Tag: 2019

In this second blog post of our series on Samsung's TrustZone, we present the various tools that we have developed during our research to help us reverse engineer and exploit Trusted Applications as well as Secure Drivers.

In this first article of a series of three, we will give a tour of the different components of Samsung's TrustZone, explain how they work and how they interact with each other.

Analysis of Tencent Legu: a packer for Android applications.

A retrospective on the 3 past years of development and an introduction to the future of Irma, our File Analysis Solution.

This blog post presents a vulnerability which affects the widely installed Android web browser.

We will demonstrate how we can recover the password and memory content of RFID tags by carefully cutting the power source during EEPROM writes.

Qualcomm is the market-dominant hardware vendor for non-Apple smartphones. Considering the [SoCs] they produce are predominant, it has become increasingly interesting to reverse-engineer and take over their boot chain in order to get a hold onto the highest-privileged components while they are executing. Ultimately, the objective is to be able to experiment with closed-source and/or undocumented components such as hardware registers or Trusted Execution Environment Software.

It's time to open Quarkslab internships season! This year, we offer 5 new internships, most of which are linked to binary analysis related research topics but have a look, there is more! Quarkslab team is always pleased to welcome new talents who want to work on complex security research subjects. If you love binaries, want to face new challenges and work in a dynamic environment where curiosity and teamwork are at the heart of our way to do R&D, please apply!

All internships will take place in our main office in Paris, France (and one in Rennes also). If you are coming from abroad, you will need a proper visa to be with us. At Quarkslab, we encourage remote work, but that does not apply to internships.

Last but not least, we usually train Padawans so that they stay with us once their training period is done, even if that does not mean the training is over :)

Off-line dynamic trace analysis offers a number of advantages, which are illustrated in this blog post through several examples using internal tools we specially developed to automate trace collection and analysis.

This blog post presents a comparison between various disassembled binary exporters.