iOS 5 data protection updates

Sun 09 October 2011 by jean

iOS 5 was released this week, and introduced some changes to the data protection features we described at HITB Amsterdam. This post highlights the updates made since iOS 4.

LwVM partition scheme

The GPT partition table used on iOS 4 was replaced by Apple's proprietary Lightweight Volume Manager (LwVM ...

read more CTF 2011 Write-up : Scotty's last signal

Tue 27 September 2011 by jj

Another writeup for the excellent 2011 Capture The Flag contest. This one was very unusual, based on a patched NES rom of Super Mario Bros 1.

Scotty's last signal

You might have heard about Montgomery Scott, the legendary chief
engineer of the U.S.S. Enterprise. What ...
read more CTF 2011 Write-up : FluxScience

Mon 26 September 2011 by JB

This was probably one of the most entertaining challenges of this CTF.A file data.flux is provided. The goal is to analyze a Windows binary to be ableto decrypt this file.

A few informations are given:

Thanks to a former employee of FluxScience (one of our competitors), wemanaged to ...
read more CTF 2011 Write-up : Romulan Business Network

Thu 22 September 2011 by guillaume

Once again, we participated in the Capture-The-Flag event organized by the FluxFingers team at Just like last year's CTF, the challenges were fun and original, and we finished up first after 48 hours of rude competition. The challenge here consisted in a little PDF crackme to solve ...

read more

The undocumented password validation algorithm of Adobe Reader X

Wed 14 September 2011 by guillaume

Someone recently sent me an email about troubles when opening in Origami encrypted PDF documents produced by Acrobat Pro X. At first I thought it was a bug, but while looking in the data of the document I noticed two unusual things: the specified PDF version was Extension Level 8 ...

read more

Rushing Recon 2011!!!

Fri 29 July 2011 by alex

Hi everyone,

In the beginning of July, several people from our lab were in Montreal for the Recon conference, where we gave four talks. We really enjoyed our time there. The panel of talks was, once again, amazing. It was an opportunity to meet great people, and to enjoy beers ...

read more

Analysis of the jailbreakme v3 font exploit

Sat 16 July 2011 by jean

Two weeks ago, comex released the third version of jailbreakme. Two exploits are used to jailbreak Apple devices by opening a PDF file in the MobileSafari browser: initial code execution is obtained through a vulnerability in the Freetype Type 1 font parser, allowing subsequent exploitation of a kernel vulnerability to ...

read more

Linux syscall ABI

Tue 05 July 2011 by jj

A quick post to summarize the linux kernel syscall ABI on i386 architecture.

It is hard to come by a short summary of how to do direct syscalls under the linux kernel. This does not intend to be exhaustive nor authoritative, but at least now I'll have something to ...

read more

Origami 1.0 released!

Tue 24 May 2011 by guillaume

I am pleased to announce the first stable release of Origami, the PDF manipulation framework! A lot of new cool features has been added since the last beta and I consider the framework has become stable enough now. This release introduces the support for AES256 encryption/decryption, partial support for ...

read more

Passcode bypass of the HTC Desire Z using an unexpected feature of the bootloader

Sun 22 May 2011 by cedric

Android devices are becoming increasingly present everywhere. iPhone security has been analyzed by researchers -- however this is more difficult for Android devices due to the diversity of vendors and devices: each model has its own characteristics and has a unique combination of hardware and software. What will be discussed here ...

read more