Publications

With the release of Android Nougat, Google introduced restriction about native libraries that can be loaded from an Android …

When analyzing executable, the first layer of information is the format in which the executable is wrapped. It turns out that a lot of …

When analyzing executable, the first layer of information is the format in which the executable is wrapped. It turns out that a lot of …

The first part of the talk is going to be an introduction to the Triton framework to expose its components and to explain how they work …

At this presentation we will talk about how a DBA (Dynamic Binary Analysis) may help a reverse engineer to reverse obfuscated code. We …

Binary obfuscation is used to protect software’s intellectual property. There exist different kinds of obfucation but roughly, it …

Posts

Internal structures of OAT format

Internal structures of VDEX format

On how we used LIEF to lift an Android x86_64 library to Linux to perform our usual white-box attacks on it.

This post explains how to use Frida gadget on a non-rooted device.

This post explains how to use LIEF to transform an ELF executable into a library

This blog post introduces new features of LIEF as well as some uses cases.

We are open-sourcing LIEF, a library to parse and manipulate ELF, PE and Mach-O binary formats. This blog post explains the purpose of …

Write up

Write up

This blog post introduce code coverage with Triton

Projects

*

Python binding for JADX decompiler

C++/Python library to handle Android Manifest

Android dumplog enables to filter logs based on package name and

LIEF is a Library to Instrument Executable Formats

Work Experience

 
 
 
 
 
September 2016 – Present
Paris

Security Researcher

QuarksLab

My research topics are mostly:

  • Code obfuscation
  • Reverse engineering
  • Android
  • Software protections (Packing…)

Android Trainer

The given training aims to provide keys to analyze Android applications as well as their interactions with the system.

This training covers the following topics:

  • Malware analysis
  • Android Runtime and file formats (DEX, ART, OAT, ODEX, VDEX, ELF)
  • IPC and Binder
  • Boot process
  • Securities (dm-verity, SELinux, …)
  • Protections (Obfuscation, packer, anti-debug, …)

Badge - Introduction to executable formats

This one day course is an introduction to executable formats in order to be more efficient when reverse engineering.

The course is focus on PE and ELF formats.

 
 
 
 
 
January 2016 – August 2016
Paris

Intern

QuarksLab

This internship was about development of LIEF: A library to parse and modify executable file formats. The project has been open-sourced few years later.

During this intern, I also developed an Android packer to protect native libraries.

Report (French)

 
 
 
 
 
April 2015 – July 2015
Paris

Intern

QuarksLab

During this internship, I worked on Epona: An obfuscator based on LLVM developed by Quarkslab

  • LLVM compiler infrastructure.
  • Development of a code coverage tool based on Triton
  • Studying of graph flattening obfuscation with Triton
 
 
 
 
 
July 2014 – August 2014
Paris

Intern

QuarksLab

This internship was about JTAG, and more precisely, how to discover JTAG ports on embedded system (Routers, 4G Internet key, …)

  • Development of a JTAG testing tool
  • Use of Bus Blaster and JTAGulator with the openOCD library.
 
 
 
 
 
August 2013 – November 2013
Paris

Intern

Atacama

I developed the company’s website by using Model–view–controller architecture.

  • PHP5
  • MySQL
  • JQuery

Accomplish­ments

Jan 2019

Approov.io

Reverse Engineering, Deobfuscation

Reverse engineering of signature algorithm
Oct 2018

Google Playstore protocol

Reverse Engineering

Full reverse engineering of the Playstore protocol including protobuf messages. It led to the development of a library to infer protobuf types.