Charles Guillemet
@P3b7_
Followers
43K
Following
2K
Media
444
Statuses
5K
CTO at @ledger. Busy securing the blockchain revolution. Cryptography, (Hw) Security, Tech, Blockchain. Previously built the Donjon (@DonjonLedger)
Paris, France
Joined September 2018
“Privacy is part of freedom. If you don’t have privacy, you don’t really have freedom.” – Charles Guillemet, CTO @ Ledger The latest Ledger Podcast just dropped with @randhindi and @analog_kyle from @zama & Ledger CTO, @P3b7_ on hardware security, fully homomorphic encryption
162
67
436
Ten years ago, computing 2¹⁰⁰ hashes was considered virtually impossible. Now Bitcoin, may make it within my lifetime. Humanity always directs its energy toward what it values!
My rough math based on average difficulty stats suggests that Bitcoin mining crossed the total 2**96 hashes milestone very recently? Seems like a good reason to insist on (close to) 128 bit security (ie. @drakefjustin was right)
4
7
73
I had a conversation with @P3b7_, CTO at @Ledger on the state of privacy in blockchain. Turns out we both have a teen-hacker background ;)
“Privacy is part of freedom. If you don’t have privacy, you don’t really have freedom.” – Charles Guillemet, CTO @ Ledger The latest Ledger Podcast just dropped with @randhindi and @analog_kyle from @zama & Ledger CTO, @P3b7_ on hardware security, fully homomorphic encryption
190
52
437
Dive into the full technical breakdown, timeline, and open-source tools used in our Donjon investigation. Full blog post here: https://t.co/omS9uqUvDI
0
0
16
tl;dr - Don’t store secrets on your phone. This investigation reminds me of PS3 or Nintendo Wii hardware attacks back in the day. Initial HW attacks allowed reverse engineering which led to some crazy exploits - let’s see what this first exploit unlocks.
1
1
12
Mediatek responded very constructively to our disclosure 🤝 They informed all the affected OEM vendors. The lesson - take it from Mediatek themselves. Your phone is not explicitly designed to protect secrets. If you use a smartphone without a signer, your assets could be
1
1
11
The result? We achieved total control - arbitrary code execution at EL3, the highest privilege level on the processor. The attack success rate is 0.1%–1%, meaning full compromise is a matter of just a few minutes of trying...
1
0
9
The attack worked!!! EMFI trial-and-error tricked the chip into dumping the entire Boot ROM - our map to the exploit. 🗺️ Next, by precisely faulting the WRITE command, we were able to overwrite the return address on the stack (a ROP primitive).
2
1
12
🔬Our Method: Electro-Magnetic Fault Injection. EMFI uses precise electromagnetic pulses to disrupt the chip’s logic and bypass its security checks. We performed the attack using open-source tooling including the Silicon Toaster & Scaffold board Access to Github links in our
ledger.com
Smartphones are commonly lost or stolen, but could that impact your security? The Ledger Donjon targeted a recent SoC to find out.
1
0
10
We targeted the bottom of the smartphone software stack: the Boot ROMs. These are hard-coded into System-on-Chips (SoCs) and have a limited code attack surface but high privilege levels (EL3). 🤔Our thesis - could we bypass SoC security & compromise the entire device?
1
0
8
We all store valuable data on our smartphones, but security measures often focus on remote attacks e.g. malware Without the PIN, pattern, or passcode what could an attacker do with your phone in their hand? Quite a lot, as it turns out
1
0
9
What if a hacker could gain total control of your smartphone, not via malware, but the hardware itself? The @DonjonLedger discovered a potentially unpatchable flaw impacting MediaTek Dimensity 7300 - a popular Android phone SoC - enabling arbitrary code execution in minutes.
14
37
185
The printer will go brrr...
President Trump effectively announces that Kevin Hassett will be the next Fed Chair. 2026 is going to be a wild year.
5
1
55
Arbitrary code execution, persistence, and privilege escalation on the host system… Modern browsers are extremely complex pieces of software and notoriously hard to secure. The bounties paid for these vulnerabilities are shockingly low compared to the massive upside of
⚠️ Chrome 143 Released With Fix for 13 Vulnerabilities that Enable Arbitrary Code Execution Source: https://t.co/BoVODSKekL Google has officially promoted Chrome 143 to the Stable channel, rolling out version 143.0.7499.40 for Linux and 143.0.7499.40/41 for Windows and Mac.
4
1
35
Hopefully, we have prediction markets to price the future!
Due to a cooling issue at CyrusOne data centers, our markets are currently halted. Support is working to resolve the issue in the near term and will advise clients of Pre-Open details as soon as they are available.
2
2
13
MSCI’s move to exclude companies with more than 50% of their balance sheet in crypto (eg. Strategy), and S&P’s downgrade of USDT rating, are clear signs that legacy TradFi knows disruption is coming, and is desperately trying to push back. The paradigm shift is inevitable: you
9
11
53
MSCI’s move to exclude companies with more than 50% of their balance sheet in crypto (eg. Strategy), and S&P’s downgrade of USDT rating, are clear signs that legacy TradFi knows disruption is coming, and is desperately trying to push back. The paradigm shift is inevitable: you
4
0
15
MSCI’s move to exclude companies with more than 50% of their balance sheet in crypto (eg. Strategy), and S&P’s downgrade of USDT rating, are clear signs that legacy TradFi knows disruption is coming, and is desperately trying to push back. The paradigm shift is inevitable: you
10
6
30
The megaSaga is not over, the $500m pre-deposit will basically be rolled-back. MegaETH planned a “pre-deposit” sale ahead of its mainnet launch, letting verified users commit funds to secure allocations of its MEGA token with an initial cap of US$250 million, and an eventual
We've decided to return all funds raised from the Pre-Deposit Bridge. Execution was sloppy and expectations weren’t aligned with our goal of preloading collateral to guarantee 1:1 USDm conversion at mainnet. How this decision impacts you:
19
8
66