Welcome to ph4r05 dev blog.

Dušan Klinec (Ph4r05)



Our security related blog with topics on router firmware reverse engineering, deserialization vulnerabilities and more…

Monero Trezor integration

Monero transaction signing implemented to the Trezor hardware wallet.

I’ve designed transaction signature protocol suitable for use with Trezor hardware wallet which is simple and easy to analyze.

I’ve later implemented the protocol in C (trezor-crypto extensions, missing ed25519 functions, fromfe_frombytes_vartime, Monero crypto functions, …) and Micropython to the hardware wallet codebase. I’ve implemented native Monero C++ binding, currently as a PR.

As a part of this project I’ve implemented the python version of the both wallet and device versions in the monero-agent which may serve for educational purposes and further research prototyping. For this I need to implement:

  • Several serialization schemes used in the Monero (blockchain format, Boost, RPC/key-value format) in the monero-serialize python library.
  • py-trezor-crypto python library which provides python binding to the trezor-crypto cryptographic library.
  • py-cryptonight Python binding for cryptonight PoW function

  • Port Bulletproofs, Borromean and MLSAG algorithms from C++ to Python, optimize it for memory constrained environment.

ROCA - Return of the Coppersmith attack

I was part of the team working on the ROCA attack (known for affecting eID in Estonia and Slovakia).

  • Performed data collection, scanning and analysis.
  • Discovered that Estonia was still vulnerable in August 2017 by scanning and analysing public keys database. Our notification helped them to address problem prior the public disclosure.
  • Authored the roca detector - versatile detection tool.


Certificate expiry, certificate monitoring for TLS, HTTPS, Let’s Encrypt, with free cloud service. Automatic monitoring of subdomain servers as they are set up.

I’ve implemented the first KeyChest version based on Python backend daemon scanning, crawling and processing X509 certificates, performing analysis and storing results to the database.

Frontend was based on PHP Laravel and Vue.js with responsive elements. I’ve authored several NPM packages used in the UI. Backend and frontend communicated via Redis queues and database. Responsive UI was implemented using advanced Javascript and websockets.

Technologies: python, redis, mysql/pgsql, alembic, sqlalchemy, flask, gevent, websockets, roca-detector, php, laravel, vue.js, vuex, webpack, npm, promises, acacha, admin-lte


Secure mobile communication system.

  • End-to-end encrypted voice calls, text messages, file transfer.
  • Perfect forward secrecy.
  • ZRTP, AES-256.
  • Android application
  • iOS application
  • Used backend technologies:
    • Java/Spring based servers, PHP/Laravel license server, ActiveMQ messaging,
    • XMPP Server Openfire + our plugin for signalling over XMPP and push messages integration (GCM, iOS).
    • OpenSips server + custom msilo plugin for reliable message delivery over unstable mobile links. I’ve controbuted to OpenSips by fixing several vulnerabilities found by Coverity.


AES Whitebox implementation

My master thesis focused on analysis and implementation of the selected Whitebox schemes for AES. I’ve implemented the basic Chow and Karroumi scheme. The Karroumi scheme was discovered to be vulnerable in the thesis. Implementations are released under permissive licenses. For more info please refer to my master thesis. Implementations in C++ and Java are available.


Google Scholar

Other projects

More of my projects you can find on my GitHub account Here is a small selection: