Hello fedi!

I have an .MVAX #firmware #update file for an MV Silicon chip (unknown model).

Has someone already encountered those? And if yes, is there some documentation, tooling or existing #ReverseEngineering work done of that format?

For the record, the file magic (first 8 bytes) is as follow:
4D 56 B5 58 05 01 13 00

And the end of the file contains the following (no spaces, wrapping is mine):

MVSKeyFileMVBP10<0x90>0xBE>SIMPLEs
<0xD3><0x9A>.<0x90><0xD9>
MVSILICONKEYFL<0x00><0x00>
<0xFF><0xBD><0x00>0x00>

Thanks in advance for your help!!

#embedded #mcu #blob #fileformat #FileFormatAnalysis #binary #extraction

Right now, there's a really funny opportunity to burn an Outlook zero day.

Open Graphics Card Powers Cyberpunk “Laptop”

https://hackaday.com/2026/04/04/open-graphics-card-powers-cyberpunk-laptop/

Yay! @kagihq have provided a URL where you can continue to use their "1996-style" search as your home page.

It's so nice to have a bit of colour and human interaction there. "Small Web" has already become a favourite after just a few days. So many great, mad, creative websites to browse!

https://kagi.com/?year=1996

Crises precipitate change. That's no reason to induce a crisis, but you'd be a fool to let a crisis go to waste. Donald Trump is the greatest crisis of our young century, and the EU looks set to squander the opportunity, to its own terrible detriment.

--

If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2026/04/04/digital-subjugation/#greenlands-next

1/

This is someting I wish I'd realized a lot sooner in life.

High level diff of iOS 26.5 beta1 vs. iOS 26.5 beta1 (v2) 🎉

https://github.com/blacktop/ipsw-diffs/blob/main/26_5_23F5043g__vs_26_5_23F5043k/README.md

😂 credit https://ashermaxperlman.com/#cartoons

Interesting Git repos of the week:

Threats:

* https://github.com/haxrob/BPFDoor-controller-source - yay, BPFDoor source

Detection:

* https://github.com/davidjurgens/hallucinated-reference-finder - how many of those references are horseshit?
* https://github.com/Cybereason-Public/owLSM - kernel based Sigma rules powered by eBPF

Exploitation:

* https://github.com/zh54321/SharePointDumper - dump SharePoint
* https://github.com/Byxs20/Krb5RoastParser - have PCAPs, can cookie
* https://github.com/shellkraft/Anvil - analyse thick clients
* https://github.com/bethgelab/foolbox - mislead that neural network
* https://github.com/Oros42/IMSI-catcher - build your own IMSI catcher
* https://github.com/pullmoll/trusttrust - sample code for Reflections on trusting trust
* https://github.com/ZephrFish/BugBountyTemplates - bug bounty templates
* https://github.com/JoasASantos/Offensivesecurity-Checklists - helpful checklists for pen testing

Hard hacks:

* https://github.com/PentHertz/urh-ng - analyse RF protocols and abuse SDR
* https://github.com/wh1te4ever/super-tart-vphone-writeup - bulld your own virtual iPhone
* https://github.com/34306/vphone-aio - virtual iPhone images

Hardening:

* https://github.com/cisco-ai-defense/defenseclaw - watch where you're sticking that claw

#security, #research, #code

This quote from Apollo 14 astronaut Edgar Mitchell has been in my head the last few days

docs.rs builds are about to change. If you have crates published on crates.io/docs.rs, I recommend you read this blog post in case you might be impacted by this change: https://blog.rust-lang.org/2026/04/04/docsrs-only-default-targets/

#rust #rustlang

you ever write code so inefficient they have to update the whole power grid

My Dad sends me horrible Dad jokes all the time, but sometimes he tells one that hits hard. This is one of those times.

"My favourite time of the year is campaign time. It's the only time I see politicans hang from trees."

Tired of reversing the same libc for the 100th time? 👀

Meet SightHouse, our open-source tool that automatically detects third-party library functions in binaries.
High-confidence function mapping. Works with any disassembler. By @madsquirrel & Sami.

🔗 https://blog.quarkslab.com/sighthouse-automated-function-identification.html

🆕 New blog post!

"BitLocker's Little Secrets: The Undocumented FVE API"

A small Windows RE adventure to figure out how to get the status and configuration of a BitLocker protected drive programmatically and without admin privileges.

Now also implemented in PrivescCheck! 🔥

👉 https://itm4n.github.io/bitlocker-little-secrets-the-undocumented-fve-api/