{"id":13842161,"url":"https://github.com/galli-leo/emmutaler","last_synced_at":"2026-01-08T17:18:15.400Z","repository":{"id":44962881,"uuid":"341395767","full_name":"galli-leo/emmutaler","owner":"galli-leo","description":"A set of tools for fuzzing SecureROM. Managed to find and trigger checkm8.","archived":false,"fork":false,"pushed_at":"2021-09-18T12:55:25.000Z","size":1794,"stargazers_count":160,"open_issues_count":0,"forks_count":18,"subscribers_count":7,"default_branch":"master","last_synced_at":"2024-08-05T17:30:42.909Z","etag":null,"topics":["checkm8","fuzzing","ios","securerom"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/galli-leo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-02-23T01:56:14.000Z","updated_at":"2024-04-23T06:40:03.000Z","dependencies_parsed_at":"2022-07-13T15:30:04.611Z","dependency_job_id":null,"html_url":"https://github.com/galli-leo/emmutaler","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/galli-leo%2Femmutaler","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/galli-leo%2Femmutaler/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/galli-leo%2Femmutaler/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/galli-leo%2Femmutaler/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/galli-leo","download_url":"https://codeload.github.com/galli-leo/emmutaler/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225729880,"owners_count":17515183,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["checkm8","fuzzing","ios","securerom"],"created_at":"2024-08-04T17:01:28.452Z","updated_at":"2026-01-08T17:18:10.366Z","avatar_url":"https://github.com/galli-leo.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# emmutaler\n\nA set of tools to enable fuzzing of the iPhone boot loader (and much more).\nThis was developed for my thesis.\nFor some more information of how certain parts of this work, see [my thesis](docs/thesis.pdf).\n\nI plan on sharing my `*.idb` for the different SecureROMs sometime soon.\nNeed to first figure out whats the best way to do that :)\n\nI also need to figure out a License for this (not sure if I am using anything that requires me to have a restrictive license).\nIf you need to use it urgently and are concerned about the license, let me know :)\n\n**Disclaimer:** Everything is as is and will almost certainly not work out of the box.\nYou will have to change quite a few things to make it run locally.\n\n# Directory Layout\n\nThe following is very incomplete, but it should give you an idea on what to look for where.\n\n## go/\n\nContains the go part of this project.\nThe go part contains the binary patcher, IMG4 generation and other things such as generating various files for the compilation of the final binary.\n\nIt also contains commands to make it easier to run IDA from build scripts.\n\n## python/\n\nContains the python part of this project.\nAlmost all python things are used inside IDA.\n\n### python/scripts/\n\nContains various scripts that are ran inside IDA.\n\n- `coverage.py`: Loads coverage into lighthouse, then creates tikz graphs and latex tables. Beware this is ugly\n- `emmu_loader.py`: A SecureROM loader for IDA that works more nicely than what I could find before. Requires the go part of this project however to be ran against the SecureROM beforehand.\n- `symbolicate.py`: Exports symbols from IDA into a format that the go part can understand. We can then use these symbols from our C code.\n\n### python/emmutaler/\n\nThe python package contain a lot of code used by the scripts.\n\n## src/\n\nContains the C code that builds to the main binary that will be fuzzed.\nLots of sorcery going on here :)\n\n### src/heap/\n\nContains the custom heap implementation, FETA.\n\n### src/usb/\n\nContains a bunch of the USB stuff used for fuzzing USB messages.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgalli-leo%2Femmutaler","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgalli-leo%2Femmutaler","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgalli-leo%2Femmutaler/lists"}