Tim Blazytko

Impressive reverse engineering kung fu against widevine L3 by Felipe (x.com/_localo_) ! #hacklu
Cc @mrphrazer.bsky.social

YouTube video by Recon Conference Recon 2025 - Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications

The recording of our (CC @nicolo.dev ) talk "Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications" at @reconmtl.bsky.social is now online!

Recording: www.youtube.com/watch?v=QxSG...

Slides: synthesis.to/presentation...

#BinaryNinja Plugin: github.com/mrphrazer/ob...

The new version of my #BinaryNinja plugin Obfuscation Analysis (v1.2) adds recursive function inlining in the decompiler.

It collapses call-heavy code into a single function; analysis, constant propagation, DCE and other analyses work across boundaries.

github.com/mrphrazer/ob...

GitHub - emproof-com/workshop_firmware_reverse_engineering: Workshop on firmware reverse engineering Workshop on firmware reverse engineering. Contribute to emproof-com/workshop_firmware_reverse_engineering development by creating an account on GitHub.

We at @emproofsecurity.bsky.social open-sourced a free firmware reverse engineering workshop for self-study.

Topics: ELF analysis, cracking, malware triage, embedded-Linux, bare-metal, crypto-key extraction, anti-analysis. Docker setup and solutions included.

github.com/emproof-com/...

Reminder: If you’re interested in learning how to analyze and deal with obfuscated code, you’re welcome to join my training at @hexacon.bsky.social from October 6-9.

You can still register here: www.hexacon.fr/trainer/blaz...

Congrats!

A side-by-side view of Ghidra's decompiler. Left is the raw output, right is the output enhanced by the LLM.

Based on research by @mrphrazer.bsky.social and @mu00d8.bsky.social, presented at RECon 2024, I used graph theory code from Ghidra's codebase to select the order in which functions are sent to the LLM, ensuring as much context as possible is retained. The script is aptly named GhidrAI!

5/n

The slides from our @reconmtl.bsky.social talk, "Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications" (CC @nicolo.dev ), are now online!

Slides: synthesis.to/presentation...

Plugin: github.com/mrphrazer/ob...

Tomorrow at 3:30 pm, @nicolo.dev and I will present our talk “Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications” at @reconmtl.bsky.social !

Details: cfp.recon.cx/recon-2025/t...
Plugin release: github.com/mrphrazer/ob...

Reminder: If you’re interested in code deobfuscation, you’re welcome to join my training at @reconmtl.bsky.social Montréal from June 24-27.

You can still register here: recon.cx/2025/trainin...

Honored to join @jstrosch.bsky.social on his podcast "Behind the Binary"! We discussed my RE journey, identifying & analyzing obfuscated code, software protection in industry vs malware, the dynamic between building & breaking protections, and others.

open.spotify.com/episode/7yJB...

New #BinaryNinja plugin: Obfuscation Analysis

Simplifies arithmetic obfuscation (MBA) directly in the decompiler (see demo below). Also identifies functions with corrupted disassembly.

Co-authored by @nicolo.dev; available in the plugin manager.

github.com/mrphrazer/ob...

Excited to teach my class on software deobfuscation in Paris at @hexacon.bsky.social , Oct 6–9, 2025!
Learn advanced techniques to defeat state-of-the-art obfuscation in DRMs & APT malware.

www.hexacon.fr/trainer/blaz...

Reminder: Training registrations are still open for my deobfuscation training at REcon Montreal. Secure your spot before prices go up on May 1!

At @reconmtl.bsky.social, @nicolo.dev and I discuss the current state of MBA (de)obfuscation and their applications. We’ll also introduce a new #BinaryNinja plugin for simplifying MBAs in the decompiler.

Details: cfp.recon.cx/recon-2025/f...

I'll also give a training: recon.cx/2025/trainin...

New heuristic in my #BinaryNinja plugin obfuscation_detection:
Duplicated Subgraphs uses iterative context hashing to spot repeated multi-block code. We merge each block’s signature with its successors over multiple rounds for efficiency.

Link: github.com/mrphrazer/ob...

RE//verse training registration closes today! Have to finalize count for the hotel. If you still want to join after registration closes, contact us ASAP as some extra slots may be available. https://re-verse.io/#trainings

My class on code deobfuscation at REcon Montreal (June 24-27) is now open for registration! Learn how to analyze obfuscated code and break it by writing custom tools using symbolic execution, SMT solving, and program synthesis.

Details & Register: recon.cx/2025/trainin...

YouTube video by emproof Webinar: Software Protection -- Safeguarding Code Against Reverse Engineering

Last Thursday, I gave a webinar on anti-reverse engineering techniques like obfuscation, anti-debug, anti-tamper etc, including practical examples. Recording, slides and examples are now available.

Recording: www.youtube.com/watch?v=Ie1e...

Slides, Code & Samples: github.com/emproof-com/...

The line-up for @re-verse.io is impressive, but one talk I’m particularly excited about is from Vikas Gupta and Peter Garba:

“Standing on the Shoulders of Giants: De-Obfuscating WebAssembly using LLVM”

re-verse.sessionize.com/session/763329

The schedule of RE//verse is out now and contains some pretty interesting talks on reverse engineering and code (de)obfuscation!

I'll also give my deobfuscation training there: shop.binary.ninja/products/re-...

RE//verse Training - Software Deobfuscation Techniques with Tim Blazytko Get to know state-of-the-art code obfuscation techniques, how they complicate reverse engineering, and how to use different deobfuscation techniques to break them in these hands-on sessions at RE//ver...

My next (de)obfuscation training will be at
@re-verse.io , Feb 24-27 in Orlando. You’ll learn to identify, analyze, understand, and break protected code in both malware and commercial applications.

Register: shop.binary.ninja/products/re-...