vessial

#Qualcomm 4/5G #Baseband internal messaging system and state machine reverse engineering , github.com/vessial/baseba… ,only Chinese version

EXPMON has been updated to v20260202! This is a Detection Logic update, to provide decisive Detection Result against the ongoing Microsoft Office zero-day exploits CVE-2026-21509. For example, below are two real, in-the-wild samples of the Office 0day which were just disclosed today: pub.expmon.com/analysis/31163… pub.expmon.com/analysis/31163… Previously, these samples were detected only via the Indicators (see x.com/HaifeiLi/statu…). Since this update, they will now be classified/shown as "Malicious - potential exploit CVE-2026-21509", easier for users to identify the threat. Enjoy the hunting!:) #expmon #CVE-2026-21509 #office #zeroday #0day #threatintel

Please take a moment to vote your Tesla stock

@Tesla voted

We pay for outstanding performance – not for promises. In 2018, shareholders approved a groundbreaking CEO Performance Award that delivered extraordinary value. At our Annual Meeting on November 6, Tesla shareholders can vote on a pay-for-performance plan designed to drive our next era of transformational growth and value creation. Seven years ago, @ElonMusk had to deliver billions to shareholders – now it’s trillions. This plan creates a path for Elon to secure voting rights and will retain him as a leader of the company for many years to come. But as explained below, Elon only receives voting rights after he has delivered economic value to you. Your vote matters. Vote “FOR” Proposal 4! For instructions on how to vote, please refer to your proxy materials or visit votetesla.com

Open source stm8 idapython disassembly plugin at github.com/vessial/stm8 , first version, you can update opcode parser if you needed

@olegkutkov @__tim @noop_dev I can help for free

@__tim @noop_dev This requires complete disassembly of the ICE computer and a complex operation. I'm not ready for such experiments on the new expensive car.

The Ukrainian hacking community is kinda unique. I hate this, but I reached a dead end and had to ask for help (not free). For $300, they hacked my new car, installed proper navigation data with Ukraine, and locked the auto-update of this data so that Tesla would not be able to update it and break it again. The navi is working like a charm. Of course, they refused to share any technical details. But for me, it's an interesting technical challenge. I noticed that they accessed only the diagnostic Ethernet, used some custom software or script on the MacBook, and presumably performed a power cycle of the car (I had to exit the service area).

Developed by IDApython, IDA Pro built-in plugin only support 162 opcodes by default. I developed idapython plugin it can be fully supported 397 opcodes, almost 800 instructions statements, just diff with IDA built-in plugin disassembled results, it will open source soon.

Now IDA Pro can fully support TI TMS320C28x Series DSP instruction Sets,including C28x assembly language instructions/fpu/fpu64/Viterbi,Complex Math and CRC unit(VCU)/VCRC/VCU-II/Fast Integer Division Unit(FINTDIV)/Trigonometric Math Unit (TMU)/Control Law Accelerator(CLA).

@officerdownTW @greentheonly can you share it to me?

@vessial @greentheonly I have the 2019 leak. How did you get it working?

Qemu fully Tesla model 3 EMMC dump emulation up, this is after 2021 model based on AMD Ryzen APU @greentheonly

@mikko this reply from Mars 😆

% ping curiosity.mars.jpl.nasa.gov Reply from 198.122.199.235: bytes=32 time=1680000ms TTL=58

All the details about this vuln and much more will be revealed tomorrow by us (me, @bzvr_, @kucher1n) during our talk “Operation Triangulation: What You Get When Attack iPhones of Researchers” at #37c3 (14:45 CET). There will also be a live stream. fahrplan.events.ccc.de/congress/2023/…

@4b5f5f4b @greentheonly not yet, but i can try to emulate those games run first

@vessial @greentheonly Looking forwards to more Tesla eastereggs from your sharing. BTW: Did you buy Tesla IVI from Xianyu platform?

@ETenal7 Sure, not perfect yet

Wow this looks fun, plan to open source?

@John011235 @greentheonly Oh I forgot uname it,let me check,it’s released in February this year

@vessial @greentheonly When eta release? :)

@chernwu 没有

@vessial 搞到了星链接收器设备？

#Starlink satellite firmware dumped in nandflash, main component wifi_control developed by golang/google protobuf, go2exe, #spacex

@windknown Kodos to you, I still remembered your xcon2008 presentation, I am an audience there and get a lucky gift PSP4, good future to you Hao!

My very first tech talk at XCON2008 & last one at MOSEC2020. Time to retire from vulnerability/exploit research work 🫶🏻

RCE in MediaTek basebands: in today's blogpost, we explore more CSN1 parsing bugs, this time in MTK's basebands running on MIPS16e2, and analyze how to exploit heap overflows in this baseband OS! labs.taszk.io/articles/post/…

@olegkutkov Excellent

Reconstructed block diagram of the #Starlink Dishy CPU. Sure, it might not be 100% correct, but this is how it looks in general.