qiling
panda
Our great sponsors
qiling | panda | |
---|---|---|
10 | 7 | |
4,837 | 2,413 | |
7.4% | 1.6% | |
6.2 | 9.3 | |
about 1 month ago | 22 days ago | |
Python | C | |
GNU General Public License v3.0 only | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
qiling
- Qiling: A True Instrumentable Binary Emulation Framework
-
Unicorn Engine problem with map
Sounds more like r/ReverseEngineering. If what you want to do is some dynamic analysis or just play around, maybe try using qiling, it's built on top of unicorn and is made by the same authors. It will take care of loading the file for you.
- qiling: Qiling Advanced Binary Emulation Framework
- Qiling Advanced Binary Emulation Framework
-
MoonBounce: UEFI Malware
https://github.com/qilingframework/qiling Is probably what you are looking for
- Qiling – Advanced Binary Emulation Framework
-
QilingLab: a series of challenges by Th3Zer0 to train your Qiling skills 💪🏾 -- solve 'em all and share your writeup!
It is s binary emulation framework, which you can use to emulate different binaries for different architectures. On top of that you can use Qiling APIs to debug the emulation process, hook syscalls, etc. It's like Unicorn + Qemu + Frida. More info here: https://github.com/qilingframework/qiling
- How to perform full MIPS system emulation with QEMU, using the squashfs image and uBoot kernel image extracted from a rotuer firmware?
-
PyPANDA: Generic unpacking based on whole-system record and replay with Ghidra integration. Including interview with author of paper and tool Luke Craig.
qiling is built on unicorn directly. qiling focuses on emulating binaries (read: emulating a single program and not an OS). It uses the binary blob work to load binaries and their associated shared objects. It then hooks the OS calls and presents an interface to the program as though it has interacted with an OS. see here
-
Opensource Security Framework Stake Pool
We started this project since 2019 Nov, currently they are around 70+ developers and 2,200++ stars in our Github page (https://github.com/qilingframework/qiling)
panda
- Platform for Architecture-Neutral Dynamic Analysis (Panda)
-
Cannoli: The Fast QEMU Tracer
It's great to see new projects in this space! I wonder if you have compared Cannoli to panda [0]. If so, what was the outcome - especially regarding the performance?
[0] https://github.com/panda-re/panda
- Detecting vulnerabilities in IoT devices
-
Easy Hypervisor Heap Visualization with PyPANDA and HeapInspect
The basis for doing this from the hypervisor is Operating System Introspection (OSI). PANDA supports Windows OSI (https://github.com/panda-re/panda/tree/dev/panda/plugins/wintrospection) so I'd imagine similar techniques could be applied.
-
Using QEMU-user emulation to reverse engineer binaries
Another helpful option if you're trying to get traces out is `-d nochain`, which turns off translation block chaining (chaining inserts a direct jump from one block to the next, which can cause logging statements to be skipped).
Also, if anyone is interested in using QEMU for whole system reverse engineering, allow me to shill PANDA, which adds a plugin API, record/replay, and a nice Python interface for all of this:
https://panda.re/
-
Cuckoo Sandbox with Docker
I've had difficulty getting it working in the past. Dunno if capev2 or panda.re have docker options (panda.re is qemu based so I doubt they do, possibly capev2)
-
PyPANDA: Generic unpacking based on whole-system record and replay with Ghidra integration. Including interview with author of paper and tool Luke Craig.
Operating System Introspection (Windows and Linux)
What are some alternatives?
angr - A powerful and user-friendly binary analysis platform!
AFLplusplus - The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
frontier-silicon-firmwares - Frontier silicon internet radio firmware binaries
swtpm - Libtpms-based TPM emulator with socket, character device, and Linux CUSE interface.
drakvuf-sandbox - DRAKVUF Sandbox - automated hypervisor-level malware analysis system
vgm_ripping - Sources for game music ripping tools
pwndbg - Exploit Development and Reverse Engineering with GDB Made Easy
fsmon - monitor filesystem on iOS / OS X / Android / FirefoxOS / Linux
simplify - Android virtual machine and deobfuscator
libvmcu-Virtual-MCU-Library - A Library for Static and Dynamic Analysis of AVR binaries.
ddisasm - A fast and accurate disassembler
pandaheapinspect - 🔍Heap analysis tool for CTF pwn.