Tim Blazytko
@mrphrazer.bsky.social
Binary Security Researcher, Chief Scientist at http://emproof.com and Trainer.
Website: https://synthesis.to
Website: https://synthesis.to
Pinned
Tim Blazytko
@mrphrazer.bsky.social
· May 5
Excited to teach my class on software deobfuscation in Paris at @hexacon.bsky.social , Oct 6–9, 2025!
Learn advanced techniques to defeat state-of-the-art obfuscation in DRMs & APT malware.
www.hexacon.fr/trainer/blaz...
Learn advanced techniques to defeat state-of-the-art obfuscation in DRMs & APT malware.
www.hexacon.fr/trainer/blaz...
Reposted by Tim Blazytko
Impressive reverse engineering kung fu against widevine L3 by Felipe (x.com/_localo_) ! #hacklu
Cc @mrphrazer.bsky.social
Cc @mrphrazer.bsky.social
October 23, 2025 at 1:01 PM
Impressive reverse engineering kung fu against widevine L3 by Felipe (x.com/_localo_) ! #hacklu
Cc @mrphrazer.bsky.social
Cc @mrphrazer.bsky.social
The recording of our (CC @nicolo.dev ) talk "Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications" at @reconmtl.bsky.social is now online!
Recording: www.youtube.com/watch?v=QxSG...
Slides: synthesis.to/presentation...
#BinaryNinja Plugin: github.com/mrphrazer/ob...
Recording: www.youtube.com/watch?v=QxSG...
Slides: synthesis.to/presentation...
#BinaryNinja Plugin: github.com/mrphrazer/ob...
Recon 2025 - Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications
YouTube video by Recon Conference
www.youtube.com
October 15, 2025 at 10:56 PM
The recording of our (CC @nicolo.dev ) talk "Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications" at @reconmtl.bsky.social is now online!
Recording: www.youtube.com/watch?v=QxSG...
Slides: synthesis.to/presentation...
#BinaryNinja Plugin: github.com/mrphrazer/ob...
Recording: www.youtube.com/watch?v=QxSG...
Slides: synthesis.to/presentation...
#BinaryNinja Plugin: github.com/mrphrazer/ob...
The new version of my #BinaryNinja plugin Obfuscation Analysis (v1.2) adds recursive function inlining in the decompiler.
It collapses call-heavy code into a single function; analysis, constant propagation, DCE and other analyses work across boundaries.
github.com/mrphrazer/ob...
It collapses call-heavy code into a single function; analysis, constant propagation, DCE and other analyses work across boundaries.
github.com/mrphrazer/ob...
October 11, 2025 at 3:27 PM
The new version of my #BinaryNinja plugin Obfuscation Analysis (v1.2) adds recursive function inlining in the decompiler.
It collapses call-heavy code into a single function; analysis, constant propagation, DCE and other analyses work across boundaries.
github.com/mrphrazer/ob...
It collapses call-heavy code into a single function; analysis, constant propagation, DCE and other analyses work across boundaries.
github.com/mrphrazer/ob...
We at @emproofsecurity.bsky.social open-sourced a free firmware reverse engineering workshop for self-study.
Topics: ELF analysis, cracking, malware triage, embedded-Linux, bare-metal, crypto-key extraction, anti-analysis. Docker setup and solutions included.
github.com/emproof-com/...
Topics: ELF analysis, cracking, malware triage, embedded-Linux, bare-metal, crypto-key extraction, anti-analysis. Docker setup and solutions included.
github.com/emproof-com/...
GitHub - emproof-com/workshop_firmware_reverse_engineering: Workshop on firmware reverse engineering
Workshop on firmware reverse engineering. Contribute to emproof-com/workshop_firmware_reverse_engineering development by creating an account on GitHub.
github.com
September 30, 2025 at 8:36 AM
We at @emproofsecurity.bsky.social open-sourced a free firmware reverse engineering workshop for self-study.
Topics: ELF analysis, cracking, malware triage, embedded-Linux, bare-metal, crypto-key extraction, anti-analysis. Docker setup and solutions included.
github.com/emproof-com/...
Topics: ELF analysis, cracking, malware triage, embedded-Linux, bare-metal, crypto-key extraction, anti-analysis. Docker setup and solutions included.
github.com/emproof-com/...
Reminder: If you’re interested in learning how to analyze and deal with obfuscated code, you’re welcome to join my training at @hexacon.bsky.social from October 6-9.
You can still register here: www.hexacon.fr/trainer/blaz...
You can still register here: www.hexacon.fr/trainer/blaz...
August 4, 2025 at 10:55 PM
Reminder: If you’re interested in learning how to analyze and deal with obfuscated code, you’re welcome to join my training at @hexacon.bsky.social from October 6-9.
You can still register here: www.hexacon.fr/trainer/blaz...
You can still register here: www.hexacon.fr/trainer/blaz...
Reposted by Tim Blazytko
Based on research by @mrphrazer.bsky.social and @mu00d8.bsky.social, presented at RECon 2024, I used graph theory code from Ghidra's codebase to select the order in which functions are sent to the LLM, ensuring as much context as possible is retained. The script is aptly named GhidrAI!
5/n
5/n
July 1, 2025 at 12:35 PM
Based on research by @mrphrazer.bsky.social and @mu00d8.bsky.social, presented at RECon 2024, I used graph theory code from Ghidra's codebase to select the order in which functions are sent to the LLM, ensuring as much context as possible is retained. The script is aptly named GhidrAI!
5/n
5/n
The slides from our @reconmtl.bsky.social talk, "Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications" (CC @nicolo.dev ), are now online!
Slides: synthesis.to/presentation...
Plugin: github.com/mrphrazer/ob...
Slides: synthesis.to/presentation...
Plugin: github.com/mrphrazer/ob...
June 27, 2025 at 8:28 PM
The slides from our @reconmtl.bsky.social talk, "Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications" (CC @nicolo.dev ), are now online!
Slides: synthesis.to/presentation...
Plugin: github.com/mrphrazer/ob...
Slides: synthesis.to/presentation...
Plugin: github.com/mrphrazer/ob...
Tomorrow at 3:30 pm, @nicolo.dev and I will present our talk “Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications” at @reconmtl.bsky.social !
Details: cfp.recon.cx/recon-2025/t...
Plugin release: github.com/mrphrazer/ob...
Details: cfp.recon.cx/recon-2025/t...
Plugin release: github.com/mrphrazer/ob...
Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications Recon 2025
From gaming anti-cheat and DRM solutions to malware, Mixed Boolean-Arithmetic (MBA) obfuscation hides critical computations behind intricate Boolean and arithmetic transformations. In this talk, we de...
cfp.recon.cx
June 26, 2025 at 6:48 PM
Tomorrow at 3:30 pm, @nicolo.dev and I will present our talk “Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications” at @reconmtl.bsky.social !
Details: cfp.recon.cx/recon-2025/t...
Plugin release: github.com/mrphrazer/ob...
Details: cfp.recon.cx/recon-2025/t...
Plugin release: github.com/mrphrazer/ob...
Reminder: If you’re interested in code deobfuscation, you’re welcome to join my training at @reconmtl.bsky.social Montréal from June 24-27.
You can still register here: recon.cx/2025/trainin...
You can still register here: recon.cx/2025/trainin...
June 5, 2025 at 2:31 PM
Reminder: If you’re interested in code deobfuscation, you’re welcome to join my training at @reconmtl.bsky.social Montréal from June 24-27.
You can still register here: recon.cx/2025/trainin...
You can still register here: recon.cx/2025/trainin...
Honored to join @jstrosch.bsky.social on his podcast "Behind the Binary"! We discussed my RE journey, identifying & analyzing obfuscated code, software protection in industry vs malware, the dynamic between building & breaking protections, and others.
open.spotify.com/episode/7yJB...
open.spotify.com/episode/7yJB...
🔒 Ever wonder how software stays secure? On Behind the Binary, Tim Blazytko, Chief Scientist at Emproof, explores code obfuscation, anti-reverse engineering, and modern defense strategies. Discover the challenges, trade-offs, and defender's mindset! 🎧
open.spotify.com/episode/7yJB...
open.spotify.com/episode/7yJB...
EP 10 Tim Blazytko - Protecting Intellectual Property: Obfuscation & Anti-Reverse Engineering in Software
Behind the Binary by Google Cloud Security · Episode
open.spotify.com
June 4, 2025 at 5:49 PM
Honored to join @jstrosch.bsky.social on his podcast "Behind the Binary"! We discussed my RE journey, identifying & analyzing obfuscated code, software protection in industry vs malware, the dynamic between building & breaking protections, and others.
open.spotify.com/episode/7yJB...
open.spotify.com/episode/7yJB...
New #BinaryNinja plugin: Obfuscation Analysis
Simplifies arithmetic obfuscation (MBA) directly in the decompiler (see demo below). Also identifies functions with corrupted disassembly.
Co-authored by @nicolo.dev; available in the plugin manager.
github.com/mrphrazer/ob...
Simplifies arithmetic obfuscation (MBA) directly in the decompiler (see demo below). Also identifies functions with corrupted disassembly.
Co-authored by @nicolo.dev; available in the plugin manager.
github.com/mrphrazer/ob...
May 25, 2025 at 9:39 PM
New #BinaryNinja plugin: Obfuscation Analysis
Simplifies arithmetic obfuscation (MBA) directly in the decompiler (see demo below). Also identifies functions with corrupted disassembly.
Co-authored by @nicolo.dev; available in the plugin manager.
github.com/mrphrazer/ob...
Simplifies arithmetic obfuscation (MBA) directly in the decompiler (see demo below). Also identifies functions with corrupted disassembly.
Co-authored by @nicolo.dev; available in the plugin manager.
github.com/mrphrazer/ob...
Excited to teach my class on software deobfuscation in Paris at @hexacon.bsky.social , Oct 6–9, 2025!
Learn advanced techniques to defeat state-of-the-art obfuscation in DRMs & APT malware.
www.hexacon.fr/trainer/blaz...
Learn advanced techniques to defeat state-of-the-art obfuscation in DRMs & APT malware.
www.hexacon.fr/trainer/blaz...
May 5, 2025 at 9:01 PM
Excited to teach my class on software deobfuscation in Paris at @hexacon.bsky.social , Oct 6–9, 2025!
Learn advanced techniques to defeat state-of-the-art obfuscation in DRMs & APT malware.
www.hexacon.fr/trainer/blaz...
Learn advanced techniques to defeat state-of-the-art obfuscation in DRMs & APT malware.
www.hexacon.fr/trainer/blaz...
Reminder: Training registrations are still open for my deobfuscation training at REcon Montreal. Secure your spot before prices go up on May 1!
My class on code deobfuscation at REcon Montreal (June 24-27) is now open for registration! Learn how to analyze obfuscated code and break it by writing custom tools using symbolic execution, SMT solving, and program synthesis.
Details & Register: recon.cx/2025/trainin...
Details & Register: recon.cx/2025/trainin...
April 27, 2025 at 3:55 PM
Reminder: Training registrations are still open for my deobfuscation training at REcon Montreal. Secure your spot before prices go up on May 1!
At @reconmtl.bsky.social, @nicolo.dev and I discuss the current state of MBA (de)obfuscation and their applications. We’ll also introduce a new #BinaryNinja plugin for simplifying MBAs in the decompiler.
Details: cfp.recon.cx/recon-2025/f...
I'll also give a training: recon.cx/2025/trainin...
Details: cfp.recon.cx/recon-2025/f...
I'll also give a training: recon.cx/2025/trainin...
April 7, 2025 at 4:13 PM
At @reconmtl.bsky.social, @nicolo.dev and I discuss the current state of MBA (de)obfuscation and their applications. We’ll also introduce a new #BinaryNinja plugin for simplifying MBAs in the decompiler.
Details: cfp.recon.cx/recon-2025/f...
I'll also give a training: recon.cx/2025/trainin...
Details: cfp.recon.cx/recon-2025/f...
I'll also give a training: recon.cx/2025/trainin...
New heuristic in my #BinaryNinja plugin obfuscation_detection:
Duplicated Subgraphs uses iterative context hashing to spot repeated multi-block code. We merge each block’s signature with its successors over multiple rounds for efficiency.
Link: github.com/mrphrazer/ob...
Duplicated Subgraphs uses iterative context hashing to spot repeated multi-block code. We merge each block’s signature with its successors over multiple rounds for efficiency.
Link: github.com/mrphrazer/ob...
March 14, 2025 at 2:46 AM
New heuristic in my #BinaryNinja plugin obfuscation_detection:
Duplicated Subgraphs uses iterative context hashing to spot repeated multi-block code. We merge each block’s signature with its successors over multiple rounds for efficiency.
Link: github.com/mrphrazer/ob...
Duplicated Subgraphs uses iterative context hashing to spot repeated multi-block code. We merge each block’s signature with its successors over multiple rounds for efficiency.
Link: github.com/mrphrazer/ob...
Reposted by Tim Blazytko
RE//verse training registration closes today! Have to finalize count for the hotel. If you still want to join after registration closes, contact us ASAP as some extra slots may be available. https://re-verse.io/#trainings
February 18, 2025 at 5:29 PM
RE//verse training registration closes today! Have to finalize count for the hotel. If you still want to join after registration closes, contact us ASAP as some extra slots may be available. https://re-verse.io/#trainings
My class on code deobfuscation at REcon Montreal (June 24-27) is now open for registration! Learn how to analyze obfuscated code and break it by writing custom tools using symbolic execution, SMT solving, and program synthesis.
Details & Register: recon.cx/2025/trainin...
Details & Register: recon.cx/2025/trainin...
February 18, 2025 at 2:39 AM
My class on code deobfuscation at REcon Montreal (June 24-27) is now open for registration! Learn how to analyze obfuscated code and break it by writing custom tools using symbolic execution, SMT solving, and program synthesis.
Details & Register: recon.cx/2025/trainin...
Details & Register: recon.cx/2025/trainin...
Last Thursday, I gave a webinar on anti-reverse engineering techniques like obfuscation, anti-debug, anti-tamper etc, including practical examples. Recording, slides and examples are now available.
Recording: www.youtube.com/watch?v=Ie1e...
Slides, Code & Samples: github.com/emproof-com/...
Recording: www.youtube.com/watch?v=Ie1e...
Slides, Code & Samples: github.com/emproof-com/...
Webinar: Software Protection -- Safeguarding Code Against Reverse Engineering
YouTube video by emproof
www.youtube.com
January 27, 2025 at 12:52 PM
Last Thursday, I gave a webinar on anti-reverse engineering techniques like obfuscation, anti-debug, anti-tamper etc, including practical examples. Recording, slides and examples are now available.
Recording: www.youtube.com/watch?v=Ie1e...
Slides, Code & Samples: github.com/emproof-com/...
Recording: www.youtube.com/watch?v=Ie1e...
Slides, Code & Samples: github.com/emproof-com/...
The line-up for @re-verse.io is impressive, but one talk I’m particularly excited about is from Vikas Gupta and Peter Garba:
“Standing on the Shoulders of Giants: De-Obfuscating WebAssembly using LLVM”
re-verse.sessionize.com/session/763329
“Standing on the Shoulders of Giants: De-Obfuscating WebAssembly using LLVM”
re-verse.sessionize.com/session/763329
re-verse.sessionize.com
January 10, 2025 at 11:48 AM
The line-up for @re-verse.io is impressive, but one talk I’m particularly excited about is from Vikas Gupta and Peter Garba:
“Standing on the Shoulders of Giants: De-Obfuscating WebAssembly using LLVM”
re-verse.sessionize.com/session/763329
“Standing on the Shoulders of Giants: De-Obfuscating WebAssembly using LLVM”
re-verse.sessionize.com/session/763329
The schedule of RE//verse is out now and contains some pretty interesting talks on reverse engineering and code (de)obfuscation!
I'll also give my deobfuscation training there: shop.binary.ninja/products/re-...
I'll also give my deobfuscation training there: shop.binary.ninja/products/re-...
January 9, 2025 at 10:53 PM
The schedule of RE//verse is out now and contains some pretty interesting talks on reverse engineering and code (de)obfuscation!
I'll also give my deobfuscation training there: shop.binary.ninja/products/re-...
I'll also give my deobfuscation training there: shop.binary.ninja/products/re-...
My next (de)obfuscation training will be at
@re-verse.io , Feb 24-27 in Orlando. You’ll learn to identify, analyze, understand, and break protected code in both malware and commercial applications.
Register: shop.binary.ninja/products/re-...
@re-verse.io , Feb 24-27 in Orlando. You’ll learn to identify, analyze, understand, and break protected code in both malware and commercial applications.
Register: shop.binary.ninja/products/re-...
RE//verse Training - Software Deobfuscation Techniques with Tim Blazytko
Get to know state-of-the-art code obfuscation techniques, how they complicate reverse engineering, and how to use different deobfuscation techniques to break them in these hands-on sessions at RE//ver...
shop.binary.ninja
December 9, 2024 at 10:04 PM
My next (de)obfuscation training will be at
@re-verse.io , Feb 24-27 in Orlando. You’ll learn to identify, analyze, understand, and break protected code in both malware and commercial applications.
Register: shop.binary.ninja/products/re-...
@re-verse.io , Feb 24-27 in Orlando. You’ll learn to identify, analyze, understand, and break protected code in both malware and commercial applications.
Register: shop.binary.ninja/products/re-...