Menu

Tree [fc6b2e] main /
 History

HTTPS access


File Date Author Commit
 .github 2024-09-22 Sh4w Sh4w [5bd76f] Compatibility with unicorn 2.1.0 (#91)
 examples 2024-11-19 Sh4w Sh4w [fc6b2e] Add basic support for file (#99)
 src 2024-11-19 Sh4w Sh4w [fc6b2e] Add basic support for file (#99)
 tests 2024-07-16 Sh4w Sh4w [92d3c5] Fix initialization of large-sized NSData (#85)
 .flake8 2024-11-19 Sh4w Sh4w [fc6b2e] Add basic support for file (#99)
 .gitignore 2024-04-07 Sh4w Sh4w [7160f0] Support working with Objective-C (#60)
 .pre-commit-config.yaml 2024-04-11 Sh4w Sh4w [a843f8] Add examples of iOS (#63)
 CHANGES.md 2024-07-22 Sh4w Sh4w [148c6d] Release v0.3.2
 LICENSE 2022-09-07 Sh4w Sh4w [8f4b1d] Initial commit
 README.md 2024-07-15 突突兔 突突兔 [d36272] fix typo (#84)
 pyproject.toml 2024-07-01 Sh4w Sh4w [76381c] Bump capstone >= 5.0.0.post1 & lief >= 0.14.0 (...
 tox.ini 2024-04-10 Sh4w Sh4w [539dba] Drop support for Python 3.7 (#62)

Read Me

Chomper

build
PyPI
PyPI - Python Version
GitHub license

Chomper is a lightweight emulation framework based on Unicorn. It is mainly used to emulate iOS executables and libraries. In addition, it also provides limited support for Android native libraries.

Features

  • Basic emulation for ELF and Mach-O
  • Support for a set of iOS system libraries (from iOS 14.4.0)

Requirements

  • Python 3.8+
  • Unicorn 2.0.0+

Installation

$ pip install chomper

Usage

Emulate iOS executables.

import uuid

from chomper import Chomper
from chomper.const import ARCH_ARM64, OS_IOS

# For iOS, system libraries will be automatically loaded from `rootfs_path`
emu = Chomper(
    arch=ARCH_ARM64,
    os_type=OS_IOS,
    rootfs_path="examples/ios/rootfs",
)

# Load main program
duapp = emu.load_module("examples/ios/apps/com.siwuai.duapp/DUApp")

s = "chomper"

# Construct arguments
a1 = emu.create_string("objc")
a2 = emu.create_string(s)
a3 = len(s)
a4 = emu.create_string(str(uuid.uuid4()))
a5 = emu.create_buffer(8)
a6 = emu.create_buffer(8)
a7 = emu.create_string("com.siwuai.duapp")

# Call function
emu.call_address(duapp.base + 0x109322118, a1, a2, a3, a4, a5, a6, a7)
result = emu.read_string(emu.read_pointer(a5))

Working with Objective-C.

from chomper import Chomper
from chomper.const import ARCH_ARM64, OS_IOS
from chomper.objc import ObjC

emu = Chomper(
    arch=ARCH_ARM64,
    os_type=OS_IOS,
    rootfs_path="examples/ios/rootfs",
)

objc = ObjC(emu)

emu.load_module("examples/ios/apps/cn.com.scal.sichuanair/zsch")

# Use this context manager to ensure that Objective-C objects can be automatically released
with objc.autorelease_pool():
    # Construct NSString object
    a1 = objc.msg_send("NSString", "stringWithUTF8String:", "test")

    # Call Objective-C method
    req_sign = objc.msg_send("ZSCHRSA", "getReqSign:", a1)

    # Convert NSString object to C string
    result_ptr = objc.msg_send(req_sign, "cStringUsingEncoding:", 4)
    result = emu.read_string(result_ptr)

Emulate Android native libraries.

from chomper import Chomper
from chomper.const import ARCH_ARM64, OS_ANDROID

emu = Chomper(arch=ARCH_ARM64, os_type=OS_ANDROID)

# Load C standard and other libraries
emu.load_module("examples/android/rootfs/system/lib64/libc.so")
emu.load_module("examples/android/rootfs/system/lib64/libz.so")

libszstone = emu.load_module(
    "examples/android/apps/com.shizhuang.duapp/libszstone.so",
    exec_init_array=True,
)

s = "chomper"

a1 = emu.create_string(s)
a2 = len(s)
a3 = emu.create_buffer(1024)

result_size = emu.call_address(libszstone.base + 0x2F1C8, a1, a2, a3)
result = emu.read_bytes(a3, result_size)

Examples

Here are some encryption emulation examples for security vendors.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.