Security Researcher at QuarksLab
from September 2015
My works are focus on:
- Code obfuscation
- Reverse engineering
- Software protections (Packing...)
Internship at QuarksLab
from July 2014 to August 2014
During my internship, I studied the JTAG and how to discover its ports. I used various devices like router, 4G Internet key.
- I developed a JTAG testing tool – Available my GitHub page.
- I used the Bus Blaster and the JTAGulator with the openOCD library.
Internship at ATACAMA Compagny
August 2013 to November 2013
I developed the company's website by using Model–view–controller architecture .
Engineering student in fourth year
École Polytechnique de Montréal
Bachelor’s degree, Computer Science
Lycée Maurice Ravel
Scientific Baccalauréat in Lycée Maurice Ravel mention Bien equivalent to an A level.
LIEF - Library to Instrument Executable Formats
The purpose of this project is to provide a cross platform library which can parse, modify and abstract ELF, PE and MachO formats.
- Parsing: LIEF can parse ELF, PE, MachO and provides an user-friendly API to access to format internals.
- Modify: LIEF enables to modify some parts of these formats
- Abstract: Three formats have common features like sections, symbols, entry point... LIEF factors them.
- API: LIEF can be used in C, C++ and Python
Quantum Mechanics project : The quantum eraser
During the three months project, we studied the studied the quantum eraser experiment which include :
- Quantum spin
- Ramsey interferometry
- Entangled states
Implementation of the One-Wire protocol in a FPGA
We implemented the One-Wire protocol designed by Dallas Semiconductor to communicate between thermometers.
Optimization of Dijkstra’s algorithm
We programmed the Dijkstra’s algorithm in C then we optimized it by using :
- A* search algorithm
- Binary heap
LIEF: Library to Instrument Executable Formats
When analyzing executable, the first layer of information is the format
in which the executable is wrapped. It turns out that a lot of tools and
libraries exist to analyze and instrument machine code wrapped by the
format, but there is not such library to handle the three mainstream
executable formats and to both read and modify these formats.
LIEF has been developed to that end.
In the talk we will explain the rationale behind LIEF architecture choices, what LIEF allows to do and have a look at use cases.
LIEF is a cross platform library and it can be used through a Python, C++ and C API. The library enables to parse standard structures as well as more complex ones like PE Signature (Authenticode) and ELF hash table. As use cases we can inject code into a binary or a library, we can also redirect the control flow to hook functions and it can be used to obfuscate some parts of a binary. Another feature of LIEF is that common characteristics of these formats are factorized so that we can develop a single script which works for the three formats.
How Triton can help to reverse virtual machine based software protections
With Jonathan Salwan
The first part of the talk is going to be an introduction to the Triton framework to expose its components and to explain how they work together. Then, the second part will include demonstrations on how it's possible to reverse virtual machine based protections using taint analysis, symbolic execution, SMT simplifications and LLVM-IR optimizations.[SLIDES]
Dynamic Binary Analysis and Obfuscated Codes
With Jonathan Salwan
At this presentation we will talk about how a DBA (Dynamic Binary Analysis) may help a reverse engineer to reverse obfuscated code. We will first introduce some basic obfuscation techniques and then expose how it's possible to break some stuffs (using our open-source DBA framework - Triton) like detect opaque predicates, reconstruct CFG, find the original algorithm, isolate sensible data and many more... Then, we will conclude with a demo and few words about our future work.[SLIDES]
How Triton may help to analyse obfuscated binaries
With Jonathan Salwan
Binary obfuscation is used to protect software's intellectual property. There exist different kinds of obfucation but roughly, it transforms a binary structure into another binary structure by preserving the same semantic. The aim of obfuscation is to ensure that the original information is "drown" in useless information that will make reverse engineering harder. In this article we will show how we can analyse an ofbuscated program and break some obfuscations using the Triton framework[ARTICLE]