39C3

This talk depicts the reverse engineering of a popular electric wheelchair drive system - the Alber e-motion M25: a several thousand euro assistive device that treats mobility like a SaaS subscription. Through Android app reverse engineering, proprietary Bluetooth protocol analysis, hours of staring at hex dumps (instead of the void), and good old-fashioned packet sniffing, we'll expose how manufacturers artificially limit essential features and monetize basic human mobility.

What you'll learn:

• how a 22-character QR code sticker, labeled as "Cyber Security Key", becomes AES encryption
• why your 6000€ wheelchair drive includes an app with Google Play Billing integration for features the hardware already supports
• the internals, possibilities and features of electronics worth 30€ cosplaying as a 595€ medical device
• the technical implementation of the "pay 99.99€ or stay slow" speed limiter (6 km/h vs 8.5 km/h)
• how nearly 2000€ in hardware and app features can be replaced by a few hundred lines of Python
• why the 8000€ even more premium (self-driving) variant is literally identical hardware with a different Boolean flag and firmware plus another (pricier) remote

We'll cover the complete methodology: from initial reconnaissance, sniffing and decrypting packets to reverse-engineer the proprietary communication protocol, to PoCs of Python replacements, tools, techniques, and ethical considerations of reverse engineering medical devices.

This is a story about artificial scarcity, exploitative DRM, ethics and industry power, and how hacker-minded creatures should react and act to this.

This talk will be simultaneously interpretated into German sign language (Deutsche Gebärdensprache aka. DGS).