#reverse-engineering

Security researchers uncovered a supply chain attack where attackers posed as Web3 recruiters to distribute malicious packages. The attackers used fake job interviews to trick developers into installing compromised npm packages that stole sensitive data. The campaign targeted cryptocurrency and blockchain developers through sophisticated social engineering tactics.

The Free Universal Construction Kit is a set of 3D-printable adapters enabling interoperability between ten popular toy construction systems like Lego, Duplo, K'Nex, and Fischertechnik. Created by artists Golan Levin and Shawn Sims, it overcomes proprietary incompatibilities to allow creative mixing of different toy blocks.

Researchers have reverse-engineered infrared-based electronic shelf labels used in retail stores. The project involved analyzing communication protocols and security mechanisms of these wireless price display systems. This work reveals vulnerabilities that could allow unauthorized price manipulation in certain implementations.

BamBuddy is a self-hosted print archive for Bambu Lab 3D printers that captures print data locally via the printer's MQTT interface. It creates a searchable archive of print history including thumbnails, filament usage, timing, and slicer settings without using Bambu's cloud servers.

A tool attempts to reconstruct readable source code from bundled JavaScript, successfully recovering about 90% of file mapping and 93% of naming from a Vue 2 and Three.js tower defense game bundled with Webpack. The project is still a work in progress with some limitations.

Theseus is a static Windows emulator that runs Windows programs without requiring a Windows installation. It works by translating Windows system calls to Linux equivalents, allowing applications to run in a sandboxed environment. The project aims to provide compatibility for legacy Windows software on modern systems.

Theseus is a static Windows emulator that runs Windows binaries on Linux without requiring a Windows installation. It works by translating Windows system calls to Linux equivalents, enabling compatibility for various applications. The project aims to provide a lightweight alternative to traditional virtualization solutions.

The article explains how ELF libraries work with both section headers and program headers, describing how the author discovered Synology NAS libraries missing section headers. They developed a tool to reconstruct missing section headers from program header data to make the libraries usable for linking.

The article reverse-engineers an 8-bit carry-lookahead adder in the Pentium's floating point unit, identifying it as a Kogge-Stone parallel prefix adder. This specialized adder computes carries in parallel to speed up division operations and was involved in the Pentium FDIV bug.

A reverse-engineering analysis reveals the BiCMOS circuits used in Intel's 1993 Pentium processor, specifically examining the multiplexer/driver circuits that output data from the floating-point unit's constant ROM. The article details how these circuits combine bipolar transistors with CMOS logic to drive signals across the chip.

The article reverse engineers the Intel 386 processor's prefetch queue circuitry, which fetches instructions before execution to improve performance. It examines the incrementer's Manchester carry chain and carry skip techniques, the alignment network for byte rotation, and the limit check circuit that prevents prefetching beyond memory segments.

Researchers reverse-engineered a Motorola-built Up-Data Link Confidence Test Set from the Apollo era, which was used to test the spacecraft's digital command system. The undocumented device used thumb-sized encapsulated modules containing logic gates, flip-flops, and other components, requiring extensive analysis to understand its functionality.

The article details the reverse engineering process of the Philips TDA7000, the first FM radio receiver chip from 1977. It examines the chip's components visible in die photos, including NPN and PNP transistors, resistors, and capacitors. The analysis explains common analog circuits like differential amplifiers and current mirrors used in the design.

A CT scan of Intel's 386 processor reveals six layers of complex wiring inside its ceramic package, including nearly invisible side wires for electroplating. The scan also shows the chip has two separate power and ground networks: one for I/O circuitry and another for the CPU's logic.

The article examines how the Intel 386 processor's I/O circuitry protects against three major threats: static electricity through protection diodes, latchup via guard rings, and metastability using synchronizers. These specialized circuits differ from the chip's internal logic and safeguard the processor from external dangers that could cause damage or malfunctions.

The Intel 386 processor used standard cell logic to manage its complexity, employing automated place-and-route techniques. Analysis reveals unusual circuits including large multiplexers built from CMOS switches, a single transistor placed outside standard cell columns, and cells that appear to be inverters but function as independent transistors.

Intel's 8087 floating-point coprocessor, introduced in 1980, performed operations up to 100 times faster than early microprocessors. The chip's eight registers are organized in a stack architecture, with control circuitry managing push/pop operations and relative register access.

The Intel 8087 floating-point coprocessor uses 49 different conditional tests in its microcode to control jumps and subroutine calls. These conditions range from simple checks like whether a number is zero to specialized tests for rounding direction or instruction opcode bits. The selection circuitry uses a distributed tree of multiplexers across the chip to efficiently route condition signals.

The Intel 8087 floating-point coprocessor chip added 62 instructions to IBM PCs in the 1980s. It uses multiple decoding techniques including PLAs and microcode to interpret instructions, with the 8086 computing memory addresses for the 8087 to use.

The article explores Roadsearch Plus, an early 1980s route-finding software for Apple II and Commodore 64 computers. It details how the program encoded map data and performed graph traversal on 8-bit hardware to calculate highway routes across the United States. The author reverse-engineers the software to extract its database and analyze its routing algorithms.

The article covers fundamental techniques for reverse engineering x86 assembly code on Linux using GDB. It explains how to decompile binaries and analyze their assembly instructions for understanding program behavior.

The article describes a Google CTF reverse engineering challenge where a path traversal vulnerability allows reading system files. Using the /proc filesystem, the author retrieves the binary and analyzes it with GDB to find the flag file location. The solution involves exploiting the vulnerability to access the flag file and obtain the CTF flag.

This presentation introduces reverse engineering concepts, explaining how to analyze software and hardware to understand their inner workings. It covers fundamental techniques used to examine compiled code and systems without access to original source materials.

The article explains how the Street Fighter 2 game engine handles character rotation when players are unable to move. It details the technical implementation of spin animations during stun states and other gameplay scenarios.

The article details the CPS-1 graphics system internals, explaining how Capcom's arcade hardware handled sprite rendering and tile-based backgrounds. It covers the system's memory architecture, palette management, and rendering pipeline used in classic fighting games.

Branch encryption is a technique used in code obfuscation to protect control flow by encrypting branch targets. It makes reverse engineering more difficult by hiding the actual destinations of jumps and calls in executable code.

The article provides an overview of JavaScript virtualization obfuscation techniques, explaining how code can be transformed to make analysis more difficult while maintaining functionality.

The article analyzes Pixelmelt's JavaScript virtualization obfuscation technique, examining a stack-based JavaScript virtual machine. It presents a research study on the security implications of this obfuscation method.

Amazon's Kindle Web platform uses obfuscation techniques to prevent users from accessing content in ways not intended by their official applications. The author discovered methods to reverse-engineer these protective measures due to dissatisfaction with the official Kindle app's functionality.

The article discusses how reverse engineering is experiencing a renaissance period, putting defenders at a disadvantage. This situation will continue until effective methods are developed to cope with large language models.