Giovanni Rocca

Software engineer, Applications developer and security analyst.

@TheOverwolf

Latest stories

June 20, 2018

Giving yourself a window to debug a shared library before DT_INIT – With Frida, on Android

By GiovanniRocca
June 20, 2018
3 Min read
20June

Hello folks!!! Today I’m gonna share an interesting approach i’ve found to give my self a space to debug before initializations. Let’s spend 2 words about the problem and the goal: Certain compilers and obfuscators take advantages of the init and init_array, which is a pointer and an array of pointers, which point to functions, which are executed at some point during the loading...

March 1, 2018

Debug on a static context with uDdbg – Unicorn DOPE Debugger

By GiovanniRocca
March 1, 2018
6 Min read
01March

Hello guys!! Today i’m writing down a couple of notes about a project I did started 1 month ago together with @rEDSAMK, Unicorn DOPE Debugger (GitHub). First off, I’m gonna spend a couple of line about the purpose and the goal, mainly, why it has been created. As I said in the last 5 minutes of my keynote at Disobey, with this tool, my goal is to provide a runtime environment for the...

January 15, 2018

A journey to Finland, Reverse Engineering on Android – Supercell Pt 5

By GiovanniRocca
January 15, 2018
11 Min read
15January

Hello once again everyone and welcome to the 5th chapter of my blog post chain about reverse engineering and Supercell. Lot of news and cool stuffs happened since my last post and… I’m getting excited just by thinking the word to use to write this blog post. During the last week I got invited from Supercell, in Finland, to speak at Disobey about all of the things posted in the blog...

November 11, 2017

Sensitive data manipulation and tracing on Android – Privacy – SpotifApp

By GiovanniRocca
November 11, 2017
4 Min read
11November

Users’ privacy is a hot topic nowadays, with billions of applications available with an easy tap – The same tap we used to quickly give on those “I agree” checkboxes (which sometimes are totally missing – which is so bad), without actually reading a line of what we are about to “give an ok”, but it’s fine. We all know that almost 99% of the...

October 28, 2017

Reverse Engineering – Supercell – part 4

By GiovanniRocca
October 28, 2017
6 Min read
28October

Hello everybody and welcome to the part 4 of my blog post chain about Supercell games reverse engineering! (I start thinking that we should find something new for the intro… My vocabulary is a bit limited). Almost 20 days after my last post, I’m coming with some great news, personal ones and of course, about some new found we did. Let me start with a big thanks and welcome to @Fil...

October 13, 2017

Reverse Engineering – Supercell – October update, part 3

By GiovanniRocca
October 13, 2017
10 Min read
13October

Hello everybody and welcome to the third chapter of my Supercell reverse engineering posts chain. As said in the second post of the chain, everything has been so quite till the beginning of october, where a missive update has hit Clash Royale, Clash of Clans and Boom Beach. New content has been introduced for almost all of the games and also, I’m happy to see some real security actions that...

September 29, 2017

Reverse Engineering – Supercell – Clash Royale. Part 2

By GiovanniRocca
September 29, 2017
4 Min read
29September

Almost two month later, here we are with the act two of the Supercell reverse engineering post series, if you missed the first one about the new encryption, it can be found here. Nothing special came in terms of updates on any of the Supercell games after holydays, waiting for the scheduled big one that will hit Clash Royale in the upcoming days and that I’m sure will be fullfit of changes...

August 6, 2017

Clash of Clans – SuperCell new encryption reverse engineering

By GiovanniRocca
August 6, 2017
5 Min read
06August

In this paper I’m going to speak about what I’ve did to reverse engineer the new encryption, using Clash of Clans as base (The logic used to break CoC could be replicated as well on Boom Beach and HayDay that are already shipped with the new encryption). I’ll skip whatever that’s already known (the previous encryption), as it can be read and understood here:  (SuperCell...

February 17, 2017

Reverse Engineering: LiveScore.com api encryption

By GiovanniRocca
February 17, 2017
2 Min read
17February

Hello everyone! Everything stated and reported on this post is for study and demonstration purpose. There is no violation or usage of copyrighted code nor abuse of service. The code snippet that can be found on the post are reversed and made opensource under GPL license. Platform: LiveScore.com Api communication: JSON Security measure: body encrypted Request from the original client: URL Status...

January 28, 2017

PokéMesh – Inizio e fine di un’avventura

By GiovanniRocca
January 28, 2017
6 Min read
28January

In questo primo articolo del mio sito/curriculum voglio raccontare la mia bellissima esperienza ed avventura con PokéMesh andando a toccare punti ed idee personali e punti tecnici che potrebbero richiedere un livello base di logica di programmazione ed informatica. Partiamo dal principio, come nasce PokéMesh. PokéMesh nasce poche settimane dopo la pubblicazione della popolare app Pokémon GO...

Giovanni Rocca