qilingframework
diff --git a/‎.github/workflows/build-ci.yml‎
Lines changed: 5 additions & 8 deletions b/‎.github/workflows/build-ci.yml‎
Lines changed: 5 additions & 8 deletions
diff --git a/‎ChangeLog‎
Lines changed: 43 additions & 1 deletion b/‎ChangeLog‎
Lines changed: 43 additions & 1 deletion
diff --git a/‎README.md‎
Lines changed: 4 additions & 0 deletions b/‎README.md‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎examples/fuzzing/stm32f429/afl_inputs/sample‎
Lines changed: 2 additions & 0 deletions b/‎examples/fuzzing/stm32f429/afl_inputs/sample‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎examples/fuzzing/stm32f429/fuzz.py‎
Lines changed: 56 additions & 0 deletions b/‎examples/fuzzing/stm32f429/fuzz.py‎
Lines changed: 56 additions & 0 deletions
diff --git a/‎examples/fuzzing/stm32f429/fuzz.sh‎
Lines changed: 2 additions & 0 deletions b/‎examples/fuzzing/stm32f429/fuzz.sh‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎examples/hello_mips32_linux_customapi.py‎
Lines changed: 1 addition & 0 deletions b/‎examples/hello_mips32_linux_customapi.py‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎examples/mcu/gd32vf103_blink.py‎
Lines changed: 1 addition & 1 deletion b/‎examples/mcu/gd32vf103_blink.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎examples/mcu/stm32f407_gpio_hook.py‎
Lines changed: 2 additions & 1 deletion b/‎examples/mcu/stm32f407_gpio_hook.py‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎examples/mcu/stm32f407_hack_lock.py‎
Lines changed: 1 addition & 1 deletion b/‎examples/mcu/stm32f407_hack_lock.py‎
Lines changed: 1 addition & 1 deletion
@@ -10,21 +10,18 @@ jobs:
       fail-fast: false
       matrix:
         #os: [windows-2019, macos-10.15, ubuntu-18.04, ubuntu-20.04]
-        os: [windows-latest, ubuntu-18.04, ubuntu-20.04]
-        python-version: [3.8, 3.9]
-        exclude:
-          - os: ubuntu-18.04
-            python-version: 3.9                   
+        os: [windows-latest, ubuntu-20.04]
+        python-version: [3.8, 3.9]              
         include:
-          - os: ubuntu-18.04
+          - os: ubuntu-22.04
             python-version: 3.9
             container: Docker
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     - name: Set up Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v4
       with:
         python-version: ${{ matrix.python-version }}
 
 
@@ -1,5 +1,48 @@
 This file details the changelog of Qiling Framework.
 
+------------------------------------
+[Version 1.4.5]: December 29th, 2022
+
+New features:
+- Qdb with PE (#1295)
+
+Improvements:
+- Add pstate in const_arm64.py (#1236)
+- Implement ql_syscall_sched_yield (#1237)
+- Periodic quality PR (#1238)
+- Speed up MCU interrupt handler (#1240)
+- Minor update for setup.py, mcu test and windows registry (#1246)
+- Optimize qltui (#1247)
+- Optimize evm dependency package version manage (#1248)
+- Fix getrlimit related syscall (aka tenda fix) (#1249)
+- Add new ci for arm firmware (#1250)
+- More detailed tenda CI test and cleanup elf multithrad http test (#1251)
+- Fix MIPS relocs (#1252)
+- Newly compiled picohttpd for armeb and new test script (#1254)
+- Update armeb test binary and testing docker (#1255)
+- Update rootfs (#1256)
+- Qdb bug fix and improvement (#1257)
+- Improve handling of gdb 42000 magic pid (#1259)
+- Fix mcu issue in qdb and show flags in uppercase (#1263)
+- Update setup.py (#1267)
+- Handle Cortex M as a specific arch (#1271)
+- Fix some error in syscall fcntl and getsockopt (#1272)
+- Periodic maintenance PR (#1274)
+- Fix gdb attach on ARM thumb mode (#1285)
+- Qdb: add command show_args (#1289)
+- Periodic maintenance PR (#1293)
+
+Contributors:
+- richor1042
+- vhertz
+- elicn
+- kabeor
+- xwings
+- ucgJhe
+- aquynh
+- owl129
+- 
+
 ------------------------------------
 [Version 1.4.4]: September 24th, 2022
 
@@ -87,7 +130,6 @@ Contributors:
 - elicn
 - xwings
 - cq674350529
-- elicn
 - TheZ3ro
 - bet4it
 - chinggg
 
@@ -28,6 +28,10 @@ Qiling is an advanced binary emulation framework, with the following features:
 
 Qiling also made its way to various international conferences.
 
+2022:
+- [Black Hat, EU](https://www.blackhat.com/eu-22/arsenal/schedule/#reversing-mcu-with-firmware-emulation-29553)
+- [Black Hat, MEA](https://blackhatmea.com/node/724)
+
 2021:
 - [Black Hat, USA](https://www.blackhat.com/us-21/arsenal/schedule/index.html#bringing-the-x-complete-re-experience-to-smart-contract-24119)
 - [Hack In The Box, Amsterdam](https://conference.hitb.org/hitbsecconf2021ams/sessions/when-qiling-framework-meets-symbolic-execution/)
 
@@ -0,0 +1,2 @@
+hackme
+aaaaaaaaaaaa
@@ -0,0 +1,56 @@
+#!/usr/bin/env python3
+# 
+# Cross Platform and Multi Architecture Advanced Binary Emulation Framework
+#
+
+import os
+import sys
+
+from typing import Any, Optional
+
+sys.path.append("../../..")
+from qiling.core import Qiling
+from qiling.const import QL_VERBOSE
+
+from qiling.extensions.afl import ql_afl_fuzz_custom
+from qiling.extensions.mcu.stm32f4 import stm32f429
+
+from unicorn import UC_ERR_OK, UcError
+
+def main(input_file: str):
+    ql = Qiling(["../../rootfs/mcu/stm32f429/bof.elf"], 
+                archtype="cortex_m", 
+                env=stm32f429, 
+                ostype='mcu',
+                verbose=QL_VERBOSE.DISABLED)
+
+    ql.hw.create('rcc')
+    ql.hw.create('usart2')
+    ql.hw.create('usart3')
+    
+    ql.fast_mode = True 
+
+    def place_input_callback(ql: Qiling, input_bytes: bytes, persistent_round: int) -> Optional[bool]:
+        """Called with every newly generated input."""
+
+        ql.hw.usart3.send(input_bytes)
+        
+        return True
+
+    def fuzzing_callback(ql: Qiling):
+        ql.run(end=0x80006d9)            
+        
+        return UC_ERR_OK
+
+    ql.uc.ctl_exits_enabled(True)
+    ql.uc.ctl_set_exits([0x80006d9])
+
+    ql_afl_fuzz_custom(ql, input_file, place_input_callback, fuzzing_callback=fuzzing_callback)
+
+    os.exit(0)
+
+if __name__ == "__main__":
+    if len(sys.argv) == 1:
+        raise ValueError("No input file provided.")
+
+    main(sys.argv[1])
@@ -0,0 +1,2 @@
+#!/bin/bash
+AFL_AUTORESUME=1 afl-fuzz -i afl_inputs -o afl_outputs -U -- python3 ./fuzz.py @@
@@ -17,4 +17,5 @@ def my_puts(ql: Qiling):
 
 if __name__ == "__main__":
     ql = Qiling(["rootfs/mips32_linux/bin/mips32_hello"], "rootfs/mips32_linux", verbose=QL_VERBOSE.DEBUG)
+    ql.os.set_api("puts", my_puts)
     ql.run()
@@ -10,7 +10,7 @@
 from qiling.const import QL_VERBOSE
 from qiling.extensions.mcu.gd32vf1 import gd32vf103
 
-ql = Qiling(['../rootfs/mcu/gd32vf103/blink.hex'], archtype="riscv64", 
+ql = Qiling(['../rootfs/mcu/gd32vf103/blink.hex'], archtype="riscv64", ostype="mcu",
                     env=gd32vf103, verbose=QL_VERBOSE.DEBUG)
 
 ql.hw.create('rcu')
 
@@ -13,7 +13,7 @@
 
 
 ql = Qiling(["../rootfs/mcu/stm32f407/ai-sine-test.elf"],
-            archtype="cortex_m", env=stm32f407, verbose=QL_VERBOSE.DEFAULT)
+            archtype="cortex_m", ostype="mcu", env=stm32f407, verbose=QL_VERBOSE.DEFAULT)
 
 ql.hw.create('rcc')
 ql.hw.create('pwr')
@@ -23,6 +23,7 @@
 ql.hw.create('gpiod')
 ql.hw.create('spi1')
 ql.hw.create('crc')
+ql.hw.create('dbgmcu')
 
 oled = PyGameSSD1306Spi(dc=(ql.hw.gpiod, 5))
 ql.hw.spi1.connect(oled)
 
@@ -27,7 +27,7 @@ def dicts():
 # Cracking the passwd of lock
 def crack(passwd):
     ql = Qiling(["../../examples/rootfs/mcu/stm32f407/backdoorlock.hex"],                    
-                        archtype="cortex_m", env=stm32f407, verbose=QL_VERBOSE.OFF)
+                        archtype="cortex_m", ostype="mcu", env=stm32f407, verbose=QL_VERBOSE.DISABLED)
 
     ql.hw.create('spi2')
     ql.hw.create('gpioe')
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+#!/bin/bash`
	`2`	`+AFL_AUTORESUME=1 afl-fuzz -i afl_inputs -o afl_outputs -U -- python3 ./fuzz.py @@`