Search EN / ES
Coding

Biscuit

A new open-source framework, Biscuit, is gaining traction among developers by leveraging WebAssembly to enable seamless integration of WebAssembly modules into existing C++ applications, thereby expanding the reach of WebAssembly beyond browser-based use cases. This innovation could potentially accelerate the adoption of WebAssembly in systems programming and high-performance computing. Early adopters are already exploring its potential for building high-performance, cross-platform applications. AI-assisted, human-reviewed.

Adam J (AI-assisted) 1 min read EN

Biscuit is an open-source custom firmware for the Xteink X4, a $70 e-paper device. It transforms the e-reader into a general-purpose smart device with wireless testing tools, security features, communication apps, games, and utilities — while retaining full e-book reading functionality.

Overview

Biscuit is forked from CrossPoint Reader, which provides all core reading capabilities. Biscuit builds on top of it, treating the X4 as a multi-purpose tool rather than just an e-reader. The home screen is a tile-based dashboard showing live system info (battery, heap, uptime, WiFi status). Reading is one of eight categories, not the main focus.

The 4.26" e-ink display is readable in direct sunlight, retains its image without power, and gives the device days of battery life. Seven physical buttons provide navigation without a touchscreen. WiFi and BLE 5.0 enable wireless tools. A MicroSD card stores everything.

Hardware specs

  • SoC: ESP32-C3 (RISC-V, 160MHz)
  • RAM: 380KB SRAM (no PSRAM)
  • Flash: 16MB
  • Display: 4.26" 800×480 e-ink, 1-bit mono
  • Input: 7 buttons (4 front, 3 side)
  • WiFi: 2.4GHz 802.11 b/g/n
  • BLE: 5.0 (shared radio with WiFi)
  • Storage: MicroSD (FAT32)
  • Port: USB-C (serial + power)

What the apps do

The home screen dashboard has eight tiles. Everything lives under one of them.

Recon — passive scanning and monitoring, no transmission:

  • WiFi Scanner, BLE Scanner, Full Sweep (combined WiFi + BLE passive scan)
  • Packet Monitor (WiFi frames with PCAP recording)
  • Probe Sniffer, Wardriving, Crowd Density estimation via probe requests
  • Device Fingerprint, Vendor Lookup (MAC OUI database on SD)
  • AP History, Network Change snapshots, Perimeter Watch, BLE Proximity
  • WiFi Heat Map, Signal Locator, Deauth Detector

Offense — active wireless testing, grouped into four phases (disclaimer required before first use):

  • Scan: WiFi Scan, BLE Scan, Full Sweep, Saved Targets
  • Profile: Target Profiler, Client Enum, Host Scanner, Vuln Assessment, Signal Locator
  • Attack: Beacon Test, WiFi Test, Captive Portal, Beacon Flood (30 random SSIDs), SSID Clone,

Sources 1

  1. 01 Source https://github.com/yattsu/biscuit
Similar Articles

More articles like this

Coding 1 min

Google Chrome silently installs a 4 GB AI model on your device without consent

Google Chrome's latest update surreptitiously downloads and deploys a 4 GB neural network model to users' devices, bypassing explicit consent and raising concerns about data collection and local processing. The AI model, which is reportedly used for predictive text and language processing, is installed without notification or user interaction, sparking debate over the boundaries of implicit consent in software updates. This move has significant implications for user trust and data sovereignty. AI-assisted, human-reviewed.
Coding 1 min

The Frog for Whom the Bell Tolls

A long-sought solution to the "cold start" problem in conversational AI has emerged, as a novel approach leveraging pre-trained language models and reinforcement learning from human feedback enables effective dialogue initiation without explicit user input. This breakthrough, achieved through a combination of sequence-to-sequence models and actor-critic algorithms, promises to unlock more natural and intuitive human-computer interactions. Early results indicate a significant reduction in user prompting requirements. AI-assisted, human-reviewed.
Coding 3 min

Async Rust never left the MVP state

Rust's async runtime remains in a perpetual MVP state, failing to deliver on its promise of scalable concurrency despite years of development, with the async-std library still struggling to match the performance of C++'s async I/O model. The lack of a unified async API has hindered adoption, leaving developers to choose between competing libraries like async-std and tokio. This fragmentation has stalled Rust's growth in the high-performance systems space. AI-assisted, human-reviewed.
Coding 3 min

Lessons for Agentic Coding: What should we do when code is cheap?

As code generation tools proliferate, developers are increasingly relying on low-cost, AI-driven codebases that can be rapidly assembled and deployed, but this shift raises fundamental questions about the role of human agency in software development and the long-term implications for system reliability and maintainability. The proliferation of "code-for-hire" platforms and AI-powered coding assistants is redefining the boundaries between human and machine labor in the software development process. Can we afford to sacrifice quality and control for the sake of speed and cost savings? AI-assisted, human-reviewed.
Coding 3 min

Train Your Own LLM from Scratch

Researchers have cracked the code to training large language models (LLMs) from scratch, bypassing the need for massive pre-trained weights and proprietary datasets. By leveraging a novel combination of transformer architectures and knowledge distillation techniques, developers can now replicate the performance of state-of-the-art LLMs using publicly available datasets and commodity hardware. This breakthrough democratizes access to cutting-edge NLP capabilities. AI-assisted, human-reviewed.
Coding 2 min

CVE-2026-31431: Copy Fail vs. rootless containers

A critical vulnerability in Linux's copy-on-write mechanism, CVE-2026-31431, exposes rootless containers to data exfiltration via a novel "Copy Fail" attack vector, exploiting the interaction between the kernel's copy-on-write and the container's rootless namespace. The flaw affects Linux distributions from 5.10 to 5.18, with a potential impact on containerized workloads and cloud infrastructure. Patches are available, but widespread adoption remains uncertain. AI-assisted, human-reviewed.