This blogpost explains how we recovered the firmware of a fleet-sharing Electronic Control Unit (ECU) which has been erased from a FAT memory using Capstone disassembler to locate scattered parts, to be able to reverse-engineer it.

Analyzing an automotive ECU firmware is sometimes quite challenging, especially when you cannot emulate some of its most interesting functions to find vulnerabilities, like ECUs based on Renesas RH850 system-on-chips. This article details how we managed to add support for this specific architecture into Unicorn Engine, the various challenges we faced and how we successfully used this work to emulate and analyze a specific function during an assignment.

In this article, we'll see how to put an entire car into a transportable box from scratch or at least the main electronic components.

In this blogpost we present our brand new version of binbloom, a tool to find the base address of any 32 and 64-bit architecture firmware, and dig into the new method we designed to recover this grail on both of these architectures.

Tear-off techniques to the next level.

Latest news from the Proxmark3 world, crunchy bits included...

A blog post about the security implemented in the August Smart Lock, with special focus on the Bluetooth Low Energy capabilities.

In the context of the Inter-CESTI 2019 challenge, we "accidentally" found a timing difference disclosing the length of a PIN handled via the standard OwnerPIN.check JavaCard API. Here is the story.

A blog post about how to reverse engineer a VxWorks based device.

Third part of a blog post series about our approach to reverse engineer a Philips TriMedia based IP camera.