Unnamed Reverse Engineering Podcast

Reverse Engineering the MegaII with James Lewis. James (https://www.baldengineer.com/) joined Jen and Alvaro to chat about MegaII reverse engineering. Here are links to some of the topics we covered: Element 14 Presents Youtube Hackster.io News MegaIIe Video Apple II Versions Logo (Programming Language) 7400 Series Logic PLCC Package The MiSTer Project Digilent Digital Discovery Schmitt Trigger Analog Discovery 2 ElectroBOOM KiCad JLCPCB RP2040 Checkmate Retro Display Unitiblue HP/Agilent/Keysight 17600 Silicon Valley Maps James’ HDDG Capacitor Talk (video) HALT Testing Have comments or suggestions for us? Find us on twitter @unnamed_show,  or email us at show@unnamedre.com.  

In this episode, we talked about measuring things (Well mostly digital and some analog things)! Digital Multimeter Oscilloscope Passive vs active probes Current probes Logic Analyzers Saleae Logic Mentioned on the Embedded.fm podcast Episode 2 Now with Real Time View! Analog Discovery 2 Sigrok (Supported Logic Analyzers) Bitscope BusPirate Perhaps we missed your favorite tool or you had questions and comments about our list, find us on twitter @unnamed_show,  or email us at show@unnamedre.com and tell us. Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)

Thomas Roth (aka Stacksmashing) joined us again to chat about all the new projects he’s been working on. We talked about iPhone and Macbook reversing, HexTree.io, the  RP2350 Hacking Challenge, and more!  Here are links to some of the topics we covered: Getting JTAG on the iPhone 15 (video) https://t8012.dev/ 37C3 - Apple's iPhone 15: Under the C Marc Zyngier’s Central Scrutinizer  Macvdmtool Asahi Linux AsahiLinux USB-PD Docs  Tamarin-C iPhone/Mac bus explorer  chipSHOUTER and PicoEMP ACE up the Sleeve: Hacking into Apple’s New USB-C Controller  Breaking Bitlocker - Bypassing the Windows Disk Encryption Cold Boot Attack T8012 Team Ace Controller Secrets Embedded Systems Village Faultier at 1bitsquared US and EU  Crowbar (circuit) Toorcamp 2024 Keynote Video The Hardware Hacking Handbook BlackMagic Probe Orbcode Have comments or suggestions for us? Find us on twitter @unnamed_show,  or email us at show@unnamedre.com. Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)

We talked to Jesse Michael (@jessemichael) and Mickey Shkatov(@hackingthings) about BIOS/UEFI reverse engineering and more! Here’s a list of some of the things we talked about: Eclypsium Driving Down the Rabbit Hole (DEFCON 25 talk about Nissan Leaf exploit) Intel WiGig BIOS Port 0x80 UEFI https://github.com/tianocore/edk2 for UEFI  DediProg SF100(And SF600) Chip Clips chipsec UEFITool BusPirate Tigard QEMU VMWare Workstation UEFI exploitation for the masses (DEFCON 26 presentation) One Bootloader to Load Them All (DEFCON 30 presentation) BIOS Dehumidifier Function Remotely Attacking System Firmware (BlackHat 2018) Intel System Studio 2020 Intel DCI USB A/A cable for DCI Debugging Damn Vulnerable UEFI (Look out for BlackHat talk) UEFI DOOM Flappy Bird in UEFI UEFI Tetris Self-Replicating UEFI App (In 420 bytes!) System Management Interrupt Unknown Cheats Forum System Management Mode Edk-devel mailing list Xenoh Kovah’s UEFI training videos efiSeek for ghidra efiXplorer for IDA Binary Ninja Intel Management Engine me_cleaner ME analyzer (By platomav) CPUMicrocodes (By platomav) Coreboot 010 Hex Editor Stardock Fences (For Icon management) Notepad++ The Newlywed Game Streamdeck Toorcamp Have comments or suggestions for us? Find us on twitter @unnamed_show,  or email us at show@unnamedre.com. Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)

Ian from DangerousPrototypes (@DangerousProto) joined us to chat about the new BusPirate 5, DirtyPCB’s, and more! Check out this BusPirate 5 post for pictures of many things we mentioned on the show. Ian’s Halloween onion rings (And other instructables) BusPirate Taobao Ian’s Maker Faire 2012 Video Seedstudio BusBlaster Haxelerator Bunnie’s “The Essential Guide to Electronics in Shenzen” Naomi Wu’s updated version of the guide OSHPark DirtyPCBs DirtySLA DirtyAcryllics DirtyCables Arduboy Canned Cheese (Alvaro’s recommendation) Expressway to Pleasure Hacker Camp  Shenzhen PCBite PIZZAbite Sigrok Saleae Prusa MINI Flylin Consulting   Have comments or suggestions for us? Find us on twitter @unnamed_show,  or email us at show@unnamedre.com. Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)  

We talked to Laurie Wired (X/Twitter, YouTube, Github) about malware reverse engineering, making youtube videos, and more! Check out her excellent series on Reverse Engineering 101 as well as her many Conference Talks.  Here are links to some other topics we covered: Serial Experiments Lain EIEIO instruction  Java Native Interface (JNI) .ipa file Virustotal MalwareBazaar RetroBar for Windows  https://alula.github.io/SpaceCadetPinball/ Neon White game vx underground  trivia Operation Triangulation and Video Presentation “What You Get When Attack iPhones of Researchers” Dalvik Executable Format (.dex) UPX  packer Apk file Neon Genesis Evangelion XcodeGhost https://frida.re/ https://github.com/Ch0pin/medusa Have comments or suggestions for us? Find us on twitter @unnamed_show,  or email us at show@unnamedre.com. Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)

Jen and Alvaro briefly chat with Jacob Creedon outside a restaurant. Sorry for the terrible sound quality 😅! We’ll try to get back on track this year :) ImHex - Hex editor Jacob mentioned.

No guest this time! Jen and Alvaro catch up 😀 NOTE: Alvaro will be at CCCamp in a few weeks https://events.ccc.de/camp/2023/infos/ Episode 03 - Barbies and Keyboards Barbie Liberation Organization Small Soldiers Movie Toys Movie Jumpin’ Jack Flash Rust - I Hear People Talk About It (shirt) OpenSauce Maker Faire Bay Area 2023 Alvaro’s USB Cable Tester Book Recommendations ARM Assembly and Reverse Engineering Fancy Bear Goes Phishing Fatal System Error Murdoch’s Pirates Cult of the Dead Cow  Past guest David teaching the first lady how to solder! RECESSIM - Reverse Engineering News on YouTube Excellent CAN Injection Write-up (And Great interview with Ken on The Amp Hour) Reverse Engineering A Mysterious UDP Stream in My Hotel WebOS Alvaro’s IR Volume Controller DJI Mic Have comments or suggestions for us? Find us on twitter @unnamed_show,  or email us at show@unnamedre.com. Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)  

Jen and Alvaro chat with Nika/ic3qu33n about 16-bit MS-DOS malware reverse engineering! You can find Nika in the following places: https://ic3qu33n.fyi/ https://github.com/nikaroxanne https://twitter.com/nikaroxanne https://infosec.exchange/@ic3qu33n Here are links to some of the topics we covered: Leviathan Security Group Hardware Happy Hour (3H) San Francisco BSidesSF Presentation -  MTV Reboot — my Super Sweet 16-bit malware. Mikko Hypponen Darknet Diaries - Mikko Internet Archive Malware Museum R2 IDA Rizin/Cutter (Listen to Episode 45 for more info!) Masm32 vx-underground github nasm  QEMU  FreeDOS bochs emulator Programming Boot Sector Games by Oscar Toledo VMware  Interview with Spanska (virus author) Dark Angel’s Phunky Virus Writing Guide Tequila virus  Bitsavers.org https://ic3qu33n.fyi/ (blog posts!) TSRs Screen Mode 13h Demoscene LayerOne Creeper virus Elk Cloner MTVRE  Electronics Flea Market Ken Shirriff ATT 26A RECON 2023 https://ben.the-collective.net/ https://twitter.com/suidroot Have comments or suggestions for us? Find us on twitter @unnamed_show,  or email us at show@unnamedre.com. Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)  

Jen and Alvaro chat with Thomas Roth (@ghidraninja on Twitter) about Airtag reverse engineering, debugging iPhones, and GameBoy RE! You can also find Thomas on his stacksmashing.net, YouTube, and @stacksmashing@infosec.exchange. Here are some links to the topics we covered: stacksmashing youtube channel Linux on iPod Airtag fault injection twitter thread Bypassing code protection on NRF52 Raspberry pi pico PIO Joe Grand wallet glitch video Wallet.fail Lennert’s Starlink terminal glitching DEFCON talk DEF CON 29 - Thomas Roth - Hacking the Apple AirTags How the Apple AirTags were hacked  Hardwear.io NL 2021: Over The Air-Tag: Shenanigans With A Keyfinder by Jiska , Fabian And Thomas Kanzi Cable Bonobo Cable MFi IDBus and Lightning The Secrets of Apple Lightning - Part 1 (Video)  The Hitchhacker’s Guide to iPhone Lightning and JTAG Hacking (DEF CON 30 Presentation)  DCSD cable (lightning uart) Frida Saleae Openocd Tamarin Firmware Repo USB Cable Tester Picoprobe rpi2040 swd adapter Mario Kart AI training video Tetris movie Multiplayer tetris Webusb Online Multiplayer on the Game Boy (video) Gameshark Ghidra ChipSHOUTER-PicoEMP F$#k powerpoint there’s no power in the point Have comments or suggestions for us? Find us on twitter @unnamed_show,  or email us at show@unnamedre.com. Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)

David from Cyber City Circuits (@MakeAugusta) joined us to chat about reverse engineering, manufacturing, escape rooms, and more! Here are links to some of the topics we covered: HackerBoxes KiCad GIMP Inkscape SVG2Shenzen TwinkleTwinkie on Twitter and Mastodon 83Redux Twitter Thread (TI-83 RE project) Sensor Watch on CrowdSupply  arturo182 on Twitter and Mastodon http://datamath.org/ https://tiplanet.org/ DigiHack Thread (Digimon Reversing Project) Joe Grand’s pizza finder Joe's PCB Deconstruction Techniques YouTube Playlist electronicstwitter.com  #newprop on Twitter ChatGPT Have comments or suggestions for us? Find us on Mastodon @unnamedre@infosec.exchange, Twitter @unnamed_show,  or email us at show@unnamedre.com. Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)

Note: We have 5 year anniversary T-Shirts available for sale. Order is open until Nov 28. We chatted with Sultan Qasim Khan (github) about BLE reverse engineering, relay attacks, and more! Libusb FTDI D2XX Motorola Mobility NCC Group Mike Ryan Ubertooth Mike’s Paper on BLE Security TI BLE sniffer Nordic BLE nRF snifferhttps://www.ellisys.com/products/bex400/ Time-of-flight 802.15z Relay attack  Sniffle Presentation at Hardwear.io 2019 and blog post Sniffle Git Repo https://fortune.com/2022/05/17/tesla-hacker-shows-how-to-unlock-start-and-drive-off-with-car/ nOBEX Have comments or suggestions for us? Find us on twitter @unnamed_show,  or email us at show@unnamedre.com. Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)

Jen and Alvaro chat about the last 5 years! Don’t forget to get past guest @TubeTimeUS’s new book Open Circuits over at https://nostarch.com/open-circuits. You can use promo code UNNAMEDRE25 to get 25% off. Alvaro is going to be in a panel about Debugging Embedded Devices in Production on August 25th run by the awesome folks at Memfault. Here are some links to things we mentioned: Toorcamp Ran into past guests: Joe Grand Jared Boon Rick Altherr https://hardwear.io/ One of Alvaro’s side projects: SWD over USB-C Behind the Rind Podcast Ferrite Recording Studio (iPad) Audacity Zencastr xArm 6 Robot https://www.jencostillo.com/ Buy Jen’s NFT https://makezine.com/ Kitty Yeung Jen’s Supercon Talk Hackaday Supercon Asahi Linux (and 2022 Progress Report) Jeri’s Episode Micah’s Episode Ken Shirfiff's Episode It’s Not Magic Evil Mad Scientist Labs Windell’s interview about the book on Embedded.fm Have comments or suggestions for us? Find us on twitter @unnamed_show,  or email us at show@unnamedre.com. Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)

Mike Ryan (bluetooth.expert) joins us once again to talk SDR’s, bluetooth, and more! If you need some consulting help, you can find him at ice9.us. Here are some links to things we talked about: Episode with Jiska Episode with Michael Ossmann Toorcon Toorcon 13 Badge Ice9 Consulting Web of Make Believe on Netflix Caltrain MTVRE Hacking Electric Skateboards Video @ DEFCON23 Inspectrum Rapid Radio Reversing Talk by Michael Ossmann NRF24 Ubertooth CC2400 Yardstick One Waterfall display/plot OOK FSK URH Baudline GNU Radio Companion Fcc.io Alvaro’s Quadcopter Reversing (github) SMC Connector RF Attenuator RF Splitter Natalie’s webRTC talk where the fuzzer “Fred” is mentioned  WirelessUSB BLE Coded PHY HOGP (HID over GATT Profile) You Can Lose in So Many Colors HackRF BladeRF USRP Polyphase channelizer Wireshark Wireshark’s extcap Kismet Dragorn Other Mike Ryans: Michael W. Ryan - Murderer Dr. Michael J. Ryan - Epidemiologist  Dr. Michael J. Ryan - Paleontologist Have comments or suggestions for us? Find us on twitter @unnamed_show,  or email us at show@unnamedre.com. Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)

Special thanks to Andrea of Hardwear.io team for inviting us. We learned a ton and meet a bunch of new people while (as of this writing) stayed COVID-free. Interviews in order:   Eric Schlaepfer - author of the  new book with co-author Windell Oskay (of “Evil Mad Scientists Laboratories” fame )  “Open Circuits” on No Starch press. Notes there are PREORDER discounts. Jacob Creedon: Just before his talk… at the Mountain View Reverse Engineering Meetup. Spencer Moss from Google (I’m sure you can google the company) security engineer Ken from Somerset Recon  Will McGuiness as the workshop assistant for John McMaster’s microprobing workshop. Mike Ryan: Bluetooth expert from Ice 9 Consulting and previous guest.  As promised he would be on this next show… but the part2 of our RF tools with him will be the next episode.   Have comments or suggestions for us? Find us on twitter @unnamed_show,  or email us at show@unnamedre.com. Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)

Michael Ossmann (@michaelossmann) from Great Scott Gadgets joined us to chat all things SDR, Open Source Hardware, education, and more! Here are links to some of the topics we covered: HackRF One Ubertooth One GreatFET One A Mathematician's Lament WEP  Wep dead again article APCO P25 Ettus USRP NTLMv1 Dominic Spill GNU Radio Michael’s KiCon Talk  gr-bluetooth Michael’s awesome video series on SDR http://www.nsaplayset.org/ https://en.wikipedia.org/wiki/NSA_ANT_catalog IMSI Catcher DEF CON 22 - Michael Ossmann - The NSA Playset: RF Retroreflectors https://en.wikipedia.org/wiki/The_Thing_(listening_device) Cyberspies book Samy Kamkar (Featured in Episode 41!) Rolljam  Yardstick One https://github.com/nonamecoder/CVE-2022-27254 https://www.rtl-sdr.com/tesla-charging-ports-opened-with-hackrf-replay-attack/ How To Write Pop Horn Parts

Oleg Kutkov (@olegkutkov) joined us from Kyiv to chat about Starlink reverse engineering, astrophysics, and more! Check out his awesome website for some excellent write ups on various topics. Here are some links to the topics we covered: Back To The Future SpaceX Starlink Phased array antenna Arecibo observatory Crimean Astrophysical Observatory Oleg's Allsky Camera Writeup Medical Research that Referenced Oleg's Writeup NASA's Spooky Space Sounds NOAA GOES Satellites https://usradioguy.com/goes-satellite-imagery-reception/ RTL-SDR HackRF ADS-B HackRF supercluster DBV-S DBV-S2 Phase Noise Starlink Patents Starlink Beacons Doppler shift NORAD’s Celestrak Low Noise Block (LNB) Starlink Dishy SpaceX's starlink-wifi github Oleg's Tesla LTE Modem Replacement Devicetree Boxee Iridium Reversing Episode Eccentric Orbits Book Saleae IDA Pro Used the following NASA recordings in the episode: https://soundcloud.com/nasa/sun-sonification https://soundcloud.com/nasa/jupiter-sounds-2001 https://soundcloud.com/nasa/juno-crossing-jupiters-bow-shock Have comments or suggestions for us? Find us on twitter @unnamed_show,  or email us at show@unnamedre.com. Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)  

Laura Abbott (website, @openlabbott) from Oxide.computer joins us to chat about reverse engineering the LPC55S69, linux kernel development, and more!Some of the topics we covered: Hubris Operating System Episode with Rick Altherr Laura’s Coworker Cliff’s Website Ghidra objdump SVD Loader for Ghidra Log4j ghidra DEF CON 29 - Breaking TrustZone M: Privilege Escalation on LPC55S69 Arm TrustZone-M TrustedFirmwareM project Oxide’s ROM patch POC Code Golfing Arm assembly manual CVE-2021-31532 PhD Thesis on Linux Kernel community Video about collaboration in kernel mailing lists Episode about Containers Moving the Kernel to Modern C QEMU Have comments or suggestions for us? Find us on twitter @unnamed_show,  or email us at show@unnamedre.com. Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)

Willem Melching(@PD0WM) joins us to chat about reverse engineering cars! We discovered him through his excellent blog. Willem is the head of openpilot at comma.ai. They are hiring! Here are links to some of the topics we discussed: LEGO Mindstorms PICBasic PIC Microcontroller ARM Mbed VHDL CTF Comma.ai CAN Bus Automotive ethernet CAN FD FlexRay DBC Files Opendbc The Car Hackers Handbook Hacking a VW Golf Power Steering ECU Series - https://blopart1/ Adventures with Flexray: performing a man-in-the-middle attack (Audi Q8 Hacking) Automotive Right to Repair Toyota Tech Info (for example) Unified Diagnostic Services (UDS) Comma.ai's Panda USB->CAN Tool (And Github Project) https://blog.willemmelching.nl/carhacking/2022/01/02/vw-part1/ V850 Processor Binwalk XOR Cypher Airbus’ cpu_rec Ghidra Ghidra SLEIGH ELF File CAN Calibration Protocol Openpilot Levels of Driving Automation Consumer Reports -  Active Driving Assistance Systems Tesla Rolling Stop Recall GlScopeClient (Hackaday Article) GNURadio Have comments or suggestions for us? Find us on twitter @unnamed_show,  or email us at show@unnamedre.com. Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)

Jen and Alvaro chat with Hash (@bitbangingbytes) about reverse engineering smart power meters! Check out Hash’s RECESSIM community as well as their Discord! Hash is also on TikTok @bitbangbytes. Here are some links: Remoticon presentation https://en.wikipedia.org/wiki/ZX81 Night rider lights Kinect reversing challenge ROS https://www.engadget.com/2010-11-29-neato-xv-11-robot-vacuum-gets-its-very-own-open-source-lidar-hac.html Tamper evident presentation by past guest Datagram! Bunnie Huang Hacking the Xbox (Available as a free PDF!) The Hardware Hacking Handbook by past guest Colin O'Flynn and Jasper van Dallas Hackers Association Geographical routing protocol GNU Radio Landis+Gyr Revelo California Blackouts + Enron Yardstick one HackRF One USRP B200 URH (Universal Radio Hacker) Baudline Inspectrum  Saleae Logic Analyzers Beagle I2C/SPI Protocol Analyzer Travis Goodspeed Chris Gerlinsky (Past guest on episode 22!) Chris Tarnovsky xv11hacking.wikispaces.com (Archive.org) Precursor on CrowdSupply Have comments or suggestions for us? Find us on twitter @unnamed_show,  or email us at show@unnamedre.com. Music by TeknoAxe (http://www.youtube.com/user/teknoaxe)