mcsema - Framework for lifting x86, amd64, and aarch64 program binaries to LLVM bitcode

McSema is an executable lifter. It translates ("lifts") executable binaries from native machine code to LLVM bitcode. LLVM bitcode is an intermediate representation form of a program that was originally created for the retargetable LLVM compiler, but which is also very useful for performing program analysis methods that would not be possible to perform on an executable binary directly. McSema enables analysts to find and retroactively harden binary programs against security bugs, independently validate vendor source code, and generate application tests with high code coverage. McSema isn’t just for static analysis. The lifted LLVM bitcode can also be fuzzed with libFuzzer, an LLVM-based instrumented fuzzer that would otherwise require the target source code. The lifted bitcode can even be compiled back into a runnable program! This is a procedure known as static binary rewriting, binary translation, or binary recompilation.

cemu - Cheap EMUlator: lightweight multi-architecture assembly playground

Writing assembly is fun. Assembly is the lowest language (humanly understandable) available to communicate with computers, and is crucial to understand the internal mechanisms of any machine. Unfortunately, setting up an environment to write, compile and run assembly for various architectures (x86, ARM, MIPS, SPARC) has always been painful. CEmu is an attempt to fix this by providing a bundled GUI application that empowers users to write assembly and test it by compiling it to bytecode and executing it in an QEMU-based emulator. CEmu combines all the advantages of a basic assembly IDE, compilation and execution environment, by relying on the great libraries Keystone, Unicorn and Capstone engines in a Qt powered GUI.

remill - Library for lifting of x86, amd64, and aarch64 machine code to LLVM bitcode

Remill is a static binary translator that translates machine code instructions into LLVM bitcode. It translates x86 and amd64 machine code (including AVX and AVX512) into LLVM bitcode. AArch64 support is underway. Remill focuses on accurately lifting instructions. It is meant to be used as a library for other tools, e.g. McSema.

efifs - EFI FileSystem drivers

This is a GPLv3+ implementation of standalone EFI File System drivers, based on the GRUB 2.0 read-only drivers. If QEMU is installed, the Visual Studio solution will set up and test the drivers using QEMU (by also downloading a sample image for each target file system). Note however that VS debugging expects a 64-bit version of QEMU to be installed in C:\Program Files\qemu\ (which you can download here). If that is not the case, you should edit .msvc\debug.vbs accordingly.

CircuitBreaker - Nintendo Switch hacking toolkit

This is Circuit Breaker, a Nintendo Switch hacking toolkit. It is heavily based upon the PegaSwitch toolkit and the ReSwitched team deserves a huge amount of credit for their work, without which this project would be impossible. Make sure you have all the ruby gems installed. Installing ruby and bundler are outside of the scope of this document.

dora - Dora VM

llvm - Download LLVM 5.0.0 from llvm.org. Unpack the archive and switch into the source directory $LLVM_SRC_DIR (e.g. $HOME/llvm-5.0.0.src). We will now build & install LLVM to $LLVM_INSTALL_DIR (e.g. $HOME/llvm-5.0.0). You can find more information on building LLVM, in its documentation.