Michał Kowalczyk 🇺🇦 (@dsredford) / X

Michał Kowalczyk 🇺🇦

747 posts

Michał Kowalczyk 🇺🇦

@dsredford

reverse-engineering / low-level security @DragonSectorCTF vice-captain / Invisible Things Lab Mastodon: @[email protected] bsky: @mkow.bsky.social

Zürich

Joined December 2011

Michał Kowalczyk 🇺🇦
@dsredford
Jun 28, 2024
It's finally happened! NEWAG IP Management just sued us for copyright infringement and unfair competition. Here's a symbolic picture of the lawsuit as a whole: Newag quoting q3k's own code as supposedly their IP :) More: infosec.exchange/@q3k@hackerspa…
82K
Michał Kowalczyk 🇺🇦
@dsredford
Dec 5, 2023
Achievement unlocked: Cracking a train
q3k :blobcatcoffee: (@[email protected])
From social.hackerspace.pl
50K
Michał Kowalczyk 🇺🇦
@dsredford
Aug 26, 2024
Just two days left until the first hearing in Newag's lawsuit against us (Dragon Sector members) and SPS. In case you've missed it, we're being accused of infringing upon Newag's intellectual property and unfair competition. More details: infosec.exchange/@q3k@hackerspa…
57K
Michał Kowalczyk 🇺🇦
@dsredford
Dec 26, 2023
Tomorrow (27.12) 23:00 CET, don't miss it! :)
49K
Michał Kowalczyk 🇺🇦
@dsredford
Feb 4, 2024
Shout out to the Security Research Legal Defense Fund for helping us go public about our train research! We're honored to be their first grantees. Longer post + link to their announcement:
q3k :blobcatcoffee: (@[email protected])
From social.hackerspace.pl
39K
Michał Kowalczyk 🇺🇦
@dsredford
Sep 14, 2024
Newag, seemingly unsatisfied with their legal lawsuit against us, has just filed another one. This time in Gdańsk from another legal entity. Of course we learned about this through someone tweeting a fragment of their executive board report. More info:
social.hackerspace.pl
q3k :blobcatcoffee: (@[email protected])
Attached: 1 image Looks like Newag isn't satisfied with how their civil lawsuit against us in Warsaw is going - because they just filed another one, this time in Gdańsk, and from another corporate...
24K
Michał Kowalczyk 🇺🇦
@dsredford
Jun 11, 2024
[PL] „Zainstalowane przez hackerów oprogramowanie“ - jak PAP.pl kłamie o aferze z Newagiem: q3k.org/2024-06-11-pap… Nie to planowaliśmy postować w najbliższym czasie w sprawie afery z Newagiem, ale tego typu kłamstwa nie mogą pozostać bez odpowiedzi.
10K
Michał Kowalczyk 🇺🇦
@dsredford
Aug 31, 2024
[PL] Świetny artykuł z aktualnego stanu sprawy, polecam :) (analiza pozwu przeciwko nam i trochę pierwszej rozprawy)
oko.press
Newag się wycofuje. Już nie twierdzi, że hakerzy z Dragon Sector zmienili oprogramowanie w Impulsach
28 sierpnia rozpoczął się proces wytoczony przez Newag m.in. ekspertom z Dragon Sector. Ale już nie zarzuca im modyfikację oprogramowania
14K
Michał Kowalczyk 🇺🇦
@dsredford
Jun 28, 2024
Replying to @dsredford
(btw. this is a sample, toy PLC code written by q3k to show how PLC programmin works, from our 37C3 preso - see slide 28 in fahrplan.events.ccc.de/congress/2023/…)
5.8K
Michał Kowalczyk 🇺🇦
@dsredford
Dec 6, 2023
Replying to @kingcrimson_777 and @Zaufana3Strona
Tak, nie było zabezpieczeń, tylko po prostu wysoki próg wejścia do analizy. Mnie to ani trochę nie dziwi, taki typowy programista raczej nie wie, że da się wyciągnąć kod z pociągu i go przeanalizować. W końcu przecież nie mamy źródeł :)
20K
Michał Kowalczyk 🇺🇦
@dsredford
Nov 9, 2017
Slides (PL) from a talk given by @q3k and me about reversing/hacking Toshiba laptop BIOS protection + EC signature system: q3k.org/u/bd81619010b3…
Michał Kowalczyk 🇺🇦
@dsredford
Nov 4, 2019
Replying to @_tsuro
My very hacky solution: gist.github.com/mkow/2b73b1c6f… I'll try to post cleaned-up version later, but no promise ;)
RIDL (Google Capture The Flag 2019 Finals solution)
From gist.github.com
Michał Kowalczyk 🇺🇦
@dsredford
Dec 27, 2023
First attempt at sabotaging our 37C3 talk - just got a paper model of an Impuls train right when we should be finishing our slides 😬
6.3K
Michał Kowalczyk 🇺🇦
@dsredford
Dec 6, 2023
Now available in English! :) (it's a synopsis of our talk we had yesterday and will also have at 37C3)
Bad Cyber
@badcybercom
Dec 6, 2023
Dieselgate, but for trains - some heavyweight hardware hacking. badcyber.com/dieselgate-but… Story about trains that broke down and analysis that discovered it was not a coincidence.
13K