Date Thu 04 March 2021
Author Eric Le Guevel
Category Android

A quick introduction to Android Emuroot, a Python script that allows to get root privileges on the fly on an Android Virtual Device (AVD). It explains the reverse engineering steps needed for the script to work with recent AVDs and provides a preview of specific Linux kernel structures in memory.

Date Thu 11 February 2021
Author instrumentation-team
Category Programming

This blog post introduces the release 0.8.0 of QBDI.

Date Thu 28 January 2021
Author Francisco Falcon
Category Vulnerability

This blog post provides details about four vulnerabilities we found in the IPv6 stack of FreeBSD, more specifically in rtsold(8), the router solicitation daemon. The bugs affected all supported versions of FreeBSD, and the most severe of them could allow an attacker attached to the same physical link to gain remote code execution as root on vulnerable systems. The vulnerabilities were discovered and reported to FreeBSD Security Team in November 2020. FreeBSD issued fixes for these bugs on December 1st, 2020 along with security advisory FreeBSD-SA-20:32.rtsold.

Date Thu 17 December 2020
Authors Laurent Grémy, Christian Heitman
Category Blockchain

The Ethereum Foundation mandated Quarkslab to perform an audit of the herumi libraries. They provide an API to perform BLS signatures, one of the core components of the new iteration of the Ethereum blockchain, named Ethereum 2.0. While reviewing the architecture of these libraries, their back ends and the adherence with the ongoing RFCs to standardize BLS signature usage, we found some issues primarily regarding their design. Although these are not considered critical, they impact the overall reliability of the libraries. We provide recommendations to improve the design of the libraries, the readability of the code and the usability of both projects.

Date Thu 19 November 2020
Authors Philippe Teuwen, Christian Herrmann
Category Hardware

Latest news from the Proxmark3 world, crunchy bits included...

Date Thu 12 November 2020
Author Francisco Falcon
Category Reverse-Engineering

Microsoft is currently working on Xtended Flow Guard (XFG), an evolved version of Control Flow Guard (CFG), their own control flow integrity implementation. XFG works by restricting indirect control flow transfers based on type-based hashes of function prototypes. This blog post is a deep dive into how the MSVC compiler generates those XFG function prototype hashes.

Date Fri 16 October 2020
Author Francisco Falcon
Category Exploitation

This blog post analyzes the vulnerability known as "Bad Neighbor" or CVE-2020-16898, a stack-based buffer overflow in the IPv6 stack of Windows, which can be remotely triggered by means of a malformed Router Advertisement packet.

Date Thu 15 October 2020
Author Quarkslab
Category Life at Quarkslab

We LOVE interns! Really. We love them because they bring fresh air to the company and because we see them grow, not only during the internship but also after, when they are hired and can get to work on so many other topics. There are 2 goals for us in every internship we offer:

  • Explore a topic we don't necessarily know very well, hence train the new expert on the topic,

  • Hire you after the internship to keep and share your new expertise with colleagues.

Date Thu 10 September 2020
Author Nahuel Riva
Category Hardware

A blog post about the security implemented in the August Smart Lock, with special focus on the Bluetooth Low Energy capabilities.

Date Tue 18 August 2020
Author Paul Hernault
Category Cryptography

This post is a noob-friendly introduction to whiteboxes along with the presentation and explanation of a (not-new) collision-based attack. The attack is demonstrated against a public whitebox, using QBDI to instrument and analyze the target in order to produce traces of execution.