https://juliangrtz.me/posts/Recent content in Posts on juliangrtz.meHugo -- gohugo.ioen-uscontact@juliangrtz.me (juliangrtz)contact@juliangrtz.me (juliangrtz)Wed, 17 Jun 2026 00:00:00 +0000https://juliangrtz.me/2026/06/17/fake_re9_mod/Wed, 17 Jun 2026 00:00:00 +0000contact@juliangrtz.me (juliangrtz)https://juliangrtz.me/2026/06/17/fake_re9_mod/This is a write-up about a real compromise of my Windows 11 PC. I usually write about reverse engineering from the comfortable side of the table: crackmes, iOS reversing tricks, anti-debugging, decompilers, Frida, IDA, that kind of stuff. This time the target was not a crackme and the sample was not something I downloaded from MalwareBazaar for fun. I installed what looked like a harmless REFramework / Resident Evil 9 mod on GitHub and ended up with a professionally crafted, staged infostealer/RAT infection that had been running on my host for about two weeks.https://juliangrtz.me/2025/10/15/frida-banking-app/Wed, 15 Oct 2025 00:00:00 +0000contact@juliangrtz.me (juliangrtz)https://juliangrtz.me/2025/10/15/frida-banking-app/Introduction I’m currently working on a tool to detect anti-reverse-engineering techniques in 64-bit iOS applications. It’s based on LIEF and Capstone. An appropriate way to test this tool is to apply it on actual applications found in the wild such as banking apps or large online games. Banking apps traditionally employ various measures to defeat reverse-engineering, including obfuscation, debugging detections and jailbreak detections – both on Android and on iOS. For testing purposes, I picked an app of a financial institution I’ve already “experimented with” in the past.https://juliangrtz.me/2024/08/19/re_seminar/Mon, 19 Aug 2024 00:00:00 +0000contact@juliangrtz.me (juliangrtz)https://juliangrtz.me/2024/08/19/re_seminar/Introduction As someone relatively new to the field of reverse engineering, I decided to take on the challenge of leading a seminar on the subject titled “Software Reverse Engineering: A Practical Introduction.” While it might seem counterintuitive for a beginner to teach such a complex topic, I’ve found that teaching is one of the best ways to deepen my understanding. By preparing lessons, guiding others, and tackling questions from students, I was able to reinforce my own learning and gain new perspectives on reverse engineering.https://juliangrtz.me/2024/01/24/removepie/Wed, 24 Jan 2024 00:00:00 +0000contact@juliangrtz.me (juliangrtz)https://juliangrtz.me/2024/01/24/removepie/ASLR Address space layout randomization (ASLR) is a computer security technique involved in preventing exploitation of memory corruption vulnerabilities. In order to prevent an attacker from reliably jumping to, for example, a particular exploited function in memory, ASLR randomly arranges the address space positions of key data areas of a process, including the base of the executable and the positions of the stack, heap and libraries. This is Wikipedia’s (brief but correct) definition of ASLR.https://juliangrtz.me/2024/01/11/frida-ios-syscall-tracer/Thu, 11 Jan 2024 00:00:00 +0000contact@juliangrtz.me (juliangrtz)https://juliangrtz.me/2024/01/11/frida-ios-syscall-tracer/Introduction Some time ago, I stumbled upon an interesting iOS banking application whose name shall not be disclosed (for the better). Unsurprisingly, the app immediately crashed on my checkra1n-jailbroken iPhone 6 on iOS 12.5.5. Because why would the developers of the banking app want reverse engineers to analyze their Holy Grail? Curiously, I opened the decrypted app binary in IDA and searched for the usual culprits in these scenarios: “Cydia”, “Sileo”, “cycript”, “/bin/bash”, etc.https://juliangrtz.me/2024/01/10/mightyxor/Wed, 10 Jan 2024 00:00:00 +0000contact@juliangrtz.me (juliangrtz)https://juliangrtz.me/2024/01/10/mightyxor/Exploring the Foundations of Cryptography: The One-Time Pad In 2019, a good school friend and I embarked on a journey into the fascinating world of cryptography, recognizing its potential importance in our future endeavors. Many formal cryptography courses in universities and colleges often kick off with an introduction to the one-time pad (OTP). This cryptographic technique, if implemented correctly, offers a level of security that is considered unbreakable. As Wikipedia aptly describes it:https://juliangrtz.me/2024/01/08/purpose/Mon, 08 Jan 2024 00:00:00 +0000contact@juliangrtz.me (juliangrtz)https://juliangrtz.me/2024/01/08/purpose/The purpose of this blog is to inform, to educate and to motivate concerning various topics connected to computer science and cybersecurity. The purpose of this blog is not to incite the reader to participate in any kind of criminal activity. Refrain from asking me questions regarding game hacking, software license tampering, cracking etc. Reverse engineering should always be done in an ethical manner. Remember you are dealing with intellectual property.https://juliangrtz.me/2022/12/30/x0rb0y_crackme/Fri, 30 Dec 2022 00:00:00 +0000contact@juliangrtz.me (juliangrtz)https://juliangrtz.me/2022/12/30/x0rb0y_crackme/In this blog post, we are taking a look at X0rb0y’s Windows crackme written in C you can find here. General information The Linux tool file displays the following information for the 32-bit executable file provided by the author: keyGen.exe: PE32 executable (console) Intel 80386, for MS Windows There is no welcome message whatsoever when executing the crackme. After entering a random password, the program displays “Wrong Length!” and exits.