Reverse Engineering or Necromancy? 🧟‍♂️⚖️

What do you do when the company goes dark, the app vanishes from the App Store, and your "smart" scale becomes a 100€ paperweight?

You reverse it.

I’m starting a new series on ByteArchitect about bringing the QardioBase2 back to life. No ChatGPT-farts here—just raw bluetoothd logs, GATT discovery, and the sad sight of a backend that keeps saying "cancelled."

In this first part:
- Sniffing BLE traffic on iOS (without a jailbreak)
- Mapping proprietary GATT services & characteristics
- Realizing the servers are officially dead (RIP Qardio)

If you despise planned obsolescence as much as I do, join me in this "zombie" recovery:

https://bytearchitect.io/security-reversing/Reverse-with-me-Qardio-necromancy/

#ReverseEngineering #Infosec #BLE #iOS #HardwareHacking #Obsolescence #CyberSecurity #GATT #Necromancy

Apparently Electric Eye made it to riskybiz. Not bad for day one.

https://news.risky.biz/risky-bulletin-gen-joshua-rudd-confirmed-as-next-cybercom-and-nsa-head/

Stop chasing blacklists. It's a losing game. I built a Rust engine
to spot AitM proxies where they bleed: in the DOM. Meet Electric Eye.

https://bytearchitect.io/network-security/Bypassing-MFA-with-Reverse-Proxies-Building-a-Rust-based-Firefox-Extension-to-Kill-AitM-Phishing/

#infosec #rust #firefox

New post: Hardening macOS pt.5 — Communications

Email clients, providers, PGP, and chat. For a Cypherpunk, talking about communications is like talking politics at the pub. I tried to be factual. Mostly succeeded.

Also: a special note for my Italian readers on PEC. With appropriate levels of contempt.

https://bytearchitect.io/macos-security/MacOS-Hardening-6-email-and-pgp/

#infosec #macOS #privacy #security #PGP #email #Signal

No Hardening macOS this week. Got distracted.

Starkiller is a new phishing kit that proxies REAL login pages in real-time. It steals credentials, MFA tokens and session cookies — and MFA won't save you.

I wrote a full technical analysis: how AitM works, why traditional defences fail, and what to actually do about it.

Also released ja3-probe, a Rust PoC for TLS fingerprinting of phishing proxies.

→ Post: https://bytearchitect.io/network-security/Starkiller-Phishing-Kit-Why-MFA-Fails-Against-Real-Time-Reverse-Proxies/?ref=mastodon
→ PoC: https://github.com/gb-at-r3/ja3Probe

#infosec #phishing #AitM #MFA #TLS #security #rust

New post: Hardening macOS pt.4 — Secrets

Scams, Apple Keychain (the good and the ugly), the kdbx ecosystem, Strongbox, hardware security keys.

Your password is not enough. It never was.

https://bytearchitect.io/macos-security/Hardening-macOS-pt.4-Secrets-management/?utm\_source=mastodon&utm\_medium=social&utm\_campaign=hardening-pt4

#infosec #macOS #privacy #security #passwords #MFA #YubiKey