@SecureOwl what, and you’re not going to show us what the advanced tab looked like? cruel and unusual punishment!

@siguza probably as simple as doing fuse://filesystem?user=""&host=""& etc.

@siguza be careful what you wish for… if that ever happens I bet the Electron people find some way to abuse it

@siguza I mean, what’s stopping someone from providing a “FUSE stub” that just implements FUSE API on top of bytes?

@siguza oh, you mean like with the mount command? Can mount commands not take arbitrary parameters?

@siguza like the stuff that allows FUSE via NFS… just cut out the NFS and use a custom method of IPC between the FUSE clients and FSKit extension.

@siguza is there some mechanism preventing all FUSE filesystems being presented as a single FSKit “filesystem”?

@nicolas17 nope, any app can use it with a development provisioning profile

I have the com.apple.developer.carrier-messaging-app entitlement, and I set the app as the "Default Messaging App" in Settings, not sure if there is any other setup necessary?

Has anyone managed to use TelephonyMessagingKit on #iOS26 ?

I tried, but I keep getting an error from CommCenter:

Rejecting <private> request: client has bundle ID <private>, expected com.apple.MobileSMS

So we actually got the full custom XPC support for iOS 26 across apps. I'm a little surprised that Apple didn't emphasize more on this. Biggest change of iOS app architecture since there are third party apps?

Sure looks to me like ExtensionKit for iOS has finally arrived.

https://developer.apple.com/documentation/extensionkit/exhostviewcontroller

I’ve been reversing their “Gateway”/ECG2 module, seems to be the primary security boundary on the vehicle.

Annoyingly, they seem to have a pretty solid design— AES keys used for CAN message authentication are stored in a HSE.

They’re running Linux on the main cores, with proper secure boot + SELinux + their own “app” signing system…

Has anyone done any research into Ford’s new* TRON encryption scheme?

*apparently introduced in some models during the ‘23 MY

My PR to Binary Ninja to provide a “Pseudo Objective-C” representation of decompiled code was merged and is available in the latest 5.1-dev builds. For best results, use in conjunction with https://github.com/bdash/bn-objc-extras to hide Obj-C memory management noise and propagate more type information.

#binaryninja #reverseengineering #objectivec
https://social.bdash.net.nz/@mrowe/114468984084790336

The DWARF debug format is well-known for debugging executables,
but it is also an effective format for sharing reverse engineering information
across various tools, such as IDA, BinaryNinja, Ghidra, and Radare2.

In this blog post, I introduce a new high-level API in LIEF that allows the
creation of DWARF files. Additionally, I present two plugins designed to export
program information from Ghidra and BinaryNinja into a DWARF file.

https://lief.re/blog/2025-05-27-dwarf-editor/

(Bonus: The blog post includes a DWARF file detailing my reverse engineering work on DroidGuard)

The Formal Analysis of Apple's iMessage PQ3 Protocol was accepted at the USENIX Security Symposium
https://www.usenix.org/conference/usenixsecurity25/presentation/linker

there is a monster in the forest and it speaks with a thousand voices.

https://gist.github.com/JJTech0130/07e2458df592faad1d2ba72283a0ca50