#rC3 my Day One

✍️ → Written on 2020-12-27 in 3011 words. Part of cs IT-security


Update 2020-12-30: I rewatched “Type theory and meaning in linguistics” and updated my slides.
Update 2021-04-03: I watched “Hacking German elections” again.

In 2020, Chaos Communication Congress is taking place online. I decided to join one year ago before the pandemic hit Europe. Since it is taking place online, I am sitting at home and watching talks on my own instead of meeting other IT security interested people. Luckily, I got a supporter ticket in time, whereas many didn’t and asked for one during the conference (which you couldn’t get officially). The conference today was accompanied by many technical difficulties:

  • webIRC did not work for me (“couldn’t connect to server”). It was claimed to work past 18:00 on Day One when I was using pidgin already.

  • no audio during Q/A (during the opening talk)

  • “Das Assange-Auslieferungsverfahren” was delayed first, but then cancelled.

  • “CIA vs. Wikileaks”: This talk by Andy Müller-Maguhn started delayed by close to 20min. Once it was running, the slides were stuck on the stream which made it difficult to follow. The speaker recognized this after a quarter of an hour and the stream was taken offline mid-talk (an article by heise covers some talk content)

  • “Die wunderliche Welt der Netzteilhieroglyphen” was super-silent (in general you were able to follow it by turning your volume to max), but I decided to watch it later.

  • visit.at.rc3.world (technical information on howto.rc3.world, implementation on github) started working past 17:00 on Day One for me. See the screenshot below.

… but it surely was a challenge for many people (as pointed out during the opening talk) and I was amazed how little difference there is between an on-site event and such an online event.

I wanted to write a review of Day One of the conference.

meisterluk avatar in the rc3 world
Figure 1. rc3 world featured workadventure installation, my avatar meisterluk is walking around and visiting assemblies (like rust or Tox), being close to specific areas or other people opens URLs or Jitsi instances


Die Geschichte der Corona-Warn-App

In this German talk at 13:00, Lars Roemheld illustrates which challenges the German Corona-Warning app had to tackle. In the first week of publication, they had 13 mio. downloads (ie. breaking the record of Pokémon Go). Now in Dec 2020, 25 mio. downloads took place. It was interesting to see how important which process


  • 2600 warnings by the app per day. 23000 new infections per day suggests 11% of total cases lead to warnings in app.

  • Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) took a centralized approach w.r.t. to the matching process. dp3t took a decentralized approach. In April 2020, Google and Apple published their Exposure Notification framework. They did not provide special permission for corona tracing apps (which the developers expected), but designed APIs the apps can use. It is implied that verification of the infections must be done by a governmental institution. The APIs imply a decentralized approach, which somehow favored dp3t. In 2020-04, publicity favors decentralized approach.

  • The adaption of the process regarding the publication of the infection in a privacy-preserving manner together with laboratory processes was quite a challenge and it happened within 3 months. Lars illustrated this with the so-called form 10C.

  • Fragmentation (many apps, thus few users use the official one) was a problem. Apple and Google actually helped and removed any apps not governmentally promoted.

  • cwa-android is an implementation not relying on the Google/Apple stack.

Tracking Ransomware End-to-end

At 2pm, all streams had technical issues, but on one computer I was able to attend “Tracking Ransomware End-to-end”. This is an academic 15-minutes talk where the presenter introduced the methodology to assess/estimate the amount of ransom payments per ransomware. The use of academic wording, quick switching between graphs and monotonous intonation made it more difficult to follow than the first talk.

Table 1. Estimated ransom revenue per Ransomeware (2014–2017) [corresponds to table IV in the paper]
Ransomware Revenue


7.7 mio $


6.6 mio $


1.8 mio $


69 000 $


100 000 $

Paper: “Tracking ransomware end-to-end” by Danny Yuxing Huang, Maxwell Matthaios Aliapoulios, Vector Guo Li, Luca Invernizzi, Elie Bursztein, Kylie McRoberts, Jonathan Levin, Kirill Levchenko, Alex C Snoeren, Damon McCoy (published on 2018-05-20 after peer review in IEEE SP 2018)

Elektronische Beweisführung

This talk was in German, took 40 minutes and consisted of two parts.

  • Daniella Domokus discusses requirements for documents to make them applicable in court. This covers screenshots, email, or electronic documents. Of course, this is specific to German law. E.g. she pointed out that “electronic document” does not have any determined definition. This part was law-oriented.

  • Annitiralu focused on screenshots. She points out that designated tools like fakedetail.com and fakewhats.com exist to create fake messages. To improve legitimacy of screenshots, several approaches can be recommended. The main approach is to replicate the screenshot. For example, other witnesses, lawyers, or even the maintainers of the platform should take the same screenshot to convince the judge. However, questions regarding (e.g.) “the right to forget” emerge. Blockchains are another possibility, but requires technical expertise to reason about reliability.

All Programming Languages suck? Just build your own! Language-Oriented Programming with Racket

Mike Sperber shows in this tutorial talk how to build a BASIC-like programming language in Racket, a LISP dialect based on Scheme. He put the tutorial source code’s online. Somehow, talks in ChaosZone TV are not shown in the pretalx schedule. Thus, there is no link, but the talk was announced in the schedule shown on the streaming platform (streaming.media.ccc.de).

It was interesting to see his train of thought. It was also interesting to see a LISP in action. His talk was the first one, where I experienced the advantage of pre-recorded talks: During the talk, I asked questions I had and gave feedback. And I got a reply immediately. Overall, it would be interesting to get more details about the concepts involved (e.g. phases), but as pointed out the talk was constrained by the allotted time. Overall, it was very neat to see some programming in action and the tutorial was well-designed and self-contained. Well done!

Type theory and meaning in linguistics (media.ccc.de)

daherb gives a broad overview over type theory and its relation to linguistics in this talk. First he started with distinguishing syntax, semantics, and pragmatics. Whereas syntax is “about drawing trees” and people are great on this, semantics is a field not approached at all in the past. Pragmatics is illustrated in a tweet by Gary:

A: Your greatest weakness? B: Interpreting semantics of a question but ignoring the pragmatics A: Could you give an example? B: Yes, I could

He reiterates on the question of meaning with example sentences. “John is searching for a unicorn” might have some meaning in some context, but the non-existence of unicorn makes it a pointless sentence. He concludes that meaning is a philosophical problem. He proceeds with giving examples how knowledge is derived from an existing knowledge base (i.e. implications) (one example is from the FraCaS test suite).

Computational linguistic is splitting deriving meaning into “formal approaches” (Truth-conditional, Proof-theoretic, …) and “statistical approaches” (Vector space, Language models, …) and others. daherb points out that he likes formal approaches more. He puts the title of the talk in focus again and revisits history:

Alonzo Church and Richard Montague are presented as representatives for simply typed languages. Montague voiced in 1970, “There is in my opinion no important theoretical difference between natural languages and the artifical languages of logicians; indeed I consider it possible to comprehend the syntax and semantics of both kinds of languages with a single natural and mathematically precise theory”, daherb gives an example for a simply-typed language:

  • e is a type

  • t is a type

  • if α and β are types, <α, β> is a type

  • nothing else is a type

Applying this concept to intransitive verbs gives <e, t> as semantic type whereas transitive verbs should be represented as <e, <e, t>>. One example of a property is sleep whereas love is a relation. Montague’s theory was then extended with compositionality attributed to Young Frege. Compositionality essentially allows to destruct a sentence into its components.

Then lambda calculus is revisited. Lambda expressions are introduced to convert a formula like x^2 + 2x into a function mapping ℕ → ℕ written as λx. x^2 + 2x. This somewhat reminds me of the difference between polynomials and polynomial functions in mathematics. An improvement over this concept is Modern Type Theory (MTT, previously Martin-Löf Type Theory) developed by Per Martin-Löf and Aarne Ranta. Then the problem of subtyping emerges requiring some ontology. At this point, he closed his talk.

In general, it was a quite good talk summing up academic developments in type theory. It seemed a little bit abrupt; I would have loved to see some results of research in this field. In the Q&A, daherb admits that there is no sufficiently large type system to reason about English text and current research in this field is focusing on statistical models to learn knowledge from large corpora. And furthermore, he admits that even though people are good at drawing trees, the layout depends on how much effort you want to put into the details.

  • ccg2lambda: composing semantic representations guided by CCG derivations

  • GPT-2: Code for the paper "Language Models are Unsupervised Multitask Learners"

Proof assistants:

Exposure Notification Security

Interestingly, this talk from Room One does not have a pretalx link either. Jiska is an expert on wireless communication and discusses the notification technology to support Corona virus tracing.

First she justified how Bluetooth Low Energy (BLE) is the best technology available for this job. Followingly, she illustrates that old bluetooth stacks and outdated devices are at much higher risk than devices exposed to Bluetooth worms. This is intuitive that spreading can only happen in close proximity to a compromised device. Essentially, she points out that there is no increase in attack risk with using the exposure framework compared to enabled bluetooth. Any app not using the exposure framework is using active connections which is putting the user on more risk. She also defined the centralized approach as “contact tracing” whereas the decentralized approach is called “exposure notification”. She summed up attacks on Exposure Notifications including the time machine attack (idea: spoof time; difficult to implement because you would screw up TLS as well), the wormhole attack (idea: replay exposure notifications at another place; does not scale and does not compromise system because no uninfected person is declared as infected) and identity tracking attack (idea: deploy devices everywhere and then you can track the movement of users; does not scale at all and very expensive).

Introduction to WikiData

This talk by Mohammed Sadat Abdulai and Lèa Lacroix introduces listeners to WikiData (at WikiPaka, no pretalx link). It shows the relation of WikiData to other Wiki projects and illustrates how data is structured. For example, translations of entities are added with special keys per language key. Furthermore bots contribute to the project by automating work.

LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection

Michael Schwarz and Jo Van Bulck explain Load Value Injection, which is the logical next step after Meltdown and Spectre. You poison the microarchitectural processor buffer. Then a faulting load is induced in the victim program which injected into code gadgets following the faulting load in the victim program. Then side channels may leave secret-dependent traces before a rollback by the processor happens. As countermeasure the introduction of LFENCE after every faulting load is presented. In the Q&A, Jo answered that AMD/ARM might be interesting future targets for such attacks, but by experience Intel architectures are more susceptible to such attacks.

The talk was done in the style, we are used by Daniel Gruss. Dramatic music was played during the talk, many scenes in the settings of a movie were played and many questions were asked by the other speaker to introduce the next talk element.

Adopting the Noise Key Exchange in Tox

Tobias Buchberger talks about his master thesis on Tox. Tox is a P2P messenger protocol and tox-core is the FOSS library implementation.

Tox uses the NaCl library by Daniel Bernstein. When negotiating a key for communication between parties, the elliptic-curve variant of the Diffie-Hellman exchange (ECDH) is used. Tobias described an attack which can be extended to a Man-In-The-Middle attack. He concludes an “overall a complete redesign of the toxcore library is necessary”. Trevor Perrin created a Noise protocol and Tobias looked at the Noise KK patterns first, but had to switch to Noise IK later on. The first implementation used the ChaCha20-Poly1305 cipher during the handshake and also for encryption duringthe transport phase. But this approach cannot handle UDP packets and thus they switched to ChaCha20-Poly1305 during the handshake and XSalsa20-Poly1305 for transport phase encryption which also works with packet loss.

The speaker focused on implementation attacks (e.g. the UDP issues), but IMHO the speaker should have elaborated on the handshake and attack details, because I think few listeners are familiar with Tox internals. chaosUser made the funny joke in IRC whether there is a Covid19-friendly alternative to Tox handshakes.

Hacking German elections

I came to this talk by 30 minutes late. They illustrated how an open port was used to upload a DLL to enable arbitrary remote code execution. Even though the company communicated professionally, the proposed fix to only apply the software in secure networks is insufficient.

Update 2021-04-03: Johannes Obermaier and Tobias Madl are security researchers. They cover the 2020 municipal elections in Bavaria. The voting system seems quite complex and therefore the election body gets supported by some closed-source software called OK.Vote (claimed to have a market share of 75%). In 2009, the use of voting computers in 2005 Bundestag election was ruled unconstitutional. However, this does not apply to municipal elections. Johanns explains that security requirements were certainly not met because he spotted a Windows XP computer spotted in the election room. As it turns out, they were taken from the local elementary school without reevaluating its security.

They revise the software architecture which consists of an Apache Tomcat, MariaDB, and Firefox portable. The first problem, they spotted is that reopening elections is possible without administrator access. This means that anyone can wipe the election data. They continued to look at XSS attacks. They showed a PoC which modified the username and submitted manipulated votes. They continued with other security aspects such as DB security where they retrieved the “trivially encrypted” password from the .class files. Then they described the DLL attack to achieve Remote Code Execution. Their conclusion is:

  • This is just the tip of the iceberg

  • Specific legal guidelines for election software required

  • The public must know about this

  • Software should be available for unbiased tests

In the end, I think their research is thorough and well done, but it was also a bit lurid. Also their English has quite some German accent, which made it more difficult to follow for me.


In the end, I concluded that there were many technical issues which got fixed step-by-step. Thus I expect the conference to progress smoother tomorrow. As far as talks are concerned, the quality was mid-ranged. Recommendations of the day?