Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I just finished playing with my Shimano Di2 groupset and the e-tube app. Last year researchers revealed that a simple replay attack was possible to shift someone elses bicycle. My bike was delivered with updated firmware that is no longer vulnerable so I had to find a way to downgrade the bike. The e-Tube app only allows updating the bike, but it detects root, emulators, frida-server or changing the APK and then crashes. I had to find a way to circumvent that and use an SDR to do the actual attack


Would love to see a write up on this


You can find the writeup of how I downgraded the firmware here: https://grell.dev/blog/di2_downgrade

The actual attack is described here: https://grell.dev/blog/di2_attack


I don't have one published yet, but I plan to publish it on my blog soon. It might be after this thread gets locked. Feel free to send me an email so I can notify you about it when I publish it. My address is my username @posteo.de




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: