Rendered at 16:51:10 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
egberts1 4 hours ago [-]
As one who helped improved Capstone and its even more wonderful partner, Unicorn, I actually found an exploit in QEMU using Capstone/Unicorn.
Unicorn is a nearly-true software-based CPU emulator for ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, S390x, TriCore, X86 CPU (and memory) architecture.
This pair-up is arguably the best set of software tools out there.
QEMU? No worry, that's way back in QEMU v1.4 days (emulation of Intel IMUL lb/DWORD OPC_IMUL_GvEvlb opcode getting tripped up by XOR opcode doing self-modified operand and TLB cache didn't flush, resulting in a double XOR; ROT13x2 anyone?)
Fabrice fixed it then and is still blazing at QEMU 10.0 now. Ain't he awesome?
Yeah, I actually ran portion of TLB of QEMU thru unicorn back then.
Not quite related, but I figure the audience might have some overlap: what is going on with Keystone?
saidnooneever 5 hours ago [-]
Not quite sure what you mean, but i did not see any news about Keystone.
If you need some alternative, i switched from these 2 towards intel XED - but then again my only target is x86_64 (amd/intel).
alternatively, i think LLVM also provides frameworks to do basically the same things (which does support a lot of platforms) and they also have good docs.
again not sure what your ask is, so its a bit guesstimate info provide :') sorry if it's off the mark!
ameypandey 3 hours ago [-]
Capstone's coverage of ARM, RISC-V, and other architectures makes it strong for reverse engineering. When used with its sibling project Keystone, switching from disassembly to assembly across platforms becomes straightforward for researchers.
Unicorn is a nearly-true software-based CPU emulator for ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, S390x, TriCore, X86 CPU (and memory) architecture.
This pair-up is arguably the best set of software tools out there.
QEMU? No worry, that's way back in QEMU v1.4 days (emulation of Intel IMUL lb/DWORD OPC_IMUL_GvEvlb opcode getting tripped up by XOR opcode doing self-modified operand and TLB cache didn't flush, resulting in a double XOR; ROT13x2 anyone?)
Fabrice fixed it then and is still blazing at QEMU 10.0 now. Ain't he awesome?
Yeah, I actually ran portion of TLB of QEMU thru unicorn back then.
https://github.com/unicorn-engine/unicorn/issues/364
alternatively, i think LLVM also provides frameworks to do basically the same things (which does support a lot of platforms) and they also have good docs.
again not sure what your ask is, so its a bit guesstimate info provide :') sorry if it's off the mark!