Add support for Unicorn engine

Cargo.toml

@@ -11,6 +11,7 @@ members = [
   "libafl_intelpt",
   "libafl_libfuzzer",
   "libafl_nyx",
+  "libafl_unicorn",
   "libafl_targets",
   "libafl_tinyinst",
   "libafl_qemu",

fuzzers/full_system/unicorn/Cargo.toml

@@ -0,0 +1,27 @@
+[package]
+name = "unicorn"
+version = "0.1.0"
+edition = "2021"
+
+[features]
+# Enable a code hook which log the program counter at each executed instruction
+default = []
+code_hook = []
+mem_hook = []
+
+
+# Panic configuration needed so that the InProcessForkExecutor still detect the crash when the forked process crashed
+[profile.dev]
+panic = "abort"
+
+[profile.release]
+panic = "abort"
+
+[dependencies]
+libafl = { path = "../../../libafl/" }
+libafl_bolts = { path = "../../../libafl_bolts/" }
+libafl_targets = { path = "../../../libafl_targets" }
+libafl_unicorn = { path = "../../../libafl_unicorn/" }
+
+unicorn-engine = "2.0.1"
+iced-x86 = "1.18.0"

fuzzers/full_system/unicorn/bin/Makefile

@@ -0,0 +1,35 @@
+arm64="aarch64-linux-gnu"
+arm="arm-linux-gnueabihf"
+x64="x86_64-linux-gnu"
+assembly_arm64:
+	$(arm64)-gcc -O2 -S -c foo.c -o foo_arm64.s
+
+binary_arm64:
+	$(arm64)-as foo_arm64.s -o foo_arm64.elf
+	$(arm64)-objcopy -O binary -j .text.startup foo_arm64.elf foo_arm64.bin
+
+assembly_arm:
+	$(arm)-gcc -O2 -S -c foo.c -o foo_arm.s
+
+binary_arm:
+	$(arm)-as foo_arm.s -o foo_arm.elf
+	$(arm)-objcopy -O binary foo_arm.elf foo_arm.bin
+
+assembly_x86:
+	$(x64)-gcc -O2 -S -c foo.c -o foo_x86.s
+
+binary_x86:
+	$(x64)-as foo_x86.s -o foo_x86.elf
+	# Extract the .text.startup section
+	$(x64)-objcopy -O binary -j .text.startup foo_x86.elf foo_x86.bin
+
+build_arm: assembly_arm binary_arm
+build_arm64: assembly_arm64 binary_arm64
+build_x86: assembly_x86 binary_x86
+
+clean:
+	rm foo_*
+
+
+all: build_arm build_arm64 build_x86
+# sudo apt install gcc-arm-linux-gnueabihf gcc-aarch64-linux-gnu

fuzzers/full_system/unicorn/bin/foo.c

@@ -0,0 +1,24 @@
+int main() {
+  char *data = (char *)0x8000;
+  // Extract the input from the memory at 0x8000
+  char a = data[0];
+  char b = data[1];
+  char c = data[2];
+  char result = 0;  // The result, so should be initialized at 0;
+
+  if (a > b) {
+    result = 0x2;
+    if (a > 0x20) {
+      result = 0x3;
+      if (a == 0x50) {
+        result = 0x4;
+        if (b == 0x24) {
+          result = 0x5;
+          if (c == 0x36) { result = 0x6; }
+        }
+      }
+    }
+  }
+
+  return result;
+}