Showcase

In our knowledge, Unicorn has been used by 121 following products (listed in no particular order).

• Qiling: Cross-platform & multi-architecture lightweight sandbox.

• UniDOS: Microsoft DOS emulator.

• Radare2: Unix-like reverse engineering framework and commandline tools.

• Usercorn: User-space system emulator.

• Unicorn-decoder: A shellcode decoder that can dump self-modifying-code.

• Univm: A plugin for x64dbg for x86 emulation.

• PyAna: Analyzing Windows shellcode.

• GEF: GDB Enhanced Features.

• Pwndbg: A Python plugin of GDB to assist exploit development.

• Eli.Decode: Decode obfuscated shellcodes.

• IdaEmu: an IDA Pro Plugin for code emulation.

• Roper: build ROP-chain attacks on a target binary using genetic algorithms.

• Sk3wlDbg: A plugin for IDA Pro for machine code emulation.

• Angr: A framework for static & dynamic concolic (symbolic) analysis.

• Cemu: Cheap EMUlator based on Keystone and Unicorn engines.

• ROPMEMU: Analyze ROP-based exploitation.

• BroIDS_Unicorn: Plugin to detect shellcode on Bro IDS with Unicorn.

• UniAna: Analysis PE file or Shellcode (Only Windows x86).

• ARMSCGen: ARM Shellcode Generator.

• TinyAntivirus: Open source Antivirus engine designed for detecting & disinfecting polymorphic virus.

• Patchkit: A powerful binary patching toolkit.

• Arpilnik: Very simple arithmetric expression compiler for x86_64 machines.

• Shellbug: Basic command-line, text-based, shellcode debugger.

• GCTF-Challenges: An assembly based puzzle at GryphonCTF 2016.

• Sibyl: A Miasm2 based function divination.

• Kadabra: A blanked execution framework.

• Fuzzemu: Instruction emulator for the Cortex-M3 ARM.

• Simuvex: Symbolic execution engine for the VEX IR.

• VulcanoIO: Open Source Cluster IOTs for Reverse Engineering Malware.

• Nao: Dead code eliminator plugin for IDA Pro.

• Ripr: Rip out functionality from binary code to use from Python.

• Unicorn.Js: A port of the Unicorn emulator for JavaScript.

• SECCON2016 CTF: Online CTF game (Crypto 200, Lost Description).

• Pwntools: CTF framework and exploit development library.

• Indika: A blanket execution/min hash semantic hash tool for binary function identification.

• Pogom-updated: The fastest Pokémon Go map available.

• x86-64-pe-emu: AMD64 Windows PE Emulator in Python.

• cgPwn: Cyber Grand Pwnage Box.

• unitracer: Windows API tracer for malware.

• Asrepl: x86-64 assembly REPL.

• unicorn-libemu-shim: libemu shim layer and win32 environment for Unicorn Engine.

• UniversalRop: Small tool for generating ropchains using Unicorn and Z3.

• Manticore: Dynamic binary analysis tool.

• PrimeU: Emulator for the HP Prime calculator.

• JSRT: Javascript Runtime for Windows, based on Chakra.

• Cuckoo: Automated dynamic malware analysis system.

• AroeA: IDA script to extract stack strings + simple deobfuscate.

• Unico: Unicorn PE function runner.

• Pegasus: Windbg emulation plugin.

• AsmShell: Command Line Assembler Shell.

• uEmu: Tiny cute emulator plugin for IDA based on Unicorn.

• CageTheUnicorn: Debugging/emulating environment for Switch code.

• Asemu: 32-bit x86 emulator using ncurses and Capstone/Keystone/Unicorn.

• CircuitBreaker: Nintendo Switch hacking toolkit.

• ROPChain: ROPChain generator.

• AFL-Unicorn: Fuzz any piece of binary.

• rengage: Nokia N-Gage reverse engineering platform/emulator.

• openswe1r: An Open-Source port of the 1999 Game "Star Wars: Episode 1 Racer".

• Syntia: Synthesizing the Semantics of Obfuscated Code.

• uDdbg: A GDB like debugger that provide a runtime env to Unicorn emulator and additionals features.

• Vita3K: PlayStation Vita emulator.

• JuniEmu: Emulator interface for ARM 32bit.

• Yuzu: Open-source emulator for the Nintendo Switch.

• Dynarmic: An ARM dynamic recompiler.

• Fygimbal: Tools for talking to the Feiyu Tech gimbal via serial.

• SlothEmu: Unicorn emulator for x64dbg.

• Dbghlpr: It provides various functions useful for debugging using Windbg.

• UniPE: A small framwork to execute PE files with UniCorn.

• Pimp my ride: Multi-architecture CPU Emulator.

• EKA2L1: Symbian OS emulator.

• Cxbx-Reloaded: Xbox (Original) Emulator.

• Vios: Experimental Playstation Vita Emulator.

• Fuzzle: A stateful fuzzing engine.

• EmuHookDetector: Hook detector using emulation and comparing static with dynamic output.

• Scanr: Detect x86 shellcode in files and traffic.

• Binja-secret: Binary Ninja plugin that encapsulate Frida, Unicorn, Capstone and Keystone.

• AndroidNativeEmu: Partly emulate an Android native library.

• Frick: The first debugger built on top of Frida.

• Emufuzz: libFuzzer + Unicorn + Capstone.

• vtMal: Malware Sandbox Emulation in Python.

• Reil: A C++ translation/emulation library for the Aarch64 instruction set to REIL.

• Cmulator: Scriptable Reverse Engineering Sandbox Emulator for shellcode or PE binaries.

• unicorn_string_deobfuscator: A Unicorn based emulator to deobfuscate Equation Group string XOR obfuscation.

• Flare IDA: IDA Pro utilities from FLARE team.

• Flare Emu: Emulator for IDA Pro.

• ish: Linux shell for iOS. Uses Unicorn as a reference for testing the custom emulator.

• Unicorn Tracer: Adds some functionalities to the Unicorn framework to ease tracing of changes in memory.

• Pad unpacker: Puzzle and Dragons binary unpacker.

• Ryujinx: Experimental Switch emulator written in C#.

• pyGDB remote: a Python GDB remote protocol implementation.

• lakebed: Emulation-based testing for Nintendo Switch reimplementations.

• Unicorn PE: Unicorn based emulator for Windows PE files.

• Triton: Dynamic Binary Analysis framework.

• Emusca: Power trace simulator for side channel analysis attack testing.

• ucui-unicorn: ncurses shellcode/instructions tester.

• Dwarf: A debugger for reverse engineers, crackers and security analyst.

• Un{i}packer: Automatic and platform-independent unpacker for Windows binaries.

• Rainbow: Easy scripting interface to emulate embedded binaries for tracing.

• Unidbg: Emulate an Android ARM32 and/or ARM64 native library.

• HDD-Firmware-Emulation: Emulating SAMSUNG HM641JI HDD firmware using Unicorn.

• xdvre: A disassembler/debugger that works based on the extension plugin.

• astro: A safe sandbox for C autograding.

• ARMStrong: A fast and simple ARM Simulator made for education.

• RopDissector: A framework for static analysis of ROP exploits and programs.

• ELMO2: ELMO2 is designed to help software engineers quickly identify side channel security risks during development stages.

• NetGuard Unpacker: Public NetGuard Deobfuscator.

• ipasim: iOS emulator for Windows.

• taintinduce: Automate the creation of taint propagation rules for unknown instruction sets.

• UnicoreFuzz: Fuzzing the Kernel Using AFL-Unicorn.

• UniTaint: PoC for a taint based attack on VMProtect.

• Lightswitch: Run Nintendo Switch homebrew and games on your Android device!

• unicorn-bios: Basic BIOS emulator for Unicorn Engine.

• uniFuzzer: A fuzzing tool for closed-source binaries based on Unicorn and LibFuzzer.

• Binee: Binary emulation environment.

• Packman deobfuscator: League-of-Legends anti-cheat code deobfuscator.

• aah: Arm64 architecture handler.

• tracecorn_tina: A modified version base on Tracecorn for unpacking.

• EFI DXE Emulator: EFI DXE Emulator and Interactive Debugger.

• ShellCodeEmulator: Windows shellcode emulator.

• x64dbgpy.library.unicorn: Emulator for X64dbg.

• Frankenstein: Broadcom and Cypress firmware emulation for fuzzing and further full-stack debugging .

---

Please let us know, so we can put you in the list above, if you are also using Unicorn, either:

• for your products.

• for your training classes.

• for your works.