Blog Post on Romain Thomas

Blog Post on Romain Thomashttps://www.romainthomas.fr/post/Recent content in Blog Post on Romain ThomasHugoen-usme@romainthomas.fr (Romain Thomas)me@romainthomas.fr (Romain Thomas)Sun, 04 Jan 2026 00:00:00 +0000A Glimpse Into DexProtectorhttps://www.romainthomas.fr/post/26-01-dexprotector/Sun, 04 Jan 2026 00:00:00 +0000me@romainthomas.fr (Romain Thomas)https://www.romainthomas.fr/post/26-01-dexprotector/This blog post provides a high-level overview of DexProtector’s security features and their limitationsFuzzing Windows ARM64 closed-source binaryhttps://www.romainthomas.fr/post/25-04-windows-arm64-qbdi-fuzzing/Mon, 28 Apr 2025 00:00:00 +0000me@romainthomas.fr (Romain Thomas)https://www.romainthomas.fr/post/25-04-windows-arm64-qbdi-fuzzing/This blog post introduces coverage-guided fuzzing with QBDI and libFuzzer targeting Windows ARM64.Instrumenting an Apple Vision Pro Library with QBDIhttps://www.romainthomas.fr/post/24-09-apple-lockdown-dbi-lifting/Sun, 29 Sep 2024 00:00:00 +0000me@romainthomas.fr (Romain Thomas)https://www.romainthomas.fr/post/24-09-apple-lockdown-dbi-lifting/This blog post demonstrates how to extract liblockdown.dylib from the visionOS dyld shared cache to be instrumented with QBDI on an Apple M1.iCDump: A Modern Objective-C Class Dumphttps://www.romainthomas.fr/post/23-01-icdump/Wed, 04 Jan 2023 00:00:00 +0000me@romainthomas.fr (Romain Thomas)https://www.romainthomas.fr/post/23-01-icdump/This blog post introduces iCDump, an new Objective-C class dump based on LLVMOpen-Obfuscator: A free and open-source obfuscator for mobile applicationshttps://www.romainthomas.fr/post/22-10-open-obfuscator/Mon, 31 Oct 2022 00:00:00 +0000me@romainthomas.fr (Romain Thomas)https://www.romainthomas.fr/post/22-10-open-obfuscator/This blog post introduces open-obfuscator, a new open-source project to obfuscate mobile applications.Part 2 – iOS Native Code Obfuscation and Syscall Hookinghttps://www.romainthomas.fr/post/22-09-ios-obfuscation-syscall-hooking/Tue, 13 Sep 2022 00:00:00 +0000me@romainthomas.fr (Romain Thomas)https://www.romainthomas.fr/post/22-09-ios-obfuscation-syscall-hooking/This second blog post deals with native code obfuscation and RASP syscall interceptionPart 1 – SingPass RASP Analysishttps://www.romainthomas.fr/post/22-08-singpass-rasp-analysis/Mon, 29 Aug 2022 00:00:00 +0000me@romainthomas.fr (Romain Thomas)https://www.romainthomas.fr/post/22-08-singpass-rasp-analysis/This first blog post introduces the RASP checks used in SingPassA Journey in iOS App Obfuscationhttps://www.romainthomas.fr/post/22-08-ios-obfuscation/Mon, 22 Aug 2022 00:00:00 +0000me@romainthomas.fr (Romain Thomas)https://www.romainthomas.fr/post/22-08-ios-obfuscation/This series of blog posts details how obfuscators can protect iOS applications from reverse engineeringPGSharp: Analysis of a Cheating App for PokemonGOhttps://www.romainthomas.fr/post/21-11-pgsharp-analysis/Sun, 07 Nov 2021 00:00:00 +0000me@romainthomas.fr (Romain Thomas)https://www.romainthomas.fr/post/21-11-pgsharp-analysis/This blog post is about the internal mechanisms of PGSharp, a cheat engine for PokemonGO.Gotta Catch 'Em All: Frida & jailbreak detectionhttps://www.romainthomas.fr/post/21-07-pokemongo-anti-frida-jailbreak-bypass/Sun, 18 Jul 2021 00:00:00 +0000me@romainthomas.fr (Romain Thomas)https://www.romainthomas.fr/post/21-07-pokemongo-anti-frida-jailbreak-bypass/This blog post analyzes the Frida and Jailbreak detection in PokemonGO for iOS.r2-pay: whitebox (part 2)https://www.romainthomas.fr/post/20-09-r2con-obfuscated-whitebox-part2/Sun, 27 Sep 2020 00:00:00 +0000me@romainthomas.fr (Romain Thomas)https://www.romainthomas.fr/post/20-09-r2con-obfuscated-whitebox-part2/This second blog post explains how to recover the whitebox’s key from the obfuscated library libnative-lib.sor2-pay: anti-debug, anti-root & anti-frida (part 1)https://www.romainthomas.fr/post/20-09-r2con-obfuscated-whitebox-part1/Sun, 20 Sep 2020 00:00:00 +0000me@romainthomas.fr (Romain Thomas)https://www.romainthomas.fr/post/20-09-r2con-obfuscated-whitebox-part1/This first blog post describes the protections in the challenge r2-pay.A Glimpse Into Tencent's Legu Packerhttps://www.romainthomas.fr/post/a-glimpse-into-tencents-legu-packer/Tue, 26 Nov 2019 00:00:00 +0000me@romainthomas.fr (Romain Thomas)https://www.romainthomas.fr/post/a-glimpse-into-tencents-legu-packer/Analysis of Tencent Legu: a packer for Android applications.Android Native Library Analysis with QBDIhttps://www.romainthomas.fr/post/android-native-library-analysis-with-qbdi/Mon, 03 Jun 2019 00:00:00 +0000me@romainthomas.fr (Romain Thomas)https://www.romainthomas.fr/post/android-native-library-analysis-with-qbdi/This blog post deals with QBDI and how it can be used to reverse an Android JNI libraryAndroid crackme challengehttps://www.romainthomas.fr/post/android-crackme/Tue, 20 Nov 2018 00:00:00 +0000me@romainthomas.fr (Romain Thomas)https://www.romainthomas.fr/post/android-crackme/Android crackme that uses system’s internalsAndroid OAT formatshttps://www.romainthomas.fr/post/android-oat/Mon, 25 Jun 2018 00:00:00 +0000me@romainthomas.fr (Romain Thomas)https://www.romainthomas.fr/post/android-oat/Internal structures of OAT formatAndroid VDEX formatshttps://www.romainthomas.fr/post/android-vdex/Mon, 25 Jun 2018 00:00:00 +0000me@romainthomas.fr (Romain Thomas)https://www.romainthomas.fr/post/android-vdex/Internal structures of VDEX formatWhen SideChannelMarvels meets LIEFhttps://www.romainthomas.fr/post/18-05-when-sidechannelmarvels-meets-lief/Thu, 03 May 2018 00:00:00 +0000me@romainthomas.fr (Romain Thomas)https://www.romainthomas.fr/post/18-05-when-sidechannelmarvels-meets-lief/On how we used LIEF to lift an Android x86_64 library to Linux to perform our usual white-box attacks on it.How to use frida on a non-rooted devicehttps://www.romainthomas.fr/post/how-to-use-frida-on-a-non-rooted-device/Sat, 03 Mar 2018 00:00:00 +0000me@romainthomas.fr (Romain Thomas)https://www.romainthomas.fr/post/how-to-use-frida-on-a-non-rooted-device/This post explains how to use Frida gadget on a non-rooted device.Have fun with LIEF and Executable Formatshttps://www.romainthomas.fr/post/17-11-have-fun-with-lief-and-executable-formats/Thu, 02 Nov 2017 00:00:00 +0000me@romainthomas.fr (Romain Thomas)https://www.romainthomas.fr/post/17-11-have-fun-with-lief-and-executable-formats/This blog post introduces new features of LIEF as well as some uses cases.Open-sourcing LIEFhttps://www.romainthomas.fr/post/lief-release/Tue, 04 Apr 2017 00:00:00 +0000me@romainthomas.fr (Romain Thomas)https://www.romainthomas.fr/post/lief-release/We are open-sourcing LIEF, a library to parse and manipulate ELF, PE and Mach-O binary formats. This blog post explains the purpose of this project and some parts of its architecture.HITB 2015 Write-up - Crypto 300https://www.romainthomas.fr/post/15-11-hitb2015-crypto300/Tue, 03 Nov 2015 00:00:00 +0000me@romainthomas.fr (Romain Thomas)https://www.romainthomas.fr/post/15-11-hitb2015-crypto300/Write-up for the Crypto 300 challengeHITB 2015 Write-up - Crypto 400https://www.romainthomas.fr/post/15-11-hitb2015-crypto400/Tue, 03 Nov 2015 00:00:00 +0000me@romainthomas.fr (Romain Thomas)https://www.romainthomas.fr/post/15-11-hitb2015-crypto400/Write upCode coverage using a dynamic symbolic executionhttps://www.romainthomas.fr/post/15-10-triton-code-coverage/Mon, 12 Oct 2015 00:00:00 +0000me@romainthomas.fr (Romain Thomas)https://www.romainthomas.fr/post/15-10-triton-code-coverage/This blog post introduces code coverage with Triton