Arion is a library that aims to emulate various executable formats (ELF, PE, Mach-O...) coming from different platforms (Linux, Windows, macOS...) and with different CPU architectures (x86, ARM, MIPS...).
Based on Unicorn and written in C++, it should allow fast emulation especially for fuzzing purposes.
Inspired by Qiling, Arion in its current form is not intended to replace this awesome Python library, but to complement it with higher performance.
This project is still in alpha development. It can be unstable and/or lead to undesired behaviors so you may want to deploy it in a containerized environment.
Arion currently implements the following features :
- Emulating Linux ELFs for x86, x86-64, ARM, ARM64
- Snapshot fuzzing with UnicornAFL
- Emulating more than 120 syscalls
- Fork handling
- Multithreading handling
- Saving / restoring context
- GDB debugging with udbserver
- Hooking the target with ~20 functions
- Memory reading / writing
- File system management
- Network sockets management
- Coredumps support
Installation
Download a release
Build the library with Docker
Build the library on host machine
Enable testing
Performance comparison
How to use ?
Wiki and documentation
Examples
Fuzzing
Contributing
Check the Releases tab on the Github project and download the latest one.
- Clone the repository
git clone https://github.com/h311d1n3r/Arion.git && cd Arion - Check the available Dockerfiles under
Arion/docker - Build the docker image of your choice
./scripts/docker_build.sh {OS}{OS_VERSION} {BUILD_VERSION} - You can build against Arion library from inside the docker or extract it on your host
Rust must be installed on host (required by udbserver)
- Clone the repository
git clone https://github.com/h311d1n3r/Arion.git && cd Arion - Initialize git dependencies :
git submodule update --init - Pull LFS files :
git lfs pull - Create the build directory
mkdir build && cd build
With Ninja - Run CMake to configure the project
cmake -G Ninja .. - Run make to compile the project
ninja -j7 - Run make install to deploy the project
sudo ninja install
With Make - Run CMake to configure the project
cmake .. - Run make to compile the project
make -j7 - Run make install to deploy the project
sudo make install
You can generate test targets by adding -DTEST=ON to the cmake command you use to configure the project.
Then, run the tests with ctest from your build directory.
Since Arion is entirely written in C++, it has a much lower execution time than Qiling because of its to-and-fro in the Python context.
The next two graphs have been realized with the same program, run in the same context with both Arion and Qiling.
In the first graph, the variable is the amount of syscalls executed by the target whereas in the second it is the amount of basic blocks hit, when all basic blocks are hooked.
A wiki containing guided tutorials and a complete documentation of the latest stable version of the code is hosted here.
You can find examples inside the examples directory. These examples are by no means exhaustive, but they will teach you how to deal with Arion.
Due to its good performance, Arion can be of great help concerning blackbox fuzzing. It implements UnicornAFL, and you can find an example here.
Once your fuzzing program is compiled, run it with : AFL_AUTORESUME=1 afl-fuzz -i afl_inputs -o afl_outputs -U -- ./your_program @@
Feel free to contribute to the project by implementing new features on the dev branch.