Showcase

In our knowledge, Unicorn has been used by 125 following products (listed in no particular order).

• Qiling: Cross-platform & multi-architecture lightweight sandbox.
• udbserver: A plugin for Unicorn to provide a debug server.
• UniDOS: Microsoft DOS emulator.
• Radare2: Unix-like reverse engineering framework and commandline tools.
• Usercorn: User-space system emulator.
• Unicorn-decoder: A shellcode decoder that can dump self-modifying-code.
• Univm: A plugin for x64dbg for x86 emulation.
• PyAna: Analyzing Windows shellcode.
• GEF: GDB Enhanced Features.
• Pwndbg: A Python plugin of GDB to assist exploit development.
• Eli.Decode: Decode obfuscated shellcodes.
• IdaEmu: an IDA Pro Plugin for code emulation.
• Roper: build ROP-chain attacks on a target binary using genetic algorithms.
• Sk3wlDbg: A plugin for IDA Pro for machine code emulation.
• Angr: A framework for static & dynamic concolic (symbolic) analysis.
• Cemu: Cheap EMUlator based on Keystone and Unicorn engines.
• ROPMEMU: Analyze ROP-based exploitation.
• BroIDS_Unicorn: Plugin to detect shellcode on Bro IDS with Unicorn.
• UniAna: Analysis PE file or Shellcode (Only Windows x86).
• ARMSCGen: ARM Shellcode Generator.
• TinyAntivirus: Open source Antivirus engine designed for detecting & disinfecting polymorphic virus.
• Patchkit: A powerful binary patching toolkit.
• Arpilnik: Very simple arithmetric expression compiler for x86_64 machines.
• Shellbug: Basic command-line, text-based, shellcode debugger.
• GCTF-Challenges: An assembly based puzzle at GryphonCTF 2016.
• Sibyl: A Miasm2 based function divination.
• Kadabra: A blanked execution framework.
• Fuzzemu: Instruction emulator for the Cortex-M3 ARM.
• Simuvex: Symbolic execution engine for the VEX IR.
• VulcanoIO: Open Source Cluster IOTs for Reverse Engineering Malware.
• Nao: Dead code eliminator plugin for IDA Pro.
• Ripr: Rip out functionality from binary code to use from Python.
• Unicorn.Js: A port of the Unicorn emulator for JavaScript.
• SECCON2016 CTF: Online CTF game (Crypto 200, Lost Description).
• Pwntools: CTF framework and exploit development library.
• Indika: A blanket execution/min hash semantic hash tool for binary function identification.
• Pogom-updated: The fastest Pokémon Go map available.
• x86-64-pe-emu: AMD64 Windows PE Emulator in Python.
• cgPwn: Cyber Grand Pwnage Box.
• unitracer: Windows API tracer for malware.
• Asrepl: x86-64 assembly REPL.
• unicorn-libemu-shim: libemu shim layer and win32 environment for Unicorn Engine.
• UniversalRop: Small tool for generating ropchains using Unicorn and Z3.
• Manticore: Dynamic binary analysis tool.
• PrimeU: Emulator for the HP Prime calculator.
• JSRT: Javascript Runtime for Windows, based on Chakra.
• Cuckoo: Automated dynamic malware analysis system.
• AroeA: IDA script to extract stack strings + simple deobfuscate.
• Unico: Unicorn PE function runner.
• Pegasus: Windbg emulation plugin.
• AsmShell: Command Line Assembler Shell.
• uEmu: Tiny cute emulator plugin for IDA based on Unicorn.
• CageTheUnicorn: Debugging/emulating environment for Switch code.
• Asemu: 32-bit x86 emulator using ncurses and Capstone/Keystone/Unicorn.
• CircuitBreaker: Nintendo Switch hacking toolkit.
• ROPChain: ROPChain generator.
• AFL-Unicorn: Fuzz any piece of binary.
• rengage: Nokia N-Gage reverse engineering platform/emulator.
• openswe1r: An Open-Source port of the 1999 Game ‘Star Wars: Episode 1 Racer’.
• Syntia: Synthesizing the Semantics of Obfuscated Code.
• uDdbg: A GDB like debugger that provide a runtime env to Unicorn emulator and additionals features.
• Vita3K: PlayStation Vita emulator.
• JuniEmu: Emulator interface for ARM 32bit.
• Yuzu: Open-source emulator for the Nintendo Switch.
• Dynarmic: An ARM dynamic recompiler.
• Fygimbal: Tools for talking to the Feiyu Tech gimbal via serial.
• SlothEmu: Unicorn emulator for x64dbg.
• Dbghlpr: It provides various functions useful for debugging using Windbg.
• UniPE: A small framwork to execute PE files with UniCorn.
• Pimp my ride: Multi-architecture CPU Emulator.
• EKA2L1: Symbian OS emulator.
• Cxbx-Reloaded: Xbox (Original) Emulator.
• Vios: Experimental Playstation Vita Emulator.
• Fuzzle: A stateful fuzzing engine.
• EmuHookDetector: Hook detector using emulation and comparing static with dynamic output.
• Scanr: Detect x86 shellcode in files and traffic.
• Binja-secret: Binary Ninja plugin that encapsulate Frida, Unicorn, Capstone and Keystone.
• AndroidNativeEmu: Partly emulate an Android native library.
• Frick: The first debugger built on top of Frida.
• Emufuzz: libFuzzer + Unicorn + Capstone.
• vtMal: Malware Sandbox Emulation in Python.
• Reil: A C++ translation/emulation library for the Aarch64 instruction set to REIL.
• Cmulator: Scriptable Reverse Engineering Sandbox Emulator for shellcode or PE binaries.
• unicorn_string_deobfuscator: A Unicorn based emulator to deobfuscate Equation Group string XOR obfuscation.
• Flare IDA: IDA Pro utilities from FLARE team.
• Flare Emu: Emulator for IDA Pro.
• ish: Linux shell for iOS. Uses Unicorn as a reference for testing the custom emulator.
• Unicorn Tracer: Adds some functionalities to the Unicorn framework to ease tracing of changes in memory.
• Pad unpacker: Puzzle and Dragons binary unpacker.
• Ryujinx: Experimental Switch emulator written in C#.
• pyGDB remote: a Python GDB remote protocol implementation.
• lakebed: Emulation-based testing for Nintendo Switch reimplementations.
• Unicorn PE: Unicorn based emulator for Windows PE files.
• Triton: Dynamic Binary Analysis framework.
• Emusca: Power trace simulator for side channel analysis attack testing.
• ucui-unicorn: ncurses shellcode/instructions tester.
• Dwarf: A debugger for reverse engineers, crackers and security analyst.
• Un{i}packer: Automatic and platform-independent unpacker for Windows binaries.
• Rainbow: Easy scripting interface to emulate embedded binaries for tracing.
• Unidbg: Emulate an Android ARM32 and/or ARM64 native library.
• HDD-Firmware-Emulation: Emulating SAMSUNG HM641JI HDD firmware using Unicorn.
• xdvre: A disassembler/debugger that works based on the extension plugin.
• astro: A safe sandbox for C autograding.
• ARMStrong: A fast and simple ARM Simulator made for education.
• RopDissector: A framework for static analysis of ROP exploits and programs.
• ELMO2: ELMO2 is designed to help software engineers quickly identify side channel security risks during development stages.
• NetGuard Unpacker: Public NetGuard Deobfuscator.
• ipasim: iOS emulator for Windows.
• taintinduce: Automate the creation of taint propagation rules for unknown instruction sets.
• UnicoreFuzz: Fuzzing the Kernel Using AFL-Unicorn.
• UniTaint: PoC for a taint based attack on VMProtect.
• Lightswitch: Run Nintendo Switch homebrew and games on your Android device!
• unicorn-bios: Basic BIOS emulator for Unicorn Engine.
• uniFuzzer: A fuzzing tool for closed-source binaries based on Unicorn and LibFuzzer.
• Binee: Binary emulation environment.
• Packman deobfuscator: League-of-Legends anti-cheat code deobfuscator.
• aah: Arm64 architecture handler.
• tracecorn_tina: A modified version base on Tracecorn for unpacking.
• EFI DXE Emulator: EFI DXE Emulator and Interactive Debugger.
• ShellCodeEmulator: Windows shellcode emulator.
• Frankenstein: Broadcom and Cypress firmware emulation for fuzzing and further full-stack debugging.
• AFLplusplus: A superior fork to Google’s afl - more speed, more and better mutations, more and better instrumentation, custom module support, etc.
• vmrp: Feature phone ‘mrp’ format software simulator.
• Modelsim-Unicorn: Modelsim/Questa Unicorn integration via the VHDL Foreign Language Interface (FLI).
• Speakeasy: A portable, modular, binary emulator designed to emulate Windows kernel and user mode malware.

---

Please let us know, so we can put you in the list above, if you are also using Unicorn, either:

• for your products.

• for your training classes.

• for your works.