lukas seidel
@pr0me.bsky.social
Firmware Security • Embedded Systems • AI x Infosec •
Researcher @binarly • PhD Candidate @TUBerlin •
Capturing Flags with ENOFLAG
Researcher @binarly • PhD Candidate @TUBerlin •
Capturing Flags with ENOFLAG
personal achievement: [h-index 5 unlocked]
May 13, 2025 at 7:04 AM
personal achievement: [h-index 5 unlocked]
Reposted by lukas seidel
📢 Excited to announce that the results on BaseBridge, our project on improving cellular baseband emulation, are going public this week. Dyon will present at IEEE S&P on Monday 3pm, while David and I will be on stage at @offensivecon.bsky.social on Saturday 11am with even more details! 1/6
May 11, 2025 at 10:23 AM
📢 Excited to announce that the results on BaseBridge, our project on improving cellular baseband emulation, are going public this week. Dyon will present at IEEE S&P on Monday 3pm, while David and I will be on stage at @offensivecon.bsky.social on Saturday 11am with even more details! 1/6
recently, the google scholar feed I used to explore new work in my fields of interest was removed.
so I built my own paper discovery website:
a minimalistic design with high information density and full control over search terms.
so I built my own paper discovery website:
a minimalistic design with high information density and full control over search terms.
May 9, 2025 at 9:51 AM
recently, the google scholar feed I used to explore new work in my fields of interest was removed.
so I built my own paper discovery website:
a minimalistic design with high information density and full control over search terms.
so I built my own paper discovery website:
a minimalistic design with high information density and full control over search terms.
okay deepwiki is pretty sweet.
just replace 'github' with 'deepwiki' in a repo's url and it will generate an architecture overview, explanations for components, flow diagrams etc.
I tried it on large code bases like afl++ and libafl and it's actually impressive
just replace 'github' with 'deepwiki' in a repo's url and it will generate an architecture overview, explanations for components, flow diagrams etc.
I tried it on large code bases like afl++ and libafl and it's actually impressive
May 5, 2025 at 3:02 PM
okay deepwiki is pretty sweet.
just replace 'github' with 'deepwiki' in a repo's url and it will generate an architecture overview, explanations for components, flow diagrams etc.
I tried it on large code bases like afl++ and libafl and it's actually impressive
just replace 'github' with 'deepwiki' in a repo's url and it will generate an architecture overview, explanations for components, flow diagrams etc.
I tried it on large code bases like afl++ and libafl and it's actually impressive
new CCS workshop on decompilation, reversing, root cause analysis, debugging, etc. 👀
We are excited to announce that the 1st Workshop on Software Understanding and Reverse Engineering (SURE) will be co-located at ACM CCS 2025 in Taiwan! We invite the community to submit their awesome research sure-workshop.org/.
So, what is SURE? More in the 🧵
So, what is SURE? More in the 🧵
SURE 2025 | The Workshop on Software Understanding and Reverse Engineering
The Workshop on Software Understanding and Reverse Engineering
sure-workshop.org
April 28, 2025 at 9:35 AM
new CCS workshop on decompilation, reversing, root cause analysis, debugging, etc. 👀
the guy who reversed the denuvo drm
@momo5502.bsky.social works on a high-perf windows emulator for security research.
I noticed that it supports icicle as a backend, a fuzzing-specific emulator. awesome to see academic work being continuously developed and making it into the real world
@momo5502.bsky.social works on a high-perf windows emulator for security research.
I noticed that it supports icicle as a backend, a fuzzing-specific emulator. awesome to see academic work being continuously developed and making it into the real world
April 23, 2025 at 7:16 PM
the guy who reversed the denuvo drm
@momo5502.bsky.social works on a high-perf windows emulator for security research.
I noticed that it supports icicle as a backend, a fuzzing-specific emulator. awesome to see academic work being continuously developed and making it into the real world
@momo5502.bsky.social works on a high-perf windows emulator for security research.
I noticed that it supports icicle as a backend, a fuzzing-specific emulator. awesome to see academic work being continuously developed and making it into the real world
I thought USENIX was huge with like 300 accepted papers and 6 speaker tracks in parallel.
but man these ml conferences look kinda dystopian
but man these ml conferences look kinda dystopian
April 23, 2025 at 7:58 AM
I thought USENIX was huge with like 300 accepted papers and 6 speaker tracks in parallel.
but man these ml conferences look kinda dystopian
but man these ml conferences look kinda dystopian
the recording of my talk "Rethinking Emulation for Fu(zzi)n(g) and Profit: Near-Native Rehosting for Embedded ARM Firmware" is online!
I had an absolute blast speaking and being at
@re-verse.io, so many great talks and hallway discussions
I had an absolute blast speaking and being at
@re-verse.io, so many great talks and hallway discussions
We were slow with the last video update so we figured we'd do a two for one! Lukas talks about rehosting firmware for fuzzing (youtu.be/o_ckTnTQlfs) and Robin shows off a fantastic new tool for exploring code relationships beyond single binaries (www.youtube.com/watch?v=LsDn...)
RE//verse 2025: Rethinking Emulation for Fu(zzi)n(g) (Lukas Seidel)
Full title: Rethinking Emulation for Fu(zzi)n(g) and Profit: Near-Native Rehosting for Embedded ARM FirmwareSlides: https://github.com/binarly-io/Research_Pu...
youtu.be
April 13, 2025 at 9:07 AM
the recording of my talk "Rethinking Emulation for Fu(zzi)n(g) and Profit: Near-Native Rehosting for Embedded ARM Firmware" is online!
I had an absolute blast speaking and being at
@re-verse.io, so many great talks and hallway discussions
I had an absolute blast speaking and being at
@re-verse.io, so many great talks and hallway discussions
more exciting stuff coming to libAFL @aflplusplus.bsky.social , including a binary-only ASan implementation in Rust for QEMU and integration with the unicorn emulator!
reminds me of how @dmnk.bsky.social and I got the unicornafl rust bindings up and running to fuzz some basebands 5 years ago
reminds me of how @dmnk.bsky.social and I got the unicornafl rust bindings up and running to fuzz some basebands 5 years ago
April 10, 2025 at 2:57 PM
more exciting stuff coming to libAFL @aflplusplus.bsky.social , including a binary-only ASan implementation in Rust for QEMU and integration with the unicorn emulator!
reminds me of how @dmnk.bsky.social and I got the unicornafl rust bindings up and running to fuzz some basebands 5 years ago
reminds me of how @dmnk.bsky.social and I got the unicornafl rust bindings up and running to fuzz some basebands 5 years ago
some convenient features coming to binja, incl. auto-classification of embedded devices based on peripheral accesses
making firmware hacking maybe a little less painful
cc @stacksmashing.bsky.social
making firmware hacking maybe a little less painful
cc @stacksmashing.bsky.social
April 2, 2025 at 6:25 PM
some convenient features coming to binja, incl. auto-classification of embedded devices based on peripheral accesses
making firmware hacking maybe a little less painful
cc @stacksmashing.bsky.social
making firmware hacking maybe a little less painful
cc @stacksmashing.bsky.social
3.7 is both in api and in cursor just utterly disappointing.
when it does what it's supposed to, it's great, but man is it trying hard to misinterpret my intentions.
when it does what it's supposed to, it's great, but man is it trying hard to misinterpret my intentions.
March 21, 2025 at 10:27 AM
3.7 is both in api and in cursor just utterly disappointing.
when it does what it's supposed to, it's great, but man is it trying hard to misinterpret my intentions.
when it does what it's supposed to, it's great, but man is it trying hard to misinterpret my intentions.
beautiful and incredibly interesting talk on reverse engineering the OG xbox by
@ret2systems.bsky.social's Markus, incl. building a custom interposer to upgrade the CPU
a deep dive into hardware hacking, an ode to hw engineering and a call for software-focused researchers to try new things
@ret2systems.bsky.social's Markus, incl. building a custom interposer to upgrade the CPU
a deep dive into hardware hacking, an ode to hw engineering and a call for software-focused researchers to try new things
March 20, 2025 at 3:59 PM
beautiful and incredibly interesting talk on reverse engineering the OG xbox by
@ret2systems.bsky.social's Markus, incl. building a custom interposer to upgrade the CPU
a deep dive into hardware hacking, an ode to hw engineering and a call for software-focused researchers to try new things
@ret2systems.bsky.social's Markus, incl. building a custom interposer to upgrade the CPU
a deep dive into hardware hacking, an ode to hw engineering and a call for software-focused researchers to try new things
libAFL is a beast.
it has so many settings to tweak, different modes to select and the code can be quite scary at first.
but writing a target-specific custom fuzzer is super powerful!
to get started, Trail of Bits just published a nice primer:
appsec.guide/docs/fuzzing...
it has so many settings to tweak, different modes to select and the code can be quite scary at first.
but writing a target-specific custom fuzzer is super powerful!
to get started, Trail of Bits just published a nice primer:
appsec.guide/docs/fuzzing...
LibAFL
LibAFL # The LibAFL fuzzer implements features from AFL-based fuzzers like AFL++. Similarly to AFL++, LibAFL provides better fuzzing performance and more advanced features over libFuzzer. However, wit...
appsec.guide
March 12, 2025 at 3:41 PM
libAFL is a beast.
it has so many settings to tweak, different modes to select and the code can be quite scary at first.
but writing a target-specific custom fuzzer is super powerful!
to get started, Trail of Bits just published a nice primer:
appsec.guide/docs/fuzzing...
it has so many settings to tweak, different modes to select and the code can be quite scary at first.
but writing a target-specific custom fuzzer is super powerful!
to get started, Trail of Bits just published a nice primer:
appsec.guide/docs/fuzzing...
my google scholar's 'recommended articles' feed has been empty for weeks.
where is, it I miss it :/
anyone any recommendation for an alternative? some tunable feed of recent papers?
where is, it I miss it :/
anyone any recommendation for an alternative? some tunable feed of recent papers?
March 12, 2025 at 10:30 AM
my google scholar's 'recommended articles' feed has been empty for weeks.
where is, it I miss it :/
anyone any recommendation for an alternative? some tunable feed of recent papers?
where is, it I miss it :/
anyone any recommendation for an alternative? some tunable feed of recent papers?
I had a blast speaking and being at the RE//verse conference!
so many cool people and great discussions on firmware, fuzzing, ai and binary analysis
if you want to find out more about firmware rehosting or are an enjoyer of ascii diagrams, check out the slides to my talk below :)
so many cool people and great discussions on firmware, fuzzing, ai and binary analysis
if you want to find out more about firmware rehosting or are an enjoyer of ascii diagrams, check out the slides to my talk below :)
March 3, 2025 at 8:01 PM
I had a blast speaking and being at the RE//verse conference!
so many cool people and great discussions on firmware, fuzzing, ai and binary analysis
if you want to find out more about firmware rehosting or are an enjoyer of ascii diagrams, check out the slides to my talk below :)
so many cool people and great discussions on firmware, fuzzing, ai and binary analysis
if you want to find out more about firmware rehosting or are an enjoyer of ascii diagrams, check out the slides to my talk below :)
today was blessed.
had a super fun day at Kennedy Space Center.
and then I got to witness my first rocket launch in person, a falcon 9 bringing Intuitive Machine's lunar lander into orbit.
my space-nerd heart is so happy.
had a super fun day at Kennedy Space Center.
and then I got to witness my first rocket launch in person, a falcon 9 bringing Intuitive Machine's lunar lander into orbit.
my space-nerd heart is so happy.
February 27, 2025 at 2:28 AM
today was blessed.
had a super fun day at Kennedy Space Center.
and then I got to witness my first rocket launch in person, a falcon 9 bringing Intuitive Machine's lunar lander into orbit.
my space-nerd heart is so happy.
had a super fun day at Kennedy Space Center.
and then I got to witness my first rocket launch in person, a falcon 9 bringing Intuitive Machine's lunar lander into orbit.
my space-nerd heart is so happy.
excellent blog post on garbage collectors: "Memory Hell"
it addresses many of humanity's great questions:
- do we actually know how to do garbage collection?
- pointers, indices or handlers?
- and what are typesafe use-after-frees?
it addresses many of humanity's great questions:
- do we actually know how to do garbage collection?
- pointers, indices or handlers?
- and what are typesafe use-after-frees?
February 24, 2025 at 11:31 PM
excellent blog post on garbage collectors: "Memory Hell"
it addresses many of humanity's great questions:
- do we actually know how to do garbage collection?
- pointers, indices or handlers?
- and what are typesafe use-after-frees?
it addresses many of humanity's great questions:
- do we actually know how to do garbage collection?
- pointers, indices or handlers?
- and what are typesafe use-after-frees?
Reposted by lukas seidel
2024 was a significant year for decompilation, constituting a possible resurgence in the field. Major talks, the thirty-year anniversary of research, movements in AI, and an all-time high for top publications in decompilation.
Join me for a retrospective:
mahaloz.re/dec-progr...
Join me for a retrospective:
mahaloz.re/dec-progr...
Decompiling 2024: A Year of Resurgance in Decompilation Research
The year 2024 was a resurgant year for decompilation. Academic publications from that year made up nearly 30% of all top publications ever made in decompilat...
mahaloz.re
January 29, 2025 at 5:45 PM
2024 was a significant year for decompilation, constituting a possible resurgence in the field. Major talks, the thirty-year anniversary of research, movements in AI, and an all-time high for top publications in decompilation.
Join me for a retrospective:
mahaloz.re/dec-progr...
Join me for a retrospective:
mahaloz.re/dec-progr...
Reposted by lukas seidel
Rehost embedded ARM firmware at near-native speeds! Lukas Seidel @pr0me.bsky.social introduces SAFIREFUZZ, achieving 690x fuzzing throughput with ARM Cortex-M firmware. Dive into instruction rewriting, emulation, and performance gains. https://re-verse.sessionize.com/session/784004 #REverse2025
January 28, 2025 at 7:34 PM
Rehost embedded ARM firmware at near-native speeds! Lukas Seidel @pr0me.bsky.social introduces SAFIREFUZZ, achieving 690x fuzzing throughput with ARM Cortex-M firmware. Dive into instruction rewriting, emulation, and performance gains. https://re-verse.sessionize.com/session/784004 #REverse2025
"IoT Firmware Emulation and Its Security Application in Fuzzing" is a great read to get started with rehosting firmware
it provides a taxonomy of nearly all the available approaches and discusses the most important concepts, such as peripheral modeling and fidelity trade-offs
it provides a taxonomy of nearly all the available approaches and discusses the most important concepts, such as peripheral modeling and fidelity trade-offs
January 17, 2025 at 4:52 PM
"IoT Firmware Emulation and Its Security Application in Fuzzing" is a great read to get started with rehosting firmware
it provides a taxonomy of nearly all the available approaches and discusses the most important concepts, such as peripheral modeling and fidelity trade-offs
it provides a taxonomy of nearly all the available approaches and discusses the most important concepts, such as peripheral modeling and fidelity trade-offs
Reposted by lukas seidel
Hooked on computer security, adversarial learning, or even both? 🤩
The BIFOLD Graduate School has 10 open PhD positions!
Join us in vibrant Berlin to work with top-notch researchers on machine learning, data management, and, of course, security!
🔗 mlsec.org/jobs.html#jobs
The BIFOLD Graduate School has 10 open PhD positions!
Join us in vibrant Berlin to work with top-notch researchers on machine learning, data management, and, of course, security!
🔗 mlsec.org/jobs.html#jobs
January 9, 2025 at 3:34 PM
Hooked on computer security, adversarial learning, or even both? 🤩
The BIFOLD Graduate School has 10 open PhD positions!
Join us in vibrant Berlin to work with top-notch researchers on machine learning, data management, and, of course, security!
🔗 mlsec.org/jobs.html#jobs
The BIFOLD Graduate School has 10 open PhD positions!
Join us in vibrant Berlin to work with top-notch researchers on machine learning, data management, and, of course, security!
🔗 mlsec.org/jobs.html#jobs
Reposted by lukas seidel
RULECOMPILE - Undocumented Ghidra decompiler rule language.
A blog post about how frustration with poor decompilation led me to dive deep into Ghidra's decompiler to discover (and reverse-engineer) - an obscure, undocumented DSL
msm.lt/re/ghidra/ru...
#reverseengineering #ghidra
A blog post about how frustration with poor decompilation led me to dive deep into Ghidra's decompiler to discover (and reverse-engineer) - an obscure, undocumented DSL
msm.lt/re/ghidra/ru...
#reverseengineering #ghidra
December 30, 2024 at 7:34 PM
RULECOMPILE - Undocumented Ghidra decompiler rule language.
A blog post about how frustration with poor decompilation led me to dive deep into Ghidra's decompiler to discover (and reverse-engineer) - an obscure, undocumented DSL
msm.lt/re/ghidra/ru...
#reverseengineering #ghidra
A blog post about how frustration with poor decompilation led me to dive deep into Ghidra's decompiler to discover (and reverse-engineer) - an obscure, undocumented DSL
msm.lt/re/ghidra/ru...
#reverseengineering #ghidra
happy new year 🎉
to continue the tradition, here is some of my favorite firmware & embedded security research of 2024:
Defeating the new Raspberry Pi's RP2350 Security Features [1]
Reversing and Hacking Firmware of an in-orbit Satellite to Re-establish Lost Communication [2]
to continue the tradition, here is some of my favorite firmware & embedded security research of 2024:
Defeating the new Raspberry Pi's RP2350 Security Features [1]
Reversing and Hacking Firmware of an in-orbit Satellite to Re-establish Lost Communication [2]
January 1, 2025 at 12:13 PM
happy new year 🎉
to continue the tradition, here is some of my favorite firmware & embedded security research of 2024:
Defeating the new Raspberry Pi's RP2350 Security Features [1]
Reversing and Hacking Firmware of an in-orbit Satellite to Re-establish Lost Communication [2]
to continue the tradition, here is some of my favorite firmware & embedded security research of 2024:
Defeating the new Raspberry Pi's RP2350 Security Features [1]
Reversing and Hacking Firmware of an in-orbit Satellite to Re-establish Lost Communication [2]
Reposted by lukas seidel
2024 is almost done, so here’s a thread on my 5 favorite fuzzing papers published this year. In no particular order…🧵
December 30, 2024 at 9:17 PM
2024 is almost done, so here’s a thread on my 5 favorite fuzzing papers published this year. In no particular order…🧵
recovering a satellite by creatively using existing telecommands and overwriting vtables to persistently add new commands without needing to touch (and risk breaking) the running OBC firmware.
also, because that firmware didn't have an update mechanism
incredible talk!
media.ccc.de/v/38c3-hacki...
also, because that firmware didn't have an update mechanism
incredible talk!
media.ccc.de/v/38c3-hacki...
Hacking yourself a satellite - recovering BEESAT-1
In 2013, the satellite BEESAT-1 started returning invalid telemetry, rendering it effectively unusable. Because it is projected to remain...
media.ccc.de
December 29, 2024 at 7:51 PM
recovering a satellite by creatively using existing telecommands and overwriting vtables to persistently add new commands without needing to touch (and risk breaking) the running OBC firmware.
also, because that firmware didn't have an update mechanism
incredible talk!
media.ccc.de/v/38c3-hacki...
also, because that firmware didn't have an update mechanism
incredible talk!
media.ccc.de/v/38c3-hacki...