Archive

This year's posts

• 19. Sep  |     |   Modding a Flashforge Guider II 3D Printer - Part 2
• 19. Sep  |     |   Modding a Flashforge Guider II 3D Printer - Part 1
• 11. Jan  |     |   2FA Auth Bypass in devise-two-factor (CVE-2024-0227)

2023

• 08. Dec  |     |   Milk Sad - How Weak Entropy can Ruin Your Savings (CVE-2023-39910)
• 14. Aug  |     |   Yubico YubiHSM PKCS#11 Library Vulnerability (CVE-2023-39908)
• 17. Apr  |     |   KeepKey Memory Exfiltration Vulnerability (CVE-2023-27892)

2022

• 29. Aug  |     |   Yubico libykpiv Vulnerabilities II
• 18. May  |     |   KeepKey Supervisor Vulnerabilities (CVE-2022-30330)
• 05. May  |     |   KeepKey Message State Handling Vulnerability (VULN-22003)
• 15. Mar  |     |   Building the PicoEMP EMFI Tool
• 03. Mar  |     |   PhyWhisperer Device Repair
• 01. Mar  |     |   Partial Teardown of the SafePal S1

2021

• 08. Dec  |     |   Yubico yubihsm-shell Vulnerability (CVE-2021-43399)
• 20. Jul  |     |   Glitching over KeepKey Firmware Protections (VULN-21020)
• 07. May  |     |   Faulty Stack Smashing Protection on ARM Systems
• 02. May  |     |   Exploiting KeepKey CVE-2021-31616 - Part I
• 30. Apr  |     |   KeepKey Stack Buffer Overflow Vulnerability (CVE-2021-31616)
• 04. Mar  |     |   Yubico libyubihsm Vulnerabilities (CVE-2021-27217, CVE-2021-32489)
• 06. Jan  |     |   Tamper Evident Seals - Part II
• 03. Jan  |     |   Tamper Evident Seals - Part I

2020

• 19. Nov  |     |   Skycoin Wallet Firmware Vulnerabilities - Part II
• 16. Nov  |     |   OLED Side Channel Observations and Mitigation
• 19. Oct  |     |   Yubico libyubihsm Vulnerabilities
• 17. Oct  |     |   GoPro GPMF-parser Vulnerabilities
• 16. Sep  |     |   Fuzzing Multiple C-based Parsers
• 08. Aug  |     |   Skycoin Wallet Firmware Vulnerabilities
• 08. Jul  |     |   Yubico libykpiv Vulnerabilities
• 04. Apr  |     |   BC Vault One button side channel
• 23. Feb  |     |   KeepKey Key Erasure Vulnerability (CVE-2019-18672)
• 11. Feb  |     |   KeepKey receive buffer vulnerability (CVE-2019-18671)
• 28. Jan  |     |   Base64 parser issues in multiple projects
• 11. Jan  |     |   KeepKey receive buffer vulnerability (VULN-1814)
• 05. Jan  |     |   Trezor One receive buffer vulnerability - part one

2019

• 09. Dec  |     |   Trezor One dry-run recovery vulnerability
• 30. Nov  |     |   Yubico libu2f-host Vulnerability - Part Two
• 29. Nov  |     |   Yubico libu2f-host vulnerability - part one
• 28. Nov  |     |   bech32_decode vulnerability
• 17. Nov  |     |   U2F init packet information leak
• 29. Oct  |     |   OLED Side Channel - Summary October 2019