Readable Thrift
Readable Thrift is a Java library for converting binary Thrift protocol messages to and from a human-friendly JSON text format. This makes reverse engineering and tampering with binary format Thrif...
Proxmark3 Amiibo simulator
A fuzzing-oriented Amiibo simulator made with Proxmark3.
Presented at REcon Montreal
and HOPE in 2018.
Reversing the Animal Crossing letter system
While reverse engineering Animal Crossing I was asked to look into how the game’s letter
system worked. How do the villager NPCs interpret your letters?
The original Twitter thread can be found her...
More Animal Crossing debug mode reversing
More details on the Animal Crossing debug mode registers.
Cisco IOS XE WebUI RCE
CVE-2019-1862 and CVE-2019-1904
are a pair of vulnerabilities I discovered in the Cisco IOS XE web management interface (WebUI)
while working at Red Balloon Security.
Fuzzing Games with Dolphin Emulator
To assist in finding more software vulnerabilities in games like Animal Crossing, I modified
the Dolphin emulator to add a fuzzing capability into the debugger.
Renesas RX Ghidra module
While reverse engineering a device that uses the Renesas RX62T processor I found that there weren’t
any flow-based disassemblers available for the architecture (just the objdump utility that
came w...
Cojiro
Simulate or interact with Nintendo Joy Bus devices using an iCEBreaker FPGA dev board. Code available at https://github.com/jamchamb/cojiro.
Snap Station talk @ ShmooCon 2022
I gave a talk about my Pokémon Snap Station reverse engineering project at ShmooCon 2022: https://www.shmoocon.org/speakers/#gottacatchemall.
Ghostrings
Ghostrings (“Go strings”) is a collection of Ghidra scripts for recovering string
definitions in Go binaries. These analyze P-Code rather than native machine code,
so they’re architecture independe...
nanoMIPS Ghidra extension
nanoMIPS disassembler & decompiler extension for Ghidra:
Reverse Engineering the PowerG Wireless Protocol
Presented at REcon 2024: