Technical deep dives into building a unified embedded OS in Rust — from reverse engineering a 2004 handheld to streaming video inside a game engine.
How trait-based backend abstraction lets the same Rust codebase render to SDL3, WebAssembly, PSP hardware, Unreal Engine 5, and a kernel-mode overlay — without a single #[cfg] in core logic.
Sony's firmware ships SSL 3.0 with 2008 root CAs. We implemented native TLS 1.3 via embedded-tls on bare metal — discovering privileged instruction traps, RSA handshake failures, and DNS endianness bugs along the way.
Building a TV Guide that streams live video on desktop (symphonia + openh264 with a sliding-window buffer) and PSP (in-memory AAC hardware decode with backpressure throttling). Solving the throttle deadlock, CDN failover, and moov atom positioning.
Forking and hardening a Rust SDK for PSP homebrew — fixing LLVM memcpy recursion on MIPS, weak import stub flags that break real hardware, DNS byte-order bugs, and building 38 high-level modules with RAII resource management.
Deep hardware RE of the PSP's USB subsystem — decrypting Sony's firmware, discovering a MUSB OTG controller and that accessories use side contact pads (not USB VBUS) for power, and building a custom USB device driver in Rust.
A deep architectural walkthrough of the five backend traits — how 13 required methods, 39 optional primitives, and 8 extension traits enable one codebase to render across SDL3, Canvas 2D, PSP hardware, and a software framebuffer.
Tracing H.264 decode failures to empty firmware stubs, reverse engineering the ME’s RPC protocol (22 command IDs, 47 NIDs), discovering a 70-frame firmware deadlock, and building three solutions — runtime binary patching, a kernel watchdog hook, and P/B-frame skipping for indefinite stable streaming.
Closing the loop on embedded hardware development — WiFi auto-connect, a TCP command server with remote input injection, live framebuffer streaming, arbitrary file upload, and a DIY linear actuator. An AI agent used this infrastructure to debug H.264 video decode across 30+ iterations without touching the device.
Running a full ES2023+ JavaScript engine on 333 MHz MIPS. Three bring-up bugs blocked it — a 4-byte-alignment trap in the std random module, an orphaned time overlay that routed Instant::now into a panicking shim, and a 16 KB cmd-server thread stack too small for boa’s parser. None reproduced in PPSSPP. All three fixed; 1 + 2 + 3 now returns 6 on real hardware. Superseded 2026-04-14: the PSP backend has since migrated to QuickJS-NG via rquickjs, the same engine used on desktop/WASM/UE5, with DOM bindings wired in and <script> tags executing against the browser on real hardware.