uEmu – Tiny Cute Emulator Plugin For IDA Based On Unicorn.

March 7, 2021
uEmu 1 doc overview

uEmu is a tiny cute emulator plugin for IDA based on unicorn engine.

Supports following architectures out of the box: x86, x64, ARM, ARM64, MIPS, MIPS64

What is it GOOD for?

  • Emulate bare metal code (bootloaders, embedded firmware etc)
  • Emulate standalone functions

What is it BAD for?

  • Emulate complex OS code (dynamic libraries, processes etc)
  • Emulate code with many syscalls

What can be improved?

  • Find a way to emulate vendor specific register access (like MSR S3_x, X0 for ARM64)
  • Add more registers to track

Installation

  • brew install unicorn to install Unicorn binaries
  • pip install unicorn to install Unicorn python bindings
  • Use File / Script file... or ALT+F7 in IDA to load uEmu.py

Optionally uEmu can be loaded automatically as IDA plugin. In this case put it into [IDA]/Plugins folder and change USE_AS_SCRIPT to False inside uEmu.py

Note: on Windows you might need to add IDA Pro Qt5 path

import sys
sys.path.append('D:\Soft\IDA Pro 7.x\python\3\PyQt5')
Download uEmu

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source
Tags: , , , ,

You may have missed

C2 Tracker

C2-Tracker – Live Feed Of C2 Servers, Tools, And Botnets

April 24, 2024
a5a872282cf057faee1f3f46439c256ff0d2e672ab91183286baf99270e49f58

HackerInfo – Infromations Web Application Security

April 24, 2024
CISA Logo

CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog

April 24, 2024
CISA Logo

CISA: Cisco Releases Security Updates Addressing ArcaneDoor, Vulnerabilities in Cisco Firewall Platforms

April 24, 2024
ransomhouse 1

RansomHouse Ransomware Victim: STERCH – INTERNATIONAL s[.]r[.]o[.]

April 24, 2024