/tags/reverse-engineering/Recent content in Reverse Engineering on THALIUMHugoen-usCopyright (c) 2026, all rights reserved.Tue, 13 Jan 2026 00:00:00 +0000/posts/symless-an-ida-assistant-for-structure-reconstruction/Tue, 13 Jan 2026 00:00:00 +0000/posts/symless-an-ida-assistant-for-structure-reconstruction/<p>Symless is an IDA Pro plugin designed to assist with structure reconstruction and cross-reference placement. It comes in two flavors: an <strong>automatic pre-analysis</strong> that can reconstruct most of the structures used in a binary, and an <strong>interactive plugin</strong> that reconstructs a single structure from user selection.</p> <p>We are now releasing a <strong>new architecture-agnostic version</strong> of Symless, and use this opportunity to describe its internal logic.</p>/posts/llvm-powered-devirtualization/Fri, 22 Nov 2024 08:00:00 +0000/posts/llvm-powered-devirtualization/Virtualization is a powerful technique for code obfuscation, and reversing it can be challenging. In this post, we cover the work done during an internship on developing an <strong>automated devirtualization tool</strong>. We explore a simplified taint-based approach and discuss its limitations. For a more in-depth analysis, the full report is also made available./posts/achieving-remote-code-execution-in-steam-remote-play/Mon, 04 Dec 2023 08:00:00 +0000/posts/achieving-remote-code-execution-in-steam-remote-play/<p><em>Remote Play Together</em>, developed by Valve, allows sharing local multi-player games with friends over the network through streaming. The associated protocol is elaborate enough to shelter a valuable attack surface that has scarcely been ventured into in the past.</p> <p>This post covers the reverse engineering of the protocol and client/server implementations inside Steam, before presenting a dedicated fuzzer that unveiled a few critical vulnerabilities.</p>/posts/ecw-2023-kaleidoscope-write-up/Tue, 07 Nov 2023 12:00:00 +0100/posts/ecw-2023-kaleidoscope-write-up/<strong>kaleidoscope</strong> was a hard reverse engineering challenge created for the European Cyber Week CTF 2023 qualifiers, with a focus on Windows-specific mechanisms and VM-based obfuscation./posts/ecw2021-writeup/Mon, 25 Oct 2021 12:00:01 +0100/posts/ecw2021-writeup/<p>For the <a href="https://www.european-cyber-week.eu/">European Cyber Week</a> CTF 2021 Thalium created some challenges in our core competencies: reverse and exploitation. This blog post presents some of the write-ups:</p> <ul> <li><a href="#chest">Chest (36 solve) - reverse</a></li> <li><a href="#fsb-as-a-service">FSB as a service (3 solve) - exploitation</a></li> <li><a href="#wysiwyg">WYSIWYG (3 solve) - reverse</a></li> <li>Pipe Dream (1 solve) - reverse <ul> <li>the author posted his solution on <a href="https://face.0xff.re/posts/ecw-ctf-2021-pipe-dream-writeup/">his personal blog</a></li> </ul> </li> </ul> <p>Thalium&rsquo;s challenges have been less resolved than others. They were not that difficult, but probably a bit more unexpected. A few additional challenges designed by Thalium are:</p>