About
TSMOK (pronounce [(t)smok]) is a tool to emulate firmware for testing and research purpose. TSMOK is based on Unicorn engine.
Features
- Modular structure.
- Supports OPTEE OS, OPTEE TA, Trusty OS, and Pigweed ARM ELF binaries.
- Fake ATF, OPTEE, and HW components implementations.
- Python OPTEE instance has a simple implementation of RPMB storage.
- FF-A support
- MMU support
- TSMOK tracks:
- execution flow (instruction, function, and syscalls)
- memory access
- syscall access
- Mem/Reg control and examination
- Coverage support (gcov, lcov) base on disasm and ELF DWARF
- AFL support for fuzzing(AFL has instrumentation for Unicorn engine).
- OPTEE TA fuzzing support
- Extensibility: easy to add new fake HW component support or new tracking/analyzing features.
Area of usage
- Testing: tests(unit/functional) with about any complexity can be written.
- Security research
- Fuzzing
Installation
Install custom UnicornAFL
git clone https://github.com/dmitryya/unicornafl.git -b tee-dev
cd unicornafl/bindings/python
sudo python3 setup.py install
Install dependencies
pip3 install -r requirements.txt
Install TSMOK
python3 setup.py install
Fuzzing
AFLPlusPlus is requeired for fuzzing. AFLPlusPlus installation instruction can be found on its page.
Examples
Pigweed binary run
python3 -m tsmok.example.pw_app -b <path/to/binary> -v
Trusty OS binary run
python3 -m tsmok.examples.trusty.tee_app -f images/examp les/trusty/trusty-os.elf -v
OPTEE TA binary run
python -m tsmok.examples.optee.ta_arm64_app -t images/examples/optee/8aaaf200-2450-11e4-abe2-0002a5d5c51b.elf -v
OPTEE TA binary fuzzing
afl-fuzz -U -m none -i images/examples/optee/ta-fuzz-samples/ -o <path/to/result> -M fuzzer01 -- python3 -m tsmok.examples.optee.ta_arm64_fuzz_app images/examples/optee/8aaaf200-2450-11e4-abe2-0002a5d5c51b-with-crash.elf @@
Run local unittests
python3 -m tests.test_rpmb_simple
Contributers
Dmitry Yatsushkevich dmitryya@google.com
Disclaimer
This project is not an official Google project. It is not supported by Google and Google specifically disclaims all warranties as to its quality, merchantability, or fitness for a particular purpose.