nSinus-R (@[email protected])

A virtual iteration of our training on fuzzing custom embedded systems is coming up end of March. One cool story about this: The participants of our training in 2024 exploited a bunch of devices at Pwn2Own Tokyo 2026!🔥 Details: ringzer0.training/countermeasure…

In case you missed the live version, the recording of our talk is now available: media.ccc.de/v/39c3-of-boot…!

En route to #39c3 - come to our talk at 4pm! I will only be there today and tomorrow, but happy to meet-up & chat. Also, if you are at #39c3 and often dump SPI flash-chips please let me know, I might have something for you that I'm looking for feedback on 🙂

🤩A hush settles as the RP2350’s challengers—Marius Muench and Thomas Roth—begin their story What started as a public hacking challenge became a trail of breakthroughs, from unverified vector boots to secrets pulled straight out of OTP memory. 👉hardwear.io/netherlands-20… #RP2350

🔍 It’s reverse engineering mayhem as participants trace how basebands whisper to each other inside the Shannon modem, mapping flows that feel straight out of a sci-fi network core. In action Marius Muench; Tobias Scharnowski at #hw_ioNL2025 👉hardwear.io/netherlands-20… #fuzzing

@defcon @Cowtickle @TomChothia More information about our research, slides, and additional resources are available at: game-research.github.io

Our @defcon'33 talk is online: youtu.be/FXIScbxJTZw! Ever wondered how to get banned from online games without cheating? We've got you covered! Check out this talk for fun hacks tripping off modern anticheats. Joined work with @Cowtickle & @TomChothia.

I absolutely love this paper, so much reverse engineering alpha the researchers who won the rpi hacking challenge came together to describe in detail how they overcame the defenses of a secure-by-design chip, incl. custom laser fault injection and single instruction skips

We have an exciting piece of vulnerability research 🕵️‍♂️ to share, conducted in collaboration with external researchers from VU Amsterdam. Find out more about the L1TF vulnerability, a CPU vulnerability on some Intel CPUs (Skylake and older). goo.gle/3I69VDv

#SecureBoot is the clubs bouncer🕺🚫—but a double glitch is like sneaking past while he blinks That’s the magic (and mischief) in the #RP2350. @nSinusR & @ghidraninja will show you how it happened at #hw_ioNL2025 and why fixing it makes chips stronger 👉hardwear.io/netherlands-20…

📶 Ever wondered how your phone seamlessly switches between 2G, 3G, 4G and 5G? Join Marius Muench & @ScepticCtf at #hw_ioNL2025 to peel back the layers of #basebandfirmware to show how your device talks to the world—from older 2G networks to modern 5G 👉hardwear.io/netherlands-20…

Our work on solving @Raspberry_Pi's RP2350 Hacking Challenge is now online! 5 different attacks and lots of lessons learned. Joint work with Aedan Cullen, Kévin Courdesses, @ghidraninja and @azonenberg! Full paper: usenix.org/system/files/w… Source code: github.com/bhamsec/woot25…

new baseband rehosting research just dropped! BaseBridge dynamically identifies relevant regions from a memory dump which are then loaded into the FirmWire emulator to enrich global state. this leads to way higher fidelity, more coverage during fuzzing, and finally more bugs.

📢 Excited to announce that the results on BaseBridge, our project on improving cellular baseband emulation, are going public this week. @dyonwg_ will present at @IEEESSP on Monday 3pm, while David and I will be on stage at @offensive_con on Saturday 11am with more details! 1/6

We are excited to announce that the 1st Workshop on Software Understanding and Reverse Engineering (SURE) will be co-located at ACM CCS 2025 in Taiwan! We invite the community to submit their awesome research sure-workshop.org. So, what is SURE? More in the 🧵

No joke, another video! @nsinusr and Tomasz share the ins and outs of modern SIM hacking! youtu.be/2ou_MxSmiVo

Really enjoyed speaking at the inaugural edition of @REverseConf! You can find our slides on tricks with SIMs and interposers here: tinyurl.com/reverse25-sims…

@xvonfers @REverseConf Oups, thank you. Correct link here: tinyurl.com/reverse25-sims…. Will create a new post.

@nSinusR @REverseConf broken link

SIM cards: more than just storage. Join Marius Muench (@nsinusr) & Tomasz Lisowski as they reveal SIM vulnerabilities, baseband exploits, and turning SIM interposers into attack tools. Live demos & insights await! re-verse.sessionize.com/session/784666 #REverse2025 #BasebandHacking

Results of the RP2350 Hacking Challenge are now public - I'm happy that my entry qualified as one of the winning breaks! Also huge shout out to the other winners: @aedancullen, Kévin Courdesses, @IOActive & @hextreeio - awesome work! Thanks for the challenge @Raspberry_Pi!