←back to thread

Ask HN: What Are You Working On? (June 2025)

439 points david927 | 1 comments | 29 Jun 25 20:21 UTC | HN request time: 0.236s | source

What are you working on? Any new ideas which you're thinking about?

Show context

pentamassiv ◴[29 Jun 25 23:28 UTC] No.44417579[source]▶

>>44416093 (OP) #

I just finished playing with my Shimano Di2 groupset and the e-tube app. Last year researchers revealed that a simple replay attack was possible to shift someone elses bicycle. My bike was delivered with updated firmware that is no longer vulnerable so I had to find a way to downgrade the bike. The e-Tube app only allows updating the bike, but it detects root, emulators, frida-server or changing the APK and then crashes. I had to find a way to circumvent that and use an SDR to do the actual attack

replies(1): >>44418950 #

ARob109 ◴[30 Jun 25 03:16 UTC] No.44418950[source]▶

Would love to see a write up on this

replies(2): >>44423863 #>>44449005 #

1. pentamassiv ◴[02 Jul 25 21:22 UTC] No.44449005[source]▶

You can find the writeup of how I downgraded the firmware here: https://grell.dev/blog/di2_downgrade

The actual attack is described here: https://grell.dev/blog/di2_attack