This fork of Unicorn Engine enables the fuzzing of arbitrary binary code under AFLplusplus.
The API design and implementation differs from the old afl-unicorn and are by @domenukk.
Those API permits a more fine-grained control in the harness and enabled persistent mode.
CompareCoverage and NeverZero counter are ported from AFL++ QEMU by @andreafioraldi.
The new exposed API is:
uc_afl_ret uc_afl_forkserver_start(uc_engine *uc, uint64_t *exits, size_t exit_count)int uc_afl_emu_start(uc_engine *uc)uc_afl_ret uc_afl_next(uc_engine *uc)uc_afl_ret uc_afl_fuzz(
uc_engine *uc,
char* input_file,
uc_afl_cb_place_input_t place_input_callback,
uint64_t *exits,
size_t exit_count,
uc_afl_cb_validate_crash_t validate_crash_callback,
bool always_validate,
uint32_t persistent_iters,
void *data
)
Unicorn is a lightweight, multi-platform, multi-architecture CPU emulator framework based on QEMU.
Unicorn offers some unparalleled features:
- Multi-architecture: ARM, ARM64 (ARMv8), M68K, MIPS, PowerPC, SPARC, and X86 (16, 32, 64-bit)
- Clean/simple/lightweight/intuitive architecture-neutral API
- Implemented in pure C language, with bindings for Crystal, Clojure, Visual Basic, Perl, Rust, Ruby, Python, Java, .NET, Go, Delphi/Free Pascal, Haskell, Pharo, and Lua.
- Native support for Windows & *nix (with Mac OSX, Linux, *BSD & Solaris confirmed)
- High performance via Just-In-Time compilation
- Support for fine-grained instrumentation at various levels
- Thread-safety by design
- Distributed under free software license GPLv2
Further information is available at http://www.unicorn-engine.org
This project is released under the GPL license.
See docs/COMPILE.md file for how to compile and install Unicorn.
More documentation is available in docs/README.md.
Contact us via mailing list, email or twitter for any questions.
If you want to contribute, please pick up something from our Github issues.
We also maintain a list of more challenged problems in a TODO list.
CREDITS.TXT records important contributors of our project.