Arnau Profile picture
Hacker and mathematician. Founder, security researcher and trainer @FuraLabs. Senior malware reverse engineer for $vendor. Community @HackingLliure.
Apr 22, 2021 25 tweets 6 min read
Ok, I had some time to read the new paper on MBA deobfuscation:…

TL;DR Cool stuff and great contribution, but tarnished by some omissions that make it seem to have a bigger impact and general applicability than it really has, imho.

A thread 🧵 First things first. I don't consider myself an expert, but I'm quite familiar with academic literature regarding MBA (de)obfuscation. This paper constitutes great research, provides a novel proof and offers promising results.
Dec 1, 2020 19 tweets 13 min read
🔥 #AdventOfReversing 1/24 🔥
Get dirty as soon as possible. Don't fall into thinking you are not ready. Sure, you will be confused by many things at first. That's fine! I used to confuse sections and segments when I started. Keep pushing, and things will become clear naturally. 🔥 #AdventOfReversing 2/24 🔥
Get used to (re)name *everything* in your disassembler. You might be able to mentally track data across registers and memory for small crackmes w/ easy control flow, but this does not scale at all. Unclutter your mind. Make your life easier.
Jul 24, 2020 5 tweets 3 min read
📢Just published my Maths & CS BSc thesis:
📄"Code deobfuscation by program synthesis-aided simplification of Mixed Boolean-Arithmetic expressions".

Serves as an intro/review to:
- Code (de)obfuscation
- MBA expressions
- Program synthesis

👉 Cover of the thesis documentAbstract of the thesis First @radareorg r2syntia prototype was developed in the context of this work. Now it has already been slightly improved and it is being updated and maintained here, in case you are interested:…