Semgrep - Matching JavaScript Imports

Semgrep is a great tool to add into a code review workflow as Semgrep is aware of language semantics and automatically handles things like different import styles and aliases well. However, when writing rules for JavaScript, I noticed that the following import pattern was not han…
Read more...

Instrumenting JVM Programs With Frida

Frida is very commonly used to instrument Android applications written in Java and compiled to Dalvik bytecode. It is a less well known fact that Frida gained support for instrumenting Java programs running on the HotSpot JVM in a recent version which should work on most JVM vers…
Read more...

Gantix JailMonkey Root Detection Bypass

jail-monkey is a React Native for implementing root detection on Android and iOS devices which is not defeated by the default root detection bypass implemented by objection. The jail-monkey API is a set of methods exposed to a React Native app through the JailMonkey module. impo…
Read more...

Analyzing Kony Mobile Applications

The content in this blog post was presented at Infosec In The City 2019. What is Kony? Kony Visualizer (or Quantum, they have renamed the product a few times) is a cross-platform application development environment. With Kony Visualizer, a single codebase can be used to buil…
Read more...

Ghidra Plugin: JNIAnalyzer

When reversing Android applications with native code, providing type information to your reverse engineering tool can make a decompilation a lot more readable. As an example, the following snippet of code is the Ghidra decompiler output of a function from the libfoo.so of UnCrack…
Read more...