ATC1441
@atc1441.bsky.social
Hack the planet!
my biggest passion is to run a custom firmware on as many devices as possible
my biggest passion is to run a custom firmware on as many devices as possible
Just finished Hacking the Pill Camera that you'd swallow for an easy endoscopy
Ti CC1310 SoC Glitched and Dumped which allowed to Reverse Engineer its firmware and RF Protocol up to full Image receiving🥳
No security included but short range.
📽️🎬 here: youtu.be/qEIW5gOLzIs
Ti CC1310 SoC Glitched and Dumped which allowed to Reverse Engineer its firmware and RF Protocol up to full Image receiving🥳
No security included but short range.
📽️🎬 here: youtu.be/qEIW5gOLzIs
November 17, 2025 at 9:13 PM
Just finished Hacking the Pill Camera that you'd swallow for an easy endoscopy
Ti CC1310 SoC Glitched and Dumped which allowed to Reverse Engineer its firmware and RF Protocol up to full Image receiving🥳
No security included but short range.
📽️🎬 here: youtu.be/qEIW5gOLzIs
Ti CC1310 SoC Glitched and Dumped which allowed to Reverse Engineer its firmware and RF Protocol up to full Image receiving🥳
No security included but short range.
📽️🎬 here: youtu.be/qEIW5gOLzIs
Lets take a look inside one of those Aliexpress "Smart" Car Keyfobs which you can retrofit your "Lame" Car Key with 😅
TLDR: It does not run Doom 😞
The internal RTL8762TD Hast sadly "only" 192KB of RAM
Find the Teardown video here:
youtu.be/oAmtu87EdYo
TLDR: It does not run Doom 😞
The internal RTL8762TD Hast sadly "only" 192KB of RAM
Find the Teardown video here:
youtu.be/oAmtu87EdYo
November 3, 2025 at 5:48 PM
Lets take a look inside one of those Aliexpress "Smart" Car Keyfobs which you can retrofit your "Lame" Car Key with 😅
TLDR: It does not run Doom 😞
The internal RTL8762TD Hast sadly "only" 192KB of RAM
Find the Teardown video here:
youtu.be/oAmtu87EdYo
TLDR: It does not run Doom 😞
The internal RTL8762TD Hast sadly "only" 192KB of RAM
Find the Teardown video here:
youtu.be/oAmtu87EdYo
Finally there is code execution on this Shi**y Realtek RTL8752H and RTL8762ESL ARM SoC🥳
Full custom firmware goes Brrrrr
These chinese vendors like Realtek Bluetrum and Jieli only care about copy protection and cribble down a perfectly fine ARM Core with their tooling🙄
Full custom firmware goes Brrrrr
These chinese vendors like Realtek Bluetrum and Jieli only care about copy protection and cribble down a perfectly fine ARM Core with their tooling🙄
October 9, 2025 at 2:32 PM
Finally there is code execution on this Shi**y Realtek RTL8752H and RTL8762ESL ARM SoC🥳
Full custom firmware goes Brrrrr
These chinese vendors like Realtek Bluetrum and Jieli only care about copy protection and cribble down a perfectly fine ARM Core with their tooling🙄
Full custom firmware goes Brrrrr
These chinese vendors like Realtek Bluetrum and Jieli only care about copy protection and cribble down a perfectly fine ARM Core with their tooling🙄
Teardown of the Tuya KWS-303WF Wifi Power Meter including cut-off Relay
Inside we can find:
- Tuya CBU Modul with Beken BK7231N ARM SoC 2MB Flash 256KB RAM
- Relay claimed 63A
- Power Meter
- LCD 60x160 Pixel
- External NTC Temp Sensor
aliexpress.com/item/1005008...
Inside we can find:
- Tuya CBU Modul with Beken BK7231N ARM SoC 2MB Flash 256KB RAM
- Relay claimed 63A
- Power Meter
- LCD 60x160 Pixel
- External NTC Temp Sensor
aliexpress.com/item/1005008...
September 20, 2025 at 2:09 PM
Teardown of the Tuya KWS-303WF Wifi Power Meter including cut-off Relay
Inside we can find:
- Tuya CBU Modul with Beken BK7231N ARM SoC 2MB Flash 256KB RAM
- Relay claimed 63A
- Power Meter
- LCD 60x160 Pixel
- External NTC Temp Sensor
aliexpress.com/item/1005008...
Inside we can find:
- Tuya CBU Modul with Beken BK7231N ARM SoC 2MB Flash 256KB RAM
- Relay claimed 63A
- Power Meter
- LCD 60x160 Pixel
- External NTC Temp Sensor
aliexpress.com/item/1005008...
Teardown of an OBD Find My Adapter from Aliexpress
aliexpress.com/item/1005007...
As expected as simple as it could get,
3.3V Voltage Regulator with an currently unknown BLE SoC ESM412 2449XFD
No connection to CAN and OBD just for power
aliexpress.com/item/1005007...
As expected as simple as it could get,
3.3V Voltage Regulator with an currently unknown BLE SoC ESM412 2449XFD
No connection to CAN and OBD just for power
September 20, 2025 at 2:02 PM
Teardown of an OBD Find My Adapter from Aliexpress
aliexpress.com/item/1005007...
As expected as simple as it could get,
3.3V Voltage Regulator with an currently unknown BLE SoC ESM412 2449XFD
No connection to CAN and OBD just for power
aliexpress.com/item/1005007...
As expected as simple as it could get,
3.3V Voltage Regulator with an currently unknown BLE SoC ESM412 2449XFD
No connection to CAN and OBD just for power
DOOM on a Vape via ScreenSharing and custom Firmware 😁
Source code on Github here:
github.com/atc1441/Vape...
And find a full video on Youtube with more details:
youtu.be/rVsvtEj9iqE
Source code on Github here:
github.com/atc1441/Vape...
And find a full video on Youtube with more details:
youtu.be/rVsvtEj9iqE
September 20, 2025 at 12:17 AM
DOOM on a Vape via ScreenSharing and custom Firmware 😁
Source code on Github here:
github.com/atc1441/Vape...
And find a full video on Youtube with more details:
youtu.be/rVsvtEj9iqE
Source code on Github here:
github.com/atc1441/Vape...
And find a full video on Youtube with more details:
youtu.be/rVsvtEj9iqE
Teardown of the 2" LCD Screen Mirror device
~20€ From Aliexpress
s.click.aliexpress.com/e/_oCyfENx
Surprisingly packed
- Unknown DH390D HT2522A SoC likely HiChip HC15xx 4MB SPI Flash
- Battery Powered
- Speaker
- Realtek WiFi Chip
- Jieli BLE SoC
Similar to youtu.be/pFBn6lMJ7q8
~20€ From Aliexpress
s.click.aliexpress.com/e/_oCyfENx
Surprisingly packed
- Unknown DH390D HT2522A SoC likely HiChip HC15xx 4MB SPI Flash
- Battery Powered
- Speaker
- Realtek WiFi Chip
- Jieli BLE SoC
Similar to youtu.be/pFBn6lMJ7q8
September 18, 2025 at 4:53 PM
Teardown of the 2" LCD Screen Mirror device
~20€ From Aliexpress
s.click.aliexpress.com/e/_oCyfENx
Surprisingly packed
- Unknown DH390D HT2522A SoC likely HiChip HC15xx 4MB SPI Flash
- Battery Powered
- Speaker
- Realtek WiFi Chip
- Jieli BLE SoC
Similar to youtu.be/pFBn6lMJ7q8
~20€ From Aliexpress
s.click.aliexpress.com/e/_oCyfENx
Surprisingly packed
- Unknown DH390D HT2522A SoC likely HiChip HC15xx 4MB SPI Flash
- Battery Powered
- Speaker
- Realtek WiFi Chip
- Jieli BLE SoC
Similar to youtu.be/pFBn6lMJ7q8
Fun fact this 3€ USB-C to Headphone converter has more Flash and RAM then the first moon landing.
de.aliexpress.com/item/1005009...
The internal RISCV Bluetrum SoC AB136D got:
128 KB Flash
60 KB RAM
Perfect USB Rubber Ducky, easy to reflash without opening via the USB DP Pin🤪
de.aliexpress.com/item/1005009...
The internal RISCV Bluetrum SoC AB136D got:
128 KB Flash
60 KB RAM
Perfect USB Rubber Ducky, easy to reflash without opening via the USB DP Pin🤪
September 11, 2025 at 2:24 PM
Fun fact this 3€ USB-C to Headphone converter has more Flash and RAM then the first moon landing.
de.aliexpress.com/item/1005009...
The internal RISCV Bluetrum SoC AB136D got:
128 KB Flash
60 KB RAM
Perfect USB Rubber Ducky, easy to reflash without opening via the USB DP Pin🤪
de.aliexpress.com/item/1005009...
The internal RISCV Bluetrum SoC AB136D got:
128 KB Flash
60 KB RAM
Perfect USB Rubber Ducky, easy to reflash without opening via the USB DP Pin🤪
Also got the OLED Amiibo Emulator😅
Sometimes for < 8€ in the combo offers!
aliexpress.com/item/1005008...
They are just too cute and a nice Hackable gadget with everything included in a small case.
nRF52832 SoC
SPI Flash
LCD/OLED
NFC
Battery
Arduino able
x.com/atc1441/stat...
Sometimes for < 8€ in the combo offers!
aliexpress.com/item/1005008...
They are just too cute and a nice Hackable gadget with everything included in a small case.
nRF52832 SoC
SPI Flash
LCD/OLED
NFC
Battery
Arduino able
x.com/atc1441/stat...
September 9, 2025 at 7:43 PM
Also got the OLED Amiibo Emulator😅
Sometimes for < 8€ in the combo offers!
aliexpress.com/item/1005008...
They are just too cute and a nice Hackable gadget with everything included in a small case.
nRF52832 SoC
SPI Flash
LCD/OLED
NFC
Battery
Arduino able
x.com/atc1441/stat...
Sometimes for < 8€ in the combo offers!
aliexpress.com/item/1005008...
They are just too cute and a nice Hackable gadget with everything included in a small case.
nRF52832 SoC
SPI Flash
LCD/OLED
NFC
Battery
Arduino able
x.com/atc1441/stat...
Teardown massacre of random 2€ Aliexpress Airpod clones 😅
80% Bluetrum (AB) and 20% Jieli
80% Bluetrum (AB) and 20% Jieli
September 9, 2025 at 1:56 PM
Teardown massacre of random 2€ Aliexpress Airpod clones 😅
80% Bluetrum (AB) and 20% Jieli
80% Bluetrum (AB) and 20% Jieli
While not a full custom firmware you can find the current Bluetrum AB5682 SoC Hacking results here
github.com/atc1441/Blue...
This SoC Is used in the A9 Pro Airpod Clones and many more cheap BLE Gadgets.
Quite Beefy for its price:
RISCV
2MB Flash
162KB RAM
98KB ROM
github.com/atc1441/Blue...
This SoC Is used in the A9 Pro Airpod Clones and many more cheap BLE Gadgets.
Quite Beefy for its price:
RISCV
2MB Flash
162KB RAM
98KB ROM
September 8, 2025 at 5:01 PM
While not a full custom firmware you can find the current Bluetrum AB5682 SoC Hacking results here
github.com/atc1441/Blue...
This SoC Is used in the A9 Pro Airpod Clones and many more cheap BLE Gadgets.
Quite Beefy for its price:
RISCV
2MB Flash
162KB RAM
98KB ROM
github.com/atc1441/Blue...
This SoC Is used in the A9 Pro Airpod Clones and many more cheap BLE Gadgets.
Quite Beefy for its price:
RISCV
2MB Flash
162KB RAM
98KB ROM
Thats Code execution on the infamous
AB5682B BLE SoC used in the cheap headsets and other BLE hardware🥳
This Bluetrum Chip series is ugly 😅 Debug via 1 Wire UART and a somewhat secured proto
This code now runs from RAM since we next need a loader to dump an write to Flash
AB5682B BLE SoC used in the cheap headsets and other BLE hardware🥳
This Bluetrum Chip series is ugly 😅 Debug via 1 Wire UART and a somewhat secured proto
This code now runs from RAM since we next need a loader to dump an write to Flash
September 2, 2025 at 11:04 PM
Thats Code execution on the infamous
AB5682B BLE SoC used in the cheap headsets and other BLE hardware🥳
This Bluetrum Chip series is ugly 😅 Debug via 1 Wire UART and a somewhat secured proto
This code now runs from RAM since we next need a loader to dump an write to Flash
AB5682B BLE SoC used in the cheap headsets and other BLE hardware🥳
This Bluetrum Chip series is ugly 😅 Debug via 1 Wire UART and a somewhat secured proto
This code now runs from RAM since we next need a loader to dump an write to Flash
Why does this aspire PIXO Vape got a hidden BLE Chip inside? 🤔
Internals:
Puya PY32F403 ARM SoC 256kb flash 64kb RAM
16MB External flash
LCD with Full touch
Unmentioned WS8000 BLE Module
Full hackability with an USB Flash drive update not including any CRC or sign checking🙌
Internals:
Puya PY32F403 ARM SoC 256kb flash 64kb RAM
16MB External flash
LCD with Full touch
Unmentioned WS8000 BLE Module
Full hackability with an USB Flash drive update not including any CRC or sign checking🙌
August 29, 2025 at 12:41 PM
Why does this aspire PIXO Vape got a hidden BLE Chip inside? 🤔
Internals:
Puya PY32F403 ARM SoC 256kb flash 64kb RAM
16MB External flash
LCD with Full touch
Unmentioned WS8000 BLE Module
Full hackability with an USB Flash drive update not including any CRC or sign checking🙌
Internals:
Puya PY32F403 ARM SoC 256kb flash 64kb RAM
16MB External flash
LCD with Full touch
Unmentioned WS8000 BLE Module
Full hackability with an USB Flash drive update not including any CRC or sign checking🙌
One more Doom port^^
This time on an Epaper Translator🥳
Running an XR872at SoC and an 296x152 BW E-Paper display with around 400ms of refresh time
Find a teardown done some time ago here:
x.com/atc1441/stat...
Full Youtube video here:
youtu.be/PvTJpbVPxUo
This time on an Epaper Translator🥳
Running an XR872at SoC and an 296x152 BW E-Paper display with around 400ms of refresh time
Find a teardown done some time ago here:
x.com/atc1441/stat...
Full Youtube video here:
youtu.be/PvTJpbVPxUo
August 28, 2025 at 9:54 PM
One more Doom port^^
This time on an Epaper Translator🥳
Running an XR872at SoC and an 296x152 BW E-Paper display with around 400ms of refresh time
Find a teardown done some time ago here:
x.com/atc1441/stat...
Full Youtube video here:
youtu.be/PvTJpbVPxUo
This time on an Epaper Translator🥳
Running an XR872at SoC and an 296x152 BW E-Paper display with around 400ms of refresh time
Find a teardown done some time ago here:
x.com/atc1441/stat...
Full Youtube video here:
youtu.be/PvTJpbVPxUo
Lets take a closer look inside an 20€ Aliexpress Alarmo clone "Smart AI Kids clock" based on the XR872ats SoC
And of course port Doom to it😅
Full Teardown Youtube video:
youtu.be/QutpZBTJRDY
Github repo with full source code:
github.com/atc1441/XR87...
And of course port Doom to it😅
Full Teardown Youtube video:
youtu.be/QutpZBTJRDY
Github repo with full source code:
github.com/atc1441/XR87...
August 27, 2025 at 3:22 PM
Lets take a closer look inside an 20€ Aliexpress Alarmo clone "Smart AI Kids clock" based on the XR872ats SoC
And of course port Doom to it😅
Full Teardown Youtube video:
youtu.be/QutpZBTJRDY
Github repo with full source code:
github.com/atc1441/XR87...
And of course port Doom to it😅
Full Teardown Youtube video:
youtu.be/QutpZBTJRDY
Github repo with full source code:
github.com/atc1441/XR87...
It had to be done 😅
DOOM on the Xiaomi Mi Band 8 Fitnessband
Running super smooth on the Amoled Display and the custom firmware with toom on just 2MB of Flash
Full video on Youtube:
youtu.be/iqyR_LNp9vc
DOOM on the Xiaomi Mi Band 8 Fitnessband
Running super smooth on the Amoled Display and the custom firmware with toom on just 2MB of Flash
Full video on Youtube:
youtu.be/iqyR_LNp9vc
August 23, 2025 at 11:27 PM
It had to be done 😅
DOOM on the Xiaomi Mi Band 8 Fitnessband
Running super smooth on the Amoled Display and the custom firmware with toom on just 2MB of Flash
Full video on Youtube:
youtu.be/iqyR_LNp9vc
DOOM on the Xiaomi Mi Band 8 Fitnessband
Running super smooth on the Amoled Display and the custom firmware with toom on just 2MB of Flash
Full video on Youtube:
youtu.be/iqyR_LNp9vc
DOOM on the ANKER Prime Charging station😅
The internal SWM34S MCU is just way too nice!
8MB RAM + 16MB Flash directly mapped to memory goes brrrr
Video on Youtube: youtu.be/MdOU8SqCqeY
The internal SWM34S MCU is just way too nice!
8MB RAM + 16MB Flash directly mapped to memory goes brrrr
Video on Youtube: youtu.be/MdOU8SqCqeY
August 18, 2025 at 7:23 PM
DOOM on the ANKER Prime Charging station😅
The internal SWM34S MCU is just way too nice!
8MB RAM + 16MB Flash directly mapped to memory goes brrrr
Video on Youtube: youtu.be/MdOU8SqCqeY
The internal SWM34S MCU is just way too nice!
8MB RAM + 16MB Flash directly mapped to memory goes brrrr
Video on Youtube: youtu.be/MdOU8SqCqeY
Quick teardown video of an Battery powered 4" LCD Screen Mirror device around 25€ from Aliexpress
TLDR: Main SoC is an HCSEMI C3100 which is very similar to the one used in the 20€ Handheld Console SF2000
Video Here:
youtu.be/pFBn6lMJ7q8
TLDR: Main SoC is an HCSEMI C3100 which is very similar to the one used in the 20€ Handheld Console SF2000
Video Here:
youtu.be/pFBn6lMJ7q8
August 16, 2025 at 3:28 PM
Quick teardown video of an Battery powered 4" LCD Screen Mirror device around 25€ from Aliexpress
TLDR: Main SoC is an HCSEMI C3100 which is very similar to the one used in the 20€ Handheld Console SF2000
Video Here:
youtu.be/pFBn6lMJ7q8
TLDR: Main SoC is an HCSEMI C3100 which is very similar to the one used in the 20€ Handheld Console SF2000
Video Here:
youtu.be/pFBn6lMJ7q8
That's a success 🥳
Glitched and fully Dumped MSP430F417 in a non destructive way
Doing a Read data CMD and glitching the check if the password was entered we can dump 240bytes at once
By dumping the pass(vector) area we can read the full flash after one glitch
bsky.app/profile/atc1...
Glitched and fully Dumped MSP430F417 in a non destructive way
Doing a Read data CMD and glitching the check if the password was entered we can dump 240bytes at once
By dumping the pass(vector) area we can read the full flash after one glitch
bsky.app/profile/atc1...
August 14, 2025 at 1:48 PM
That's a success 🥳
Glitched and fully Dumped MSP430F417 in a non destructive way
Doing a Read data CMD and glitching the check if the password was entered we can dump 240bytes at once
By dumping the pass(vector) area we can read the full flash after one glitch
bsky.app/profile/atc1...
Glitched and fully Dumped MSP430F417 in a non destructive way
Doing a Read data CMD and glitching the check if the password was entered we can dump 240bytes at once
By dumping the pass(vector) area we can read the full flash after one glitch
bsky.app/profile/atc1...
DOOM on a Toothbrush? Sure!
Info's to this,
The Toothbrush contains an ESP32-C3 with 4MB Flash.
With the codebase from Spritetm github.com/Spritetm/esp... and wad github.com/fragglet/min... I was able to get the complete size down to the 4MB🥳
(Reupload from you know where for the sake of history)
Info's to this,
The Toothbrush contains an ESP32-C3 with 4MB Flash.
With the codebase from Spritetm github.com/Spritetm/esp... and wad github.com/fragglet/min... I was able to get the complete size down to the 4MB🥳
(Reupload from you know where for the sake of history)
August 12, 2025 at 9:23 AM
DOOM on a Toothbrush? Sure!
Info's to this,
The Toothbrush contains an ESP32-C3 with 4MB Flash.
With the codebase from Spritetm github.com/Spritetm/esp... and wad github.com/fragglet/min... I was able to get the complete size down to the 4MB🥳
(Reupload from you know where for the sake of history)
Info's to this,
The Toothbrush contains an ESP32-C3 with 4MB Flash.
With the codebase from Spritetm github.com/Spritetm/esp... and wad github.com/fragglet/min... I was able to get the complete size down to the 4MB🥳
(Reupload from you know where for the sake of history)
Mendatory Dong DOOM ...
In depth details in this Youtube Video:
www.youtube.com/watch?v=rAE1...
(Reupload from you know what platform for the sake of history)
In depth details in this Youtube Video:
www.youtube.com/watch?v=rAE1...
(Reupload from you know what platform for the sake of history)
August 12, 2025 at 9:20 AM
Mendatory Dong DOOM ...
In depth details in this Youtube Video:
www.youtube.com/watch?v=rAE1...
(Reupload from you know what platform for the sake of history)
In depth details in this Youtube Video:
www.youtube.com/watch?v=rAE1...
(Reupload from you know what platform for the sake of history)
No OTA signature bypass found so far 😔
But did create an WebBluetooth tool which allows you to connect to your Power bank and reads basic info's via the encrypted protocol
There is a potential bug which lets you set the OTA Size to uint32, read more about it in the GitHub Repo
But did create an WebBluetooth tool which allows you to connect to your Power bank and reads basic info's via the encrypted protocol
There is a potential bug which lets you set the OTA Size to uint32, read more about it in the GitHub Repo
August 11, 2025 at 2:12 PM
No OTA signature bypass found so far 😔
But did create an WebBluetooth tool which allows you to connect to your Power bank and reads basic info's via the encrypted protocol
There is a potential bug which lets you set the OTA Size to uint32, read more about it in the GitHub Repo
But did create an WebBluetooth tool which allows you to connect to your Power bank and reads basic info's via the encrypted protocol
There is a potential bug which lets you set the OTA Size to uint32, read more about it in the GitHub Repo
Fun fact 50% of the (Latest)Firmware in the
BLE Enabled Power Bank Anker Prime 27650mAh
is just for OTA checking and encryption...
Fw version prior to 1.6.2 do not verify OTA at all so better update😅
Did take a look inside and reverse engineered it
github.com/atc1441/Anke...
BLE Enabled Power Bank Anker Prime 27650mAh
is just for OTA checking and encryption...
Fw version prior to 1.6.2 do not verify OTA at all so better update😅
Did take a look inside and reverse engineered it
github.com/atc1441/Anke...
August 11, 2025 at 2:12 PM
Fun fact 50% of the (Latest)Firmware in the
BLE Enabled Power Bank Anker Prime 27650mAh
is just for OTA checking and encryption...
Fw version prior to 1.6.2 do not verify OTA at all so better update😅
Did take a look inside and reverse engineered it
github.com/atc1441/Anke...
BLE Enabled Power Bank Anker Prime 27650mAh
is just for OTA checking and encryption...
Fw version prior to 1.6.2 do not verify OTA at all so better update😅
Did take a look inside and reverse engineered it
github.com/atc1441/Anke...
Teardown of the nearly "All in One" Zigbee Sensor from Aliexpress:
s.click.aliexpress.com/e/_opaf9hD
Contains:
- Telink TLSR Zigbee/BLE SoC 512KB/64KB
- PHO XBR818 I2C 10G Move Sensor
- WHT20 I2C Humidity Temp Sensor
- Light Sensor
- Led
- Button
Just missing a Door sensor to be perfect^^
s.click.aliexpress.com/e/_opaf9hD
Contains:
- Telink TLSR Zigbee/BLE SoC 512KB/64KB
- PHO XBR818 I2C 10G Move Sensor
- WHT20 I2C Humidity Temp Sensor
- Light Sensor
- Led
- Button
Just missing a Door sensor to be perfect^^
August 11, 2025 at 9:16 AM
Teardown of the nearly "All in One" Zigbee Sensor from Aliexpress:
s.click.aliexpress.com/e/_opaf9hD
Contains:
- Telink TLSR Zigbee/BLE SoC 512KB/64KB
- PHO XBR818 I2C 10G Move Sensor
- WHT20 I2C Humidity Temp Sensor
- Light Sensor
- Led
- Button
Just missing a Door sensor to be perfect^^
s.click.aliexpress.com/e/_opaf9hD
Contains:
- Telink TLSR Zigbee/BLE SoC 512KB/64KB
- PHO XBR818 I2C 10G Move Sensor
- WHT20 I2C Humidity Temp Sensor
- Light Sensor
- Led
- Button
Just missing a Door sensor to be perfect^^
Digged into the Gantner ECO NFC Lock
The unlocked STM32L151 did give the Firmware and their Android MoLa App is nice to Reverse engineer still no Luck finding any holes😅
Learned a lot about NFC! The App will emulate an NFC Tag to configure incl. a both way Unique key Handshake
The unlocked STM32L151 did give the Firmware and their Android MoLa App is nice to Reverse engineer still no Luck finding any holes😅
Learned a lot about NFC! The App will emulate an NFC Tag to configure incl. a both way Unique key Handshake
August 5, 2025 at 2:44 PM
Digged into the Gantner ECO NFC Lock
The unlocked STM32L151 did give the Firmware and their Android MoLa App is nice to Reverse engineer still no Luck finding any holes😅
Learned a lot about NFC! The App will emulate an NFC Tag to configure incl. a both way Unique key Handshake
The unlocked STM32L151 did give the Firmware and their Android MoLa App is nice to Reverse engineer still no Luck finding any holes😅
Learned a lot about NFC! The App will emulate an NFC Tag to configure incl. a both way Unique key Handshake