Hi friends and welcome to the last post for this year! Whenever someone asks me how to get started with reverse engineering, I always give the same advice: buy the cheapest IP camera you can find. These devices are self-contained little ecosystems - they have firmware you can extract, network protocols you can sniff, and mobile apps you can decompile. Chances are, you鈥檒l find something interesting. At worst, you鈥檒l learn a lot about assembly and embedded systems. At best, you鈥檒l find some juicy vulnerability and maybe learn how to exploit it! I own several TP-Link Tapo C200 cameras myself. They鈥檙e cheap (less than 20 EUR from Italy), surprisingly stable, and I genuinely like them - they just work. One weekend, I decided just for fun to take my own advice. The Tapo C200 has been around for a while and has had a few CVEs discovered and more or less patched over the years, so I honestly wasn鈥檛 expecting to find much in the latest firmware. However, I wanted to use this chance to perform some AI assisted reverse engineering and test whether I could still find anything at all. I documented the entire process live on Arcadia - my thought process, the dead ends, the AI prompts that worked and the ones that didn鈥檛. If you want the raw, unfiltered version with screenshots and videos of things crashing, go check that out. This post is the cleaned-up version of that journey, where I wanted to show how I approach firmware analysis these days, now that we have AI. You will notice that in several instances I will be particularly lazy and delegate to AI things I could have done manually and/or inferred myself after some more work. Keep in mind that while I am generally lazy, this was also an experiment in integrating and documenting how effective AI can be for security research and reverse engineering, and especially in making them accessible to less experienced/sophisticated researchers/attackers. What started as a lazy weekend project turned into finding a few security vulnerabi...
First seen: 2025-12-19 19:18
Last seen: 2025-12-20 17:29