So two months ago I’ve published this nice analysis, comparing hundreds of VStarcam firmware versions: https://palant.info/2026/01/07/backdoors-in-vstarcam-cameras/. And now I find a firmware dump somebody posted online, and it is version 20.x.x.x?! In all my research I’ve never seen anybody mention version 20.x.x.x, only different variants of 10.x.x.x, 48.x.x.x, 66.x.x.x. I didn’t even know these existed. Worse yet: this firmware dump looks like the one weird outlier than I didn’t even put on the chart because it was so different from everything else. So maybe it wasn’t an outlier but the only instance I found of their newest firmware generation? Ouch, I’m not redoing that analysis… 😓

On a semi-related note: I’ve also seen somebody question the legality of posting firmware dumps online. Which makes sense of course, technically this being unauthorized software distribution. Except: these firmware dumps are invariably Linux-based, meaning that they are subject to GPL even though the vendors tend ignore this fact. With the GPL explicitly giving everybody permission to distribute the software, I wonder how a court would rule in such a case (not that I expect this to ever land in front of a judge).