Publications

DJI Android GO 4 application security analysis

23/07/2020
Système
Reverse-engineering
Drones are currently one of the most dynamic products, with multiple use cases across sectors such as personal and commercial videography, farming and land surveying, law enforcement and national security, and more. One of the market leaders, China-based Daijiang Innovations (DJI), is often in the news for suspected cybersecurity and data privacy issues. While there are technical reports sponsored by DJI stating that their associated mobile application, DJI GO 4, is harmless and does not send any personal information b...

A journey in reversing UEFI Lenovo Passwords Management

08/06/2020
Reverse-engineering
In this blog post the goal is to explain how I started looking at the Lenovo password. We will start by looking at how the reverse was started and the different kinds of passwords in the firmware, before having a more in depth look at two of them: the Power-On Password and the Bios Passwords. No vulnerability has been identified (yet) in the management of those passwords, but without further ado let get started.

I'm SMBGhost, daba dee daba da

12/03/2020
Exploit
Reverse-engineering
This blogpost was created due to a mistake from Microsoft, releasing publicly an advance warning for CVE-2020-0796. CVE-2020-0796, also nicknamed "SMBGhost" or "Coronablue" is a vulnerability impacting SMBv3.1.1 servers and clients and currently has no fix (12/03/2020).

"No grave but the SIP": Reversing a VoIP phone firmware

30/08/2019
Reverse-engineering
When conducting internal intrusion tests, one can find interesting to access the phones used by a client, as they are often connected to an internal network and can provide some kind of persistent access. This article presents the research done for getting a good grasp on the firmware of Yealink VoIP phones, which enables us to analyze further the underlying system.

E-ink maiden: Bring your reader to the reverser

01/12/2018
Hardware
Reverse-engineering
As a team of security researchers, we like poking at software and tinkering with common household objects for fun. So, one of our researchers bought an electronic paper reader tablet, and instead of reading ebooks on the train, started having fun with it!