Reverse engineering of the formula used to generate the "reciprocal tariffs"
(twitter.com)
Something went wrong, but don’t fret — let’s give it another shot.
Something went wrong, but don’t fret — let’s give it another shot.
Show HN: GhydraMCP – Agentic reverse engineering across multiple binaries
(github.com/teal-bauer)
GhydraMCP is a bridge between Ghidra and AI assistants that enables AI-assisted reverse engineering through the Model Context Protocol (MCP).
GhydraMCP is a bridge between Ghidra and AI assistants that enables AI-assisted reverse engineering through the Model Context Protocol (MCP).
MCP server for Ghidra
(github.com/LaurieWired)
ghidraMCP is an Model Context Protocol server for allowing LLMs to autonomously reverse engineer applications. It exposes numerous tools from core Ghidra functionality to MCP clients.
ghidraMCP is an Model Context Protocol server for allowing LLMs to autonomously reverse engineer applications. It exposes numerous tools from core Ghidra functionality to MCP clients.
Reversing C++ Virtual Functions
(alschwalm.com)
There are a few posts in various parts of the internet discussing reverse engineering C++, and these often address virtual functions to a large or small extent. However, I wanted to take some time to write about dealing with virtual functions in large, ‘enterprisy’ code-bases.
There are a few posts in various parts of the internet discussing reverse engineering C++, and these often address virtual functions to a large or small extent. However, I wanted to take some time to write about dealing with virtual functions in large, ‘enterprisy’ code-bases.
Reviving the modprobe_path Technique: Overcoming search_binary_handler() Patch
(theori.io)
This blog post introduces a new method for utilizing the Overwriting modprobe_path technique. Since this patch was merged last year, it is no longer possible to trigger modprobe_path in the Upstream kernel by executing dummy files.
This blog post introduces a new method for utilizing the Overwriting modprobe_path technique. Since this patch was merged last year, it is no longer possible to trigger modprobe_path in the Upstream kernel by executing dummy files.
Shenmue (1999) reverse engineering reveals possible sun position oversight
(wulinshu.com)
So far, we’ve only really touched on some of the fundamentals of reverse engineering with one game example, but this time we’re looking at something a bit different.
So far, we’ve only really touched on some of the fundamentals of reverse engineering with one game example, but this time we’re looking at something a bit different.
Breaking AES encrypted firmware using neural networks
(fromnothing.blog)
Firmware encryption is becoming a common feature in modern devices. From a security standpoint, that’s welcome news. However, for anyone reverse engineering or testing device security, dumping firmware is often one of the first tasks — and encryption makes that task extremely challenging, if not impossible. So, why are we seeing more encryption? There are several reasons.
Firmware encryption is becoming a common feature in modern devices. From a security standpoint, that’s welcome news. However, for anyone reverse engineering or testing device security, dumping firmware is often one of the first tasks — and encryption makes that task extremely challenging, if not impossible. So, why are we seeing more encryption? There are several reasons.
Reversing Samsung's H-Arx Hypervisor Framework (Part 1)
(dayzerosec.com)
In many ways, mobile devices lead the security industry when it comes to defense-in-depth and mitigation.
In many ways, mobile devices lead the security industry when it comes to defense-in-depth and mitigation.
Building an open-source Wi-Fi Mac layer for the ESP32
(esp32-open-mac.be)
The ESP32 is a low-cost microcontroller with Wi-Fi connectivity. Currently, the Wi-Fi MAC layer of the ESP32 is closed-source. This project aims to change that: by reverse engineering the hardware registers and software, we can build a networking stack that is open-source up to the hardware, instead of having to use the proprietary MAC layer.
The ESP32 is a low-cost microcontroller with Wi-Fi connectivity. Currently, the Wi-Fi MAC layer of the ESP32 is closed-source. This project aims to change that: by reverse engineering the hardware registers and software, we can build a networking stack that is open-source up to the hardware, instead of having to use the proprietary MAC layer.
Sc2kfix – Reverse Engineering, Bugfixing, and Modding SimCity 2000
(sc2kfix.net)
sc2kfix is a project reverse engineering SimCity 2000 Special Edition for Windows and developing a bugfix and modding plugin to patch core game and compatibility bugs as well as enabling the development of new quality of life and gameplay features.
sc2kfix is a project reverse engineering SimCity 2000 Special Edition for Windows and developing a bugfix and modding plugin to patch core game and compatibility bugs as well as enabling the development of new quality of life and gameplay features.
GoStringUngarbler: Deobfuscating Strings in Garbled Binaries
(cloud.google.com)
In our day-to-day work, the FLARE team often encounters malware written in Go that is protected using garble. While recent advancements in Go analysis from tools like IDA Pro have simplified the analysis process, garble presents a set of unique challenges, including stripped binaries, function name mangling, and encrypted strings.
In our day-to-day work, the FLARE team often encounters malware written in Go that is protected using garble. While recent advancements in Go analysis from tools like IDA Pro have simplified the analysis process, garble presents a set of unique challenges, including stripped binaries, function name mangling, and encrypted strings.
Windows NT for GameCube/Wii
(github.com/Wack0)
PowerPC Windows NT ported to Nintendo GameCube/Wii/Wii U
PowerPC Windows NT ported to Nintendo GameCube/Wii/Wii U
Reverse Engineering PowerPoint's XML to Build a Slide Generator
(framer.website)
Making PowerPoint presentations is much harder than it seems. While there are several LLM-powered slide generators out there, none of them produce truly satisfying results.
Making PowerPoint presentations is much harder than it seems. While there are several LLM-powered slide generators out there, none of them produce truly satisfying results.
Spice86 – A PC emulator for real mode reverse engineering
(github.com/OpenRakis)
Spice86 is a tool to execute, reverse engineer and rewrite real mode DOS programs for which source code is not available.
Spice86 is a tool to execute, reverse engineer and rewrite real mode DOS programs for which source code is not available.
Reverse Engineering PowerPoint's XML to Build a Slide Generator
(listenlabs.ai)
Making PowerPoint presentations is much harder than it seems. While there are several LLM-powered slide generators out there, none of them produce truly satisfying results.
Making PowerPoint presentations is much harder than it seems. While there are several LLM-powered slide generators out there, none of them produce truly satisfying results.
A reverse engineering of Linear's sync engine
(github.com/wzhudev)
A reverse engineering of Linear's sync engine.
A reverse engineering of Linear's sync engine.
TSforge: Reverse Engineering the Windows Software Protection Platform
(massgrave.dev)
2025 marks nearly 20 years since the introduction of Windows' current DRM system, the Software Protection Platform (SPP). With it serving as the primary gateway to activation since early in Windows Vista's development, many have come up with clever ways of tricking it, from resetting grace period timers to emulating KMS servers to hooking bootloaders. While all of these systems abuse various activation methods, there has never been an exploit that directly attacked SPP itself... until now.
2025 marks nearly 20 years since the introduction of Windows' current DRM system, the Software Protection Platform (SPP). With it serving as the primary gateway to activation since early in Windows Vista's development, many have come up with clever ways of tricking it, from resetting grace period timers to emulating KMS servers to hooking bootloaders. While all of these systems abuse various activation methods, there has never been an exploit that directly attacked SPP itself... until now.
Mellanox ConnectX-5: iRISC reverse engineering
(irisc-research-syndicate.github.io)
NVIDIA/Mellanox has made a series of smart network interface cards(SmartNICs/NICs) called ConnectX primarily for server and datacenter uses. In this series of articles we will take a look at its firmware, and try to reverse engineer the instruction set for the iRISC processor.
NVIDIA/Mellanox has made a series of smart network interface cards(SmartNICs/NICs) called ConnectX primarily for server and datacenter uses. In this series of articles we will take a look at its firmware, and try to reverse engineer the instruction set for the iRISC processor.
Disassembling a binary: linear sweep and recursive traversal
(nicolo.dev)
Building your own set of analysis tools is a great exercise for those who already have some basics and allows you to later move on to implement more targeted analyses in reverse engineering. Even just seeing how the different algorithms can be implemented provides a mental framework that may help when reverse engineering more difficult-to-analyse executable files, i.e. obfuscated ones.
Building your own set of analysis tools is a great exercise for those who already have some basics and allows you to later move on to implement more targeted analyses in reverse engineering. Even just seeing how the different algorithms can be implemented provides a mental framework that may help when reverse engineering more difficult-to-analyse executable files, i.e. obfuscated ones.
Reverse Engineering Apple's typedstream Format
(chrissardegna.com)
imessage-exporter’s goal is to provide the most comprehensive representation of iMessage data available. Message data is stored in a legacy format that appears to be a stream that represents objects.
imessage-exporter’s goal is to provide the most comprehensive representation of iMessage data available. Message data is stored in a legacy format that appears to be a stream that represents objects.
Decompiling 2024: A Year of Resurgance in Decompilation Research
(mahaloz.re)
The year 2024 was a resurgant year for decompilation. Academic publications from that year made up nearly 30% of all top publications ever made in decompilation. In this post, I do a summarization and retrospective of both the academic and ideological progress of decompilation in 2024. Hint: decompilation research is back.
The year 2024 was a resurgant year for decompilation. Academic publications from that year made up nearly 30% of all top publications ever made in decompilation. In this post, I do a summarization and retrospective of both the academic and ideological progress of decompilation in 2024. Hint: decompilation research is back.
LoongArch64 Subjective Higlights
(0x80.pl)
I get back to work on simdutf recently, and noticed that the library gained support for LoongArch64. This is a custom design and custom ISA by Loongson from China. They provide documentation for scalar ISA, but not for the vector extension. Despite that, GCC, binutils, QEMU and other tools already support the ISA. To our luck, Jiajie Chen did an impressive work of reverse engineering the vector stuff and published results online as The Unofficial LoongArch Intrinsics Guide.
I get back to work on simdutf recently, and noticed that the library gained support for LoongArch64. This is a custom design and custom ISA by Loongson from China. They provide documentation for scalar ISA, but not for the vector extension. Despite that, GCC, binutils, QEMU and other tools already support the ISA. To our luck, Jiajie Chen did an impressive work of reverse engineering the vector stuff and published results online as The Unofficial LoongArch Intrinsics Guide.
Interesting BiCMOS circuits in the Pentium, reverse-engineered
(righto.com)
Intel released the powerful Pentium processor in 1993, establishing a long-running brand of processors.
Intel released the powerful Pentium processor in 1993, establishing a long-running brand of processors.
Reverse Engineering Bambu Connect
(rossmanngroup.com)
Bambu Connect is an Electron App with Security through Obscurity principles, hence it is inherently insecure.
Bambu Connect is an Electron App with Security through Obscurity principles, hence it is inherently insecure.
Bambu Connect's Authentication X.509 Certificate and Private Key Extracted
(hackaday.com)
Hot on the heels of Bambu Lab’s announcement that it would be locking down all network access to its X1-series 3D printers with new firmware, the X.509 certificate and private key from the Bambu Connect application have now been extracted by [hWuxH].
Hot on the heels of Bambu Lab’s announcement that it would be locking down all network access to its X1-series 3D printers with new firmware, the X.509 certificate and private key from the Bambu Connect application have now been extracted by [hWuxH].
Reverse-engineering a carry-lookahead adder in the Pentium
(righto.com)
Addition is harder than you'd expect, at least for a computer.
Addition is harder than you'd expect, at least for a computer.