Date Tue 24 September 2019
Authors Robin David, Alexis Challande
Category Program Analysis

This blog post presents a comparison between various disassembled binary exporters.


This blog post demonstrates through an example how the Epona obfuscating compiler, from the Epona Application Protection Suite, achieves the challenge of facilitating the everyday experience of its users while enabling better obfuscation schemes trade-offs.

Date Tue 10 September 2019
Author instrumentation-team
Category Programming

This blog post introduces the release of QBDI v0.7.0 as well as an Android use case.

Date Mon 09 September 2019
Author Elie Mengin
Category Math

In this blogpost, we present a general method to efficiently compare functions from a new binary against a large database (made of numerous known functions). This method has strong theoretical properties and is perfectly suited to address many conventional problems, such as classification, clustering or near duplicate detection.

Date Mon 02 September 2019
Author Melchior de Roquefeuil
Category Programming

In this article I describe my two-months summer internship project at Quarkslab: obfuscating Java bytecode using the [Epona] Code Obfuscator. This article explains our approach, its advantages and limitations.

Date Mon 26 August 2019
Authors Laurent Grémy, Guillaume Heilles, Nicolas Surbayrole
Category Blockchain

The Tari Labs mandated Quarkslab to perform a cryptographic and security assessment of the dalek libraries. One of the Tari Labs' projects is to implement the Tari protocol, a decentralised assets protocol. It relies on some of the dalek libraries, especially the cryptographic primitives, provided by subtle and curve25519-dalek. Moreover, the use of Bulletproofs [6], and its implementation by the authors of the dalek libraries, will allow them to enable efficient confidential transactions on the blockchain in a near future.

We only found some minor issues. We also provided recommendations on the usage of the libraries and third-party libraries.

Date Fri 02 August 2019
Authors Philippe Teuwen, Christian Heitman, Laurent Grémy
Category Blockchain

Quarkslab's team performed a cryptographic and security assessment of the Monero Research Lab’s new Proof-of-Work algorithm, called RandomX [1]. RandomX is a proof-of-work algorithm that is optimized for general-purpose CPUs. RandomX uses random code execution together with several memory-hard techniques to minimize the efficiency advantage of specialized hardware. We only found minor inconsistencies and formulated a few recommendations. These recommendations are mainly relevant when using alternative configurations but they are of less importance with the current configuration and usage of RandomX. The full report of the assessment can be found at the following address: [2]

Date Mon 15 July 2019
Author Francisco Falcon
Category Exploitation

On September 2018, FreeBSD published the security advisory FreeBSD-SA-18:12, fixing a kernel memory disclosure vulnerability affecting all the supported versions of this operating system.

Date Fri 05 July 2019
Authors Lucas Barthelemy, Maxime Peterlin
Category Blockchain

Quarkslab's team performed a cryptographic and security assessment of both the Bulletproof and MLSAG protocols in Particl. Bulletproof is a non-interactive zero-knowledge proof protocol, while MLSAG is a new ring signature protocol. Both are to be used in cryptocurrency transactions to ensure that they do not leak the amount exchanged or the exact identity of the buyers. Both implementations were found sound and conform to their respective reference papers [BBBPWM18] [SN15]. The full report of the assessment can be found at the following address: [2]

Date Tue 18 June 2019
Author Francesco Cagnin
Category Kernel Debugging

This is the second of two blog posts about macOS kernel debugging. In the previous post, we defined most of the terminology used in both articles, described how kernel debugging is implemented for the macOS kernel and discussed the limitations of the available tools; here, we present LLDBagility, our solution for an easier and more functional macOS debugging experience.