Some notes on 30C3

We wish you a happy new year and a good start to 2014. A new year has begun and, just before that, 30C3 took place. I think almost all of you have heard about the congress and its topics. In particukar there was Glenn Greenwald’s keynote or there were new publications/revelations by Jacob Appelbaum, which you will probably have heard about from main media.
But besides of all that, there were really a lot of other interesting talks we want to give you a short introduction to. Overall it was a really good conference this year and a lot of awesome talks. But, like always, it is not possible to see all of them, so here is a short summary of some of our favorites:

Reverse Engineering of CHIASMUS from GSTOOL (Jan Schejbal)
Jan showed his research on the BSI’s CHIASMUS cipher and its implementation in GSTOOL for local encryption of its data. Nobody of the audience really was heavily surprised about the result: the implementation of CHIASMUS in GSTOOL is broken, but it really was nice to hear all the stories about vulnerability management by the BSI. Still it should be mentioned that CHIASMUS itself is not broken and still seems to be a feasible encryption method, it is just the implementation in GSTOOL which should not be used. Unfortunately in the near future there seems not to be an alternative which can be recommended to fix this problem and therefore out of band encryption like Truecrypt should be used.

An Introduction to Firmware Analysis (Stefan Widmann)
With this talk Stefan Widmann gave a coherent explanation of the fundamentals of firmware hacking. The first part covered different approaches to get the firmware image of a device. This can be easy if it is possible to download an image directly from the vendor’s website. If no image is offered but instead an update manager is used, it is possible to observe the updater application and sniff the transferred files via TraceSPTI (for IDE,SATA and USB on WinXP) or Wireshark (for USB). In case there is no updater or firmware file to download, one can try to extract the image raw from the (E)EPROM, Flash or Serial Flash chips (not covered further in the talk).
Once the image is in place it may be packed [and/or encrypted] so before further operations can take place, one has to extract [and/or decrypt] it with the right tool.
After unpacking the image one has to find the processor type and architecture it is designed for. This can be done by loading the firmware binary into disassemblers like IDA Pro or Online Disassembler (ODA) and doing trial and error with the processor types and architectures until the disassembly makes sense (no ‘unknown data’-parts are shown by IDA/ODA).
Now as the assembly is readable one can try to find some calls to get some information about the structure of the firmware. So maybe further research is needed but the talk showed up a lot of interesting approaches.

Hillbilly Tracking of Low Earth Orbit (Travis Goodspeed)
This talk shows Travis Goodspeed’s approach to communicate with low earth orbit satellites, including some funny stories.
As those move quickly through the sky and are difficult to track with high accuracy he described how he built a remotely operable satellite tracking system.
Therefore Travis bought a Navy-surplus Inmarsat dish on a known auction platform and received it at his home in Southern Appalachia, where he founded the South Appalachian Space Agency (short: SASA :-)).
The dish has several stepper motors which are controlled by a Postgres database next to various daemons spread across multiple machines. So, for tracking a satellite, a command in form of a SQL statement is sent to the receiver and the motor daemon then starts to track the new target while the prediction daemon maintains accurate estimates of its position in the sky. Additional daemons take spectral prints or software-defined radio recordings of the targeted object for later review.
The whole hardware is fully controllable from remote, so even if this dish is located at the SASA, a simple smartphone app can be used to observe low orbit objects.
We think this is a very interesting subject and look forward to hear about the first vulnerabilities on satellites from Travis in one of his next talks.

Electronic Bank Robberies (tw,sb)
This talk described an investigated lifecycle of ATM hacking. The speakers presented how the attackers infected the machines over USB sticks and how they got the money out.
The analysis of the executables showed that an installer contains encrypted payloads, which are encrypted with keys specific to one ATM (volume serial). Some integrity checks in the dropper helped to brute force the XOR key (PE header at the beginning). The installed malware hooked into the keypad routines to obtain the entered numbers.
With a special 12 digit number the malware opens an additional menu in front of the original ATM program. From this menu and his submenu multiple functions were accessible: cash-out, enable/disable network interfaces, format system (actually deletes malware), show out-of-order screen or a defaced screen. Important functions like cash-out or format require a challenge response procedure. If one of the items were selected, a challenge gets displayed and the person in front of the terminal has to call his HQ to get the response code for this challenge.
During the talk a demo of the malware including his functions were presented in a virtual machine running Windows XP.

Kryptographie nach Snowden (Prof. Dr. Rüdiger Weis)
Prof. Dr. Rüdiger Weis of the Beuth-University in Berlin presented how we should consider current crypto algorithms after the published information about the NSA.
His first and main announcement was that (under the current known Snowden documents) strong crypto is still strong and not breakable by the NSA at the moment. In the following parts of his talk, he laid out in more detail which algorithms should be used (and which not). One of his main concerns was to replace weak ciphers like RC4,MD4/MD5 or SHA-1 (SHA-2 could be also replaced, because it’s developed by the NSA and works similarly to SHA-1) with stronger ones (AES-256, SHA-3). He also discussedsome problems with ECC (Elliptic Curve Cryptography). One possible future problem of ECC could reside in the small key lengths (when will the NSA use quantum computers?).
A current problem is the (general) problem of weak random generators (ECC has a higher dependency on them). Weis also called on the audience to rethink the needs of TPM chips, because they are very powerful and not controllable all times. At the end of his talk he gave some recommendations for crypto use: AES-256, RSA with key lengths greater or equal 4096 bit, 512 bit hash algorithms and PFS should be default in all implementations.

Amtliche Datenschützer: Kontrolleure oder Papiertiger? (Peter Schaar)
Peter Schaar is a former data protection officer of Germany and this was his first talk in front of a hacker community. It was really interesting to see his experiences and opinion to how some things work in politics. Usually, data protection officers are a bit twofold, on the one hand they protect our data, but on the other hand they are known as bureaucrat, disturbing the business (and mostly only on a formal point of view, far away from reality).
Nevertheless, it was a very interesting talk about his fields of duty and especially about obstacles in politics (and there seem to be a lot of them) and why a data protection officer is not able to change much without support of politicians. Finally he gave some suggestions about what should be changed in future to get more focus on data protection in Germany.

Have a good start into 2014!