May 15, 2024

Zynq bootrom - reverse tools - Capstone

I became aware of Capstone by way of the juniEmu project: JuniEmu combines the Unicorn emulator and the Capstone disassembler in a tkInter python GUI. Fedora offers these packages: 
capstone.x86_64
capstone-devel.x86_64
python3-capstone.x86_64
capstone-java.noarch
Of course nobody with sense would want the java bindings, but it is nice to see python. As near as I can tell Capstone is coded in plain C (no nasty C++) so we are in good shape.

On Fedora I do this: 

dnf install capstone
dnf install capstone-devel
dnf install python3-capstone

juniEmu

I get: 
    IN_CS_MODE = CS_ARCH_ARM
                 ^^^^^^^^^^^
NameError: name 'CS_ARCH_ARM' is not defined on line 109
I have to add this line at the top: 
from capstone import *
juniEmu is a 2700 line python script. We get more errors when we try to run it. It was last worked on 6 years ago (2018) and no doubt python has been mutating since then. It is not clearly stated if this expects python 2 or 3.

Getting this working is a project of its own. The code actually looks clean.

Feedback? Questions? Drop me a line!

Tom's Computer Info / tom@mmto.org