Capstone's coverage of ARM, RISC-V, and other architectures makes it strong for reverse engineering. When used with its sibling project Keystone, switching from disassembly to assembly across platforms becomes straightforward for researchers.
egberts1 55 minutes ago [-]
As one who helped improved Capstone and its even more wonderful partner, Unicorn, I actually found an exploit in QEMU using Capstone/Unicorn.
Unicorn is a nearly-true software-based CPU emulator for ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, S390x, TriCore, X86 CPU (and memory) architecture.
This pair-up is arguably the best set of software tools out there.
QEMU? No worry, that's way back in QEMU v1.4 days (emulation of Intel IMUL lb/DWORD OPC_IMUL_GvEvlb opcode getting tripped up by XOR opcode doing self-modified operand and TLB cache didn't flush, resulting in a double XOR; ROT13x2 anyone?)
Fabrice fixed it then and is still blazing at QEMU 10.0 now. Ain't he awesome?
Yeah, I actually ran portion of TLB of QEMU thru unicorn back then.
Not quite related, but I figure the audience might have some overlap: what is going on with Keystone?
saidnooneever 2 hours ago [-]
Not quite sure what you mean, but i did not see any news about Keystone.
If you need some alternative, i switched from these 2 towards intel XED - but then again my only target is x86_64 (amd/intel).
alternatively, i think LLVM also provides frameworks to do basically the same things (which does support a lot of platforms) and they also have good docs.
again not sure what your ask is, so its a bit guesstimate info provide :') sorry if it's off the mark!
Rendered at 13:58:23 GMT+0000 (Coordinated Universal Time) with Vercel.
Unicorn is a nearly-true software-based CPU emulator for ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, S390x, TriCore, X86 CPU (and memory) architecture.
This pair-up is arguably the best set of software tools out there.
QEMU? No worry, that's way back in QEMU v1.4 days (emulation of Intel IMUL lb/DWORD OPC_IMUL_GvEvlb opcode getting tripped up by XOR opcode doing self-modified operand and TLB cache didn't flush, resulting in a double XOR; ROT13x2 anyone?)
Fabrice fixed it then and is still blazing at QEMU 10.0 now. Ain't he awesome?
Yeah, I actually ran portion of TLB of QEMU thru unicorn back then.
https://github.com/unicorn-engine/unicorn/issues/364
alternatively, i think LLVM also provides frameworks to do basically the same things (which does support a lot of platforms) and they also have good docs.
again not sure what your ask is, so its a bit guesstimate info provide :') sorry if it's off the mark!