A Glimpse Into Tencent's Legu Packer

Analysis of Tencent Legu: a packer for Android applications.

more ...

Analysis of Qualcomm Secure Boot Chains

Qualcomm is the market-dominant hardware vendor for non-Apple smartphones. Considering the [SoCs] they produce are predominant, it has become increasingly interesting to reverse-engineer and take over their boot chain in order to get a hold onto the highest-privileged components while they are executing. Ultimately, the objective is to be able to experiment with closed-source and/or undocumented components such as hardware registers or Trusted Execution Environment Software.

more ...

An Experimental Study of Different Binary Exporters

This blog post presents a comparison between various disassembled binary exporters.

more ...

Reverse-engineering Broadcom wireless chipsets

Broadcom is one of the major vendors of wireless devices worldwide. Since these chips are so widespread they constitute a high value target to attackers and any vulnerability found in them should be considered to pose high risk. In this blog post I provide an account of my internship at Quarkslab which included obtaining, reversing and fuzzing the firmware, and finding a few new vulnerabilities.

more ...

Android Runtime Restrictions Bypass

This blog post is about techniques to disable Android runtime restrictions

more ...

Defeating NotPetya from your iLO

NotPetya is a variant of the Petya ransomware that appeared in June 2017 in Ukraine. These malwares have the particularity to rewrite the MBR of computers that are still using an old fashioned BIOS-based booting system. This MBR encrypts the Master File Table (MFT) of the underlying NTFS partition systems.

more ...

Reverse Engineering a Philips TriMedia CPU based IP camera - Part 2

Second part of a blog post series about our approach to reverse engineer a Philips TriMedia based IP camera.

more ...

Reverse Engineering a Philips TriMedia CPU based IP camera - Part 1

First part of a blog post series about our approach to reverse engineer a Philips TriMedia based IP camera.

more ...

Playing with the Windows Notification Facility (WNF)

This blogpost briefly presents the Windows Notification Facility and provides a write-up for a nice exercise that was given by Bruce Dang during his workshop at Recon Montreal 2018.

more ...

Modern Jailbreaks' Post-Exploitation

In this blog post we compare the post-exploitation process of two jailbreaks for iOS 11.1.2 : LiberiOS and Electra. We start by giving a quick refresher about jailbreaks, and then proceed with the description of their implementation.

more ...