angr
qiling
Our great sponsors
angr | qiling | |
---|---|---|
13 | 10 | |
7,216 | 4,834 | |
1.8% | 7.4% | |
9.7 | 6.2 | |
2 days ago | about 1 month ago | |
Python | Python | |
BSD 2-clause "Simplified" License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
angr
-
30 Years of Decompilation and the Unsolved Structuring Problem: Part 1
That's awesome! That's exactly how modern decompilers deal with a special type of goto occurrence. They reduce gotos (or completely eliminate them) by introducing a `while(true)` loop, followed by corresponding `continue` and `breaks`... we all, of course, know that `while(true)` did not exist in the source, but it's a nice hack!
We even do this in the angr decompiler, found here: https://github.com/angr/angr/blob/8e48d001e18a913ecd4ed2e995...
- Ask not what the compiler can do for you
-
The Full Story of Large Language Models and RLHF
One would hope browser and OS vendors would use AI to remediate vulnerabilities but vast majority of software vendors won't ever use it.
Also, automated vulnerability finding is very much real and already used today. This isn't something that has just become viable via LLMs, but I guess LLMs can enhance it:
https://github.com/angr/angr
-
Synthesizing optimal 8051 code with an SMT solver (2020)
Check out angr [1], a symbolic execution engine, and claripy [2], its frontend to SMT solvers like z3.
[1] https://angr.io
[2] https://api.angr.io/claripy.html
-
Any standard algorithms for parsing (disassembling) machine code?
BAP (https://github.com/binaryanalysisplatform/bap), angr (https://angr.io/) and others already do what you're asking for as more purpose-built solutions for dynamic analysis. Angr specifically in python.
-
Can anyone explain to me how to find main function in elf file?
As /u/hkei noted, it's actually quite difficult to do in general, and usually requires some kind of heuristic. For example, see https://github.com/dyninst/dyninst/blob/v12.1.0/dyninstAPI/src/image.C#L476. Full disclosure, I am a Dyninst developer. There is also the python-based angr that might be more amenable to a one-off solution.
-
We are Legitimate Business Syndicate, DEF CON CTF Organizers 2013-2017, Ask Us Anything
I think there's a lot of promise in automation that's been spun off from the CTF community. Angr and Binary Ninja are both very much spinoffs from contest hacking, and are pretty great for helping a skilled hacker find flaws in software.
-
Awesome Penetration Testing
angr - Platform-agnostic binary analysis framework.
-
Programming in Z3 by learning to think like a compiler
angr uses z3.
https://github.com/angr/angr
Supposedly, the DoD has used angr for some use cases.
-
What's a good technology to introduce to my company?
Try using angr to automate bug finding
qiling
- Qiling: A True Instrumentable Binary Emulation Framework
-
Unicorn Engine problem with map
Sounds more like r/ReverseEngineering. If what you want to do is some dynamic analysis or just play around, maybe try using qiling, it's built on top of unicorn and is made by the same authors. It will take care of loading the file for you.
- qiling: Qiling Advanced Binary Emulation Framework
- Qiling Advanced Binary Emulation Framework
-
MoonBounce: UEFI Malware
https://github.com/qilingframework/qiling Is probably what you are looking for
- Qiling – Advanced Binary Emulation Framework
-
QilingLab: a series of challenges by Th3Zer0 to train your Qiling skills 💪🏾 -- solve 'em all and share your writeup!
It is s binary emulation framework, which you can use to emulate different binaries for different architectures. On top of that you can use Qiling APIs to debug the emulation process, hook syscalls, etc. It's like Unicorn + Qemu + Frida. More info here: https://github.com/qilingframework/qiling
- How to perform full MIPS system emulation with QEMU, using the squashfs image and uBoot kernel image extracted from a rotuer firmware?
-
PyPANDA: Generic unpacking based on whole-system record and replay with Ghidra integration. Including interview with author of paper and tool Luke Craig.
qiling is built on unicorn directly. qiling focuses on emulating binaries (read: emulating a single program and not an OS). It uses the binary blob work to load binaries and their associated shared objects. It then hooks the OS calls and presents an interface to the program as though it has interacted with an OS. see here
-
Opensource Security Framework Stake Pool
We started this project since 2019 Nov, currently they are around 70+ developers and 2,200++ stars in our Github page (https://github.com/qilingframework/qiling)
What are some alternatives?
pwntools - CTF framework and exploit development library
frontier-silicon-firmwares - Frontier silicon internet radio firmware binaries
RustScan - 🤖 The Modern Port Scanner 🤖
panda - Platform for Architecture-Neutral Dynamic Analysis
drakvuf-sandbox - DRAKVUF Sandbox - automated hypervisor-level malware analysis system
CrossHair - An analysis tool for Python that blurs the line between testing and type systems.
pwndbg - Exploit Development and Reverse Engineering with GDB Made Easy
bap - Binary Analysis Platform
simplify - Android virtual machine and deobfuscator
BinV - 👓 Yet another binary vulnerbilities checker. An automated vulnerability scanner for ELF based on symbolic execution.
ddisasm - A fast and accurate disassembler