A deep technical exploration of breaking Widevine L3, Google's software-only DRM. The author loads the Android Widevine library (libwvhidl.so) into the Qiling emulation framework, extracts the encrypted keybox from memory, and applies Differential Fault Analysis (DFA) against the white-box AES implementation to recover the decryption key. The post covers trace visualization to locate AES T-table operations, using phoenixAES to recover round keys, and then goes further to deobfuscate the VM-based code protection layer — revealing that the keybox encryption key is simply the SHA1 of the device ID. The author notes that while the technique works, L3 content is already restricted by most providers to lower quality, and practical piracy impact is minimal.
Nguồn: https://neodyme.io/en/blog/widevine_l3. 8sync News chỉ tóm tắt và dẫn link; bản quyền nội dung thuộc tác giả và nguồn gốc.
A developer named Tobi is porting The Legend of Zelda: Twilight Princess (originally a GameCube/Wii title) to the Nintendo 3DS using the game's recently decompiled source code. Despite being an early-stage effort, the game is already playable on the handheld, though with graphical glitches and instability. The 3DS hardware — with 128 MB of FCRAM and a capable processor — is close enough to the original consoles to make the port feasible. Next steps include bug fixing, optimization, and potentially enabling native 3D rendering.
A teardown and exploration of the Scantron machine — the optical answer-sheet grader used in schools for decades. The video covers its standalone hardware design (no software required, just two rocker switches), internal components including a lightbulb-based optical reader, belt-and-motor card transport, and a seven-pin dot matrix printer. It also tests which writing instruments (pens, Sharpies, colored pencils, various pencil grades) successfully register on the machine, explaining why a #2 pencil was the standard requirement.
Bài viết tổng hợp các nội dung về hệ thống nhúng và firmware từ tháng 3 đến tháng 6 năm 2026, bao gồm reverse engineering giao thức BLE của Wahoo ELEMNT, thiết kế CPU RISC-V bằng LLM, silicon đầu tiên của CHERIoT, kiểm thử flash intentionally corrupted trên STM32, và câu chuyện debug timer overclocked. Ngoài ra còn đề cập đến các công cụ như KiCad 10.0.0, dự án ESP32 watch tiết kiệm pin nhờ boot từ RTC RAM, và e-ink reader mã nguồn mở. Tin tức cập nhật về driver Linux cho ESP32-E22, hỗ trợ Web Serial trên Firefox, sự tuân thủ Cyber Resilience Act của Zephyr, cùng lời kêu gọi tham gia Embedded World EU 2027.
Lập trình viên embedded nên đọc bài này để khám phá những tiến bộ mới về kiến trúc firmware, từ cách tối ưu hóa CPU RISC-V với LLM cho đến các kỹ thuật debug và bảo mật như flash corruption hay kiểm tra an toàn theo tiêu chuẩn Cyber Resilience.
A hardware hacker reverse-engineered the proprietary serial protocol used by the Waterdrop G3P600 smart RO water filter faucet. The four-pin connector turned out to carry a simple 9600 baud serial link at 5V, transmitting data on filter health, water quality, pump status, air temperature, and faucet state. Using this knowledge, a custom PCB was built to integrate the system with Home Assistant via ESPHome, enabling full home automation control and monitoring of the RO unit.
A developer inspecting Claude Code (v2.1.196) for privacy reasons discovered that the tool silently alters its system prompt based on the ANTHROPIC_BASE_URL environment variable and system timezone. Specifically, the apostrophe in "Today's date" is replaced with different Unicode characters (U+2019, U+02BC, or U+02B9) depending on whether the API hostname matches a decoded domain list or contains AI lab keywords, and the date separator changes from '-' to '/' for Asia/Shanghai or Asia/Urumqi timezones. The domain and keyword lists are obfuscated with base64 and XOR encoding. The author argues this is prompt steganography — encoding classification signals invisibly into plain-looking text — likely intended to detect API resellers or model distillation pipelines. While not malicious, the hidden behavior undermines trust in a tool that already has broad filesystem and shell access, and the author argues Anthropic should make such telemetry explicit and documented rather than hidden.
A detailed technical analysis of a ClickFix attack chain observed in May 2026 that led to a full hands-on-keyboard intrusion across 11 hosts. The infection began with a user tricked into running a command via the Windows Run Dialog, which fetched and silently installed an MSI dropping 'Potemkin', a custom x64 loader using a Domain Generation Algorithm (DGA) with XorShift32 seeded at 151678 to find its C2. Potemkin reflectively loads 'RMMProject', a 4.4 MB Lua-scriptable DLL with 15 task types including browser credential theft (with a Chrome App-Bound Encryption bypass via DLL injection), hidden remote desktop control, process injection, and module loading. The attacker also deployed EtherRAT (a Node.js backdoor resolving C2 via Ethereum blockchain) and Cloudflare tunnels, then moved laterally via WMIExec and SMBExec to reach the domain controller. The post includes full DGA Python implementation, cipher decryption algorithm, C2 protocol details, and indicators of compromise.
Arctic Wolf Labs reverse-engineered the CyberStrike Harvester v1.5 binary (a Go-based Linux ELF) used in the FortiBleed campaign — a large-scale credential compromise operation targeting internet-facing Fortinet FortiGate firewalls across 194 countries. The campaign operates as a closed-loop credential pipeline: credential stuffing and password spraying gain initial access, FortiGate configurations and traffic captures are exported, the CyberStrike Harvester parses pcap/pcapng/FortiGate text to extract NetNTLM, Kerberos, cookies, and cleartext credentials, a Telegram-bot-orchestrated Hashcat/Hashtopolis GPU cluster cracks hashes, and Impacket-based tools then perform AD enumeration, SMB validation, and DFS file-share exfiltration (one logged run collected 121 GB). The operators prioritize targets by revenue and geography. Attribution remains low-confidence Russian-speaking based on tool branding, an operator handle, and Russian-language UI strings. Remediation requires immediate session termination, credential rotation, MFA enforcement, and specific FortiOS password-policy steps to eliminate legacy SHA-256 hashes from configuration exports.