Feb. 3, 2024
With the release of Windows 11, Microsoft is introducing another
iteration of control flow integrity mitigation called “eXtended Flow
Guard” or XFG. In short, it further restricts targets of indirect calls
to not only valid function entry points, but to a subset of functions
that have a particular signature consisting of return value type, number
and types of parameters and other function properties.
Surely, this added metadata can somehow aid us in our reverse
engineering process. To see how, we’ll need to understand the
implementation details.
Jan. 23, 2024
A cabinet x-ray machine is a handy tool for any reverse engineer of
electronics, but the price tag keeps convenient x-ray photography
beyond the reach of most hobbyists, particularly when the digital
sensor works. In this lecture, we’ll show two film alternatives to
digital photography, generating x-ray pictures first with a proper
dark room under a red light and second with polaroid/fujiroid film in
the absence of wet chemistry. We’ll also explain where film can be a
better alternative to a digital sensor, offering better resolution and
dynamic range at a much larger surface area.
Jan. 24, 2023
I’ve recently spent some time playing with and reverse engineering this curious piece of tech that was a first consumer oriented,though odd looking, lightfield camera called Lytro. Killer feature of this new technology was the ability to refocus the image after it was taken!
The bad side was that the software was pretty bad, the camera was trying to solve a problem that didn’t exist and the whole endeavor mostly failed.
Aug. 19, 2021
My Nissan Xterra came with a (for the time) modern head unit that has a touch screen, built-in navigation, backup camera display, multimedia features and smartphone connectivity. Some of the more advanced features are only available through NissanConnect App which requires registration and subscription. I’ve never used it and I’m not even sure if it’s still supported.
Wouldn’t it be neat if were able to get code execution on the device and even develop extensions and apps of our own?
Jan. 11, 2020
This project repurposes the Smart Response XE device for digital radio trickery by adding a CC1101 module to it.
Initial application is a proof of concept DAPNET pager receiver. Currently in very early stage that can only properly receive short frames.
Additionally, there is a spectrum analyzer application showcased in above photo.
Oct. 23, 2017
Every one of us who has ever looked at a piece of code looking for
vulnerabilities has ended up finding a number of situations which are
more than simple bugs but just a bit too benign to be called a
vulnerability. You know, those bugs that lead to process crashes
locally, but can’t be exploited for anything else, and don’t bring a
remote server down long enough to be called a Denial Of Service.