Date Thu 15 October 2020
Author Quarkslab
Category Life at Quarkslab

We LOVE interns! Really. We love them because they bring fresh air to the company and because we see them grow, not only during the internship but also after, when they are hired and can get to work on so many other topics. There are 2 goals for us in every internship we offer:

  • Explore a topic we don't necessarily know very well, hence train the new expert on the topic,

  • Hire you after the internship to keep and share your new expertise with colleagues.

Date Thu 10 September 2020
Author Nahuel Riva
Category Hardware

A blog post about the security implemented in the August Smart Lock, with special focus on the Bluetooth Low Energy capabilities.

Date Tue 18 August 2020
Author Paul Hernault
Category Cryptography

This post is a noob-friendly introduction to whiteboxes along with the presentation and explanation of a (not-new) collision-based attack. The attack is demonstrated against a public whitebox, using QBDI to instrument and analyze the target in order to produce traces of execution.

Date Tue 04 August 2020
Author Tom Czayka
Category Android

This blog post dives into how to get a better understanding of an Android native function by taking full advantage of both Frida and QBDI.


This third article from the Samsung's TrustZone series details some vulnerabilities that were found and how they were exploited to obtain code execution in EL3.

Date Thu 25 June 2020
Authors Christian Heitman, Jonathan Salwan
Category Program Analysis

This blog post is a follow-up on the announcement of Triton v0.8, where we explain how we added support for ARMv7 and provide a guideline for adding new architectures.

Date Tue 09 June 2020
Author 706a5669981f47b5fce062bd6bd6e6a3
Category Vulnerability

A look at the new Fuchsia Operating System.

Date Thu 28 May 2020
Authors Damien Aumaitre, Nicolas Surbayrole
Category Software

Ansible is an open-source software automating configuration management and software deployment. Ansible is used in Quarkslab to manage our infrastructure and in our product Irma. In order to have an idea of the security of Ansible, we conducted a security assessment. This blogpost presents our findings.

Date Tue 12 May 2020
Author Philippe Teuwen
Category Hardware

In the context of the Inter-CESTI 2019 challenge, we "accidentally" found a timing difference disclosing the length of a PIN handled via the standard OwnerPIN.check JavaCard API. Here is the story.

Date Thu 07 May 2020
Author Nahuel Riva
Category Hardware

A blog post about how to reverse engineer a VxWorks based device.