About
10+ years of industry experience in certified products — from PCB to cloud, from sensors to dashboards, from firmware analysis through validated commissioning and documentation to stable production.
Static analysis
Analyze binaries, firmware, and dumps when source code is missing
Dynamic analysis
Bus sniffers and live capture — traffic, signals, timing in operation
Protocol analysis
Decode telegrams, parameter maps, bridge spec — see block below
Network RE
Wireshark, Ethernet/IP, serial monitor ports
Firmware Extraction
JTAG, flash dump, filesystem reconstruction
PCB Reverse Engineering
Schematic extraction, component identification
When source code, protocol documentation, or vendor know-how is lost, we reconstruct how drives, PLCs, and legacy controllers actually communicate—not just model names.
Typical protocols (context)
Example systems — selection from projects and typical DACH installations.
Siemens SINAMICS G120/S120
ABB ACS800/ACS880
Yaskawa A1000/GA700
Cerus X-Drive / xDrive
Siemens SIMATIC S7-300/S7-400
We recover the protocol from traffic, firmware, and machine behavior, document it, and build the bridge, adapter, or replacement path—without replacing the whole machine.
→ Case study PROTO-006 (machine manufacturer, drive retrofit)
ESP-IDF
FreeRTOS, async web server, WiFi, BLE, I2S, SPI, I2C
Zephyr RTOS
nRF Connect SDK, devicetree overlays, Kconfig
STM32 / KEIL
HAL, CMSIS, PlatformIO
Secure Boot & OTA
Firmware signing, RSA-2048, LittleFS, rollback
DSP / FFT
On-device spectral analysis, band energy, real-time analytics
Motor Control
Stepper systems, SPI drivers, SOA testing
PCB Design Full-Cycle
Schematic → layout → bring-up → testing
TÜV / EMC certification process
Test prep, documentation, lab support — EU · US · Canada
Power Sensing
Current and power measurement, SOA tests
Test & Measurement
Spectrum analyzer, oscilloscope, signal generator
Non-standard solutions with patent potential
Unconventional concepts in RE and product development — may be patent-worthy in our assessment; no patent numbers on the public site
Pilot manufacturing
Prototypes, small runs, DFM with partners
Node.js / Express
REST APIs, JWT, WebSockets, schedulers
Python FastAPI
ASGI, Uvicorn, WebSockets, SSE
RabbitMQ
AMQP, MQTT via plugin, TLS/SSL, clustering
Databases
PostgreSQL, TimescaleDB, MongoDB, InfluxDB
DevOps
Docker, GitLab CI, GitHub Actions, Ansible, Nginx
SSL/TLS
Certbot, Let's Encrypt, HTTPS hardening
React / Svelte
Tailwind CSS, Vite, low-latency dashboards
React Native / Expo
iOS + Android, App Store & Play Store
Native Modules
Android/iOS bridges, BLE provisioning
EAS Build/Update
CI/CD for mobile apps
Charting
Chart.js, Recharts, real-time time series
State Management
Zustand, SWR, React Hook Form
Model training & fine-tuning
Supervised learning, evaluation, deployment readiness
Data pipelines & MLOps
ETL, feature engineering, versioning, reproducibility
Foundation & domain models
Pretrained models adapted to industrial data
Meta-models & ensembles
Stacking, routing, specialists per sub-task
AI agents
Tool use, orchestration, MCP, backend integration
Edge & cloud inference
Latency, cost, privacy — on-device vs. server
Prompt Injection Defense
Input sanitization, allowlists, output filtering
OWASP LLM Top 10
Risk review, security architecture
Penetration Testing
Firmware, IoT, web application
LLM Integration
OpenAI GPT API, streaming, structured outputs
Function Calling
Deterministic tool execution, validation
MCP Protocol
Model Context Protocol, secure agent integration
Track record
We find and engineer unconventional approaches — protocol bridges, retrofit electronics, measurement concepts — that in our assessment may be worthy of patenting. No public patent claims; documented for commissioning and evolution.
Test preparation, EMC pre-checks, technical documentation, and iteration with test labs — compliance-oriented engineering for EU (CE), US (FCC), and Canada (IC). Experience from connected industrial products and IoT devices.
Hardware RE, protocol analysis, and firmware security at a high level. Machine manufacturer with customer machines worldwide: EOL drives, lost source, STM32 intermediate controller, inverters retrofitted — case study PROTO-006.
Evidence
No marketing numbers without context: region, system type, technical challenge, and measurable outcome — linked to full case studies.
Sporadic failures on rotating equipment — no usable data basis for early warning during operation.
Edge-FFT diagnostic station as a retrofit path: trends, alarm history, and scalable rollout (see case study).
Case study IND-008 →EOL core chip, no spares, production at risk.
Drop-in PCB redesign after hardware RE — documented cost vs. downtime (see case study).
Case study MFG-002 →Critical flaws in proprietary firmware, compliance requirement.
Security audit and hardening — documented reduction in unplanned outages (see case study).
Case study AUTO-004 →Machine manufacturer, EOL drives in customer machines; lost source — protocol rebuilt via passive RE (sniffer, Ghidra).
STM32 intermediate controller in production, three axes on new inverters — machine software unchanged.
Case study PROTO-006 →Class C, ≥12 year battery, radio swap without breaking seals — OEM needed STM32L4 ultra-low-power core and multi-radio exo-modules.
ULP core, CN injection mould, exo Wi‑Fi/NB‑IoT/LoRa/RS-232, BLE firmware and app advertising.
Case study IOT-007 →No digital interfaces, high unplanned downtime — replacement only via full line swap.
78 points, ESP32 edge FFT, MQTT pipeline and dashboard — predictive maintenance without machine replacement.
Case study SES-005 →Operator or OEM — we review your case in a free 30‑minute call.
Request a free assessment