0:00:18.760,0:00:20.380
*Wikipaka Intro Musik*

0:00:20.380,0:00:29.390
Herald: Welcome to the next talk about[br]free substitution for schools. Yeah. By…

0:00:29.390,0:00:36.200
if it was done by Fynn […]. Thank you, for[br]the translators for translating into

0:00:36.200,0:00:40.980
German. Let's start.

0:00:40.980,0:00:47.970
Fynn: In general, as you know, teachers[br]can't always teach as planned, so students

0:00:47.970,0:00:54.199
need to be informed when their lessons are[br]moved in time or space or both, or don't

0:00:54.199,0:00:59.930
take place as they should, or they have a[br]different teacher. All that. And for that,

0:00:59.930,0:01:05.260
schools create a substitution plan.[br]There's software for that. For example,

0:01:05.260,0:01:09.430
Untis. And these substitution plans need[br]to be distributed. And in Germany, a lot

0:01:09.430,0:01:16.710
of schools use Digitales Schwarzes Brett[br]or Digital Signage Board or DSB for that.

0:01:16.710,0:01:23.280
And it works like this. Um. Oh, yeah. And[br]it works like this that the school uploads

0:01:23.280,0:01:30.500
the plan. Pupils can read this[br]substitution plan on these DSB screens, on

0:01:30.500,0:01:36.140
their mobile devices using the client[br]software developed by Heinekingmedia and

0:01:36.140,0:01:41.960
using the website, once they have the[br]credentials that they acquired from their

0:01:41.960,0:01:46.670
school. It's one pair of username and[br]password for all pupils and one for all

0:01:46.670,0:01:55.840
teachers. Well. And this costs money,[br]schools buy way to expensive screens from

0:01:55.840,0:02:01.920
Heinekingmedia. And then the schools pay[br]extra for this, uh, fantastic web

0:02:01.920,0:02:07.300
interface here where you can sign in and[br]view your substitution plans. You can also

0:02:07.300,0:02:14.530
use this mobile app. It's not really good,[br]though, as I will explain. Um, this is

0:02:14.530,0:02:21.310
what it looks like. Things are tiny, as[br]you can see. It's obviously proprietary

0:02:21.310,0:02:27.450
software. It depends on Google Play[br]services. You need to zoom around. You

0:02:27.450,0:02:31.790
need to scroll around to see all the[br]information because it's so tiny. So this

0:02:31.790,0:02:39.209
is super suboptimal. Um, I don't even know[br]why this is so small. If you look it up on

0:02:39.209,0:02:44.629
a Web browser, it zooms fine when you have[br]a small device. And I really don't know

0:02:44.629,0:02:50.910
how that… screwed up like that. It has[br]useless push notifications like new

0:02:50.910,0:02:55.439
content available. It's not not useful.[br]And you have to click at least one time

0:02:55.439,0:03:00.370
too much all the time. And due to these[br]issues, I always wanted something that is

0:03:00.370,0:03:06.480
better than DSB mobile. So I began[br]capturing DSB mobiles network traffic.

0:03:06.480,0:03:13.180
Surprisingly, in Android, this is really[br]easy. Um, you can use user friendly

0:03:13.180,0:03:20.090
software like HTTPCanary, which is this[br]one, or packet capture, which is this one.

0:03:20.090,0:03:25.159
It's unfortunately proprietary, but I[br]don't know any non-proprietary software

0:03:25.159,0:03:32.930
for this is. If you know any, please tell[br]me. Um, it acts like a VPN provider app

0:03:32.930,0:03:38.749
and proxies all the traffic that is going[br]out, uh, through it; installs a

0:03:38.749,0:03:43.380
certificate in your system so that apps[br]still think that the net…work connection

0:03:43.380,0:03:49.790
is secure, and then this app will decrypt[br]and store and re-encrypt all the traffic

0:03:49.790,0:03:54.659
that is going out and in. And so you can[br]read it, then. Uh, this is essentially

0:03:54.659,0:04:01.659
like a attacker-in-the-middle attack that[br]you're doing yourself on your own network

0:04:01.659,0:04:07.489
traffic. Uh, yeah, except on recent[br]Android versions. Apparently Android

0:04:07.489,0:04:12.769
doesn't trust certificates that you[br]install, anymore. So you actually now have

0:04:12.769,0:04:20.799
to have root access to move them to this[br]location /systems/etc/security/cacerts so

0:04:20.799,0:04:25.430
that they are ultimately trusted. And that[br]is unfortunate because it makes it a

0:04:25.430,0:04:33.020
little more difficult. But in all our[br]Android versions, it works really easy.

0:04:33.020,0:04:41.350
Um, with more effort, this capturing of[br]network traffic can be circumvented by

0:04:41.350,0:04:46.580
implementing a kind of certificate[br]pinnings so that the app checks beforehand

0:04:46.580,0:04:50.630
which certificates it trusts, and which it[br]doesn't. With more effort, such a

0:04:50.630,0:04:57.350
prevention could also be circumvented. Uh,[br]but DSB Mobile didn't have that, so I

0:04:57.350,0:05:03.620
could figure out how this end point works.[br]As you can see, it's called the iPhone

0:05:03.620,0:05:14.250
Service. On Android. Using your user ID[br]and password, you can request an auth

0:05:14.250,0:05:20.690
token. It has the form of this. Actually,[br]that's what it looks like when you have

0:05:20.690,0:05:25.980
invalid credentials. So if it returns[br]this, then your credentials are not valid.

0:05:25.980,0:05:35.150
It never changes. So I don't know what the[br]use of this token is. Um, however, DSB

0:05:35.150,0:05:43.340
Mobile never stored it, even though it's[br]the same all the time. So it took one

0:05:43.340,0:05:49.590
extra round trip time, every log in to[br]fetch this, never changing auth token.

0:05:49.590,0:05:56.410
Using this auth token, you can request[br]your substitution plan URL, and then once

0:05:56.410,0:06:02.830
you have this substitution plan URL, you[br]can access your substitution plan. OK, so

0:06:02.830,0:06:08.230
using this knowledge, I developed a client[br]that allows me to directly have access to

0:06:08.230,0:06:13.270
just the relevant information and I call[br]it DSBDirect. Uh, the very first thing it

0:06:13.270,0:06:19.770
did better than DSBmobile is that it[br]display things not as tiny. This is a kind

0:06:19.770,0:06:26.180
of old screenshot as you can see. These[br]HTML files here can be parsed using a

0:06:26.180,0:06:36.210
parser and such that, uh, you can filter[br]it, you can, um, have useful notifications

0:06:36.210,0:06:44.510
that I added later on. This is a native[br]list, not a web view. So it has… it feels

0:06:44.510,0:06:54.440
better. And uh, yeah, of course it's not[br]proprietary but Free Software. Uh yeah.

0:06:54.440,0:07:02.420
Oh, by the way, this logo, it's supposed[br]to represent my school's logo. Uh, this

0:07:02.420,0:07:08.830
one. Hmm. Please don't tell me I did, too[br]bad. OK? At least it's different from the

0:07:08.830,0:07:15.310
DSB mobile logo. This endpoint is fun in[br]other regards. The first time I

0:07:15.310,0:07:19.840
encountered it, it allowed completely[br]unencrypted connections, and the website

0:07:19.840,0:07:27.500
did not redirect users to HTTPS. So[br]actually you'd most of the time input your

0:07:27.500,0:07:34.990
username and password and transmit it[br]unsecurely. It supported up to TLS version

0:07:34.990,0:07:42.230
1.0, which is obsolete. It supported[br]SSLv2, which enables a DROWN attack, which

0:07:42.230,0:07:47.860
I didn't quite understand. But apparently[br]those aren't very likely to be exploited

0:07:47.860,0:07:53.630
here. But it could allow attackers to read[br]your traffic. I informed the company about

0:07:53.630,0:07:59.110
this on August 11th. And I believe this is[br]when I introduced the "not my fault

0:07:59.110,0:08:05.820
grumble" tag in the issue tracker…[br]tracker. They were happy to be informed

0:08:05.820,0:08:17.550
about this. On August 22nd, they enabled[br]TLS version 1.2, disabled SSLv2, er, still

0:08:17.550,0:08:23.020
allowed insecure connections. And I also[br]noticed that they embedded fonts from

0:08:23.020,0:08:29.560
Google and this is obviously bad for[br]privacy. So I told them about that. Uh,

0:08:29.560,0:08:37.260
Twice. September 19th, the iPhone service[br]404s if the connection is insecure.

0:08:37.260,0:08:43.860
Although Google fonts are still embedded.[br]Anyhow, it's October 4th that the iPhone

0:08:43.860,0:08:54.240
service is shut down. So I start focusing[br]on the new endpoint that apparently the

0:08:54.240,0:09:01.050
DSB apps have been using for a while, but[br]I didn't notice that. Uh, so I had to

0:09:01.050,0:09:11.290
figure out how this data format works. It[br]looks like this. So you can see it has a

0:09:11.290,0:09:22.870
JSON body usi– which has a request, which[br]is an object that has data, which is a

0:09:22.870,0:09:29.170
string. So I wanted to figure out how to[br]read this. It looks like base64 when I'm

0:09:29.170,0:09:36.310
escaping these slashes, of course, because[br]it's quoted in JSON. Um, however, decoding

0:09:36.310,0:09:41.550
this JSON string here did not, er, this[br]base64 string did not deliver a nice

0:09:41.550,0:09:49.270
result. Uh, so I had to look for clues by[br]decompiling the app. There are online

0:09:49.270,0:09:55.110
tools for that. Unfortunately, the app was[br]minified or… which is obfuscated during

0:09:55.110,0:10:00.630
compile time, which made the results not[br]very readable, which means that once you

0:10:00.630,0:10:05.400
have it decompiled, you will have, the[br]first function that appears is "A", and

0:10:05.400,0:10:09.860
the second one is "B" or something.[br]Fortunately, I don't remember how exactly

0:10:09.860,0:10:15.190
I did that. So instead we're going to have[br]to look at whether this was legal or not.

0:10:15.190,0:10:25.680
Because that's interesting, too, because I[br]think it is. Let's look at § 69e UrhG,

0:10:25.680,0:10:30.340
copyright law, Urheberrechtsgesetz,[br]"Dekompilierung". "Die Zustimmung des

0:10:30.340,0:10:36.520
Rechteinhabers ist nicht erforderlich,[br]wenn die," und hier steht "Verviefältigung

0:10:36.520,0:10:41.230
des Codes oder die Übersetzung der[br]Codeform im Sinne der in § 69c Nr. 1 und

0:10:41.230,0:10:44.050
2.," gemeint ist Dekompilierung,[br]"unerlässlich ist, um die erforderlichen

0:10:44.050,0:10:46.260
Informationen zur Herstellung der[br]Interoperabilität eines unabhängig

0:10:46.260,0:10:50.260
geschaffenen Computerprogramms mit anderen[br]Programmen zu erhalten, sofern folgende

0:10:50.260,0:10:54.940
Bestimmungen erfüllt sind." So. It says[br]you may decompile without permission when

0:10:54.940,0:10:59.790
it is strictly necessary while trying to[br]create interoperability between two

0:10:59.790,0:11:06.570
programs created independently from each[br]other. Under these conditions. And here

0:11:06.570,0:11:12.270
are three conditions. Um, "Die Handlungen[br]werden von dem Lizenznehmer oder einer

0:11:12.270,0:11:14.930
anderen zur Verwendung eines[br]Vervielfältigungsstückes des Programms

0:11:14.930,0:11:18.870
berechtigten Person oder in deren Namen[br]von einer hierzu ermächtigten Person

0:11:18.870,0:11:23.060
vorgenommen". It says, you must have[br]permission to use the program. Hey, I

0:11:23.060,0:11:27.050
think I'm allowed to use the program. I'm[br]assuming I am. My school paid for it.

0:11:27.050,0:11:30.940
Second, "die für die Herstellung der[br]Interoperabilität notwendigen

0:11:30.940,0:11:36.440
Informationen sind für die in Nummer 1[br]genannten Personen noch nicht ohne

0:11:36.440,0:11:39.480
weiteres zugänglich gemacht". So the[br]information you want to know is not

0:11:39.480,0:11:44.670
already provided. Oh yeah. Actually[br]Heinekingmedia didn't document this

0:11:44.670,0:11:48.750
obviously. So yeah. This[br]*indistinguishable*. Third, "Die

0:11:48.750,0:11:53.540
Handlungen beschränken sich auf die Teile[br]des ursprünglichen Programms, die zur

0:11:53.540,0:11:56.980
Herstellung der Interoperabilität[br]notewndig sind". So you're only planning

0:11:56.980,0:12:03.180
the part that contains the information you[br]want to know. Uh, yeah. I don't think this

0:12:03.180,0:12:10.649
Android app is divided into parts. So[br]let's just, let's just skip that. The law

0:12:10.649,0:12:14.390
text goes on stating three things you may[br]not do with the information you gain from

0:12:14.390,0:12:19.410
decompiling. "Bei Handlungen nach Abs. 1[br]gewonnene Informatione dürfen nicht zu

0:12:19.410,0:12:23.520
anderen Zwecken als zur Herstellung der[br]Interoperabilität des unabhängig

0:12:23.520,0:12:27.390
geschaffenen Programmes verwendet werden."[br]So don't use it for other purposes than

0:12:27.390,0:12:31.220
creating interoperability,[br]interoperability with the independently

0:12:31.220,0:12:37.110
created program. Oh yeah, of course. I[br]never did use my knowledge for any other

0:12:37.110,0:12:44.980
reasons. Never. "…an Dritte weitergegeben[br]werden, es sei denn, das dies für die

0:12:44.980,0:12:50.220
Interoperabilität des unabhängig[br]geschaffenen Programms notwendig ist". So

0:12:50.220,0:12:54.600
don't tell third parties about the[br]information unless necessary for

0:12:54.600,0:13:01.339
interoperability. Oh, yes, my Free[br]Software implementation couldn't be

0:13:01.339,0:13:06.860
interoperable if the information wasn't[br]public. Unless it was Non-Free Software,

0:13:06.860,0:13:10.970
which is not obviously. "Für die[br]Entwicklung, Herstellung oder Vermarktung

0:13:10.970,0:13:15.430
eines Programms mit im Wesentlichen[br]ähnlicher Ausdrucksform oder für

0:13:15.430,0:13:19.880
irgendwelche anderen das Urheberrecht[br]verletzenden Handlungen verwendet werden".

0:13:19.880,0:13:25.550
So don't violate the rest of the copyright[br]law. Of course, we're not. Surely,

0:13:25.550,0:13:29.440
creating an alternative to something, on[br]its own, doesn't violate copyright law.

0:13:29.440,0:13:36.649
Right? So yeah, after doing it, I[br]discovered that I did so legally. So I

0:13:36.649,0:13:41.320
found a usage of some class related to[br]gzip. So I tried around a bit and figured

0:13:41.320,0:13:50.510
you could use this command to decrypt this[br]string. And guess what it is? It's more

0:13:50.510,0:13:57.180
JSON! What an efficient data format.[br]You're hiding our encoded JSON inside more

0:13:57.180,0:14:03.480
JSON. Let's look at the data we are[br]sending. Of course, we have a user ID and

0:14:03.480,0:14:09.730
a pass. Besides that we have a lot of[br]data, apparently for statistics. You have

0:14:09.730,0:14:17.200
the app's version, you have the package[br]ID, the device model, the Android version

0:14:17.200,0:14:22.570
and API level, the user's language and the[br]current date. I don't know why you have

0:14:22.570,0:14:28.140
the date. I think they know the date that[br]the query arrives at, but, ya, you have

0:14:28.140,0:14:35.010
that anyway. You have a… oh sorry, some of[br]this is redundant from the request header

0:14:35.010,0:14:44.590
or user agent that is already sent. I[br]don't know why they do that twice. Um, you

0:14:44.590,0:14:48.670
have App ID, which is a unique-per-[br]installation ID, which I at first didn't

0:14:48.670,0:14:54.370
know how to generate. And you push ID,[br]which is, I'm assuming, an ID generated by

0:14:54.370,0:14:58.780
Google Mobile Services now known as Google[br]Play Services to enable push

0:14:58.780,0:15:05.080
notifications. So it becomes obvious that[br]they're able to link requests together and

0:15:05.080,0:15:10.180
possibly create usage patterns. What are[br]they doing with this data? No clue!

0:15:10.180,0:15:17.460
There's no privacy policy anywhere. Which[br]of these fields are required? All of them,

0:15:17.460,0:15:23.270
but push ID. But most strings can be left[br]empty. So DSBdirect sent the minimal

0:15:23.270,0:15:30.910
amount of requested data, which is[br]everything but with empty strings. And

0:15:30.910,0:15:39.660
yeah, actually guess what, this server[br]allows insecure connections again. So, uh,

0:15:39.660,0:15:51.670
something happened. Um. On some date, the[br]server side verification of this query was

0:15:51.670,0:15:57.970
changed and the field AppVersion suddenly[br]became mandatory. I ran some experiments

0:15:57.970,0:16:03.230
and found examples of valid and invalid[br]version names. These are examples of valid

0:16:03.230,0:16:09.850
version names. These are examples of[br]invalid version names. Finally,

0:16:09.850,0:16:14.649
AppVersions that aren't real versions of[br]Heinekingmedia's apps are accepted anyhow,

0:16:14.649,0:16:28.029
like version 7.0.0. We're only at version[br]2.5.… I don't remember, 6, I think. So,

0:16:28.029,0:16:33.760
DSBlight started sending along some[br]AppVersion… its own actually, which was

0:16:33.760,0:16:40.880
2.5, and the same as an older DSBmobile[br]release. And because I thought maybe

0:16:40.880,0:16:46.720
they'd have more server side changes in[br]the future, I implemented a new system. It

0:16:46.720,0:16:52.350
was to prevent server side changes from[br]requiring an update because that would

0:16:52.350,0:16:57.100
mean I have to write change logs because[br]after it releases are slow because the one

0:16:57.100,0:17:03.130
who was uploading it to Google Play for me[br]also always took a while. And because of

0:17:03.130,0:17:07.730
that, there was now a "look for a fix"[br]button that creates the news file, which

0:17:07.730,0:17:12.850
is located at the repository's root, which[br]allows me to inform users when they can

0:17:12.850,0:17:19.730
expect a fix. It allows me to change this[br]base JSON, that credentials are appended

0:17:19.730,0:17:26.020
to which is this without the user ID and[br]user password. So they're added to this

0:17:26.020,0:17:35.970
JSON later. And… in case they checked that[br]I added an option to send the real date. I

0:17:35.970,0:17:42.100
thought maybe that's what they would do[br]next. They never did that, unfortunately.

0:17:42.100,0:17:48.760
This was the same release as the one with[br]the version number fix, this one. Uh, we

0:17:48.760,0:17:55.220
have good news elsewhere, though. It was[br]the same day, October 15th, that I

0:17:55.220,0:18:02.000
received an email that app.dsbcontrol.de[br]was no longer accessible on Port 80 and

0:18:02.000,0:18:08.030
that Google fonts were now being loaded[br]locally. This e-mail contained no usual

0:18:08.030,0:18:11.520
"bei Rückfragen können Sie sich gerne[br]direkt an mich wenden", unfortunately,

0:18:11.520,0:18:17.370
maybe they didn't want to hear from me[br]anymore. I couldn't verify this at first.

0:18:17.370,0:18:23.290
Uh, October 16th, I could verify this. So[br]a friend noted that they have slow deploy

0:18:23.290,0:18:29.480
times, apparently. Uh, round 3, it's[br]October 17th, and we're getting an invalid

0:18:29.480,0:18:38.670
answer from the server again. And now the[br]App ID has to be set to a UUID and last ID

0:18:38.670,0:18:46.360
has to be set to something. It can't be[br]empty. So we are now sending

0:18:46.360,0:18:55.030
"zurfrühstückszeit". I wasn't aware of how[br]to generate App IDs yet, so I just took

0:18:55.030,0:19:00.080
the one that I had captured from my[br]device. Contributor Pixilon and me learned

0:19:00.080,0:19:04.010
this through trial and error. I thought it[br]was very bothersome because the service

0:19:04.010,0:19:10.390
sometimes accepted and sometimes rejected[br]the very same query. Uh, so this slow

0:19:10.390,0:19:15.510
update cycle we noticed earlier turned out[br]to be really bothersome and frustrating

0:19:15.510,0:19:19.090
because you'd, you try something and then[br]it would work and then you'd remove it

0:19:19.090,0:19:21.760
again and that wouldn't work anymore. And[br]then you thought this was the cause for

0:19:21.760,0:19:30.230
it… actually was just the slow release,[br]deploy cycle. Um, likely, or maybe, they

0:19:30.230,0:19:35.160
had just banned this app ID at this point[br]in time, but I didn't realize, I'm not

0:19:35.160,0:19:39.950
sure. Rather, I believe the server was[br]generally are struggling and rejecting log

0:19:39.950,0:19:45.240
ins because my DSBmobile installation,[br]with this app ID, was also sometimes

0:19:45.240,0:19:53.370
rejected. *incomprehensible*. They seem to[br]have reverted some of these changes later,

0:19:53.370,0:19:57.520
which reaffirmed my belief that all[br]DSBmobile installations were affected.

0:19:57.520,0:20:04.250
Contributor Pixelon figured that device[br]was now mandatory, which meant not empty.

0:20:04.250,0:20:11.560
So we sent device "a". I remembered to[br]have at some point in time sent the words

0:20:11.560,0:20:16.990
"kartoffel" or "poster" as a device[br]eventually. Now, I thought we were smart.

0:20:16.990,0:20:22.370
I added new functionality to this new[br]system I explained earlier. Firstly, as a

0:20:22.370,0:20:28.290
precaution, I could remotely activate[br]sending the last date, in case that, I

0:20:28.290,0:20:33.730
mean remotely means that it happens when[br]users click on "Look for a fix". Secondly,

0:20:33.730,0:20:38.540
I could now set an array of headers to[br]send to the server. And thirdly, we had

0:20:38.540,0:20:43.590
discovered some alternative endpoints. To[br]understand this, you first have to know

0:20:43.590,0:20:49.760
that they have sold skinned versions of[br]DSB. Uh, so this is the normal DSBmobile.

0:20:49.760,0:20:56.679
I showed it earlier already. This is the[br]IHK skinned DSBmobile. It's accessible via

0:20:56.679,0:21:03.370
two URLs, that delivers the same data as[br]this website. Uh, it also has a

0:21:03.370,0:21:12.910
corresponding skinned Android app. So I[br]configured… so I could configure the

0:21:12.910,0:21:18.460
endpoint the client would send the data to[br]because each of these had a different

0:21:18.460,0:21:30.600
endpoint and this app used one of these[br]two. However, this was tricky because I

0:21:30.600,0:21:37.919
had to prevent myself from giving myself[br]the power to redirect users' queries to my

0:21:37.919,0:21:44.780
own server, so I hardcoded four URL[br]endpoints… endpoint URLs, mobile, web, IHK

0:21:44.780,0:21:52.200
mobile and app IHK BB into the app so I[br]could switch between them using an integer

0:21:52.200,0:21:58.799
and I set it to the IHK mobile endpoint. I[br]believe it was the very next day that IHK

0:21:58.799,0:22:04.630
mobile and and app IHK BB endpoints were[br]broken. Actually, they returned invalid

0:22:04.630,0:22:14.059
data in a way that crashed my app. Oops.[br]And suddenly the web endpoint from the

0:22:14.059,0:22:19.270
normal website was constantly moving to[br]new locations and there was a

0:22:19.270,0:22:25.900
configuration.js script that contained[br]where it was, so I hard coded into the app

0:22:25.900,0:22:31.370
as a precaution in case I'd need it later[br]a very specific way to to find this

0:22:31.370,0:22:36.470
location. And it was like behind this[br]seventh quotation mark or something.

0:22:36.470,0:22:40.320
Clearly unreliable, and suddenly the[br]string was moved a line downloads, so it

0:22:40.320,0:22:48.490
was now the ninth quotation mark.[br]Interesting. Um, also this App stopped

0:22:48.490,0:22:53.280
working. It's still on the Play Store now[br]and it's still not working. This website

0:22:53.280,0:23:00.400
is still available and it's not working[br]because they broke their end point. Uh,

0:23:00.400,0:23:04.500
this was around the time that this Google[br]Play takedown notice reached us because

0:23:04.500,0:23:10.559
apparently DSBdirect infringes the[br]trademark of DSB. I don't feel qualified

0:23:10.559,0:23:15.110
to comment on this as I don't understand[br]trademark law. I tried to ask for a

0:23:15.110,0:23:20.919
specific clarification as to why they[br]removed my app, three times, but they

0:23:20.919,0:23:25.130
never responded. Oh, by the way, that's a[br]nice trick you can do with emails you

0:23:25.130,0:23:31.430
don't like. You can just pretend you never[br]received them. So a few days later, the

0:23:31.430,0:23:36.460
website JavaScript, including[br]configuration.js, was obfuscated in such a

0:23:36.460,0:23:43.191
way that I don't understand how it works,[br]but it constantly evokes the debugger, if

0:23:43.191,0:23:48.320
the developer tools are open. You can in[br]theory easily circumvent this by telling

0:23:48.320,0:23:52.970
the browser to ignore breakpoints. This[br]doesn't seem to work with Firefox, but it

0:23:52.970,0:23:57.340
works in chromium. I don't know why. I'm[br]just going to assume you could have

0:23:57.340,0:24:02.760
figured this out somehow. Be it that we[br]could have had a web view running in the

0:24:02.760,0:24:07.000
background if we absolutely had to. But[br]fortunately, contributor Pixon had come up

0:24:07.000,0:24:12.950
with what is needed to talk to the mobile[br]endpoint now. Because it's more data.

0:24:12.950,0:24:17.730
Through decompilation he learned that it[br]was being generated using the default Java

0:24:17.730,0:24:29.660
UUID class, UID. … randomUUID.toString.[br]Also device idea was mandatory. So I added

0:24:29.660,0:24:36.400
spoof data. I took a random device ID from[br]this list. I took a random OS version from

0:24:36.400,0:24:41.840
anything between 4.0.2 and 10.0, I took a[br]random language, mostly German, sometimes

0:24:41.840,0:24:50.080
English. And as a BundleId, I took the[br]package ID of DSBmobile. With an option to

0:24:50.080,0:24:55.200
disable this via news in case it would get[br]in the way somehow. And that was the end

0:24:55.200,0:25:01.330
of that. Apparently they stopped trying to[br]prevent DSBmobile from working. Apparently

0:25:01.330,0:25:05.300
after it releases don't count to them and[br]it isn't worth their time. Or maybe they

0:25:05.300,0:25:09.760
were just uncreative. I could still think[br]of a few ways to tell DSBlight and

0:25:09.760,0:25:17.169
DSBmobile apart, but I'm clearly not going[br]to tell them. However, just this month,

0:25:17.169,0:25:22.960
Pixilon asked again why DSBmobile was[br]removed from the Play Store, also because

0:25:22.960,0:25:27.590
he believed we didn't violate German[br]trademark law, currently, but, uh,

0:25:27.590,0:25:33.210
Jasmich, who, uh, is sitting here, by the[br]way, had uploaded DSBdirect to the Play

0:25:33.210,0:25:38.700
Store again and received a rather[br]interesting response. "Sehr geehrter Herr

0:25:38.700,0:25:42.809
Zwerger", dear Pixilon, "Vielen Dank für[br]Ihre E-Mail. Leider sehen wir uns

0:25:42.809,0:25:48.450
außerstande mit Ihnen einen qualifizierten[br]Diskurs zu diesem Thema zu führen. Uns

0:25:48.450,0:25:52.490
sind weder Daten zu Ihnen noch zum Herrn[br]Godau bekannt." This means, unfortunately,

0:25:52.490,0:25:56.740
we don't have your address and thus can't[br]send you legally meaningful messages.

0:25:56.740,0:26:02.780
Heißt, sie wollen Einwurfeinschreiben[br]machen. "Ebenfalls ist uns nicht klar, in

0:26:02.780,0:26:07.540
welcher Rechtsbeziehung Sie zueinander[br]stehen". We don't know about your legal

0:26:07.540,0:26:11.360
relationship. This is a bit strange[br]because I don't know either. According to

0:26:11.360,0:26:16.450
my father, we might be a "Gesellschaft[br]bürgerlichen Rechts", but it's not exactly

0:26:16.450,0:26:22.330
proof of familiarity with Free Software.[br]"Dennoch möchte ich im Folgenden unsere

0:26:22.330,0:26:27.010
Position nochmals klar ausdrücken. Es ist[br]weder Ihnen noch anderen Dritten

0:26:27.010,0:26:30.420
gestattet, unsere interne DSBmobile-API[br]für eigene Softwareprodukte abzufragen.

0:26:30.420,0:26:34.830
Wir untersagen es Ihnen hiermit[br]schriftlich und letztmalig." You may not

0:26:34.830,0:26:40.580
use our internal API, I find it[br]questionable whether a publicly facing API

0:26:40.580,0:26:45.900
is to be considered internal. One might[br]argue that it is only for communication

0:26:45.900,0:26:51.390
between software they control. But I[br]believe I control my device and my client

0:26:51.390,0:26:57.540
installation, not them making the API, not[br]internal. "Eine Inverkehrbringung einer

0:26:57.540,0:27:02.330
App mit gleichem oder ähnlichen Namen zu[br]DSB ist Ihnen im europäischen Raum

0:27:02.330,0:27:07.390
ebenfalls untersagt. Hier liegt[br]Markenschutz durch Heinekingmedia vor." I

0:27:07.390,0:27:10.190
don't understand trademark law. There are[br]so many trademarks starting with this or

0:27:10.190,0:27:15.429
just consisting of the letters DSB with[br]partially overlapping registered use cases

0:27:15.429,0:27:17.910
and their trademark doesn't have[br]distinctive character,

0:27:17.910,0:27:23.030
"Unterscheidungskraft", and I just don't[br]understand it. By the way, there are other

0:27:23.030,0:27:27.990
trademark "Digitales Schwarzes Brett"[br]which is registered as a different one

0:27:27.990,0:27:32.660
from DSB was once rejected as a national[br]trademark just because it didn't have

0:27:32.660,0:27:37.900
distinctive character. Why can there be[br]European trademark laws without– European

0:27:37.900,0:27:41.940
trademarks, without distinctive character?[br]I do not understand and I'm not qualified

0:27:41.940,0:27:47.020
to comment. "Eine App-Bereitstellung im[br]Store ist dabei eine geschäftliche

0:27:47.020,0:27:51.240
Tätigkeit, ganz egal welchem[br]wirtschaftlichen Zweck diese folgt, es

0:27:51.240,0:27:54.350
besteht Verwechslungsgefahr. Wir[br]untersagen Ihnen hiermit die Benutzung der

0:27:54.350,0:28:02.820
geschützten Wortmarke DSB letztmalig." Um,[br]the first part is true. I had gotten lot

0:28:02.820,0:28:05.710
wrong. It counts as "geschäftlicher[br]Verkehr" when you provide a service even

0:28:05.710,0:28:11.440
for free to the public. Er, there's danger[br]of confusion, this has to be about the

0:28:11.440,0:28:16.159
letters DSB, right? Because as I explained[br]earlier our logo is completely unrelated.

0:28:16.159,0:28:21.220
Either, I'm not too certain that there[br]really is danger of confusion that

0:28:21.220,0:28:26.140
Heinekingmedia is directly affected by or[br]exclusively affected by. After all, one

0:28:26.140,0:28:30.780
could also believe that it is an app that[br]provides access to something related to

0:28:30.780,0:28:35.100
the Danish railway company. Of course it[br]does not, but it is about recognition

0:28:35.100,0:28:39.600
value, which is not something that the DSB[br]has exclusively for sure. "Wir untersagen

0:28:39.600,0:28:43.850
Ihnen hiermit die Benutzung der[br]geschützten Wortmarke DSB letztmalig."

0:28:43.850,0:28:47.659
*undistinguishable" "Sollten Sie weiterhin[br]gegen unsere deutlichen Aufforderungen

0:28:47.659,0:28:53.390
verstoßen, werden wir den Fall an unsere[br]rechtliche Vertretung, Herrn Doktor Selig

0:28:53.390,0:28:58.630
übergeben. Dieser ist in dieser E-Mail[br]bereits CC." Scaring us. "Ebenfalls werden

0:28:58.630,0:29:03.289
wir weiterhin gegen jede Veröffentlichung[br]einer solchen App vorgehen. Entsprechend

0:29:03.289,0:29:07.530
dadurch entstehende Kosten würden wir bei[br]Ihnen als Schadensersatz geltend machen.

0:29:07.530,0:29:12.900
Wir bitten um zwingende Beachtung. Mit[br]freundlichen Grüßen, Andreas Noack. Noag,

0:29:12.900,0:29:19.669
Norg, Noack. That's the CEO of[br]Heinekingmedia. Yeah, we are famous! We

0:29:19.669,0:29:23.270
redirected this email to contributor[br]Jasmich who had DSBdirect up on the Play

0:29:23.270,0:29:27.270
Store at this point of time. And he[br]decided to take it down and apologize.

0:29:27.270,0:29:31.390
Suddenly, and this was the very next day[br]he received an email that sounded a lot

0:29:31.390,0:29:36.490
friendlier. "Hallo. Vielen Dank für Ihr[br]Entgegenkommen. Wir finden Ihren Ansatz

0:29:36.490,0:29:41.160
prinzipiell sehr gut. Allerdings hätten[br]wir uns gewünscht, dass Sie uns vor

0:29:41.160,0:29:44.540
Veröffentlichungen und Nutzung unserer API[br]um Erlaubnis gebeten hätten." If we had

0:29:44.540,0:29:50.250
asked for permission, I'm quite sure we[br]would not have received it. "Dennoch

0:29:50.250,0:29:58.480
möchten wir Ihr Engagement gerne würdigen,[br]und würden Sie daher gerne zu uns nach

0:29:58.480,0:30:02.640
Hannover einladen. Vielleicht können Sie[br]uns mit Ihren Ideen helfen eine bessere

0:30:02.640,0:30:08.110
App zu bauen? Vielleicht finden wir ja[br]sogar einen Weg, dass Sie daran mitbauen?

0:30:08.110,0:30:12.799
Gerne fördern wir junge Talente. Wir[br]würden uns freuen, Sie kennenlernen zu

0:30:12.799,0:30:16.700
dürfen. Ich freue mich auf Ihre[br]Rückmeldung. Mit freundlichen Grüßen,

0:30:16.700,0:30:21.230
Noack." I rather– I'll rather leave this[br]largely uncommented. I don't know exactly

0:30:21.230,0:30:27.179
what they want from us, but I guess we'll[br]have to see. And that's the dramatic

0:30:27.179,0:30:33.260
cliffhanger that we have to end our talk[br]with. Events are yet to unroll. There's

0:30:33.260,0:30:36.820
one thing that I can learn from this.[br]Don't use other people's trademarks.

0:30:36.820,0:30:41.270
Because trademark law is too complicated.[br]Apologizing instead of being rebellious

0:30:41.270,0:30:46.140
seems to work better, even if the thought[br]of conflict intrigues you and you really

0:30:46.140,0:30:50.950
do believe you're in the right, you[br]probably just misunderstood the law.

0:30:50.950,0:30:56.250
Alternatively, exclusively do such things[br]anonymously. Decide beforehand what you

0:30:56.250,0:30:59.690
want to put your name on. Thank you.

0:30:59.690,0:31:00.690
*Applause*

0:31:00.690,0:31:01.690
*postroll music*

0:31:01.690,0:31:03.190
Subtitles created by c3subtitles.de[br]in the year 2021. Join, and help us!