←back to thread

Ask HN: What Are You Working On? (June 2025)

439 points david927 | 3 comments | 29 Jun 25 20:21 UTC | HN request time: 0.875s | source

What are you working on? Any new ideas which you're thinking about?
Show context
pentamassiv ◴[29 Jun 25 23:28 UTC] No.44417579[source]
I just finished playing with my Shimano Di2 groupset and the e-tube app. Last year researchers revealed that a simple replay attack was possible to shift someone elses bicycle. My bike was delivered with updated firmware that is no longer vulnerable so I had to find a way to downgrade the bike. The e-Tube app only allows updating the bike, but it detects root, emulators, frida-server or changing the APK and then crashes. I had to find a way to circumvent that and use an SDR to do the actual attack
replies(1): >>44418950 #
1. ARob109 ◴[30 Jun 25 03:16 UTC] No.44418950[source]
Would love to see a write up on this
replies(2): >>44423863 #>>44449005 #
2. pentamassiv ◴[30 Jun 25 14:34 UTC] No.44423863[source]
I don't have one published yet, but I plan to publish it on my blog soon. It might be after this thread gets locked. Feel free to send me an email so I can notify you about it when I publish it. My address is my username @posteo.de
3. pentamassiv ◴[02 Jul 25 21:22 UTC] No.44449005[source]
You can find the writeup of how I downgraded the firmware here: https://grell.dev/blog/di2_downgrade

The actual attack is described here: https://grell.dev/blog/di2_attack