TSMOK (pronounce [(t)smok]) is a tool to emulate firmware for testing and research purpose. TSMOK is based on Unicorn engine.

• Modular structure.
• Supports OPTEE OS, OPTEE TA, Trusty OS, and Pigweed ARM ELF binaries.
• Fake ATF, OPTEE, and HW components implementations.
• Python OPTEE instance has a simple implementation of RPMB storage.
• FF-A support
• MMU support
• TSMOK tracks:
  • execution flow (instruction, function, and syscalls)
  • memory access
  • syscall access
  • Mem/Reg control and examination
• Coverage support (gcov, lcov) base on disasm and ELF DWARF
• AFL support for fuzzing(AFL has instrumentation for Unicorn engine).
• OPTEE TA fuzzing support
• Extensibility: easy to add new fake HW component support or new tracking/analyzing features.

• Testing: tests(unit/functional) with about any complexity can be written.
• Security research
• Fuzzing

git clone https://github.com/dmitryya/unicornafl.git -b tee-dev

cd unicornafl/bindings/python

sudo python3 setup.py install

pip3 install -r requirements.txt

python3 setup.py install

AFLPlusPlus is requeired for fuzzing. AFLPlusPlus installation instruction can be found on its page.

python3 -m tsmok.example.pw_app -b <path/to/binary> -v

python3 -m tsmok.examples.trusty.tee_app -f images/examp les/trusty/trusty-os.elf -v

python -m tsmok.examples.optee.ta_arm64_app -t images/examples/optee/8aaaf200-2450-11e4-abe2-0002a5d5c51b.elf -v

afl-fuzz -U -m none -i images/examples/optee/ta-fuzz-samples/ -o <path/to/result> -M fuzzer01 -- python3 -m tsmok.examples.optee.ta_arm64_fuzz_app images/examples/optee/8aaaf200-2450-11e4-abe2-0002a5d5c51b-with-crash.elf @@

python3 -m tests.test_rpmb_simple

Dmitry Yatsushkevich [email protected]

This project is not an official Google project. It is not supported by Google and Google specifically disclaims all warranties as to its quality, merchantability, or fitness for a particular purpose.