Publications
The Poor Man's Obfuscator
The purpose of this publication is to present ELF and Mach-O transformations which impact or hinder disassemblers like IDA, BinaryNinja, Ghidra, and Radare2.
DroidGuard: A Deep Dive into SafetyNet
SafetyNet is the Android component developed by Google to verify the devices’ integrity. These checks are used by the developers to prevent running applications on devices that would not meet security requirements but it is also used by Google …
PGSharp: Analysis of a Cheat Engine on Android
PGSharp is a cheating app for PokemonGO that works on non-rooted devices. This talk introduces its functionalities and the protections used to prevent reverse-engineering.
QBDL: QuarkslaB Dynamic Loader
The QuarkslaB Dynamic Loader (QBDL) library aims at providing a modular and portable way to dynamically load and link binaries
Dynamic Binary Instrumentation Techniques to Address Native Code Obfuscation
Android applications are becoming more and more obfuscated to prevent reverse engineering. While obfuscation can be applied on both, the Dalvik bytecode and the native code, the former is more challenging to analyze due to the structure of the …
Android Runtime Restrictions Bypass
This paper explains how to disable runtime restrictions without root privileges
Static Instrumentation Based on Executable Formats
Talk given at Recon Montréal and PassTheSalt18 about static instrumentation and its use cases.