x4e's blog

Adventures in Reverse Engineering

I bought a Chromebook a couple of years ago to do school work on – it only cost about 100£ and was very small and light, perfect for carrying around school. At the time I had never experienced Linux and was fine with storing all my stuff on google docs/drive etc.

Last year I switched to Linux on my main laptop (one that's too large to use for school), and since then I've always wanted to be able to install it on my Chromebook. Unfortunately that's not easy – Chromebooks use a lot of obscure hardware for which drivers are only implemented in ChromeOS and not upstream Linux. Google also licenses Chromebook manufacturing and some parts of design to other manufactures, meaning that each Chromebook can be very different, and as such there is no single guide to install Linux on a Chromebook.

Read more...

Bitcoin's whitepaper presents it as a “peer-to-peer electronic cash system”, however I do not believe that Bitcoin has fulfilled the requirements of cash.

Read more...

As an obfuscator developer it is my job to attempt to prevent reverse engineers from analyzing customer's applications.

One common tool used by Java reverse engineers is The OW2 ASM Library, a library that can read, manipulate and write classfiles generated by the javac compiler. This makes ASM a target for obfuscation — hindering the functionality of ASM on obfuscated classes can be very valuable.

In this post I'll go over how I found and exploited a design flaw in the ASM library in order to create classfiles that render ASM useless.

Read more...

Breaking the verifier for all OpenJDK 8+ jvms by hooking shared library exports.

Read more...

Bypassing the OpenJDK8 and OpenJ9 verifier through an unsecured backdoor.

Read more...