Publications

The Poor Man's Obfuscator

The Poor Man's Obfuscator

The purpose of this publication is to present ELF and Mach-O transformations which impact or hinder disassemblers like IDA, BinaryNinja, Ghidra, and Radare2.

Pass The Salt
Romain Thomas
July 4, 2022
DroidGuard: A Deep Dive into SafetyNet

DroidGuard: A Deep Dive into SafetyNet

SafetyNet is the Android component developed by Google to verify the devices’ integrity. These checks are used by the developers to prevent running applications on devices that would not meet security requirements but it is also used by Google …

SSTIC & BlackHat Asia
Romain Thomas
May 12, 2022
PGSharp: Analysis of a Cheat Engine on Android

PGSharp: Analysis of a Cheat Engine on Android

PGSharp is a cheating app for PokemonGO that works on non-rooted devices. This talk introduces its functionalities and the protections used to prevent reverse-engineering.

Ekoparty
Romain Thomas
November 5, 2021
QBDL: QuarkslaB Dynamic Loader

QBDL: QuarkslaB Dynamic Loader

The QuarkslaB Dynamic Loader (QBDL) library aims at providing a modular and portable way to dynamically load and link binaries

SSTIC
Adrien Guinet , Romain Thomas
June 3, 2021
Dynamic Binary Instrumentation Techniques to Address Native Code Obfuscation

Dynamic Binary Instrumentation Techniques to Address Native Code Obfuscation

Android applications are becoming more and more obfuscated to prevent reverse engineering. While obfuscation can be applied on both, the Dalvik bytecode and the native code, the former is more challenging to analyze due to the structure of the …

BlackHat Asia
Romain Thomas
October 1, 2020
Android Runtime Restrictions Bypass

Android Runtime Restrictions Bypass

This paper explains how to disable runtime restrictions without root privileges

Romain Thomas
March 23, 2019
Static Instrumentation Based on Executable Formats

Static Instrumentation Based on Executable Formats

Talk given at Recon Montréal and PassTheSalt18 about static instrumentation and its use cases.

Recon Montréal & PST
Romain Thomas
June 20, 2018