A lightweight emulation framework for emulating iOS executables and libraries.
Project description
Chomper
Chomper is a lightweight emulation framework based on Unicorn. It is mainly used to emulate iOS executables and libraries. In addition, it also provides limited support for Android native libraries.
Features
- Basic emulation for ELF and Mach-O
- Support for a set of iOS system libraries (from iOS 14.4.0)
Requirements
- Python 3.8+
- Unicorn 2.0.0+
Installation
$ pip install chomper
Usage
Emulate iOS executables.
import uuid
from chomper import Chomper
from chomper.const import ARCH_ARM64, OS_IOS
# For iOS, system libraries will be automatically loaded from `rootfs_path`
emu = Chomper(
arch=ARCH_ARM64,
os_type=OS_IOS,
rootfs_path="examples/ios/rootfs",
)
# Load main program
duapp = emu.load_module("examples/ios/apps/com.siwuai.duapp/DUApp")
s = "chomper"
# Construct arguments
a1 = emu.create_string("objc")
a2 = emu.create_string(s)
a3 = len(s)
a4 = emu.create_string(str(uuid.uuid4()))
a5 = emu.create_buffer(8)
a6 = emu.create_buffer(8)
a7 = emu.create_string("com.siwuai.duapp")
# Call function
emu.call_address(duapp.base + 0x109322118, a1, a2, a3, a4, a5, a6, a7)
result = emu.read_string(emu.read_pointer(a5))
Working with Objective-C.
from chomper import Chomper
from chomper.const import ARCH_ARM64, OS_IOS
from chomper.objc import ObjC
emu = Chomper(
arch=ARCH_ARM64,
os_type=OS_IOS,
rootfs_path="examples/ios/rootfs",
)
objc = ObjC(emu)
emu.load_module("examples/ios/apps/cn.com.scal.sichuanair/zsch")
# Use this context manager to ensure that Objective-C objects can be automatically released
with objc.autorelease_pool():
# Construct NSString object
a1 = objc.msg_send("NSString", "stringWithUTF8String:", "test")
# Call Objective-C method
req_sign = objc.msg_send("ZSCHRSA", "getReqSign:", a1)
# Convert NSString object to C string
result_ptr = objc.msg_send(req_sign, "cStringUsingEncoding:", 4)
result = emu.read_string(result_ptr)
Emulate Android native libraries.
from chomper import Chomper
from chomper.const import ARCH_ARM64, OS_ANDROID
emu = Chomper(arch=ARCH_ARM64, os_type=OS_ANDROID)
# Load C standard and other libraries
emu.load_module("examples/android/rootfs/system/lib64/libc.so")
emu.load_module("examples/android/rootfs/system/lib64/libz.so")
libszstone = emu.load_module(
"examples/android/apps/com.shizhuang.duapp/libszstone.so",
exec_init_array=True,
)
s = "chomper"
a1 = emu.create_string(s)
a2 = len(s)
a3 = emu.create_buffer(1024)
result_size = emu.call_address(libszstone.base + 0x2F1C8, a1, a2, a3)
result = emu.read_bytes(a3, result_size)
Examples
Here are some encryption emulation examples for security vendors.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
chomper-0.3.2.tar.gz
(32.5 kB
view details)
Built Distribution
chomper-0.3.2-py3-none-any.whl
(34.0 kB
view details)
File details
Details for the file chomper-0.3.2.tar.gz.
File metadata
- Download URL: chomper-0.3.2.tar.gz
- Upload date:
- Size: 32.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.9.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 3fac973f98276921544f692159614e25230ce75534b737912b49fe43e1f2a058 |
|
| MD5 | dcb186fc9d05b804be5fd91ca058daae |
|
| BLAKE2b-256 | 03de267a00384a1e795491db6d2417bb3adfc6af7cba352c3c0ba8aa02511269 |
File details
Details for the file chomper-0.3.2-py3-none-any.whl.
File metadata
- Download URL: chomper-0.3.2-py3-none-any.whl
- Upload date:
- Size: 34.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.9.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 5a06b5e4555e9b1b48708e02369781e18c4db26178a0b0c1de675a6849da935d |
|
| MD5 | 9400e56beec81717b7c2c3d92c752575 |
|
| BLAKE2b-256 | 0ae626040a101a882f7f229c507b6198c6746eff01b54854d6807ffd8f0e70ac |
