Erwan Grelet
Erwan Grelet is a security researcher currently working at Ubisoft in the Game Security team. He spent several years working as a low-level software engineer before that.
He is particularly interested in software reverse engineering, vulnerability research and software obfuscation.
Sessions
Themida is a popular commercial software obfuscator which provides code
virtualization and code mutation features.
While Themida's code mutation is unanimously considered a weaker obfuscation
scheme than code virtualization, there's little to no public information on the
feature's implementation. As a result, it's difficult to estimate the code
mutation's impact on an attacker's reverse engineering flow. In this talk we
fill a bit of that gap by studying Themida's code mutation in details and looking
for potential shortcomings.
We'll use Binary Ninja and Python to understand how the code mutation works for
x86-64 executables, ultimately automating its deobfuscation using Miasm and
symbolic execution.