Kevin Thomas
@mytechnotalent.bsky.social
Author of the world’s most popular Reverse Engineering Tutorial
#Embedded #Rust w/ bare-metal button driver for the #ESP32C3. #ReverseEngineering github.com/mytechnotale...
November 25, 2025 at 2:21 PM
#Embedded #Rust w/ bare-metal button driver for the #ESP32C3. #ReverseEngineering github.com/mytechnotale...
November 23, 2025 at 7:23 PM
Almost done with my #Embedded #Hacking book. Here is a brief demo of a live hack. #ReverseEngineering github.com/mytechnotale...
November 15, 2025 at 5:57 PM
Almost done with my #Embedded #Hacking book. Here is a brief demo of a live hack. #ReverseEngineering github.com/mytechnotale...
Having fun putting together a bare-metal #Embedded #RISCV project in Assembler. Gotta start somewhere... #ReverseEngineering
November 14, 2025 at 11:20 PM
Having fun putting together a bare-metal #Embedded #RISCV project in Assembler. Gotta start somewhere... #ReverseEngineering
Just finished writing a bare-metal #RISCV SG90 servo motor driver with an ESP32-C3 entirely in Assembler. I will be releasing it soon for others to learn from and expand their Embedded #ReverseEngineering skills for this incredible open-source platform.
November 9, 2025 at 1:37 PM
Just finished writing a bare-metal #RISCV SG90 servo motor driver with an ESP32-C3 entirely in Assembler. I will be releasing it soon for others to learn from and expand their Embedded #ReverseEngineering skills for this incredible open-source platform.
Looks like my PWM is way off in Assembler. 28us + 330us is 2.79 kHz total period. Oh well. #ReverseEngineering
November 8, 2025 at 11:34 PM
Looks like my PWM is way off in Assembler. 28us + 330us is 2.79 kHz total period. Oh well. #ReverseEngineering
So much of #ReverseEngineering Embedded Systems is datasheet digging, scope probing and reading register values in GDB. Take the time and try it for yourself!
November 8, 2025 at 9:05 PM
So much of #ReverseEngineering Embedded Systems is datasheet digging, scope probing and reading register values in GDB. Take the time and try it for yourself!
An RP2350 UART driver written entirely in Assembler. #Embedded #ReverseEngineering github.com/mytechnotale...
November 2, 2025 at 3:46 PM
An RP2350 UART driver written entirely in Assembler. #Embedded #ReverseEngineering github.com/mytechnotale...
I got a request to make an PURE Assembler driver in RISC-V so here it is. No SDK as it will teach you the basics of a RISC-V chip specifically the ESP32-C3. #Embedded #ReverseEngineering github.com/mytechnotale...
November 1, 2025 at 7:35 PM
I got a request to make an PURE Assembler driver in RISC-V so here it is. No SDK as it will teach you the basics of a RISC-V chip specifically the ESP32-C3. #Embedded #ReverseEngineering github.com/mytechnotale...
0x000C: RP2350 crt0.S weak .thumb_func ISR stubs (decl_isr_bkpt) vector table exec bkpt #0. Unhandled USER IRQs to __unhandled_user_irq (puts IRQ in r0 via mrs r0, ipsr / subs r0,#16) so bkpt label has exact faulting vector. #Embedded #ReverseEngineering github.com/mytechnotale...
November 1, 2025 at 1:40 PM
0x000C: RP2350 crt0.S weak .thumb_func ISR stubs (decl_isr_bkpt) vector table exec bkpt #0. Unhandled USER IRQs to __unhandled_user_irq (puts IRQ in r0 via mrs r0, ipsr / subs r0,#16) so bkpt label has exact faulting vector. #Embedded #ReverseEngineering github.com/mytechnotale...
RP2350 deep-dive: XIP vector table @0x10000000 (memmap_default.ld/crt0.S). Word0=__StackTop (SCRATCH_Y: ORIGIN 0x20081000 + LEN 0x1000 = 0x20082000), Word1=reset handler. Bootrom VTOR; ISRs (isr_usagefault @0x10000110) follow. #Embedded #ReverseEngineering github.com/mytechnotale...
October 26, 2025 at 1:34 PM
RP2350 deep-dive: XIP vector table @0x10000000 (memmap_default.ld/crt0.S). Word0=__StackTop (SCRATCH_Y: ORIGIN 0x20081000 + LEN 0x1000 = 0x20082000), Word1=reset handler. Bootrom VTOR; ISRs (isr_usagefault @0x10000110) follow. #Embedded #ReverseEngineering github.com/mytechnotale...
Little Halloween fun chillin with Baab about to hear The Last Rewind band.
October 25, 2025 at 10:39 PM
Little Halloween fun chillin with Baab about to hear The Last Rewind band.
Learn the basics of #Embedded #ARM #Assembler w/ #RP2350 as here is a simple blinky driver from scratch with no SDK to teach you the basics of how the RP2350 works! #ReverseEngineering github.com/mytechnotale...
October 25, 2025 at 8:59 PM
Learn the basics of #Embedded #ARM #Assembler w/ #RP2350 as here is a simple blinky driver from scratch with no SDK to teach you the basics of how the RP2350 works! #ReverseEngineering github.com/mytechnotale...
0x000A: On the RP2350 boot flow - reset handler checks (cbz r0) core0 cont; other core back to bootrom. Core0 runs crt0.S: copy init data flash→RAM via data_copy_table, zero BSS, call runtime_init (C runtime) then blx main. #Embedded #ReverseEngineering github.com/mytechnotale...
October 25, 2025 at 1:30 PM
0x000A: On the RP2350 boot flow - reset handler checks (cbz r0) core0 cont; other core back to bootrom. Core0 runs crt0.S: copy init data flash→RAM via data_copy_table, zero BSS, call runtime_init (C runtime) then blx main. #Embedded #ReverseEngineering github.com/mytechnotale...
0x0009: The RP2350 uses XIP where firmware executes directly from non-volatile memory rather than being copied into RAM. We notice our MSP is first 4 bytes at flash followed by the Reset_Handler! THIS CAN COME IN HANDY when reversing! #Embedded #ReverseEngineering github.com/mytechnotale...
October 19, 2025 at 1:14 PM
0x0009: The RP2350 uses XIP where firmware executes directly from non-volatile memory rather than being copied into RAM. We notice our MSP is first 4 bytes at flash followed by the Reset_Handler! THIS CAN COME IN HANDY when reversing! #Embedded #ReverseEngineering github.com/mytechnotale...
0x0008: The RP2350 boot2 config QMI for 0x03 serial reads, sets timing (short cooldown, clock div, RX delay), performs a dummy transfer to init flash & enable cont/XIP (prefix_len=0). Ret to bootrom which jmp to reset_vector. #Embedded #ReverseEngineering github.com/mytechnotale...
October 18, 2025 at 1:21 PM
0x0008: The RP2350 boot2 config QMI for 0x03 serial reads, sets timing (short cooldown, clock div, RX delay), performs a dummy transfer to init flash & enable cont/XIP (prefix_len=0). Ret to bootrom which jmp to reset_vector. #Embedded #ReverseEngineering github.com/mytechnotale...
0x0007: The RP2350 has an on-chip bootloader (bootrom) that executes immediately when the chip gets power. Here we see flash init, boot path selection, and hardware setup. #Embedded #ReverseEngineering github.com/mytechnotale...
October 12, 2025 at 12:56 PM
0x0007: The RP2350 has an on-chip bootloader (bootrom) that executes immediately when the chip gets power. Here we see flash init, boot path selection, and hardware setup. #Embedded #ReverseEngineering github.com/mytechnotale...
Robot firmware for Waveshare Pico2Go (RP2350-Plus) in Embedded C; leverages RP2350 for reliable motor control plus integrated IR remote support and robust capabilities. #Embedded #C github.com/mytechnotale...
October 11, 2025 at 1:49 PM
Robot firmware for Waveshare Pico2Go (RP2350-Plus) in Embedded C; leverages RP2350 for reliable motor control plus integrated IR remote support and robust capabilities. #Embedded #C github.com/mytechnotale...
Rust-Robot - Async robot firmware for Waveshare Pico2Go (RP2350-Plus) in Embedded Rust with Embassy; leverages RP2350 for reliable motor control plus integrated IR remote support and robust capabilities. #Embedded #Rust #Embassy github.com/mytechnotale...
October 9, 2025 at 1:10 PM
Rust-Robot - Async robot firmware for Waveshare Pico2Go (RP2350-Plus) in Embedded Rust with Embassy; leverages RP2350 for reliable motor control plus integrated IR remote support and robust capabilities. #Embedded #Rust #Embassy github.com/mytechnotale...
An RP2350 blink driver written entirely in Assembler, without the Pico SDK. #Embedded #ReverseEngineering github.com/mytechnotale...
October 5, 2025 at 6:48 PM
An RP2350 blink driver written entirely in Assembler, without the Pico SDK. #Embedded #ReverseEngineering github.com/mytechnotale...
0x0006: Just hijacked the SRAM at 0x20000000 on the RP2350! Injected a new string in memory and patched r0 to point to our hack. Check out the proof, "hacky, world" appears at the bottom of the serial output! #Embedded #ReverseEngineering github.com/mytechnotale...
October 5, 2025 at 1:34 PM
0x0006: Just hijacked the SRAM at 0x20000000 on the RP2350! Injected a new string in memory and patched r0 to point to our hack. Check out the proof, "hacky, world" appears at the bottom of the serial output! #Embedded #ReverseEngineering github.com/mytechnotale...
0x0005: The RP2350 main function continues where we step over stdio_init_all and verify that the string hello, world exists at 0x10000244 which is moved into r0 as an arg to puts. #Embedded #ReverseEngineering github.com/mytechnotale...
October 4, 2025 at 1:30 PM
0x0005: The RP2350 main function continues where we step over stdio_init_all and verify that the string hello, world exists at 0x10000244 which is moved into r0 as an arg to puts. #Embedded #ReverseEngineering github.com/mytechnotale...
I found the pins
September 28, 2025 at 6:08 PM
I found the pins
Working with UART we need to identify RX, TX and GND. This Netgear router has 6 pins so let’s get our tools to figure it out. #ReverseEngineering
September 28, 2025 at 4:43 PM
Working with UART we need to identify RX, TX and GND. This Netgear router has 6 pins so let’s get our tools to figure it out. #ReverseEngineering