Localgh0st

@antoniovazquezblanco
148 Followers
386 Following
232 Posts
Githubhttps://github.com/antoniovazquezblanco
LanguagesGL, ES, EN
Localgh0stMar 22

@pancake, he visto una serie de posts que igual te molan...

Empiezan en este: https://maderix.substack.com/p/inside-the-m4-apple-neural-engine

Igual te es útil ;)

Inside the M4 Apple Neural Engine, Part 1: Reverse Engineering

How we bypassed CoreML and talked directly to the hardware

maderix’s Substack
Localgh0stMar 22
Anyone in @flashrom or @coreboot has any info on how to compile #flashrom using libpayload? Documentation has a TODO comment (https://github.com/flashrom/flashrom/blob/main/doc/dev_guide/building_from_source.rst#libpayload) and meson file does not have anything related... I am not versed on this but just a pointer may get me started...
Localgh0stMar 2
TarlogicMar 2
🛜 Want to know if your heart rate monitor or headphones are secure? Miguel Tarascó and @antoniovazquezblanco from the Innovation Department at @Tarlogic will present BSAM Checker at @rootedcon, a free program that automates security audits of Bluetooth devices.
Localgh0stJan 1
Jeff Hall - PCIGuru Dec 30
Hmm ... This might be a good retirement project. https://hackaday.com/2025/12/30/39c3-liberating-esp32-bluetooth/
39C3: Liberating ESP32 Bluetooth

Bluetooth is everywhere, but it’s hard to inspect. Most of the magic is done inside a Bluetooth controller chip, accessed only through a controller-specific Host-Controller Interface (HCI) pr…

Hackaday
Localgh0stDec 19
TarlogicDec 19

Transparency and deep access to IoT hardware. ⚙️🔍 On December 27, @antoniovazquezblanco (@Tarlogic Innovation) will present at #39c3 a reverse engineering research project on the ESP32 chip.

📍 Hamburg
⏰ 13:50–14:30
#Bluetooth

Localgh0stDec 1
TarlogicDec 1
🔎 Extract firmware, recover keys, and execute code. This is what hostile actors can achieve with physical access to devices with hardware security deficiencies. @antoniovazquezblanco outlines the key steps in a security analysis of two devices.
https://www.tarlogic.com/blog/reverse-engineering-dahua-nvr-xvr-devices/
Reverse Engineering Dahua NVR/XVR Devices and Breaking Their Boot Security

Reverse engineering of Dahua NVR-XVR devices revealed weaknesses in the implementation of security mechanisms

Tarlogic Security
Localgh0stNov 21
TarlogicNov 21
🚨 Our colleague @antoniovazquezblanco is explaining at @blackalpsconf how it's possible to gain unrestricted access to Dahua video surveillance devices using advanced hardware hacking and reverse engineering techniques.
Localgh0stNov 17
Xeno KovahNov 17

Real ones post their slides before their talk (or at least very shortly thereafter) ;)

Slides & materials for HWIO NL talk later this week:
“Reverse engineering Realtek RTL8761B* Bluetooth chips, to make better Bluetooth security tools & classes”

https://darkmentor.com/publication/2025-11-hardweario/

Reverse engineering Realtek RTL8761B* Bluetooth chips, to make better Bluetooth security tools & classes | Dark Mentor LLC

We hold this truth to be self-evident: SUFFERING BUILDS STRENGTH! In this talk I will walk you through the trials, tribulations, and triumph(!) of the worst debugging setup I've ever hacked together, which I used to reverse engineer the Realtek RTL8761B* family of Bluetooth chips.<p>This work was done because Bluetooth security tools are in an abominable state. We use "CSR4" (Cambridge Silicon Radio) dongles that don't support packets newer than Bluetooth 4.0 (released in 2010!), just to be able to spoof the Bluetooth Device Address (BDADDR) for MitM attacks.<p>Veronica Kovah & I have been creating Bluetooth security classes for <a href="https://ost2.fyi/">OpenSecurityTraining2</a>. And we wanted to use better hardware; ideally something that supports BT 5.4 (released in 2023). So I bought a bunch of cheap dongles off Amazon, and found that most of them used the same RTL8761B chip. So the goal was clear: at a minimum, figure out a way to spoof the BDADDR on these dongles. But I also a set out a nice-to-have stretch goal - to figure out how to use these dongles to send custom LMP packets (which are architecturally not meant to be under full user control.) That way, could replace a bulky and expensive $55 dev board (that is only used for BT Classic), with a cheap and small $14 USB dongle (which has a better antenna to boot!) This would make Blue2thprinting (released at Hardwear.io 2023), and thus Bluetooth reconnaissance & vulnerability assessment, cheaper & better.<p>Bloodied (but not broken) by the ordeal, I achieved my goals and stretch goals. And given that there are no public descriptions of how Realtek Bluetooth chips work, I look forward to sharing hitherto-unknown information about how to navigate and understand these mostly-16-bit-MIPS-code systems. And I'll discuss how their ROM-"patch"ing firmware update mechanism works, how you can patch it to change its code too, and the security implications thereof.

Dark Mentor LLC
Localgh0stNov 8
pancake Nov 8
Some fun stories in this TOR talk in case you have 40 spare minutes just for listening it's totally worth it. (while driving or going to bed f.ex) https://www.youtube.com/watch?v=djM70O0SnsY
DEF CON 33 - Stories from a Tor dev - Roger 'arma' Dingledine

YouTube
Localgh0stNov 3
Matthias KirschnerNov 3
International Criminal Court moves from Microsoft to #FreeSoftware #Opendesk https://www.heise.de/en/news/International-Criminal-Court-Kicks-Out-Microsoft-10964189.html
International Criminal Court Kicks Out Microsoft

According to Handelsblatt, the International Criminal Court is kicking out US service providers like Microsoft. And is relying on German alternatives.

heise online