IGS Arcade Reverse Engineering Series (4) - ASIC27 Protocol and Static Analysis of TSGROM Files

Monday, September 8, 2025

Embedded Architecture Analysis IGS’s anti-piracy technology isn’t particularly hard, but it’s extremely weird—probably because the code quality is terrible. …

IGS Arcade Reverse Engineering Series (3) - Getting a Shell

Monday, June 23, 2025

I’ve made quite a bit of progress lately, but I’ve hit a bottleneck. There are probably about three more posts’ worth of material. I’ve been very busy recently, so I’m publishing part three first. …

IGS Arcade Reverse Engineering Series (2) - Recovering Game Files

Sunday, May 25, 2025

In the previous post, I mentioned that the game has a protection mechanism that destroys partitions. In this post, we’ll dig deeper into it. …

IGS Arcade Reverse Engineering Series (1) - E2000 Platform Analysis

Saturday, May 17, 2025

Preface 2010 was the golden era of arcades. As mobile devices and home consoles became widespread, the arcade industry gradually declined. Although some policies were introduced domestically to encourage the amusement gaming equipment industry, the sector has long been out of favor with investors. The 2020 pandemic dealt an even heavier blow to the arcade business. …

VW ID.4 ICAS1 Vehicle Control Analysis

Thursday, December 26, 2024

Preface In 2021, while working at 360, I built a test bench for the VW ID.4. I was close to getting significant results—I had internal ODIS access and root privileges on ICAS3—but I was abruptly reassigned to build a demo vehicle during a business trip, which disrupted my follow-up plans. During that period, a combination of professional obligations and personal challenges forced me to pause the research. …

QNX 7 Password Hash Analysis and Writing a Hashcat Module

Thursday, September 14, 2023

Preface Back in 2021, while attempting to crack QNX hashes, I discovered that Hashcat lacked support for QNX 6.6.0. Although there was an existing issue requesting this feature, I was too occupied to implement it at the time. …

General Tips for Firmware Reverse Engineering

Monday, August 15, 2022

Preface These notes were originally compiled years ago as a quick reference. They are somewhat fragmented and do not provide step-by-step procedures, but I continue to update them over time. …

Bypassing JVMTI-Based Encryption Protection

Monday, June 28, 2021

Research Process While researching a specific vehicle recently, I encountered a Windows application used to connect to a dealer intranet. …

Firmware Extraction Series: Firmware Media

Saturday, December 28, 2019

What is Firmware? Firmware, sometimes referred to as a firmware image (or simply “ROM” in mobile communities), resides in Non-Volatile Memory (NVM) and can be both read and written. In embedded systems, the most common NVM types are ROM (Read-Only Memory) and Flash memory. While strictly speaking, “ROM” includes Mask ROM, PROM, EPROM, and EEPROM, modern “mainstream ROM” usually refers to EEPROM integrated within an MCU. Flash memory typically serves as the primary external storage. …

Firmware Extraction Series: UBI Filesystem Extraction and Repacking

Saturday, December 28, 2019

Preface I originally wrote this post last year but accidentally set the GitHub repository to private and lost the README. After re-uploading, the context felt slightly dated, but the technical content remains relevant. …