Stars
Slides, recordings and materials of my public presentations, talks and workshops.
An IDA Hex-Rays microcode filter that lifts AVX/AVX2/AVX-512/AVX10 and VMX/VT-x instructions to intrinsics.
Structor is a Hex-Rays plugin that synthesizes C structures from raw pointer arithmetic.
watchOS kernel R/W + live process memory dumping on Apple Watch Series 4 (watchOS 10.6.2 - latest). Named after the children's book Peepo!
AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.
iOS 18.4-18.6.2 userland exploit chain with JS injection into SpringBoard and other processes. Derived from DarkSword.
We did some pairing to implement egraphs from scratch
Code execution/injection technique using DLL PEB module structure manipulation
Research pertaining to Games for Windows Live (GFWL) xlive.dll.
For the paper 'If LLMs Have Human-Like Attributes, Then so Does Age of Empires II'
[100% AI Generated Code] Lightweight LLVM Symbolic Execution Engine
Static devirtualizer for VMProtect 3.0-3.5. Lifts virtualized code to LLVM using Remill and strips the VM layer through optimization.
An educational anti-cheat system for learning Windows kernel programming, process monitoring, and cheat detection techniques
Rust crate for analyzing and neutering Arxan in FromSoftware games
IDA Pro plugin that speeds up the initial binary auto analysis through caching and multithreaded analysis
IDA plugin for automatic deobfuscation of opaque predicates by lifting microcode to z3 for SMT reasoning.
LLVM based devirtualizer for the binaryshield software protector.
Striga is an experimental lifter from x86_64 to LLVM IR written in Python.
A GameCube/Wii emulator and debugger written in Rust.
Automated LLVM bug reproducer reduction service
androidqf (Android Quick Forensics) helps quickly gathering forensic evidence from Android devices, in order to identify potential traces of compromise.