// security research & reverse engineering

I break things
to figure out how they work.

I tear down hardware, reverse protocols, and dig through firmware. If it has a chip and communicates, it ends up on my bench.

View my projects Get in touch
6 Backdoors documented
12 Firmware modules decrypted
65+ Protocol messages reversed

// what I explore

The Lab

🔍

Firmware Reverse Engineering

Extraction and analysis of embedded firmware. Encryption key recovery, binary patching, bootloader analysis. ARM, MIPS, RISC-V.

GhidraIDAbinwalk
📡

Protocol Analysis

Reverse engineering of proprietary protocols. USB, BLE, RF, TCP/IP, serial. From raw packet capture to full protocol documentation.

USBBLERFgRPC
🛡

Vulnerability Research

I look for things that shouldn't be there: RCE, backdoors, auth bypass on embedded systems, IoT devices, mobile apps and APIs. Responsible disclosure.

CVERCEAuth Bypass

IoT & Hardware

Hardware teardown, JTAG/SWD debug, UART console access, NAND/NOR flash extraction. Custom tooling for proprietary SoCs.

HiSiliconRealtekGigaDevice
📱

Mobile App Reversing

Android and iOS app decompilation, API interception, certificate pinning bypass, obfuscation analysis.

AndroidjadxFrida
🎮

Game Protocol Reversing

Network protocol analysis for online games. Packet structure, serialization formats, real-time data extraction.

ProtobufgRPCWebSocket

Cloud & API

OAuth flow interception, REST/gRPC API analysis, IoT cloud SDK reversing (Ayla, Tuya, AWS IoT). Credential and token extraction.

OAuthRESTAyla IoTmitmproxy
🧬

Binary Analysis & Patching

Static and dynamic analysis of ARM/x86 binaries. Memory patching via ptrace, function hooking, runtime protection bypass.

ptraceELFARMx86

// what I've taken apart

Projects

Drone 2026

Consumer Drone — Full Compromise

Complete reverse engineering of a consumer drone platform based on a HiSilicon SoC. Root shell obtained via manufacturer backdoor, AES-encrypted firmware fully decrypted, 6 backdoors documented including an unauthenticated remote code execution.

  • Persistent root shell via SD card backdoor
  • AES-128-CBC key extracted from binary — all firmware modules decrypted
  • Unauthenticated RCE via USB protocol (cmd_id 0xFF)
  • Custom video pipeline: VENC channel hijack, H264 1080p streaming
  • Full USB, BLE, and WiFi Direct protocol documentation
  • Embedded AI models (NPU) identified and documented
HiSilicon Hi3519DV500 ARM aarch64 Ghidra ptrace
IoT / Smart Home 2026

Smart Coffee Machine — Protocol & Integration

Reverse engineering of a premium coffee machine's cloud and local communication. IoT protocol decoded, BLE commands mapped, custom Home Assistant integration published as open source.

  • Cloud authentication flow reversed
  • Full integration: sensors, controls, diagnostics
  • Brew command format decompiled from Android APK
  • Home Assistant component published as open source
BLE Ayla IoT Home Assistant Python
Game Hacking 2026

AAA Game — Real-Time Network Overlay

Reverse engineering of a AAA game's PubSub network layer. gRPC protocol fully decoded with 65+ message types. Real-time overlay displaying game state data.

  • gRPC/Protobuf message structures fully reversed
  • 65+ unique message types documented
  • Real-time overlay for positions and events
  • Custom tooling for packet capture and analysis
gRPC Protobuf Wireshark C++
Mobile Apps 2026

Government Apps — Critical Vulnerabilities

I dug into government mobile apps. Result: critical vulnerabilities reported through responsible disclosure channels.

  • Critical findings in a national postal service application
  • Authentication and session management vulnerabilities
  • Sensitive data exposure in transit and at rest
  • Reports submitted via official bug bounty programs
Android jadx Burp Suite YesWeHack

// who I am

About

Based in France. I spend my time taking things apart and figuring out how they work.

Consumer electronics, IoT devices, embedded systems, mobile apps, game protocols — if it has a chip and communicates, it ends up in pieces on my desk.

Fully self-hosted infrastructure. Zero cloud dependencies. Every tool I use, every service I run — I control the entire stack.

>
Open source I publish tools and integrations whenever possible
>
Responsible disclosure Vulnerabilities reported through proper channels
>
Everything documented Every protocol, every offset, every byte

The setup

Hardware HiSilicon, Realtek, GigaDevice, ESP32, STM32, nRF52
Software Ghidra, IDA, Frida, jadx, Wireshark, Burp Suite
Protocols USB, BLE, RF 2.4GHz, gRPC, MQTT, Zigbee, Z-Wave
Languages C, Rust, Kotlin, Python, TypeScript, ARM ASM

// got something to explore?

Contact

Got a device nobody's cracked open yet? A protocol that's fighting back? Hardware hiding secrets? I'm interested.

Projects

Open to collaborations, fun projects and technical challenges.

Responsible disclosure

Found a vulnerability? Contact me directly, preferably via encrypted email.

@
Email sk7n4k3d@devlabz.eu
</>
GitHub github.com/sk7n4k3d
[m]
Matrix @sk7n4k3d:devlabz.eu

PGP encryption available for sensitive communications.
A3AF 6664 B442 63D0