leHACK Conferences tracks 📅 iCal 📱 INSTALLABLE MOBILE WEB APP

Workshop Room

Most reverse engineering workflows treat a binary as a static artifact. Dynamic Binary Instrumentation flips that: instead of reading code, you *watch it run*, intercepting every instruction and memory access with nothing but Python. This workshop is a hands-on introduction to DBI using PyQBDI. Attendees go from zero to writing instrumentation scripts that trace execution, inspect runtime state, instrument native libraries, and ultimately bypass anti-debugging protections to extract a hidden flag. They leave with reusable scripts and the foundations to apply QBDI in professional engagements, CTF challenges, or personal research. QBDI is an open-source framework developed at Quarkslab, supporting Linux, Windows, Android, and macOS. It has been used in practice to break whitebox cryptographic implementations, deobfuscate VM-protected binaries, and analyze Android native libraries without source code

Workshop Room

Understand the fundamentals of reverse engineering Android applications. Learn to use debugging tools to analyze Android app behavior. Bypass security mechanisms using Frida scripts. Sniff and replay Bluetooth Low Energy (BLE) communications. Modify Smali code to alter app functionality. Reverse engineer native libraries used in Android apps. Perform Man-in-the-Middle (MITM) attacks on HTTPS services. 

Workshop Room

Your favorite Android mobile apps or smart TV are probably fortresses: obfuscated code, anti hooking defenses, encrypted protocols. Traditional RE tools? Weeks of manual grinding. But what if you could teach your hooks to evolve, fuzz vendor services for hidden root commands, and let an AI orchestrate the entire RE workflow? In this hands-on workshop, you'll learn to autopsy mobile applications using Reversense, a free collaborative reverse engineering platform now available as open source. Unlike traditional tools that require weeks of manual analysis, Reversense automates the discovery, modeling, and instrumentation of mobile apps in their real execution context. You'll work through 3 real-world scenarios: - Hardened App Security Audit : Identify sensitive data and bypass security mechanisms, such as anti-hooking, using self-improved hooks and dynamic modeling. - Discovery of Undocumented ADB Commands : Use combination of built-in fuzzing engine, and cross-app hooking to uncover hidden vendor backdoors and factory test modes in Android devices. - AI-Powered Reverse Automation : Leverage MCP (Model Context Protocol) integration to orchestrate complex multi-stage reverse engineering workflows.

Workshop Room

keep digging for that root shellStill wondering how to gain root access to a device via hardware ? Why not trying yourself ? Again ? This workshop will equip you with the skills and knowledge to understand the basics of hardware hacking . In this workshop, you may : - Learn what UART is and why it's a crucial interface for embedded systems. - Set Up Your Environment: Get your tools ready, including serial adapters and terminal software. - Discover how to physically connect to a device's UART pins and establish a serial connection. - How to interact with the device's shell and gain root access.

Workshop Room

Ce workshop introduit un framework dédié aux attaques de protocoles sans-fil, WHAD, avec un focus tout particulier sur le protocole Bluetooth Low Energy. Il fait écho au talk soumis par l'auteur sur le même sujet, et permettra de mettre en pratique les attaques évoquées dans ce dernier sur de véritables équipements connectés.