Analysis of Tencent Legu: a packer for Android applications.

Qualcomm is the market-dominant hardware vendor for non-Apple smartphones. Considering the [SoCs] they produce are predominant, it has become increasingly interesting to reverse-engineer and take over their boot chain in order to get a hold onto the highest-privileged components while they are executing. Ultimately, the objective is to be able to experiment with closed-source and/or undocumented components such as hardware registers or Trusted Execution Environment Software.

This blog post presents a comparison between various disassembled binary exporters.

Broadcom is one of the major vendors of wireless devices worldwide. Since these chips are so widespread they constitute a high value target to attackers and any vulnerability found in them should be considered to pose high risk. In this blog post I provide an account of my internship at Quarkslab which included obtaining, reversing and fuzzing the firmware, and finding a few new vulnerabilities.

This blog post is about techniques to disable Android runtime restrictions

NotPetya is a variant of the Petya ransomware that appeared in June 2017 in Ukraine. These malwares have the particularity to rewrite the MBR of computers that are still using an old fashioned BIOS-based booting system. This MBR encrypts the Master File Table (MFT) of the underlying NTFS partition systems.

Second part of a blog post series about our approach to reverse engineer a Philips TriMedia based IP camera.

First part of a blog post series about our approach to reverse engineer a Philips TriMedia based IP camera.

This blogpost briefly presents the Windows Notification Facility and provides a write-up for a nice exercise that was given by Bruce Dang during his workshop at Recon Montreal 2018.

In this blog post we compare the post-exploitation process of two jailbreaks for iOS 11.1.2 : LiberiOS and Electra. We start by giving a quick refresher about jailbreaks, and then proceed with the description of their implementation.