Wireless hacking doesn't have to be a mess of dongles and ad-hoc code anymore.

Yesterday @virtualabs from Quarkslab and @rcayre from EURECOM released WHAD, a set of open source tools, libraries and firmware to make wireless security research easier.

WHAD implements 6 protocols (BLE, ZigBee, RF4CE, Unifying, ESB, LoRaWAN) and supports 11 different hardware devices, including 4 embedding our custom firmwares to extend their capabilities.

It can be used to sniff various protocols (BLE, 802.15.4, ZigBee, RF4CE, Enhanced Shockburst, Logitech Unifying and even unknown ones via its PHY support), packet injection, MITM attacks, device emulation, device sharing over TCP, and a number of other features and capabilities.

See the code repository here https://github.com/whad-team/whad-client

if AI wants to be useful, it can read the build instructions of a github readme and tell me which seventeen packages the author forgot to mention I need to install first

Losing my mind at this. Google says that cellsite simulators are being used to send SMS spam.

https://security.googleblog.com/2024/08/keeping-your-android-device-safe-from.html

We had a lot of fun handing out our first-ever #Vanguard Awards. If you couldn't be there, we've updated our blog with all the winners. Check it out at https://www.zerodayinitiative.com/blog/2024/8/1/introducing-the-vanguard-awards

Looks like we shipped Firefox 129 last week, where the address bar is defaulting to use HTTPS (and falls back to HTTP if it doesn't work). Kudos to the team for shipping! 😀 It's nice to see something happen so smoothly when on vacation

Huh, with the new IDAlib headless mode in @HexRaysSA IDA 9.0, #BinDiff can get rid of the visible second IDA instance. Need to play around with this more.

Step aside, devs. The Infosec Wizards are coming.

https://www.theregister.com/2024/08/09/marlinspike/

I very much enjoyed this talk by @thegrugq While there are many issues here worth discussing like systems' perception of the world or why is it not so easy to predict how system will fail, I particularly liked discussion on impact of policy decision.

Too often I have heard arguments how certain technical solution can overcome/solve particular issues and make them "policy-proof". In reality scope of influence available to both state and private actors, makes policy way more important factor determining outcome. You can't out-obfuscate your way out of telemetry available to major tech companies or out-encrypt government level targeted surveillance.

https://www.youtube.com/watch?v=P6PnhDfWvx0

excited to see my janky code being put to good use for jailbreaking flagship smartphones such as the "vtech kidizoom snap touch"

https://bird.makeup/@rdjgr/1818367871086686432

Interesting paper - A Verification Methodology for the Arm® Confidential Computing Architecture: From a Secure Specification to Safe Implementations https://dl.acm.org/doi/abs/10.1145/3586040

As a Blind person i never thought i would be on social media savoring photos. But the communal Mastodon alt text game is so strong that sweet, poetic or silly descriptions abound on my timeline. Thanks to legions of people who take time to write a meaningful description of the ephemera they post, i learn so much about insects, plants, buildings, memes — all dispatches from a dimension of the world that i otherwise wouldn't experience. If you're wondering whether anybody reads these things: YES.

🧵 Saturday reversing thread: I was going to wait until the full release, but since the beta seems to have become more-public-than-intended, let’s look at how the official “IDA as a library” works in IDA Pro 9.0…

Making RSA faster on Graviton2: https://www.amazon.science/blog/formal-verification-makes-rsa-faster-and-faster-to-deploy

Happy Zero Cool Day

One question regarding #copyright and #DMCA: Can I legally make a video showing cuts of videos from multiple news sources? Like, say, I show some ~5 seconds from a video in CNN, then another one from BBC, then another one from a Chinese outlet, etc...

PS: The music & video will be free. Most likely Public Domain.

#publicdomain

Yeah, all decompilers included. Very good day for the RE "community" :PPPPPPPP

Nice addition to my IDA leak collection :-)))))))))

Picard management tip: Empower others to command when you are unfit. You never know when your mind will be taken over by an alien.

It’s been a while since we had a good 512-bit RSA key controlling anything important, and I’m here for it. https://arstechnica.com/security/2024/08/home-energy-system-gives-researcher-control-of-virtual-power-plant