lunixbochs/usercorn lunixbochs/usercorn

  • Stars
    star
    891
  • Rank 51,222 (Top 2 %)
  • Language
    Go
  • License
    MIT License
  • Created about 9 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
lunixbochs/usercorn
github

lunixbochs

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

dynamic binary analysis via platform emulation

usercorn

Build Status GoDoc Slack

Building

Usercorn depends on Go 1.6 or newer, as well as the latest unstable versions of Capstone, Unicorn, and Keystone.

make deps (requires cmake) will attempt to install all of the above dependencies into the source tree under deps/.

make will update Go packages and build usercorn

Example Commands

usercorn run bins/x86.linux.elf
usercorn run bins/x86_64.linux.elf
usercorn run bins/x86.darwin.macho
usercorn run bins/x86_64.darwin.macho
usercorn run bins/x86.linux.cgc
usercorn run bins/mipsel.linux.elf

usercorn run -trace bins/x86.linux.elf
usercorn run -trace -to trace.uc bins/x86.linux.elf
usercorn trace -pretty trace.uc
usercorn run -repl bins/x86.linux.elf

What.

  • Usercorn is an analysis and emulator framework, with a base similar to qemu-user.
  • It can run arbitrary binaries on a different host kernel, unlike qemu-user.
  • While recording full system state at every instruction.
  • to a serializable compact format capable of rewind and re-execution.
  • It's useful out of the box for debugging and dynamic analysis.
  • With an arch-neutral powerful lua-based scripting language and debugger.
  • It's also easy to extend and use to build your own tools.

Usercorn could be used to emulate 16-bit DOS, 32-bit and 64-bit ARM/MIPS/x86/SPARC binaries for Linux, Darwin, BSD, DECREE, and even operating systems like Redux.

Right now, x86_64 linux and DECREE are the best supported guests.

Why?

  • Usercorn aims to be a framework to simplify emulating and deeply hooking a userspace environment for many target architectures and kernel ABIs.
  • Debug stubborn binaries. I had a binary gdb refused to debug ("Program exited during startup."). No problem. Usercorn can single-step into the program for you.
  • Debug foreign architecture and OS binaries. You don't need a MIPS box. You don't need qemu-user. You don't even need Linux.
  • Write tools, like fuzzers, static analyzers, recompilers, memory and register analysis, overlay code coverage and machine state into IDA/Binary Ninja.
  • Selectively call functions from within a binary. Usercorn will map a binary and emulate the kernel for you.
  • Whatever you want. Open an issue if you have a cool debugging / reverse engineering idea I didn't think about - I may just implement it.

Caveats

  • Your userspace might be incredibly confusing to the target binary.
  • No API for memory mapped files yet (kinda, if mmap() currently gets a file descriptor argument it will manually copy the file into memory).
  • I only have maybe 20% of the posix syscalls implemented, which is enough to run basic binaries. Busybox works great.

See Also (credit: XKCD)

Universal converter

More Repositories

1

ActualVim

Sublime Text 3 input mode using Neovim. Issues are closed, feel free to submit Pull Requests if you have bug fixes however.
Python
1,562
star
2

patchkit

binary patching from Python
C
628
star
3

struc

Better binary packing for Go
Go
564
star
4

SublimeXiki

Xiki in Sublime Text
Python
512
star
5

sublimelint

Error highlighting in Sublime Text.
Python
250
star
6

glshim

OpenGL 1.x driver shim for OpenGL ES devices.
C
153
star
7

vtclean

strips terminal escapes from text, can preserve color
Go
107
star
8

revsync

realtime cross-tool collaborative reverse engineering
Python
100
star
9

lib43

portable libc optimized for code size and readability
C
81
star
10

tinygles

Software-rendered OpenGL ES
C
76
star
11

reslate

A solid backbone for your `.slate.js.`
JavaScript
66
star
12

mpwn

single file ctf/exploit client library - python3, type annotated
Python
66
star
13

og

Language and tool enhancements for Go
Go
51
star
14

feeds

transcribe audio feeds into public web ui
Python
42
star
15

meta

code sometimes leaks into the space between projects
Python
41
star
16

pingbin

service to check internet accessibility
Go
41
star
17

pitybas

a faithful TI-BASIC implementation
Python
33
star
18

glues

fork of http://code.google.com/p/glues/
C++
26
star
19

go-keychain

Simple OS keychain bindings for password storage in Go (Golang)
Go
26
star
20

bnrepl

Run your Binary Ninja Python console in a separate Terminal window.
Python
18
star
21

sublimevim

a (deprecated) WIP vim input plugin for Sublime Text 2
Python
17
star
22

lorcon

Fork of https://code.google.com/p/lorcon/
C
14
star
23

community

Talon Community Repo (New API)
Python
14
star
24

ghostrace

Golang syscall firehose (programmatic strace/dtruss)
C
13
star
25

n64-saleae-logic

N64 controller protocol analyzer
C++
13
star
26

precorn

[WIP] pivot a running process into an emulator for instrumentation
C
13
star
27

capstr

(fast) Capstone Go bindings
Go
12
star
28

crossldso

link a linux ELF .so library into memory with python and call functions in it, even if you're not on linux
Python
10
star
29

microlathe

LockIT Pro JTAG proxy + GDB stub
Python
9
star
30

project-euler

Project Euler polyglot
Prolog
8
star
31

uberserver

matchmaking/chat lobby server for the spring rts project
Python
8
star
32

orca

Shell
7
star
33

inscount

stable instruction counter based on qemu-user (--target-list=i386-linux-user,x86_64-linux-user)
C
7
star
34

EnableWebGL

A tweak to enable WebGL on iOS
Logos
6
star
35

sublime-syntaxget

A faster way to change Syntax highlighting modes in Sublime Text 2
Python
6
star
36

localdns

serves DNS for observed DHCP leases
Go
6
star
37

voicecode-commando

voicecode command cheat sheet
HTML
5
star
38

subasm

subleq assembler / interpreter / rop chain
Python
5
star
39

fs-uae-gles

A GL ES port of FS-UAE
C++
4
star
40

linters

default linters for sublimelint
Python
4
star
41

smolcc

C
4
star
42

unicorn-tools

4
star
43

AppleScripting

Sublime Text 3 package for editing and running AppleScript
Python
4
star
44

pynamed

No-nonsense DNS server stub in Python using twisted.names
Python
4
star
45

argjoy

Golang method invocation with arg codecs and optional args
Go
4
star
46

talon_wm

Window management in Talon
Python
3
star
47

binutils-wasm

binutils compiled to wasm with every single target
Shell
3
star
48

pyadc

WIP: basic ADC client daemon in Python
Python
3
star
49

tftpd-cgi

A simple TFTP server capable of serving CGI scripts.
Python
3
star
50

go-clip

Clipboard bindings for Golang (without shelling out)
Go
3
star
51

preload-hooks

LD_PRELOAD framework
C
3
star
52

luaish

Go
2
star
53

libgpu

basic software rasterizer
C
2
star
54

vaporbat

Python Steam client
Python
2
star
55

maze

maze generator (eventually solver? was going to be an experiment in parallel maze solving)
Go
2
star
56

tactis

TIS-100 emulator / library
C
2
star
57

idascript

Python
2
star
58

pypyninja

pypy interpreter shim for Binary Ninja
C
2
star
59

uberspring

Python client/server for the Spring RTS network protocol
Python
2
star
60

pytiger

pytiger mirror, with various fixes for pyadc
C
2
star
61

webster

https://bochs.info/webster/ - interface to webster 1913 unabridged
HTML
2
star
62

qemu-2.5-unicorn

C
1
star
63

railsync

Go
1
star
64

location-sentry

Tweak to show GPS-using apps on iOS
Objective-C
1
star
65

minorgems-gles

minorGems plus OpenGL ES, OpenPandora compatibility
C++
1
star
66

ids

Python
1
star
67

bearfield

A small, efficient, easy to use MongoDB object layer.
Python
1
star
68

ti-omap5-sgx-ddk-linux

C
1
star
69

LockButton

menubar icon to lock your mac
Objective-C
1
star