Software and Infrastructure
Semestertickets ohne Überwachung - how I reverse engineered your public transport app
Digital tickets from traffic associations are often stuck inside their proprietary walled garden apps. But the neat thing about digital tickets, is that the barcode can be shown anywhere, and still be valid. This talk documents my efforts to reverse engineer various traffic association's apps, and my work on [Zügli](https://zügli.app) to make tickets without tracking available to all.
Semestertickets are great - travel throughout Germany included in your University fees. Unfortunately, many Universities have partnered with traffic associations that require you to use their app to access your ticket. These apps are full of tracking, advertising, and don't always have the best security practices. Not to mention that they only work inside Google or Apple's proprietary walled gardens - there's no way to get these apps to work on Huawei phones, or without handing over your data to Google through their Play Services.
The neat thing about digital tickets though, is that it doesn't matter how it's displayed. As long as the ticket controller can read the barcode on your ticket, you have a valid ticket. A ticket on a piece of paper would be equally valid, and secure - however these are forbidden for political reasons. Therefore, the ticket must be shown on a digital device of some kind, but it need not be the app of the company or association that issued it. There exist many free, open source, and privacy respecting apps that support displaying the de facto industry standard PKPass files for digital tickets. One merely has to get their ticket into such a format.
The apps of the respective traffic associations, by their nature, must download the ticket to the device somehow. So, what's to stop us from doing the same, only outwith the app? Absolutely nothing! This talk documents the process of reverse engineering several traffic associations' apps, how some of them try to frustrate this, how some of them make careless security mistakes, and how you can free your transport tickets from proprietary apps with [Zügli](https://zügli.app).
Additional information
| Live Stream | https://streaming.media.ccc.de/gpn23/kubus |
|---|---|
| Type | Vortrag |
| Language | English |
More sessions
| 6/19/25 |
Viele Dateiformate sind in Blöcke ("chunks") aufgeteilt, welche oft mit Prüfsummen geschützt sind. Dies stellt eine Herausforderung beim Reverse Engineering von unbekannten Dateiformaten dar, da man oft nicht weißt, welche der vielen Arten von Prüfsumme verwendet wurde. Mit etwas Mathematik lassen sich die Prüfsummenvarianten herausfinden und zum eigenen Vorteil nutzen, um automatisch die Blöcke im Dateiformat zu ermitteln.
|
| 6/19/25 |
Kompressionsalgorithmen sind an vielen Stellen gewinnbringend einsetzbar. Aber angesichts der Flut an möglichen Algorithmen den passenden auszuwählen, ist gar nicht so einfach. Und überhaupt, was ist eigentlich der beste Kompressionsalgorithmus? Wir nehmen das zum Anlass, uns an diesem Beispiel das Konzept der Paretooptimalität anzuschauen, das auch in anderen Kontexten überaus nützlich ist. Und natürlich den besten Kompressionsalgorithmus zu finden.
|
| 6/19/25 |
Does this sound familiar? Your friends/club/family/open source project/hackspace use this blasted Matrix to chat, but you're just not getting comfortable with it. In this workshop, we try out the range of available Matrix clients and find the best one for you. We will also try to answer as many questions about using Matrix, as we can. Kennst du folgende Situation? Deine Freunde/Verein/Familie/Open Source Projekt/Hackspace nutzen dieses vermaledeite Matrix zum Chatten, aber du wirst damit einfach ...
|
| 6/19/25 |
For people who are currently running or are considering to run Tor relay nodes. Let's meet and share experiences, say hi to each other, and have an open discussion about topics related to Tor relay operations. Everybody is welcome.
|
| 6/19/25 |
Lizenz- und Quellenverwaltung in Open-Source-Projekten ist oft unvollständig, insbesondere wenn viele Abhängigkeiten bestehen. Wo kommt nochmal das Icon-Set her und welche Lizenz hatte es? Kann ein anderes Projekt einfach feststellen, unter welcher Lizenz eine spezielle Datei meines Projekts steht? Das [REUSE-Projekt](https://reuse.software/) der Free Software Foundation Europe (FSFE) schafft Abhilfe - ohne viel Bürokratie. Es findet daher unter anderem auch bei der Linux Kernel-Entwicklung ...
|
| 6/20/25 |
Pro Tag werden ca. 200 PRs bei nixpkgs eingereicht. Wir werden herausfinden, wie das Projekt damit umgeht und verschiedene statistische Muster entdecken.
|
| 6/20/25 |
Did you always want to know how immensely detailed 3D graphics make it to your screen in real-time (e.g. in video games)? Are you curious about how the underlying hardware is used to enable this? This talk will cover the basics of (realtime) 3D rendering, including some of the underlying math. It will touch on a lot of the tricks used to add more and more visual fidelity to scenes while keeping them still quick to render. Additionally, there will be a brief overview of the specifics of graphics ...
|
