Join the Telegram channel Introduction Reverse engineering of Android applications is usually considered as somewhat effortless because of the possibility of retrieving the Java representation of the application’s code. An attacker is basically able to read through a human-readable version of the code in order to quickly extract the intellectual […]
reverse engineering
14 posts
Join the Telegram channel Part 1: Detailed overview of Samsung’s TrustZone components Part 2: Tools development for reverse-engineering and vulnerability research Part 3: Vulnerability exploitation to reach code execution in EL3 on a Samsung device Introduction This article details different vulnerabilities affecting Secure World components in Samsung’s TrustZone and how […]
Join the Telegram channel As you may have read in our previous blog post, the release of Triton v0.8 came with a lot of features and improvements. Support for the ARMv7 architecture is amongst the main contributions of this new version. This blog post provides some extra details about how […]
Want to stay up to date? Join the Telegram channel here Introduction Fuchsia is a new operating system developed by Google, targeting the AArch64 and x86_64 architectures. While little is known about the purpose of this OS and where it will be used, it seems plausible that it aims at […]
Introduction Ansible [1] is an open-source software that automates configuration management and software deployment. If you’re not familiar with Ansible, we encourage you to read this introduction first [15]. Ansible works by connecting to the infrastructure machines (which can be a Windows or Linux OS) and uploading small pieces of […]
Context Quarkslab is one of the 10 ITSEF (Information Technology Security Evaluation Facility, CESTI in French) licensed by the ANSSI’s Centre de Certification National (CCN, French for National Certification Body) for performing CSPN (Certification de Sécurité de Premier Niveau, French for First Level Security Certification) evaluations in the software domain. […]
Introduction Embedded devices are a huge and wide world of options for CPU architectures, operating systems and file systems. You can find the combination you can think of. In this case, I’ll present a study about the TP-Link TL-WR543G. This old router I had at home came equipped with a […]
We are pleased to announce that we released Triton v0.8 under the terms of the Apache License 2.0 (same license as before). This new version provides bug fixes, features and improvements: the detailed list can be found on this Github page (there are about 297 changed files with 43,115 additions […]
Introduction In March 2020, Google patched a critical vulnerability affecting many MediaTek based devices [1]. This vulnerability had been known by MediaTek since April 2019 (10 months before being fixed), and allows a local attacker without privileges to read and write system memory, leading to privilege escalation. There is even […]
Introduction Welcome to the final chapter of the Trimedia series. In the first part of the series, I introduced this research project, showing the different steps I took in order to analyze the firmware and the hardware of the camera. Then, in the second part, I presented the Philips TriMedia […]
Introduction After detailing Samsung’s TrustZone implementation in the first part of this series, this blog post introduces the tools that we have developed to reverse engineer the system and find vulnerabilities more easily. Part 1: Detailed overview of Samsung’s TrustZone components Part 2: Tools development for reverse engineering and vulnerability […]
Motivations After a general introduction on the ARM TrustZone and a focus on Qualcomm’s implementation, this new series of articles will discuss and detail the implementation developed by Samsung and Trustonic. These blog posts are a follow up to the conference Breaking Samsung’s ARM TrustZone that was given at BlackHat […]
Introduction This blog post deals with the Legu packer, an Android protector developed by Tencent that is currently one of the state-of-the-art solutions to protect APK DEX files. The packer is updated frequently and this blog post focuses on versions 4.1.0.15 and 4.1.0.18. Overview An application protected with Legu is […]
Introduction Irma is our file security analysis software, originally developed as an open source project with the sponsorship of 5 major European organizations, it is now also one of Quarkslab’s commercial software products. Since our last post from February 2016, Irma evolved significantly. This post summarizes the major changes, the […]