R. Thomas Profile

Romain Thomas

Security Engineer

Reverse Engineering

Tooling

Code Obfuscation

Training

I am a security engineer with a strong interest in reverse-engineering, software protection and obfuscation.

I am the author and maintainer of LIEF, a library used to parse and manipulate executable formats. In 2022, I initiated Open-Obfuscator a free and open-source obfuscator for mobile applications.

I enjoy navigating between development and reverse engineering. With that in mind, I have contributed to various open-source projects like QBDI, QBDL or open-obfuscator and reverse engineered Safetynet, iXGuard, Arxan, DexProtector, and cheats.
My journey started at Quarkslab in 2016 with a focus on Android, but since then, I have had the chance to dig into other platforms (iOS/macOS, Windows) through the lens of reverse engineering or obfuscation.

Interests

  • Reverse engineering
  • Cryptography
  • Executable file formats
  • Mobile applications & internals
  • Obfuscation
  • Privacy
  • Protocols Analysis

Blog Posts

 Feed

January 4, 2026
featured.webp

A Glimpse Into DexProtector

This blog post provides a high-level overview of DexProtector’s security features and their limitations

Android Reverse Engineering Obfuscation
April 28, 2025
featured.webp

Fuzzing Windows ARM64 closed-source binary

This blog post introduces coverage-guided fuzzing with QBDI and libFuzzer targeting Windows ARM64.

Fuzzing
September 29, 2024
featured.webp

Instrumenting an Apple Vision Pro Library with QBDI

This blog post demonstrates how to extract liblockdown.dylib from the visionOS dyld shared cache to be instrumented with QBDI on an Apple M1.

Apple Lief Code-Lifting

Projects

Web design illustration

iCDump

iCDump is a cross-platform Objective-C class dump

Web design illustration

Open-Obfuscator

A free and open-source obfuscator for mobile applications

Web design illustration

QBDL

QuarkslaB Dynamic Loader: Generic loader for ELF, PE and Mach-O

Web design illustration

Tencent Legu Unpacker

Scripts to unpack Android applications protected by Tencent Legu

Web design illustration

Android Runtime Restrictions Bypass (PoC)

Android application that disables Android restrictions without root privileges

Web design illustration

LIEF

LIEF is a Library to Instrument Executable Formats

Publications

Conferences & White Papers

The Poor Man's Obfuscator

The Poor Man's Obfuscator

The purpose of this publication is to present ELF and Mach-O transformations which impact or hinder disassemblers like IDA, BinaryNinja, Ghidra, and Radare2.

Pass The Salt
Romain Thomas
July 4, 2022
DroidGuard: A Deep Dive into SafetyNet

DroidGuard: A Deep Dive into SafetyNet

SafetyNet is the Android component developed by Google to verify the devices’ integrity. These checks are used by the developers to prevent running applications on devices that would not meet security requirements but it is also used by Google …

SSTIC & BlackHat Asia
Romain Thomas
May 12, 2022
PGSharp: Analysis of a Cheat Engine on Android

PGSharp: Analysis of a Cheat Engine on Android

PGSharp is a cheating app for PokemonGO that works on non-rooted devices. This talk introduces its functionalities and the protections used to prevent reverse-engineering.

Ekoparty
Romain Thomas
November 5, 2021

Trainings & Workshops

  • featured.webp

    Introduction to Reverse Engineering

    Workshop

    This workshop aims to provide the key concepts in reverse engineering to address the main challenges …

Misc

  • DroidGuard

    DroidGuard

    DroidGuard / Safetynet bypass

  • QString

    QString

    QString object layout from Qt 5.11.2

  • QList

    QList

    QList object layout from Qt 5.11.2

EF86C95E

15E3 4637 48FE 6F81 D8EE
B0CE 1CD1 ECED EF86 C95E