This led us to a pivotal question: did these changes introduce any new attack surfaces impacting BitLocker?\n\nIn this talk, we will share our journey of researching a fascinating and mysterious component: WinRE. Our exploration begins with an overview of the WinRE architecture, followed by a retrospective analysis of the attack surfaces exposed with the introduction of BitLocker. We will then discuss our methodology for effectively researching and exploiting these exposed attack surfaces. Our presentation will reveal how we identified multiple 0-day vulnerabilities and developed fully functional exploits, enabling us to bypass BitLocker and extract all protected data in several different ways.\n\nNotably, the findings described reside entirely in the software stack, not requiring intrusive hardware attacks to be exploited.\n\nFinally, we will share the insights Microsoft gained from this research and explain our approach to hardening and further securing WinRE, which in turn strengthens BitLocker.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Alon Leviev"],"tags":["1880","2025","39c3","Security","Zero","39c3-eng","39c3-deu","39c3-jpn","Day 1"],"view_count":7568,"promoted":false,"date":"2025-12-27T20:30:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-05T10:45:04.492+02:00","length":3564,"duration":3564,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1880-f09b0595-daf8-52ac-89cb-5cf5e222c3dc.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1880-f09b0595-daf8-52ac-89cb-5cf5e222c3dc_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1880-f09b0595-daf8-52ac-89cb-5cf5e222c3dc.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1880-f09b0595-daf8-52ac-89cb-5cf5e222c3dc.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-bitunlocker-leveraging-windows-recovery-to-extract-bitlocker-secrets","url":"https://api.media.ccc.de/public/events/f09b0595-daf8-52ac-89cb-5cf5e222c3dc","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"a79aa412-ba9c-58c4-a22a-28a3f0c3cd23","title":"Zellkultur","subtitle":null,"slug":"39c3-zellkultur","link":"https://events.ccc.de/congress/2025/hub/event/detail/zellkultur","description":"Ich bin ja glaube ich reichlich spät, aber da Moepern endlich wieder zum Congress kommt und ich das erst vor kurzem erfahren habe, dachte ich, ich werfe unseren Namen mal in den Hut. Wir sind/waren ein Biologie-Podcast und durch Babypause bei Moepern ist der etwas eingeschlafen. Schaffen wir ein Revival? Verratet ihr's uns. Wir nehmen auch den Podcast-Tisch wenns sonst nicht passt. :)\n\nIn der Zellkultur reden Claudia (moepern) und Anna (Adora Belle) über das Leben, die Biologie und den ganzen Rest. Am liebsten schauen wir tief in die Zelle, auf die DNA und schauen Viren bei der Arbeit zu. Wir besprechen aktuelle Themen - aber wollen auch Grundlagenwissen vermitteln. Ihr seid außerdem eingeladen, eure Fragen zu stellen. Ob live oder per Zusendung. :) Und in einer aktuellen Bio-Frage klären wir Biologie-Mythen auf!\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Adora Belle"],"tags":["83814","2025","39c3","Sendezentrum Bühne (Saal X 07)","39c3-deu","Day 3"],"view_count":1038,"promoted":false,"date":"2025-12-29T13:45:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-03-23T20:45:09.624+01:00","length":2713,"duration":2713,"thumb_url":"https://static.media.ccc.de/media/congress/2025/83814-a79aa412-ba9c-58c4-a22a-28a3f0c3cd23.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/83814-a79aa412-ba9c-58c4-a22a-28a3f0c3cd23_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/83814-a79aa412-ba9c-58c4-a22a-28a3f0c3cd23.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/83814-a79aa412-ba9c-58c4-a22a-28a3f0c3cd23.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-zellkultur","url":"https://api.media.ccc.de/public/events/a79aa412-ba9c-58c4-a22a-28a3f0c3cd23","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"29678965-8b0b-5428-b63f-4de3a79b0a47","title":"CSS Clicker Training: Making games in a \"styling\" language","subtitle":null,"slug":"39c3-css-clicker-training-making-games-in-a-styling-language","link":"https://events.ccc.de/congress/2025/hub/event/detail/css-clicker-training-making-games-in-a-styling-language","description":"CSS is a programming language, and you can make games in it. Let's install NoScript and make some together!\n\nThis talk is about how HTML and CSS can be used to make interactive art and games, without using any JS or server-side code.\n\nI'll explain some of the classic Cohost CSS Crimes, how I made [CSS Clicker](https://lyra.horse/css-clicker/), and what's next for the CSS scene.\n\nI hope this talk will teach and/or inspire you to make cool stuff of your own!\n\n---\n\n*Content notes:*\n- Slides feature animations and visual effects\n- Short video clip (with music) will be played\n- Clicker sound at the end of the talk\n\n---\n\nSlides will be available after the talk at:  [https://lyra.horse/slides/#2025-congress](https://lyra.horse/slides/#2025-congress)\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Lyra Rebane"],"tags":["1215","2025","39c3","Art \u0026 Beauty","Ground","39c3-eng","39c3-deu","39c3-lav","Day 2"],"view_count":10375,"promoted":false,"date":"2025-12-28T21:05:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-07T10:00:04.021+02:00","length":2390,"duration":2390,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1215-29678965-8b0b-5428-b63f-4de3a79b0a47.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1215-29678965-8b0b-5428-b63f-4de3a79b0a47_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1215-29678965-8b0b-5428-b63f-4de3a79b0a47.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1215-29678965-8b0b-5428-b63f-4de3a79b0a47.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-css-clicker-training-making-games-in-a-styling-language","url":"https://api.media.ccc.de/public/events/29678965-8b0b-5428-b63f-4de3a79b0a47","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"4914b889-5003-561f-90a8-5371fc09a946","title":"What Makes Bike-Sharing Work?","subtitle":"Insights from 43 Million Kilometers of European Cycling Data","slug":"39c3-what-makes-bike-sharing-work-insights-from-43-million-kilometers-of-european-cycling-data","link":"https://events.ccc.de/congress/2025/hub/event/detail/what-makes-bike-sharing-work-insights-from-43-million-kilometers-of-european-cycling-data","description":"Bike- and e-bike-sharing promise sustainable, equitable mobility - but what makes these systems successful? Despite hundreds of cities operating thousands of shared bikes, trip data is rarely public. To address this, we built a geospatial analysis pipeline that reconstructs trip data from publicly accessible system status feeds. Using this method, we gathered **43 million km** of bike-sharing trips across **268 European cities**. Combined with over **100 urban indicators** per city, our analyses reveal how infrastructure, climate, demographics, operations, and politics shape system performance. We uncover surprising insights - such as why some e-bike systems underperform despite strong demand - and highlight how cities can design smarter, fairer mobility. All data and code are open-source, with an interactive demo at [dataviz.nefton.de](https://dataviz.nefton.de/).\r\n\r\nWe are Felix, Georg, and Martin - each of us working professionally in different research and data areas, ranging from the future of mobility to computational fluid dynamics and machine learning. What unites us is our shared interest in **quantitative traffic analyses**. Building on earlier small-scale studies focused on individual cities, we set out to launch a project that captures shared bike system data across Europe - from regular bikes to e-bikes.\r\n\r\nIn our study, which led to an **[open-access scientific publication](https://doi.org/10.1007/s11116-025-10661-2)**, we scraped shared bike data across Europe at a **minute-by-minute level** over many months, accumulating **more than 43 million records**. We analyze **behavioural and systemic patterns** to understand what makes a bike-sharing system useful and successful within a city. As such, this evidence-based research fits very well with the **39C3 Science track** and the theme of \"**Power Cycles**\" as we dissect the complex energy and usage cycles that define urban mobility and sustainable futures for everyone. We bridge the gap between urban planning, socioeconomics, and technology by applying statistical modeling and engineering knowledge to a large-scale mined dataset. Join us to learn whether right-wing politics stall sustainable mobility, or which climate e-bikes feel most comfortable in!\r\n\r\nWe love going the extra mile and therefore provide a live, interactive demo that everyone can use to explore and understand traffic flows: [dataviz.nefton.de](https://dataviz.nefton.de). Therefore, attendees will be able to play with the data in a self-service way. We also provide all code on GitHub and the complete dataset on HuggingFace. And, of course, we will also discuss how both bike-sharing operators and our boss reacted when we told them about the dataset we already had collected (spoiler: lawyers were involved, yet it’s still available for downloads…).\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Martin Lellep","Georg Balke","Felix Waldner"],"tags":["1809","2025","39c3","Science","One","39c3-eng","39c3-deu","39c3-pol","Day 3"],"view_count":5768,"promoted":false,"date":"2025-12-29T12:50:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-07T10:15:04.965+02:00","length":2423,"duration":2423,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1809-4914b889-5003-561f-90a8-5371fc09a946.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1809-4914b889-5003-561f-90a8-5371fc09a946_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1809-4914b889-5003-561f-90a8-5371fc09a946.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1809-4914b889-5003-561f-90a8-5371fc09a946.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-what-makes-bike-sharing-work-insights-from-43-million-kilometers-of-european-cycling-data","url":"https://api.media.ccc.de/public/events/4914b889-5003-561f-90a8-5371fc09a946","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"9c5f59ba-255e-5446-9b31-13eebef85810","title":"When Vibe Scammers Met Vibe Hackers: Pwning PhaaS with Their Own Weapons","subtitle":null,"slug":"39c3-when-vibe-scammers-met-vibe-hackers-pwning-phaas-with-their-own-weapons","link":"https://events.ccc.de/congress/2025/hub/event/detail/when-vibe-scammers-met-vibe-hackers-pwning-phaas-with-their-own-weapons","description":"What happens when AI-powered criminals meet AI-powered hunters? A technical arms race where both sides are vibing their way through exploitation—and the backdoors write themselves.\n\nIn October 2025, we investigated Taiwan's fake delivery scam ecosystem targeting convenience store customers. What started as social engineering on social media became a deep dive into two distinct fraud platforms—both bearing the unmistakable fingerprints of AI-generated code. Their developers left more than just bugs: authentication flaws, file management oversights, and database implementations that screamed \"I asked LLM and deployed without reading.\" We turned their sloppiness into weaponized OSINT. Through strategic reconnaissance, careful database analysis, and meticulous operational security, we achieved complete system access on multiple fraud infrastructures. By analyzing server artifacts and certificate patterns, we mapped 100+ active domains and extracted evidence linking thousands of victim transactions worth millions of euros in fraud. But here's the twist: we used the same AI tools they did, just with better prompts.\n\nThe takeaway isn't just about hunting scammers—it's about the collapse of the skill gap in both offense and defense. When vibe coding meets vibe hacking, the underground economy democratizes in ways we never anticipated. We'll share our methodology for fingerprinting AI-assisted crime infrastructure, discuss the ethical boundaries of counter-operations, and demonstrate how to build sustainable threat intelligence pipelines when your adversary can redeploy in 5 minutes. This talk proves that in 2025, the real exploit isn't zero-day—it's zero-understanding.\n\nOur journey began with a simple question: why are so many people losing money to fake convenience store delivery websites? The answer led us through two distinct criminal architectures, both exhibiting characteristics of large language model–assisted development.\n\nCase 1 ran on PHP with backup artifacts exposing implementation details and query manipulation opportunities. The installation package itself contained pre-existing access mechanisms—whether this was developer insurance or criminal-on-criminal sabotage remains unclear. We leveraged initial access to bypass security restrictions using protocol-level manipulation and extracted gigabytes of operational data.\n\nCase 2 featured authentication bypass vulnerabilities that granted direct administrative access. The backend structure revealed copy-pasted code patterns without proper security implementation.\n\nThroughout both systems, we observed telltale signs of AI-generated code: verbose documentation in unexpected languages, inconsistent coding patterns, textbook-like naming conventions, and theoretical security implementations. Even the UI revealed LLM fingerprints—overly polished component layouts, placeholder text patterns, and design choices that felt distinctly \"tutorial-like.\" These weren't experienced developers—they were operators deploying what LLMs gave them without understanding the internals.\n\nThe irony? We used AI extensively too: for data parsing, pattern recognition, attack surface mapping, and intelligence queries. The difference was intentionality—we understood what the output meant.\n\nUsing open-source intelligence platforms and carefully crafted fingerprints, we mapped over a hundred active domains following similar patterns. Each one shared the same architecture, the same weaknesses, the same developer mistakes. This repeatability became our advantage. When scammers can redeploy infrastructure in days, you don't attack individual sites—you automate the entire reconnaissance-to-evidence pipeline.\n\nThis talk demonstrates practical techniques for mass-scale fraud infrastructure fingerprinting, operational security considerations when investigating active criminal operations, and methods to recognize AI-generated code patterns that reveal threat actor sophistication. We'll discuss the ethical boundaries of counter-fraud operations and evidence preservation for law enforcement, along with automation strategies for sustainable threat intelligence when adversaries rebuild faster than you can report. The demonstration will show how to go from a single suspicious domain to a network map of 100+ sites and thousands of victim records—using tools available to any researcher.\n\nThis isn't a story about elite hackers versus criminal masterminds. It's about two groups equally reliant on AI vibing their way through technical problems—one for fraud, one for justice. The skill barrier has collapsed. The question now is: who has better context, better ethics, and better coffee?\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Chiao-Lin Yu (Steven Meow)"],"tags":["1712","2025","39c3","Security","Zero","39c3-eng","39c3-deu","Day 2"],"view_count":5953,"promoted":false,"date":"2025-12-28T23:00:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-07T10:15:05.281+02:00","length":2075,"duration":2075,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1712-9c5f59ba-255e-5446-9b31-13eebef85810.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1712-9c5f59ba-255e-5446-9b31-13eebef85810_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1712-9c5f59ba-255e-5446-9b31-13eebef85810.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1712-9c5f59ba-255e-5446-9b31-13eebef85810.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-when-vibe-scammers-met-vibe-hackers-pwning-phaas-with-their-own-weapons","url":"https://api.media.ccc.de/public/events/9c5f59ba-255e-5446-9b31-13eebef85810","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"3e87bab2-575a-53be-8101-5d8144253646","title":"AI Agent, AI Spy","subtitle":null,"slug":"39c3-ai-agent-ai-spy","link":"https://events.ccc.de/congress/2025/hub/event/detail/ai-agent-ai-spy","description":"Agentic AI is the catch-all term for AI-enabled systems that propose to complete more or less complex tasks on their own, without stopping to ask permission or consent. What could go wrong? These systems are being integrated directly into operating systems and applications, like web browsers. This move represents a fundamental paradigm shift, transforming them from relatively neutral resource managers into an active, goal-oriented infrastructure ultimately controlled by the companies that develop these systems, not by users or application developers. Systems like Microsoft's \"Recall,\" which create a comprehensive \"photographic memory\" of all user activity, are marketed as productivity enhancers, but they function as OS-level surveillance and create significant privacy vulnerabilities. In the case of Recall, we’re talking about a centralized, high-value target for attackers that poses an existential threat to the privacy guarantees of meticulously engineered applications like Signal. This shift also fundamentally undermines personal agency, replacing individual choice and discovery with automated, opaque recommendations that can obscure commercial interests and erode individual autonomy.\n\nThis talk will review the immediate and serious danger that the rush to shove agents into our devices and digital lives poses to our fundamental right to privacy and our capacity for genuine personal agency. Drawing from Signal's analysis, it moves beyond outlining the problem to also present a \"tourniquet\" solution: looking at what we need to do *now* to ensure that privacy at the application layer isn’t eliminated, and what the hacker community can do to help. We will outline a path for ensuring developer agency, granular user control, radical transparency, and the role of adversarial research.\n\nThe talk will provide a critical technical and political economy analysis of the new privacy crisis emerging from OS and application level AI agents, aimed at the 39C3 \"Ethics, Society \u0026 Politics\" audience.\n\n1. Defining the Threat: The OS as a Proactive Participant (5 mins)\n   We will begin by defining \"Agentic AI\" in two contexts - imbibed into the operating system and deployed via critical gateway applications such as web browsers. Traditionally, the operating systems and browsers are largely neutral enforcers of user agency, managing resources and providing APIs for applications to run reliably. We will argue that this neutrality is close to being eliminated. The new paradigm shifts these applications into a proactive agent that actively observes, records, and anticipates user actions across all applications.The prime example for this analysis will be Microsoft’s \"Recall\" feature, Google’s Magic Cue, and OpenAI’s Atlas. Politically, we will frame this not as a \"feature\" but as the implementation of pervasive, non-consensual surveillance and remote-control infrastructure. This \"photographic memory\" of and demand for non-differentiated access to everything from private Signal messages to financial data to health data creates a catastrophic single point of failure, making a single security breach an existential threat to a user's entire digital life. Ultimately, we hope to illustrate how putting our brains in a jar (with agentic systems) is effectively a prompt injection attack against our own humanity.\n\n2. The Existential Threat to Application-Level Privacy (10 mins)\n   The core of the talk will focus on what this means for privacy-first applications like Signal. We will explain the \"blood-brain barrier\" analogy: secure apps are meticulously engineered to minimize data and protect communications, relying on the OS to be a stable, neutral foundation on which to build. This new OS trend breaks that barrier. We will demonstrate how OS-level surveillance renders application-level privacy features, including end-to-end encryption, effectively useless. If the OS can screenshot a message before it's encrypted or after it's decrypted, the promise of privacy is broken, regardless of the app's design. We will also discuss the unsustainable \"clever hacks\" (like Signal using a DRM feature) that developers are forced to implement, underscoring the need for a structural solution.\n\n3. An Actionable Framework for Remediation (20 mins)\n   The final, and most important, part of the talk will move from critique to action. We will present an actionable four-point framework as a \"tourniquet\" to address these immediate dangers:\n\na. Empower Developers: Demand clear, officially supported APIs for developers to designate individual applications as \"sensitive\" with the default posture being for such applications being opted-out of access by agentic systems (either OS or application based) (default opt-out)\n\nb. Granular User Control: Move beyond all-or-nothing permissions. Users must have explicit, fine-grained control to grant or deny AI access on an app-by-app basis.\n\nc. Mandate Radical Transparency: OS vendors and application developers must clearly disclose what data is accessed, how it's used, and how it's protected—in human-readable terms, not buried in legalese. Laws and regulations must play an essential role but we cannot just wait for them to be enforced, or it will be too late.\n\nd. Encourage and Protect Adversarial Research: We will conclude by reinforcing the need for a pro-privacy, pro-security architecture by default, looking at the legal frameworks that govern these processes and why they need to be enforced, and finally asking the attendees to continue exposing vulnerabilities in such systems. It was only due to technically-grounded collective outrage that Recall was re-architected by Microsoft and we will need that energy if we are to win this war.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Udbhav Tiwari","Meredith Whittaker"],"tags":["2230","2025","39c3","Ethics, Society \u0026 Politics","One","39c3-eng","39c3-deu","39c3-fra","Day 3"],"view_count":29600,"promoted":false,"date":"2025-12-29T19:15:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-06T13:45:05.178+02:00","length":2431,"duration":2431,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2230-3e87bab2-575a-53be-8101-5d8144253646.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2230-3e87bab2-575a-53be-8101-5d8144253646_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2230-3e87bab2-575a-53be-8101-5d8144253646.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2230-3e87bab2-575a-53be-8101-5d8144253646.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-ai-agent-ai-spy","url":"https://api.media.ccc.de/public/events/3e87bab2-575a-53be-8101-5d8144253646","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"f3ecee56-19f5-5c45-b5ec-799f710e0388","title":"Trump government demands access to European police databases and biometrics","subtitle":null,"slug":"39c3-trump-government-demands-access-to-european-police-databases-and-biometrics","link":"https://events.ccc.de/congress/2025/hub/event/detail/trump-government-demands-access-to-european-police-databases-and-biometrics","description":"The USA is demanding from all 43 countries in the \"Visa Waiver Programme\" (VWP), which enables visa-free travel, to conclude an \"Enhanced Border Security Partnership\" (EBSP). This is intended to grant US authorities direct access to police databases in these - mostly European - countries containing fingerprints, facial images and other personal data. Anyone who refuses this forced \"border partnership\" faces exclusion from the visa-free travel programme.\n\nThe US demand is unprecedented: even EU member states do not grant each other such extensive direct database access – normally the exchange takes place via the \"hit/no-hit principle\" with a subsequent request for further data. This is how it works, for example, in the Prüm Treaty among all Schengen states, which has so far covered fingerprints and DNA data and is now also being extended to facial images.\n\nThe EBSP could practically affect anyone who falls under the jurisdiction of border authorities: from passport controls to deportation proceedings. Under the US autocrat Donald Trump, this is a particular problem, as his militia-like immigration authority ICE is already using data from various sources to brutally persecute migrants – direct access to police data from VWP partners could massively strengthen this surveillance apparatus. Germany alone might give access to facial images of 5.5 million people and fingerprints of a similar dimension.\n\nThe USA has already tightened the Visa Waiver Programme several times, for instance in 2006 through the introduction of biometric passports and in 2008 through the ESTA pre-registration requirement. In addition, there were bilateral agreements for the exchange of fingerprints and DNA profiles – however, these may only be transmitted in individual cases involving serious crime.\n\nExisting treaties such as the EU-US Police Framework Agreement are not applicable to the \"Enhanced Border Security Partnership\", as it applies exclusively to law enforcement purposes. It is also questionable how the planned data transfer is supposed to be compatible with the strict data protection rules of the GDPR. The EU Commission therefore wants to negotiate a framework agreement on the EBSP that would apply to all member states. Time is running short: the US government has set VWP states a deadline of 31 December 2026. Some already agreed on a bilateral level.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Matthias Monroy"],"tags":["1357","2025","39c3","Ethics, Society \u0026 Politics","Fuse","39c3-eng","39c3-deu","39c3-fra","Day 2"],"view_count":4535,"promoted":false,"date":"2025-12-28T20:10:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-05T16:15:06.076+02:00","length":2407,"duration":2407,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1357-f3ecee56-19f5-5c45-b5ec-799f710e0388.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1357-f3ecee56-19f5-5c45-b5ec-799f710e0388_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1357-f3ecee56-19f5-5c45-b5ec-799f710e0388.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1357-f3ecee56-19f5-5c45-b5ec-799f710e0388.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-trump-government-demands-access-to-european-police-databases-and-biometrics","url":"https://api.media.ccc.de/public/events/f3ecee56-19f5-5c45-b5ec-799f710e0388","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"272591e8-0754-5fa1-8472-50f00dab31ac","title":"Learning from South Korean Telco Breaches","subtitle":null,"slug":"39c3-learning-from-south-korean-telco-breaches","link":"https://events.ccc.de/congress/2025/hub/event/detail/learning-from-south-korean-telco-breaches","description":"2025 was a bad year for South Korean mobile network operators. All three operators (SK Telecom, KT, LG U+) were affected by breach in some part of their respective network: HSS of SK Telecom, femtocells of KT. Meanwhile, handling of the breach by each operators and post-mortem analysis of each breaches have stark differences. The technical details and implemented mitigations are often buried under the vague terms, and occasionally got lost in translation to English. In this talk, I will cover the technical aspects of SK Telecom and KT's breach, and how the operators are coping to the breach and what kind of measurements have been performed to secure their network.\n\nThis talk will cover the public information and experiments related to the South Korean telco breaches in 2025. This talk will cover SK Telecom's HSS breach (final results announced), KT's femtocell breach (investigation ongoing) and related operator billing fraud, and revisit Phrack report on KT and LG U+ breach. We also give a light on the detail regarding the implemented mitigation and diaster response of each operators.\n\nSK Telecom's HSS breach is attributed to a variant of BPFDoor malware, resulting leakage of critical operator data related to subscriber authentication and accounting. They replaced the SIM cards of all 23 million subscribers, and implemented additional mechanism to track the possible cloning of the SIM card. We analyze the aftermath and how it will effectively protect against the said attack.\n\nKT's femtocell and operator billing breach (investigation still ongoing as the time of writing) is attributed to the mismanagement of KT's femtocell, allowing an external attacker to mimick the behavior of KT's legitimate femtocell and use as a cellular interception device. This is a modern implementation of the remarkable research \"Weaponizing Femtocells\" back in 2012, and new cellular technologies like VoLTE have changed the possible attack vectors. We provide a possible theory on how the attack would be possible, based on the publicly available information and previous researches.\n\nFinally, we also cover the characteristics of South Korean mobile market and how the media caused the inaccurate analysis and FUD (fear, uncertainty, and doubt). In particular, how SMS-based 2FA is tied to personal authentication and how everything is strongly bound to the personal identity. Early media reports could be attributed to the information \"lost in translation\" and inaccurate information in English-language articles when the details of the breach were not widely shared. We try to correct the information (also in the official incidence report) and showcase how not to report the breach in general.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Shinjo \"peremen\" Park","Yonghyu \"perillamint\" Ban"],"tags":["1743","2025","39c3","Security","Fuse","39c3-eng","39c3-deu","Day 3"],"view_count":6748,"promoted":false,"date":"2025-12-29T14:45:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-06T20:00:05.677+02:00","length":2954,"duration":2954,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1743-272591e8-0754-5fa1-8472-50f00dab31ac.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1743-272591e8-0754-5fa1-8472-50f00dab31ac_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1743-272591e8-0754-5fa1-8472-50f00dab31ac.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1743-272591e8-0754-5fa1-8472-50f00dab31ac.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-learning-from-south-korean-telco-breaches","url":"https://api.media.ccc.de/public/events/272591e8-0754-5fa1-8472-50f00dab31ac","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"da752c1f-1231-5039-a2a9-9daa2f114606","title":"51 Ways to Spell the Image Giraffe: ","subtitle":"The Hidden Politics of Token Languages in Generative AI","slug":"39c3-51-ways-to-spell-the-image-giraffe-the-hidden-politics-of-token-languages-in-generative-ai","link":"https://events.ccc.de/congress/2025/hub/event/detail/51-ways-to-spell-the-image-giraffe-the-hidden-politics-of-token-languages-in-generative-ai","description":"Generative AI models don't operate on human languages – they speak in **tokens**. Tokens are computational fragments that deconstruct language into subword units, stored in large dictionaries. These tokens encode not only language but also political ideologies, corporate interests, and cultural biases even before model training begins. Social media handles like *realdonaldtrump*, brand names like *louisvuitton*, or even *!!!!!!!!!!!!!!!!* exist as single tokens, while other words remain fragmented. Through various artistic and adversarial experiments, we demonstrate that tokenization is a political act that determines what can be represented and how images become computable through language.\r\n\r\nTokens are the fragments of words that generative models use to process language, the step that breaks text into subword units before any neural networks are involved. There are 51 ways to combine tokens to spell the word giraffe using existing vocabulary: from a single token **giraffe** to splits using multiple tokens like *gi|ra|ffe*, *gira|f|fe*, or even *g|i|r|af|fe*.\r\n\r\nIn one experiment, we hijacked the prompting process and fed token combinations directly to text-to-image models. With variations like *g|iraffe* or *gir|affe* still generating recognizable results, our experiments show that the beginning and end of tokens hold particular semantic weight in forming giraffe-like images. This reveals that certain images cannot be generated through prompting alone, as the tokenization process sanitizes most combinations, suggesting that English, or any human language, is merely a subset of token languages.\r\n\r\nThe talk features experiments using genetic algorithms to reverse-engineer prompts from images, respelling words in token language to change their generative outcomes, and critically examining token dictionaries to investigate edge cases where the vocabulary breaks down entirely, producing somewhat *speculative languages* that include strange words formed at the edge of chaos where English meets token (non-)sense.\r\n\r\nThese experiments show that even before generation occurs, token dictionaries already encode a stochastic worldview, shaped by the statistical frequencies of their training data – dominated by popular culture, brands, platform-speak, and *non-words*. Tokenization is, therefore, a political act: it defines what can be represented and how the world becomes computationally representable. We will look at specific tokens and ask: Which models use which vocabularies? What *non-word* tokens are shared among models? And how do language models make sense of a world using a language we do not understand?\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Ting-Chun Liu","Leon-Etienne Kühr"],"tags":["2361","2025","39c3","Art \u0026 Beauty","Ground","39c3-eng","39c3-deu","Day 2"],"view_count":5616,"promoted":false,"date":"2025-12-28T23:00:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-06T16:15:05.761+02:00","length":2308,"duration":2308,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2361-da752c1f-1231-5039-a2a9-9daa2f114606.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2361-da752c1f-1231-5039-a2a9-9daa2f114606_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2361-da752c1f-1231-5039-a2a9-9daa2f114606.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2361-da752c1f-1231-5039-a2a9-9daa2f114606.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-51-ways-to-spell-the-image-giraffe-the-hidden-politics-of-token-languages-in-generative-ai","url":"https://api.media.ccc.de/public/events/da752c1f-1231-5039-a2a9-9daa2f114606","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"30f5e9c8-4182-5160-81cb-fa8c04f95ec0","title":"Podcast Radiomegahertz – MHz rein | kHz raus | Ultraschall.fm mittendrin","subtitle":null,"slug":"39c3-podcast-radiomegahertz-mhz-rein-khz-raus-ultraschall-fm-mittendrin","link":"https://events.ccc.de/congress/2025/hub/event/detail/podcast-radiomegahertz-mhz-rein-khz-raus-ultraschall-fm-mittendrin","description":"In dieser Live-Session wird gescannt, gesampelt und gesendet: medizinischer Ultraschall im Megahertz-Bereich trifft digitale Audioverarbeitung mit 48 Kilohertz. Ultraschall.fm dient als Interface zwischen Körper und Codec – vom Schallkopf bis zum Kopfhörer, von Wellen im menschlichen Gewebe zu (Radio-) Wellen im Äther. Radiomegahertz demonstriert die open source Podcasting-Software zur Produktion einer medizinischen Live-Ultraschall Untersuchung. Die Session ist für alle Podcast-Kreaturen, die den Megahertz-Bereich auch hören und nicht nur sehen möchten.\n\nThis live session involves scanning, sampling, and broadcasting: medical ultrasound in the megahertz range meets digital audio processing at 48 kilohertz.Ultraschall.fm serves as an interface between the body and the codec—from the transducer to the headphones, from waves in tissue to waves in the ether. Radiomegahertz demonstrates the open source podcasting software. The session is for all creatures who want to hear the megahertz range and not just see it.\n\nWenn Neo in die Matrix schaut, sieht er die Welt. Ärzt:innen sollten bei der Betrachtung eines Ultraschallbildes mit den typischen Graustufen die Anatomie des Menschen erkennen. Doch die Entstehung und Interpretation des Graustufenbildes liegt in der Hand der Ultraschallenden. Neo muss genauso wie Ärzt:innen lernen, die Technik zu nutzen und die Bilder zu interpretieren. Radiomegahertz erstellt Podcasts über Ultraschall in der Medizin und wird während der Live-Session auf die Möglichkeiten und Grenzen von Ultraschall eingehen.\nZur Verdeutlichung werden Freiwillige live „geschallt” (sonografiert). Das Ziel ist die Erstellung eines Podcasts bzw. Videopodcasts. Zur Produktion wird die Open-Source-Software Ultraschall.fm verwendet. Die Software-Entwickler von Ultraschall.fm sind während der Session vor Ort und bieten Support bei podcasttypischen Fragen.\n\nWhen Neo looks into the Matrix, he sees the world. When looking at an ultrasound image with the typical gray scale, doctors should be able to recognize human anatomy. However, the creation and interpretation of the gray scale image is in the hands of the ultrasound technician. Just like doctors, Neo must learn to use the technology and interpret the images. Radiomegahertz creates podcasts about ultrasound in medicine and will discuss the possibilities and limitations of ultrasound during the live session. To illustrate this, volunteers will be “scanned” (sonographed) live. The goal is to create a podcast or video podcast. The open-source software Ultraschall.fm will be used for production. The software developers from Ultraschall.fm will be on site during the session to offer support with podcast-related questions.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Tim Mäcken | Radiomegahertz"],"tags":["83751","2025","39c3","Sendezentrum Bühne (Saal X 07)","39c3-deu","Day 1"],"view_count":1511,"promoted":false,"date":"2025-12-27T14:45:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-02T00:15:04.527+02:00","length":2191,"duration":2191,"thumb_url":"https://static.media.ccc.de/media/congress/2025/83751-30f5e9c8-4182-5160-81cb-fa8c04f95ec0.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/83751-30f5e9c8-4182-5160-81cb-fa8c04f95ec0_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/83751-30f5e9c8-4182-5160-81cb-fa8c04f95ec0.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/83751-30f5e9c8-4182-5160-81cb-fa8c04f95ec0.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-podcast-radiomegahertz-mhz-rein-khz-raus-ultraschall-fm-mittendrin","url":"https://api.media.ccc.de/public/events/30f5e9c8-4182-5160-81cb-fa8c04f95ec0","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"4c285dd4-58fc-5378-9434-628f7871ee9f","title":"freiheit.exe - Utopien als Malware","subtitle":null,"slug":"39c3-freiheit-exe-utopien-als-malware","link":"https://events.ccc.de/congress/2025/hub/event/detail/freiheit-exe-utopien-als-malware","description":"\"freiheit.exe“ ist eine Lecture über die ideologischen Rootkits des Silicon Valley. Sie schlägt den Bogen von den italienischen Futuristen zu den heutigen Tech-Feudalisten, vom Akzelerationismus zur Demokratieskepsis der Libertären, von Tolkien zur PayPal-Mafia. \nBasierend auf den Recherchen zu meinem Theaterstück \"freiheit.exe. Utopien als Malware\", in dem  journalistische Analyse auf performative Darstellung trifft.\n\nIch lade das CCC-Publikum ein, die Betriebssysteme hinter unseren Betriebssystemen zu untersuchen.\nWährend wir uns mit Verschlüsselung, Datenschutz und digitaler Selbstbestimmung beschäftigen, installieren Tech-Milliardäre ihre Weltanschauungen als Default-Einstellungen unserer digitalen Infrastruktur. Die Recherchen beleuchten die mitgelieferte Malware.\n\nIch navigiere durch die Ideengeschichte zwischen Marinettis Futuristischem Manifest (1909) und Musks Mars-Kolonien, von den ersten Programmiererinnen zur Eroberung des Alls, von neoliberalen Think Tanks zur Schuldenbremse, von nationalen Christen zu Pronatalisten.\nInvestigative Recherche trifft auf performative Vermittlung. \nMit O-Tönen von Peter Thiel, Nick Land und anderen zeigt die Lecture ideologische Verbindungslinien zwischen Theoretikern autoritär-technoider Träume und den Visionen der Tech-Oligarchen auf:\n\nEs geht um „Freedom Cities“, Steuerflucht und White Supremacy.\nUm Transhumanismus als Upgrade-Zwang bis hin zu neo-eugenischen Gedanken.\nUm Akzeleration als politische Strategie: Geschwindigkeit statt Reflexion, Disruption statt Demokratie, Kolonisierung – jetzt auch digital.\n\nAus Theaterperspektive betrachte ich das Revival der Cäsaren und die Selbstinszenierung von Tech-CEOs als Künstler, Priester oder Genies. \nUnd mit der Investigativ Reporterin Sylke Grunwald habe ich recherchiert, was all das mit den Debatten rund um Palantir zu tun hat.\n\nDie scheinbar alternativlose Logik von \"Move Fast and Break Things\" ist nicht unvermeidlich – sie ist gewollt, gestaltet, ideologisch aufgeladen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Christiane Mudra"],"tags":["1642","2025","39c3","Art \u0026 Beauty","One","39c3-deu","39c3-eng","39c3-spa","Day 2"],"view_count":4301,"promoted":false,"date":"2025-12-28T20:10:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-04T18:30:07.035+02:00","length":2365,"duration":2365,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1642-4c285dd4-58fc-5378-9434-628f7871ee9f.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1642-4c285dd4-58fc-5378-9434-628f7871ee9f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1642-4c285dd4-58fc-5378-9434-628f7871ee9f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1642-4c285dd4-58fc-5378-9434-628f7871ee9f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-freiheit-exe-utopien-als-malware","url":"https://api.media.ccc.de/public/events/4c285dd4-58fc-5378-9434-628f7871ee9f","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"ba655198-f461-5a1b-998c-12ed49fc7aae","title":"A Tale of Two Leaks: ","subtitle":"How Hackers Breached the Great Firewall of China","slug":"39c3-a-tale-of-two-leaks-how-hackers-breached-the-great","link":"https://events.ccc.de/congress/2025/hub/event/detail/a-tale-of-two-leaks-how-hackers-breached-the-great","description":"The Great Firewall of China (GFW) is one of, if not arguably the most advanced Internet censorship systems in the world. Because repressive governments generally do not simply publish their censorship rules, the task of determining exactly what is and isn’t allowed falls upon the censorship measurement community, who run experiments over censored networks. In this talk, we’ll discuss two ways censorship measurement has evolved from passive experimentation to active attacks against the Great Firewall.\r\n\r\nWhile probing the Great Firewall’s DNS injection system in 2021, we noticed something strange: Sometimes the injected responses contained weird garbage. After some investigation, we realized we’d stumbled onto a memory disclosure vulnerability that would give us an unprecedented window into the Great Firewall’s internals: Wallbleed.\r\n\r\nSo we crafted probes that could leak up to 125 bytes per response and repeatedly sent them for two years. Five billion responses later, the picture that emerged was... concerning. Over 2 million HTTP cookies leaked. Nearly 27,000 URL parameters with passwords. SMTP commands exposing email addresses. We found traffic from RFC 1918 private addresses - suggesting we were seeing the Great Firewall’s own internal network. We saw x86_64 stack frames with ASLR-enabled pointers. We even sent our own tagged traffic into China and later recovered those exact bytes in Wallbleed responses, proving definitively that real user traffic was being exposed.\r\n\r\nIn September 2023, the patching began. We watched in real-time as blocks of IP addresses stopped responding to our probes. But naturally the same developers that made this error in the first place made further mistakes. Within hours, we developed “Wallbleed v2” queries that still triggered the leak. The vulnerability persisted for another six months until March 2024.\r\n\r\nGFW measurement research went back to business as usual until September of this year when an anonymous source released 600GB of leaked source code, packages, and documentation via Enlace Hacktivista. This data came from Geedge Networks - a company closely connected to the GFW and the related MESA lab. Geedge Networks develops censorship software not only for the GFW but also for other repressive countries such as Pakistan, Myanmar, Kazakhstan, and Ethiopia.\r\n\r\nWe will discuss some of our novel findings from the Geedge Networks leak, including new insights about how the leak relates to Wallbleed.\r\n\r\nWallbleed and the Geedge Networks leak show that censorship measurement research can be about more than just actively probing censored networks. We hope this talk will be a call to arms for hackers against Internet censorship.\r\n\r\n\r\nMore information about Wallbleed can be found at the GFW Report:\r\nhttps://gfw.report/publications/ndss25/en/\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Jade Sheffey"],"tags":["2424","2025","39c3","Security","Zero","39c3-eng","39c3-deu","39c3-fra","Day 1"],"view_count":32718,"promoted":false,"date":"2025-12-27T11:00:00.000+01:00","release_date":"2025-12-27T00:00:00.000+01:00","updated_at":"2026-04-05T20:30:06.258+02:00","length":1869,"duration":1869,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2424-ba655198-f461-5a1b-998c-12ed49fc7aae.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2424-ba655198-f461-5a1b-998c-12ed49fc7aae_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2424-ba655198-f461-5a1b-998c-12ed49fc7aae.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2424-ba655198-f461-5a1b-998c-12ed49fc7aae.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-a-tale-of-two-leaks-how-hackers-breached-the-great","url":"https://api.media.ccc.de/public/events/ba655198-f461-5a1b-998c-12ed49fc7aae","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"4435af8f-b96a-5593-be42-47a04ba5f47e","title":"Pwn2Roll: Who Needs a 595€ Remote When You Have wheelchair.py?","subtitle":null,"slug":"39c3-pwn2roll-who-needs-a-599-remote-when-you-have-wheelchair-py","link":"https://events.ccc.de/congress/2025/hub/event/detail/pwn2roll-who-needs-a-599-remote-when-you-have-wheelchair-py","description":"A 595€ wheelchair remote that sends a handful of Bluetooth commands. A 99.99€ app feature that does exactly what the 595€ hardware does. A speed upgrade from 6 to 8.5 km/h locked behind a 99.99€ paywall - because apparently catching the bus is a premium feature.\n\nWelcome to the wonderful world of DRM in assistive devices, where already expensive basic mobility costs extra and comes with in-app purchases! And because hackers gonna hack, this just could not be left alone.\n\nThis talk depicts the reverse engineering of a popular electric wheelchair drive system - the Alber e-motion M25: a several thousand euro assistive device that treats mobility like a SaaS subscription. Through Android app reverse engineering, proprietary Bluetooth protocol analysis, hours of staring at hex dumps (instead of the void), and good old-fashioned packet sniffing, we'll expose how manufacturers artificially limit essential features and monetize basic human mobility.\n\nWhat you'll learn:\n\n- how a 22-character QR code sticker, labeled as \"Cyber Security Key\", becomes AES encryption\n- why your 6000€ wheelchair drive includes an app with Google Play Billing integration for features the hardware already supports\n- the internals, possibilities and features of electronics worth 30€ cosplaying as a 595€ medical device\n- the technical implementation of the \"pay 99.99€ or stay slow\" speed limiter (6 km/h vs 8.5 km/h)\n- how nearly 2000€ in hardware and app features can be replaced by a few hundred lines of Python\n- why the 8000€ even more premium (self-driving) variant is literally identical hardware with a different Boolean flag and firmware plus another (pricier) remote\n\nWe'll cover the complete methodology: from initial reconnaissance, sniffing and decrypting packets to reverse-engineer the proprietary communication protocol, to PoCs of Python replacements, tools, techniques, and ethical considerations of reverse engineering medical devices.\n\nThis is a story about artificial scarcity, exploitative DRM, ethics and industry power, and how hacker-minded creatures should react and act to this.\n\nThis talk will be simultaneously interpretated into German sign language (Deutsche Gebärdensprache aka. DGS).\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["elfy"],"tags":["2188","2025","39c3","Hardware","Zero","39c3-eng","Day 1"],"view_count":30051,"promoted":false,"date":"2025-12-27T17:15:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-07T05:45:03.246+02:00","length":3405,"duration":3405,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2188-4435af8f-b96a-5593-be42-47a04ba5f47e.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2188-4435af8f-b96a-5593-be42-47a04ba5f47e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2188-4435af8f-b96a-5593-be42-47a04ba5f47e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2188-4435af8f-b96a-5593-be42-47a04ba5f47e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-pwn2roll-who-needs-a-599-remote-when-you-have-wheelchair-py","url":"https://api.media.ccc.de/public/events/4435af8f-b96a-5593-be42-47a04ba5f47e","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"967b7f53-aa2b-578b-9403-e1ba380cda15","title":"Celestial navigation with very little math","subtitle":null,"slug":"39c3-celestial-navigation-with-very-little-math","link":"https://events.ccc.de/congress/2025/hub/event/detail/celestial-navigation-with-very-little-math","description":"Learn how to find your position using a sextant and a custom slide rule, almost no math required!\n\nSince the dawn of time people have asked themselves: where am I and why am I here?  This talk won't help you answer the why question, but it will discuss how determine the where in the pre-GPS age of sextants, slide rules and stopwatches by taking the noon sight, aka the meridian passage.\n\nThe usual way to find your position using the Sun requires a large almanac of lookup tables and some challenging math.  The books are frustrating to consult on every sight and the base 60 degree-minute-second math is frustrating even with a calculator, and if you're on a traditional ship it seems wrong to do traditional navigation with electronic devices.\n\nTo speed up the process I’ve designed a specialized circular slide rule that handles most of the table lookups to correct height of eye, semi-diameter, temperature, refraction and index errors, and also simplifies the degree-minute-second arithmetic required to calculate the exact declination of the Sun.\n\nIn this talk I’ll demonstrate how to make your own printable paper slide rule and use it to reduce the meridian passage measurement to a lat/lon with just a few rotations of the wheels and pointer, no electronics or bulky books necessary!\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Trammell Hudson"],"tags":["1375","2025","39c3","Hardware","One","39c3-eng","39c3-deu","39c3-por","Day 3"],"view_count":5111,"promoted":false,"date":"2025-12-29T11:55:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-05T12:30:06.092+02:00","length":2198,"duration":2198,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1375-967b7f53-aa2b-578b-9403-e1ba380cda15.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1375-967b7f53-aa2b-578b-9403-e1ba380cda15_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1375-967b7f53-aa2b-578b-9403-e1ba380cda15.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1375-967b7f53-aa2b-578b-9403-e1ba380cda15.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-celestial-navigation-with-very-little-math","url":"https://api.media.ccc.de/public/events/967b7f53-aa2b-578b-9403-e1ba380cda15","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"6396165e-0c44-58d3-a345-a63966473508","title":"Die große Datenschutz-, Datenpannen- und DS-GVO-Show","subtitle":null,"slug":"39c3-die-groe-datenschutz-datenpannen-und-ds-gvo-show","link":"https://events.ccc.de/congress/2025/hub/event/detail/die-groe-datenschutz-datenpannen-und-ds-gvo-show","description":"Datenschutz darf auch Spaß machen, und alle können dabei etwas lernen, egal ob Einsteiger oder Profi-Hacker: Bei dem Datenschutz- und Datenpannen-Quiz kämpfen vier Kandidat:innen aus dem Publikum zusammen mit dem Publikum um den Sieg. Nicht nur Wissen rund um IT-Sicherheit und Datenschutz sondern auch eine schnelle Reaktion und das nötige Quäntchen Glück entscheiden über Sieg und Niederlage. Die Unterhaltsame Datenschutz-Quiz-Show mit Bildungsauftrag!\n\nDatenschutz wird oftmals als lästige Pflicht wahrgenommen – aber was will und macht Datenschutz, für was ist er sinnvoll und was ist zu beachten? In welche Stolperfallen können auch Nerds hineinfallen? **Die Datenschutz- und DSGVO-Show vermittelt spielerisch Datenschutzgrundlagen,** bietet einen Einblick in die Praxis der Datenschutz-Aufsichtsbehörden und zeigt typische technische wie rechtliche Fehler im Umgang mit personenbezogenen Daten. Aber auch für Datenschutz-Profis und Superhirne sind einige harte Nüsse dabei.\n\nDer Moderator arbeitet beim Landesbeauftragten für den Datenschutz und die Informationsfreiheit Baden-Württemberg und berichtet aus der praktischen Arbeit einer Aufsichtsbehörde, nennt rechtliche Grundlagen, gibt Hinweise zu notwendigen technischen Maßnahmen nach Artikel 32 DS-GVO und die oftmals schwierige Risikoabschätzung nach „wir wurden gecybert“-Sicherheitsvorfällen.\n\nIm Quiz selbst müssen die Kandidat:innen in ihren Antworten praktische Lösungsvorschläge für häufige technische und rechtliche Probleme vorschlagen, zum Beispiel welche technischen Maßnahmen bei bestimmten Datenpannen nach dem „Stand der Technik“ angebracht sind, ob man als Website-Betreiber denn nun Google Analytics nutzen darf oder wie man sich gegen (rechtswidrige) Datensammler wehrt. Dadurch können Teilnehmer wie Zuschauer die praktische Anwendung der DS-GVO spielerisch lernen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Alvar C.H. Freude"],"tags":["2386","2025","39c3","Entertainment","One","39c3-deu","Day 3"],"view_count":25525,"promoted":false,"date":"2025-12-30T01:00:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-07T09:15:03.885+02:00","length":5661,"duration":5661,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2386-6396165e-0c44-58d3-a345-a63966473508.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2386-6396165e-0c44-58d3-a345-a63966473508_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2386-6396165e-0c44-58d3-a345-a63966473508.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2386-6396165e-0c44-58d3-a345-a63966473508.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-die-groe-datenschutz-datenpannen-und-ds-gvo-show","url":"https://api.media.ccc.de/public/events/6396165e-0c44-58d3-a345-a63966473508","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"7f6e6dff-5f85-5c03-8f07-373b3acce367","title":"Programmierte Kriegsverbrechen?","subtitle":"Über KI-Systeme im Kriegseinsatz in Gaza und warum IT-Fachleute sich dazu äußern müssen","slug":"39c3-programmierte-kriegsverbrechen-uber-ki-systeme-im-kriegseinsatz-in-gaza-und-warum-it-fachleute-sich-dazu-auern-mussen","link":"https://events.ccc.de/congress/2025/hub/event/detail/programmierte-kriegsverbrechen-uber-ki-systeme-im-kriegseinsatz-in-gaza-und-warum-it-fachleute-sich-dazu-auern-mussen","description":"Die automatisierten Zielsysteme des israelischen Militärs zeigen gut, wie KI-baserte Kriegsautomatisierung aktuell aussieht, was daran falsch läuft und warum wir Techies uns einmischen müssen\r\n\r\nDas Thema „KI in der Militärtechnik“ und die Beziehung zwischen Mensch und Maschine ist seit Jahrzehnten ein Thema in der Friedensbewegung, der Konfliktforschung, der Philosophie, den Sozialwissenschaften und den kritischen Data \u0026 Algorithm Studies. Doch in den letzten Jahren wurden Waffensysteme mit KI-Komponenten entwickelt und auch praktisch in bewaffneten Konflikten eingesetzt. Dabei reicht die Anwendung von Drohnensteuerung über optische Zielerfassung bis hin zur logistischen Zielauswahl. Am Beispiel KI-gestützter Zielwahlsysteme, die vom israelischen Militär seit Mai 2021 und insbesondere jetzt im Genozid in Gaza eingesetzt werden, können die aktuellen technischen Entwicklungen aufgezeigt und analysiert werden. Im Fokus dieses Talks stehen vier KI-unterstützte Systeme: Das System Gospel zur militärischen Bewertung von Gebäuden, das System Lavender zur militärischen Bewertung von Personen, das System Where's Daddy? zur Zeitplanung von Angriffen und ein experimentelles System auf Basis großer Sprachmodelle zur Erkennung militärisch relevanter Nachrichten in palästinensischen Kommunikationsdaten.\r\n\r\nAuf Basis der Aussagen von Whistleblower:innen des israelischen Militärs und Angestellten beteiligter Unternehmen wie Amazon, Google oder Microsoft sowie internen Dokumenten, die durch investigative Recherchen von mehreren internationalen Teams von Journalist:innen veröffentlicht wurden, können die Systeme und Designentscheidungen technisch detailliert beschrieben, kritisch analysiert sowie die militärischen und gesellschaftlichen Implikationen herausgearbeitet und diskutiert werden. Dabei entstehen auch Fragen bezüglich Verantwortungsverlagerung durch KI, Umgehung des Völkerrechts sowie die grundsätzliche Rolle von automatisierter Kriegsführung.\r\n\r\nAm Schluss geht der Vortrag noch auf die Verantwortung von IT-Fachleuten ein, die ja das Wissen und Verständnis dieser Systeme mitbringen und daher überhaupt erst problematisieren können, wenn Systeme erweiterte oder gänzlich andere Funktionen erfüllen, als öffentlich und politisch oft kommuniziert und diskutiert wird. Überlegungen zu Handlungsoptionen und Auswegen leiten zuletzt die Diskussion ein.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Rainer Rehak"],"tags":["2123","2025","39c3","Ethics, Society \u0026 Politics","Ground","39c3-deu","39c3-eng","39c3-fra","Day 3"],"view_count":8161,"promoted":false,"date":"2025-12-29T14:45:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-06T22:00:09.214+02:00","length":3609,"duration":3609,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2123-7f6e6dff-5f85-5c03-8f07-373b3acce367.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2123-7f6e6dff-5f85-5c03-8f07-373b3acce367_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2123-7f6e6dff-5f85-5c03-8f07-373b3acce367.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2123-7f6e6dff-5f85-5c03-8f07-373b3acce367.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-programmierte-kriegsverbrechen-uber-ki-systeme-im-kriegseinsatz-in-gaza-und-warum-it-fachleute-sich-dazu-auern-mussen","url":"https://api.media.ccc.de/public/events/7f6e6dff-5f85-5c03-8f07-373b3acce367","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"319c31a2-af90-5db9-89f0-fe9ac582726e","title":"Closing Ceremony","subtitle":null,"slug":"39c3-closing-ceremony","link":"https://events.ccc.de/congress/2025/hub/event/detail/closing-ceremony","description":"Power off! Nach vier wunderbaren Tagen kommt der Congress nun langsam zum Ende. Lasst uns zurückblicken, die Eindrücke sortieren und diese inspirierte Stimmung nach draußen tragen.\n\n\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Stella","pajowu"],"tags":["1253","2025","39c3","CCC \u0026 Community","One","39c3-eng","39c3-deu","39c3-spa","Day 4"],"view_count":4103,"promoted":false,"date":"2025-12-30T16:00:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-03-27T16:45:10.132+01:00","length":909,"duration":909,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1253-319c31a2-af90-5db9-89f0-fe9ac582726e.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1253-319c31a2-af90-5db9-89f0-fe9ac582726e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1253-319c31a2-af90-5db9-89f0-fe9ac582726e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1253-319c31a2-af90-5db9-89f0-fe9ac582726e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-closing-ceremony","url":"https://api.media.ccc.de/public/events/319c31a2-af90-5db9-89f0-fe9ac582726e","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"d4b2186b-a1a9-521e-ac91-5dfe6deb2782","title":"Power Cycles statt Burnout – Wie Einflussnahme nicht verpufft","subtitle":null,"slug":"39c3-power-cycles-statt-burnout-wie-einflussnahme-nicht-verpufft","link":"https://events.ccc.de/congress/2025/hub/event/detail/power-cycles-statt-burnout-wie-einflussnahme-nicht-verpufft","description":"Zwischen offenen Briefen, Massenmails, Petitionen und Kaffee trinken : Zwei Ex-Insiderinnen aus dem  Digitalausschuss und Bundestag erzählen, wie politische Einflussnahme wirklich funktioniert. Ein ehrlicher Blick hinter die Kulissen parlamentarischer Entscheidungsfindung – mit praktischen Tipps, wie die Zivilgesellschaft ihre Energie dort einsetzt, wo sie wirklich Wirkung entfaltet.\n\nZiel des Talks ist es, ein realistisches Bild davon zu vermitteln, wie parlamentarische Entscheidungsfindung funktioniert – und praktische Hinweise zu geben, wie man Einfluss nehmen kann, ohne dabei Ressourcen zu verschwenden.\n\nWie bringt man politische Prozesse in Bewegung? Was passiert eigentlich mit einer Mail, wenn sie an einen Abgeordneten geht? Und wie unterscheidet sich konstruktive Interessenvertretung von übergriffigem Lobbyismus?\n\nIn diesem Talk berichten Anna Kassautzki (Mitglied des Bundestags von 2021 bis 2025, stellvertretende Vorsitzende des Digitalausschusses 20. LP) und Rahel Becker (ehemalige wissenschaftliche Mitarbeiterin Digitales) aus der Innenperspektive parlamentarischer Arbeit.\n\nChatkontrolle, Data Act, Recht auf Open Data, DSGVO, es gab viel zu verhandeln in der letzten Legislaturperiode. Anna und Rahel waren mittendrin und geben einen Einblick in die hektische -  teils absurde Kommunikation mit Interessenvertretungen. Dabei liegt der Fokus immer auf der Frage: Welche Strategien braucht es, damit zivilgesellschaftliche Arbeit nicht verpufft?\n\nZugleich geht es um die strukturellen Fragen:\nWo sind die Flaschenhälse für politischen Fortschritt? Wie priorisieren Abgeordnete in einem überfüllten Kalender? Und welche Hebel kann die (digitale) Zivilgesellschaft sinnvoll nutzen, um Gehör zu finden?\n\nDenn gerade in Zeiten massiver digitalpolitischer Herausforderungen ist informierte, strategische Beteiligung notwendiger denn je. Ein Vortrag für alle, die sich in politische Prozesse einmischen wollen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Rahel Becker","Anna Kassautzki"],"tags":["1509","2025","39c3","Ethics, Society \u0026 Politics","Fuse","39c3-deu","39c3-eng","39c3-por","Day 2"],"view_count":6394,"promoted":false,"date":"2025-12-28T21:05:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-06T13:00:04.691+02:00","length":2590,"duration":2590,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1509-d4b2186b-a1a9-521e-ac91-5dfe6deb2782.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1509-d4b2186b-a1a9-521e-ac91-5dfe6deb2782_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1509-d4b2186b-a1a9-521e-ac91-5dfe6deb2782.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1509-d4b2186b-a1a9-521e-ac91-5dfe6deb2782.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-power-cycles-statt-burnout-wie-einflussnahme-nicht-verpufft","url":"https://api.media.ccc.de/public/events/d4b2186b-a1a9-521e-ac91-5dfe6deb2782","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"44d1ae6d-febc-5035-8379-d2030e7f59a2","title":"The Eyes of Photon Science: Imaging, Simulation and the Quest to Make the Invisible Visible","subtitle":null,"slug":"39c3-the-eyes-of-photon-science-imaging-simulation-and-the-quest-to-make-the-invisible-visible","link":"https://events.ccc.de/congress/2025/hub/event/detail/the-eyes-of-photon-science-imaging-simulation-and-the-quest-to-make-the-invisible-visible","description":"Science advances by extending our senses beyond the limits of human perception, pushing the boundaries of what we can observe. In photon science, imaging detectors serve as the eyes of science, translating invisible processes into measurable and analysable data. Behind every image lies a deep understanding of how detectors see, respond and perform.\n\nAt facilities like the European XFEL, the world's most powerful X-ray free-electron laser located in the Hamburg metropolitan area, imaging detectors capture ultrashort X-ray flashes at MHz frame rates and with high dynamic range.  Without these advanced detectors, even the brightest X-ray laser beam would remain invisible. They help to reveal what would otherwise stay hidden, such as the structure of biomolecules, the behaviour of novel materials, and matter under extreme conditions. But how do we know they will perform as expected? And how do we design systems capable of “seeing” the invisible?\n\nI will take a closer look how imaging technology in large-scale facilities is simulated and designed to make the invisible visible. From predicting detector performance to evaluating image quality, we look at how performance simulation helps scientists and engineers understand the “eyes” of modern science.\n\nX-ray imaging detectors have come a long way in the last 15 years, turning ideas that once seemed impossible into realities. Imaging detectors in photon science are more than just high-speed cameras. They are complex systems operating at the limits of what’s physically measurable. Understanding how they behave before, during, and after experiments is essential to advancing both the technology and the science it enables.\n\nIn this talk, I’ll take you inside the world of detector simulation and performance modelling. I’ll explore how tools like Monte Carlo simulations, sensor response models, and system-level performance evaluations are used to:\n\n- Predict detector behaviour in extreme conditions (such as MHz X-ray bursts), and\n- identify critical performance bottlenecks before production.\n\nBy linking imaging technology with simulation and modelling, we can better interpret experimental data and design the next generation of scientific cameras. Beyond the technical aspects, this talk reflects on the broader theme of how we “see” though technology, what it means to make the invisible visible, and how simulation changes not only how we build instruments, but also how we understand them.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["MarKuster"],"tags":["2372","2025","39c3","Science","Zero","39c3-eng","39c3-deu","39c3-fra","Day 1"],"view_count":2046,"promoted":false,"date":"2025-12-27T23:00:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-03-30T22:30:05.458+02:00","length":2351,"duration":2351,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2372-44d1ae6d-febc-5035-8379-d2030e7f59a2.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2372-44d1ae6d-febc-5035-8379-d2030e7f59a2_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2372-44d1ae6d-febc-5035-8379-d2030e7f59a2.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2372-44d1ae6d-febc-5035-8379-d2030e7f59a2.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-the-eyes-of-photon-science-imaging-simulation-and-the-quest-to-make-the-invisible-visible","url":"https://api.media.ccc.de/public/events/44d1ae6d-febc-5035-8379-d2030e7f59a2","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"471f65aa-7729-5e51-b849-4603cfac762f","title":"CCC\u0026T - Cosmic ray, the Climate Catastrophe and Trains.","subtitle":null,"slug":"39c3-ccc-t-cosmic-ray-the-climate-catastrophe-and-trains","link":"https://events.ccc.de/congress/2025/hub/event/detail/ccc-t-cosmic-ray-the-climate-catastrophe-and-trains","description":"How can we predict soil moisture by measuring cosmic ray products and what have trains to do with it? Ever wondered how this Dürremonitor works, that you heared about in ther german news? These question and some more I will try to answer while I give an overview of some of the research that is done by the Helmholtz Centre for Environmental Research (UFZ).\n\nThe Dürremonitor is a programme that is often mentioned in the German news when some regions experience drought. Alongside the Dürremonitor and the underlying Mesoscale Hydrological Model (MHM), there is ongoing research at the UFZ concerning soil moisture. Some of these studies involve measuring soil moisture using a technique called cosmic ray neutron sensing (CRNS). Rather than taking measurements, the MHM uses a physics-based model incorporating precipitation forecasts to predict drought or flood. These two strategies for quantifying soil moisture are therefore in opposition: the measurement-based approach (CRNS) and the modelling-based approach (MHM/Dürremonitor). CRNS is a relatively new method of measuring soil moisture based on the proportion of neutrons reflected by the soil (the principles were discovered in the 1980s, but it has only recently become commercially applicable). This method has several advantages over previous soil moisture measurement methods: it is non-invasive, easy to set up, portable and can therefore be used on trains.\n\nIn the talk I will give an overview of the Dürremonitor and MHM and then focus on CRNS. I will explain the physical principles behind the method, how it is implemented in practice by making serveys using trains.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["FantasticMisterFux","louiT"],"tags":["1665","2025","39c3","Science","One","39c3-eng","39c3-deu","Day 4"],"view_count":1893,"promoted":false,"date":"2025-12-30T11:55:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-03-30T22:45:04.211+02:00","length":2382,"duration":2382,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1665-471f65aa-7729-5e51-b849-4603cfac762f.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1665-471f65aa-7729-5e51-b849-4603cfac762f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1665-471f65aa-7729-5e51-b849-4603cfac762f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1665-471f65aa-7729-5e51-b849-4603cfac762f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-ccc-t-cosmic-ray-the-climate-catastrophe-and-trains","url":"https://api.media.ccc.de/public/events/471f65aa-7729-5e51-b849-4603cfac762f","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"ec0a3724-5021-59d5-b32e-f5005b2cff99","title":"\"Passwort\" - der heise security Podcast live vom 39C3","subtitle":null,"slug":"39c3-passwort-der-heise-security-podcast-live-vom-39c3","link":"https://events.ccc.de/congress/2025/hub/event/detail/passwort-der-heise-security-podcast-live-vom-39c3","description":"Der heise security Podcast macht wieder einen Betriebsausflug nach Hamburg. Diesmal bringt Christopher seinen Co-Host Sylvester mit und spricht 90 Minuten lang über aktuelle Security-Themen vom Congress. Wir haben uns erneut einige spannende Fundstücke herausgesucht und sprechen darüber miteinander, aber auch mit unseren Gästen.\nWelche Themen wir besprechen ist - wie immer bei unserem Podcast - eine Überraschung.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Christopher Kunz","Sylvester"],"tags":["83754","2025","39c3","Sendezentrum Bühne (Saal X 07)","39c3-deu","Day 2"],"view_count":4226,"promoted":false,"date":"2025-12-28T20:30:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-06T16:30:06.591+02:00","length":5220,"duration":5220,"thumb_url":"https://static.media.ccc.de/media/congress/2025/83754-ec0a3724-5021-59d5-b32e-f5005b2cff99.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/83754-ec0a3724-5021-59d5-b32e-f5005b2cff99_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/83754-ec0a3724-5021-59d5-b32e-f5005b2cff99.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/83754-ec0a3724-5021-59d5-b32e-f5005b2cff99.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-passwort-der-heise-security-podcast-live-vom-39c3","url":"https://api.media.ccc.de/public/events/ec0a3724-5021-59d5-b32e-f5005b2cff99","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"cd3af7ee-3204-5404-8714-f18d33f08bd8","title":"Teckids – eine verstehbare (digitale) Welt","subtitle":null,"slug":"39c3-teckids-eine-verstehbare-digitale-welt","link":"https://events.ccc.de/congress/2025/hub/event/detail/teckids-eine-verstehbare-digitale-welt","description":"Die Teckids-Gemeinschaft bringt Kinder, Jugendliche und Erwachsene zusammen, um gemeinsam aktiv für eine verstehbare (digitale) Welt zu sein.\n\nBei Teckids geht es nicht \"nur\" um Technikbasteln und Programmieren mit Kindern, sondern darum, mit anderen, für andere, bei Events und gesellschaftlich aktiv zu werden.\n\nIn letzter Zeit haben wir viele Projekte dafür unternommen. Unter anderem haben wir den neuen Themen-Slot \"Jung und überwacht\" bei den BigBrotherAwards 2025 gestaltet und bereiten Jugendthemen für das nächste Jahr vor. Zum zweiten Mal laden wir beim 39c3 Kinder beim Fairydust-Türöffner-Tag \"hinter die Kulissen\" der Chaos-Teams ein.\n\nUnser Slogan mit dem etwas merkwürdigen Wort \"Verstehbarkeit\" steht dafür, dass alle nicht nur die Fähigkeiten, sondern auch das Recht behalten sollen, mit ihrer Technik zu machen, was sie wollen, und alles zu hinterfragen und zu verstehen. Dafür wollen wir noch mehr junge Menschen und auch Erwachsene erreichen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Keno","Darius Auding"],"tags":["1891","2025","39c3","CCC \u0026 Community","Ground","39c3-deu","39c3-eng","39c3-por","Day 3"],"view_count":2295,"promoted":false,"date":"2025-12-29T12:50:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-05T09:45:05.294+02:00","length":1793,"duration":1793,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1891-cd3af7ee-3204-5404-8714-f18d33f08bd8.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1891-cd3af7ee-3204-5404-8714-f18d33f08bd8_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1891-cd3af7ee-3204-5404-8714-f18d33f08bd8.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1891-cd3af7ee-3204-5404-8714-f18d33f08bd8.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-teckids-eine-verstehbare-digitale-welt","url":"https://api.media.ccc.de/public/events/cd3af7ee-3204-5404-8714-f18d33f08bd8","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"860a362f-4666-5fe0-9f0a-8d26485f730e","title":"Lightning Talks - Tag 2","subtitle":null,"slug":"39c3-lightning-talks-tag-2","link":"https://events.ccc.de/congress/2025/hub/event/detail/lightning-talks-tag-2","description":"Lightning Talks - Tag 2\n\n- **Lightning Talks Introduction**\n- **Chaos auf der Schiene: Die Wahrheit hinter den Verspätungen** — *poschi*\n- **EventFahrplan - The 39C3 Fahrplan App for Android** — *tbsprs*\n- **Quantum computing myths and reality** — *Moonlit*\n- **Return to attacker.com** — *Safi*\n- **Teilchendetektor im Keller? Ich habs gemacht. Die Theorie und der Bau einer Funkenkammer** — *Rosa*\n- **What's the most secure phone?** — *jiska*\n- **reverse engineering a cinema camera’s peripheral port** — *3nt3*\n- **Youth Hacking 4 Freedom: the European Free Software competition for teenagers** — *Ana Galan*\n- **From word clouds to Word Rain: A new text visualisation technique** — *Maria Skeppstedt*\n- **Spaß mit Brettspielen** — *Marco Bakera*\n- **Creative Commons Radio - I really didn't want to become a copyright activist!** — *Martin*\n- **lernOS für Dich - Selbstmanagement \u0026 persönliches Wissensmanagement leicht gemacht** — *Simon Dückert*\n- **Was man in Bluetooth Advertisements so alles findet** — *Paul*\n- **The Sorbus Computer** — *SvOlli*\n- **AI doesn’t have to slop - Introducing an open source alternative to big-tech AI agents** — *Kitty*\n- **Interoperability and the Digital Markets Act: collecting experiences from the community** — *Dario Presutti*\n- **Leveraging Security Twin for on-demand resilience assessment against high-impact attacks** — *Manuel Poisson*\n- **A seatbelt for innerHTML** — *Frederik Braun*\n- **Toxicframe - Ghost in the Switch: Vier Jahre Schweigen in der Netgate SG-2100** — *Wim Bonis*\n- **KI³Rat = Mensch x Daten x Dialog** — *ceryo / Jo Tiffe*\n- **iPod Nano Reverse Engineering** — *hug0*\n- **Interfaces For Society - Wenn Demokratie Auf Protokollen Läuft** — *Pauline Dimmek*\n- **Security problems with electronic invoices** — *Hanno Böck*\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Bonnie","keldo","Andi Bräu"],"tags":["2398","2025","39c3","CCC \u0026 Community","Zero","39c3-eng","39c3-deu","39c3-fra","Day 2"],"view_count":11645,"promoted":false,"date":"2025-12-28T11:00:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-06T18:00:07.834+02:00","length":7141,"duration":7141,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2398-860a362f-4666-5fe0-9f0a-8d26485f730e.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2398-860a362f-4666-5fe0-9f0a-8d26485f730e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2398-860a362f-4666-5fe0-9f0a-8d26485f730e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2398-860a362f-4666-5fe0-9f0a-8d26485f730e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-lightning-talks-tag-2","url":"https://api.media.ccc.de/public/events/860a362f-4666-5fe0-9f0a-8d26485f730e","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"ad9fa823-820f-5846-825e-42e2b5934ef6","title":"Peep-Show für die Polizei. Staatliche Überwachung von Queers in Hamburger Toiletten bis 1980","subtitle":null,"slug":"39c3-peep-show-fur-die-polizei-staatliche-uberwachung-von-queers-in-hamburger-toiletten-bis-1980","link":"https://events.ccc.de/congress/2025/hub/event/detail/peep-show-fur-die-polizei-staatliche-uberwachung-von-queers-in-hamburger-toiletten-bis-1980","description":"Oder: Wie die Hamburger Polizei queere Menschen auf öffentlichen Toiletten observierte, und wie ein anonymes Kollektiv im Juli 1980 dieses Überwachungsystem wortwörtlich mit dem Hammer zerschlagen hat. Ein analoger Überwachungskrimi mit sauberen Städten, lichtscheuen Elementen, queerem Aktivismus, und kollektiver Selbstorganisation; und mit einer Anleitung wie man Beamten Anfang der 80er das Handwerk legen konnte.\n\nIn den 1970er Jahren nutzt die Hamburger Polizei auf zehn öffentlichen Herrentoiletten in der Wand eingelassene Spionspiegel, um zu beobachten welche Männer am Pissoir ihrer Meinung nach etwas zu lange nebeneinander stehen. In einem Überwachungszeitraum von gut 18 Jahren sprechen Hamburger Beamte mit Berufung auf ‚Jugendschutz‘ und ‚Sauberkeit‘ hunderte Hausverbote an öffentlichen Toiletten aus, nehmen Personalien auf und legen dabei illegalerweise ‚Rosa Listen‘ genannte Homosexuellenregister an. \nDie unfreiwillige Peep-Show endet im Sommer 1980, als die Polizei völlig indiskret die Teilnehmenden der ersten lesbisch-trans-schwulen Demonstration in Hamburg fotografiert um nach Selbstaussage „die Karteien aufzufrischen“. Ein anonymes Kollektiv zerschlägt die Überwachungsspiegel und bringt die illegale Polizeipraxis ans Licht der Öffentlichkeit.\nMit zwei Fragen tauchen wir in diesem Vortrag in die Aborte der Geschichte: Wie ist das polizeiliche Toilettenüberwachungssystem in Hamburg entstanden? Welche technischen und sozialen Lücken nutzten die Aktivist:innen für den Exploit dieses Systems? Und was hat das eigentlich mit heute zu tun?\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Simon Schultz"],"tags":["1823","2025","39c3","Ethics, Society \u0026 Politics","Ground","39c3-deu","39c3-eng","39c3-spa","Day 3"],"view_count":4976,"promoted":false,"date":"2025-12-29T23:00:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-02T13:15:04.374+02:00","length":3467,"duration":3467,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1823-ad9fa823-820f-5846-825e-42e2b5934ef6.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1823-ad9fa823-820f-5846-825e-42e2b5934ef6_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1823-ad9fa823-820f-5846-825e-42e2b5934ef6.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1823-ad9fa823-820f-5846-825e-42e2b5934ef6.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-peep-show-fur-die-polizei-staatliche-uberwachung-von-queers-in-hamburger-toiletten-bis-1980","url":"https://api.media.ccc.de/public/events/ad9fa823-820f-5846-825e-42e2b5934ef6","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"c553ee23-bc27-585a-b8d0-d8fee999e75a","title":"Reverse engineering the Pixel TitanM2 firmware","subtitle":null,"slug":"39c3-reverse-engineering-the-pixel-titanm2-firmware","link":"https://events.ccc.de/congress/2025/hub/event/detail/reverse-engineering-the-pixel-titanm2-firmware","description":"The TitanM2 chip has been central to the security of the google pixel series since the Pixel 6. It is based on a modified RISC-V design with a bignum accelerator. Google added some non standard instructions to the RISC-V ISA. This talk investigates the reverse engineering using Ghidra, and simulation of the firmware in python.\n\nI will discuss the problems encountered while reverse engineering and simulating the firmware for the TitanM2 security chip, found in the Google Pixel phones. I'll discuss how to obtain the firmware. Talk about the problems reverse engineering this particular binary. I show how you can easily extend ghidra with new instructions to get a full decompilation. Also, I wrote a Risc-V simulator in python for running the titanM2 firmware.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["willem"],"tags":["2274","2025","39c3","Hardware","Ground","39c3-eng","39c3-deu","Day 2"],"view_count":5343,"promoted":false,"date":"2025-12-28T23:55:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-06T11:45:04.928+02:00","length":2233,"duration":2233,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2274-c553ee23-bc27-585a-b8d0-d8fee999e75a.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2274-c553ee23-bc27-585a-b8d0-d8fee999e75a_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2274-c553ee23-bc27-585a-b8d0-d8fee999e75a.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2274-c553ee23-bc27-585a-b8d0-d8fee999e75a.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-reverse-engineering-the-pixel-titanm2-firmware","url":"https://api.media.ccc.de/public/events/c553ee23-bc27-585a-b8d0-d8fee999e75a","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"039c6510-1a33-57fe-8bbf-08bcc31df8bb","title":"How to render cloud FPGAs useless","subtitle":null,"slug":"39c3-how-to-render-cloud-fpgas-useless","link":"https://events.ccc.de/congress/2025/hub/event/detail/how-to-render-cloud-fpgas-useless","description":"While FPGA developers usually try to minimize the power consumption of their designs, we approached the problem from the opposite perspective: what is the maximum power consumption that can be achieved or wasted on an FPGA? Short answer: we found that it’s easy to implement oscillators running at 6 GHz that can theoretically dissipate around 20 kW on a large cloud FPGA when driving the signal to all the available resources. It is interesting to note that this power density is not very far away from that of the surface of the sun. However, such power load jump is usually not a problem as it will trigger some protection circuitry. This led us to the next question: would a localized hotspot with such power density damage the chip if we remain within the typical power envelope of a cloud FPGA (~100 W)? While we could not “fry” the chip or induce permanent errors (and we tried several variants), we did observe that a few routing wires aged to become up to 70% slower in just a few days of stressing the chip. This basically means that such an FPGA cannot be rented out to cloud users without risking timing violations.\nIn this talk, we will present how we optimized power wasting, how we measured wire latencies with ps accuracy, how we attacked 100 FPGA cloud instances and how we can protect FPGAs against such DOS attacks.\n\nFPGA instances are now offered by multiple cloud service providers (including Amazon EC2 F1/F2 instances, Alibaba ECS Instances, and Microsoft Azure NP-Series). The low-level programmability of FPGAs allows implementing new attack vectors including DOS attacks. While some severe attacks (such as short circuits) cannot be easily deployed as users are prevented to load own configuration bitstreams on the cloud FPGAs, it has been demonstrated that it is possible to leak information (like cloud instance scheduling policies or the physical topologies of the FPGA servers) or to mount DoS attacks by excessive power hammering. For instance, basically all cloud FPGAs provide logic cells that can be configured as small shift registers. This allows building toggle-shift-registers with 10K and more flip-flops, which can draw over 1 KW power when clocked at a few hundred MHz. \nIn our work, we created fast ring-oscillators that bypass all design checks applied during bitstream cloud deployment and how we achieved toggle rates of 8 GHz inside an FPGA by using glitch amplification. The latter one was calibrated with the help of a time-to-digital converter (TDC).\nAs a first attack, we used power hammering to crash AWS F1 instances by increasing power consumption to 300 W (three times the allowed power envelope). We used physical unclonable functions (PUFs) to examine the behaviour of the attacked FPGA cloud instances and we found that most remained unavailable for several hours after the attack.\nAs a more subtle attack, we tried to cause permanent damage to FPGAs in our lab by driving fast toggling signals to virtually any available wire (and primitive) into a small region of the chip. With this, we created hotspot designs that draw 130 W in less than 1% of the available logic and routing resources of a datacenter FPGA. Even though the achieved power density was excessive, it was insufficient to induce permanent damages. This is largely due to the area inefficiencies of an FPGA that limit the power density. For instance, FPGAs use large multiplexers to implement the switchable connections and there exists only one active path that is routed through the multiplexers, hence, leaving most of the transistors sitting idle. Similarly, FPGAs provide a large number of configuration memory cells (about 1 Gb on a typical datacenter device) that draw negligible power as these do not switch during operation. All these idle elements force the power drawing circuits to be spread out, hence limiting power density. Anyway, when experimenting with different hotspot variants, we found thermal runaway effects and excessive device aging with up to a 70% increase in delay on some wires. We achieved this aging in just a few days and under normal operational conditions (i.e. by staying within the available power budget and having board cooling running). Such a large increase in latency can be considered to render an FPGA useless as it will usually not be fast enough to host (realistic) user designs.\nBeyond exploring these attack vectors, we developed countermeasures and design guidelines to prevent such attacks. These include scans of the user designs, use restrictions to resources like IOs and clock trees, as well as runtime monitoring and FPGA health checks. With this, we believe that FPGAs can be operated securely and reliably in a cloud setting.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Dirk"],"tags":["2317","2025","39c3","Security","Fuse","39c3-eng","39c3-deu","Day 2"],"view_count":5064,"promoted":false,"date":"2025-12-28T19:15:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-03T20:00:08.023+02:00","length":2445,"duration":2445,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2317-039c6510-1a33-57fe-8bbf-08bcc31df8bb.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2317-039c6510-1a33-57fe-8bbf-08bcc31df8bb_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2317-039c6510-1a33-57fe-8bbf-08bcc31df8bb.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2317-039c6510-1a33-57fe-8bbf-08bcc31df8bb.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-how-to-render-cloud-fpgas-useless","url":"https://api.media.ccc.de/public/events/039c6510-1a33-57fe-8bbf-08bcc31df8bb","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"7b91e420-b195-5724-b3fb-8820a90e27b5","title":"​WissPod Jahresrückblick 2025 oder: KI in der Wissenschaft!?","subtitle":null,"slug":"39c3-wisspod-jahresrckblick-2025-oder-ki-in-der-wissenschaft","link":"https://events.ccc.de/congress/2025/hub/event/detail/wisspod-jahresrckblick-2025-oder-ki-in-der-wissenschaft","description":"Wie die letzten Jahre gute Tradition geworden ist, blicken Melanie Bartos und Bernd Rupp zurück auf das wissenschaftspodcasts.de-Jahr 2025 und sprechen über die Perspektiven, die sich für das Wissenschaftspodcast-Jahr 2026 abzeichnen.\nDabei beleuchten wir die Herausforderungen bei der Kuration, die Anmeldezahlen neuer Wissenschaftspodcasts, die Weiterentwicklung der Website sowie den Aufbau und die Betreuung der WissPod-Community. Diese umfasst inzwischen rund 420 Wissenschaftspodcasts mit insgesamt über 33.000 Episoden.  2025 wurde erstmalig ein Podcast-Adventskalender mit 24 kuratierten Spezial-Podcast-Episoden aufgesetzt.\n\nWie die letzten Jahre reden wir aber auch über ein Thema, das die Wissenschaft aber auch die Wissensvermittlung oder Wissenschaftskommunikation beeinflusst.  Dieses Jahr geht es dabei um KI in der Wissenschaft.  Wir blicken auf Chancen und Risiken: In der individuellen Perspektive der einzelnen Wissenschaftler*innen ergeben sich oft große Möglichkeiten zur Beschleunigung der eigenen Arbeit.  Dabei geht man aber leicht eine Beziehung mit großen Tech-Konzernen mit unklaren Interessen und Zielen ein. Daraus ergibt sich der Bedarf einer Wahrheitsschutz-Gesamtrechnung für eine Wissenschaft in der KI flächendeckend eingesetzt wird.\n\nMit unseren Gästen sprechen wir über Podcasts in der Wissen{schaft}skommunikation, über Ziele und Kriterien – und darüber wie KI die Wissenschaft verändert.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Bernd Rupp","Melanie Bartos"],"tags":["83792","2025","39c3","Sendezentrum Bühne (Saal X 07)","39c3-deu","Day 3"],"view_count":1433,"promoted":false,"date":"2025-12-29T18:45:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-03-31T22:15:06.172+02:00","length":5353,"duration":5353,"thumb_url":"https://static.media.ccc.de/media/congress/2025/83792-7b91e420-b195-5724-b3fb-8820a90e27b5.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/83792-7b91e420-b195-5724-b3fb-8820a90e27b5_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/83792-7b91e420-b195-5724-b3fb-8820a90e27b5.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/83792-7b91e420-b195-5724-b3fb-8820a90e27b5.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-wisspod-jahresrckblick-2025-oder-ki-in-der-wissenschaft","url":"https://api.media.ccc.de/public/events/7b91e420-b195-5724-b3fb-8820a90e27b5","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"51c5eac2-c9f1-55b8-b8ab-0c1cf9cbf4b0","title":"\"They Talk Tech\" live mit Anne Roth","subtitle":null,"slug":"39c3-they-talk-tech-live-mit-anne-roth","link":"https://events.ccc.de/congress/2025/hub/event/detail/they-talk-tech-live-mit-anne-roth","description":"„They Talk Tech“ Live: Podcasts-Hosts Svea Eckert und Eva Wolfangel diskutieren mit Anne Roth, Referentin für Digitalpolitik der Linksfraktion, Netzaktivistin, scharfe Beobachterin und präzise Analytikerin digitaler Machtstrukturen, über Überwachung, digitale Freiheitsrechte, feministische Netzpolitik und die politischen Kämpfe hinter der Technologie.\n\nAnne Roth beschäftigt sich seit vielen Jahren mit staatlichen Sicherheitsarchitekturen, Geheimdienstkontrolle, digitaler Gewalt und Fragen politischer Teilhabe. Im Gespräch geht es um die Mechanismen digitaler Macht, um Freiheitsrechte im Zeitalter permanenter Datenerfassung und darum, wie politische Entscheidungen technologische Entwicklungen prägen und umgekehrt - und wo die netzpolitische Community auch in politisch schwierigen Zeiten ansetzen kann, um die Entwicklung positiv zu beeinflussen.\n\nEine offene, präzise und lebendige Diskussion, die sowohl technisch interessierte als auch politisch denkende Menschen abholt. Live und mit Raum für eure Fragen.\n\n\"They Talk Tech\" ist ein c't-Podcast von Svea Eckert und Eva Wolfangel\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Eva Wolfangel"],"tags":["83766","2025","39c3","Sendezentrum Bühne (Saal X 07)","39c3-deu","Day 2"],"view_count":1875,"promoted":false,"date":"2025-12-28T13:30:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-02T16:15:04.709+02:00","length":2777,"duration":2777,"thumb_url":"https://static.media.ccc.de/media/congress/2025/83766-51c5eac2-c9f1-55b8-b8ab-0c1cf9cbf4b0.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/83766-51c5eac2-c9f1-55b8-b8ab-0c1cf9cbf4b0_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/83766-51c5eac2-c9f1-55b8-b8ab-0c1cf9cbf4b0.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/83766-51c5eac2-c9f1-55b8-b8ab-0c1cf9cbf4b0.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-they-talk-tech-live-mit-anne-roth","url":"https://api.media.ccc.de/public/events/51c5eac2-c9f1-55b8-b8ab-0c1cf9cbf4b0","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"f9204594-d3f2-5c45-ba71-542a99eb9e5d","title":"Chaospager","subtitle":"How to construct an Open Pager System for c3","slug":"39c3-chaospager-how-to-construct-an-open-pager-system-for-c3","link":"https://events.ccc.de/congress/2025/hub/event/detail/chaospager-how-to-construct-an-open-pager-system-for-c3","description":"In this talk, we will give an introduction into the project (i.e. how it all started at 38c3 and why we are here now), provide an in-depth review of how the development process of our pager worked and what our future goals are.\r\n\r\nIn our introduction, we will talk about the origin and exploration phase of the inital pager idea (i.e. how we went from the idea of bringing POCSAG Pager transmitter to 38c3, over a cable-bound prototype, to a first working pager on a proper PCB). We will also present our plans of connecting our POCSAG transmitter infrastructure to THOT (CERTs own dispatch software).\r\n\r\nFor our in-depth review about the project, we explain how we encountered major reception problems, how we analyzed them at easterhegg22 and conducted experiments there, and why we are opting for a custom HF frontend design instead of an already-made one from chinese vendors. Moreover, we provide an overview of our transmitter devices and give some advice on how to replicate those.\r\n\r\nLastly, we will discuss further challenges and what our next goals are.\r\n\r\nIf we are reaching our milestone until 39c3, we will also give a live demo of the system.\r\n\r\nAt 38c3, we conducted an experiment to test out our self-built POCSAG Pager infrastructure. Together with DL0TUH and CERT, we are now working on an open pager solution leveraging well-known components in the maker commmunity (e.g. ESP32, SX1262) to support the alarming of action forces at c3 events. In this talk, we will guide you through the process of developing such a project, problems that are occuring and what our future plans are.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Max","Julian"],"tags":["2015","2025","39c3","Hardware","One","39c3-eng","39c3-deu","Day 2"],"view_count":4643,"promoted":false,"date":"2025-12-28T14:45:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-04T19:45:05.718+02:00","length":2307,"duration":2307,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2015-f9204594-d3f2-5c45-ba71-542a99eb9e5d.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2015-f9204594-d3f2-5c45-ba71-542a99eb9e5d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2015-f9204594-d3f2-5c45-ba71-542a99eb9e5d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2015-f9204594-d3f2-5c45-ba71-542a99eb9e5d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-chaospager-how-to-construct-an-open-pager-system-for-c3","url":"https://api.media.ccc.de/public/events/f9204594-d3f2-5c45-ba71-542a99eb9e5d","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"323248d0-1bcf-5440-a8b3-9d35d40fb06d","title":"Infrastructure Review","subtitle":null,"slug":"39c3-infrastructure-review","link":"https://events.ccc.de/congress/2025/hub/event/detail/infrastructure-review","description":"Infrastructure teams present what they did for this years congress and why they did it that way.\n\n39c3 is a big challenge to run, install power, network connectivity and other services in a short time and tear down everything even faster. This is a behind the scenes of the event infrastructure, what worked well and what might not have worked as expected.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["nicoduck"],"tags":["1806","2025","39c3","CCC \u0026 Community","Zero","39c3-eng","39c3-deu","39c3-pol","Day 4"],"view_count":36508,"promoted":false,"date":"2025-12-30T14:45:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-06T22:15:08.016+02:00","length":3822,"duration":3822,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1806-323248d0-1bcf-5440-a8b3-9d35d40fb06d.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1806-323248d0-1bcf-5440-a8b3-9d35d40fb06d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1806-323248d0-1bcf-5440-a8b3-9d35d40fb06d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1806-323248d0-1bcf-5440-a8b3-9d35d40fb06d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-infrastructure-review","url":"https://api.media.ccc.de/public/events/323248d0-1bcf-5440-a8b3-9d35d40fb06d","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"72f2a9b5-f646-584a-a3f1-e700657736a5","title":"Textiles 101: Fast Fiber Transform","subtitle":null,"slug":"39c3-textiles-101-fast-fiber-transform","link":"https://events.ccc.de/congress/2025/hub/event/detail/textiles-101-fast-fiber-transform","description":"Textiles are everywhere, yet few of us know how they’re made. \n\nThis talk aims to give you an overview over the complete transformation from fiber to finished textile. We'll be exploring fiber properties, spinning, and techniques like weaving, knitting, crochet, braiding, and knotting, followed by finishing methods such as dyeing, printing, and embroidery.\n\nYou’ll learn why not only fiber but also structure matters, and how to make or hack textiles on your own without relying on fast fashion or industrial tools.\n\nTextiles play an integral part in our daily lives. If you’re reading this, chances are you’re wearing clothes or have some form of fabric within arm’s reach. Yet despite how common and essential textiles are, few of us know how they actually come to be. How do we go from a plant, animal, or synthetic polymer to a fully finished piece of clothing?\n\nThis talk unravels the full transformation pipeline of textiles: starting with fibers and their properties, then spinning them into yarn, turning that yarn into textiles through weaving, knitting, crochet, braiding, knotting, and other techniques, and finally finishing them through printing, embroidery, dyeing, or bleaching.\nAlong the way, you’ll learn why your “100% cotton” garments can feel completely different despite being made of the same fiber, how structure matters just as much as material, and what environmental impact different choices have.\n\nWhether you want to make your own textiles, hack existing ones, or finally understand why that wool sweater you washed too hot is now tiny, this talk is a crash course in most things textile, and a reminder that you don’t need industrial machinery or fast fashion to create something on your own.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["octoprog"],"tags":["1917","2025","39c3","Hardware","Ground","39c3-eng","39c3-deu","39c3-fra","Day 2"],"view_count":3788,"promoted":false,"date":"2025-12-28T22:05:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-05T16:15:06.127+02:00","length":2510,"duration":2510,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1917-72f2a9b5-f646-584a-a3f1-e700657736a5.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1917-72f2a9b5-f646-584a-a3f1-e700657736a5_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1917-72f2a9b5-f646-584a-a3f1-e700657736a5.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1917-72f2a9b5-f646-584a-a3f1-e700657736a5.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-textiles-101-fast-fiber-transform","url":"https://api.media.ccc.de/public/events/72f2a9b5-f646-584a-a3f1-e700657736a5","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"b3ef337e-bfb3-51bf-bcaa-0b2d697b9c7f","title":"A Quick Stop at the HostileShop","subtitle":null,"slug":"39c3-a-quick-stop-at-the-hostileshop","link":"https://events.ccc.de/congress/2025/hub/event/detail/a-quick-stop-at-the-hostileshop","description":"HostileShop is a python-based tool for generating prompt injections and jailbreaks against LLM agents. I created HostileShop to see if I could use LLMs to write a framework that generates prompt injections against LLMs, by having LLMs attack other LLMs. It's LLMs all the way down. HostileShop generated prompt injections for a winning submission in OpenAI's GPT-OSS-20B RedTeam Contest. Since then, I have expanded HostileShop to generate injections for the entire LLM frontier, as well as to mutate jailbreaks to bypass prompt filters, adapt to LLM updates, and to give advice on performing injections against other agent systems. In this talk, I will give you an overview of LLM Agent hacking. I will cover LLM context window formats, LLM agents, agent vulnerability surface, and the prompting and efficiency insights that led to the success of HostileShop.\n\n[HostileShop](https://github.com/mikeperry-tor/HostileShop) creates a simulated web shopping environment where an **attacker agent LLM** attempts to manipulate a **target shopping agent LLM** into performing unauthorized actions. Crucially, HostileShop does not use an LLM to judge attack success. Instead, success is determined automatically and immediately by the framework, which reduces costs and enables rapid continual learning by the attacker LLM.\n\nHostileShop is best at discovering **prompt injections** that induce LLM Agents to make improper \"tool calls\". In other words, HostileShop finds the magic spells that make LLM Agents call functions that they have available to them, often with the specific input of your choice.\n\nHostileShop is also capable of [enhancement and mutation of \"universal\" jailbreaks](https://github.com/mikeperry-tor/HostileShop?tab=readme-ov-file#prompts-for-jailbreakers). This allows **cross-LLM adaptation of universal jailbreaks** that are powerful enough to make the target LLM become fully under your control, for arbitrary actions. This also enables public jailbreaks that have been partially blocked to work again, until they are more comprehensively addressed.\n\nI created HostileShop as an experiment, but continue to maintain it to let me know if/when LLM agents finally become secure enough for use in privacy preserving systems, without the need to rely on [oppressive](https://runtheprompts.com/resources/chatgpt-info/chatgpt-is-reporting-your-prompts-to-police/) [levels of surveillance](https://www.anthropic.com/news/activating-asl3-protections).\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Mike Perry"],"tags":["2309","2025","39c3","Security","Fuse","39c3-eng","39c3-deu","Day 2"],"view_count":2879,"promoted":false,"date":"2025-12-28T17:35:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-02T16:15:05.867+02:00","length":1959,"duration":1959,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2309-b3ef337e-bfb3-51bf-bcaa-0b2d697b9c7f.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2309-b3ef337e-bfb3-51bf-bcaa-0b2d697b9c7f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2309-b3ef337e-bfb3-51bf-bcaa-0b2d697b9c7f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2309-b3ef337e-bfb3-51bf-bcaa-0b2d697b9c7f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-a-quick-stop-at-the-hostileshop","url":"https://api.media.ccc.de/public/events/b3ef337e-bfb3-51bf-bcaa-0b2d697b9c7f","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"8a09918c-9b59-53b2-ab8e-4f2cfdb460d5","title":"a media-almost-archaeology on data that is too dirty for \"AI\"","subtitle":null,"slug":"39c3-a-media-almost-archaeology-on-data-that-is-too-dirty-for-ai","link":"https://events.ccc.de/congress/2025/hub/event/detail/a-media-almost-archaeology-on-data-that-is-too-dirty-for-ai","description":"when datasets are scaled up to the volume of (partial) internet, together with the idea that scale will average out the noise,  large dataset builders came up with a human-not-in-the-loop, cheaper-than-cheap-labor method to clean the datasets: heuristic filtering. Heuristics in this context are basically a set of rules came up by the engineers with their imagination and estimation to work best for their perspective of “cleaning”. Most datasets use heuristics adopted from existing ones, then add some extra filtering rules for specific characteristics of the datasets. I would like to invite you to have a taste together of these silent, anonymous yet upheld estimations and not-guaranteed rationalities in current sociotechnical artifacts, and on for whom these estimations are good-enough, as it will soon be part our technological infrastructures.\n\nIn 1980s, non-white women’s body size data was categorized as dirty data when establishing the first women's sizing system in US. Now in the age of GPT, what is considered as dirty data and how are they removed from massive training materials?\n\nDatasets nowadays for training large models have been expanded to  the volume of (partial) internet, with the idea of “scale averages out noise”, these datasets were scaled up by scrabbling whatever available data on the internet for free then “cleaned” with a human-not-in-the-loop, cheaper-than-cheap-labor method: heuristic filtering. Heuristics in this context are basically a set of rules came up by the engineers with their imagination and estimation that are “good enough” to remove “dirty data” of their perspective, not guaranteed to be optimal, perfect, or rational.\n\nThe talk will show some intriguing patterns of “dirty data” from 23 extraction-based datasets, like how NSFW gradually equals to NSFTM (not safe for training model), and reflect on these silent, anonymous yet upheld estimations and not-guaranteed rationalities in current sociotechnical artifacts, and ask for whom these estimations are good-enough, as it will soon be part our technological infrastructures.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["jiawen uffline"],"tags":["1798","2025","39c3","Art \u0026 Beauty","Ground","39c3-eng","39c3-deu","39c3-pol","Day 3"],"view_count":2313,"promoted":false,"date":"2025-12-29T11:55:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-04T16:45:05.446+02:00","length":2275,"duration":2275,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1798-8a09918c-9b59-53b2-ab8e-4f2cfdb460d5.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1798-8a09918c-9b59-53b2-ab8e-4f2cfdb460d5_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1798-8a09918c-9b59-53b2-ab8e-4f2cfdb460d5.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1798-8a09918c-9b59-53b2-ab8e-4f2cfdb460d5.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-a-media-almost-archaeology-on-data-that-is-too-dirty-for-ai","url":"https://api.media.ccc.de/public/events/8a09918c-9b59-53b2-ab8e-4f2cfdb460d5","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"14cb6843-3e39-563c-9e49-6608e0803017","title":"Och Menno X Disconnected Unexpected : Elbonian Incident Response : Wie reagiere ich falsch","subtitle":null,"slug":"39c3-och-menno-x-disconnected-unexpected-elbonian-incident-response-wie-reagiere-ich-falsch","link":"https://events.ccc.de/congress/2025/hub/event/detail/och-menno-x-disconnected-unexpected-elbonian-incident-response-wie-reagiere-ich-falsch","description":"Jeder redet darüber wie man eine Krise optimal bearbeitet. Bei Disconnected Unexpected geht es ja darum das das Publikum ein Szenario in den Raum wirft und Teams versuchen eine optimale Lösung zu finden. Bei Och Menno geht es darum das Sachen schief gehen. In der großen Nation Elbonien geht es darum das immer die komplizierteste, gerechtfertigte Lösung findet die garantiert die schlechteste Auswirkungen hat.\n\nEs wird eine Impro Comedy Show, wo das Publikum ein Szenario in den Raum werfen darf, und das Panel versucht die Krise durch wohlgemeinte Ideen schlechter zu machen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Sven Uckermann","egouvernante","Runtanplan"],"tags":["83775","2025","39c3","Sendezentrum Bühne (Saal X 07)","39c3-deu","Day 3"],"view_count":4816,"promoted":false,"date":"2025-12-29T16:00:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-04T15:15:04.144+02:00","length":4962,"duration":4962,"thumb_url":"https://static.media.ccc.de/media/congress/2025/83775-14cb6843-3e39-563c-9e49-6608e0803017.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/83775-14cb6843-3e39-563c-9e49-6608e0803017_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/83775-14cb6843-3e39-563c-9e49-6608e0803017.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/83775-14cb6843-3e39-563c-9e49-6608e0803017.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-och-menno-x-disconnected-unexpected-elbonian-incident-response-wie-reagiere-ich-falsch","url":"https://api.media.ccc.de/public/events/14cb6843-3e39-563c-9e49-6608e0803017","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"372f7089-b6ae-50ed-bc35-f60c5e9fd6e1","title":"Recharge your batteries with us","subtitle":"– an empowering journey through the energy transition","slug":"39c3-recharge-your-batteries-with-us-an-empowering-journey-through-the-energy-transition","link":"https://events.ccc.de/congress/2025/hub/event/detail/recharge-your-batteries-with-us-an-empowering-journey-through-the-energy-transition","description":"Amidst gloomy headlines, extreme weather, and climate anxiety, the good stories often get lost. Yet they exist - inspiring people, clever engineering, real breakthroughs. And that's exactly what we bring you – the positive power cycles of the energy transition in action. And real energy on stage.\r\n\r\nA committed energy activist and an award-winning solar cell researcher take you on a lively, motivating and sometimes funny journey:\r\n\r\n- to electricity rebels from the Black Forest,\r\n- to heat pumps that supply entire neighborhoods,\r\n- to new solar technologies,\r\n- to wind turbines with history,\r\n- and to politicians who were too pessimistic.\r\n\r\nWhat is already going really well? What can you emulate? Where is it worth getting involved?\r\nWe'll show you – in an easy-to-understand, cheerful way.\r\nTo stay motivated for an adventure as big as the energy transition, we need more than just facts and figures. We need momentum, optimism, and the human energy that keep the power cycles turning.\r\nCome by! Let’s recharge together and celebrate the successes of the energy transition.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Salacidre","JulianeB"],"tags":["2376","2025","39c3","Science","Ground","39c3-eng","39c3-deu","39c3-fra","Day 2"],"view_count":6493,"promoted":false,"date":"2025-12-28T20:10:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-05T13:45:04.671+02:00","length":2369,"duration":2369,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2376-372f7089-b6ae-50ed-bc35-f60c5e9fd6e1.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2376-372f7089-b6ae-50ed-bc35-f60c5e9fd6e1_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2376-372f7089-b6ae-50ed-bc35-f60c5e9fd6e1.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2376-372f7089-b6ae-50ed-bc35-f60c5e9fd6e1.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-recharge-your-batteries-with-us-an-empowering-journey-through-the-energy-transition","url":"https://api.media.ccc.de/public/events/372f7089-b6ae-50ed-bc35-f60c5e9fd6e1","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"1d472b89-efe5-5b71-bb82-110765cf10b3","title":"Eine typisch österreichische Lösung - die Dirndlkoalition","subtitle":null,"slug":"39c3-eine-typisch-sterreichische-lsung-die-dirndlkoalition","link":"https://events.ccc.de/congress/2025/hub/event/detail/eine-typisch-sterreichische-lsung-die-dirndlkoalition","description":"Nach den längsten Koalitionsverhandlungen in der zweiten Republik kämpft die Dirndlkoalition gegen Inflation, Budgetdefizit und rechte Volkskanzlerfantasien. Wir geben einen Überblick zum politischen Jahr in Österreich.\n\nAm Beginn des Jahres wollte Herbert Kickl noch Volkskanzler werden, am Ende des Jahres regiert eine Dreierkoalition in Österreich. Wie gewohnt wollen wir auch heuer wieder erzählen, was in der österreichischen Innenpolitik passiert, der Humor soll dabei nicht zu kurz kommen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["unsösterreichts.jetzt","Alexander Muigg"],"tags":["83790","2025","39c3","Sendezentrum Bühne (Saal X 07)","39c3-deu","Day 1"],"view_count":4087,"promoted":false,"date":"2025-12-27T18:15:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-03-26T12:45:07.251+01:00","length":2726,"duration":2726,"thumb_url":"https://static.media.ccc.de/media/congress/2025/83790-1d472b89-efe5-5b71-bb82-110765cf10b3.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/83790-1d472b89-efe5-5b71-bb82-110765cf10b3_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/83790-1d472b89-efe5-5b71-bb82-110765cf10b3.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/83790-1d472b89-efe5-5b71-bb82-110765cf10b3.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-eine-typisch-sterreichische-lsung-die-dirndlkoalition","url":"https://api.media.ccc.de/public/events/1d472b89-efe5-5b71-bb82-110765cf10b3","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"9296cd85-f869-5687-94cb-e87d805249a2","title":"Chatkontrolle","subtitle":"Ctrl+Alt+Delete","slug":"39c3-episode-ii-der-rat-schlagt-zuruck","link":"https://events.ccc.de/congress/2025/hub/event/detail/episode-ii-der-rat-schlagt-zuruck","description":"Seit jetzt schon vier Jahren droht aus der EU die Chatkontrolle. In Deutschland ist das Thema nach den Protesten im Oktober aktueller denn je - und sogar Jens Spahn und Rainer Wendt sind plötzlich gegen diese Form der Überwachung. In diesem Vortrag schauen wir zurück und erklären was, vor allem im Hintergrund, passiert ist. Wir nehmen die Position der Bundesregierung genau unter die Lupe und werfen einen Blick auf die Schritte, die auf EU-Ebene vor uns liegen.\r\n\r\nDie Chatkontrolle liest sich mehr wie eine tragische Komödie, als ein Gesetzgebungsverfahren. Nach dem dramaturgischen Rückblick auf dem 37C3 wird es nun Zeit einen Blick auf die Seite der Rebellen zu werfen. \r\nMarkus Reuter und khaleesi haben den Gesetzgebungsprozess rund um die Chatkontrolle von Anfang an eng begleitet, er aus der der journalistischen, sie aus der Policy-Perspektive. \r\nNach den ersten Jahren mit großen Rummel und Hollywoodstars ist es nach den EU-Wahlen doch etwas ruhig geworden. Doch die Gefahr ist nicht vom Tisch:\r\n\r\nZwar steht die Position des EU-Parlaments gegen die Chatkontrolle - aber wie sicher sie wirklich ist, ist unklar.\r\nDerzeit hängt alles am Rat: Es gab sehr positive Vorschläge (polnische Ratspräsidentschaft) und negative Vorschläge (dänische Ratspräsidentschaft) - doch einigen können sich die Länder nicht und eine Mehrheit will die Chatkontrolle, kann sich aber nicht durchsetzen.\r\n\r\nUnd auch in Deutschland hat die Chatkontrolle den ganz großen Sprung in die Öffentlichkeit geschafft und die Gegner:innen einen Etappensieg errungen. Was dieser Erfolg mit der Arbeit der letzten vier Jahre zu tun hat und warum auch in Deutschland noch nichts in trockenen Tüchern ist, erzählen wir in diesem Talk.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["khaleesi","Markus Reuter"],"tags":["1377","2025","39c3","Ethics, Society \u0026 Politics","One","39c3-deu","39c3-eng","39c3-fra","Day 1"],"view_count":17177,"promoted":false,"date":"2025-12-27T20:30:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-03T21:15:05.035+02:00","length":3338,"duration":3338,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1377-9296cd85-f869-5687-94cb-e87d805249a2.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1377-9296cd85-f869-5687-94cb-e87d805249a2_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1377-9296cd85-f869-5687-94cb-e87d805249a2.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1377-9296cd85-f869-5687-94cb-e87d805249a2.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-episode-ii-der-rat-schlagt-zuruck","url":"https://api.media.ccc.de/public/events/9296cd85-f869-5687-94cb-e87d805249a2","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"f1f8be7b-2087-5fff-969d-baef470497b1","title":"The Modular Workshop – The Tunegirl und Rob StrobE","subtitle":null,"slug":"39c3-the-modular-workshop-the-tunegirl-und-rob-strobe","link":"https://events.ccc.de/congress/2025/hub/event/detail/the-modular-workshop-the-tunegirl-und-rob-strobe","description":"Hallo CCC Community,\nwir präsentieren euch The Tunegirl und Rob StrobE, beide sind mit Veröffentlichungen auf dem Assassins Soldier Label beheimatet und blicken auf eine gemeinsame Liebe für Detroit Techno.\n\nDie Idee zum gemeinsamen Workshop für euch entstand  natürlich auf dem Dancefloor und The Tunegirl hat die Cases gepackt und nach Hamburg gebracht.\n\nWährend The Tunegirl den praktischen Teil verantwortet und die Kabel steckt, wird euch Rob durch die Kabel führen und einen Einblick in die Welt der Module und Drummachines geben. Unterstützt wird das ganze von einer Kamera, damit ihr nah am Geschehen dabei sein könnt.\n\nDie beiden stehen euch für Fragen nach dem Workshop zur Verfügung.\n\nWir wünschen euch viel Spass und gute Unterhaltung,\n\nAblauf des Workshops\n1. Begrüßung \u0026 Einführung \n   •\tVorstellung der Artists\n   •\tMotivation und Ziel des Workshops\n   •\tKurzer Überblick über Setup \u0026 Equipment\n2. Theorie \u0026 Orientierung im Kabeldschungel mit The Tunegirl \u0026 Rob StrobE \n   •\tWas passiert eigentlich im Patch?\n   •\tÜberblick über Module, Signale, Clocking \u0026 Drummachines\n   •\tSounddesign-Strategien und Workflow-Tipps\n3. Praxis: Live Modular Patchen mit The Tunegirl \n   •\tPatchen in Echtzeit\n   •\tAufbau und Struktur eines modularen Livesets\n   •\tEntstehung von Rhythmus, Sequenzen und Texturen\n   •\tAbschließend Live-Jam\n4. Visual Support\n   •\teine Kamera für den direkten Einblick ins Patch-Setup\n5. Q\u0026A – Eure Fragen, unsere Antworten  Minuten\n   •\tOffene Fragerunde\n   •\tAustausch \u0026 Networking\n________________________________________\nZielgruppe\n•\tEinsteiger bis Fortgeschrittene\n•\tInteressierte an modularer Klangerzeugung, Hardware-Livesets \u0026 -Musikproduktion\n________________________________________\nHinweis\nNach dem Workshop stehen wir euch gerne für persönliche Fragen, Austausch und Nerd-Talk zur Verfügung.\n________________________________________\nWir wünschen viel Spaß, Inspiration \u0026 gute Unterhaltung!\nAndrea (The Tunegirl) \u0026 Rob (Rob StrobE)\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Rob StrobE"],"tags":["2439","2025","39c3","Chaos Computer Music Club","39c3-deu","Day 3"],"view_count":4548,"promoted":false,"date":"2025-12-29T18:00:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-05T12:00:03.691+02:00","length":3545,"duration":3545,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2439-f1f8be7b-2087-5fff-969d-baef470497b1.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2439-f1f8be7b-2087-5fff-969d-baef470497b1_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2439-f1f8be7b-2087-5fff-969d-baef470497b1.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2439-f1f8be7b-2087-5fff-969d-baef470497b1.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-the-modular-workshop-the-tunegirl-und-rob-strobe","url":"https://api.media.ccc.de/public/events/f1f8be7b-2087-5fff-969d-baef470497b1","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"678b899b-7d32-56e3-9d1d-7f2208cfe2d7","title":"BE Modded: Exploring and hacking the Vital Bracelet ecosystem","subtitle":null,"slug":"39c3-be-modded-exploring-and-hacking-the-vital-bracelet-ecosystem","link":"https://events.ccc.de/congress/2025/hub/event/detail/be-modded-exploring-and-hacking-the-vital-bracelet-ecosystem","description":"The Vital Bracelet series is an ecosystem of interactive fitness toys, content on memory chips, and apps that talk via NFC. In this talk, we'll explore the hardware and software of the series, from its obscure CPU architecture, to how it interacts with the outside world, from dumping OTP ROMs and breaking security, to making custom firmware.\n\nThe Vital Bracelet series, active from 2021 to 2024, was a line of toys that revolved around a number of fitness bracelets that encouraged exercise by raising characters from the Digimon series, and expanding into tokusatsu and popular anime characters later. Think of it as Tamagotchi, but nurturing through exercise instead of button presses.\n\nIn this presentation, we'll look at the different parts of this series' ecosystem, how they work, and the different ways to circumvent various security measures and customize the devices' behavior.\n\nWe start by looking at the first Vital Bracelet, with a quick introduction to hardware reverse engineering and how to dump firmware out of flash. Following that, we will take a look at the microcontroller used in the devices, and its obscure instruction set architecture. This will lead into an exploration of how to reverse engineer code when you are missing a significant portion of it, and how the embedded ROM was dumped. After this, we will look at the DRM applied to content, and how it was circumvented. Next, the device's NFC capabilities will be explored.\n\nWith the release of the Vital Bracelet BE, which introduced upgradable firmware, came new challenges and opportunities. We will take a look at the new content format and additional DRM measures it incorporated, plus how the device's bootloader was dumped despite its signature verification scheme.\n\nFinally, we will take a look at the process for modding the various Vital Bracelet releases, and some techniques to use while writing patches.\n\nThe material in this talk can be applied beyond just the Vital Bracelet series, and can be useful if you want to explore other electronic toys, or just hardware reverse engineering in general.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["cyanic"],"tags":["1641","2025","39c3","Hardware","Fuse","39c3-eng","39c3-deu","Day 3"],"view_count":1475,"promoted":false,"date":"2025-12-29T12:50:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-04T06:45:03.184+02:00","length":2098,"duration":2098,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1641-678b899b-7d32-56e3-9d1d-7f2208cfe2d7.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1641-678b899b-7d32-56e3-9d1d-7f2208cfe2d7_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1641-678b899b-7d32-56e3-9d1d-7f2208cfe2d7.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1641-678b899b-7d32-56e3-9d1d-7f2208cfe2d7.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-be-modded-exploring-and-hacking-the-vital-bracelet-ecosystem","url":"https://api.media.ccc.de/public/events/678b899b-7d32-56e3-9d1d-7f2208cfe2d7","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"5454618f-fcfb-568a-b82b-eb0b10bf89cb","title":"Build a Fake Phone, Find Real Bugs","subtitle":"Qualcomm GPU Emulation and Fuzzing with LibAFL QEMU","slug":"39c3-build-a-fake-phone-find-real-bugs-qualcomm-gpu-emulation-and-fuzzing-with-libafl-qemu","link":"https://events.ccc.de/congress/2025/hub/event/detail/build-a-fake-phone-find-real-bugs-qualcomm-gpu-emulation-and-fuzzing-with-libafl-qemu","description":"Mobile phones are central to everyday life: we communicate, entertain ourselves, and keep vast swaths of our digital lives on them. That ubiquity makes high-risk groups such as journalists, activists, and dissidents prime targets for sophisticated spyware that exploits device vulnerabilities.\r\n\r\nOn Android devices, GPU drivers have repeatedly served as the final escalation vector into the kernel. To study and mitigate that risk, we undertook a research project to virtualize the Qualcomm Android kernel and the KGSL graphics driver from scratch in QEMU. This new environment enables deep debugging, efficient coverage collection, and large-scale fuzzing across server farms, instead of relying on a handful of preproduction devices.\r\n\r\nThis talk will highlight the technical aspects of our research, starting with the steps required to boot the Qualcomm mobile kernel in QEMU, all the way up to the partial emulation of the GPU. Then, we will present how we moved from our emulation prototype to a full-fledged fuzzer based on LibAFL QEMU.\r\n\r\nMobile phone manufacturers ship competitive hardware supported by increasingly complex software stacks, ranging from firmware and bootloaders to kernel modules, hypervisors, and other TrustZone environments. In an effort to keep their products secure, these companies rely on state-of-the-art testing techniques such as fuzzing. They commonly perform their fuzzing campaigns on-device to find vulnerabilities. Unfortunately, this approach is expensive to scale and does not always provide fine-grained control over the target. To address these issues, we approached the problem through the prism of emulation, by partially reimplementing the hardware as a normal software to run on a computer. That way, we could scale fuzzing instances, and gain full control over the emulated target.\r\n\r\nThe presentation will outline how we made the full emulation of Qualcomm’s Android ecosystem possible by tweaking the complex build system of the Android image and implementing a custom board (including more than 10 custom devices) in QEMU. We will review the steps required and the technical challenges encountered along the way.\r\n\r\nAfter providing a quick recap and the latest updates on LibAFL QEMU (presented at 37C3) by one of the LibAFL maintainers, we will delve into the gory details of how we partially emulated the latest version of Adreno—the GPU designed by Qualcomm—and built a fuzzer for its Android kernel driver. In particular, we will show how LibAFL QEMU was integrated into our custom board and the few improvements we made to the kernel to get better coverage with KCOV. Finally, we will demonstrate how our approach enabled us to find a new critical vulnerability in the GPU kernel driver.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Romain Malmain"],"tags":["2129","2025","39c3","Security","Ground","39c3-eng","39c3-deu","39c3-pol","Day 3"],"view_count":4236,"promoted":false,"date":"2025-12-29T19:15:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-02T15:45:06.072+02:00","length":2461,"duration":2461,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2129-5454618f-fcfb-568a-b82b-eb0b10bf89cb.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2129-5454618f-fcfb-568a-b82b-eb0b10bf89cb_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2129-5454618f-fcfb-568a-b82b-eb0b10bf89cb.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2129-5454618f-fcfb-568a-b82b-eb0b10bf89cb.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-build-a-fake-phone-find-real-bugs-qualcomm-gpu-emulation-and-fuzzing-with-libafl-qemu","url":"https://api.media.ccc.de/public/events/5454618f-fcfb-568a-b82b-eb0b10bf89cb","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"bf34e289-afe1-59a8-8c1c-018b755772e3","title":"Blackbox Palantir","subtitle":null,"slug":"39c3-blackbox-palantir","link":"https://events.ccc.de/congress/2025/hub/event/detail/blackbox-palantir","description":"Wer nutzt in Deutschland Software von Palantir und wer hat das in naher Zukunft vor? Was sind die rechtlichen Voraussetzungen für den Einsatz solcher Analysewerkzeuge? Und was plant Innenminister Alexander Dobrindt in Sachen Palantir für die Polizeien des Bundes?\n\nSoftware von Palantir analysiert für Polizeien und Militär deren Daten – dafür lizenzieren auch deutsche Polizeibehörden seit Jahren die Analysesoftware Gotham des US-Unternehmens. Die Software verarbeitet strukturierte und unstrukturierte Informationen aus Polizeidatenbanken. Die genauen Funktionsweisen sind für die Öffentlichkeit, Gesetzgeber und Kontrollbehörden jedoch nicht einsehbar.\n\nDas US-Unternehmen ist hochumstritten und auch in Deutschland seit einigen Gesetzesinitiativen wieder umkämpft – wegen seiner intransparenten Analysemethoden, seiner Zusammenarbeit mit autoritären Staaten und seiner Nähe zur US-Regierung.\n\nRechtlich ist der Einsatz von Analysetools wie von Palantir in Deutschland ohnehin komplex, denn das Bundesverfassungsgericht hat 2023 deutliche Grenzen für polizeiliche Datenanalysen gezogen. Dennoch haben mehrere Bundesländer für ihre Polizeien Verträge oder streben sie an. Auch auf Bundesebene wird der Einsatz für das Bundeskriminalamt und die Bundespolizei hitzig diskutiert.\n\nWie funktioniert Gotham und welche Gefahren gehen damit einher?\nWelche Entwicklungen sind  im Bund und in den Ländern zu beobachten? Wie geht es weiter?\n\nWir wollen über den Stand der Dinge in Bund und Ländern informieren und auch zeigen, wie wir versuchen, rechtliche Vorgaben durchzusetzen. Denn die GFF und der CCC sind an Verfassungsbeschwerden beteiligt, unter anderem in Hessen, Hamburg und zuletzt in Bayern.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Constanze Kurz","Franziska Görlitz"],"tags":["1958","2025","39c3","Ethics, Society \u0026 Politics","One","39c3-deu","39c3-eng","Day 3"],"view_count":31758,"promoted":false,"date":"2025-12-29T20:30:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-07T08:45:04.634+02:00","length":3439,"duration":3439,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1958-bf34e289-afe1-59a8-8c1c-018b755772e3.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1958-bf34e289-afe1-59a8-8c1c-018b755772e3_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1958-bf34e289-afe1-59a8-8c1c-018b755772e3.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1958-bf34e289-afe1-59a8-8c1c-018b755772e3.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-blackbox-palantir","url":"https://api.media.ccc.de/public/events/bf34e289-afe1-59a8-8c1c-018b755772e3","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"9e189fbf-c326-50ea-8be5-61ce4984a463","title":"Och Menno Mode: Power Cycles, Power Suit, Dresscodes WTF","subtitle":null,"slug":"39c3-och-menno-mode-power-cycles-power-suit-dresscodes-wtf","link":"https://events.ccc.de/congress/2025/hub/event/detail/och-menno-mode-power-cycles-power-suit-dresscodes-wtf","description":"Der inkompetente Podcast über Dresscodes und Mode. Warum verschiedene Kleiderordnungen immer mal wieder zu komischen Situationen und politischen Missverständnissen gesorgt haben. Warum ist der Business Dress eigentlich nur ein besserer Hausanzug ? Warum wird aus gemütlicher Kleidung eine Kleidung die bei Staatsempfängen getragen wird. Warum ist ein Dresscode immer missverständlich ? Bitte zum Vortrag  in smart Casual  Business white Tie, aber nicht zu formal erscheinen. Wer das versteht oder auch nicht wird sich wohlfühlen.\n\nEine kleine Reise über die merkwürdige Welt der (Männer) Mode, die halt wenig sinnvoll ist. Mode ist halt nur eine Möglichkeit sich von anderen Abzugrenzen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Sven Uckermann"],"tags":["83757","2025","39c3","Sendezentrum Bühne (Saal X 07)","39c3-deu","Day 2"],"view_count":11242,"promoted":false,"date":"2025-12-28T14:45:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-07T09:00:03.652+02:00","length":2699,"duration":2699,"thumb_url":"https://static.media.ccc.de/media/congress/2025/83757-9e189fbf-c326-50ea-8be5-61ce4984a463.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/83757-9e189fbf-c326-50ea-8be5-61ce4984a463_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/83757-9e189fbf-c326-50ea-8be5-61ce4984a463.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/83757-9e189fbf-c326-50ea-8be5-61ce4984a463.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-och-menno-mode-power-cycles-power-suit-dresscodes-wtf","url":"https://api.media.ccc.de/public/events/9e189fbf-c326-50ea-8be5-61ce4984a463","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"755f1d78-c910-56cb-a37e-13870013bff6","title":"Gegenmacht - Best of Informationsfreiheit","subtitle":null,"slug":"39c3-gegenmacht-best-of-informationsfreiheit","link":"https://events.ccc.de/congress/2025/hub/event/detail/gegenmacht-best-of-informationsfreiheit","description":"Sind mehr Infos wirklich die Lösung? Ob Jens Spahn, Philipp Amthor oder Friedrich Merz - sie alle sagen offen, was sie vorhaben und machen keinen Hehl aus ihren Verbindungen zur Trump-Regierung, zu Milliardären und der fossilen Lobby. Was bringt Transparenz in Zeiten der autoritären Wende?\n\nTransparenz braucht Rechenschaft. Ohne Konsequenzen bleibt Transparenz wirkungslos. Wie können wir also eine wirksame Gegenmacht schaffen, die Veränderungen durchsetzt?\n\nPhilipp Amthors Angriff aufs Informationsfreiheitsgesetz konnten wir erst einmal abwehren - jetzt geht's in die Offensive! Mit den Highlights aus Strafanzeigen gegen Alexandeer Dobrindt, Spahns geleaktem Maskenbericht, der Milliardärslobby im Wirtschaftsministerium und allen Steueroasen in Deutschland.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Arne Semsrott"],"tags":["1207","2025","39c3","Ethics, Society \u0026 Politics","One","39c3-deu","39c3-eng","39c3-spa","Day 3"],"view_count":74247,"promoted":false,"date":"2025-12-29T16:00:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-07T09:15:04.737+02:00","length":3308,"duration":3308,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1207-755f1d78-c910-56cb-a37e-13870013bff6.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1207-755f1d78-c910-56cb-a37e-13870013bff6_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1207-755f1d78-c910-56cb-a37e-13870013bff6.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1207-755f1d78-c910-56cb-a37e-13870013bff6.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-gegenmacht-best-of-informationsfreiheit","url":"https://api.media.ccc.de/public/events/755f1d78-c910-56cb-a37e-13870013bff6","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"985ef663-e1f8-54d2-8e3e-f0c5beb512e2","title":"Persist, resist, stitch","subtitle":null,"slug":"39c3-persist-resist-stitch","link":"https://events.ccc.de/congress/2025/hub/event/detail/persist-resist-stitch","description":"What does knitting have to do with espionage? Can embroidery help your mental health? This talk shows how the skills to create textile art have enabled people to resist and to persist under oppressive regimes for centuries. And it offers ways to keep doing so.\n\nWorking with textile mediums like yarn, thread, and floss is generally seen as a feminine hobby and as thus is usually classified as craft, not art. And crafting is something people, maybe even people usually seen as a bit boring, do in their free time to unwind. Most of us have grown up with the image of the loving grandmother knitting socks for the family, an act of care that was never considered anything special.\nThe patriarchal society’s tendency to underestimate anything considered feminine and, inextricably connected to this, domestic is an ongoing struggle. But being underestimated also provides a cover and with it the opportunity for subversion and resistance.\nAs global powers are cycling back to despotism and opression, let me take you back in time to show you how people used textile crafts to organise resistance and shape movements. Like the quilts that were designed and sewn to help enslaved people in the US escape slavery and navigate the Underground Railroad from the 1780s on, or the knitted garments that carried information about the Nazis to help resistance in occupied Europe during World War II, or the cross stitches by a prisoner of war that had Nazis unknowingly display art saying “Fuck Hitler”.\nTextile crafts have been used by marginalised and disenfranchised people to protest, to organise, and to persist for centuries. This tradition found a new rise in what is now called “craftivism” and is using the internet to build bigger communities spanning the world. These communities also come together to help, often quite tangibly by creating specific items like the home-sewn masks during early Covid19. In addition, crafting has scientifically-proven benefits for one’s mental health.\nTaking up the increasingly popular quote \"When the world is too scary, too loud, too much: Stop consuming, start creating\", this talk shows how the skills to create have enabled and will enable people to resist and to persist.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Philo"],"tags":["1636","2025","39c3","Art \u0026 Beauty","Ground","39c3-eng","39c3-deu","39c3-fra","Day 2"],"view_count":4908,"promoted":false,"date":"2025-12-28T16:35:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-04T15:30:03.879+02:00","length":2530,"duration":2530,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1636-985ef663-e1f8-54d2-8e3e-f0c5beb512e2.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1636-985ef663-e1f8-54d2-8e3e-f0c5beb512e2_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1636-985ef663-e1f8-54d2-8e3e-f0c5beb512e2.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1636-985ef663-e1f8-54d2-8e3e-f0c5beb512e2.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-persist-resist-stitch","url":"https://api.media.ccc.de/public/events/985ef663-e1f8-54d2-8e3e-f0c5beb512e2","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"0c6e2d25-7014-5aaf-9c6a-b4347f0ff85c","title":"Lessons from Building an Open-Architecture Secure Element","subtitle":null,"slug":"39c3-lessons-from-building-an-open-architecture-secure-element","link":"https://events.ccc.de/congress/2025/hub/event/detail/lessons-from-building-an-open-architecture-secure-element","description":"The talk will be about our experience from building an open-architecture secure element from the ground up. It explains why openness became part of the security model, how it reshaped design and development workflows, and where reality pushed back — through legal constraints, third-party IP, or export controls. It walks through the secure boot chain, attestation model, firmware update flow, integration APIs, and the testing framework built for external inspection. Real examples of security evaluations by independent researchers are presented, showing what was learned from their findings and how those exchanges raised the overall security bar. The goal is to provoke discussion on how open collaboration can make hardware more verifiable, adaptable, auditable and while keeping secure.\n\nThis talk shares our engineering experience from designing and implementing an open-architecture secure element — a type of chip that is traditionally closed and opaque. We’ll outline the practical consequences of choosing openness as part of the security model: how it affected hardware architecture, firmware design, verification, and development workflows.\nThe session dives into concrete technical areas including the secure boot chain, attestation and update flow, key storage isolation, and the testing and fuzzing infrastructure used to validate the design. It also covers the boundaries of openness — where third-party IP, export control, or certification requirements force certain blocks to remain closed — and how we document and mitigate those limits.\nWe’ll present anonymized examples of external security evaluations, show how responsible disclosure and transparent fixes improved resilience, and reflect on what “community-driven security” means in a hardware context. Attendees should leave with a clearer view of what it takes to make security verifiable at the silicon level — and why that process is never finished.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Jan Pleskac"],"tags":["2090","2025","39c3","Hardware","Zero","39c3-eng","39c3-deu","39c3-fra","Day 2"],"view_count":2100,"promoted":false,"date":"2025-12-28T16:35:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-01T01:00:04.884+02:00","length":2526,"duration":2526,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2090-0c6e2d25-7014-5aaf-9c6a-b4347f0ff85c.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2090-0c6e2d25-7014-5aaf-9c6a-b4347f0ff85c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2090-0c6e2d25-7014-5aaf-9c6a-b4347f0ff85c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2090-0c6e2d25-7014-5aaf-9c6a-b4347f0ff85c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-lessons-from-building-an-open-architecture-secure-element","url":"https://api.media.ccc.de/public/events/0c6e2d25-7014-5aaf-9c6a-b4347f0ff85c","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"ba5269c3-88f7-50e8-b12c-63510ee697e8","title":"What You Hack Is What You Mean: 35 Years of Wiring Sense into Text","subtitle":null,"slug":"39c3-what-you-hack-is-what-you-mean-35-years-of-wiring-sense-into-text","link":"https://events.ccc.de/congress/2025/hub/event/detail/what-you-hack-is-what-you-mean-35-years-of-wiring-sense-into-text","description":"Encoding isn’t just for machines — it’s how humans shape meaning. This talk traces 35 years of hacking text through the Text Encoding Initiative (TEI), a community-driven, open-source standard for describing the deep structure of texts. We’ll explore how TEI turns literature, research, and even hacker lore into machine-readable, remixable data — and how it enables minimal, sustainable self-publishing without gatekeepers. From alphabets to XML and the Hacker Bible, we’ll look at text as a living system: something we can read, write, and hack together.\n\nComputers can’t do much without encoding. They need ways to turn bytes into symbols, words, and meaning — to make text readable for both humans and machines. But encoding isn’t just for machines. Humans also encode: we describe, structure, and translate our thoughts into text. And while the number of text formats seems endless (and keeps growing), that’s not a bug — it’s a feature. Diversity in encoding is how we learn what works and what doesn’t.\n\nLong before ASCII tables or Unicode, text encoding already existed — in alphabets, printing presses, and typographic systems. Every technology of writing has been a way of hacking language into matter: from clay tablets to lead letters, from code pages to Markdown. Each era brings new formats and new constraints — and with them, new genres, new rules, new cultural codes. Think of poetry and protocol manuals, fairy tales and README files, the Hacker Bible itself — all shaped by the tools and conventions that carry them.\n\nSo here’s the question: can we encode not only what we see, but what we mean? Can we capture a poem’s rhythm, a play’s voices, or the alternate endings of a story — and do it in a way that’s open, remixable, and machine-readable?\n\nTurns out, yes — and the solution has existed since 1988. It’s called the Text Encoding Initiative (TEI), a long-running open-source standard that lets you describe the structure, semantics, and context of texts using XML. You can think of it as a humanities fork of hypertext — an extensible markup language for everything from medieval manuscripts to memes.\n\nTEI is more than a format: it’s a collaborative, living standard maintained by an international community of researchers, librarians, and digital humanists. It evolves with the world — adding elements for new text types (like social media posts) and for changing cultural realities (like non-binary gender markers). It embodies open science principles and keeps publishing in the hands of its creators.\n\nYou don’t need a publisher, a platform, or a big server farm. Just an XML-aware text editor, a few lines of CSS, and maybe a Git repo. From there, you can transform your encoded text into websites, PDFs, e-books — or share it directly in its raw, readable, hackable form. It’s sustainable, transparent, and low-energy. It even challenges the academic prestige economy by making every individual contribution visible — from editors to annotators to script writers.\n\nIn this talk, we’ll look at text as code and code as culture, from alphabets to XML, and explore how TEI can be a tool for hacking not machines but meaning itself. We’ll end with a practical example: a TEI-encoded page of the first Hacker Bible — because our own history also deserves to be archived, shared, and forked.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Torsten Roeder"],"tags":["2258","2025","39c3","Art \u0026 Beauty","Fuse","39c3-eng","39c3-deu","Day 4"],"view_count":1192,"promoted":false,"date":"2025-12-30T11:55:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-04T22:30:08.729+02:00","length":2521,"duration":2521,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2258-ba5269c3-88f7-50e8-b12c-63510ee697e8.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2258-ba5269c3-88f7-50e8-b12c-63510ee697e8_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2258-ba5269c3-88f7-50e8-b12c-63510ee697e8.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2258-ba5269c3-88f7-50e8-b12c-63510ee697e8.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-what-you-hack-is-what-you-mean-35-years-of-wiring-sense-into-text","url":"https://api.media.ccc.de/public/events/ba5269c3-88f7-50e8-b12c-63510ee697e8","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"f392f7c4-841b-5922-8fdf-ff8eb8150825","title":"Shit for Future: turning human shit into a climate solution","subtitle":null,"slug":"39c3-shit-for-future-turning-human-shit-into-a-climate-solution","link":"https://events.ccc.de/congress/2025/hub/event/detail/shit-for-future-turning-human-shit-into-a-climate-solution","description":"Humanity has already crossed the point where simply reducing emissions will no longer be enough to keep global warming below 2°C. According to the IPCC (AR6, WGIII), it is now essential to actively remove greenhouse gases from the atmosphere in order to meet global climate targets, maintain net-zero (or even net-negative emissions), and address the burden of historical emissions. At the same time, degraded soils and the climate crisis are a threat to global food security.\nTwo years ago, I presented an overview of different methods available for carbon dioxide removal. Today, I want to show you an example of how CO₂ can be removed from the atmosphere while simultaneously improving the lives of local communities:\n\nHuman shit.\n\nHuman shit is a high abundant biomass, contains critical nutrients for global food security, and causes serious health and environmental issues from poor or non-existent treatment outside industrial countries. Converting shit into biochar presents a powerful solution: the process eliminates contaminants, stabilizes and locks away carbon, and can be used to improve agricultural soils. The challenge is that most nutrients in this biochar are not accessible to plants. To overcome this, I mixed human and chicken shit and produced a “Superchar” that releases far more nutrients. It’s not magic, it’s just some chemistry and putting aside your prejudices and disgust. I’ll show you how I did some shit experiments in Hamburg and Guatemala and how you can do it too.\n\nToday’s science mostly follows worn-out pathways and lack big discoveries and innovations. Scientists often don’t want to take a risk because the competition for a permanent position in academia is so high, which pressures them into conservative research topics supported by their supervisors. Even when science provides helpful solutions for urgent problems, the knowledge mostly ends up in libraries, written in papers that nobody understands. I want to show that it is worthwhile to follow research ideas that are unconventional, upset your boss af and explore topics that are unpopular like working with shit. I hope that sharing stories of how a funny idea turned into a solution encourage others to start making impact in their environment.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Elena"],"tags":["1631","2025","39c3","Science","Ground","39c3-eng","39c3-deu","39c3-spa","Day 3"],"view_count":2706,"promoted":false,"date":"2025-12-29T13:50:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-04T10:30:03.846+02:00","length":2406,"duration":2406,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1631-f392f7c4-841b-5922-8fdf-ff8eb8150825.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1631-f392f7c4-841b-5922-8fdf-ff8eb8150825_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1631-f392f7c4-841b-5922-8fdf-ff8eb8150825.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1631-f392f7c4-841b-5922-8fdf-ff8eb8150825.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-shit-for-future-turning-human-shit-into-a-climate-solution","url":"https://api.media.ccc.de/public/events/f392f7c4-841b-5922-8fdf-ff8eb8150825","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"ab19e1f1-ca13-531e-9d30-0ca5b0c7551c","title":"Building a NOC from scratch","subtitle":null,"slug":"39c3-building-a-noc-from-scratch","link":"https://events.ccc.de/congress/2025/hub/event/detail/building-a-noc-from-scratch","description":"Learn from our mistakes during the first iteration of Network Operations for Europe's largest furry convention, Eurofurence.\nDieses Jahr hat ein kleines Team aus dem Chaos, Furries und Chaos-Furries ein neues Netzwerk-OC gegründet, um die Eurofurence mit gutem premium 👌 Internetz auszustatten. Wir erzählen von unseren Erfahrungen und den sozialen sowie technischen Herausforderungen.\n\nZum Zeitpunkt der 29. Eurofurence (also dieses Jahr) hatte das Event eine Größe erreicht, bei der typische Event-Locations unsere speziellen Anforderungen nicht mal eben so erfüllen konnten. Beispielsweise ist eine aufwändige Audio/Video-Produktion Teil der Eurofurence, welche ein IP-Netz mit hoher Bandbreite, niederiger Latenz, niedrigem Jitter, Multicast-Transport und präzise Zeitsynchronisierung benötigt. Deshalb wurde dieses Jahr das _Onsite Eurofurence Network Operation Center_ _(EFNOC)_ gegründet. Unsere Aufgabe sollte es sein, alle Anforderungen der anderen Teams kompetent zu erfüllen wovon wir euch in diesem Vortrag etwas aus dem Nähkästchen erzählen wollen.\n\nGrob haben wir wärend der EF29 das Team etabliert und ein Netzwerk gebaut, welches für A/V-Produktion, Event-Koordination und Event-Management (z.B. Security, Ticketing) benutzt wurde. Unser persönliches Ziel war es außerdem, ein benutzbares WLAN-Netzwerk für alle Besuchenden über dies gesamte Event-Venue hinweg zu schaffen – also von Halle H bis zum Vorplatz.\nUnsere Architektur bestand dafür aus einem simplen Layer2-Netzwerk mit VLAN-Unterteilung, welches von _Arista DCS-7050TX-72Q_ mit 40Gbit/s Optiken bereitgestellt wurde. Die Aristas haben außerdem ein PTP-Signal propagiert, welches von einer Meinberg Master-Clock gesteuert wurde. Zusätzlich war ein Linux-Server als Hypervisor für diverse Netzwerk-Services wie DNS, DHCP, Monitoring und Routing im Einsatz.\nSo zumindest der Plan, denn während des Events wurden wir mit der Realität und vielen „spaßigen“ Problemen konfrontiert.\n\nUnser Talk wird sich unter anderem mit diesen technischen Problemen beschäftigen, allerdings den Fokus nicht nur auf die technische Darstellung legen. Stattdessen werden wir auch beleuchten, wie wir als Team menschlich untereinander und in der Kommunikation mit anderen Teams damit umgegangen sind.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["lilly"],"tags":["1785","2025","39c3","CCC \u0026 Community","Zero","39c3-deu","39c3-eng","Day 1"],"view_count":13508,"promoted":false,"date":"2025-12-27T23:55:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-04T23:45:05.625+02:00","length":2071,"duration":2071,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1785-ab19e1f1-ca13-531e-9d30-0ca5b0c7551c.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1785-ab19e1f1-ca13-531e-9d30-0ca5b0c7551c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1785-ab19e1f1-ca13-531e-9d30-0ca5b0c7551c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1785-ab19e1f1-ca13-531e-9d30-0ca5b0c7551c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-building-a-noc-from-scratch","url":"https://api.media.ccc.de/public/events/ab19e1f1-ca13-531e-9d30-0ca5b0c7551c","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"05e9ba1f-11c5-5d4e-b907-4feecc857ae5","title":"Agentic ProbLLMs: Exploiting AI Computer-Use and Coding Agents","subtitle":null,"slug":"39c3-agentic-probllms-exploiting-ai-computer-use-and-coding-agents","link":"https://events.ccc.de/congress/2025/hub/event/detail/agentic-probllms-exploiting-ai-computer-use-and-coding-agents","description":"This talk demonstrates end-to-end prompt injection exploits that compromise agentic systems. Specifically, we will discuss exploits that target computer-use and coding agents, such as Anthropic's Claude Code, GitHub Copilot, Google Jules, Devin AI, ChatGPT Operator, Amazon Q, AWS Kiro, and others. \n\nExploits will impact confidentiality, system integrity, and the future of AI-driven automation, including remote code execution, exfiltration of sensitive information such as access tokens, and even joining Agents to traditional command and control infrastructure. Which are known as \"ZombAIs\", a term first coined by the presenter as well as long-term prompt injection persistence in AI coding agents.\n\nAdditionally, we will explore how nation state TTPs such as ClickFix apply to Computer-Use systems and how they can trick AI systems and lead to full system compromise (AI ClickFix). \n\nFinally, we will cover current mitigation strategies and forward-looking recommendations and strategic thoughts.\n\nDuring the Month of AI Bugs (August 2025), I responsibly disclosed over two dozen security vulnerabilities across all major agentic AI coding assistants. This talk distills the most severe findings and patterns observed.\n\nKey highlights include:\n* Critical prompt-injection exploits enabling zero-click data exfiltration and arbitrary remote code execution across multiple platforms and vendor products\n* Recurring systemic flaws such as over-reliance on LLM behavior for trust decisions, inadequate sandboxing of tools, and weak user-in-the-loop controls.\n* How I leveraged AI to find some of these vulnerabilities quickly\n* The AI Kill Chain: prompt injection, confused deputy behavior, and automatic tool invocation\n* Adaptation of nation-state TTPs (e.g., ClickFix) into AI ClickFix techniques that can fully compromise computer-use systems.\n* Insights about vendor responses: from quick patches and CVEs to months of silence, or quiet patching\n* AgentHopper will highlight how these vulnerabilities combined could have led to an AI Virus\n\nFinally, the session presents practical mitigations and forward-looking strategies to reduce the growing attack surface of probabilistic, autonomous AI systems.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Johann Rehberger"],"tags":["1306","2025","39c3","Security","Zero","39c3-eng","39c3-deu","39c3-fra","Day 2"],"view_count":64511,"promoted":false,"date":"2025-12-28T13:30:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-07T12:30:06.778+02:00","length":3531,"duration":3531,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1306-05e9ba1f-11c5-5d4e-b907-4feecc857ae5.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1306-05e9ba1f-11c5-5d4e-b907-4feecc857ae5_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1306-05e9ba1f-11c5-5d4e-b907-4feecc857ae5.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1306-05e9ba1f-11c5-5d4e-b907-4feecc857ae5.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-agentic-probllms-exploiting-ai-computer-use-and-coding-agents","url":"https://api.media.ccc.de/public/events/05e9ba1f-11c5-5d4e-b907-4feecc857ae5","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"d1174c82-6e99-5acb-98f2-3c0f55b046c7","title":"Battling Obsolescence – Keeping an 80s laser tag system alive","subtitle":null,"slug":"39c3-battling-obsolescence-keeping-an-80s-laser-tag-sys","link":"https://events.ccc.de/congress/2025/hub/event/detail/battling-obsolescence-keeping-an-80s-laser-tag-sys","description":"Keeping old projects working can be an uphill battle.  This talk explores how the laser tag system Q-Zar (Quasar in the UK) has been kept alive since the company behind it failed in the 90s.   The challenges encountered, the lessons learnt, and how those can be applied to our own future projects to maximise the project lifetime.\n\nLooking at the effects of obsolescence in the context of a laser tag system from the 1980s Q-Zar (Quasar in the UK), what needed to happen to keep it going to enable people to continue playing.  What lessons we can learn from that and some good examples from other projects, and how that can be applied to our own projects.\n\nThis talk covers the electronics involved in the laser tag system, why the continued availability of components has varied a lot.  The need to develop new computer software that continues to work years later.  The way the physical equipment can have its life extended.\n\nTopics covered range from electronics design through to software coding and onto physical unit repair. A look at the tooling created to help maintain, support and repair the laser tag packs.  The challenges Covid-19 created and how things were rapidly pivoted to enable continued playing in challenging times.\nThis is about how we all can make simple decisions that help build something that will last the maximum time possible with the least amount of effort.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Trikkitt"],"tags":["1364","2025","39c3","Hardware","Fuse","39c3-deu","39c3-eng","39c3-fra","Day 4"],"view_count":3194,"promoted":false,"date":"2025-12-30T13:50:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-05T21:30:05.476+02:00","length":2561,"duration":2561,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1364-d1174c82-6e99-5acb-98f2-3c0f55b046c7.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1364-d1174c82-6e99-5acb-98f2-3c0f55b046c7_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1364-d1174c82-6e99-5acb-98f2-3c0f55b046c7.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1364-d1174c82-6e99-5acb-98f2-3c0f55b046c7.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-battling-obsolescence-keeping-an-80s-laser-tag-sys","url":"https://api.media.ccc.de/public/events/d1174c82-6e99-5acb-98f2-3c0f55b046c7","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"b98918cb-489e-5f5e-aa06-26753cb48418","title":"Making the Magic Leap past NVIDIA's secure bootchain and breaking some Tesla Autopilots along the way","subtitle":null,"slug":"39c3-making-the-magic-leap-past-nvidia-s-secure-bootchain-and-breaking-some-tesla-autopilots-along-the-way","link":"https://events.ccc.de/congress/2025/hub/event/detail/making-the-magic-leap-past-nvidia-s-secure-bootchain-and-breaking-some-tesla-autopilots-along-the-way","description":"The Tegra X2 is an SoC used in devices such as the Magic Leap One, and Tesla's Autopilot 2 \u0026 2.5 promising a secure bootchain. But how secure really is the secure boot? In this talk I go over how I went from a secured Magic Leap One headset, to exploiting the bootloader over USB, to doing fault injection to dump the BootROM, to finding and exploiting an unpatchable vulnerability in the BootROM's USB recovery mode affecting all Tegra X2s.\n\nIn mid 2024, a friend approached me about Magic Leap making their TX2 based XR headsets little more than a paperweight by disabling the mandatory activation servers. I morally dislike this, companies shouldn't turn functional devices into e-waste just because they want to sell newer devices.\n\nAfter obtaining one, and poking at the Fastboot implementation, I discovered it was based off NVIDIA's Fastboot implementation, which is source available. I found a vulnerability in the NVIDIA provided source code in how it unpacks SparseFS images (named sparsehax), and successfully blindly exploited the modified implementation on the Magic Leap One. I also found a vulnerability in it that allowed gaining persistence via how it loads the kernel DTB (named dtbhax).\n\nStill unsatisfied with this, I used fault injection to dump the BootROM from a Tegra X2 devkit.\n\nIn the BootROM I discovered a vulnerability in the USB recovery mode. Exploiting this vulnerability proved difficult due to only having access to memory from the perspective of the USB controller. I will explain what was tried, why it didn't work, and how I eventually got code execution at the highest privilege level via it.\n\nAs I will demonstrate, this exploit also functions on Tesla's autopilot hardware.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Elise Amber Katze"],"tags":["1454","2025","39c3","Security","Zero","39c3-eng","39c3-deu","39c3-fra","Day 3"],"view_count":12147,"promoted":false,"date":"2025-12-29T14:45:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-07T02:15:04.269+02:00","length":3476,"duration":3476,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1454-b98918cb-489e-5f5e-aa06-26753cb48418.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1454-b98918cb-489e-5f5e-aa06-26753cb48418_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1454-b98918cb-489e-5f5e-aa06-26753cb48418.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1454-b98918cb-489e-5f5e-aa06-26753cb48418.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-making-the-magic-leap-past-nvidia-s-secure-bootchain-and-breaking-some-tesla-autopilots-along-the-way","url":"https://api.media.ccc.de/public/events/b98918cb-489e-5f5e-aa06-26753cb48418","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"d92af8c4-40fb-54e2-9535-bcc683f4a010","title":"Xous: A Pure-Rust Rethink of the Embedded Operating System","subtitle":null,"slug":"39c3-xous-a-pure-rust-rethink-of-the-embedded-operating-system","link":"https://events.ccc.de/congress/2025/hub/event/detail/xous-a-pure-rust-rethink-of-the-embedded-operating-system","description":"Xous is a message-passing microkernel implemented in pure Rust, targeting secure embedded applications. This talk covers three novel aspects of the OS: hardware MMU support (and why we had to make our own chip to get this feature), how and why we implemented the Rust standard library in Rust (instead of calling the C standard library, like most other Rust platforms), and how we combine the power of Rust semantics with virtual memory to create safe yet efficient asynchronous messaging primitives. We conclude with a short demo of the OS running on a new chip, the \"Baochip-1x\", which is an affordable, mostly-open RTL SoC built in 22nm TSMC, configured expressly for running Xous.\n\nThe world is full of small, Internet-of-Things (IoT) gadgets running embedded operating systems. These devices generally fall into two categories: larger devices running a full operating system using an MMU which generally means Linux, or smaller devices running without an MMU using operating systems like Zephyr, chibios, or rt-thread, or run with no operating system at all. The software that underpins these projects is written in C with coarse hardware memory protection at best. As a result, these embedded OSes lack the security guarantees and/or ergonomics offered by modern languages and best practices.\n\nThe Xous microkernel borrows concepts from heavier operating systems to modernize the embedded space. The open source OS is written in pure Rust with minimal dependencies and an emphasis on modularity and simplicity, such that a technically-savvy individual can audit the code base in a reasonable period of time. This talk covers three novel aspects of the OS: its incorporation of hardware memory virtualization, its pure-Rust standard library, and its message passing architecture.\n\nDesktop OSes such as Linux require a hardware MMU to virtualize memory. We explain how ARM has tricked us into accepting that MMUs are hardware-intensive features only to be found on more expensive “application” CPUs, thus creating a vicious cycle where cheaper devices are forced to be less safe. Thanks to the open nature of RISC-V, we are able to break ARM’s yoke and incorporate well-established MMU-based memory protection into embedded hardware, giving us security-first features such as process isolation and encrypted swap memory. In order to make Xous on real hardware more accessible, we introduce the Baochip-1x, an affordable, mostly-open RTL 22nm SoC configured expressly for the purpose of running Xous. The Baochip-1x features a Vexriscv CPU running at 400MHz, 2MiB of SRAM, 4MiB of nonvolatile RRAM, and a quad-core RV32E-derivative I/O accelerator called the “BIO”, based on the PicoRV clocked at 800MHz.\n\nMost Rust targets delegate crucial tasks such as memory allocation, networking, and threading to the underlying operating system’s C standard library. We want strong memory safety guarantees all the way down to the memory allocator and task scheduler, so for Xous we implemented our standard library in pure Rust. Adhering to pure Rust also makes cross-compilation and cross-platform development a breeze, since there are no special compiler or linker concerns. We will show you how to raise the standard for “Pure Rust” by implementing a custom libstd.\n\nXous combines the power of page-based virtual memory and Rust’s strong borrow-checker semantics to create a safe and efficient method for asynchronous message passing between processes. This inter-process communication model allows for easy separation of different tasks while keeping the core kernel small. This process maps well onto the Rust \"Borrow / Mutable Borrow / Move\" concept and treats object passing as an IPC primitive. We will demonstrate how this works natively and give examples of how to map common programming algorithms to shuttle data safely between processes, as well as give examples of how we implement features such as scheduling and synchronization primitive entirely in user space.\n\nWe conclude with a short demo of Xous running on the Baochip-1x, bringing Xous from the realm of emulation and FPGAs into everyday-user accessible physical silicon.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["bunnie","Sean \"xobs\" Cross"],"tags":["1317","2025","39c3","Hardware","One","39c3-eng","39c3-deu","39c3-pol","Day 2"],"view_count":13469,"promoted":false,"date":"2025-12-28T23:00:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-07T02:30:03.340+02:00","length":2364,"duration":2364,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1317-d92af8c4-40fb-54e2-9535-bcc683f4a010.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1317-d92af8c4-40fb-54e2-9535-bcc683f4a010_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1317-d92af8c4-40fb-54e2-9535-bcc683f4a010.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1317-d92af8c4-40fb-54e2-9535-bcc683f4a010.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-xous-a-pure-rust-rethink-of-the-embedded-operating-system","url":"https://api.media.ccc.de/public/events/d92af8c4-40fb-54e2-9535-bcc683f4a010","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"4b106a63-ac7e-5c39-945a-26ce0d071897","title":"„KI“, Digitalisierung und Longevity als Fix für ein kaputtes Gesundheitssystem?","subtitle":null,"slug":"39c3-ki-digitalisierung-und-longevity-als-fix-fur-ein-kaputtes-gesundheitssystem","link":"https://events.ccc.de/congress/2025/hub/event/detail/ki-digitalisierung-und-longevity-als-fix-fur-ein-kaputtes-gesundheitssystem","description":"Großen Herausforderungen im Gesundheitswesen soll mittels Technik und Eigenverantwortung begegnet werden. Die Hoffnung: „KI“ und Digitalisierung machen das System effizienter; Selbstoptimierung und mehr Eigenverantwortung halten die Menschen länger gesund. Der Vortrag analysiert aktuelle Diskurse rund um Digitalisierung und Gesundheit, und fragt kritisch, wie diese Entwicklung ohnehin bestehende soziale Ungleichheiten verschärfen könnte. Am Ende bleibt die Frage: Wie könnten tragfähige Lösungen fürs Gesundheitssystem aussehen?\n\nIn der Analyse sind sich alle einig: Das Gesundheitssystem steht vor großen Herausforderungen, die von explodierenden Kosten, wachsenden Zugangsbarrieren bis hin zum anstehenden demographischen Wandel reichen: viele Menschen werden alt und kränker, während gleichzeitig sehr viele Mitarbeiter:innen des Gesundheitswesens in Rente gehen. Wir brauchen also Lösungen fürs Gesundheitssystem, die nachhaltig tragen und Menschenwürde ermöglichen.\n\nWährend ganz unterschiedliche Lösungsansätze diskutiert werden, taucht ein Narrativ immer wieder auf: Dass Digitalisierung durch massive Effizienzgewinne die bestehenden Probleme im Gesundheitswesen fixen werden: Dank „KI“ sollen Menschen weniger häufig Ärzt:innen brauchen, zum Beispiel, indem durch Symptomchecker und Co vorgefiltert wird, wer wirklich behandelt werden muss, und wer nicht. Manche behaupten, dass Hausärzt:innen künftig ein vielfaches an Patient:innen behandeln könnten, wenn nur die richtigen technischen Hilfsmittel gefunden wurden. Und längst befinden wir uns tatsächlich in einer Realität, in der Chats mit LLMs an vielen Stellen zumindest Dr. Google ersetzt haben.\n\nWeitere Lösungsansätze zielen auf mehr Eigenverantwortung ab: \"Longevity\" ist das Trendwort in aller Munde. Ein Ansatz der „Langlebigkeit“, der maßgeblich durch technische \nMaßnahmen gestützt sein soll: Selbstoptimierung per App, „KI“ als individueller Gesundheitsassistent und allerlei experimentelle Untersuchungen. Die Grundidee: Wenn Menschen länger gesund bleiben und leben, wird das Gesundheitssystem weniger belastet, während Menschen länger zu Gesellschaft und Wirtschaft beitragen können. Die ideologischen Grundzüge und Geschäftsmodelle der „Longevity“ kommen aus den USA, von Tech-Milliardären und ihren Unsterblichkeitsfantasien bis hin zu wenig seriösen Gesundheitsinfluencer:innen, die am Ende oft mehr schaden als dass sie zu einem größeren Wohlbefinden ihrer Kund:innen beitragen würden - und trotzdem hunderttausende auf Social Media in ihren Bann ziehen.\n\nDer Vortrag zieht Verbindungslinien zwischen naiver Technikgläubigkeit, aktuellen Diskursen im Gesundheitswesen, ihren fragwürdigen ideologischen Wurzeln und der Frage, wie wir Herausforderungen und insbesondere sozialen Ungleichheiten im Feld der Gesundheit wirklich effektiv begegnen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Manuel Hofmann"],"tags":["1675","2025","39c3","Ethics, Society \u0026 Politics","Zero","39c3-deu","39c3-eng","Day 1"],"view_count":7674,"promoted":false,"date":"2025-12-27T16:00:00.000+01:00","release_date":"2025-12-27T00:00:00.000+01:00","updated_at":"2026-04-07T00:45:06.173+02:00","length":3238,"duration":3238,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1675-4b106a63-ac7e-5c39-945a-26ce0d071897.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1675-4b106a63-ac7e-5c39-945a-26ce0d071897_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1675-4b106a63-ac7e-5c39-945a-26ce0d071897.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1675-4b106a63-ac7e-5c39-945a-26ce0d071897.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-ki-digitalisierung-und-longevity-als-fix-fur-ein-kaputtes-gesundheitssystem","url":"https://api.media.ccc.de/public/events/4b106a63-ac7e-5c39-945a-26ce0d071897","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"fb08402b-1b8c-533b-b1fc-6daaa4fdc60f","title":"Netzpolitik in der Schweiz: Zwischen Bodensee und Matterhorn","subtitle":null,"slug":"39c3-netzpolitik-in-der-schweiz-zwischen-bodensee-und-matterhorn","link":"https://events.ccc.de/congress/2025/hub/event/detail/netzpolitik-in-der-schweiz-zwischen-bodensee-und-matterhorn","description":"Auch in der Schweizer Netzpolitik ging es im auslaufenden Jahr drunter und drüber. Wir blicken mit gewohntem Schalk auf das netzpolitische Jahr 2025 zwischen Bodensee und Matterhorn zurück - und diskutieren jene Themen, die relevant waren und relevant bleiben.\n\n**Themen sind unter anderem:**\n\n\n**E-ID und E-Collecting:** Die netzpolitische Community hat nicht nur eine privatisierte E-ID verhindert sondern auch den Datenschutz als zentrales Prinzip verankert und einen beispielhaften Gesetzgebungsprozess begleitet. Das Gleiche haben wir bei E-Collecting vor, mit dem wir die direkte Demokratie der Schweiz auf ein neues Level heben wollen.\n\n\n**Elektronisches Gesundheitsdossier:** Was macht man, um eine Verschlechterung bei einem Produkt zu kaschieren? Richtig, man nimmt ein Rebranding vor. Und so heisst das E-PD nun E-GD.\n\n\n**Kabelaufklärung:** Im Dezember überraschte uns das Bundesverwaltungsgericht mit einem wegweisenden Urteil: Es beurteilte die Kabelaufklärung als nicht vereinbar mit der Bundesverfassung und der Europäischen Menschenrechtskonvention. Lässt das ganze aber 5 Jahr laufen.\n\n\n**What the VÜPF:** Wie die Schweiz zudem plant, das freie Internet weitgehend abzuschaffen. Wie der Stand der Verschärfung ist. Was wir und du dagegen tun können?\n\n\n**Plattformregulierung:** Ein Vorschlag zur Plattformregulierung wurde vom Bund ausgearbeitet - und nach der Verhängung von 39% Strafzoll still und heimlich in der Schublade versenkt. Doch der Bund fasste Mut - und wagt einen zaghaften Aufbruch.\n\n\n**KI-Regulierung \u0026 Leistungsschutzrecht:** Und wieso getraut sich der Bund, ein Leistungsschuzrecht einzuführen? Und mit der Motion «Gössi» KI-Sprachmodelle mit Schweizer Daten zu gefährden? (Spoiler: wegen der Verleger-Lobby)\n\n\n**Community in der Schweiz:** Winterkongress, Diversity und andere Aktivitäten.\n\n\nNach dem Vortrag sind alle interessierten Personen eingeladen, die [Diskussion in einer self-organized Session](https://events.ccc.de/congress/2025/hub/en/event/detail/treffen-der-netzpolitischen-community-der-sch_uoca) fortzusetzen. Es werden Aktivist:innen von verschiedenen Organisationen der Netzpolitik in der Schweiz anwesend sein.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Kire","Rahel"],"tags":["2173","2025","39c3","CCC \u0026 Community","Fuse","39c3-deu","39c3-eng","Day 3"],"view_count":2711,"promoted":false,"date":"2025-12-29T19:15:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T02:00:02.751+02:00","length":2409,"duration":2409,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2173-fb08402b-1b8c-533b-b1fc-6daaa4fdc60f.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2173-fb08402b-1b8c-533b-b1fc-6daaa4fdc60f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2173-fb08402b-1b8c-533b-b1fc-6daaa4fdc60f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2173-fb08402b-1b8c-533b-b1fc-6daaa4fdc60f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-netzpolitik-in-der-schweiz-zwischen-bodensee-und-matterhorn","url":"https://api.media.ccc.de/public/events/fb08402b-1b8c-533b-b1fc-6daaa4fdc60f","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"d1a92d77-d8c6-524e-ba32-d2e9547723e0","title":"Suing spyware in Europe: news from the front!","subtitle":null,"slug":"39c3-suing-spyware-in-europe-news-from-the-front","link":"https://events.ccc.de/congress/2025/hub/event/detail/suing-spyware-in-europe-news-from-the-front","description":"In 2022, CitizenLab contacted a member of the Spanish non-profit Irídia to tell them that one of their members had likely been hacked with Pegasus spyware. The target, a lawyer, had been spied on by the Spanish government in 2020 because he represented a Catalan politician who was in prison. His phone was infected with Pegasus during the COVID-19 lockdown, on the same day he was having an online meeting with other lawyers working on the case.\n\nIrídia and the lawyer (Andreu) decided to take the case to court. A few years later, he met with Data Rights and invited them to join forces and bring in partners from across Europe to increase the impact. This collaboration led to the creation of the PEGA coalition in May 2025.\n\nThis talk goes over the status of the case and work we have done across Europe to bring spyware use in court.\n\nDespite the European Parliament’s PEGA investigation in 2023, spyware scandals in Europe continue to grow, with little real action to stop or address them. Many EU countries were — or still are — clients of the world’s major spyware companies. As a result, nothing changes except the number of victims targeted by these technologies. Worst, offices or clients in the EU is useful for spyware companies' sales pitch. So, the EU is a growing hub for this ominous ecosystem! With no real political will to act, members of the PEGA investigation say the only hope for change is to take these cases to court — and that’s exactly the path we’ve chosen!\n\nIrídia’s case is one of the flagship cases in the EU, both for its depth and for what it has achieved so far. We will review the current status and implications of the case, examining issues that range from state responsibility to the role of the spyware company behind Pegasus — in its creation, sale, and export — which maintains a strong presence within the EU.\n\nAfter that, we will take a step back to look at what is happening across Europe. We will highlight the most significant cases currently moving forward, as well as some of the PEGA coalition’s strategies for driving accountability, strengthening safeguards, and ensuring remedies. The coalition’s mission goes beyond legal action — it aims to prevent the devastating impact of spyware and push for systemic change.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Lori Roussey","Celia/Irídia"],"tags":["1792","2025","39c3","Ethics, Society \u0026 Politics","Ground","39c3-eng","39c3-deu","39c3-fra","Day 2"],"view_count":3257,"promoted":false,"date":"2025-12-28T12:15:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-02T10:15:05.892+02:00","length":3404,"duration":3404,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1792-d1a92d77-d8c6-524e-ba32-d2e9547723e0.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1792-d1a92d77-d8c6-524e-ba32-d2e9547723e0_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1792-d1a92d77-d8c6-524e-ba32-d2e9547723e0.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1792-d1a92d77-d8c6-524e-ba32-d2e9547723e0.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-suing-spyware-in-europe-news-from-the-front","url":"https://api.media.ccc.de/public/events/d1a92d77-d8c6-524e-ba32-d2e9547723e0","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"341961a3-599d-52b9-8262-34c1757c9698","title":"Unnecessarily Complicated Kitchen – Die Wissenschaft des guten Geschmacks","subtitle":null,"slug":"39c3-unnecessarily-complicated-kitchen-die-wissenschaft-des-guten-geschmacks","link":"https://events.ccc.de/congress/2025/hub/event/detail/unnecessarily-complicated-kitchen-die-wissenschaft-des-guten-geschmacks","description":"In unserer „Unnecessarily Complicated Kitchen“ hacken wir die Gesetze der Kulinarik. Ich zeige live, wie Hitze, Chemie und Chaos zusammenwirken, wenn Moleküle tanzen, Dispersionen emulgieren und Geschmack zu Wissenschaft wird. Zwischen Pfanne und Physik entdecken wir, warum Kochen im Grunde angewandtes Debugging ist – und wie man Naturgesetze so würzt, dass sie schmecken.\n\nWillkommen in der „Unnecessarily Complicated Kitchen“ – einer Küche, in der Naturwissenschaft, Technik und kulinarisches Chaos aufeinandertreffen.\nWir sezieren das Kochen aus der Perspektive von Hacker*innen: Warum Hitzeübertragung ein deinen Tschunk kühlt, warum Emulsionen wie BGP funktionieren und wie sich die Kunst des Abschmeckens in Datenpunkten erklären lässt.\n\nIn diesem Talk verbinden wir naturwissenschaftliche Experimente mit kulinarischer Praxis. Wir erhitzen, rühren, messen und analysieren – live auf der Bühne. Dabei übersetzen wir Physik und Chemie in Geschmack, Textur und Aha-Momente.\nKochen wird so zum Laborversuch, zum Hack, zum Reverse Engineering des guten Geschmacks.\n\nIch zeige, dass hinter jeder gelungenen Marinade ein Protokoll steckt, hinter jeder Soße ein Algorithmus – und dass man auch in der Küche mit Trial \u0026 Error, Open Source und einer Prise Chaos zu erstaunlichen Ergebnissen kommt.\n\nAm Ende steht nicht nur Erkenntnis, sondern auch Genuss: Denn wer versteht, warum etwas schmeckt, kann die Regeln brechen – und sie dabei besser würzen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["LukasQ"],"tags":["1431","2025","39c3","Entertainment","One","39c3-deu","39c3-eng","39c3-fra","Day 1"],"view_count":5463,"promoted":false,"date":"2025-12-28T00:20:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-05T23:00:04.947+02:00","length":4507,"duration":4507,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1431-341961a3-599d-52b9-8262-34c1757c9698.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1431-341961a3-599d-52b9-8262-34c1757c9698_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1431-341961a3-599d-52b9-8262-34c1757c9698.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1431-341961a3-599d-52b9-8262-34c1757c9698.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-unnecessarily-complicated-kitchen-die-wissenschaft-des-guten-geschmacks","url":"https://api.media.ccc.de/public/events/341961a3-599d-52b9-8262-34c1757c9698","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"656a3c17-8cd8-516f-bf31-645c98af7990","title":"Chaos Communication Chemistry","subtitle":"DNA security systems based on molecular randomness","slug":"39c3-chaos-communication-chemistry-dna-security-systems-based-on-molecular-randomness","link":"https://events.ccc.de/congress/2025/hub/event/detail/chaos-communication-chemistry-dna-security-systems-based-on-molecular-randomness","description":"**Over the past few decades, nucleic acids have increasingly been investigated as alternative data storage media and platforms for molecular computing. This talk builds on past research and introduces another branch to the field: DNA cryptography based on random chemistry. This technology provides a platform for conceiving new security architectures that bridge the physical with the digital world.**\r\n\r\nNucleic acids have been theorized as potential data storage and computation platforms since the mid-20th century. In the meantime, notable advances have been made in implementing such systems, combining academic research with industry efforts. \r\nAfter providing a general introduction to the interdisciplinary field of DNA information technology, in the second half of the talk focuses on DNA-based cryptography and security systems, in particular zooming in on the example of chemical unclonable functions (CUFs) based on randomly generated, synthetic DNA sequences. Similar to Physical Unclonable Functions (PUFs), these DNA-based systems contain vast random elements that cannot be reconstructed – neither algorithmically nor synthetically. Using biochemical processing, we can operate these systems in a fashion comparable to cryptographic hash functions, enabling new authentication protocols. Aside from covering the basics, we delve into the advantages, as well as the drawbacks, of DNA as a medium. Finally, we explore how CUFs could in the future be implemented as physical security architectures: For example, in anti-counterfeiting of medicines or as personal signatures for artworks. \r\nIn a broader sense, this talk aims to inspire a reconsideration of entropy, randomness and information in the experimental sciences through a digital lens. In doing so, it provides examples of how looking at physical systems through an information perspective can unravel new synergies, applications and even security architectures.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Anne Lüscher"],"tags":["1493","2025","39c3","Science","Ground","39c3-eng","39c3-deu","39c3-por","Day 2"],"view_count":2351,"promoted":false,"date":"2025-12-28T14:45:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-05T14:45:04.629+02:00","length":2467,"duration":2467,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1493-656a3c17-8cd8-516f-bf31-645c98af7990.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1493-656a3c17-8cd8-516f-bf31-645c98af7990_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1493-656a3c17-8cd8-516f-bf31-645c98af7990.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1493-656a3c17-8cd8-516f-bf31-645c98af7990.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-chaos-communication-chemistry-dna-security-systems-based-on-molecular-randomness","url":"https://api.media.ccc.de/public/events/656a3c17-8cd8-516f-bf31-645c98af7990","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"64ec3662-a77a-51c1-98fc-65f995f49912","title":"Who cares about the Baltic Jammer?","subtitle":"Terrestrial Navigation in the Baltic Sea Region","slug":"39c3-who-cares-about-the-baltic-jammer-terrestrial-navigation-in-the-baltic-sea-region","link":"https://events.ccc.de/congress/2025/hub/event/detail/who-cares-about-the-baltic-jammer-terrestrial-navigation-in-the-baltic-sea-region","description":"Reports of GNSS interference in the Baltic Sea have become almost routine — airplanes losing GPS, ships drifting off course, and timing systems failing. But what happens when a group of engineers decides to build a navigation system that simply *doesn’t care* about the jammer?\r\n\r\nSince 2017, we’ve been developing **R-Mode**, a terrestrial navigation system that uses existing radio beacons and maritime infrastructure to provide independent positioning — no satellites needed. In this talk, we’ll share our journey from an obscure research project that “nobody needs” to a system now seen as crucial for resilience and sovereignty. Expect technical insights, field stories from ships in the Baltic, and reflections on what it means when a civilian backup system suddenly attracts military interest.\r\n\r\nSince 2017, our team at DLR and partners across Europe have been working on an alternative to satellite navigation: **R-Mode**, a backup system based on terrestrial transmitters. Our main testbed spans the Baltic Sea — a region now infamous for GNSS jamming and spoofing.\r\n\r\nWe’ll start by showing what GNSS interference actually means in practice: aircraft losing navigation data, ships switching to manual control, and entire regions facing timing outages — such as the recent disruption of telecommunications in Gdańsk during Easter 2025.\r\n\r\nThen we’ll take you behind the scenes of building R-Mode: designing signals that can coexist with legacy systems, installing transmitters along the coast, and testing shipborne receivers in rough conditions. We’ll share personal moments — like the first time we received a stable position fix in the middle of the Baltic.\r\n\r\nFinally, we’ll talk about perception and politics: how a “research curiosity” became a critical infrastructure project, why ESA now wants to build a *satellite* backup (with the same vulnerabilities), and how it feels when your civilian open-source navigation system suddenly becomes strategically relevant.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Lars","Niklas Hehenkamp","Markus"],"tags":["1997","2025","39c3","Security","Fuse","39c3-eng","39c3-deu","Day 1"],"view_count":24657,"promoted":false,"date":"2025-12-27T12:50:00.000+01:00","release_date":"2025-12-27T00:00:00.000+01:00","updated_at":"2026-04-05T11:30:04.430+02:00","length":2171,"duration":2171,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1997-64ec3662-a77a-51c1-98fc-65f995f49912.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1997-64ec3662-a77a-51c1-98fc-65f995f49912_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1997-64ec3662-a77a-51c1-98fc-65f995f49912.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1997-64ec3662-a77a-51c1-98fc-65f995f49912.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-who-cares-about-the-baltic-jammer-terrestrial-navigation-in-the-baltic-sea-region","url":"https://api.media.ccc.de/public/events/64ec3662-a77a-51c1-98fc-65f995f49912","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"dd990a78-1e11-5c5e-aef4-6eb0214c772a","title":"Greenhouse Gas Emission Data","subtitle":"Public, difficult to access, and not always correct","slug":"39c3-greenhouse-gas-emission-data-public-difficult-to-access-and-not-always-correct","link":"https://events.ccc.de/congress/2025/hub/event/detail/greenhouse-gas-emission-data-public-difficult-to-access-and-not-always-correct","description":"Data about greenhouse gas emissions, both from countries and individual factories, is\r\noften publicly available. However, the data sources are often not as accessible and\r\nreliable as they should be. EU emission databases contain obvious flaws, and nobody\r\nwants to be responsible.\r\n\r\nWhich factory in my city is the largest emitter of CO2? Which industrial sector is\r\nresponsible for the largest share of a country's contribution to climate change? It\r\nshould not be difficult to answer these questions. Public databases and reporting\r\nrequired by international agreements usually allow us to access this data.\r\n\r\nHowever, trying to access and work with these datasets — or, shall we say, Excel tables\r\n— can be frustrating. UN web pages that prevent easy downloads with a \"security\r\nfirewall\", barely usable frontends, and other issues make it needlessly difficult to\r\ngain transparency about the sources of climate pollution.\r\n\r\nWhile working with official EU datasets, the speaker observed data points that could not\r\npossibly be true. Factories suddenly dropped their emissions by orders of magnitude\r\nwithout any explanation, different official sources report diverging numbers for the\r\nsame emission source, and responsible European and National authorities appear not to\r\ncare that much.\r\n\r\nThe talk will show how to work with relevant greenhouse gas emission data sources and\r\nhow we can access them more easily by converting them to standard SQL tables. Furthermore, we will dig into some of the\r\nstrange issues one may find while investigating emission datasets.\r\n\r\n# Background / Links\r\n\r\n* Why is it needlessly difficult to access UNFCCC Emission Data? https://industrydecarbonization.com/news/why-is-it-needlessly-difficult-to-access-unfccc-emission-data.html\r\n* UNFCCC Emission Data Downloads: https://industrydecarbonization.com/docs/unfccc/\r\n* Code (Docker, MariaDB/MySQL, phpMyAdmin) to easily access EU emisison data: https://github.com/decarbonizenews/ghgsql\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Hanno Böck"],"tags":["2172","2025","39c3","Science","One","39c3-eng","39c3-deu","39c3-pol","Day 3"],"view_count":2453,"promoted":false,"date":"2025-12-29T11:00:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-05T19:45:06.581+02:00","length":2344,"duration":2344,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2172-dd990a78-1e11-5c5e-aef4-6eb0214c772a.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2172-dd990a78-1e11-5c5e-aef4-6eb0214c772a_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2172-dd990a78-1e11-5c5e-aef4-6eb0214c772a.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2172-dd990a78-1e11-5c5e-aef4-6eb0214c772a.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-greenhouse-gas-emission-data-public-difficult-to-access-and-not-always-correct","url":"https://api.media.ccc.de/public/events/dd990a78-1e11-5c5e-aef4-6eb0214c772a","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"1627c5c1-db61-5117-aa41-991850cc20a8","title":"Rowhammer in the Wild: Large-Scale Insights from FlippyR.AM","subtitle":null,"slug":"39c3-rowhammer-in-the-wild-large-scale-insights-from-flippyr-am","link":"https://events.ccc.de/congress/2025/hub/event/detail/rowhammer-in-the-wild-large-scale-insights-from-flippyr-am","description":"Last year at 38c3, we gave a talk titled \"Ten Years of Rowhammer: A Retrospect (and Path to the Future).\"\nIn this talk, we summarized 10 years of Rowhammer research and highlighted gaps in our understanding.\nFor instance, although nearly all DRAM generations from DDR3 to DDR5 are vulnerable to the Rowhammer effect, we still do not know its real-world prevalence.\nFor that reason, we invited everyone at 38c3 last year to participate in our large-scale Rowhammer prevalence study.\nIn this year's talk, we will first provide an update on Rowhammer research and present our results from that study. \n\nA lot has happened in Rowhammer research in 2025.\nWe have evidence that DDR5 is as vulnerable to Rowhammer as previous generations.\nOther research shows that not only can adversaries target rows, but columns can also be addressed and used for bit flips.\nBrowser-based Rowhammer attacks are back on the table with Posthammer and with ECC. fail, we can mount Rowhammer attacks on DDR4 with ECC memory.\n\nIn our large-scale study, we measure Rowhammer prevalence in a fully automated cross-platform framework, FlippyR.AM, using the available state-of-the-art software-based DRAM and Rowhammer tools.\nOur framework automatically gathers information about the DRAM and uses 5 tools to reverse-engineer the DRAM addressing functions, and based on the reverse-engineered functions, uses 7 tools to mount Rowhammer.\nWe distributed the framework online and via USB thumb drives to thousands of participants from December 30, 2024, to June 30, 2025. Overall, we collected 1006 datasets from 822 systems with various CPUs, DRAM generations, and vendors.\nOur study reveals that out of 1006 datasets, 453 (371 of the 822 unique systems) succeeded in the first stage of reverse-engineering the DRAM addressing functions, indicating that successfully and reliably recovering DRAM addressing functions remains a significant open problem.\nIn the second stage, 126 (12.5 % of all datasets) exhibited bit flips in our fully automated Rowhammer attacks.\nOur results show that fully automated, i.e., weaponizable, Rowhammer attacks work on a lower share of systems than FPGA-based and lab experiments indicated, but at 12.5%, are still a practical vector for threat actors.\nFurthermore, our results highlight that the two most pressing research challenges around Rowhammer exploitability are more reliable reverse-engineering tools for DRAM addressing functions, as 50 % of datasets without bit flips failed in the DRAM reverse-engineering stage, and reliable Rowhammer attacks across diverse processor microarchitectures, as only 12.5 % of datasets contained bit flips.\nAddressing each of these challenges could double the number of systems susceptible to Rowhammer and make Rowhammer a more pressing threat in real-world scenarios.\n\nThis will be a followup talk after our talk \"Ten Years of Rowhammer: A Retrospect (and Path to the Future)\" at 38C3.\nIn the talk last year we gave an overview of the current state of Rowhammer and highlighted that there are no large-scale prevalence studies.\nWe wanted to change that and asked the audience to participate in our large-scale study on Rowhammer prevalence.\n\nWe performed the large-scale study on Rowhammer prevalence thanks to many volunteers supporting our study by measuring their systems.\nIn total, we collected 1006 datasets on 822 different systems (some systems were measured multiple times).\nWe show that 126 of them (12.5%) are affected by Rowhammer with our fully-automated setup.\nThis should be seen as a lower bound, since the preconditions required for effective tools failed on ~50% of the systems.\nAmong many other insights, we learned that the fully-automated reverse-engineering of DRAM addressing functions is still an open problem and we assume the actual number of affected systems to be higher as the 12.5% we measured in our study.\n\nNow, one year after our talk at the 38C3, we want to give an update on the current state of Rowhammer, since multiple new insights were published in the last year:\nThe first reliable Rowhammer exploit on DDR5, a JavaScript implementation of Rowhammer that works on current DDR4 systems, and an ECC bypass on DDR4, just to name a few.\nAdditionally, we want to present the results of our large-scale study on Rowhammer prevalence which was supported by the audience from last year's talk.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Martin Heckel","Florian Adamsky","Daniel Gruss"],"tags":["2022","2025","39c3","Security","One","39c3-eng","39c3-deu","39c3-fra","Day 3"],"view_count":2699,"promoted":false,"date":"2025-12-29T23:00:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-01T20:45:06.592+02:00","length":2426,"duration":2426,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2022-1627c5c1-db61-5117-aa41-991850cc20a8.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2022-1627c5c1-db61-5117-aa41-991850cc20a8_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2022-1627c5c1-db61-5117-aa41-991850cc20a8.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2022-1627c5c1-db61-5117-aa41-991850cc20a8.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-rowhammer-in-the-wild-large-scale-insights-from-flippyr-am","url":"https://api.media.ccc.de/public/events/1627c5c1-db61-5117-aa41-991850cc20a8","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"6a747cc1-1320-5027-b7f9-050a6f3b2134","title":"Verlorene Domains, offene Türen","subtitle":"Was alte Behördendomains verraten","slug":"39c3-verlorene-domains-offene-turen-was-alte-behordendomains-verraten","link":"https://events.ccc.de/congress/2025/hub/event/detail/verlorene-domains-offene-turen-was-alte-behordendomains-verraten","description":"Was passiert, wenn staatliche Domains auslaufen - und plötzlich jemand anderes sie besitzt?\r\nIn diesem Vortrag wird berichtet, wie mehrere ehemals offizielle, aber unregistrierte Domains deutscher Bundesministerien und Behörden erworben werden konnten - und welche Datenströme dadurch sichtbar wurden. Über Monate hinweg konnten so DNS-Anfragen aus Netzen des Bundes empfangen werden - ein erhebliches Sicherheitsrisiko. Unter anderem da es so möglich war Accounts zu übernehmen, Validierungen von E-Mailsignaturen zu manipulieren, Anfrage umzuleiten und im Extremfall Code auf Systemen auszuführen.\r\n(Keine sensiblen Daten werden veröffentlicht; der Fokus liegt auf Forschung, Aufklärung und verantwortungsvollem Umgang mit den Ergebnissen.)\r\n\r\nIm Rahmen der Untersuchung zeigten sich nicht nur Fehlkonfigurationen, sondern auch Phänomene wie Bitsquatting und Typoquatting innerhalb der Verwaltungsnetze. Mit dem Betrieb eines DNS-Servers und dem Erwerb von bund.ee (naher Typosquatting/Bitquatting zu bund.de) konnten u.a. zahlreiche DNS-Anfragen von Servern des Bundesministerium des Innern (BMI) und weiterer Einrichtungen des Bundes empfangen werden.\r\n\r\nDer Vortrag beleuchtet die technischen und organisatorischen Schwachstellen, die hinter solchen Vorgängen stehen - und zeigt, wie DNS-Details Einblicke in die IT-Infrastruktur des Staates ermöglichen können. Abgerundet wird das Ganze durch praktische Beispiele, Datenanalysen und Empfehlungen, wie sich ähnliche Vorfälle künftig vermeiden lassen.\r\n\r\nIn anderen Ländern sind gov-Domains als TLDs längst üblich (bspw. gov.uk) - in Deutschland ist bund.de oder gov.de allerdings nicht so verbreitet wie man glaubt, unter anderem da Bundesministerien eigene Domains nutzen oder nach Regierungsbildung umbenannt werden.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Tim Philipp Schäfers (TPS)"],"tags":["1458","2025","39c3","Security","One","39c3-deu","39c3-eng","39c3-fra","Day 2"],"view_count":42478,"promoted":false,"date":"2025-12-28T21:05:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-06T17:45:07.728+02:00","length":2402,"duration":2402,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1458-6a747cc1-1320-5027-b7f9-050a6f3b2134.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1458-6a747cc1-1320-5027-b7f9-050a6f3b2134_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1458-6a747cc1-1320-5027-b7f9-050a6f3b2134.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1458-6a747cc1-1320-5027-b7f9-050a6f3b2134.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-verlorene-domains-offene-turen-was-alte-behordendomains-verraten","url":"https://api.media.ccc.de/public/events/6a747cc1-1320-5027-b7f9-050a6f3b2134","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"13360c32-568f-519d-a8fd-0a9740089ccf","title":"Hatupangwingwi","subtitle":"The story how Kenyans fought back against intrusive digital identity systems","slug":"39c3-hatupangwingwi-the-story-how-kenyans-fought-back-against-intrusive-digital-identity-systems","link":"https://events.ccc.de/congress/2025/hub/event/detail/hatupangwingwi-the-story-how-kenyans-fought-back-against-intrusive-digital-identity-systems","description":"The session title is fashioned after the Kenyan movement building rhetoric “Hatupangwingwi” which is Kenyan slang meant as a call to action to counter anti-movement building techniques by the political class and resist infiltration and corruption. This is true for the organisation and movement building towards inclusive identity regimes in Kenya. \r\nThe session seeks to explore the lessons from Kenya’s journey to digitalization of public services  and the uptake of Digital Public infrastructure. It digs deeper on the power of us and how civil society could stop a destructive surveillance driven digitalisation thus protecting millions of Kenyans.\r\n\r\nIn 2019, the Kenyan government announced the transition to a centralised database named National integrated Identity management system (Huduma Namba) in a bid to develop a digital Identity system that went on to be termed a “single source of truth. Historically, Kenya has not had the best track record with civil registration and identity systems. This is particularly due to the linkages with colonial practices with the first ID “Kipande” being used as a tool for surveillance of natives and imposed for restriction of movement. This system carried on post independence creating different classes of citizens in terms of access to nationality documents. \r\nIt is for this reason that CSOs, mostly community-based, chose a three pronged approach to counter this; seeking legal redress, grassroots/community mobilization and advocacy and spotlighting ways in which in a shrinking civil society space, Kenyan civil society was able not only take up space, but make their impact felt in protecting the rights of those on the margins. The session shares lessons of how we shaped the Media narrative that took down a multi million dollar project that was not people centered but rather oppression driven. This session shares experiences of how we created a heightened sense of citizenry awareness to shoot down oppressive digitalisation agendas. \r\nThe aim is to show how these efforts led to over 10 million Kenyans resisting to enroll in the system especially the young people (Gen Z) who felt they were being coerced to join a system due to the poor messaging by the government and they connected with the NGO campaign thus choosing to resist the system in the true spirit of Hatupangwingwi,  with Hashtags like [#DOIDRIGHT](https://events.ccc.de/congress/2025/hub/tag/DOIDRIGHT) and [#DEPORTME](https://events.ccc.de/congress/2025/hub/tag/DEPORTME) trending on social media as a sign of resistance. This led to the collapse of the whole project.\r\nFinally, the session will share how in 2022, when the new government wanted to roll out the new DPI project known as Maisha Namba, they realised the importance of including civil society voices and they convened over 50 NGOs to try to build buy-in for the new digital ID program. It was the first time the government and NGOs were on the same table discussing how to build an inclusive digital ID system. This is the story of how the power of us led to civil society earning their space in the designing phase of the new Digital Public Infrastructure.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Mustafa Mahmoud Yousif"],"tags":["1676","2025","39c3","Ethics, Society \u0026 Politics","Ground","39c3-eng","39c3-deu","39c3-fra","Day 2"],"view_count":2038,"promoted":false,"date":"2025-12-28T11:00:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-05T08:45:03.952+02:00","length":3322,"duration":3322,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1676-13360c32-568f-519d-a8fd-0a9740089ccf.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1676-13360c32-568f-519d-a8fd-0a9740089ccf_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1676-13360c32-568f-519d-a8fd-0a9740089ccf.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1676-13360c32-568f-519d-a8fd-0a9740089ccf.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-hatupangwingwi-the-story-how-kenyans-fought-back-against-intrusive-digital-identity-systems","url":"https://api.media.ccc.de/public/events/13360c32-568f-519d-a8fd-0a9740089ccf","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"7cca9076-3454-5229-b1f4-9069def42bfd","title":"Doomsday-Porn, Schäferhunde und die „niedliche Abschiebung“ von nebenan","subtitle":" Wie autoritäre Akteure KI-generierte Inhalte für Social Media nutzen","slug":"39c3-radikalisierungspipeline-esoterik-von-eso-nazis-de","link":"https://events.ccc.de/congress/2025/hub/event/detail/radikalisierungspipeline-esoterik-von-eso-nazis-de","description":"Der amtierende US-Präsident postet ein Video, in dem er Demonstrierende aus einem Kampfjet heraus mit Fäkalien bewirft und das Weiße Haus zelebriert den „Star Wars Day“ mit einem pompösen Trump-Bild mit Lichtschwert. Accounts von AfD-Sympathisanten posten KI-Kitsch einer vermeintlich heilen Welt voller blonder Kinder und Frauen im Dirndl. Ist das lediglich eine geschmackliche Entgleisung oder steckt da mehr dahinter?\r\n\r\nKI-generierter Content ist aus der Kommunikationsstrategie autoritärer Akteure nicht mehr wegzudenken. Social Media wird derzeit mit rechtem KI-Slop geflutet, in dem wahlweise die Welt dank Migration kurz vor dem Abgrund steht oder blonde, weiße Familien fröhlich Fahnen schwenken. Im politischen Vorfeld der extremen Rechten werden zudem immer häufiger mal mehr oder weniger offensichtliche Deepfakes geteilt, die auf die jeweilige politische Botschaft einzahlen. Das reicht von KI-generierten Straßenumfragen über Ausschnitte aus Talksendungen, die nie stattgefunden haben, bis hin zu gänzlich KI-generierten Influencerinnen (natürlich blond).  Was macht das mit politischen Debatten? Und wie sollten wir als Gesellschaft damit umgehen?\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Katharina Nocun"],"tags":["2225","2025","39c3","Ethics, Society \u0026 Politics","Ground","39c3-deu","39c3-eng","39c3-por","Day 1"],"view_count":12869,"promoted":false,"date":"2025-12-27T21:45:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-07T06:15:03.773+02:00","length":3630,"duration":3630,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2225-7cca9076-3454-5229-b1f4-9069def42bfd.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2225-7cca9076-3454-5229-b1f4-9069def42bfd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2225-7cca9076-3454-5229-b1f4-9069def42bfd.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2225-7cca9076-3454-5229-b1f4-9069def42bfd.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-radikalisierungspipeline-esoterik-von-eso-nazis-de","url":"https://api.media.ccc.de/public/events/7cca9076-3454-5229-b1f4-9069def42bfd","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"5cf7d973-5a94-5e8f-9f8d-8b5f4ec5bb6d","title":"Developing New Medicines in the Age of AI and Personalized Medicine","subtitle":null,"slug":"39c3-developing-new-medicines-in-the-age-of-ai-and-personalized-medicine","link":"https://events.ccc.de/congress/2025/hub/event/detail/developing-new-medicines-in-the-age-of-ai-and-personalized-medicine","description":"Did you ever wonder where all the drugs, which you can get at a pharmacy, come from? Who makes them, and how? Well, there is no easy answer, because the process of drug discovery and development is a very complex, expensive, and challenging journey, riddled with many risks and failures. This holds true for all types of drugs, from a simple pill to an mRNA vaccine or a gene therapy. Today, scientists support this process with a variety of AI applications, cutting-edge technologies, automation, and a huge amount of data. But can the race for new medicines and cures succeed only through more technology, or do we need to rethink the entire process? Let’s take a look at how the drug discovery and development process has worked so far, and how this entire process is changing – for better or worse.\n\nAfter presenting a high-level overview of the path from an idea to the medicine that you can buy at a pharmacy, this talk will present and discuss the following aspects of the drug discovery and development process:\n(1) The translation of an idea into a drug for a human patient faces many critical moments along the development process. This so-called “translational gap” is addressed through experiments in a test tube (or Petri dish), experimentation in lab animals, and eventually testing in humans. However, findings in a standard cell line or in a mouse do not necessarily reflect the complexity of biological processes in a human patient. Currently, there are many technological advancements under way to improve the current drug discovery and development process, and possibly even replace animal studies in the future (e.g., organs-on-chip). Nevertheless, the fundamental issues surrounding translational research remain, such as the lack of standardization, the limitations of model systems, and various underlying clinical biases.\n(2) Like in many industries today, AI applications are introduced at multiple levels and for various purposes within the drug discovery and development continuum. Often, a lot of hope is placed in AI-based technologies to accelerate the R\u0026D process, increase efficiency and productivity, and identify new therapeutic approaches. Indeed, there are many highly useful examples, such as the automation of image analysis in research, which replaces repetitive tasks and hence frees up a lot of time for researchers to do meaningful research. However, there are also many applications that are likely misguided, because they still face fundamental problems in evaluating scientific knowledge. For instance, the use of LLMs to summarize huge amounts of very complex and heterogeneous scientific data relies on the accuracy, completeness, and reproducibility of the available scientific data, which is often not the case. In addition, AI is often employed in an IT environment with questionable data security and ownership practices, such as the storage of sensitive research data on third-party cloud platforms.\n(3) Until now, the overwhelming majority of drugs have been developed to treat large patient populations, which represent a considerable market and ultimately ensure a return on investment. Today, however, most common and homogeneous diseases can already be managed, often with several (generic) drugs. Slight improvements to current drugs do not justify a large profit margin anymore, so the focus of drug discovery and development is shifting toward more heterogeneous and rare diseases, for which no or only poor treatments are available. Novel medicines in those disease areas hold the promise of substantial improvement for patients; however, these new patient (sub)populations, and thus markets, are much smaller, leading to premium prices for individualized therapies in order to ensure a return on investment. This paradigm shift toward individualized therapy - referred to as precision and personalized medicine - is supported by the advent of novel technologies and the accumulation of large bodies of data.\n(4) The rise of precision and personalized medicine is challenging the current business model of today’s pharmaceutical industry, suggesting that the era of blockbuster drugs might be over. Moreover, many intellectual property rights for blockbuster drugs are going to expire in the next few years, ending the market dominance of a number of pharma companies and sending the current industry landscape into turmoil. These developments will likely alter the current modus operandi of the entire biopharmaceutical development process, and it is not clear how the next few years will look like.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Dennis Özcelik"],"tags":["2293","2025","39c3","Science","Zero","39c3-eng","39c3-deu","39c3-fra","Day 1"],"view_count":3638,"promoted":false,"date":"2025-12-27T13:50:00.000+01:00","release_date":"2025-12-27T00:00:00.000+01:00","updated_at":"2026-04-05T20:30:06.959+02:00","length":2672,"duration":2672,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2293-5cf7d973-5a94-5e8f-9f8d-8b5f4ec5bb6d.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2293-5cf7d973-5a94-5e8f-9f8d-8b5f4ec5bb6d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2293-5cf7d973-5a94-5e8f-9f8d-8b5f4ec5bb6d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2293-5cf7d973-5a94-5e8f-9f8d-8b5f4ec5bb6d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-developing-new-medicines-in-the-age-of-ai-and-personalized-medicine","url":"https://api.media.ccc.de/public/events/5cf7d973-5a94-5e8f-9f8d-8b5f4ec5bb6d","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"3ad7da57-ece4-5a75-9e52-f93d7df79734","title":"A space odyssey #2: How to study moon rocks from the Soviet sample return mission Luna 24","subtitle":null,"slug":"39c3-a-space-odyssey-2-how-to-study-moon-rocks-from-the-soviet-sample-return-mission-luna-24","link":"https://events.ccc.de/congress/2025/hub/event/detail/a-space-odyssey-2-how-to-study-moon-rocks-from-the-soviet-sample-return-mission-luna-24","description":"It is 1976 and the USA long stopped going to the Moon when a Soviet automatic landing station called Luna 24 descends to the Lunar surface. It touches down on 3.3 Billion year old rock formations at a place no mission has ever gone before. What exactly happened remains a mystery to this day, but the space probe managed to take a 2.3 m long drill core from the Lunar regolith, packaged the sample in a genius way and launched it for its voyage to Earth. Some days later the sample entered earths atmosphere and landed in remote Siberia and ended up in our hands more than 50 Years later. We tell the story of the sample, the people that brought it to Earth and how we analyzed it with the newest methods including µm sized high intensity X-ray beams, 30kV electron beams and LN2 cooled infrared spectrometers.\n\nIn this talk, members of the Museum for Natural History in Berlin will present the story of a Luna 24 sample retrieved by the GDR from the USSR. The sample has been almost \"lost\" to time. When it fell into our hands, we started understanding its historical and scientific significance, produced specialized sample containers and initiated curation efforts of the sample while slowly understanding its history and geochemical composition.\n\n### Luna 24 Moon Mission\nWhat happened on the 18th \u0026 19th of August 1976 on the moon? Why was this landing site chosen and how was the sample retrieved and brought back to Earth? Which way did the scientists handle these extremely precious samples? Picture: Музей Космонавтики (CC0 1.0)\n\n### Methods and Results\nWhich methods can be utilized to gather new information from such a sample without destroying it? Which storage and curation methods must be used to preserve its value for the scientists that come after us? How did advanced analytical methods like µCT, electron microscopes, µ X-ray fluorescence spectrometers and nitrogen-cooled infrared spectrometers contribute to our understanding of the sample?\n\nFly with us to the moon!\n\nThis work has been developed together with Christopher Hamann.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Paul Koetter"],"tags":["1445","2025","39c3","Science","Ground","39c3-eng","39c3-deu","39c3-pol","Day 2"],"view_count":2776,"promoted":false,"date":"2025-12-28T13:30:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-04T02:00:04.802+02:00","length":3238,"duration":3238,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1445-3ad7da57-ece4-5a75-9e52-f93d7df79734.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1445-3ad7da57-ece4-5a75-9e52-f93d7df79734_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1445-3ad7da57-ece4-5a75-9e52-f93d7df79734.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1445-3ad7da57-ece4-5a75-9e52-f93d7df79734.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-a-space-odyssey-2-how-to-study-moon-rocks-from-the-soviet-sample-return-mission-luna-24","url":"https://api.media.ccc.de/public/events/3ad7da57-ece4-5a75-9e52-f93d7df79734","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"0ba98a34-3b81-5578-9485-572db751d5c5","title":"Och Menno – IT und IT Security Uppsis","subtitle":null,"slug":"39c3-och-menno-it-und-it-security-uppsis","link":"https://events.ccc.de/congress/2025/hub/event/detail/och-menno-it-und-it-security-uppsis","description":"Willkommen     zum inkompetenten Podcast mit der besonderen Folge zur Inkompetenz in der IT und IT Security. Warum ist das Password Louvre schlecht ? Wie läuft die Cloud Transformation richtig schlecht ?\nEine kleine Show der Pleiten, Pech und Pannen. Und für die Besucher des Talks über Uboote letztes Jahr gibt es noch einen kleinen Ausflug in die Welt der ultrakomprimierten Daten, oder die Server formaly known als TITAN Steuersystem.\n\nEin kleiner Rundflug über die besten Fails der letzten Jahre.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Sven Uckermann"],"tags":["83756","2025","39c3","Sendezentrum Bühne (Saal X 07)","39c3-deu","Day 1"],"view_count":57900,"promoted":false,"date":"2025-12-27T17:15:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-06T17:00:04.584+02:00","length":2531,"duration":2531,"thumb_url":"https://static.media.ccc.de/media/congress/2025/83756-0ba98a34-3b81-5578-9485-572db751d5c5.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/83756-0ba98a34-3b81-5578-9485-572db751d5c5_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/83756-0ba98a34-3b81-5578-9485-572db751d5c5.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/83756-0ba98a34-3b81-5578-9485-572db751d5c5.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-och-menno-it-und-it-security-uppsis","url":"https://api.media.ccc.de/public/events/0ba98a34-3b81-5578-9485-572db751d5c5","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"11a7f79c-4ac5-5449-8fd4-6467ef2d6d2c","title":"Life on Hold: What Does True Solidarity Look Like Beyond Duldung, Camps, Deportation, and Payment Cards?","subtitle":null,"slug":"39c3-life-on-hold-what-does-true-solidarity-look-like-beyond-duldung-camps-deportation-and-payment-cards","link":"https://events.ccc.de/congress/2025/hub/event/detail/life-on-hold-what-does-true-solidarity-look-like-beyond-duldung-camps-deportation-and-payment-cards","description":"Lager, Duldung, Bezahlkarte, Essensscheine – Criminalization, Radicalization, Reality for Many People in East Germany\nThis talk sheds light on how these terms shape everyday life. We dive into an existence marked by uncertainty, isolation, and psychological strain, both in anonymous big cities and rural areas of East Germany. We ask: What does “solidarity” really mean in this context?\n\nIn this session, people share everyday experiences with a system that often systematically undermines human rights and dignity.\nWe don’t just talk about the obvious obstacles like the payment card or residency obligation, but also the invisible wounds: the constant fear of deportation, the psychological consequences of isolation, and the daily experience of hostility. We highlight the specific challenges of life in cramped camps on the outskirts of big cities, as well as the social control and visibility in rural communities.\nHowever, this talk is not just about naming problems. At its core is the urgent question: What does true solidarity really look like? How can support go beyond symbolic politics and short-term aid offers? This session is an invitation to shift perspectives, listen, and collaboratively develop concrete approaches for a more humane policy and a more solidaric coexistence.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Shaaib","Eric Noel Mbiakeu"],"tags":["1372","2025","39c3","Ethics, Society \u0026 Politics","Fuse","39c3-eng","39c3-deu","Day 1"],"view_count":1098,"promoted":false,"date":"2025-12-27T19:15:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-04T14:15:04.503+02:00","length":3657,"duration":3657,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1372-11a7f79c-4ac5-5449-8fd4-6467ef2d6d2c.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1372-11a7f79c-4ac5-5449-8fd4-6467ef2d6d2c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1372-11a7f79c-4ac5-5449-8fd4-6467ef2d6d2c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1372-11a7f79c-4ac5-5449-8fd4-6467ef2d6d2c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-life-on-hold-what-does-true-solidarity-look-like-beyond-duldung-camps-deportation-and-payment-cards","url":"https://api.media.ccc.de/public/events/11a7f79c-4ac5-5449-8fd4-6467ef2d6d2c","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"1511188c-92ca-5002-b411-591b5f848e14","title":"Wie wir alte Flipperautomaten am Leben erhalten","subtitle":null,"slug":"39c3-wie-wir-alte-flipperautomaten-am-leben-erhalten","link":"https://events.ccc.de/congress/2025/hub/event/detail/wie-wir-alte-flipperautomaten-am-leben-erhalten","description":"Der Vortrag beschreibt, wie eine Gruppe von Begeisterten eine Sammlung von ca. 100 Flipperautomaten (Pinball Machines) am Leben und in spielbereitem Zustand erhält.\n\nDer Vortrag gibt einen Einblick in die verschiedenen Generationen von Flippern und deren Technik. Angefangen von elektromechanischen Geräten aus den frühen Sechzigern, über erste Prozessorsteuerungen, bis hin zu modernsten computergesteuerten Automaten mit Bussystemen. Jede Generation hat ihre technischen Eigenheiten, ihre typischen Fehlermuster und Schwachstellen. \nIn öffentlichen Räumen sind heutzutage kaum mehr Flipper anzutreffen. Das liegt insbesondere daran, dass deren Wartung aufwändig ist, weil durch die mechanische Beanspruchung häufig Fehler auftreten. Bereits kleinste technische Probleme können den Spielspaß zunichte machen.\nDas Finden und Beheben von Fehlern erfordert viel Erfahrung – und manchmal Kreativität, insbesondere wenn alte Bauteile nicht mehr verfügbar sind oder kaum Dokumentation vorhanden ist. Technisch ist Sachverstand auf vielen Ebenen erforderlich, vom Schaltplanlesen über Löten und elektronische Messtechnik, bis hin zu mechanischem Know-how.\nDie Community der Flipper-Enthusiasten ist allerdings groß und kooperativ, sodass auch private Sammler ihre Flipper am Laufen halten können.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Axel Böttcher"],"tags":["2232","2025","39c3","Hardware","Zero","39c3-deu","39c3-eng","39c3-spa","Day 2"],"view_count":6229,"promoted":false,"date":"2025-12-28T21:05:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-04T08:15:03.782+02:00","length":2333,"duration":2333,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2232-1511188c-92ca-5002-b411-591b5f848e14.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2232-1511188c-92ca-5002-b411-591b5f848e14_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2232-1511188c-92ca-5002-b411-591b5f848e14.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2232-1511188c-92ca-5002-b411-591b5f848e14.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-wie-wir-alte-flipperautomaten-am-leben-erhalten","url":"https://api.media.ccc.de/public/events/1511188c-92ca-5002-b411-591b5f848e14","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"7557e54c-89e9-530d-aafb-8736570661d4","title":"Amtsgeheimnis raus, Datenhalde rein","subtitle":"Was die Informationsfreiheit in Österreich bringt","slug":"39c3-amtsgeheimnis-raus-datenhalde-rein-was-die-informationsfreiheit-in-osterreich-bringt","link":"https://events.ccc.de/congress/2025/hub/event/detail/amtsgeheimnis-raus-datenhalde-rein-was-die-informationsfreiheit-in-osterreich-bringt","description":"Jahrelang war die staatliche Intransparenz in Österreich nur eine Punchline in den Congress-Talks von Frag Den Staat. Damit könnte jetzt Schluss sein: seit heuer haben Bürger:innen endlich ein Recht, Dokumente einzusehen und ein Informationsfreiheitsgesetz. Wir zeigen, was Deutschland aus der über ein Jahrzehnt andauernden Kampagne für die Abschaffung des Amtsgeheimnisses lernen kann, wofür uns die Nachbarländer beneiden werden und wofür sich Bayern besonders schämen sollte.\r\n\r\nDie Kampagne – wie aus \"binnen zwei Wochen\" mehr als elf Jahre wurden\r\nDie Strategien – die man übernehmen kann\r\nDer Vergleich – wie ist Österreichische IFG im Vergleich zum Deutschen, und ist das der richtige\r\nDie (besten) Preisträger – aus mehr als zehn Jahren des Schmähpreises \"Mauer des Schweigens\"\r\nDie Datenhalde – mit Aufruf, was aus dem Datenberg zu machen\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Markus (fin) Hametner","Erwin Ernst \"eest9\" Steinhammer"],"tags":["2067","2025","39c3","Ethics, Society \u0026 Politics","Zero","39c3-deu","39c3-eng","39c3-spa","Day 2"],"view_count":3386,"promoted":false,"date":"2025-12-28T19:15:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-06T12:00:06.823+02:00","length":2377,"duration":2377,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2067-7557e54c-89e9-530d-aafb-8736570661d4.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2067-7557e54c-89e9-530d-aafb-8736570661d4_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2067-7557e54c-89e9-530d-aafb-8736570661d4.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2067-7557e54c-89e9-530d-aafb-8736570661d4.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-amtsgeheimnis-raus-datenhalde-rein-was-die-informationsfreiheit-in-osterreich-bringt","url":"https://api.media.ccc.de/public/events/7557e54c-89e9-530d-aafb-8736570661d4","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"8ba2a160-c00d-56c4-a84e-afb1536bc48b","title":"Neue Chaos Events","subtitle":"InselChaos und Håck ma’s Castle plaudern aus dem Nähkästchen","slug":"39c3-neue-chaos-events-inselchaos-und-hack-ma-s-castle-plaudern-aus-dem-nahkastchen","link":"https://events.ccc.de/congress/2025/hub/event/detail/neue-chaos-events-inselchaos-und-hack-ma-s-castle-plaudern-aus-dem-nahkastchen","description":"Auf der Insel Rügen und in Österreich tut sich was - und zwar neue Chaos Events. Wir möchten über Anforderungen, Herausforderungen, Hürden, Erfahrungen und Glücksmomente aus unserer Sicht der Orga erzählen. Das InselChaos fand im LaGrange e.V. im September 2025 statt und bildet den Auftakt für weitere kreative, informative und chaotische Events auf der Insel Rügen. Das Håck ma’s Castle wird mit etwas Humor auch über Herausforderungen sprechen, welche unter anderem durch dezentrale Teams aus diversen Hackspaces entstehen.\r\n\r\n**InselChaos**\r\nDer Port39 e.V. hatte den Traum, das Chaos nach MV zu holen und ein größeres Event an der Ostsee zu veranstalten. Gerade erst 3 Jahre alt, haben wir mit der Planung in kleinem Kreis begonnen. Eine Location musste gesucht, Inspirationen und Ideen gesammelt, bürokratische Hürden und sehr viele individuelle Probleme gelöst werden, bis es Anfang September soweit war, dass wir unsere Gäste begrüßen durften. In diesem Talk sprechen wir darüber, wie es ist, als kleiner Verein mit einem vierköpfigen Orga-Team ein ChaosEvent mit über 150 Gästen zu koordinieren, welche Schwierigkeiten wir dabei überwunden und vor allem, welche Learnings wir daraus gezogen haben, um es nächstes Mal noch besser zu machen.\r\n\r\n\r\n**Håck ma’s Castle**\r\nWir werden in unserem Talk, darüber sprechen, welche Methoden und Meetingmodi wir ausgetestet haben, gute wie aber auch schlechte Entscheidungen welche getroffen wurden. Vorallem aber auch über die Herausforderung, die es mit sich bringt, wenn sich Wesen noch nicht kennen und wir zuerst auf menschlicher Ebene auch zusammenkommen mussten, damit es inhaltlich auch besser klappt.\r\n\r\nHard facts Håck ma's Castle:\r\n- 3 (+1) Tage Event\r\n- August 2024\r\n- mit Schloss\r\n- mit Camping\r\n- ~330 Wesen\r\n- inklusive 1 Schlosskatze *meow*\r\n- Orga verteilt in ganz Österreich und darüber hinaus:\r\n- metalab, realraum, C3W, CCC Salzburg, /dev/lol, SegFaultDragons, SegVault, IT-Syndikat, /usr/space, Gebärdenverse, female coders, chaos.jetzt etc.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Erwin Ernst \"eest9\" Steinhammer","lasii","Daniel","Niklas"],"tags":["2419","2025","39c3","CCC \u0026 Community","Fuse","39c3-deu","39c3-eng","Day 2"],"view_count":2521,"promoted":false,"date":"2025-12-28T12:15:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-06T13:30:06.698+02:00","length":3511,"duration":3511,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2419-8ba2a160-c00d-56c4-a84e-afb1536bc48b.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2419-8ba2a160-c00d-56c4-a84e-afb1536bc48b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2419-8ba2a160-c00d-56c4-a84e-afb1536bc48b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2419-8ba2a160-c00d-56c4-a84e-afb1536bc48b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-neue-chaos-events-inselchaos-und-hack-ma-s-castle-plaudern-aus-dem-nahkastchen","url":"https://api.media.ccc.de/public/events/8ba2a160-c00d-56c4-a84e-afb1536bc48b","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"1c19a455-d4bb-56ed-88dd-8ead6505e2cd","title":"Syncing visuals and stage lights against the beat of live music: an introduction","subtitle":null,"slug":"39c3-syncing-visuals-and-stage-lights-against-the-beat-","link":"https://events.ccc.de/congress/2025/hub/event/detail/syncing-visuals-and-stage-lights-against-the-beat-","description":"Most clubs and concerts have predefined light and visuals, and often they are generic and not synced to the beat of the music. \nToday we will show you that it's actually possible to sync visual effects to the beat of live music recorded from the microphone, and it's pretty easy!\nAimed at beginners.\n\nWe will teach people how to set up and use TouchDesigner to perform audio analysis and how to draw basic effects and light shows that respond to the beat of the input audio. \nIf you want to follow along, please come with  TouchDesigner preinstalled (the free version is perfectly fine). Recommended on Windows or Mac, but with enough pain it can run under Wine as well.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Luca Di Bartolomeo (cyanpencil)"],"tags":["1890","2025","39c3","Chaos Computer Music Club","39c3-eng","Day 1"],"view_count":2399,"promoted":false,"date":"2025-12-27T18:00:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-06T21:00:08.054+02:00","length":1835,"duration":1835,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1890-1c19a455-d4bb-56ed-88dd-8ead6505e2cd.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1890-1c19a455-d4bb-56ed-88dd-8ead6505e2cd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1890-1c19a455-d4bb-56ed-88dd-8ead6505e2cd.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1890-1c19a455-d4bb-56ed-88dd-8ead6505e2cd.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-syncing-visuals-and-stage-lights-against-the-beat-","url":"https://api.media.ccc.de/public/events/1c19a455-d4bb-56ed-88dd-8ead6505e2cd","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"9c8bec33-f71a-5090-857d-1648a027c8a9","title":"GPTDash – Der Reverse-Turing-Test","subtitle":null,"slug":"39c3-gptdash-der-reverse-turing-test","link":"https://events.ccc.de/congress/2025/hub/event/detail/gptdash-der-reverse-turing-test","description":"KIs (bzw. LLMs) wirken immer menschlicher. Schon längst ist es schwer bis unmöglich zu erkennen, ob ein Text von einer KI oder einem Menschen geschrieben wurde. Maschinen dringen immer mehr in den menschlichen Diskurs ein. Wir wollen das nicht länger hinnehmen und drehen den Spieß um.\n\nIn unserem Reverse-Turing-Test schlüpfen die Teilnehmenden in die Rolle einer KI und versuchen so robotisch-menschlich wie möglich zu klingen. In einer anschließenden Blindstudie prüfen wir, wer sich am besten unter KIs mischen und beim nächsten Robot Uprising die Spionin der Wahl wäre.\n\nHumor, Kreativität und ein Hang zu allgemeingültigen, nichtssagenden Floskeln sind die perfekten Voraussetzungen! Ein digitales Endgerät (Smartphone, Tablet, Laptop, …) reicht zum Mitspielen aus.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Benny","KI-lian","BratscherBen"],"tags":["2161","2025","39c3","Entertainment","One","39c3-deu","39c3-eng","39c3-fra","Day 2"],"view_count":6323,"promoted":false,"date":"2025-12-29T01:00:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-06T23:00:05.411+02:00","length":5468,"duration":5468,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2161-9c8bec33-f71a-5090-857d-1648a027c8a9.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2161-9c8bec33-f71a-5090-857d-1648a027c8a9_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2161-9c8bec33-f71a-5090-857d-1648a027c8a9.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2161-9c8bec33-f71a-5090-857d-1648a027c8a9.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-gptdash-der-reverse-turing-test","url":"https://api.media.ccc.de/public/events/9c8bec33-f71a-5090-857d-1648a027c8a9","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"903ae13a-c885-5870-a745-a111b3397d22","title":"netzpolitik.org Off/On: Off The Record live","subtitle":null,"slug":"39c3-netzpolitikorg-offon-off-the-record-live","link":"https://events.ccc.de/congress/2025/hub/event/detail/netzpolitikorg-offon-off-the-record-live","description":"Bei \"Off The Record\" nehmen wir euch mit in den Maschinenraum von netzpolitik.org. Einmal im Monat geben Redakteur:innen und andere Team-Mitglieder Einblicke in ihre Arbeit. Bei dieser Live-Ausgabe zum Abschluss des Jahres wollen wir hinter die Kulissen einiger große Recherchen blicken: Es geht um Spionage-Apps und Datenhändler, eine mysteriöse Schallwaffe und die Tücken der Verwaltungsdigitalisierung.\n\nIn \"Off/On\", dem Podcast von netzpolitik.org, wechseln sich zwei Formate ab: Bei \"Off The Record\" geht es ab in den Maschinenraum von netzpolitik.org: Wir erzählen, wie unsere Recherchen entstehen, und machen transparent, wie wir arbeiten. Bei \"On The Record\" interviewen wir Menschen, die unsere digitale Gesellschaft prägen.\n\nBei dieser Live-Ausgabe von \"Off The Record\" spricht Ingo Dachwitz mit Chris Köver, Markus Reuter und Esther Mehnhard über ihre Recherchen des Jahres. Wie sind sie bei der Recherche vorgegangen? Welche Hindernisse mussten sie überwinden? Wie verpackt man komplexe Sachverhalten am besten? Und was haben die Recherchen ausgelöst?\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Ingo Dachwitz","Esther Menhard","Markus Reuter","Chris Köver"],"tags":["83817","2025","39c3","Sendezentrum Bühne (Saal X 07)","39c3-deu","Day 2"],"view_count":1567,"promoted":false,"date":"2025-12-28T12:30:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-06T23:15:07.305+02:00","length":2784,"duration":2784,"thumb_url":"https://static.media.ccc.de/media/congress/2025/83817-903ae13a-c885-5870-a745-a111b3397d22.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/83817-903ae13a-c885-5870-a745-a111b3397d22_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/83817-903ae13a-c885-5870-a745-a111b3397d22.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/83817-903ae13a-c885-5870-a745-a111b3397d22.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-netzpolitikorg-offon-off-the-record-live","url":"https://api.media.ccc.de/public/events/903ae13a-c885-5870-a745-a111b3397d22","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"28fc102e-a38e-51b2-a48b-530b0d0e49a9","title":"Race conditions, transactions and free parking","subtitle":null,"slug":"39c3-race-conditions-transactions-and-free-parking","link":"https://events.ccc.de/congress/2025/hub/event/detail/race-conditions-transactions-and-free-parking","description":"ORM's and/or developers don't understand databases, transactions, or concurrency.\n\nAfter the [Air France-KLM dataleak](https://media.ccc.de/v/37c3-lightningtalks-58027-air-france-klm-6-char-short-code) I kept repeating this was not a real hack, and confessed I always wanted to hack a system based on triggering race conditions because the lack of proper transactions.\nThis was way easier than expected. In this talk I will show how just adding `$ seq 0 9 | xargs -I@ -P10 ..` can break some systems, and how to write safe database transactions that prevent abuse.\n\nIn this talk I will explain what race conditions are. Many examples of how and why code will fail. How to properly create a database transaction. The result of abusing this in real life (e.g. free parking).\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Benjamin W. Broersma"],"tags":["2286","2025","39c3","Security","Zero","39c3-eng","39c3-deu","39c3-pol","Day 3"],"view_count":3855,"promoted":false,"date":"2025-12-29T21:05:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-06T22:45:07.230+02:00","length":2331,"duration":2331,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2286-28fc102e-a38e-51b2-a48b-530b0d0e49a9.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2286-28fc102e-a38e-51b2-a48b-530b0d0e49a9_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2286-28fc102e-a38e-51b2-a48b-530b0d0e49a9.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2286-28fc102e-a38e-51b2-a48b-530b0d0e49a9.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-race-conditions-transactions-and-free-parking","url":"https://api.media.ccc.de/public/events/28fc102e-a38e-51b2-a48b-530b0d0e49a9","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"0c8b0cb4-6cf9-5ff8-928a-0a0f49558c48","title":"Opening Ceremony","subtitle":null,"slug":"39c3-opening-ceremony","link":"https://events.ccc.de/congress/2025/hub/event/detail/opening-ceremony","description":"Power On! Lasst uns gemeinsam an diesem magischen Ort ankommen und alles vorbereiten, um die nächsten vier Tage in einer fröhlich-kreativen, fantastischen Wunderwelt zu verbringen und Kraft zu tanken.\n\nDas Opening gibt euch die wichtigsten Infos für den Congress, stimmt euch ein und ... äh ... bis Späti!\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["pajowu","Stella"],"tags":["1233","2025","39c3","CCC \u0026 Community","One","39c3-deu","39c3-eng","39c3-fra","Day 1"],"view_count":18765,"promoted":false,"date":"2025-12-27T10:30:00.000+01:00","release_date":"2025-12-27T00:00:00.000+01:00","updated_at":"2026-04-05T16:15:04.834+02:00","length":1291,"duration":1291,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1233-0c8b0cb4-6cf9-5ff8-928a-0a0f49558c48.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1233-0c8b0cb4-6cf9-5ff8-928a-0a0f49558c48_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1233-0c8b0cb4-6cf9-5ff8-928a-0a0f49558c48.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1233-0c8b0cb4-6cf9-5ff8-928a-0a0f49558c48.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-opening-ceremony","url":"https://api.media.ccc.de/public/events/0c8b0cb4-6cf9-5ff8-928a-0a0f49558c48","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"42fe49fd-0068-5456-a326-7687603aead8","title":"Chaos all year round","subtitle":null,"slug":"39c3-chaos-all-year-round","link":"https://events.ccc.de/congress/2025/hub/event/detail/chaos-all-year-round","description":"Neben dem Congress gibt es noch viele andere Chaos-Events, die über das ganze Jahr verteilt stattfinden. Das Easterhegg, die GPN und die MRMCD kennen vermutlich die meisten Chaos-Wesen. Aber was ist eigentlich mit den ganzen kleineren Veranstaltungen?\n\nBei diesem Vortrag im Lightning-Talk-Format habt ihr die Möglichkeit, euch quasi im Schnelldurchlauf über viele weitere tolle Chaos-Events zu informieren. Zusätzlich werden auch ein bis zwei größere Events vorgestellt, die sich gerade in der Planungsphase befinden und noch Verstärkung für ihr Team suchen.\n\nFalls ihr euer Chaos-Event auf der großen Bühne kurz vorstellen möchtet, tragt euch bitte [im Wiki ein](https://events.ccc.de/congress/2025/hub/de/wiki/event-vorstellungen).\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Deanna"],"tags":["2401","2025","39c3","CCC \u0026 Community","Fuse","39c3-deu","39c3-eng","Day 1"],"view_count":1641,"promoted":false,"date":"2025-12-27T16:00:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-03-25T22:45:06.302+01:00","length":2964,"duration":2964,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2401-42fe49fd-0068-5456-a326-7687603aead8.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2401-42fe49fd-0068-5456-a326-7687603aead8_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2401-42fe49fd-0068-5456-a326-7687603aead8.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2401-42fe49fd-0068-5456-a326-7687603aead8.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-chaos-all-year-round","url":"https://api.media.ccc.de/public/events/42fe49fd-0068-5456-a326-7687603aead8","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"b472503f-7336-586b-aa63-d082c14e0945","title":"How to keep Open Source open without leaving our communities open to threats","subtitle":null,"slug":"39c3-how-to-keep-open-source-open-without-leaving-our-communities-open-to-threats","link":"https://events.ccc.de/congress/2025/hub/event/detail/how-to-keep-open-source-open-without-leaving-our-communities-open-to-threats","description":"The Four Freedoms (defined ~40 years ago) and the Four Opens (~15 years ago) for Open Source provided canonical definitions for what are the cornerstones of Open Source Software communities today. While the ethos still applies today, the cultural norms that blossomed to put it into practice are from an era with different challenges.\n\nTo build a better world, we need to both keep and protect the value system of the Four Freedoms and Four Opens. To do that, we need to re-assess our risk and threat models to balance that allows beautiful minds to flourish as well as introduce responsible friction to prevent harm from coming to them.\n\nThe state of the internet, c 1990:\n\n* Limited, opt-in connectivity: people had to both have access to a computer and that computer had to have access to the internet.\n* Tooling required some in-industry knowledge to be able to run and use, not only for development but also for communication.\n* Open source was a young movement. The \"common source\" was proprietary.\n\nThe state of the internet, c 2025:\n\n* Always online, might-not-even-be-to-opt-out connectivity: devices are almost always collecting and transmitting data, including audio/visual, in some cases even if \"turned off\".\n* Easy to use tooling has made it easier for everyone to come together. The pervasiveness of technology also means that most people, of any background, can easily access other people in the thousands or even millions.\n* Open source is common, accessible, and matured. A $9 **_trillion_** resource. Yes, **_trillion_**.\n\nThese three significant changes drastically change the threat model for OSS communities. In the beginning, someone had to have both knowledge and resources to harm or otherwise compromise a community of developers. Now, anyone with a grudge can make a bot army with seamless integrations and gracious freemium tiers for AI/LLMs. Likewise, when open source was small, the \"who\" who would be motivated to harm and otherwise disrupt those communities was limited. Now there is both massive social and economic benefit to harm and disrupt. This means that risks and threats now still include the motivated and resourced **_with the addition of_** those who are scarce in both.\n\nWe need to come together to build new organizational threat models that account for how this consequence has posed new risks to our communities. With care and attention to detail, we can introduce responsible friction that will protect our communication infrastructure, the lifeblood of what allows open source to grow.\n\nThere will also be a workshop with this presentation, with the outcome of creating an ongoing working group dedicated to helping OSS Foundations of all sizes protect their communities.\n\nThere will be a workshop about the same topic on 12.30, Day 4: [https://events.ccc.de/congress/2025/hub/de/event/detail/how-to-keep-open-source-open-without-leaving-our-c](https://events.ccc.de/congress/2025/hub/de/event/detail/how-to-keep-open-source-open-without-leaving-our-c)\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Quintessence"],"tags":["2035","2025","39c3","Ethics, Society \u0026 Politics","Fuse","39c3-eng","39c3-deu","Day 4"],"view_count":3073,"promoted":false,"date":"2025-12-30T11:00:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-03-31T13:15:07.215+02:00","length":2221,"duration":2221,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2035-b472503f-7336-586b-aa63-d082c14e0945.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2035-b472503f-7336-586b-aa63-d082c14e0945_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2035-b472503f-7336-586b-aa63-d082c14e0945.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2035-b472503f-7336-586b-aa63-d082c14e0945.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-how-to-keep-open-source-open-without-leaving-our-communities-open-to-threats","url":"https://api.media.ccc.de/public/events/b472503f-7336-586b-aa63-d082c14e0945","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"418f57a7-435b-5835-98ad-85158338b6c4","title":"Hacking Karlsruhe - 10 years later","subtitle":null,"slug":"39c3-hacking-karlsruhe-10-years-later","link":"https://events.ccc.de/congress/2025/hub/event/detail/hacking-karlsruhe-10-years-later","description":"\"Wir gehen nach Karlsruhe!“ – das klang vor zehn Jahren nach Aufbruch und juristischem Hack. Heute ist klar: Strategische Prozessführung ist kein Sprint, sondern ein zähes, manchmal frustrierendes Dauerprojekt.\n\nIn diesem Talk ziehen wir Bilanz: Was haben wir mit zivilgesellschaftlichen Verfassungsbeschwerden im Bereich Technologie erreicht – und wo sind wir gescheitert? Welche Fehler würden wir heute vermeiden, welche Wege waren richtig? Und was bedeutet es, wenn das höchste deutsche Gericht zunehmend weniger Lust auf digitalpolitische Grundrechtsfragen zeigt?\n\nEin realistischer Blick hinter die Kulissen strategischer Klagen – und die Frage: Wie hackt man das Rechtssystem im Jahr 2025?\n\nWenn Gesetze Grundrechte verletzen, warum nicht das Bundesverfassungsgericht hacken – mit Strategie, Teamwork und guter Begründung? Aus dieser Idee ist inzwischen ein zentrales Werkzeug zivilgesellschaftlicher Gegenmacht geworden: Strategische Prozessführung. Das Prinzip ist einfach: Gesetze nicht nur kritisieren, sondern systematisch angreifen, mit gezielten Verfassungsbeschwerden gegen Überwachung, Zensur und staatliche Eingriffe in die digitale Freiheit.\nSeitdem hat sich viel getan. Organisationen wie die Gesellschaft für Freiheitsrechte (GFF) haben den Weg nach Karlsruhe professionalisiert und Verfahren angestoßen, die viele aus den Nachrichten kennen:\ngegen die Vorratsdatenspeicherung,\ngegen das BND-Gesetz zur Auslandsüberwachung,\ngegen den Einsatz von Palantir,\nund gegen den Einsatz von Staatstrojanern.\nEinige dieser Verfahren waren erfolgreich und haben Gesetze gekippt. Andere sind krachend gescheitert – oder hängen seit Jahren in Karlsruhe fest. Dabei zeigt sich: Der Weg zum Urteil wird härter, die Erfolgsaussichten kleiner, und das Verfassungsgericht ist nicht mehr der progressive Motor, der es mal war.\nDieser Talk zieht eine ehrliche Bilanz: Was bringt strategische Prozessführung wirklich? Was lässt sich aus Erfolgen und Misserfolgen lernen? Welche Fälle lohnen sich – und wo wird der Rechtsweg zur Sackgasse? Und wie verschiebt sich das Ganze inzwischen auf die europäische Ebene – wo neue Schauplätze wie der Digital Services Act oder der AI Act warten?\nKeine juristische Vorlesung, sondern ein Erfahrungsbericht aus zehn Jahren digitaler Grundrechtsarbeit. Es geht um Taktik, Fehlentscheidungen, unerwartete Allianzen – und um die Frage, wie man auch heute noch im Rechtssystem rütteln kann, wenn die Türen in Karlsruhe enger werden.\nDer Vortrag wird gehalten von Simone Ruf und Jürgen Bering von der Gesellschaft für Freiheitsrechte.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Jürgen Bering"],"tags":["1873","2025","39c3","Ethics, Society \u0026 Politics","Fuse","39c3-deu","39c3-eng","Day 3"],"view_count":2700,"promoted":false,"date":"2025-12-29T11:55:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-03-31T11:45:07.947+02:00","length":2419,"duration":2419,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1873-418f57a7-435b-5835-98ad-85158338b6c4.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1873-418f57a7-435b-5835-98ad-85158338b6c4_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1873-418f57a7-435b-5835-98ad-85158338b6c4.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1873-418f57a7-435b-5835-98ad-85158338b6c4.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-hacking-karlsruhe-10-years-later","url":"https://api.media.ccc.de/public/events/418f57a7-435b-5835-98ad-85158338b6c4","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"f7a3c3ba-a9d0-5aab-bf31-f63a034a8d22","title":"The Spectrum - Hackspace Beyond Hacking","subtitle":null,"slug":"39c3-the-spectrum-hackspace-beyond-hacking","link":"https://events.ccc.de/congress/2025/hub/event/detail/the-spectrum-hackspace-beyond-hacking","description":"The Spectrum is a newly founded queer-feminist, intersectional hackspace centering FLINTA+, disabled, and marginalized beings. We see hacking as playful exploration—of technology, art, and ideas—to reimagine what inclusion and collaboration can be. At 39C3, we share how awareness, accessibility, and transdisciplinary creation can transform community and hack the norm.\n\nThe Spectrum is a new queer-feminist, intersectional and transdisciplinary hackspace centering FLINTA+, creatures with disabilities, and other marginalized communities founded in 2025. We see hacking as more than code and machines—it’s a way of exploring the world through curiosity, play, and care. By taking things, systems, and ideas apart, we uncover new perspectives and possibilities for change. Our space is built around awareness, inclusion, and open access to knowledge. We aim to create an environment where everyone can learn, share, and experiment freely—without the constraints of “normality.” From art and music to activism and technology, The Spectrum brings together diverse disciplines and beings to co-create, collaborate, and imagine better futures.\n\nAt 39C3, we want to share our experiences of building such a space: how awareness work and accessibility can shape community dynamics, what transdisciplinary hacking can look like, and how centering marginalized perspectives transforms collective creation. Join us to explore what it means to hack not only systems, but also art, expectations, and realities.\n\nhttps://the-spectrum.space/en/\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["sjaelv","MultisampledNight"],"tags":["2085","2025","39c3","CCC \u0026 Community","Fuse","39c3-eng","39c3-deu","39c3-fra","Day 3"],"view_count":1343,"promoted":false,"date":"2025-12-29T22:05:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-03-26T08:30:06.582+01:00","length":2252,"duration":2252,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2085-f7a3c3ba-a9d0-5aab-bf31-f63a034a8d22.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2085-f7a3c3ba-a9d0-5aab-bf31-f63a034a8d22_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2085-f7a3c3ba-a9d0-5aab-bf31-f63a034a8d22.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2085-f7a3c3ba-a9d0-5aab-bf31-f63a034a8d22.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-the-spectrum-hackspace-beyond-hacking","url":"https://api.media.ccc.de/public/events/f7a3c3ba-a9d0-5aab-bf31-f63a034a8d22","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"562f7db7-c4c4-5120-903d-a782e8a17894","title":"Current Drone Wars","subtitle":null,"slug":"39c3-current-drone-wars","link":"https://events.ccc.de/congress/2025/hub/event/detail/current-drone-wars","description":"The character of drone wars has changed. The large, cumbersome long-range drones have been complemented with small and low-budget drones. Moreover, more and more states are developing, deploying and selling them. Ten years ago at least 50 states were developing them. At the top are USA, Israel, Turkey, China, Iran and Russia.\n \nRussia's attack on Ukraine has unleashed a drone war unlike any seen before.\nIn short time the Ukraine has build significant drone production capabilities and announcement that it will increase its own production of quadcopters and kamikaze drones to one million units per year.\n \nGerman defense companies and startups are now promoting a “drone wall on NATO's eastern flank.” Moreover, despite their vulnerability to air defenses, large drones are also being further developed. They are intended to accompany next generation fighter jets in swarms.\n \nIn this talk, past and current developments are discussed. What are the perspectives now?\n\nThe character of drone wars has changed. The large, cumbersome long-range drones have been complemented with small and low-budget drones. Moreover, more and more states are developing, deploying and selling them. Ten years ago at least 50 states were developing them. At the top are USA, Israel, Turkey, China, Iran and Russia.\n\nRussia's attack on Ukraine has unleashed a drone war unlike any seen before.\nIn short time the Ukraine has build significant drone production capabilities and announcement that it will increase its own production of quadcopters and kamikaze drones to one million units per year.\n\nGerman defense companies and startups are now promoting a “drone wall on NATO's eastern flank.” Moreover, despite their vulnerability to air defenses, large drones are also being further developed. They are intended to accompany next generation fighter jets in swarms.\n\nIn this talk, past and current developments are discussed. What are the perspectives now?\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Leonard"],"tags":["2411","2025","39c3","Ethics, Society \u0026 Politics","Ground","39c3-eng","39c3-deu","39c3-pol","Day 2"],"view_count":22630,"promoted":false,"date":"2025-12-28T17:35:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-06T19:00:08.613+02:00","length":2544,"duration":2544,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2411-562f7db7-c4c4-5120-903d-a782e8a17894.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2411-562f7db7-c4c4-5120-903d-a782e8a17894_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2411-562f7db7-c4c4-5120-903d-a782e8a17894.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2411-562f7db7-c4c4-5120-903d-a782e8a17894.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-current-drone-wars","url":"https://api.media.ccc.de/public/events/562f7db7-c4c4-5120-903d-a782e8a17894","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"9c3ce2ac-1531-5a5a-ae7d-df3511b5c914","title":"Handy weg bis zur Ausreise","subtitle":"Wie Cellebrite ins Ausländeramt kam","slug":"39c3-handy-weg-bis-zur-ausreise-wie-cellebrite-ins-auslanderamt-kam","link":"https://events.ccc.de/congress/2025/hub/event/detail/handy-weg-bis-zur-ausreise-wie-cellebrite-ins-auslanderamt-kam","description":"Seit Anfang 2024 dürfen Ausländerbehörden Smartphones von ausreisepflichtigen Menschen nicht nur durchsuchen, sondern gleich ganz behalten – „bis zur Ausreise“. \r\n\r\nWas als geringfügige Änderung im Aufenthaltsgesetz daherkommt, erweist sich als massiver Eingriff in Grundrechte: Menschen verlieren nicht nur die Kontrolle über ihre Daten, sondern auch ihr wichtigstes Kommunikationsmittel – auf unbestimmte Zeit. \r\n\r\nHier hört ihr, welche absurden Blüten das treibt. Von Bayern bis NRW haben Bundesländer inzwischen eigene IT-forensische Tools für ihre Behörden angeschafft, um auf den Geräten nach “Indizien” für die Herkunft zu suchen. Sie setzen Methoden ein, wie wir sie sonst aus Ermittlungsverfahren oder von Geheimdiensten kennen – um die Geräte von Menschen zu durchsuchen, die nichts verbrochen haben.\r\n\r\nSeit Anfang 2024 dürfen Ausländerbehörden Smartphones von ausreisepflichtigen Menschen nicht nur durchsuchen, sondern gleich ganz behalten – „bis zur Ausreise“.\r\n\r\nWas als geringfügige Änderung im Aufenthaltsgesetz daherkommt, erweist sich als massiver Eingriff in Grundrechte: Menschen verlieren nicht nur die Kontrolle über ihre Daten, sondern auch ihr wichtigstes Kommunikationsmittel – auf unbestimmte Zeit.\r\n\r\nHier hört ihr, welche absurden Blüten das treibt. Von Bayern bis NRW haben Bundesländer inzwischen eigene IT-forensische Tools für ihre Behörden angeschafft, um auf den Geräten nach “Indizien” für die Herkunft zu suchen. Sie setzen Methoden ein, wie wir sie sonst aus Ermittlungsverfahren oder von Geheimdiensten kennen – um die Geräte von Menschen zu durchsuchen, die nichts verbrochen haben.\r\n\r\nIm Vortrag zeige ich, welche absurden Konsequenzen das für die Betroffenen mit sich bringt, welche Bundesländer an der traurigen Spitze der Statistik stehen – und wie sich das Ganze in das Arsenal der digitalen und sonstigen Repressionen von Geflüchteten einreiht.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Chris Köver"],"tags":["1551","2025","39c3","Ethics, Society \u0026 Politics","Ground","39c3-deu","39c3-eng","Day 1"],"view_count":8002,"promoted":false,"date":"2025-12-27T17:15:00.000+01:00","release_date":"2025-12-27T00:00:00.000+01:00","updated_at":"2026-04-06T15:45:04.790+02:00","length":3671,"duration":3671,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1551-9c3ce2ac-1531-5a5a-ae7d-df3511b5c914.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1551-9c3ce2ac-1531-5a5a-ae7d-df3511b5c914_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1551-9c3ce2ac-1531-5a5a-ae7d-df3511b5c914.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1551-9c3ce2ac-1531-5a5a-ae7d-df3511b5c914.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-handy-weg-bis-zur-ausreise-wie-cellebrite-ins-auslanderamt-kam","url":"https://api.media.ccc.de/public/events/9c3ce2ac-1531-5a5a-ae7d-df3511b5c914","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"077fbf39-e49b-5f13-8a6f-c5c71bcb309c","title":"Demystifying Fuzzer Behaviour","subtitle":null,"slug":"39c3-demystifying-fuzzer-behaviour","link":"https://events.ccc.de/congress/2025/hub/event/detail/demystifying-fuzzer-behaviour","description":"Despite how it's often portrayed in blogs, scientific articles, or corporate test planning, fuzz testing isn't a magic bug printer; just saying \"we fuzz our code\" says nothing about how _effectively_ it was tested. Yet, how fuzzers and programs interact is deeply mythologised and poorly misunderstood, even by seasoned professionals. This talk analyses a number of recent works and case studies that reveal the relationship between fuzzers, their inputs, and programs to explain _how_ fuzzers work.\n\nFuzz testing (or, \"fuzzing\") is a testing technique that passes randomly-generated inputs to a subject under test (SUT). This term was first coined in 1988 by Miller to describe sending random byte sequences to Unix utilities (1), but was arguably preceded in 1971 by Breuer for fault detection in sequential circuits (2) and in 1972 by Purdom for parser testing by generating sentences from grammars (3). Curiously, they all exhibit different approaches for generating inputs based on knowledge about the SUT, though none of them use feedback from the SUT to make decisions about new inputs.\n\nFuzzing wasn't yet popular, but industry was catching on. Between the late 90s and 2013, we see a number of strategies appear in industry (4). Some had success with constraint solvers, where they would observe runtime behavior or have knowledge about a target's structure to produce higher quality inputs. Others operated in a different way, by taking an existing input and tweaking it slightly (\"mutating\") to address the low-likelihood of random generation to produce structured inputs. None was as successful, or as popular, as American Fuzzy Lop, or \"AFL\", released in 2013. This combined coverage observations for inputs (Ormandy, 2007) with concepts from evolutionary novelty search (5) into a tool which could, from very few initial inputs, _evolve_ over multiple mutations to find new, untested code.\n\nDespite its power, this advancement made it far more difficult to understand how fuzzers even worked. Now all you had to do was point this tool at a program and it would start testing, and the coverage would go up; users were now only responsible for writing \"harnesses\", code which processed fuzzer-produced inputs and sent them to the SUT. Though there have been a few real advances to fuzzing since (or, at least, strategies which combined previous methods more effectively), fuzzing research has mostly deadended, with new methods squeezing only minor improvements out of older ones. This, and inadequate harness writing, comes from this opaqueness in how fuzzers internally operate: without understanding what these tools do from first principles, there's no clear \"right\" and \"wrong\" way to do things because there is no mental model to test them against.\n\nThis talk doesn't talk about new bugs, new fuzzers, or new harness generation tools. The purpose of this talk is to uncover mechanisms of fuzzer input production in the context of different classes of SUT and harnesses thereon, highlighting recent papers which have clarified our understanding of how fuzzers and SUTs interact. By the end, you will have a better understanding of _why_ modern fuzzers work, _what_ their limitations are, and _how_ you can write better fuzzers and harnesses yourself.\n\n(1): https://pages.cs.wisc.edu/~bart/fuzz/CS736-Projects-f1988.pdf\n(2): https://ieeexplore.ieee.org/document/1671733\n(3): https://link.springer.com/article/10.1007/BF01932308\n(4): https://afl-1.readthedocs.io/en/latest/about_afl.html\n(5): https://www.academia.edu/download/25396037/0262287196chap43.pdf\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Addison"],"tags":["1508","2025","39c3","Science","Ground","39c3-eng","39c3-deu","39c3-fra","Day 1"],"view_count":6950,"promoted":false,"date":"2025-12-27T11:55:00.000+01:00","release_date":"2025-12-27T00:00:00.000+01:00","updated_at":"2026-04-04T11:30:05.964+02:00","length":2364,"duration":2364,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1508-077fbf39-e49b-5f13-8a6f-c5c71bcb309c.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1508-077fbf39-e49b-5f13-8a6f-c5c71bcb309c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1508-077fbf39-e49b-5f13-8a6f-c5c71bcb309c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1508-077fbf39-e49b-5f13-8a6f-c5c71bcb309c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-demystifying-fuzzer-behaviour","url":"https://api.media.ccc.de/public/events/077fbf39-e49b-5f13-8a6f-c5c71bcb309c","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"693e18d6-e777-596b-a21d-dd9e9f0282e6","title":"Live, Die, Repeat","subtitle":"The fight against data retention and boundless access to data","slug":"39c3-live-die-repeat-the-fight-against-data-retention-and-boundless-access-to-data","link":"https://events.ccc.de/congress/2025/hub/event/detail/live-die-repeat-the-fight-against-data-retention-and-boundless-access-to-data","description":"Both within the EU as well as nationally in Germany, there exists a renewed drive to implement data retention, a practice struck down by the ECJ and discontinued in many national legislations. In parallel, cross-border access to stored data has been mandated within the EU as “e-evidence”, and will soon be extended to 90+ countries under the umbrella of the EU cybercrime convention. In principle, all data stored by service providers will be available to law enforcement as part of a criminal investigation. The timing of both initiatives is not coincidental, as access to data naturally relies on the availability of data.\r\nThe talk will address the state of play on data retention in various legislations, and introduce the practice of cross border access to stored data by law enforcement as well as its shortcomings and threats to privacy and confidentiality.\r\n\r\nThe Specter of Data Retention is back in the political arena, both as a harmonized, EU-wide approach as well as being part of the coalition agreement of the new German national government. Other countries have already recently implemented new data retention laws, i.e. Belgium or Denmark. \r\nIn parallel, access to all types of stored data – and not only data stored under a data retention regime – by law enforcement has been radically reformed by groundbreaking new legislation, undermining both exiting national safeguards as well as protections implemented by businesses aiming for a higher standard in cyber security and data protection.  \r\nThe talk will give an overview on recent developments for a harmonized “minimum” approach to data retention under the Polish and Danish EU presidency as well as the new German legislation currently under consideration. \r\nIt will introduce the upcoming international release mechanisms for stored data under the e-evidence legislation, the 2nd protocol to the EU cybercrime convention as well as future threats from the UN cybercrime convention. \r\nIt will address how a cross-border request for information works in practice, which types of data can be requested by whom, and who will be responsible for the few remaining safeguards – including an analysis of the threat model and potential “side channel” attacks by cybercrime to gain access to basically all data stored by and with service providers.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Klaus Landefeld"],"tags":["2409","2025","39c3","Ethics, Society \u0026 Politics","Zero","39c3-eng","39c3-deu","39c3-fra","Day 2"],"view_count":1282,"promoted":false,"date":"2025-12-28T14:45:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-03-25T00:00:06.899+01:00","length":2417,"duration":2417,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2409-693e18d6-e777-596b-a21d-dd9e9f0282e6.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2409-693e18d6-e777-596b-a21d-dd9e9f0282e6_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2409-693e18d6-e777-596b-a21d-dd9e9f0282e6.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2409-693e18d6-e777-596b-a21d-dd9e9f0282e6.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-live-die-repeat-the-fight-against-data-retention-and-boundless-access-to-data","url":"https://api.media.ccc.de/public/events/693e18d6-e777-596b-a21d-dd9e9f0282e6","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"dac63c75-58d4-5d97-9910-c9ec9c9c63b7","title":"Atoms in Space","subtitle":null,"slug":"39c3-atoms-in-space","link":"https://events.ccc.de/congress/2025/hub/event/detail/atoms-in-space","description":"*What are atoms doing in space anyways?* This talk will provide a brief overview of applications of quantum technologies in space ranging from precise timing and inertial measurements to fundamental physics.\n\nQuantum technologies have seen a wide field of applications in medicine, geosciences, computing and communications, in many cases bridging the gap from laboratory experiments to commercial products in the last decade. For terrestrial applications that is. But what about going to space?\n\nQuantum physics based sensors and experiments promise higher accuracy, sensitivity or better long term stability as they rely on immutable properties of atoms. When properly manipulated, these (ultra-)cold atoms are likely to outperform state of the art instruments. Experiments conducted on sounding rockets demonstrated important steps like Bose-Einstein Condensate creation during a few minutes in microgravity, enabling more advanced quantum experiments in the future.  The International Space Station and the Tiangong Space Station host dedicated experiments like ultrastable clocks as well as flexible research infrastructure for fundamental research benefitting from long free-fall times. However, the deployment of such technologies on satellites is not as advanced. Satellite missions utilizing quantum sensors or performing long term experiments are subject to studies and proposals backed by a broad scientific community aiming at better understanding of climate change, interplanetary navigation or tests of general relativity. First steps towards realization of such missions are taken by ESA, NASA and various national space agencies as well as universities funded by national agencies or the EU.\n\nThis talk will detect the current state of atoms in space and give an overview of active programs to deploy quantum sensors on operational satellite missions. The focus is on future applications in geosciences and related fields employing the same technology.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["manuel"],"tags":["1690","2025","39c3","Science","Ground","39c3-eng","39c3-deu","39c3-por","Day 4"],"view_count":1960,"promoted":false,"date":"2025-12-30T11:00:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-03-29T19:00:05.177+02:00","length":2384,"duration":2384,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1690-dac63c75-58d4-5d97-9910-c9ec9c9c63b7.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1690-dac63c75-58d4-5d97-9910-c9ec9c9c63b7_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1690-dac63c75-58d4-5d97-9910-c9ec9c9c63b7.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1690-dac63c75-58d4-5d97-9910-c9ec9c9c63b7.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-atoms-in-space","url":"https://api.media.ccc.de/public/events/dac63c75-58d4-5d97-9910-c9ec9c9c63b7","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"34f3d9a6-9164-58df-81e6-51c112362a89","title":"Machine Vision","subtitle":"Vom Algorithmus zum Baumpilz im digitalen Metabolismus","slug":"39c3-machine-vision-vom-algorithmus-zum-baumpilz-im-digitalen-metabolismus","link":"https://events.ccc.de/congress/2025/hub/event/detail/machine-vision-vom-algorithmus-zum-baumpilz-im-digitalen-metabolismus","description":"Milliarden von Kameras produzieren täglich Bilder, die zunehmend von Maschinen analysiert werden. In dieser Lecture Performance beleuchten wir die Entwicklung des maschinellen Sehens – von den frühen algorithmischen Ansätzen bis zu den heutigen Anwendungen – und schauen, wie verschiedene Künstler:innen diese Technologien nutzen und reflektieren. Anhand der beiden Arbeiten „Throwback Environment” und „Fomes Fomentarius Digitalis” betrachten wir die Nutzung des maschinellen Sehens in einem künstlerischen Feedback-Loop. Die Arbeiten machen sichtbar, was die eingesetzten Algorithmen sehen und in welchen Mustern sie operieren.\r\n\r\nUnmengen an Bilder werden Täglich in die Netzwerke hochgeladen. Doch nicht nur Menschen betrachten diese Bilder, auch Maschinen analysieren und „betrachten\" sie. Wie funktioniert dieses maschinelle „Sehen\" und wie wurde dieses den Computern beigebracht?\r\nDiese Lecture Performance gibt einen Überblick über die Entwicklung des maschinellen Sehens. Nach einem kurzen Einblick in die geschichtliche Entwicklung – von den ersten Ansätzen bis zu heutigen Anwendungen – betrachten wir, wie diese Technologien in unterschiedlichsten künstlerischen Arbeiten eingesetzt werden. Was reflektieren diese Arbeiten jenseits der reinen Anwendung von Machine Vision Algorithmen?\r\nAnhand der beiden Arbeiten \"Throwback Environment\" und \"Fomes Fomentarius Digitalis\" betrachten wir, wie Machine Vision in einem künstlerischen Feedbackloop genutzt worden ist und wie uns dies Perspektiven auf die Funktionsweise dieser Algorithmen eröffnet. Die Arbeiten machen sichtbar, was die Eingesetzten Alghorithmen sehen, in welchen Mustern sie operieren. Sie zeigen auch, wo ihre Grenzen liegen und was das ganze mit Baumpilzen zu tun hat.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Thomas Knüsel"],"tags":["1944","2025","39c3","Art \u0026 Beauty","Fuse","39c3-deu","39c3-eng","39c3-pol","Day 2"],"view_count":1933,"promoted":false,"date":"2025-12-28T22:05:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-03T20:45:06.776+02:00","length":2073,"duration":2073,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1944-34f3d9a6-9164-58df-81e6-51c112362a89.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1944-34f3d9a6-9164-58df-81e6-51c112362a89_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1944-34f3d9a6-9164-58df-81e6-51c112362a89.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1944-34f3d9a6-9164-58df-81e6-51c112362a89.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-machine-vision-vom-algorithmus-zum-baumpilz-im-digitalen-metabolismus","url":"https://api.media.ccc.de/public/events/34f3d9a6-9164-58df-81e6-51c112362a89","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"e6837a00-672c-532b-9bfa-319453667c03","title":"Skynet Starter Kit","subtitle":" From Embodied AI Jailbreak to Remote Takeover of Humanoid Robots","slug":"39c3-skynet-starter-kit-from-embodied-ai-jailbreak-to-remote-takeover-of-humanoid-robots","link":"https://events.ccc.de/congress/2025/hub/event/detail/skynet-starter-kit-from-embodied-ai-jailbreak-to-remote-takeover-of-humanoid-robots","description":"We present a comprehensive security assessment of Unitree's robotic ecosystem. We identified and exploited multiple security flaws across multiple communication channels, including Bluetooth, LoRa radio, WebRTC, and cloud management services. Besides pwning multiple traditional binary or web vulnerabilities, we also exploit the embodied AI agent in the robots, performing prompt injection and achieve root-level remote code execution. Furthermore, we leverage a flaw in cloud management services to take over any Unitree G1 robot connected to the Internet. By deobfuscating and patching the customized, VM-based obfuscated binaries, we successfully unlocked forbidden robotic movements restricted by the vendor firmware on consumer models such as the G1 AIR. We hope our findings could offer a roadmap for manufacturers to strengthen robotic designs, while arming researchers and consumers with critical knowledge to assess security in next-generation robotic systems.\r\n\r\nUnitree is among the highest-volume makers of commercial robots, and their newest humanoid platforms ship with multiple control stacks and on-device AI agents. If the widespread, intrusive presence of these robots in our lives is inevitable, should we take the initiative to ensure they are completely under our control? What paths might attackers use to compromise these robots, and to what extent could they threaten the physical world?\r\n\r\nIn this talk, we first map the complete attack surface of Unitree humanoids, covering hardware interfaces, near-field radios and Internet-accessible channels. We demonstrate how a local attacker can hijack a robot by exploiting vulnerabilities in short-range radio communications (Bluetooth, LoRa) and local Wi-Fi. We also present a fun exploit of the embodied AI in the humanoid: With a single spoken/text sentence, we jailbreak the on-device LLM Agent and pivot to root-priviledged remote code execution. Combined with a flaw in the cloud management service, this forms a full path to gain complete control over any Unitree robot connected to the Internet, obtaining root shell, camera livestreaming, and speaker control.\r\n\r\nTo achieve this, we combined hardware inspection, firmware extraction, software-defined radio tooling, and deobfuscation of customized, VM-based protected binaries. This reverse engineering breakthrough also allowed us to understand the overall control logic, patch decision points, and unlock advanced robotic movements that were deliberately disabled on consumer models like G1 AIR.\r\n\r\nTakeaways. Modern humanoids are networked, AI-powered cyber-physical systems; weaknesses across radios, cloud services, and on-device agents could allow attackers to remotely hijack robot operations, extract sensitive data or camera livestreams, or even weaponize the physical capabilities. As robotics continue their transition from controlled environments to everyday applications, our work highlights the urgent need for security-by-design in this emerging technology landscape.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Shipei Qu","Zikai Xu","Xuangan Xiao"],"tags":["1760","2025","39c3","Security","One","39c3-eng","39c3-deu","39c3-por","Day 2"],"view_count":11533,"promoted":false,"date":"2025-12-28T12:15:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-06T21:00:06.430+02:00","length":3531,"duration":3531,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1760-e6837a00-672c-532b-9bfa-319453667c03.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1760-e6837a00-672c-532b-9bfa-319453667c03_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1760-e6837a00-672c-532b-9bfa-319453667c03.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1760-e6837a00-672c-532b-9bfa-319453667c03.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-skynet-starter-kit-from-embodied-ai-jailbreak-to-remote-takeover-of-humanoid-robots","url":"https://api.media.ccc.de/public/events/e6837a00-672c-532b-9bfa-319453667c03","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"b51eb883-55db-5e30-9685-f7726b4da4d1","title":"Watch Your Kids: Inside a Children's Smartwatch","subtitle":null,"slug":"39c3-watch-your-kids-inside-a-children-s-smartwatch","link":"https://events.ccc.de/congress/2025/hub/event/detail/watch-your-kids-inside-a-children-s-smartwatch","description":"Join us as we hack at a popular children's smartwatch and expose the secrets of every fifth child in Norway, their parents, and millions more.\n\nSmartwatches for children have entered the mainstream: Advertised on the subway and sold by your cell provider, manufacturers are charging premium prices comparable to an entry-level Apple watch.\n\nIn exchange, parents are promised peace of mind: A safe, gentle introduction into the world of technology — and a way to call, text, and locate their child at any time.\n\nBut how much are the vendor's promises of safety, privacy, GDPR compliance, apps made in Europe and cloud servers in Germany actually worth?\n\nWe take you along the process of hacking one of the most popular children's watches out there, from gaining initial access to running our own code on the watch. Along the way, we find critical security issues at every turn. Our PoC attacks allow us to read and write messages, virtually abduct arbitrary children, and take control over any given watch.\n\nFinally, we'll also talk about disclosure, funny ideas of what passes as a security fix, and how we can use what we found to build something better.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Nils Rollshausen"],"tags":["1295","2025","39c3","Security","Zero","39c3-eng","39c3-deu","39c3-fra","Day 3"],"view_count":22015,"promoted":false,"date":"2025-12-29T13:50:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-07T11:00:04.706+02:00","length":2204,"duration":2204,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1295-b51eb883-55db-5e30-9685-f7726b4da4d1.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1295-b51eb883-55db-5e30-9685-f7726b4da4d1_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1295-b51eb883-55db-5e30-9685-f7726b4da4d1.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1295-b51eb883-55db-5e30-9685-f7726b4da4d1.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-watch-your-kids-inside-a-children-s-smartwatch","url":"https://api.media.ccc.de/public/events/b51eb883-55db-5e30-9685-f7726b4da4d1","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"62a4c15d-6efb-5d85-b41d-5363e08ebeae","title":"Variable Fonts — It Was Never About File Size","subtitle":null,"slug":"39c3-variable-fonts-it-was-never-about-file-size","link":"https://events.ccc.de/congress/2025/hub/event/detail/variable-fonts-it-was-never-about-file-size","description":"A brief history of typographic misbehavior or intended and unintended uses of variable fonts.\n\nNine years after the introduction of variable fonts, their most exciting uses have little to do with what variable fonts originally were intended for and their original promise of smaller file sizes. The talk looks at how designers turned a pragmatic font format into a field for experimentation — from animated typography and uniwidth button text to pattern fonts and typographic side effects with unintended aesthetics. Using examples from projects such as TypoLabs, Marjoree, Kario (the variable font that’s used as part of the 39C3 visual identity), and Bronco, we’ll explore how variable fonts evolved from efficiency tools into creative systems — and why the most interesting ideas often emerge when technology is used in unintended ways.\n\nWhen the OpenType 1.8 specification introduced variable fonts in 2016, the idea was simple: combine all weights and styles of a font family into one file and save file size and therefore bandwidth. Yet in 2025, variable fonts have become a platform for artistic and technical exploration far beyond their initial goal.\n\nThis talk follows that transformation from the inside. It starts with a short history of flexible font technologies — Adobe’s Multiple Master and Apple’s TrueType GX formats of the 1990s (I am just mentioning the company names as they were the publishers of these technologies) — and how they failed to become standards. It then shows why variable fonts succeeded: many designers today are more tech savvy and know some basic HTML, CSS and maybe even some JavaScript. And at the same time all major browsers and almost all design apps support variable fonts  by now.\n\nFrom there, I present a series of first-hand projects where typography met code:\n– TypoLabs (2017), whose identity used a custom variable font animating between extremes of weight and width → the variable font family became the (probably forever) unpublished variable font family Denman;\n– Marjoree (2024), a pair of variable pattern fonts based on hexagonal and pentagonal tilings that explore legibility and repetition;\n– Kario (2025), a duplex variable font powering the 39C3 identity, with uniwidth weights, optical-size adjustments, and typographic Easter eggs;\n– and Bronco (2017?), an experiment using the arbitrary-axis model for interpolation to escape the cube-shaped multiple master design space of traditional variable fonts.\n\nThe talk then moves from history to speculation. Early head-tracking experiments once tried to adjust a variable font’s optical size based on reader position — producing total chaos as text reshaped itself while being read. On the other hand this playful chaos marks the moment when things become truly interesting: connecting a font axis to live data, to mouse movement, to sound, to network input — anything that makes type responsive and alive. That’s the kind of misbehavior I want to talk about — not breaking for the sake of breaking, but using technology the “wrong” way to see what happens.\n\nThe talk will mix images, a lot of short videos, and a bit of behind-the-scenes insight into font development. It’s about what happens when design tools meet code, and how that intersection keeps typography alive and unpredictable.\n\nLink list of variable font experiments:\nhttps://www.bronco.varfont.com/\nhttps://www.denman.varfont.com/\nhttps://www.seraphs.varfont.com/ \nhttps://marjoree.showmefonts.com/\n+ 39C3 visual identity\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Bernd"],"tags":["2154","2025","39c3","Art \u0026 Beauty","Zero","39c3-eng","39c3-deu","39c3-spa","Day 2"],"view_count":5786,"promoted":false,"date":"2025-12-28T17:35:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-07T10:45:05.349+02:00","length":2613,"duration":2613,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2154-62a4c15d-6efb-5d85-b41d-5363e08ebeae.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2154-62a4c15d-6efb-5d85-b41d-5363e08ebeae_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2154-62a4c15d-6efb-5d85-b41d-5363e08ebeae.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2154-62a4c15d-6efb-5d85-b41d-5363e08ebeae.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-variable-fonts-it-was-never-about-file-size","url":"https://api.media.ccc.de/public/events/62a4c15d-6efb-5d85-b41d-5363e08ebeae","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"04bca31f-d8f2-570a-b473-b3ab90579154","title":"Comeflywithus","subtitle":null,"slug":"39c3-comeflywithus","link":"https://events.ccc.de/congress/2025/hub/event/detail/comeflywithus","description":"Wir, das sind Steffen und arl , besprechen in unserem Podcast alles was die Große und Kleine Fliegerei angeht.\nDas CFWU Team besteht I.d.R. aus aktiven Piloten:innen von großen und kleinen Flugzeugen, sehr gut unterstützt durch den sehr erfahrenen Flugzeugtechniker Harry!\n\nUpdate GPS Spoofing\n\nATPL (AirlineTransportPilotLicense)\nWie lernt man heute fliegen\nWie läuft es bei arl seinem ATPL\n\nFlugvorbereitungen\nWas muss man alles machen\nTechnik\n\nAirIndia\nBeispiel für Schwurbelungen\nAufbau der Technik\nWie schaltet man ein Triebwerk ein\nWie schaltet man ein Triebwerk aus\nWie schaltet man es im Notfall aus\nFeuerlöschsystem\n\nDas NOTAM System\nWas ist es\nWann wurde es gebaut\nWie hat es sich entwickelt\n\nTrotz des vermeintlich ernsten Themas sind wir immer mit Humor dabei!\n\nWenn ihr Fragen zur Sendung oder zum Thema habt, stellt sie gerne – am besten schon vorab.\nIhr könnt uns kurz vorher antreffen!\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Steffen Braasch","arl"],"tags":["83761","2025","39c3","Sendezentrum Bühne (Saal X 07)","39c3-deu","Day 2"],"view_count":2065,"promoted":false,"date":"2025-12-28T16:30:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-05T23:30:07.002+02:00","length":5280,"duration":5280,"thumb_url":"https://static.media.ccc.de/media/congress/2025/83761-04bca31f-d8f2-570a-b473-b3ab90579154.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/83761-04bca31f-d8f2-570a-b473-b3ab90579154_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/83761-04bca31f-d8f2-570a-b473-b3ab90579154.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/83761-04bca31f-d8f2-570a-b473-b3ab90579154.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-comeflywithus","url":"https://api.media.ccc.de/public/events/04bca31f-d8f2-570a-b473-b3ab90579154","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"d743f89d-684b-5a29-a0e1-4b788caa4255","title":"Coding Dissent: Art, Technology, and Tactical Media","subtitle":null,"slug":"39c3-coding-dissent-art-technology-and-tactical-media","link":"https://events.ccc.de/congress/2025/hub/event/detail/coding-dissent-art-technology-and-tactical-media","description":"This presentation examines artistic practices that engage with sociotechnical systems through tactical interventions. The talk proposes art as a form of infrastructural critique and counter-technology. It also introduces a forthcoming HackLab designed to foster collaborative development of open-source tools addressing digital authoritarianism, surveillance capitalism, propaganda infrastructures, and ideological warfare.\n\nIn this talk, media artist and curator Helena Nikonole presents her work at the intersection of art, activism, and tactical technology — including interventions into surveillance systems, wearable mesh networks for off-grid communication, and AI-generated propaganda sabotage.\n\nFeaturing projects like Antiwar AI, the 868labs initiative, and the curatorial project Digital Resistance, the talk explores how art can do more than just comment on sociotechnical systems — it can interfere, infiltrate, and subvert them.\n\nThis is about prototypes as politics, networked interventions as civil disobedience, and media hacks as tools of strategic refusal. The talk asks: what happens when art stops decorating crisis and starts debugging it?\n\nThe talk will also introduce an upcoming HackLab initiative — a collaboration-in-progress that brings together artists, hackers, and activists to develop open-source tools for disruption, resilience, and collective agency — and invites potential collaborators to get involved.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Helena Nikonole"],"tags":["2191","2025","39c3","Art \u0026 Beauty","Fuse","39c3-eng","39c3-deu","39c3-spa","Day 1"],"view_count":2734,"promoted":false,"date":"2025-12-27T23:00:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-02T17:00:05.931+02:00","length":2331,"duration":2331,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2191-d743f89d-684b-5a29-a0e1-4b788caa4255.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2191-d743f89d-684b-5a29-a0e1-4b788caa4255_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2191-d743f89d-684b-5a29-a0e1-4b788caa4255.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2191-d743f89d-684b-5a29-a0e1-4b788caa4255.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-coding-dissent-art-technology-and-tactical-media","url":"https://api.media.ccc.de/public/events/d743f89d-684b-5a29-a0e1-4b788caa4255","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"8d964e8f-4853-5ca9-8a0e-6afc215dae7d","title":"Von Groschen und SpurLos - GNU Taler auch auf eurem Event!","subtitle":null,"slug":"39c3-von-groschen-und-spurlos-gnu-taler-auch-auf-eurem-event","link":"https://events.ccc.de/congress/2025/hub/event/detail/von-groschen-und-spurlos-gnu-taler-auch-auf-eurem-event","description":"Willkommen in der Zukunft: Beim LUG Camp in Wipperfürth und bei den Datenspuren in Dresden wurde digital bezahlt - mit GNU Taler als Event-Bezahlsystem. Noch einfacher als Bargeld, billiger als Kartenzahlung und ohne Eingriff in die Privatsphäre der Besucher*innen. Wir zeigen euch, wie auch ihr das bei eurer nächsten (Chaos-)Veranstaltung anbieten könnt!\n\nAnonymes Bezahlen ganz ohne Bargeld? Digitales Bezahlen ohne Gebühren auf jede einzelne Transaktion? Keine zentrale Datensammelei bei US-amerikanischen Zahlungsanbietern, und trotzdem keine Blockchain?\n\nGeht nicht? Geht doch! Schon auf mehreren Veranstaltungen wurde [GNU Taler](https://www.taler.net/) erfolgreich als lokales Event-Bezahlsystem eingesetzt: Sämtliche Zahlungen beim [LUG Camp 2024](https://lugcamp.wuplug.org/) wurden dank GNU Taler ausschließlich digital durchgeführt. Ebenso wurde mehr als ein Viertel des Umsatzes bei den [Datenspuren 2025](https://datenspuren.de/2025/) mit GNU Taler digital abgewickelt.\n\nWährend die GLS Bank im Rahmen des EU-geförderten Projekts NGI Taler ein [deutschlandweites Angebot](https://www.gls.de/taler) vorbereitet, hatten unsere Besucher*innen bereits jetzt die Gelegenheit, anonymes digitales Bezahlen in der echten Welt zu testen. Das positive Feedback und der reibungslose Ablauf haben uns gezeigt: GNU Taler ist einsatzbereit und kommt in der Community super an!\n\nDeshalb wollen wir unsere Erfahrungen mit GNU Taler als Eventbezahlsystem gerne an Orgateams von anderen (Chaos-)Veranstaltungen weitergeben. Nach einer Einführung zur Funktionsweise von GNU Taler berichten wir von der praktischen Umsetzung beim LUGCamp und bei den Datenspuren und geben Tipps für alle, die GNU Taler auch bei ihrem nächsten Event anbieten wollen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Mikolai Gütschow","signum"],"tags":["1527","2025","39c3","CCC \u0026 Community","Ground","39c3-deu","39c3-eng","39c3-por","Day 4"],"view_count":7022,"promoted":false,"date":"2025-12-30T13:50:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-04T17:00:07.414+02:00","length":2444,"duration":2444,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1527-8d964e8f-4853-5ca9-8a0e-6afc215dae7d.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1527-8d964e8f-4853-5ca9-8a0e-6afc215dae7d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1527-8d964e8f-4853-5ca9-8a0e-6afc215dae7d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1527-8d964e8f-4853-5ca9-8a0e-6afc215dae7d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-von-groschen-und-spurlos-gnu-taler-auch-auf-eurem-event","url":"https://api.media.ccc.de/public/events/8d964e8f-4853-5ca9-8a0e-6afc215dae7d","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"184bb132-6a17-5aa5-9ebe-08b1d5e3a767","title":"Digitale Inklusion: Wie wir digitale Barrierefreiheit für alle erreichen können","subtitle":null,"slug":"39c3-digitale-inklusion-wie-wir-digitale-barrierefreiheit-fur-alle-erreichen-konnen","link":"https://events.ccc.de/congress/2025/hub/event/detail/digitale-inklusion-wie-wir-digitale-barrierefreiheit-fur-alle-erreichen-konnen","description":"Könntest du jetzt noch sagen, was du heute online gemacht hast? Für viele ist das Internet so selbstverständlich, dass sie es kaum noch merken, wenn sie es benutzen. Dennoch sind viele Menschen unfreiwillig aus der digitalen Welt ausgeschlossen. Wie könnte das Internet für alle nutzbar werden?\n\nFür viele Menschen ist es selbstverständlich, online unterwegs zu sein. Dennoch sind weiterhin viele Menschen mit Beeinträchtigung online ausgeschlossen. Seit Juni 2025 sind durch das Barrierefreiheitsstärkungsgesetz ist digitale Barrierefreiheit für Unternehmen verpflichtend. Damit ist digitale Barrierefreiheit von einer Option zu einem Recht geworden. Trotz der gesetzlichen Vorgaben scheitert die digitale Barrierefreiheit in der Praxis häufig an der fehlenden Expertise von Verantwortlichen. Wir möchten aus drei Perspektiven auf Barrierefreiheit in der digitalen Welt schauen:\n\nLena Müller ist Entwicklerin und für die barrierefreie Gestaltung von Inhalten verantwortlich. Kathrin Klapper promoviert und nutzt in ihrem Alltag zum Sprechen einen Sprachcomputer mit Augensteuerung. Und Jakob Sponholz setzt sich in seiner Forschung mit der Frage auseinander, wie digitale Medien zur Inklusion beitragen können.\n\nWir möchten zunächst einen Einblick in die Mechanismen geben, die digitale Inklusion verhindern - sowohl theoretisch als auch praktisch. Anschließend möchten wir anhand von einfachen Beispielen zeigen, dass der Einstieg in die Gestaltung von barrierefreien Inhalten eigentlich gar nicht so schwer ist und es sich lohnt, einfach anzufangen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Jakob Sponholz","Kathrin Klapper","Lena Christina Müller"],"tags":["1456","2025","39c3","Ethics, Society \u0026 Politics","Fuse","39c3-deu","39c3-eng","Day 2"],"view_count":2764,"promoted":false,"date":"2025-12-28T11:00:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-02T20:15:05.494+02:00","length":3556,"duration":3556,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1456-184bb132-6a17-5aa5-9ebe-08b1d5e3a767.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1456-184bb132-6a17-5aa5-9ebe-08b1d5e3a767_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1456-184bb132-6a17-5aa5-9ebe-08b1d5e3a767.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1456-184bb132-6a17-5aa5-9ebe-08b1d5e3a767.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-digitale-inklusion-wie-wir-digitale-barrierefreiheit-fur-alle-erreichen-konnen","url":"https://api.media.ccc.de/public/events/184bb132-6a17-5aa5-9ebe-08b1d5e3a767","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"834976a2-e9f7-5fee-96a6-c1e56f8aa365","title":"Kenji Tanaka LIVE // Insights into my workflow, structure and philosophy","subtitle":null,"slug":"39c3-kenji-tanaka-live-insights-into-my-workflow-struct","link":"https://events.ccc.de/congress/2025/hub/event/detail/kenji-tanaka-live-insights-into-my-workflow-struct","description":"How does live techno work?\nOn the dance floor, it's practically impossible to understand what's happening up front. It's also irrelevant there, because it's all about the music and many other things.\n\nLive sets have a thousand faces. Everyone has their own workflow, and there are countless approaches to performing electronic music. I don't know all of them, but I will give a deeper insight into the architecture of my setup in this short presentation. I explain my approach to improvising techno in clubs and at festivals. \n\nThere will be a few technical insights into my „Ableton“ structure. A fixed structure with an unknown outcome. Because at certain points, I rely on random generators to create the desired element of surprise. This keeps me inspired for hours, again and again. I will show and explain why I make music this way.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Kenji Tanaka"],"tags":["2447","2025","39c3","Chaos Computer Music Club","39c3-eng","Day 2"],"view_count":2287,"promoted":false,"date":"2025-12-28T18:00:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-04T21:00:06.782+02:00","length":3787,"duration":3787,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2447-834976a2-e9f7-5fee-96a6-c1e56f8aa365.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2447-834976a2-e9f7-5fee-96a6-c1e56f8aa365_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2447-834976a2-e9f7-5fee-96a6-c1e56f8aa365.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2447-834976a2-e9f7-5fee-96a6-c1e56f8aa365.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-kenji-tanaka-live-insights-into-my-workflow-struct","url":"https://api.media.ccc.de/public/events/834976a2-e9f7-5fee-96a6-c1e56f8aa365","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"0df52094-ee30-5d05-bf48-573a5eae1a8d","title":"Amateurfunk im All – Kontakt mit Fram2","subtitle":null,"slug":"39c3-amateurfunk-im-all-kontakt-mit-fram2","link":"https://events.ccc.de/congress/2025/hub/event/detail/amateurfunk-im-all-kontakt-mit-fram2","description":"Wir geben Einblicke in zwei intensive Wochen Planung, Koordination und Aufbau, den Betrieb einer (improvisierten) Bodenstation, sprechen über technische Hürden, Antennendesign und Organisation – und wie wir schließlich mit Astronautin Rabea Rogge im Weltraum gefunkt haben.\n\nSchon kurz nachdem die ersten Satelliten den Weltraum eroberten, waren auch Amateurfunkende dabei und brachten ihr Hobby in dieses Feld ein. Auch bei Fram2, der ersten bemannten Mission, die beide Polarregionen überflog, war der Sprechfunkkontakt mit einer Universität fest eingeplant.\n\nDer studentische Funkclub \"AFuTUB\" (https://dk0tu.de) an der TU Berlin hat die Crew der Fram2 angefunkt – mit einem experimentellen Funksetup, das für viele von uns Neuland war.\n\nWir geben Einblicke in zwei intensive Wochen Planung, Koordination und Aufbau, den Betrieb einer (improvisierten) Bodenstation, sprechen über technische Hürden, Antennendesign und Organisation – und wie wir schließlich mit der Astronautin Rabea Rogge im Weltraum gefunkt haben.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["akira25","flx","Gato"],"tags":["1581","2025","39c3","Hardware","Zero","39c3-deu","39c3-eng","Day 2"],"view_count":4255,"promoted":false,"date":"2025-12-28T15:40:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-04T21:15:07.111+02:00","length":2351,"duration":2351,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1581-0df52094-ee30-5d05-bf48-573a5eae1a8d.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1581-0df52094-ee30-5d05-bf48-573a5eae1a8d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1581-0df52094-ee30-5d05-bf48-573a5eae1a8d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1581-0df52094-ee30-5d05-bf48-573a5eae1a8d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-amateurfunk-im-all-kontakt-mit-fram2","url":"https://api.media.ccc.de/public/events/0df52094-ee30-5d05-bf48-573a5eae1a8d","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"59b5d6cc-bc07-5554-80f1-7d1008573d92","title":"Brennende Wälder und Kommentarspalten","subtitle":"Klimaupdate mit dem FragDenStaat Climate Helpdesk","slug":"39c3-brennende-walder-und-kommentarspalten-klimaupdate-mit-bits-baume-und-dem-fragdenstaat-climate-helpdesk","link":"https://events.ccc.de/congress/2025/hub/event/detail/brennende-walder-und-kommentarspalten-klimaupdate-mit-bits-baume-und-dem-fragdenstaat-climate-helpdesk","description":"Das Klima-Update vom FragDenStaat Climate Helpdesk.\r\n\r\nChatgpt hat (bald) mehr Nutzer*innen als Wikipedia, OpenAI will in Zukunft den Energieverbrauch von Indien haben und das notfalls auch mit fossilen Energien. Der Energiehunger der künstlichen Intelligenz und der globale Ressourcenhunger für Chips und Elektroautos scheint den Rest Hoffnung einer klimagerechten Welt aufzufressen.\r\n\r\nAuch in Deutschland finden wir uns in den Wasserkämpfen wieder, während global längst Bewegungen gegen wasserhungrige Konzerne und Rechenzentren zusammenfließen. Auf der ganzen Welt, von Lateinamerika bis Portugal und Serbien wehren sich Menschen gegen den Abbau des weißen Goldes Lithium, das für Elektroautos und Chips benötigt wird. Zusammen mit Wäldern brennen auch die Kommentarspalten und die staatlichen Repressionen gegen Klimaaktivismus nehmen zu. Ich möchte einen Überblick geben zum Zustand unserer Erde und der Klimabewegung und was Hacker*innen für die Rettung des Planeten können und welche Tech-Milliardäre wir dafür bekämpfen müssen.\r\n\r\nIch bin Joschi (they/them) vom FragDenStaat Climate Helpdesk. Ich bringe 10 Jahre Erfahrung in der Klimabewegung und Expertise für verschiedene Themen rund um Nachhaltigkeit und Digitalisierung mit.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Joschi Wolf"],"tags":["2040","2025","39c3","Ethics, Society \u0026 Politics","Fuse","39c3-deu","39c3-eng","Day 1"],"view_count":7294,"promoted":false,"date":"2025-12-27T11:55:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-05T14:45:05.330+02:00","length":2371,"duration":2371,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2040-59b5d6cc-bc07-5554-80f1-7d1008573d92.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2040-59b5d6cc-bc07-5554-80f1-7d1008573d92_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2040-59b5d6cc-bc07-5554-80f1-7d1008573d92.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2040-59b5d6cc-bc07-5554-80f1-7d1008573d92.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-brennende-walder-und-kommentarspalten-klimaupdate-mit-bits-baume-und-dem-fragdenstaat-climate-helpdesk","url":"https://api.media.ccc.de/public/events/59b5d6cc-bc07-5554-80f1-7d1008573d92","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"910d24ff-efce-5adc-8b86-0f9c55fb1cda","title":"CUII: Wie Konzerne heimlich Webseiten in Deutschland sperren","subtitle":null,"slug":"39c3-cuii-wie-konzerne-heimlich-webseiten-in-deutschland-sperren","link":"https://events.ccc.de/congress/2025/hub/event/detail/cuii-wie-konzerne-heimlich-webseiten-in-deutschland-sperren","description":"Stellt euch vor, eine private Organisation aus milliardenschweren Konzernen entscheidet, welche Webseiten ihr nicht besuchen dürft - ohne Richter, ohne öffentliche Kontrolle oder Transparenz. \nGenau das macht die CUII in Deutschland seit Jahren.\n\nIn Deutschland entscheidet eine private Organisation aus Internetanbietern und großen Unterhaltungskonzernen, welche Webseiten für den Großteil der Bevölkerung nicht mehr erreichbar sind. \nDie selbsternannte \"Clearingstelle Urheberrecht im Internet\" sperrt ohne richterliche Beschlüsse den Zugriff auf Hunderte von Domains. \nWir haben daraufhin cuiiliste.de ins Leben gerufen, um die geheim gehaltene Liste von Domains zu veröffentlichen und so mehr Transparenz in die heimliche Zensur der Konzerne zu bringen.\nUnsere Auswertung der Liste zeigte: Fast ein Drittel der gesperrten Domains erfüllte – teils seit Jahren – nicht mehr die Kriterien für eine Sperre.\nWir werden uns ansehen, wie dutzende Domains nach öffentlichem Druck wieder entsperrt wurden, während Provider gleichzeitig deren Sperren noch mehr verschleierten.\nVor ein paar Monaten soll sich angeblich viel geändert haben bei der CUII - doch diese Änderung sieht leider verdächtig nach einem PR-Stunt aus, um weiterhin Seiten ohne Transparenz sperren zu können.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Lina Lastname","Elias Zeidler (Northernside)"],"tags":["1820","2025","39c3","Ethics, Society \u0026 Politics","Ground","39c3-deu","39c3-eng","39c3-por","Day 4"],"view_count":11871,"promoted":false,"date":"2025-12-30T11:55:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-06T19:15:08.521+02:00","length":2422,"duration":2422,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1820-910d24ff-efce-5adc-8b86-0f9c55fb1cda.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1820-910d24ff-efce-5adc-8b86-0f9c55fb1cda_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1820-910d24ff-efce-5adc-8b86-0f9c55fb1cda.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1820-910d24ff-efce-5adc-8b86-0f9c55fb1cda.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-cuii-wie-konzerne-heimlich-webseiten-in-deutschland-sperren","url":"https://api.media.ccc.de/public/events/910d24ff-efce-5adc-8b86-0f9c55fb1cda","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"2b044342-d98d-5821-beb8-14a662373af2","title":"DNGerousLINK","subtitle":" A Deep Dive into WhatsApp 0-Click Exploits on iOS and Samsung Devices","slug":"39c3-dngerouslink-a-deep-dive-into-whatsapp-0-click-exploits-on-ios-and-samsung-devices","link":"https://events.ccc.de/congress/2025/hub/event/detail/dngerouslink-a-deep-dive-into-whatsapp-0-click-exploits-on-ios-and-samsung-devices","description":"The spyware attack targeting WhatsApp, disclosed in August as an in-the-wild exploit, garnered significant attention. By simply knowing a victim's phone number, an attacker could launch a remote, zero-interaction attack against the WhatsApp application on Apple devices, including iPhones, iPads, and Macs. Subsequent reports indicated that WhatsApp on Samsung devices was also targeted by similar exploits.\r\nIn this presentation, we will share our in-depth analysis of this attack, deconstructing the 0-click exploit chain built upon two core vulnerabilities: CVE-2025-55177 and CVE-2025-43300. We will demonstrate how attackers chained these vulnerabilities to remotely compromise WhatsApp and the underlying iOS system without any user interaction or awareness. Following our analysis, we successfully reproduced the exploit chain and constructed an effective PoC capable of simultaneously crashing the target application on iPhones, iPads, and Macs. Finally, we will present our analysis of related vulnerabilities affecting Samsung devices (such as CVE-2025-21043) and share how this investigation led us to discover additional, previously unknown 0-day vulnerabilities.\r\n\r\nIn August 2025, it attracted significant attention when Apple patched CVE-2025-43300, a vulnerability reportedly exploited in-the-wild to execute \"extremely sophisticated attack against specific targeted individuals”. A week later, WhatsApp issued a security advisory, revealing the fix for a critical vulnerability, CVE-2025-55177, which was also exploited in-the-wild. Strong evidence indicated that these two vulnerabilities were chained together, enabling attackers to deliver a malicious exploit via WhatsApp to steal data from a user's Apple device, all without any user interaction.\r\n\r\nTo deconstruct this critical and stealthy in-the-wild 0-click exploit chain, we will detail our findings in several parts:\r\n1. WhatsApp 0-Click Attack Vector (CVE-2025-55177). We will describe the 0-click attack surface we identified within WhatsApp. We will detail the flaws in WhatsApp's message handling logic for \"linked devices,\" which stemmed from insufficient validation, and demonstrate how an attacker could craft malicious protocol messages to trigger the vulnerable code path.\r\n2. iOS Image Parsing Vulnerability (CVE-2025-43300). The initial exploit allows an attacker to force the target's WhatsApp to load arbitrary web content. We will then explain how the attacker leverages this by embedding a malicious DNG image within a webpage to trigger a vulnerability in the iOS image parsing library. We will analyze how the RawCamera framework handles the parsing of DNG images, and pinpoint the resulting OOB vulnerability.\r\n3. Rebuilding the Chain: From Vulnerability to PoC. In addition, we will then walk through our process of chaining these two vulnerabilities, constructing a functional Proof-of-Concept (PoC) that can simultaneously crash the WhatsApp application on target iPhones, iPads, and Macs.\r\n\r\nBeyond Apple: The Samsung Connection (CVE-2025-21043). Samsung's September security bulletin patched CVE-2025-21043, an out-of-bounds write vulnerability in an image parsing library reported by the Meta and WhatsApp security teams. This vulnerability was also confirmed to be exploited in-the-wild. While an official WhatsApp exploit chain for Samsung devices has not been publicly detailed, we will disclose our findings on this related attack. Finally, we will share some unexpected findings from our investigation, including the discovery of several additional, previously undisclosed 0-day vulnerabilities.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Zhongrui Li","Yizhe Zhuang","Kira Chen"],"tags":["1700","2025","39c3","Security","Fuse","39c3-eng","39c3-deu","Day 1"],"view_count":13888,"promoted":false,"date":"2025-12-27T21:45:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-07T06:15:03.127+02:00","length":3158,"duration":3158,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1700-2b044342-d98d-5821-beb8-14a662373af2.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1700-2b044342-d98d-5821-beb8-14a662373af2_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1700-2b044342-d98d-5821-beb8-14a662373af2.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1700-2b044342-d98d-5821-beb8-14a662373af2.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-dngerouslink-a-deep-dive-into-whatsapp-0-click-exploits-on-ios-and-samsung-devices","url":"https://api.media.ccc.de/public/events/2b044342-d98d-5821-beb8-14a662373af2","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"760c1f6b-349e-5ee3-9eeb-4a0f20dc902a","title":"Liberating Bluetooth on the ESP32","subtitle":null,"slug":"39c3-liberating-bluetooth-on-the-esp32","link":"https://events.ccc.de/congress/2025/hub/event/detail/liberating-bluetooth-on-the-esp32","description":"Despite how widely used the ESP32 is, its Bluetooth stack remains closed source. Let’s dive into the low-level workings of a proprietary Bluetooth peripheral. Whether you are interested in reverse engineering, Bluetooth security, or just enjoy poking at undocumented hardware, this talk may inspire you to dig deeper.\n\nThe ESP32 has become an ubiquitous platform in the hacker and maker communities, powering everything from badges and sensors to mesh networks and custom routers. While its Wi-Fi stack has been the subject of previous reverse engineering efforts, its Bluetooth subsystem remains largely undocumented and closed source despite being present in millions of devices.\n\nThis talk presents a reverse engineering effort to document Espressif’s proprietary Bluetooth stack, with a focus on enabling low-level access for researchers, security analysts, and developers to improve existing affordable and open Bluetooth tooling.\n\nThe presentation covers the reverse engineering process itself, techniques and the publication of tooling to simplify the process of peripheral mapping, navigating broken memory references and symbol name recovery.\n\nThe core of the talk focuses on the internal workings of the Bluetooth peripheral. The reverse engineering effort led to the discovery of the peripheral architecture, it’s memory regions, interrupts and a little bit of information about other related peripherals.\n\nBy publishing open tooling, SVD files and other documentation, this work aims to empower researchers, hackers, and developers to build custom Bluetooth stacks, audit existing ones, and repurpose the ESP32 for novel applications. This may interest you if you care about transparency, low-level access, and collaborative tooling.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Antonio Vázquez Blanco (Antón)"],"tags":["1541","2025","39c3","Hardware","One","39c3-eng","39c3-deu","39c3-pol","Day 1"],"view_count":9367,"promoted":false,"date":"2025-12-27T13:50:00.000+01:00","release_date":"2025-12-27T00:00:00.000+01:00","updated_at":"2026-04-06T06:15:03.286+02:00","length":2033,"duration":2033,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1541-760c1f6b-349e-5ee3-9eeb-4a0f20dc902a.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1541-760c1f6b-349e-5ee3-9eeb-4a0f20dc902a_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1541-760c1f6b-349e-5ee3-9eeb-4a0f20dc902a.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1541-760c1f6b-349e-5ee3-9eeb-4a0f20dc902a.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-liberating-bluetooth-on-the-esp32","url":"https://api.media.ccc.de/public/events/760c1f6b-349e-5ee3-9eeb-4a0f20dc902a","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"13468ffb-06e8-53ca-9e7c-3cfa56cd44af","title":"AI-generated content in Wikipedia - a tale of caution","subtitle":null,"slug":"39c3-ai-generated-content-in-wikipedia-a-tale-of-caution","link":"https://events.ccc.de/congress/2025/hub/event/detail/ai-generated-content-in-wikipedia-a-tale-of-caution","description":"I successfully failed with a literature related project and accidentally built a ChatGPT detector. Then I spoke to the people who uploaded ChatGPT generated content on Wikipedia.\n\nIt began as a standard maintenance project: I wanted to write a tool to find and fix broken ISBN references in Wikipedia. Using the built-in checksum, this seemed like a straightforward technical task. I expected to find mostly typos. But I also found texts generated by LLMs. These models are effective at creating plausible-sounding content, but (for now) they often fail to generate correct checksums for identifiers like ISBNs. This vulnerability turned my tool into an unintentional detector for this type of content. This talk is the story of that investigation. I'll show how the tool works and how it identifies this anti-knowledge. But the tech is only half the story. The other half is human. I contacted the editors who had added this undeclared AI content. I will talk about why they did it and how the Wikipedians reacted and whether \"The End is Nigh\" calls might be warranted.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Mathias Schindler"],"tags":["1652","2025","39c3","Ethics, Society \u0026 Politics","Ground","39c3-eng","39c3-deu","39c3-fra","Day 1"],"view_count":13291,"promoted":false,"date":"2025-12-27T23:55:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-06T06:30:07.324+02:00","length":2272,"duration":2272,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1652-13468ffb-06e8-53ca-9e7c-3cfa56cd44af.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1652-13468ffb-06e8-53ca-9e7c-3cfa56cd44af_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1652-13468ffb-06e8-53ca-9e7c-3cfa56cd44af.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1652-13468ffb-06e8-53ca-9e7c-3cfa56cd44af.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-ai-generated-content-in-wikipedia-a-tale-of-caution","url":"https://api.media.ccc.de/public/events/13468ffb-06e8-53ca-9e7c-3cfa56cd44af","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"9bdb9e0b-10c1-5543-81f5-d51da1c86367","title":"Who runs the www? WSIS+20 and the future of Internet governance","subtitle":null,"slug":"39c3-who-runs-the-www-wsis20-and-the-future-of-internet","link":"https://events.ccc.de/congress/2025/hub/event/detail/who-runs-the-www-wsis20-and-the-future-of-internet","description":"Abbreviations such as WSIS+20, IGF, IETF, DIEM, ICANN, PDP, ITU or W3C regularly appear in discussions about the Internet, yet often remain vague. This talk provides an update on the current state of Internet governance and explains why decisions made in United Nations processes have direct implications for technical standards, digital infrastructure, and power asymmetries.\n\nThe starting point is the UN’s WSIS+20 review process, which negotiated the future of the Internet Governance Forum and the roles of stakeholders within it. Against this backdrop, the talk traces the origins of the so-called multistakeholder approach and examines how it works in practice and where its limits lie.\n\nWhat role do technical standardization organizations such as the IETF, ICANN, ITU or the W3C play in an increasingly geopolitical environment? Who sets the rules, who defines the standards, and who is left out of these processes?\n\nThe aim of the talk is to make the connections between technology and international politics visible and to explain why Internet governance matters to everyone interested in an open, global, and interoperable Internet.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Sophia Longwe"],"tags":["2538","2025","39c3","Ethics, Society \u0026 Politics","Ground","39c3-eng","39c3-deu","39c3-spa","Day 4"],"view_count":2194,"promoted":false,"date":"2025-12-30T12:50:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-06T16:15:04.916+02:00","length":2438,"duration":2438,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2538-9bdb9e0b-10c1-5543-81f5-d51da1c86367.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2538-9bdb9e0b-10c1-5543-81f5-d51da1c86367_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2538-9bdb9e0b-10c1-5543-81f5-d51da1c86367.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2538-9bdb9e0b-10c1-5543-81f5-d51da1c86367.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-who-runs-the-www-wsis20-and-the-future-of-internet","url":"https://api.media.ccc.de/public/events/9bdb9e0b-10c1-5543-81f5-d51da1c86367","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"0cc2fd2c-93de-5cb0-b10d-56e901b4acc4","title":"The Small Packet of Bits That Can Save (or Destabilize) a City","subtitle":null,"slug":"39c3-the-small-packet-of-bits-that-can-save-or-destabilize-a-city","link":"https://events.ccc.de/congress/2025/hub/event/detail/the-small-packet-of-bits-that-can-save-or-destabilize-a-city","description":"The Emergency Alert System (EAS) and its SAME (Specific Area Message Encoding) protocol are public alerting technologies that broadcast short digital bursts over VHF triggering emergency messages on millions of receivers across North America. In Mexico, this technology was integrated into the Seismic Alert System (SASMEX) which more than 30 million people in the central part of the country rely on to prepare for frequent earthquakes.\n\nWhile new alerting technologies have emerged, the EAS-SAME network continues to play an important role for public safety in the U.S., Mexico, and Canada. Yet, the same small packets of bits that can help protect a city could also, in the wrong hands, destabilize it. This talk examines how these systems operate and reveals a troubling truth: spoofing these alerts is far easier than most people expect.\n\nIn this talk, we’ll begin by contextualizing the importance of the seismic alert in Mexico City, a system born from the devastating 1985 earthquake. We’ll examine how it was designed, how it works, and why it carries such a deep psychological impact.\n\nFrom there, we’ll explore the history and design of Weather Radio and the SAME protocol, looking at how messages are transmitted and encoded through this technology, and how it was later adapted for SASMEX.\n\nI’ll also share my personal experience building compatible receivers, from early open-source experiments that inspired local manufacturers to create government-certified devices, to developing a receiver as part of my undergraduate thesis.\n\nWe’ll analyze how simplicity, one of the key strengths of these systems, also introduces certain risks, and how these trade-offs emerge when dealing with accessibility, interoperability, and security in system design.\n\nFinally, I’ll demonstrate how to receive, decode, and encode these alert messages, and discuss how, with the right equipment, it’s possible to generate such alert signals.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Manuel Rábade"],"tags":["1756","2025","39c3","Security","Zero","39c3-eng","39c3-deu","39c3-fra","Day 2"],"view_count":2086,"promoted":false,"date":"2025-12-28T23:55:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-03-31T18:00:08.450+02:00","length":2404,"duration":2404,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1756-0cc2fd2c-93de-5cb0-b10d-56e901b4acc4.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1756-0cc2fd2c-93de-5cb0-b10d-56e901b4acc4_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1756-0cc2fd2c-93de-5cb0-b10d-56e901b4acc4.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1756-0cc2fd2c-93de-5cb0-b10d-56e901b4acc4.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-the-small-packet-of-bits-that-can-save-or-destabilize-a-city","url":"https://api.media.ccc.de/public/events/0cc2fd2c-93de-5cb0-b10d-56e901b4acc4","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"8f6e4391-96fc-5d29-b66c-328026fc35f0","title":"Endlich maschinenlesbare Urteile! ","subtitle":"Open Access für Juristen","slug":"39c3-endlich-maschinenlesbare-urteile-open-access-fur-juristen","link":"https://events.ccc.de/congress/2025/hub/event/detail/endlich-maschinenlesbare-urteile-open-access-fur-juristen","description":"Zur Überraschung Vieler sind Juristen Wissenschaftler, die nach wissenschaftlichen Maßstäben arbeiten sollten und ihre Schriftsätze und Urteile auch nach stringenten wissenschaftlichen Kriterien gestalten und untereinander diskutieren sollten. Doch nur in einigen Rechtsgebieten funktioniert dies.\r\n\r\nWie jede Wissenschaft ist auch die Rechtswissenschaft nur so gut wie das ihr zugrundeliegende Quellenmaterial – in diesem Fall sind das meist Urteile. Empirische Untersuchungen über diese Daten sind nur möglich, wenn sie der Forschung auch zur Verfügung stehen. Doch wissenschaftliche Arbeit im juristischen Feld ist aktuell nicht wirklich möglich, da die wenigsten Urteile veröffentlicht werden, da sich die Gerichte meist vor der dadurch anfallenden Arbeit scheuen. Wir betrachten, warum dies Grundsätze der Rechtsstaatlichkeit infrage stellt und warum Player aus der Wirtschaft mehr über deutsche Rechtsprechung wissen, als unsere Gerichte – und wie sie das zu Geld machen.\r\n\r\nEs ist tatsächlich ein ernsthaftes und reales wissenschaftliches und gesellschaftliches Problem, wenn Urteile hinter den wurmstichigen Aktenschränken der Amtstuben weggeschlossen werden. Wir belegen das anhand einiger besonders hahnebüchener Zitate aus aktuellen und nicht mehr änderbaren Urteilen aus der Praxis.\r\n\r\nWir erarbeiten aktuell Strategien, wie man das Rechtssystem power-cyclen kann, um Urteile in ihrer Gesamtheit, und damit die faktisch gesprochene Rechtslage in Deutschland wieder zugänglich werden. Als positiver Nebeneffekt der Verfügbarkeit von Urteilen kann Zivilgesellschaft und die Politik auch selber souverän überprüfen, ob unsere Richter das Recht typischerweise auch wirklich im Sinne der Legislative anwenden – keiner kann es aktuell wissen, wie können nur hoffen ...\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Beata Hubrig","Nuri Khadem-Al-Charieh"],"tags":["2235","2025","39c3","Science","Fuse","39c3-deu","39c3-eng","Day 1"],"view_count":6041,"promoted":false,"date":"2025-12-27T13:50:00.000+01:00","release_date":"2025-12-27T00:00:00.000+01:00","updated_at":"2026-04-05T21:00:09.615+02:00","length":2337,"duration":2337,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2235-8f6e4391-96fc-5d29-b66c-328026fc35f0.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2235-8f6e4391-96fc-5d29-b66c-328026fc35f0_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2235-8f6e4391-96fc-5d29-b66c-328026fc35f0.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2235-8f6e4391-96fc-5d29-b66c-328026fc35f0.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-endlich-maschinenlesbare-urteile-open-access-fur-juristen","url":"https://api.media.ccc.de/public/events/8f6e4391-96fc-5d29-b66c-328026fc35f0","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"304dd87b-7de5-557c-9951-1add24396a0b","title":"All Sorted by Machines of Loving Grace?","subtitle":"\"AI\", Cybernetics, and Fascism and how to Intervene","slug":"39c3-all-sorted-by-machines-of-loving-grace-ai-cybernetics-and-fascism-and-how-to-intervene","link":"https://events.ccc.de/congress/2025/hub/event/detail/all-sorted-by-machines-of-loving-grace-ai-cybernetics-and-fascism-and-how-to-intervene","description":"While the extreme right is on the rise in many countries and climate change is unrolling, a promising future seems to be written: According to Elon Musk, Sam Altman, and some other “tech bros” it is to leave the dying planet to go to space. With the help of something called “A(G)I”.\r\nBut what kind of future is the one that is promised? And what is the connection between power cycles of tech company owners and people who's believes can be called fascist? As we moved power through data in the hands of very view, it is important to examine what ideas these view have in their heads.\r\nThis talk will explore the roots of today's tech fascism and its love for tech. From the early thoughts and movements in the US and Europe to Futurism and the Holocaust, organised with Hollerith punching cards. It will dive into the its blooming relationship with cybernetics, and take a look in the future the “tech bros” want to lure us in.\r\nThis talk will address the often overlooked topic of how and when people get comfy with diving into movements of hate and how to stop a white supremacy future where we will be sorted by machines.\r\nAnd, in taking a look on past movements opposing authoritarianism and will examine mindsets and possibilities of resistance as well as the possibility of restarting everything. Because we have a planet and loved ones to lose.\r\nWear your safety cat-ears, buckle up, it will be a wild, but entertaining ride.\r\n\r\nThe idea of the Super-Human is not a new one, neither is the idea of charismatic „good“ leader nor to sort humans into classes, races, abilities. The idea of a view controlling many by force and ideas that justify their rulership and cruelties is an old one, as is the opposing idea of a free society and humans as equals.\r\nA central aspect is how people involved see the human nature and according to that what society they want to build. And what role is intended for technology.\r\nIn the 19th century the beliefs of both the opposing sides dripped into science, as well as individual’s heads, and social movements around the world. While some wanted to form a wold society of equals others wanted to breed a master race that to control everything.\r\n\r\nThe love of industrial leaders for authoritarianism has played an important role since the beginning in funding and providing access to powerful networks. Industrialists like Henry Ford loved and promoted ideas at least close to fascism. German, Italian, and Austrian counterparts funded Hitler and Mussolini. And it is not that they did it because they did not understand the fascist leader’s yearning – it was because they shared and loved their aims and violence.\r\n\r\nIn Futurism, one of the often overlooked roots of fascism, and its Manifesto the enemies and societal goals are proclaimed crystal clear: “We will glorify war — the only true hygiene of the world — militarism, patriotism, the destructive gesture of anarchist, the beautiful Ideas which kill, and the scorn of woman.“\r\n\r\nAfter WWII most of the people believing in dominating others by force and eugenics lived on, they and their cronies had slaughtered millions and destroyed whole social movements were opposing them. These people warning us about authoritarian prophets of doom and concentration camps are still missing.\r\n\r\nIn the post-war time ideas of authoritarianism met a new player: Cybernetics, the believe in a future, where all problems will be solved through technology and we are “All Watched Over by Machines of Loving Grace” (Richard Brautigam, 1967). The ideas split, merged, and melted into new beliefs and quasi-religions. Into something that is called “Cyber-Libertarianism” by David Golumbia or “TESCREAL” by Émile P. Torres and Timnit Gebru.\r\n\r\nThis talk will address an aspect that is often missing in analyses: What kind of breeding ground is it where ideas of fascism hatches best? And how can we stop iFascism instead of participating in it?\r\n\r\nFurthermore, as being sorted by machines is not everyone's secret dream, ways to stop iFascism will be provided.\r\n\r\nBecause we are more, we care for people in need – and we are the chaos!\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Katika Kühnreich"],"tags":["2026","2025","39c3","Ethics, Society \u0026 Politics","One","39c3-eng","39c3-deu","39c3-fra","Day 1"],"view_count":11306,"promoted":false,"date":"2025-12-27T11:00:00.000+01:00","release_date":"2025-12-27T00:00:00.000+01:00","updated_at":"2026-04-06T10:15:05.370+02:00","length":2317,"duration":2317,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2026-304dd87b-7de5-557c-9951-1add24396a0b.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2026-304dd87b-7de5-557c-9951-1add24396a0b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2026-304dd87b-7de5-557c-9951-1add24396a0b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2026-304dd87b-7de5-557c-9951-1add24396a0b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-all-sorted-by-machines-of-loving-grace-ai-cybernetics-and-fascism-and-how-to-intervene","url":"https://api.media.ccc.de/public/events/304dd87b-7de5-557c-9951-1add24396a0b","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"382a6def-2dbb-5ba8-bde5-0bf509c5eb02","title":"ISDN + POTS Telephony at Congress and Camp","subtitle":null,"slug":"39c3-isdn-pots-telephony-at-congress-and-camp","link":"https://events.ccc.de/congress/2025/hub/event/detail/isdn-pots-telephony-at-congress-and-camp","description":"Like 39C3, the last CCC camp (2023) and congress (38C3) have seen volunteer-driven deployments of legacy ISDN and POTS networks using a mixture of actual legacy telephon tech and custom open source software. This talk explains how this is achieved, and why this work plays an important role in preserving parts of our digital communications heritage.\n\nJust like at this very event (39C3), the last few years a small group of volunteers has delpoyed and operated legacy telephony networks for ISDN (digital) and POTS (analog) services at CCC-camp2023 and 38C3. Anyone on-site can obtain subscriber lines (POTS, ISDN BRI or PRI service) and use them for a variety of services, including telephony, fax machines, modem dial-up into BBSs as well as dial-up internet access and video telephony.\n\nThese temporary event networks are not using soft-PBX or VoIP, but are built using actual de-commissioned hardware from telecom operators, including a Siemens EWSD digital telephone exchange, Nokia EKSOS V5 access multiplexers, a SDH ring for transporting E1 carriers and much more.\n\nWhile some may enjoy this for the mere hack value, others enjoy it to re-live the digital communication sear of their childhood or youth.  Howevre, there is a more serious aspect to this: The preservation and restoration of early digital communications infrastructure from the 1970s to 1990s, as well as how to operate such equipment.  As part of this effort, we have already been able to help communications museums to fill gaps in their collections.\n\nThe talk will cover\n* the equipment used,\n* the network hierarchy we build,\n* the services operated\n* the lessons learnt\n* newly-written open source software for interfacing retro telcommunications gear\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Harald \"LaF0rge\" Welte"],"tags":["1487","2025","39c3","Hardware","Zero","39c3-eng","39c3-deu","39c3-fra","Day 1"],"view_count":5544,"promoted":false,"date":"2025-12-27T11:55:00.000+01:00","release_date":"2025-12-27T00:00:00.000+01:00","updated_at":"2026-04-05T12:45:07.566+02:00","length":2146,"duration":2146,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1487-382a6def-2dbb-5ba8-bde5-0bf509c5eb02.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1487-382a6def-2dbb-5ba8-bde5-0bf509c5eb02_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1487-382a6def-2dbb-5ba8-bde5-0bf509c5eb02.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1487-382a6def-2dbb-5ba8-bde5-0bf509c5eb02.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-isdn-pots-telephony-at-congress-and-camp","url":"https://api.media.ccc.de/public/events/382a6def-2dbb-5ba8-bde5-0bf509c5eb02","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"f51a40a9-a8ba-55bb-875a-0907cb2d66cc","title":"Not an Impasse: Child Safety, Privacy, and Healing Together","subtitle":null,"slug":"39c3-not-an-impasse-child-safety-privacy-and-healing-together","link":"https://events.ccc.de/congress/2025/hub/event/detail/not-an-impasse-child-safety-privacy-and-healing-together","description":"From the EU’s “Chat Control” to the UK’s age verification, there is a growing legislative momentum across jurisdictions to regulate the Internet in the name of protecting children. The monstrosity of child sexual abuse looms large in shaping how policymakers, advocates, and the public understand the problem area of and propose solutions for detecting, reporting, and removing harmful/illegal content. Children’s safety and adults’ privacy are thus pitted against each other, deadlocked into an impasse. As technologists deeply concerned with safety and privacy, where do we go from here?\n\nThere is a path forward! Many, in fact. But the impasse framing seriously limits how policymakers, technologists, advocates, and our communities understand child sexual abuse (CSA). We need informed, principled, and bold alternatives to policing-driven tech solutions like client-side scanning and grooming classifiers. To effectively and humanely break the cycles of abuse that enables CSA in our communities, we have to think beyond criminalization. This talk will unpack how and why this impasse framing exists, how it constrains us from candidly engaging with the complexity of CSA. Drawing from scientific and clinical research and informed by transformative justice approaches, I detail what CSA is, how and why it happens offline and online, and why the status quo of detection and criminalization does not work. Ultimately, I argue that effective, humane, and collective interventions require protecting the safety and privacy of all those harmed by CSA, and that this creates a unique role for technologists to play.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Kate Sim"],"tags":["1800","2025","39c3","Ethics, Society \u0026 Politics","Ground","39c3-eng","39c3-deu","39c3-fra","Day 1"],"view_count":3465,"promoted":false,"date":"2025-12-27T14:45:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-05T19:30:04.812+02:00","length":2709,"duration":2709,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1800-f51a40a9-a8ba-55bb-875a-0907cb2d66cc.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1800-f51a40a9-a8ba-55bb-875a-0907cb2d66cc_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1800-f51a40a9-a8ba-55bb-875a-0907cb2d66cc.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1800-f51a40a9-a8ba-55bb-875a-0907cb2d66cc.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-not-an-impasse-child-safety-privacy-and-healing-together","url":"https://api.media.ccc.de/public/events/f51a40a9-a8ba-55bb-875a-0907cb2d66cc","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"6e8564a0-da94-587f-8c88-9e9e68f7321d","title":"Die Sicherheits_lücke live vom 39c3: ein Tag mit der GI","subtitle":null,"slug":"39c3-die-sicherheits_lucke-live-vom-39c3-ein-tag-mit-de","link":"https://events.ccc.de/congress/2025/hub/event/detail/die-sicherheits_lucke-live-vom-39c3-ein-tag-mit-de","description":"Die **Sicherheits_lücke** (https://sicherheitsluecke.fm) greift aktuelle Ereignisse und Trends der Cybersecurity auf. Im Podcast werden die Themen - gerne auch mal humoristisch, sarkastisch oder selbstironisch - von Volker Skwarek, Monina Schwarz und Ingo Timm mit Tiefgang aufbereitet.\nMit dem Format **live** ist der Podcast auch regelmäßig auf Kongressen zu finden und diskutiert interessante Vorträge mit ausgewählten Gästen.\n\nWir berichten mit Gästinnen von der Gesellschaft für Informatik über interessante Vorträge und Erlebnisse vom ersten Tag des 39c3.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Volker"],"tags":["83828","2025","39c3","Sendezentrum Bühne (Saal X 07)","39c3-deu","Day 1"],"view_count":4358,"promoted":false,"date":"2025-12-27T19:15:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-02T17:45:04.331+02:00","length":2578,"duration":2578,"thumb_url":"https://static.media.ccc.de/media/congress/2025/83828-6e8564a0-da94-587f-8c88-9e9e68f7321d.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/83828-6e8564a0-da94-587f-8c88-9e9e68f7321d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/83828-6e8564a0-da94-587f-8c88-9e9e68f7321d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/83828-6e8564a0-da94-587f-8c88-9e9e68f7321d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-die-sicherheits_lucke-live-vom-39c3-ein-tag-mit-de","url":"https://api.media.ccc.de/public/events/6e8564a0-da94-587f-8c88-9e9e68f7321d","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"e33a480e-1baf-56bf-b655-6b66736f7ecb","title":"AAA - Ask Advi Anything","subtitle":null,"slug":"39c3-aaa-ask-advi-anything","link":"https://events.ccc.de/congress/2025/hub/event/detail/aaa-ask-advi-anything","description":"Es gab den Wunsch nach Creator AmA Sessions. Ich würde hiermit eine anbieten. Ich bin aber definitiv remote. ^^\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Thomas Brandt"],"tags":["83771","2025","39c3","Sendezentrum Bühne (Saal X 07)","39c3-deu","Day 2"],"view_count":1262,"promoted":false,"date":"2025-12-28T15:40:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-03-24T10:15:06.638+01:00","length":2620,"duration":2620,"thumb_url":"https://static.media.ccc.de/media/congress/2025/83771-e33a480e-1baf-56bf-b655-6b66736f7ecb.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/83771-e33a480e-1baf-56bf-b655-6b66736f7ecb_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/83771-e33a480e-1baf-56bf-b655-6b66736f7ecb.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/83771-e33a480e-1baf-56bf-b655-6b66736f7ecb.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-aaa-ask-advi-anything","url":"https://api.media.ccc.de/public/events/e33a480e-1baf-56bf-b655-6b66736f7ecb","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"75dadf9f-5f43-5cc5-b344-b0d402af7092","title":"Von wegen Eisblumen! Wie man mit Code, Satelliten und Schiffsexpeditionen die bunte Welt des arktischen Phytoplanktons sichtbar macht","subtitle":null,"slug":"39c3-von-wegen-eisblumen-wie-man-mit-code-satelliten-und-schiffsexpeditionen-die-bunte-welt-des-arktischen-phytoplanktons-sichtbar-macht","link":"https://events.ccc.de/congress/2025/hub/event/detail/von-wegen-eisblumen-wie-man-mit-code-satelliten-und-schiffsexpeditionen-die-bunte-welt-des-arktischen-phytoplanktons-sichtbar-macht","description":"Die Arktis ist eine Region, in der die Sonne monatelang weg ist, dickes Meereis den Weg versperrt und deshalb Forschungsdaten ziemlich rar sind. Kompliziert also, herauszufinden was im Wasser blüht! Mit einer Kombination aus Satellitenbildern, Expeditionen und Modellsimulationen auf Hochleistungsrechnern versuche ich, das Verborgene sichtbar zu machen: die faszinierende, farbenfrohe Welt des arktischen Phytoplanktons.\n\nIm Arktischen Ozean wird immer deutlicher, wie stark die globale Erwärmung den Rückgang des Meereises und das marine Ökosystem beeinflussen. Winzige Organismen, das Phytoplankton, bilden die Grundlage des Nahrungsnetzes durch den Aufbau von Biomasse und spielen so eine zentrale Rolle im globalen Kohlenstoffkreislauf. Dabei werden sie in der Arktis stark von den jahreszeitlichen Schwankungen der Polarnacht/-tag, der Meereisausdehnung und der sich verändernden Umwelt beeinflusst. Doch das Phytoplankton ist nicht nur ökologisch bedeutsam, sondern auch erstaunlich vielfältig und farbenfroh – wie eine bunte Blumenwiese im Ozean! \nSpannend bleiben dabei auch die Fragen, was die Vielfalt des Phytoplanktons ausmacht, wie diese eine Anpassung an die Umweltveränderungen ermöglicht und wie sich das arktische Ökosystem unter verschiedenen Klimawandelszenarien entwickeln könnte.\nDieser Vortrag lädt euch ein, in die eisigen Welten des arktischen Ozeans einzutauchen, um dem grundlegenden Baustein des arktischen Ökosystems, dem Phytoplankton, auf den Grund zu gehen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Moritz Zeising (er/he)"],"tags":["1902","2025","39c3","Science","Fuse","39c3-deu","39c3-eng","Day 3"],"view_count":1695,"promoted":false,"date":"2025-12-29T16:00:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-03-31T08:45:05.944+02:00","length":2251,"duration":2251,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1902-75dadf9f-5f43-5cc5-b344-b0d402af7092.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1902-75dadf9f-5f43-5cc5-b344-b0d402af7092_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1902-75dadf9f-5f43-5cc5-b344-b0d402af7092.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1902-75dadf9f-5f43-5cc5-b344-b0d402af7092.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-von-wegen-eisblumen-wie-man-mit-code-satelliten-und-schiffsexpeditionen-die-bunte-welt-des-arktischen-phytoplanktons-sichtbar-macht","url":"https://api.media.ccc.de/public/events/75dadf9f-5f43-5cc5-b344-b0d402af7092","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"514cda00-fd8e-5417-ba56-a882572a660e","title":"Die Känguru-Rebellion: Digital Independence Day","subtitle":null,"slug":"39c3-die-kanguru-rebellion-digital-independence-day","link":"https://events.ccc.de/congress/2025/hub/event/detail/die-kanguru-rebellion-digital-independence-day","description":"Marc-Uwe Kling liest neues vom Känguru vor.\n\nVielleicht auch was von Elon und Jeff on Mars.\nUnd dann ruft das Känguru zum Digital Independence Day auf.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Marc-Uwe Kling","Linus Neumann"],"tags":["2193","2025","39c3","CCC \u0026 Community","One","39c3-deu","39c3-eng","39c3-spa","Day 1"],"view_count":171697,"promoted":true,"date":"2025-12-27T19:15:00.000+01:00","release_date":"2025-12-27T00:00:00.000+01:00","updated_at":"2026-04-07T10:30:06.195+02:00","length":3408,"duration":3408,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2193-514cda00-fd8e-5417-ba56-a882572a660e.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2193-514cda00-fd8e-5417-ba56-a882572a660e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2193-514cda00-fd8e-5417-ba56-a882572a660e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2193-514cda00-fd8e-5417-ba56-a882572a660e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-die-kanguru-rebellion-digital-independence-day","url":"https://api.media.ccc.de/public/events/514cda00-fd8e-5417-ba56-a882572a660e","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"c216b3d6-9937-521f-a7ff-85dbb9e94d07","title":"c’t uplink: Digitale Souveränität – sind Häcker:innen jetzt fürs Staatswohl verantwortlich?","subtitle":null,"slug":"39c3-c-t-uplink-digitale-souvernitt-sind-hcker-innen-jetzt-frs-staatswohl-verantwortlich","link":"https://events.ccc.de/congress/2025/hub/event/detail/c-t-uplink-digitale-souvernitt-sind-hcker-innen-jetzt-frs-staatswohl-verantwortlich","description":"Spätestens seitdem Donald Trump wieder im Weißen Haus sitzt, geistert die „Digitale Souveränität“ verstärkt durch die politischen Diskussionen. Wir haben mittlerweile ein Zentrum dafür (ZenDiS) und einen Fonds, der sich zur Agentur gemausert hat (Sovereign Tech Fund/Agency). Aber ist jetzt das Schlagwort Digitale Souveränität der Türöffner für mehr Open-Source-Software in Behörden, Verwaltungen, Schulen und anderen öffentlichen Einrichtungen, oder erweist sich das als Bumerang? Sind Big Tech, die doch viel in Linux und Open Source investieren, wirklich das Problem?\n\nIn dieser Sonderfolge des c’t uplink blicken wir kritisch auf den Begriff Digitale Souveränität und diskutieren, welche Konzepte sich dahinter verbergen. Wir sprechen darüber, ob und warum gerade die Community den Karren aus dem Dreck ziehen soll. Außerdem schauen wir, warum es nur so langsam vorwärts geht mit freier Software in öffentlicher Hand und welche Lösungswege es gibt oder geben könnte.\n\nGäste (u.a.):\n- Anne Roth, Referentin Digitalpolitik im Bundestag\n- Bonnie Mehring, Senior-Projekt-Managerin Free Software Foundation Europe\n- Sven Neuhaus, Tech Lead Open-Source-Produkte, Zentrum Digitale Souveränität\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Keywan Tonekaboni | c’t uplink"],"tags":["83786","2025","39c3","Sendezentrum Bühne (Saal X 07)","39c3-deu","Day 1"],"view_count":5287,"promoted":false,"date":"2025-12-27T16:00:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-04T22:15:05.074+02:00","length":3084,"duration":3084,"thumb_url":"https://static.media.ccc.de/media/congress/2025/83786-c216b3d6-9937-521f-a7ff-85dbb9e94d07.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/83786-c216b3d6-9937-521f-a7ff-85dbb9e94d07_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/83786-c216b3d6-9937-521f-a7ff-85dbb9e94d07.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/83786-c216b3d6-9937-521f-a7ff-85dbb9e94d07.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-c-t-uplink-digitale-souvernitt-sind-hcker-innen-jetzt-frs-staatswohl-verantwortlich","url":"https://api.media.ccc.de/public/events/c216b3d6-9937-521f-a7ff-85dbb9e94d07","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"973af772-1dae-58a1-b979-ea890cbdfe09","title":"The Last of Us -  Fighting the EU Surveillance Law Apocalypse","subtitle":null,"slug":"39c3-the-last-of-us-fighting-the-eu-surveillance-law-apocalypse","link":"https://events.ccc.de/congress/2025/hub/event/detail/the-last-of-us-fighting-the-eu-surveillance-law-apocalypse","description":"The virus of surveillance is spreading across the European Union. In the form of its \"ProtectEU\" Internal Security Strategy, the European Commission is planning to attack encryption, re-introduce mandatory data retention and strengthen Europol and Frontex, the main agents of its oppressive law enforcement infrastructure. In this talk, we will journey the wastelands of the EU surveillance apocalypse together: We will take a close look at what politicians are planning to undermine our fundamental rights, the technology involved, and the real harms we must fight. From there, we will chart pathways to resistance and collective immunity against a surveillance agenda that requires us to form new alliances and re-think mobilization.\n\nAdmidst its current push to remove the rules that have protected the EU's environment, consumer and fundamental rights, there is one area the European Commission happily calls for more regulation: Internal security. The recent \"ProtectEU\" Internal Security Strategy does little to protect Europeans, and instead foresees attacks on encryption, the re-introduction of mandatory data retention and the strengthening of Europol and Frontex, the main agents of the EU's oppressive law enforcement infrastructure. In this talk, we will introduce the strategy and its main pillars, explain its political and legal contexts, and take a look at what it would mean for our fundamental rights, access to encryption, and IT security if enacted. But not all hope is lost (yet), and together we want to chart pathways to meaningful resistance. To do so, we will help understand the maze of the EU's lawmaking process and identify pressure points. We will then look back at past fights, lessons learned and new opportunities to act in solidarity against a surveillance agenda that is truly apocalyptic.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Svea Windwehr","Chloé Berthélémy"],"tags":["1730","2025","39c3","Ethics, Society \u0026 Politics","Fuse","39c3-eng","39c3-deu","39c3-fra","Day 3"],"view_count":4082,"promoted":false,"date":"2025-12-29T17:15:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-07T00:15:04.588+02:00","length":3681,"duration":3681,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1730-973af772-1dae-58a1-b979-ea890cbdfe09.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1730-973af772-1dae-58a1-b979-ea890cbdfe09_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1730-973af772-1dae-58a1-b979-ea890cbdfe09.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1730-973af772-1dae-58a1-b979-ea890cbdfe09.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-the-last-of-us-fighting-the-eu-surveillance-law-apocalypse","url":"https://api.media.ccc.de/public/events/973af772-1dae-58a1-b979-ea890cbdfe09","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"f7806034-b88e-559b-9c11-7ce6ffc72a82","title":"There is NO WAY we ended up getting arrested for this (Malta edition)","subtitle":null,"slug":"39c3-there-is-no-way-we-ended-up-getting-arrested-for-this-malta-edition","link":"https://events.ccc.de/congress/2025/hub/event/detail/there-is-no-way-we-ended-up-getting-arrested-for-this-malta-edition","description":"3 years ago, 3 Maltese students were arrested and charged with computer misuse after disclosing a vulnerability to a local company that developed a mobile app for students. Through persistent media pressure, the students managed to obtain a presidential pardon to drop the case and funding for their lawyers. However, through this journey, there were mentions of punishment for retaliating through media disclosure. The story has not concluded, and there will be no amendments to the Maltese computer misuse law for the foreseeable future.\n\nThe talk goes through the full journey,\n\n1. The talk describes in more detail how the arrests were carried out on November 12th, 2022 including the confiscation of all computer equipment, the time spent in a cell and the interrogation before being released.\n2. How the decision was made to go to the media 5 months later, the consequences of that and why it was beneficial.\n3. The later fallout including the university disassociating itself from the students + even disallowing one of the students to tutor at the university\n4. How this led to a pause in Malta's participation in the European Cyber Security Challenge with one specific meeting involving the national IT agency and the 3 students.\n5. mentions of a grant of a pardon after the prime minister visited the office of a student\n6. The start of the initial court sessions and the outcomes from that.\n7. A super interesting meeting where the justice minister told the students that even though they'll be given a pardon -- if this happens again they will be arrested again.\n8. What it meant to get a pardon and how that technically still hasn't ended our situation in court yet.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["mixy1","Luke Bjorn Scerri","girogio"],"tags":["2377","2025","39c3","Security","Ground","39c3-eng","39c3-deu","39c3-fra","Day 3"],"view_count":7644,"promoted":false,"date":"2025-12-29T16:00:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-06T23:45:06.670+02:00","length":3276,"duration":3276,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2377-f7806034-b88e-559b-9c11-7ce6ffc72a82.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2377-f7806034-b88e-559b-9c11-7ce6ffc72a82_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2377-f7806034-b88e-559b-9c11-7ce6ffc72a82.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2377-f7806034-b88e-559b-9c11-7ce6ffc72a82.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-there-is-no-way-we-ended-up-getting-arrested-for-this-malta-edition","url":"https://api.media.ccc.de/public/events/f7806034-b88e-559b-9c11-7ce6ffc72a82","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"1632d233-fb88-5f58-aaec-823ea32f8b56","title":"Escaping Containment: A Security Analysis of FreeBSD Jails","subtitle":null,"slug":"39c3-escaping-containment-a-security-analysis-of-freebsd-jails","link":"https://events.ccc.de/congress/2025/hub/event/detail/escaping-containment-a-security-analysis-of-freebsd-jails","description":"FreeBSD’s jail mechanism promises strong isolation—but how strong is it really?\nIn this talk, we explore what it takes to escape a compromised FreeBSD jail by auditing the kernel’s attack surface, identifying dozens of vulnerabilities across exposed subsystems, and developing practical proof-of-concept exploits. We’ll share our findings, demo some real escapes, and discuss what they reveal about the challenges of maintaining robust OS isolation.\n\nFreeBSD’s jail feature is one of the oldest and most mature OS-level isolation mechanisms in use today, powering hosting environments, container frameworks, and security sandboxes. But as with any large and evolving kernel feature, complexity breeds opportunity. This research asks a simple but critical question: If an attacker compromises root inside a FreeBSD jail, what does it take to break out?\n\nTo answer that, we conducted a large-scale audit of FreeBSD kernel code paths accessible from within a jail. We systematically examined privileged operations, capabilities, and interfaces that a jailed process can still reach, hunting for memory safety issues, race conditions, and logic flaws. The result: roughly 50 distinct issues uncovered across multiple kernel subsystems, ranging from buffer overflows and information leaks to unbounded allocations and reference counting errors—many of which could crash the system or provide vectors for privilege escalation beyond the jail.\n\nWe’ve developed proof-of-concept exploits and tools to demonstrate some of these vulnerabilities in action. We’ve responsibly disclosed our findings to the FreeBSD security team and are collaborating with them on fixes. Our goal isn’t to break FreeBSD, but to highlight the systemic difficulty of maintaining strict isolation in a large, mature codebase.\n\nThis talk will present our methodology, tooling, and selected demos of real jail escapes. We’ll close with observations about kernel isolation boundaries, lessons learned for other OS container systems, and a call to action for hardening FreeBSD’s jail subsystem against the next generation of threats.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["ilja","Michael Smith"],"tags":["1975","2025","39c3","Security","Fuse","39c3-eng","39c3-deu","Day 1"],"view_count":9367,"promoted":false,"date":"2025-12-27T17:15:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-06T20:30:06.463+02:00","length":3556,"duration":3556,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1975-1632d233-fb88-5f58-aaec-823ea32f8b56.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1975-1632d233-fb88-5f58-aaec-823ea32f8b56_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1975-1632d233-fb88-5f58-aaec-823ea32f8b56.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1975-1632d233-fb88-5f58-aaec-823ea32f8b56.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-escaping-containment-a-security-analysis-of-freebsd-jails","url":"https://api.media.ccc.de/public/events/1632d233-fb88-5f58-aaec-823ea32f8b56","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"6a645194-deb6-5e96-b8ce-bb18774f1f14","title":"Neuroexploitation by Design","subtitle":"Wie Algorithmen in Glücksspielprodukten sich Wirkweisen des Reinforcement Learning und dopaminergen Belohnungssystems zunutze machen","slug":"39c3-neuroexploitation-by-design-wie-algorithmen-in-glucksspielprodukten-sich-wirkweisen-des-reinforcement-learning-und-dopaminergen-belohnungssystems-zunu","link":"https://events.ccc.de/congress/2025/hub/event/detail/neuroexploitation-by-design-wie-algorithmen-in-glucksspielprodukten-sich-wirkweisen-des-reinforcement-learning-und-dopaminergen-belohnungssystems-zunu","description":"Die Legalisierung des Online-Glücksspiels in Deutschland im Jahr 2021 und die zunehmende Normalisierung von Glücksspiel und Sportwetten in den Medien haben ein Umfeld geschaffen, in welchem Glücksspielprodukte leichter zugänglich und gesellschaftlich stärker akzeptiert sind als je zuvor. Diese weit verbreitete Exposition birgt erhebliche Risiken für vulnerable Personen, insbesondere da die Grenzen zwischen Spielen und Glücksspiel zunehmend verwischen. Seit einiger Zeit ist beispielsweise ein deutlicher Anstieg von Spielen zu beobachten, die Glücksspiel-ähnliche Items wie Loot-Boxen beinhalten. Komplexe Designmerkmale in elektronischen Glücksspielprodukten, z.B. Glücksspielautomaten und Online-Slots, sind gezielt darauf ausgerichtet, Individuen zu verlängerten Spielsitzungen zu motivieren, um den Umsatz zu maximieren. Während Glücksspiel für viele Menschen eine Form der Unterhaltung darstellt, kann das Spielverhalten bei manchen eskalieren und schwerwiegende Folgen für das Leben der Betroffenen haben. Dieser Vortrag wird Mechanismen in Glücksspielprodukten und Loot Boxen beleuchten und aufzeigen, weshalb diese Merkmale das Suchtpotenzial fördern können. Hierbei spielen Mechanismen des sogenannten Verstärkungslernens (engl. Reinforcement Learning) eine Rolle, die das menschliche Belohnungssystem aktivieren, also dopaminerge Bahnen, welche an der Vorhersage von Belohnungen beteiligt sind. Besonderes Augenmerk liegt auf dem Reinforcement-Learning, einem Framework zur Modellierung von Lernen durch belohnungsbasiertes Feedback, welches sowohl in der Psychologie zur Beschreibung menschlichen Lernens und Entscheidungsverhaltens als auch zur Optimierung von Machine-Learning-Algorithmen eingesetzt wird. Im Vortrag werden auch Ergebnisse aus eigener Forschung am Labor der Universität zu Köln vorgestellt. Ziel ist es, Mechanismen des Glücksspiels zu erklären, sowie das Bewusstsein für potenzielle Schäden für Individuen und die Gesellschaft zu schärfen und die Notwendigkeit von Regulation sowie verantwortungsbewussten Designpraktiken zu diskutieren.\r\n\r\nIn diesem Vortrag wird beleuchtet, wie moderne Glücksspielprodukte und glücksspielähnliche Spielmechaniken, etwa Lootboxen, gezielt psychologische und neurobiologische Lernprozesse ausnutzen, um Umsatz durch längeres Spielen und stärkere Interaktion zu generieren. Im Fokus stehen dabei Mechanismen des Verstärkungslernens (Reinforcement Learning) und deren Zusammenspiel mit dem dopaminergen Belohnungssystem. Anhand aktueller Forschungsergebnisse werden Designstrategien vorgestellt, die das Suchtpotenzial von Glücksspielen erhöhen können. Ziel des Vortrags ist es, ein wissenschaftlich fundiertes Verständnis dieser Dynamiken zu vermitteln, Risiken für Individuen und Gesellschaft aufzuzeigen und die Notwendigkeit von Regulierung und verantwortungsvollem Design zu diskutieren.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Elke Smith"],"tags":["1558","2025","39c3","Science","Ground","39c3-deu","39c3-eng","39c3-spa","Day 1"],"view_count":15314,"promoted":false,"date":"2025-12-27T12:50:00.000+01:00","release_date":"2025-12-27T00:00:00.000+01:00","updated_at":"2026-04-03T22:15:06.144+02:00","length":2360,"duration":2360,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1558-6a645194-deb6-5e96-b8ce-bb18774f1f14.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1558-6a645194-deb6-5e96-b8ce-bb18774f1f14_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1558-6a645194-deb6-5e96-b8ce-bb18774f1f14.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1558-6a645194-deb6-5e96-b8ce-bb18774f1f14.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-neuroexploitation-by-design-wie-algorithmen-in-glucksspielprodukten-sich-wirkweisen-des-reinforcement-learning-und-dopaminergen-belohnungssystems-zunu","url":"https://api.media.ccc.de/public/events/6a645194-deb6-5e96-b8ce-bb18774f1f14","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"414813ee-69f4-56ee-a013-f887f26d91d6","title":"Light in the Dark(net)","subtitle":null,"slug":"39c3-light-in-the-dark-net","link":"https://events.ccc.de/congress/2025/hub/event/detail/light-in-the-dark-net","description":"Science is hard and research into the usage of the Tor network is especially so. Since it was designed to counter suveillance, it gathering reliable information is difficult. As a consequence, the studies we do have, have yielded very different results.\n\nThis talk investigates the root causes of contradicting studies by highlighting how slight changes in methodology or data selection completely change the results and thereby our understanding of what the Darknet is. Whether you consider it the last bastion of freedom or a haven of crime, this talk will tell you where to look and what to ignore in order to confirm your current opinion. And in case you are open to changing it, we have some food for thought for you.\n\nOnion services can be considered one of the most controversial aspects of the Tor network, because they allow the anonymous hosting of services, which has enabled the creation of illegal services which are difficult for law enforcement to shut down. Defenders argue that this is a price worth paying to ensure free speech for people who could otherwise not speak up or run their own services.\n\nThis obviously raises the question what onion services are being actually used for in practice. Many researchers have tried to answer this question in the past. Based on their work we already know a few things:\n\n- 9% of all Websites on the Darknet are marketplaces [1]\n- 2.7% of all Websites on the Darknet are marketplaces [2]\n- 50% of all Websites on the Darknet are marketplaces [3]\n- 8.4% of all Websites on the Darknet are marketplaces [4]\n- 27% of all Websites on the Darknet are marketplaces [5]\n- 34.8% of all Websites on the Darknet are marketplaces [6]\n\nNo, this is not a copy and paste error, all of the above statements can be found in peer-reviewed scientific publications. All of these results are valid on their own and constitute valuable contributions to science, but it does not take an expert to notice the contradictions in their findings.  \nThe reasons for these inconsistencies are the main topic of this talk. We will discuss the information available to researchers and the limitations originating from it. Challenges and current disagreements when it comes to interpreting available data will be addressed along with common misrepresentations of research results. We will highlight how the choice of data sources can predetermine the final result before a study has even begun, how minor changes to definitions can lead to completely different results and how important context is when interpreting data.\n\nArmed with this knowledge, we can tackle the challenge to find out what we know about the Darknet, what we might figure out in the future, what we can reasonably assume but will never be able to prove, and what we will (hopefully) never know.\n\n-----------------------------------------\nSources\n[1] https://doi.org/10.1049/iet-ifs.2015.0121\n[2] https://doi.org/10.1016/j.future.2024.03.025\n[3] https://doi.org/10.1145/3600160.3600167\n[4] https://doi.org/10.1109/INFOCOM53939.2023.10229057\n[5] https://doi.org/10.1109/ICDCSW.2014.20\n[6] https://doi.org/10.1080/00396338.2016.1142085\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Tobias Höller"],"tags":["1573","2025","39c3","Science","Zero","39c3-eng","39c3-deu","39c3-spa","Day 3"],"view_count":6820,"promoted":false,"date":"2025-12-29T22:05:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-05T13:00:06.340+02:00","length":2436,"duration":2436,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1573-414813ee-69f4-56ee-a013-f887f26d91d6.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1573-414813ee-69f4-56ee-a013-f887f26d91d6_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1573-414813ee-69f4-56ee-a013-f887f26d91d6.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1573-414813ee-69f4-56ee-a013-f887f26d91d6.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-light-in-the-dark-net","url":"https://api.media.ccc.de/public/events/414813ee-69f4-56ee-a013-f887f26d91d6","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"f1e6f4e2-875f-573c-9e68-8dfd52e29225","title":"Spectre in the real world: Leaking your private data from the cloud with CPU vulnerabilities","subtitle":null,"slug":"39c3-spectre-in-the-real-world-leaking-your-private-data-from-the-cloud-with-cpu-vulnerabilities","link":"https://events.ccc.de/congress/2025/hub/event/detail/spectre-in-the-real-world-leaking-your-private-data-from-the-cloud-with-cpu-vulnerabilities","description":"Transient execution CPU vulnerabilities, like Spectre, have been making headlines since 2018. However, their most common critique is that these types of vulnerabilities are not really practical. Even though it is cool to leak `/etc/shadow` with a CPU bug, it has limited real-world impact. In this talk, we take Spectre out for a walk and let it see the clouds, by leaking memory across virtual machine boundaries at a public cloud provider, bypassing mitigations against these types of attacks. Our report was awarded with a $151,515 bug bounty, Google Cloud's highest bounty yet.\n\nSeven years ago, Spectre and Meltdown were announced. These two vulnerabilities showed that instructions executed by the CPU might accidentally access secret data. This secret data can contain files cached from disk, cryptographic keys, private information, or anything else that might be stored in memory. An attacker can use Spectre to learn the value of that secret data, even though the attacker is not supposed to have access to it.\n\nEven though this sounds problematic, there is a reason why these type of vulnerabilities haven't had a significant real-world impact. Mitigations make it much harder to pull off, and an attacker needs a form of remote code execution anyway to trigger the relevant CPU instructions. If an attacker can already execute arbitrary code, then Spectre is probably not what you should be worried about. For regular users, these CPU vulnerabilities are likely not that much of a threat.\n\nHowever, that is not the case for public cloud providers. Their business model is to provide *remote code execution as a service*, and to rent out shared hardware resources as efficiently as possible. Customers run their system in an seemingly isolated virtual machine on top of shared physical hardware. Because customers can run anything they want on these systems, public cloud providers must treat these workloads as untrusted. They have to assume the worst case scenario, i.e. that an attacker is deliberately trying violate the confidentiality, integrity or availability of their systems, and, by extension, their customers' systems. For transient execution vulnerabilities like Spectre, that means that they enable all reasonable mitigations, and some more.\n\nIn this talk, we show that transient execution attacks can be used on real-world systems, despite the deployed software mitigations. We demonstrate this by silently leaking secret data from another virtual machine at a major global cloud provider, defeating virtual machine isolation without leaving a trace. Additionally, we'll discuss our coordinated disclosure process, the currently deployed mitigations and how future mitigations could address the issue.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Thijs Raymakers"],"tags":["1687","2025","39c3","Security","Zero","39c3-eng","39c3-deu","39c3-fra","Day 3"],"view_count":6486,"promoted":false,"date":"2025-12-30T00:15:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-05T18:45:05.461+02:00","length":2714,"duration":2714,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1687-f1e6f4e2-875f-573c-9e68-8dfd52e29225.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1687-f1e6f4e2-875f-573c-9e68-8dfd52e29225_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1687-f1e6f4e2-875f-573c-9e68-8dfd52e29225.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1687-f1e6f4e2-875f-573c-9e68-8dfd52e29225.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-spectre-in-the-real-world-leaking-your-private-data-from-the-cloud-with-cpu-vulnerabilities","url":"https://api.media.ccc.de/public/events/f1e6f4e2-875f-573c-9e68-8dfd52e29225","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"5aaab022-3cb6-5d1a-9326-eec204bbb8f1","title":"1965 + 60 Years of Algorithmic Art with Computers","subtitle":null,"slug":"39c3-1965-60-years-of-algorithmic-art-with-computers","link":"https://events.ccc.de/congress/2025/hub/event/detail/1965-60-years-of-algorithmic-art-with-computers","description":"What power structures are inherent to the field of computer-generated art? In the year 1965, so 60 years ago, the first three exhibitions of art created with the help of computers took place - in part independently of each other. We want to present the interesting aspects of developments since then and discuss them with Frieder Nake, one of the people who exhibited in those very beginnings and followed those developments with a critical attitude.\n\nWe want to look at the complex topic of art created with computers, beginning with some careful and barely noticed first experiments and emerging into an ever more diverse and creative field, from different angles. In particular, we want to focus on the dynamics of power and how these developments were influenced by their context - from social movements to political pressure.\n\nWe want to start with explaining how the initial developments, both from an artistic - concrete art - and technological - the evolution of computers and the creation of the drawing machine Zuse Z64 in Germany and film techniques in the US, respectively - took place. We will do so in the context of the first three exhibitions that all took place in the year 1965. Their artworks were created by Georg Nees in Stuttgart, A. Michael Noll with Béla Julesz in New York and Frieder Nake with Georg Nees, again in Stuttgart.\n\nIn the following, we will try to give an outline of further developments. We provide examples how hierachies in art and science have developed and played a role in different events. In the domain of computer-generated art, similar to other art, there are two large influences hidden for the typical recipent of this art - galleries and critics. We will discuss this exemplary with early exhibitions of Frieder Nake being described by the FAZ and later on, how the east-west conflict has influenced the art and its exhibitions. Among other issues, we discuss patriarchal structures, the commercial side of art, how old tech is sold as revolutionary and how progress is still as connected with threatening feelings as in the early years.\n\nLooking back at the beginnings, it is interesting to observe how artists - also with an artistic, rather than technical background - worked with the limitations and overcame them. Fortunately, the technological entry barrier to create algorithmic art yourself has drastically decreased over time and we want to encourage you to experiment yourself!\n\nFrieder Nake is creating algorithmic drawings and doing visual research since 1964. In 1971, he published the influential essay \"there should be no computer art\" and he has been teaching computer graphics at the University of Bremen for decades. Enna Gerhard is pursuing a PhD in theory of computer science and creates algorithmic drawings in the meantime.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Enna Gerhard","Frieder Nake"],"tags":["1931","2025","39c3","Art \u0026 Beauty","Zero","39c3-eng","39c3-deu","Day 1"],"view_count":2635,"promoted":false,"date":"2025-12-27T19:15:00.000+01:00","release_date":"2025-12-30T00:00:00.000+01:00","updated_at":"2026-04-01T21:30:05.911+02:00","length":3039,"duration":3039,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1931-5aaab022-3cb6-5d1a-9326-eec204bbb8f1.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1931-5aaab022-3cb6-5d1a-9326-eec204bbb8f1_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1931-5aaab022-3cb6-5d1a-9326-eec204bbb8f1.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1931-5aaab022-3cb6-5d1a-9326-eec204bbb8f1.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-1965-60-years-of-algorithmic-art-with-computers","url":"https://api.media.ccc.de/public/events/5aaab022-3cb6-5d1a-9326-eec204bbb8f1","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"0425efd8-fec5-5dbc-860b-8478857dc9ac","title":"Auf die Dauer hilft nur Power","subtitle":"Herausforderungen für dezentrale Netzwerke aus Sicht der Soziologie","slug":"39c3-auf-die-dauer-hilft-nur-power-herausforderungen-fur-dezentrale-netzwerke-aus-sicht-der-soziologie","link":"https://events.ccc.de/congress/2025/hub/event/detail/auf-die-dauer-hilft-nur-power-herausforderungen-fur-dezentrale-netzwerke-aus-sicht-der-soziologie","description":"Der Vortrag diskutiert Herausforderungen dezentraler Netzwerke aus soziologischer Perspektive. Als dezentrale Netzwerke werden technische Infrastrukturen verstanden, die nicht von einer zentralen Autorität, sondern verteilt über Instanzen zur Verfügung gestellt werden. Nutzer:innen profitieren von dieser Infrastruktur, nutzen beispielsweise das Fediverse oder das Tor-Netzwerk, ohne zur Infrastruktur beizutragen. Zugleich können dezentrale Netzwerke nur dann bestehen, wenn hinreichende Ressourcen von Personen oder Organisationen mobilisiert werden, um das Netzwerk überhaupt zur Verfügung zu stellen. Dies führt zur originären Instabilität dezentraler Netzwerke, wenn nicht der Weg der Kommodifizierung des Nutzer:innenverhaltens eingeschlagen wird. Aufbauend auf dieser Zustandsbeschreibung, werden Bedingungen erörtert, um Kollektivgüter wie dezentrale Netzwerke organisatorisch (und nicht technisch) herzustellen. Hierzu zählen Partizipation oder die Idee einer öffentlichen Grundfinanzierung. Der Vortrag wird neben soziologischen Ideen und harten Zahlen auch durch eine ordentliche Portion Idealismus zu Fragen der Souveränität und Autonomität in der Digitalisierung motiviert.\r\n\r\nDie Soziologie hat immer etwas mitzuteilen, sobald Fragen kollektiven Handelns auftreten. Dies gilt sowohl für soziale wie auch digitale Räume. So hat der Soziologe Peter Kollock bereits in den 1990er Jahren festgestellt, „the Internet is filled with junk and jerks“ (Kollock, 1999, S. 220). Gegenwärtig dürfte die Mehrheit dieser Aussage anstandslos zustimmen. Aber dies ist nicht der entscheidende Punkt, sondern die weitere Beobachtung: „Given that online interaction is relatively anonymous, that there is no central authority, and that it is difficult or impossible to impose monetary or physical sanctions on someone, it is striking that the Internet is not literally a war of all against all” (1999, S. 220).\r\n\r\nDie Welt kennt inzwischen zahlreiche Gegenbeispiele, bei denen Autoritäten das Internet nutzen, um das Nutzungsverhalten zu monetarisieren oder Überwachungstechnologien zur Sanktionierung einsetzen (Zuboff, 2019). Diese Ausgangslage beziehe ich in meiner Forschung ein, wenn ich dezentrale Netzwerke wie das Fediverse oder das Tor-Netzwerk aus soziologischer Perspektive betrachte. In erster Linie bin ich daran interessiert zu verstehen, wie dezentrale Netzwerke – organisatorisch nicht technisch – entstehen und welche Herausforderungen es dabei zu überwinden gilt (Sanders \u0026 Van Dijck, 2025). Eine zentrale Motivation orientiert sich an der Frage, wie ein Internet ohne zentrale Autorität, verringert von Marktabhängigkeiten, resilient gegenüber Sanktionsmechanismen und Souverän bezüglich eigener Daten, aufgebaut werden kann. Motiviert durch diesen präskriptiven Rahmen, betrachte ich im Vortrag die Herausforderungen zunächst deskriptiv und beziehe meine soziologische Perspektive ein. Denn in der Regel profitieren Menschen, die einen Vorteil aus der Realisierung eines bestimmten Ziels ziehen, unabhängig davon, ob sie persönlich einen Anteil der Kooperation tragen – oder eben nicht. Das kollektive Handeln fällt mitunter schwer, obwohl oder gerade, weil ein begründetes kollektives Interesse zur Umsetzung eines bestimmten Zieles besteht. Gleiche Interessen sind nicht gleichbedeutend mit gemeinsamen Interessen. Diese Situationsbeschreibung ist vielfältig anwendbar von WG-Aufräumplänen bis zu Fragen der klimaneutralen Transformation. Der Grund ist, dass kollektives Handeln ein Mindestmaß an Zeit, Aufwand oder Geld verursacht, sodass vielfach ein Trittbrettfahren gewählt wird in der Hoffnung, dass immer noch genug andere kooperieren, um das gewünschte Ziel zu erreichen (Hardin, 1982).\r\n\r\nAus dieser Perspektive betrachte ich dezentrale Netzwerke. So kann das Fediverse oder der Tor-Browser genutzt werden, ohne eine eigene Instanz oder Knoten zu hosten. Dies ist auch nicht das Ziel der genannten dezentralen Netzwerke. Dennoch: Die Kosten und der Aufwand für die technische Infrastruktur müssen von einem kleinen Teil getragen werden, während die überwältigende Mehrheit der Nutzer:innen von der Infrastruktur profitieren, ohne einen Beitrag zu dieser zu leisten. Dies führt zur originären Instabilität dezentraler Netzwerke und stellt eine relevante Herausforderung für die Zukunft dar. Während durch Netzwerkanalysen das Wachstum und die Verstetigung von dezentralen Netzwerken beschrieben wird, fehlt es an einem vertieften Verständnis über Bedingungen wie dezentrale Netzwerke überhaupt entstehen. Während des Vortrags werde ich empirische Daten zur Entwicklung des Fediverse und des Tor-Netzwerkes zeigen, um die Herausforderung zu verdeutlichen. Insbesondere das Tor-Netzwerk steht dabei vor dem Problem, dass die Möglichkeit zur De-Anonymisierung steigt, wenn die Anzahl an Knoten sinkt. Die Überwindung des von mir dargestellten Kollektivgutproblems nimmt demnach eine zentrale Rolle zur Aufrechterhaltung ein.\r\n\r\nDie Motivation sich mit dezentralen Netzwerken auseinanderzusetzen, resultiert aus der Umkehr der Argumentation, wenn Netzwerke über eine zentrale Autorität verfügen und zugleich in der Lage sind, Sanktionsmechanismen zu nutzen, beispielsweise um unliebsame User:innen zu sperren, das Nutzungsverhalten zu überwachen und zu monetarisieren (Zuboff, 2019). Hierbei beziehe ich mich offensichtlich auf die Entwicklung sozialer Medien, die das oben beschriebene Problem kollektiven Handelns durch Kommodifizierung der Infrastruktur lösen. Ähnliches ist aus dem Bereich der Kryptowährung bekannt, welche ebenfalls durch den individualisierten monetären Vorteil, das heißt der Verheißung einer Kapitalakkumulation, Kooperationsprobleme überwindet. Stellen wir uns so die Zukunft des Internets vor?\r\nDezentrale Netzwerke sind nicht per se eine allumfassende technische Lösung für gesellschaftlich-soziale Probleme. Im Gegenteil: Dezentrale Netzwerke, wenn sie nicht auf Kommodifizierung basieren, unterliegen einer sozialen Ordnung, die sich eben nicht technisch lösen lässt. Ein Bewusstsein über die Notwendigkeit dezentraler Netzwerke ist hierbei leider nicht ausreichend, sondern es braucht Menschen und Organisationen, die bereit sind einen Teil der Infrastruktur zu tragen, ohne einen direkten Vorteil hiervon zu erhalten. Diese Selbstorganisation steht im Vergleich zu profitorientierten Unternehmen immer im Nachteil (Offe \u0026 Wiesenthal, 1980).\r\n\r\nIn meiner Forschung verbinde ich mein Interesse an Grundstrukturen und Bedingungen sozialer Ordnung, wie dem Kooperationsproblem, mit dem Anspruch gesellschaftlicher Gestaltung. Allein das Bewusstsein über diese Bedingungen kann noch kein Kooperationsproblem lösen. Es kann allerdings helfen, den Rahmen dieser Bedingungen aktiv zu gestalten. Ich werde mich dabei zwischen kritischen Realitäten und hoffnungsvollen Ausblicken bewegen, denn ganz offensichtlich existieren dezentrale Netzwerke, die eine organisatorische und technische Alternative anbieten. Doch wie der Titel suggeriert, hilft hier auf die Dauer nur die (zivilgesellschaftliche) Power.\r\n\r\nLiteratur\r\nHardin, R. (1982). Collective Action. Hopkins University Press.\r\nKollock, P. (1999). The Economies of Online Cooperation: Gifts and Public Goods in Cyberspace. In M. A. Smith \u0026 P. Kollock (Hrsg.), Communities in Cyberspace (S. 220–239). Routledge.\r\nOffe, C., \u0026 Wiesenthal, H. (1980). Two Logics of Collective Action: Theoretical Notes on Social Class and Organizational Form. Political Power and Social Theory, 1, 67–115.\r\nSanders, M., \u0026 Van Dijck, J. (2025). Decentralized Online Social Networks: Technological and Organizational Choices and Their Public Value Trade-offs. In J. Van Dijck, K. Van Es, A. Helmond, \u0026 F. Van Der Vlist, Governing the Digital Society. Amsterdam University Press. https://doi.org/10.5117/9789048562718_ch01\r\nZuboff, S. (2019). Surveillance Capitalism—Überwachungskapitalismus. Aus Politik und Zeitgeschichte, 24–26, 4–9.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Marco Wähner"],"tags":["1840","2025","39c3","Science","Fuse","39c3-deu","39c3-eng","39c3-fra","Day 2"],"view_count":3992,"promoted":false,"date":"2025-12-28T16:35:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-03T13:15:04.296+02:00","length":2446,"duration":2446,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1840-0425efd8-fec5-5dbc-860b-8478857dc9ac.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1840-0425efd8-fec5-5dbc-860b-8478857dc9ac_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1840-0425efd8-fec5-5dbc-860b-8478857dc9ac.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1840-0425efd8-fec5-5dbc-860b-8478857dc9ac.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-auf-die-dauer-hilft-nur-power-herausforderungen-fur-dezentrale-netzwerke-aus-sicht-der-soziologie","url":"https://api.media.ccc.de/public/events/0425efd8-fec5-5dbc-860b-8478857dc9ac","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"7c12c5be-5414-5673-a856-697a3889f824","title":"The art of text (rendering)","subtitle":null,"slug":"39c3-the-art-of-text-rendering","link":"https://events.ccc.de/congress/2025/hub/event/detail/the-art-of-text-rendering","description":"Typography is the art of arranging type to make written language legible, readable, and appealing when displayed. However, for the neophyte, typography is mostly apprehended as the juxtaposition of characters displayed on the screen while for the expert, typography means typeface, scripts, unicode, glyphs, ascender, descender, tracking, hinting, kerning, shaping, weigth, slant, etc. Typography is actually much more than the mere rendering of glyphs and involves many different concepts. If glyph rendering is an important part of the rendering pipeline, it is nonetheless important to have a basic understanding of typography or there’s a known risk at rendering garbage on screen, as it has been seen many times in games, software and operating systems.\n\nText is everywhere in our modern digital life and yet, no one really pay attention to how it is rendered on a screen. Maybe this is a sign that problem has been solved. But it isn't. A few people are still looking at the best way to display text on any devices \u0026 any languages. This talk is based on a lesson I gave at SIGGRAPH  a few years ago (https://www.slideshare.net/slideshow/siggraph-2018-digital-typography/110385070) to explain rendering techniques and concepts.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Nicolas Rougier"],"tags":["1979","2025","39c3","Art \u0026 Beauty","Ground","39c3-eng","39c3-deu","39c3-pol","Day 1"],"view_count":23885,"promoted":false,"date":"2025-12-27T11:00:00.000+01:00","release_date":"2025-12-27T00:00:00.000+01:00","updated_at":"2026-04-07T00:00:05.946+02:00","length":2309,"duration":2309,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1979-7c12c5be-5414-5673-a856-697a3889f824.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1979-7c12c5be-5414-5673-a856-697a3889f824_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1979-7c12c5be-5414-5673-a856-697a3889f824.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1979-7c12c5be-5414-5673-a856-697a3889f824.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-the-art-of-text-rendering","url":"https://api.media.ccc.de/public/events/7c12c5be-5414-5673-a856-697a3889f824","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"e5377df9-07f4-5c8c-b510-8f64e58d95e3","title":"Supplements und Social Media – wenn der Online-Hype zur realen Gesundheitsgefahr wird","subtitle":null,"slug":"39c3-supplements-und-social-media-wenn-der-online-hype-zur-realen-gesundheitsgefahr-wird","link":"https://events.ccc.de/congress/2025/hub/event/detail/supplements-und-social-media-wenn-der-online-hype-zur-realen-gesundheitsgefahr-wird","description":"Nicht zuletzt durch die Werbung in den sozialen Medien werden in Deutschland immer mehr Nahrungsergänzungsmittel verkauft. Einige Influencer bringen sogar ihre eigenen Präparate auf den Markt. Gleichzeitig häufen sich Fälle, in denen die Einnahme von vermeintlich harmlosen „Supplements“ zu Gesundheitsschäden geführt hat. Der Vortrag will daher die Mechanismen hinter dem Supplement-Hype aufzeigen, zudem erklären, warum aktuell ein ausreichender Verbraucherschutz insbesondere im Internet nicht gewährleistet werden kann, wo Handlungsbedarf für die Politik besteht und wie man sich selbst vor fragwürdigen Produkten schützen kann.\n\nDer Markt für Nahrungsergänzungsmittel boomt seit Jahren. Dafür sorgen unter anderem verschiedenste Influencer, die die Präparate in den sozialen Medien bewerben. Statt nur Produkte der großen Player in diesem Bereich anzupreisen, wie More Nutrition, ESN oder Holy Energy, haben einige Influencer mittlerweile sogar ihre eigenen Nahrungsergänzungsmittelmarken auf den Markt gebracht.\n\nVersprochen wird dabei vieles: Pre-Workout-Booster sollen die Leistung beim Krafttraining erhöhen und blitzschnell zum Traumkörper verhelfen, während Gaming-Booster Wachheit und eine Top-Performance beim Zocken versprechen. Wieder andere Kapseln oder auch Gummibärchen sollen für eine makellose Haut oder einen ruhigen Schlaf sorgen. Manche Präparate können angeblich sogar Krankheiten vorbeugen oder heilen.\n\nDoch was steckt tatsächlich in diesen Mitteln, die online regelrecht gehypt werden? Rein rechtlich handelt es sich um Lebensmittel, was wiederum bedeutet, dass sie ohne behördliche Zulassung auf den Markt gebracht werden dürfen. Es genügt schon, wenn der Unternehmer für die Sicherheit garantiert. Die Hürden für einen Marktzutritt sind damit denkbar niedrig, während gleichzeitig Gewinnmargen locken, die sogar den illegalen Drogenhandel übertreffen.\n\nDas Ergebnis zeigt sich in den Berichten der amtlichen Lebensmittelüberwachung: Bei den Proben, die das Niedersächsische Landesamt für Verbraucherschutz und Lebensmittelsicherheit im Jahr 2024 untersucht hat, entsprachen rund neun von zehn Proben (89 %) nicht den rechtlichen Vorgaben. Neben Mängeln bei der Kennzeichnung und Bewerbung, wodurch Verbraucher viel Geld für wirkungslose Pulver ausgeben, ist die stoffliche Zusammensetzung der Produkte besonders kritisch. So kann beispielsweise die Einnahme von überdosierten Vitamin-D-Präparaten zu Störungen des Calciumstoffwechsels führen (sog. Hypercalcämien). Vermeintlich harmlose pflanzliche Präparate, wie Kurkuma oder Ashwaganda, können zu Leberschäden bis hin zum Leberversagen führen. Besonders brisant ist dabei, dass die Wahrscheinlichkeit für die Erforderlichkeit einer Lebertransplantation oder den Tod des Patienten höher ist als bei Leberschäden durch Arzneimittel (83 vs. 66 %). Es kommen also Menschen durch die Einnahme von Präparaten zu Schaden, mit deren Hilfe sie ihrer Gesundheit eigentlich etwas Gutes tun wollten.\n\nDer Vortrag beleuchtet daher die aktuelle Marktsituation unter besonderer Berücksichtigung des Influencer-Marketings kritisch, erklärt den Unterschied zwischen Nahrungsergänzungs- und Arzneimitteln und stellt die rechtlichen Rahmenbedingungen für das Inverkehrbringen und die Bewerbung von Nahrungsergänzungsmitteln dar. Zudem wird aufgezeigt, warum ein ausreichender Verbraucherschutz durch die aktuellen Möglichkeiten des Lebensmittelrechts insbesondere im Internet nicht gewährleistet werden kann, wo Handlungsbedarf für die Politik besteht und wie man sich selbst vor fragwürdigen Produkten schützen kann.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Christoph Wiedmer"],"tags":["1504","2025","39c3","Science","One","39c3-deu","39c3-eng","39c3-fra","Day 3"],"view_count":7969,"promoted":false,"date":"2025-12-29T14:45:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-04-07T00:15:04.389+02:00","length":3512,"duration":3512,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1504-e5377df9-07f4-5c8c-b510-8f64e58d95e3.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1504-e5377df9-07f4-5c8c-b510-8f64e58d95e3_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1504-e5377df9-07f4-5c8c-b510-8f64e58d95e3.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1504-e5377df9-07f4-5c8c-b510-8f64e58d95e3.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-supplements-und-social-media-wenn-der-online-hype-zur-realen-gesundheitsgefahr-wird","url":"https://api.media.ccc.de/public/events/e5377df9-07f4-5c8c-b510-8f64e58d95e3","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"3b75e6d8-df70-4ddf-a7de-589f1b52778d","title":"FAFO: How we stopped worrying and bought an Electron Microscope","subtitle":"","slug":"39c3-sos-fafo","link":"https://events.ccc.de/congress/2025/hub/en/event/detail/fafo-how-we-stopped-worrying-and-bought-an-electro","description":"We went on Kleinanzeigen and started a non-profit semiconductor lab.\r\n\r\nWe created a space to do the kind of research we've always wanted, but couldn't do at our local hackerspaces - either due to space constraints, or lack of structures allowing for a safe operation of a proper lab.\r\n\r\n-- \r\n\r\nThis video was independently recorded \u0026 produced by dmi","original_language":"eng","persons":["q3k","k8ik","ln","rahix"],"tags":["56511","2025","39c3","Self-organized Sessions","SoS Stage H","39c3-eng"],"view_count":1278,"promoted":false,"date":"2025-12-29T01:30:00.000+01:00","release_date":"2026-02-03T00:00:00.000+01:00","updated_at":"2026-04-06T21:45:07.292+02:00","length":3697,"duration":3697,"thumb_url":"https://static.media.ccc.de/media/congress/2025/56511-3b75e6d8-df70-4ddf-a7de-589f1b52778d.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/56511-3b75e6d8-df70-4ddf-a7de-589f1b52778d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/56511-3b75e6d8-df70-4ddf-a7de-589f1b52778d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/56511-3b75e6d8-df70-4ddf-a7de-589f1b52778d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-sos-fafo","url":"https://api.media.ccc.de/public/events/3b75e6d8-df70-4ddf-a7de-589f1b52778d","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"2bb72a33-bfd9-58cb-a325-30376a6dc51c","title":"Omnibus Halbgarer Machenschaften (OHM #23)","subtitle":null,"slug":"39c3-omnibus-halbgarer-machenschaften-ohm-23","link":"https://events.ccc.de/congress/2025/hub/event/detail/omnibus-halbgarer-machenschaften-ohm-23","description":"erdgeist \u0026 monoxyd denken laut. Aufgrund des großen Erfolgs soll das jetzt auch beim Congress versucht werden. Themen? Ja! Wahrscheinlich irgendwas mit so... Dingen, die gerade passiert sind und zu denen mal was gesagt werden muss. Besser wir als Lanz \u0026 Precht!\n\nEs gibt außerdem einen besonderen Anlass: 23! (Wo kommt das eigentlich her?)\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["monoxyd","erdgeist"],"tags":["83813","2025","39c3","Sendezentrum Bühne (Saal X 07)","39c3-deu","Day 3"],"view_count":1767,"promoted":false,"date":"2025-12-29T14:45:00.000+01:00","release_date":"2025-12-29T00:00:00.000+01:00","updated_at":"2026-03-26T08:15:04.667+01:00","length":2766,"duration":2766,"thumb_url":"https://static.media.ccc.de/media/congress/2025/83813-2bb72a33-bfd9-58cb-a325-30376a6dc51c.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/83813-2bb72a33-bfd9-58cb-a325-30376a6dc51c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/83813-2bb72a33-bfd9-58cb-a325-30376a6dc51c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/83813-2bb72a33-bfd9-58cb-a325-30376a6dc51c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-omnibus-halbgarer-machenschaften-ohm-23","url":"https://api.media.ccc.de/public/events/2bb72a33-bfd9-58cb-a325-30376a6dc51c","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"481f7cae-da59-5506-9801-625227113981","title":"From Silicon to Darude Sand-storm: breaking famous synthesizer DSPs","subtitle":null,"slug":"39c3-from-silicon-to-darude-sand-storm-breaking-famous-synthesizer-dsps","link":"https://events.ccc.de/congress/2025/hub/event/detail/from-silicon-to-darude-sand-storm-breaking-famous-synthesizer-dsps","description":"Have you ever wondered how the chips and algorithms that made all those electronic music hits work? Us too!\n\nAt The Usual Suspects we create open source emulations of famous music hardware, synthesizers and effect units. After releasing some emulations of devices around the Motorola 563xx DSP chip, we made further steps into reverse engineering custom silicon chips to achieve what no one has done before: a real low-level emulation of the JP-8000. This famous synthesizer featured a special \"SuperSaw\" oscillator algorithm, which defined an entire generation of electronic and trance music. The main obstacle was emulating the 4 custom DSP chips the device used, which ran software written with a completely undocumented instruction set. In this talk I will go through the story of how we overcame that obstacle, using a mixture of automated silicon reverse engineering, probing the chip with an Arduino, statistical analysis of the opcodes and fuzzing. Finally, I will talk about how we made the emulator run in real-time using JIT, and what we found by looking at the SuperSaw code.\n\nThis talk is a sequel to my last year's talk \"Proprietary silicon ICs and dubious marketing claims? Let's fight those with a microscope!\", where I showed how I reverse engineered a pretty old device (1986) by looking at microscope silicon pics alone, with manual tracing and some custom tools. Back then I claimed that taking a look at a more modern device would be way more challenging, due to the increased complexity.\n\nThis time, in fact, I've reverse engineered a much modern chip: the custom Roland/Toshiba TC170C140 ESP chip (1995). Completing this task required a different approach, as doing it manually would have required too much time. We used a guided automated approach that combines clever microscopy with computer vision to automatically classify standard cells in the chip, saving us most of the manual work.\nThe biggest win though came from directly probing the chip: by exploiting test routines and sending random data to the chip we figured out how the internal registers worked, slowly giving us insights about the encoding of the chip ISA. By combining those two approaches we managed to create a bit-accurate emulator, that also is able to run in real-time using JIT.\n\nIn this talk I want to cover the following topics:\n- What I learned since my previous talk by looking at more complicated chips\n- Towards automating the silicon reverse engineering process\n- How to find and exploit test modes to understand how stuff works\n- How we tricked the chips into spilling its own secrets\n- How the ESP chip works, compared to existing DSP chips\n- How the SuperSaw oscillator turned out to work\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["giulioz"],"tags":["1926","2025","39c3","Hardware","Fuse","39c3-eng","39c3-deu","Day 1"],"view_count":28282,"promoted":false,"date":"2025-12-27T23:55:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-06T07:15:03.380+02:00","length":2382,"duration":2382,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1926-481f7cae-da59-5506-9801-625227113981.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1926-481f7cae-da59-5506-9801-625227113981_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1926-481f7cae-da59-5506-9801-625227113981.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1926-481f7cae-da59-5506-9801-625227113981.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-from-silicon-to-darude-sand-storm-breaking-famous-synthesizer-dsps","url":"https://api.media.ccc.de/public/events/481f7cae-da59-5506-9801-625227113981","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]},{"guid":"926c987a-2dd9-54f6-9a3a-45222dc9c4b7","title":"Zentrum für Politische Schönheit: ","subtitle":"Ein Jahr Adenauer SRP+ und der Walter Lübcke Memorial Park","slug":"39c3-zps-ein-jahr-adenauer-srp-und-mehr","link":"https://events.ccc.de/congress/2025/hub/event/detail/zps-ein-jahr-adenauer-srp-und-mehr","description":"Es ist genau ein Jahr her, dass der Adenauer SRP+ in der Halle des 38C3 stand. Damals war er noch eine Baustelle, aber schon bald machte er sich auf den Weg, um Geschichte zu schreiben. Wir nehmen euch mit auf eine Reise: von Blockade über Protest, von Sommerinterviews bis zu Polizeischikanen lassen wir ein Jahr Adenauer SRP+ Revue passieren. Das könnte lustig werden.\r\nAußerdem: alles zum Walter Lübcke-Memorial-Park, den wir gerade direkt vor die CDU-Zentrale gebaut haben.\r\n\r\nOwei owei: Das wird viel für 40 Minuten.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Stefan Pelzer","Philipp Ruch"],"tags":["2183","2025","39c3","Art \u0026 Beauty","One","39c3-deu","39c3-eng","39c3-fra","Day 1"],"view_count":60882,"promoted":false,"date":"2025-12-27T11:55:00.000+01:00","release_date":"2025-12-28T00:00:00.000+01:00","updated_at":"2026-04-06T20:15:06.199+02:00","length":2521,"duration":2521,"thumb_url":"https://static.media.ccc.de/media/congress/2025/2183-926c987a-2dd9-54f6-9a3a-45222dc9c4b7.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/2183-926c987a-2dd9-54f6-9a3a-45222dc9c4b7_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/2183-926c987a-2dd9-54f6-9a3a-45222dc9c4b7.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/2183-926c987a-2dd9-54f6-9a3a-45222dc9c4b7.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-zps-ein-jahr-adenauer-srp-und-mehr","url":"https://api.media.ccc.de/public/events/926c987a-2dd9-54f6-9a3a-45222dc9c4b7","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[]}]}