<- Back
Comments (5)
- egberts1As one who helped improved Capstone and its even more wonderful partner, Unicorn, I actually found an exploit in QEMU using Capstone/Unicorn.Unicorn is a nearly-true software-based CPU emulator for ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, S390x, TriCore, X86 CPU (and memory) architecture.This pair-up is arguably the best set of software tools out there.QEMU? No worry, that's way back in QEMU v1.4 days (emulation of Intel IMUL lb/DWORD OPC_IMUL_GvEvlb opcode getting tripped up by XOR opcode doing self-modified operand and TLB cache didn't flush, resulting in a double XOR; ROT13x2 anyone?)Fabrice fixed it then and is still blazing at QEMU 10.0 now. Ain't he awesome?Yeah, I actually ran portion of TLB of QEMU thru unicorn back then.https://github.com/unicorn-engine/unicorn/issues/364
- saagarjhaNot quite related, but I figure the audience might have some overlap: what is going on with Keystone?
- ameypandeyCapstone's coverage of ARM, RISC-V, and other architectures makes it strong for reverse engineering. When used with its sibling project Keystone, switching from disassembly to assembly across platforms becomes straightforward for researchers.