Romain Thomas (@rh0main)'s Avatar

Romain Thomas (@rh0main)

@rh0main

Security engineer working on Android, reverse-engineering & obfuscation. https://www.romainthomas.fr/ - https://obfuscator.re/ - https://lief.re

233
Followers 256
Following 9
Posts 28.09.2024
Joined
Posts Following

Latest posts by Romain Thomas (@rh0main) @rh0main

Preview
A Glimpse Into DexProtector | Romain Thomas This blog post provides a high-level overview of DexProtector's security features and their limitations

I reverse engineered DexProtector, the security solution protecting applications like Revolut and other banking apps.

From custom ELF loaders to vtable hooking, here is an insight into how these protections work and their limitations.

www.romainthomas.fr/post/26-01-d...

05.01.2026 06:11 πŸ‘ 33 πŸ” 12 πŸ’¬ 0 πŸ“Œ 0
Post image

I'm happy to share that LIEF 0.17.0 is out: lief.re/blog/2025-09...

15.09.2025 03:49 πŸ‘ 12 πŸ” 5 πŸ’¬ 0 πŸ“Œ 0
Preview
LIEF patchelf This blog post introduces a modern LIEF-based version of patchelf

New blog post on implementing patchelf-like functionalities using LIEF's Rust bindings:

lief.re/blog/2025-07...

14.07.2025 05:09 πŸ‘ 3 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Preview
DWARF as a Shared Reverse Engineering Format This blog post introduces a new API in LIEF to create DWARF files

[Blog Post] New high-level API in LIEF that allows the
creation of DWARF files. Additionally, I present two plugins designed to export
program information from Ghidra and BinaryNinja into a DWARF file.

lief.re/blog/2025-05...

(Bonus: DWARF file detailing my reverse engineering work on DroidGuard)

27.05.2025 13:50 πŸ‘ 21 πŸ” 15 πŸ’¬ 1 πŸ“Œ 0
Post image

Fuzzing Windows ARM64 binaries with a DBI and LLVM?
Here we go: www.romainthomas.fr/post/25-04-w...

28.04.2025 12:36 πŸ‘ 4 πŸ” 5 πŸ’¬ 0 πŸ“Œ 0
Post image

New updates in LIEF including better support for PE modifications and ARM64EC/ARM64X binaries.

Blog post: lief.re/blog/2025-02...

17.02.2025 04:30 πŸ‘ 8 πŸ” 4 πŸ’¬ 0 πŸ“Œ 0

Want to support security researchers from Dragon Sector in covering legal costs piling up after they went public with logic bombs in train firmware?
IBAN for donations is available here:
www.ccc.de/en/updates/2...

Talks for context
media.ccc.de/v/37c3-12142...
streaming.media.ccc.de/38c3/relive/...

28.12.2024 09:29 πŸ‘ 36 πŸ” 18 πŸ’¬ 0 πŸ“Œ 1
Preview
Privacy is Priceless, but Signal is Expensive Signal is the world’s most widely used truly private messaging app, and our cryptographic technologies provide extra layers of privacy beyond the Signal app itself. Since launching in 2013, the Signal...

And if you want to know more about the economic reality behind running high availability, actually innovative tech… signal.org/blog/signal-...

11.12.2024 18:37 πŸ‘ 137 πŸ” 39 πŸ’¬ 2 πŸ“Œ 6
Post image

LIEF 0.16.0 is out featuring new (extended) capabilities like Dyld Shared Cache support, Assembler/disassembler, ...

lief.re/blog/2024-12...

10.12.2024 11:24 πŸ‘ 9 πŸ” 5 πŸ’¬ 0 πŸ“Œ 0

It would make a nice combo!

23.11.2024 12:28 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
LIEF Disassembler API based on LLVM MC

LIEF Disassembler API based on LLVM MC

So for my first post on Bluesky, I'm happy to share that LIEF (extended) is now providing an API to disassemble code (backed by the LLVM MC layer).

This disassembler is integrated with other functionalities
like dyldsc or DWARF info.

You can checkout lief.re/doc/latest/e... for the details.

23.11.2024 09:33 πŸ‘ 30 πŸ” 9 πŸ’¬ 1 πŸ“Œ 1