Infosec Scribbles

My Public Projects

Due to corporate IP clauses in employment contracts most of the code I write never ends up being publicly available. These are the things that were either started prior to those clauses affecting me or that got cleared for publishing by my employer:

  • (2020) Android Biometric Crypto Testbench, an app that lets you play with parameters of BiometricPrompt on Android and queries some under the hood stuff that is otherwise not exposed to GUIs
  • (2020) CVE-2020-7958 writeup about how I was able to pull raw fingerprint images from the TEE on Android
  • (2020) QSEE Trustlet Tool, a somewhat more complete version of Gal Beniamini’s unify_trustlet that can handle 64-bit TAs for QSEE and quirks of their stripping tool that break disassemblers
  • (2020) A couple of lines of C for printing out signatures in NVidia Tegra firmware blobs
  • (2016) Flower monitoring system based on ESP8266
  • (2016) SafetyNet playground Android app and backend
  • (2011-2016) EVE Anon, an Russian EVE Online community I used to run as a student
  • (2013-2014) Kotkas, a bunch of bird watching cameras from various sources aggregated into a single page with a WebSockets-based chat that was active in 2013-2014