stacksmashing
@ghidraninja
Followers
47,155
Following
430
Media
1,284
Statuses
5,540
Security researcher with a focus on hardware & firmware. I occasionally publish stuff on YouTube. Co-founder of @hextreeio . Contact: contact @stacksmashing .net
Joined March 2019
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
jaemin
• 328832 Tweets
Norawit with L'Oreal Paris
• 166054 Tweets
Will Still
• 118767 Tweets
All To Nene D-Day
• 106526 Tweets
#นุนิวขึ้นใจ_2ndConceptVideo
• 53386 Tweets
プロフェッショナル
• 37106 Tweets
PP is WORTH IT
• 33605 Tweets
バイデン
• 25390 Tweets
SDカード
• 25169 Tweets
YOASOBI
• 23387 Tweets
GW後半戦
• 22680 Tweets
高利貸し
• 20462 Tweets
カメムシ
• 19761 Tweets
金利60
• 17789 Tweets
中条きよし参院議員
• 17433 Tweets
出資法違反の疑い
• 15416 Tweets
Princess Charlotte
• 15018 Tweets
物語シリーズ
• 13566 Tweets
ウマチュン
• 13182 Tweets
外国人嫌い
• 12207 Tweets
#素のまんま
• 11563 Tweets
NEWSポストセブン
• 11308 Tweets
法務局職員
• 10036 Tweets
Yesss!!! After hours of trying (and bricking 2 AirTags) I managed to break into the microcontroller of the AirTag! 🥳🥳🥳
/cc
@colinoflynn
@LennertWo
61
1K
6K
Lenovo X1 Carbon Bitlocker Key Sniffing any% Speedrun
(42.9 seconds)
67
908
5K
This is crazy. An iOS KeePass app was sending the clipboard contents *unencrypted via UDP* to a server. The developer "fixed" it by still sending it via UDP, but this time with fixed key and IV. 🤦♂️
The app is simply a credential stealer and probably in violation of some laws.
42
748
4K
A lot of people said sniffing a TPM requires advanced knowledge and equipment - so let’s change that!
Soon a couple of pogo-pins and a
@Raspberry_Pi
Pico will be enough 😀
34
433
2K
To the person at AWS who has a KPI incentivizing the showing of 90 to 130 minute long YouTube ads:
PLEASE STOP
14
85
2K
Be careful when scanning untrusted AirTags or this might happen to you😆
31
398
2K
One of my neighbours seems to have a smart toilet - and it looks like I can connect to it 👀
62
150
2K
Why is a device I bought in 2016 running a webserver from 2003 😭
14
41
2K
What’s going on at Microsoft? Have they gone completely crazy?
Forcing random stuff into Windows (Suddenly a copilot button? Candy crush ads? Edge trying to make itself happen again and again?)
And now even the Skype app starts spamming me with random “Skype Today” stuff…
18
98
2K
Found some performance improvements that increase the Mifare Dictionary Attack speed on the
@flipper_zero
significantly - for example a full search of 14 keys takes only 17 instead of 29 minutes on a random hotel card.
Code here:
15
155
1K
I just published the code and hardware for Tamarin-C, the iPhone 15 USB-C exploration tool I presented at
#37c3
.
5
238
1K
Breaking Bitlocker: Bypassing the Windows Disk Encryption - using less than $10 of equipment
22
345
1K
Found a 100% reproducible macOS kernel-crash that can be triggered by WebUSB in Google Chrome🙈
10
80
1K
When I randomly decided to post a Ghidra “getting started” video 2 years ago I never expected this to happen...
Thank you all!
34
36
1K
I'd just like to interject for a moment. What you're referring to as USB-C, is in fact, USB-C/USB3.2, or as I've recently taken to calling it, USB-C plus USB3.2. USB-C is not a protocol unto itself, but rather a connector specification.
19
156
1K
I just published a video: The secrets of Apple's Lightning - Part 1
13
176
1K
My Nintendo Game and Watch arrived a day early! Let’s tear it down and see how it works - and how easy it is to hack it!
35
298
1K
So I was trying to sniff the BitLocker TPM key on an old laptop of mine - it has this great debug port that exposes most of the TPM (Low Pin Count Bus) signals, but it’s missing the clock signal.
17
147
1K
I just published a video: Hacking the ████████® ████ & █████™
44
192
1K
Built a quick demo: AirTag with modified NFC URL 😎
(Cables only used for power)
16
125
1K
Random math request:
Given that >90% of CPUs are little endian - how much CO2 could we (very very very roughly) save if we switched network protocols to use little endian instead of big endian?
31
34
957
Mining Bitcoin on the Game Boy!
Starring the
@Raspberry_Pi
Pico as a Game Boy Link Cable adapter
25
225
877
I'm not sure why, but I created a Wordle-clone with x64 Linux syscalls: Syscordle
39
147
861
Couldn’t resist and created a “stacksmashing’s bitcoin miner” cartridge 😀
22
123
842
And with that it’s time for me to get some sleep :) This was a ton of fun!
(Also, can I now claim I was first to “hack” an Apple device?!)
10
15
813
20 arcade buttons and a Raspberry Pi Pico make for a fun evening project 😀
14
95
800
I hacked the Ministry of Defence and all I got was this awesome coin🤩
22
46
758
Modern web-dev is pretty funny.
There are USB and Bluetooth APIs, and you can even do computation on the GPU...
But if you want to download a file in JS you create an invisible <a>-tag with the file stored as a string in href and then call the .click() method on it?!😂
17
66
750
For all the people saying this doesn’t work on new hardware:
This is a 2023 machine, with TPM 2.0 and running Windows 11…
BitLocker Key retrieval on a Windows 11, Lenovo X1 Carbon Gen 11 via SPI Sniffing.
The TPM on the backside of the Motherboard, there are various test pads.
19
222
1K
20
113
749
Yesss! Managed to get a Tetris ROM running on the Analogue Pocket, no cartridge required 😎
44
62
720
I added LCD-support to
@kilograham5
’s RP2040-Doom, so now you can play DOOM on a breadboard😁
25
134
723
Ever wondered what makes a secure element secure?
A part of it is this pattern:
28
97
716
If you don’t genuinely hate tech, don’t work in security.
9
54
718
Late to the party, but finally got a
@flipper_zero
. Any under appreciated thing I need to try?
43
22
691
Just reversed a file for like half an hour before seeing this line 😂
13
34
683
Dumping the firmware of a MacBook Pro M1 ACE2 chip 👀
(Similar to how the awesome
@t8012dev
team did on an older MacBook Pro: )
6
111
645
Wow. My "Reversing WannaCry in Ghidra" video has surpassed 1 million views...
I think that might make it the most watched malware reverse-engineering video😳
12
70
625
Surprise: Someone already built a first working collision/preimage-attack for Apple's NeuralHash model for CSAM detection.
5
201
622
Changing the XOR key of mirai decreases its detection rate by more than half🤡
14
42
628
I just published a video:
Why 111-1111111 is a valid Windows 95 key
13
110
618
After a ton of probing, sniffing of SPI & power-up sequences the LCD is up and running 😀
Homebrew here we come! /cc
@kbeckmann
24
67
587
I just published a video: Porting DOOM to the Nintendo Game & Watch!
23
167
554
Ghidra 10.0.1 was released 3 days ago and it finally supports changing the interpretation of numbers right in the decompiler 🎉
10
60
531
Would you watch videos about failed research?
I think it's a super interesting topic, especially on the hardware security side.
58
14
521
Accidentally bricked your AirTags?
Don't worry - stacksmashing's beauty tips has you covered!
Just turn them into EarTags!
10
64
507
WebSerial based SPI flash explorer - my attempt at making flash-dumping a bit more accessible 🙂
12
60
505
My
@defcon
talk, The Hitchhacker’s Guide to iPhone Lightning and JTAG Hacking, is now on YouTube!
12
131
497
There are two types of hardware hackers: those who've made that mistake, and liars 😂
15
43
506
Oof, this Exchange server crashed because the date format (“2201010001”) used by the malware scanner doesn’t fit into a 32-bit integer 😂
11
86
475
Dumped the firmware and some important areas😀(am I missing any other important ones from the nRF52?)
3
33
470
Just loaded the
#VALORANT
anti-cheat kernel-module into Ghidra - and found this nice easter-egg: A link to a picture of the Riot Anti-Cheat team!
9
86
459
The procedure for this was pretty simple:
- Started with a placeholder image
- Got the hash of it
- Changed text of the image to match the hash
- Then used
@anishathalye
great neural-hash-collider which took only 1-2 iterations
3
68
443
This was a crazy amount of work, but it’s so satisfying to see DOOM running on it!
12
110
436
One of the best feelings in the world, especially when you really had to work for it😀
11
16
433
Come see how I used my jerry-rigged “EMBite” probe to capture an EM side-channels using a HackRF.
I used this to figure out the precise timing of where a completely unknown boot check fails - and then used that timing to bypass the check 😁
11
81
446
I just published a video explaining the details of CVE-2020-0601 aka Curveball: The Microsoft CryptoAPI vulnerability that was reported by the NSA.
2
157
438
Discord has the worst UI/UX of any desktop application I use. I hate that it became the de-facto standard for a lot of things.
Even simple things such as "finding out why did Discord just made a notification sound" or "Jump to where I was highlighted" are basically impossible.
49
27
410