▲ Consulting · Services

What we can do for you.

Security assessments for OEMs and suppliers. Firmware and protocol reverse engineering for research labs and integrators working with third-party hardware.

Get in touch →

Services

Automotive security assessments and reverse engineering.

Automotive Security

Work on whole vehicles, individual ECUs and the buses connecting them.

  • Black- & white-box penetration testsStructured assessments against a single ECU or a whole vehicle. Typically for OEMs and tier-1 suppliers.
  • Firmware reverse engineeringStatic and dynamic analysis of extracted firmware, for security review or to document behaviour on a part you need to integrate with.
  • Protocol & interface recoveryReflashing protocols, CAN signal layouts, DBC files, and other undocumented interfaces. For research labs, universities, and aftermarket integrators.
  • Secure Onboard Communication (SecOC)Audit SecOC implementation. Check for proper key storage and key distrbution.
Renesas RH850 microcontroller on a test board.

Embedded Hardware

Low-level attacks against the chips themselves, and the custom rigs to run them.

  • Custom hardware developmentPurpose-built test rigs and adapters. For example a FlexRay gateway, OBD-II dongle, or interface boards for a specific ECU under test.
  • Fault injectionTargeted glitching rigs used to recover firmware from locked MCUs.
  • Fuzzing at scaleCoverage-guided fuzzing harnesses for embedded firmware and standalone libraries, from ECU stacks to parser code.
Custom reverse-engineering and analysis tooling.

Software Development

Tooling that supports the work, either as one-offs for a single client or as reusable infrastructure you can own.

  • Custom reverse-engineering toolsIDA/Ghidra plugins, disassembly frontends and trace recorders.
  • Open-source extensionsAdapt the tools we already maintain to your workflow and protocols.
OPEN SOURCE

Tools we build and maintain

Screenshot of the automotive Rust crate repository page on GitHub.

Automotive Crate

Async Rust crate for automotive protocols

Rust building blocks for CAN, ISO-TP, and UDS workflows, with adapter support for SocketCAN, panda, J2534, and Vector devices.

RustCANUDS
View project →
Saleae Logic 2 screenshot showing decoded FlexRay traffic.

FlexRay Analyzer

Saleae Logic 2 extension for FlexRay captures

Low-level FlexRay analyzer for Saleae Logic 2 with symbol recognition, CRC verification, and regression-checking automation.

FlexRaySaleaeC++
View project →
3D render of the OpenCarLink hardware board from the Hardware-Phase-2 project.

OpenCarLink Hardware

ESP32-based vehicle interface with CAN and DoIP

Open hardware for an ESP32-based vehicle interface, including board designs, libraries, and 3D models for the platform.

ESP32CANDoIP
View project →
Screenshot of the automotive-compilers repository page on GitHub.

Automotive Compilers

Dockerized toolchains for automotive targets

Minimal Dockerfiles for GCC toolchains targeting PowerPC VLE, TriCore, and V850/RH850 workflows, optimized for shellcode and bare-metal builds.

DockerGCCShellcode
View project →
Screenshot of the pdf-mcp repository page on GitHub.

PDF MCP

PDF tooling for AI-assisted datasheet work

An MCP server for reading, rendering, and searching PDFs so AI tools can work through datasheets, manuals, diagrams, and technical tables.

MCPPDFAI
View project →

Start a project

Get in touch to discuss the scope of your assessment, reverse-engineering work, or custom tooling needs.

Get in touch →