Software engineer, Applications developer and security analyst

Daddy of Dwarf debugger
Founder of – secRet – reverse engineering squad
Proudly part of @TheOverwolf gang
OSS

Latest stories

Inside Secure – Metaforic – Reverse engineering and cracking

Hello everyone! today I’m going to speak about how i’ve managed to break metaforic compiler from inside secure. It was once again an huge and awesome challenge. Like Arxan, metaforic is used nowadays to protect banking, gambling and government applications. I’m in contact with the company protected with the compiler, but I’ve not received anything back from inside secure...

I want to be an ARM reverse engineer

Aka, how I can name my self a semi-good reverse engineer from a 5 years experienced Android developer to an (android_system_knowledge++, cracking++, static_analysis++, brain++, travels_around_the_world++, awesome_people_meet++, ecc++). Hello!!! I’m writing this blog article to help all the guys in secRet community to start their journey into reverse engineering and cracking, eventually...

Cracking the uncrackables – Reverse engineering – Supercell – part 7

From 0 knowledge to 0.1 knowledge and a lucky win on the new protections shipped on Brawl Stars. Hello folks!!!! Welcome to the, damn…, 7th chapter of this awesome journey. The subtitle already gives a hint about the topic, whose in the Supercell reversing / gaming scene may know that: In the late 2018 Supercell released the new game Brawl Stars, protected with a new unknown compiler from...

Debugging Android and iOS like a real G’s with Dwarf GUI

Hello folks and welcome to a small introduction of my new debugger, dwarf. Background and development purpose After about 2 years of researches on mobile cracking and various challenges won, I’ve packed together my experiences with some of the linux eco-system knowledge I collected together with my 8 years of android and backend development. The result is a framework, which I like to call a...

Reverse engineering – Supercell – part 6

Hello there!!!!! long time passed since the part 5.. lot of days.. months… but now, I’m back here writing what, until now, is the best part of all the journey – one of the, probably the most, hardest reverse engineering i did – even more fun then reverse engineering the full Arena Of Valor protocol and encryption. In the past write-ups about the Supercell cat mouse, the...

How i turn frick into a real frida based debugger

I’m finally proud to write this blog post after some weeks of study and test about how i’ve created my first debugger, built on top of Frida. As usual, let’s spend a couple of word to let the folks understand what was the goal. People following me through twitter or github already know that I recently came out with a new tool called frick, which is a Frida cli that sleep the...

Giving yourself a window to debug a shared library before DT_INIT – With Frida, on Android

Hello folks!!! Today I’m gonna share an interesting approach i’ve found to give my self a space to debug before initializations. Let’s spend 2 words about the problem and the goal: Certain compilers and obfuscators take advantages of the init and init_array, which is a pointer and an array of pointers, which point to functions, which are executed at some point during the loading...

Debug on a static context with uDdbg – Unicorn DOPE Debugger

Hello guys!! Today i’m writing down a couple of notes about a project I did started 1 month ago together with @rEDSAMK, Unicorn DOPE Debugger (GitHub). First off, I’m gonna spend a couple of line about the purpose and the goal, mainly, why it has been created. As I said in the last 5 minutes of my keynote at Disobey, with this tool, my goal is to provide a runtime environment for the...

A journey to Finland, Reverse Engineering on Android – Supercell Pt 5

Hello once again everyone and welcome to the 5th chapter of my blog post chain about reverse engineering and Supercell. Lot of news and cool stuffs happened since my last post and… I’m getting excited just by thinking the word to use to write this blog post. During the last week I got invited from Supercell, in Finland, to speak at Disobey¬†about all of the things posted in the blog...

Sensitive data manipulation and tracing on Android – Privacy – SpotifApp

Users’ privacy is a hot topic nowadays, with billions of applications available with an easy tap – The same tap we used to quickly give on those “I agree” checkboxes (which sometimes are totally missing – which is so bad), without actually reading a line of what we are about to “give an ok”, but it’s fine. We all know that almost 99% of the...