Symbolic Deobfuscation: From Virtualized Code Back to the Original (DIMVA 2018)

This micro blog post introduces our research regarding symbolic deobfuscation of virtualized hash functions in collaboration with the CEA and VERIMAG.

more ...

Easy::jit: Just-In-Time compilation for C++

Easy::jit is a library that brings just-in-time compilation to C++ codes. It allows developers to jit-compile some functions and specializing (part of) their parameters. Just-in-time compilation is done on-demand and controlled by the developer. The project is available on github .

more ...

Overview of Intel SGX - Part 1, SGX Internals

This blog-post provides the reader with an overview of the Intel SGX technology. In this first part, we explore the additions made to Intel platforms to support SGX, focusing on the processor and memory. We then explain the management and life cycle of an enclave. Finally, we detail two features of enclaves: secret sealing and attestation.

more ...

Quarks In The Shell - Episode IV

This year has been very fruitfull for Quarkslab with lot of research, new challenges, newcomers, open source success. It is now a tradition to look back at what we have done during a small conference named “Quarks in the Shell” or just "QITS", where we share the year experience with our customers, partners and friends. QITS meeting is one of the output channels for our research work that is also reflected in internal tools, our open-source projects (e.g. Triton, LIEF and QDBI), and our products (IRMA Enterprise and Epona).

more ...

Introduction to Trusted Execution Environment: ARM's TrustZone

Increasing popularity of connected devices in recent years has led devices manufacturers to deal with security issues in a more serious way than before. In order to address these issues appropriately, a specification has emerged to define a way to ensure the integrity and confidentiality of data running in the entity implementing this specification.

more ...

LIEF 0.9

This blog post introduces major changes in LIEF 0.9 as well as work in progress features that will be integrated in further releases. Changelog is available here.

more ...

When SideChannelMarvels meet LIEF

On how we used LIEF to lift an Android x86_64 library to Linux to perform our usual white-box attacks on it.

more ...

Android Bluetooth Vulnerabilities in the March 2018 Security Bulletin

The March 2018 Android Security Bulletin includes fixes for 10 vulnerabilities in its Bluetooth stack, some of which were also independently discovered by Quarkslab, but were fixed while we were in the process of reporting them to Google (spoiler alert: we have reported a few more new Bluetooth vulnerabilities to the Android team — we'll disclose the details after they get fixed). This blogpost shows technical details for a couple of these fixed bugs, which can be triggered remotely and without any user interaction, as well as proof-of-concept code for them.

more ...

Flash Dumping - Part II

Second part of a blog post series about our approach to dump a flash chip. In this article we describe how to restore functionality of a device with a flexible setup.

more ...

Frozen - zero cost initialization for immutable containers and various algorithms

A new version of Frozen, an open source, header-only library that provides fast, immutable, constexpr-compatible implementation of std::search, std::set, std::map, std::unordered_map and std::unordered_set to C++14 users. That's a follow up to the previous post !

more ...