Daily Shaarli

All links of one day in a single page.

December 29, 2024

Ultrawide archaeology on Android native libraries - Luca Di Bartolomeo & Rokhaya Fall - 38th Chaos Communication Congress (38C3)

A bug in a scraper script led to us downloading every single native library in every single Android app ever published in any market (~8 million apps).
Instead of deleting this massive dataset and starting again, we foolishly decided to run some binary similarity algos to check if libraries and outdated and still vulnerable to old CVEs. No one told us we were opening Pandora's box.
A tragic story of scraping, IP-banning circumvention, love/hate relationships with machine learning, binary similarity party tricks, and an infinite sea of vulnerabilities.

Dialing into the Past: RCE via the Fax Machine – Because Why Not? - Rick de Jager & Carlo Meijer - 38th Chaos Communication Congress (38C3)

Remember the days when faxes were the pinnacle of office tech, and the sound of a paper getting pulled in was as satisfying as a fresh cup of coffee? Well, it's time to dust off those memories and reintroduce ourselves to the quirky world of printers and their forgotten fax interfaces – yes, those relics that make us all feel like we're in an '80ies sci-fi movie – and specifically, how they can unlock a new frontier in printer security exploits!

We've not been trained for this: life after the Newag DRM disclosure - Redford, q3k and MrTick - 38th Chaos Communication Congress (38C3)
thumbnail

You've probably already heard the story: we got contracted to analyze a bunch of trains breaking down after being serviced by independent workshops. We reverse engineered them and found code which simulated failures when they detected servicing attempts. We presented our findings at 37C3… and then shit hit the fan.