R. Thomas Profile

Romain Thomas

Security Engineer

Reverse Engineering

Tooling

Code Obfuscation

Training

I'm a security engineer interested in reverse-engineering, code obfuscation, software protections, and tools development.

I develop and maintain LIEF, a library to parse and manipulate executable formats and I'm also working on Open-Obfuscator, a free and open-source obfuscator for mobile applications.

I enjoy going back and forth between reverse-engineering and tooling. I started at Quarkslab back in 2016 where I had the chance to work on various topics from JTAG ports detection to the support of AArch64 in QBDI. I also participated in the bootstrapping of an Android training covering both: system internals and app analysis. I left the company in 2021 to work on the security of banking applications. This new topic involves code obfuscation and software protection analysis from the perspective of EMVCo certifications.

Interests

  • Reverse engineering
  • Cryptography
  • Executable file formats
  • Mobile applications & internals
  • Obfuscation
  • Privacy
  • Protocols Analysis

Blog Posts

 Feed

April 28, 2025
featured.webp

Fuzzing Windows ARM64 closed-source binary

This blog post introduces coverage-guided fuzzing with QBDI and libFuzzer targeting Windows ARM64.

Fuzzing
September 29, 2024
featured.webp

Instrumenting an Apple Vision Pro Library with QBDI

This blog post demonstrates how to extract liblockdown.dylib from the visionOS dyld shared cache to be instrumented with QBDI on an Apple M1.

Apple LIEF Code-Lifting
January 4, 2023
featured.webp

iCDump: A Modern Objective-C Class Dump

This blog post introduces iCDump, an new Objective-C class dump based on LLVM

IOS Reverse Engineering

Projects

Web design illustration

iCDump

iCDump is a cross-platform Objective-C class dump

Web design illustration

Open-Obfuscator

A free and open-source obfuscator for mobile applications

Web design illustration

QBDL

QuarkslaB Dynamic Loader: Generic loader for ELF, PE and Mach-O

Web design illustration

Tencent Legu Unpacker

Scripts to unpack Android applications protected by Tencent Legu

Web design illustration

Android Runtime Restrictions Bypass (PoC)

Android application that disables Android restrictions without root privileges

Web design illustration

LIEF

LIEF is a Library to Instrument Executable Formats

Publications

Conferences & White Papers

The Poor Man's Obfuscator

The Poor Man's Obfuscator

The purpose of this publication is to present ELF and Mach-O transformations which impact or hinder disassemblers like IDA, BinaryNinja, Ghidra, and Radare2.

Pass The Salt
Romain Thomas
July 4, 2022
DroidGuard: A Deep Dive into SafetyNet

DroidGuard: A Deep Dive into SafetyNet

SafetyNet is the Android component developed by Google to verify the devices’ integrity. These checks are used by the developers to prevent running applications on devices that would not meet security requirements but it is also used by Google …

SSTIC & BlackHat Asia
Romain Thomas
May 12, 2022
PGSharp: Analysis of a Cheat Engine on Android

PGSharp: Analysis of a Cheat Engine on Android

PGSharp is a cheating app for PokemonGO that works on non-rooted devices. This talk introduces its functionalities and the protections used to prevent reverse-engineering.

Ekoparty
Romain Thomas
November 5, 2021

Trainings & Workshops

  • featured.webp

    Introduction to Reverse Engineering

    Workshop

    This workshop aims to provide the key concepts in reverse engineering to address the main challenges …

Misc

  • DroidGuard

    DroidGuard

    DroidGuard / Safetynet bypass

  • QString

    QString

    QString object layout from Qt 5.11.2

  • QList

    QList

    QList object layout from Qt 5.11.2

EF86C95E

15E3 4637 48FE 6F81 D8EE
B0CE 1CD1 ECED EF86 C95E