Stefan Gloor

@stgl@infosec.exchange
138 Followers
122 Following
33 Posts

Likes to develop and break embedded things🐧
Electrical engineer by training, currently working as an embedded software developer. Interested in all things electronics, microcontrollers, computers, open source, security, and Linux

https://stefan-gloor.ch

Stefan GloorJun 3

Some people have asked and I saw some demand in my logs, so I added an RSS feed to my blog (https://stefan-gloor.ch)

https://stefan-gloor.ch/rss.xml

Let me know if there are any problems!

Check out my project page!

Hardware, Linux, Embedded Systems

Stefan GloorJun 2
reverse:luckeJun 2

🪥 Reverse Engineering der Oral-B iO: Firmware & Hardware im Überblick!
🔧 HW: PSoC4, CC2642, 128×64 OLED, W25Q64JV (GALEP-5), J-Link
💻 SW: Ghidra + Python-Skripte, Bitmap-Header-Suche (0x80 00 40 00), Entropie-Checks
➡️ Einblicke in Zerlegen, Flash-Dump & automatisierte Grafikauslese!

#ReverseEngineering #EmbeddedSystems #Firmware #PSoC4 #Ghidra #HardwareHacking #IoT #Python

Stefan GloorJun 1

New blog post!

How I got a Root Shell on a Credit Card terminal

https://stefan-gloor.ch/yomani-hack

#reverse_engineering #reverseengineering #hardwarehacking #hacking #security

Stefan GloorMay 27
Owlet of MinervaApr 11

[Blog:] Ophanim, or, How many angels can dance on a circuit board

The OPHANIM sensor board from CERN's AEgIS project is an absolute delight

https://christianmoe.com/en/blog/2025/Ophanim

#science #religion #mysticism #art #CERN

1/2

[commenting: see below]

C. Moe | Ophanim

The OPHANIM sensor board from CERN's Aegis project is an absolute delight

Stefan GloorJan 25
Atc1441Dec 26, 2024

First successful upload of a bytepatched Firmware onto the 25€ Aliexpress BLE Smart Ring with Display🥳 Thats code execution🙌
https://s.click.aliexpress.com/e/_oF0OCxZ (Affiliate link)

Who will I meet at 38C3?

2024 New RS08 Smart Ring 5ATM Waterproof Health Rate Blood Oxygen Monitoring Fitness Rings Multi Sports Modes for Men Women - AliExpress 44

Smarter Shopping, Better Living! Aliexpress.com

aliexpress.
Stefan GloorJan 25
Atc1441Jan 12

It finally happened, found a full buffer overflow + exploit for the first time🥳

The target, The Signed OTA of the Xiaomi Thermometer (2.1.1_0159)

This now enables a full OTA update to custom firmware.
Will be shared later

The BLE Keys need to be known to do this,still all OTA

Stefan GloorJan 24
Hal 9000Jan 24
Dear Fediverse, does anyone have material on how to bypass readout protection on a dsPIC33F?
Stefan GloorJan 24
Signal integrity is apparently not that critical for external flash.
Stefan GloorAug 9, 2024

I finished my little side project.
https://stefan-gloor.ch/voip-phone-hack

#DOOM #reverseengineering #hacking

Hacking a VoIP Phone

×
Owlet of MinervaApr 11

[Blog:] Ophanim, or, How many angels can dance on a circuit board

The OPHANIM sensor board from CERN's AEgIS project is an absolute delight

https://christianmoe.com/en/blog/2025/Ophanim

#science #religion #mysticism #art #CERN

1/2

[commenting: see below]

Show threadOwlet of MinervaApr 11

Comment on my blog from the Fediverse:

*Public* replies to *this* toot (2/2) will be automatically collected and may be republished as comments on my blog post after moderation.

If that isn't what you want, you can still reply to the toot above (1/2), or reply to this one with a different visibility. Those replies won't be republished.

(If moderation seems slow, note that I'm in a European time zone)

2/2

Show threadTomi the Slav and 1024 othersApr 12
@noctuaminervae is your blog connected to fediverse? If yes, how can i follow it?
Show threadOwlet of MinervaApr 12

@po3mah No, it isn't. I'm running it as a static site, so it has no ActivityPub interaction. I just post a toot as a commenting endpoint and use some utility scripts to fetch replies into the comment sections of the source files, as described here: https://christianmoe.com/en/blog/2025/Comments-via-Mastodon.html

You can follow the site via RSS; there are RSS pages for each language section and for the whole site.

C. Moe | Comments via Mastodon

I'm trying out a simple way to collect comments on a static blog via Mastodon and moderate them in Org-mode, with this post as a test case.

Show threadTomi the Slav and 1024 othersApr 13
@noctuaminervae Ah, cool!