Date Wed 27 March 2019
Author Romain Thomas
Category Android

This blog post is about techniques to disable Android runtime restrictions


NotPetya [0] is a variant of the Petya ransomware [1] that appeared in June 2017 in Ukraine. These malwares have the particularity to rewrite the MBR of computers that are still using an old fashioned BIOS-based booting system. This MBR encrypts the Master File Table (MFT) of the underlying NTFS partition systems.

Date Mon 11 February 2019
Author Nahuel Riva
Category Hardware

Second part of a blog post series about our approach to reverse engineer a Philips TriMedia based IP camera.

Date Tue 22 January 2019
Author Nahuel Riva
Category Hardware

First part of a blog post series about our approach to reverse engineer a Philips TriMedia based IP camera.

Date Mon 19 November 2018
Author Romain Thomas
Category Challenge

As few seats are still available for next session of the Android training [1], we setup a crackme challenge for which you have to find the correct phone number that leads to the following message:

Date Wed 07 November 2018
Author Marion Videau
Category Life at Quarkslab

Quarkslab's new internships season is open! Like every year, we are looking for adventurous, motivated and courageous students, impatient to test their skills against real-life research and engineering problems. The topics we propose cover various aspects of the security field, and they all have in common being highly technical, complex and challenging. Be prepared to work hard for your own enjoyment: the satisfaction when overcoming such difficulties is priceless. As an intern, you will work among the amazing Qb crew, whose humour is also priceless.

All internships will take place in our main office in Paris, France. If you are coming from abroad, you will need a proper visa to be with us. At Quarkslab, we encourage remote work, but that does not apply to internships.

Last but not least, we usually train Padawans so that they stay with us once their training period is done, even if that does not mean the training is over :)

Date Thu 25 October 2018
Author Gwaby
Category Reverse-Engineering

This blogpost briefly presents the Windows Notification Facility and provides a write-up for a nice exercise that was given by Bruce Dang during his workshop at Recon Montreal 2018.

Date Mon 22 October 2018
Authors Jean-Baptiste Bédrune, Cédric Tessier, Marion Videau
Category Blockchain

Quarkslab team performed a cryptographic & security assessment of the Bulletproof protocol, a new non-interactive zero-knowledge proof protocol, to be used by the Monero open-source cryptocurrency (XMR). We found several issues, some possibly critical, during the analysis.

Date Tue 16 October 2018
Author Adrien Guinet
Category Programming

CPUs used to perform better when memory accesses are aligned, that is when the pointer value is a multiple of the alignment value. This differentiation still exists in current CPUs, and still some have only instructions that perform aligned accesses. To take into account this issue, the C standard has alignment rules in place, and so the compilers exploit them to generate efficient code whenever possible. As we will see in this article, we need to be careful while casting pointers around to be sure not to break any of these rules. The goal of this article is to be educative by showcasing the problem and by giving some solutions to easily get over it.

Date Thu 11 October 2018
Authors Serge Guelton, Juan Manuel Martinez Caamaño
Category Programming

Two engineers from QuarksLab had talks accepted at CppCon this year: two tools presentation, Easy::jit, and Frozen; and a general introduction to the ELF format. It's hard to cope with the 9 hours of jet-lag, but it is definitively worth the effort, so here is our conf report!