Cracking a virtualized binary with Angr
Reversing a custom VM-based obfuscation challenge using traditional patching, brute forcing, and symbolic execution with angr.
Reversing a custom VM-based obfuscation challenge using traditional patching, brute forcing, and symbolic execution with angr.
Intercepting the Strava API to generate route maps without a subscription
Reversing SecurityKit and patching out Volkswagen’s layers of anti-debugging and jailbreak checks.
When automated tools like TrollDecrypt fail on newer jailbreaks, it’s time to dust off the old-school manual decryption method using LLDB to dump memory directly.
How I reversed the Google IMA SDK implementation in the Oqee app to completely block pre-roll and mid-roll ads on iOS and tvOS using a custom VMAP payload.
Reversing Free’s Oqee app to find hidden developer settings, NSUserDefaults bypasses, and a literal Konami code gesture sequence.
Breaking down obfuscated dylibs, CloudKit crashes, and certificate pinning.
Reverse engineering the myTF1 iPhone app to block video ads using a Theos tweak.
Reverse engineering the myTF1 Apple TV app to block video ads using Frida and a Theos tweak.
Deep dive into reverse engineering a REALbasic/Xojo application’s license validation logic, analyzing the serial number format, checksum algorithm, and hex phrase conversion using IDA Pro and LLDB.