BTW, glitching the early UART boot path that is fuse protected gives you access to very early nvidia-only key material that is locked down pretty early during the normal boot path. Every single other key on the TX2 is either derived from the FEK1 or FEK2 depending on a fuse bit. Default seems to be FEK2.

SHA1(FEK1) = 9d00fe0637b15de7b417c740a6210d19932c7eb4
SHA1(FEK2) = 0e0fdef7a31d32aaf0fee77679e065652daecb44

I initially did all this to reverse engineer the Denver microcode, however I never could make sense of the instruction set encoding. If anyone wants to tackle this, I can decrypt both microcode stages - seemingly a loader and the final JIT and I more or less completely reverse engineered MB1 that loads the Denver microcode.

/cc @elise

https://media.ccc.de/v/39c3-making-the-magic-leap-past-nvidia-s-secure-bootchain-and-breaking-some-tesla-autopilots-along-the-way

If you're interested in obscure details of the microcode in the Intel 8087 floating-point chip, I have a new blog post...
https://www.righto.com/2025/12/8087-microcode-conditions.html

I just got reminded that when you start a brand new smartphone the default screen autolock time is around 30s.

This is the attention span vendors are expecting from you.

[RSS] Why are we worried about memory access semantics? Full barriers should be enough for anybody

https://devblogs.microsoft.com/oldnewthing/20251226-00/?p=111919

Today I saw this UNIX v4 PDP11 emulator (running simh in the browser) and decided to write an IO plugin for radare2 to load tapes. Here's the source in case you are curious about how tapes are structured and how to extend r2 with new features like IO backends. https://github.com/radareorg/radare2/commit/aeeccc1d23d3b75edcd6e0013f1372830a6af134

Gentle Reminder for Newcomers :

Boosting posts keeps Mastodon alive!

Boost what you love! 💚
Boost freely! ✨

#Mastodon #Fediverse

New post on my blog! Decapping with DMSO.

https://dev-zzo.github.io/blarg/2025/12/19/decapping-dmso.html

#electronics #reverseengineering

Learn why some vulnerabilities resist to fuzzing and persist in long-enrolled OSS-Fuzz projects, and how you can find them!

https://github.blog/security/vulnerability-research/bugs-that-survive-the-heat-of-continuous-fuzzing/

Unix V4 in your browser:

https://riedstra.dev/static/unixv4/

New Project Zero issue:

Samsung: QuramDng FixBadPixelList opcode out-of-bounds read/write

https://project-zero.issues.chromium.org/issues/448241955

CVE-2025-58479

New Project Zero issue:

Samsung: QuramDng opcodes ignore PixelType, leading to out-of-bounds read/writes

https://project-zero.issues.chromium.org/issues/447479300

CVE-2025-58478

[RSS] Blind trust: what is hidden behind the process of creating your PDF file?

https://swarm.ptsecurity.com/blind-trust-what-is-hidden-behind-the-process-of-creating-your-pdf-file/

Checking my YT history, there are videos again I never even clicked, but I guess this is an easy way to rip off advertisers a bit more.

#AdTech

Glitches in games, especially used for speedrunning, are one of the most fun aspects of hacking to watch!

As an example, check out this video "How Speedrunners BEAT Hollow Knight Silksong In 10 Minutes!" by Abyssoft

https://www.youtube.com/watch?v=M6Jnj-y0G9w

The “opposite” of a GPU is kinda weird.

Graphcore has a strange chip (IPU) that loves tiny batches...but is also massively parallel.

It used to cost ~$100k. Now you can get one on Ebay for $160 bucks.

The catch is it's almost impossible to use.

Time to promote this one in 1h. This was an incredible research project, and having seen the talk before at WHY, it's really well explained despite how technical it is.

Spectre in the real world: Leaking your private data from the cloud with CPU vulnerabilities
dimarts, 30 de desembre del 2025 0:15 CET (Europe/Berlin), Zero

https://events.ccc.de/congress/2025/hub/event/detail/spectre-in-the-real-world-leaking-your-private-data-from-the-cloud-with-cpu-vulnerabilities

#39c3 #fahrplan #security #spectre #meltdown #Google #Cloud

From Silicon to Darude Sand-storm: breaking famous synthesizer DSPs

https://media.ccc.de/v/39c3-from-silicon-to-darude-sand-storm-breaking-famous-synthesizer-dsps

I love CCC talks because you get to hear "pretty easy" and things like "special microscope lenses" in the same sentence :)

Demo video of moving types and symbols from #IDA to #Ghidra with REshare:

https://video.infosec.exchange/w/7VRDzwthgrSzeAHwHvkPtt

#ReverseEngineering