Quentin Kaiser

Automated RTOS Firmware Analysis: Architecture, Load Address, and Component Detection | Research | ONEKEY Discover how ONEKEY’s platform breaks open real-time operating system (RTOS) firmware. Learn how automated architecture detection, load address recovery, and component identification bring transparenc...

RTOS analysis has been available on our platform for some time now but we never shared details about what it took to build it.

If you’re interested in architecture detection ML classifiers, load address identification heuristics, and function matching check it out.

www.onekey.com/resource/how...

Rooting the TP-Link Tapo C200 Rev.5 Let’s explore ways to mod a Tapo C200 Rev.5 firmware in order to gain root access to a running device.

Ended my 4 years blogging hiatus with a tutorial on modding the latest Tapo C200 firmware to get root. No vuln but some hardware/firmware hacking stuff and some notes about TP-Link and engineering resources allocations. quentinkaiser.be/security/202...

Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6198) | ONEKEY Research | Research | ONEKEY Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Viasat modems. Learn about the risks and recommended actions.

Embargo lifted. We automatically identified issues affecting Viasat satellite modems that could be exploited for RCE.

www.onekey.com/resource/sec...

Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6199) | ONEKEY Research | Research | ONEKEY Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Viasat modems. Learn about the risks and recommended actions.

Second vuln: www.onekey.com/resource/sec...

Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6198) | ONEKEY Research | Research | ONEKEY Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Viasat modems. Learn about the risks and recommended actions.

Embargo lifted. We automatically identified issues affecting Viasat satellite modems that could be exploited for RCE.

www.onekey.com/resource/sec...

I’ll be at FOSDEM the whole day this Sunday, probably between kernel, python, and SBOM dev rooms. Reach out if you wanna chat :)

*sick people coughing in the background, baby crying, the smell of fart covering the cabin*
“Thanks for choosing Ants Airlines”

Anyone experienced with fscrypt forensics/reversing ? I got a firmware with a kernel and UBIFS. Both are encrypted. Kernel self-decrypt just before self-decompression, I managed to recover the key and decrypt it. I see it mounts the UBIFS using fscrypt. It’s embedded so the key must be somewhere…

Critical Vulnerabilities in EV Charging Stations: Analysis of eCharge Controllers | Research | ONEKEY Discover how severe security flaws, including unauthenticated remote command execution (CVE-2024-11665 & CVE-2024-11666), affect eCharge EV charging controllers. Learn about insecure firmware practice...

EV charging stations running PHP ? Sure ! www.onekey.com/resource/cri...

NSA analysts keeping the spirit of independence alive—one line of Java at a time.