DECAF (short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. For its technical details, please check our ISSTA'14 conference paper and our TSE journal paper. Its source code can be found here.


DeepMem is a deep neural network based memory forensic tool. Please read our CCS'18 paper for the technical details and check out this GitHub repository for source code.


DroidScope is dynamic analysis platform for Android apps, and is specifically designed for analyzing Android malware. Please read our USENIX Security paper for technical details, and check out our GitHub repository for source code.


DroidUnpack is a generic unpacker for packed Android apps based on whole-system emulation. It extends DroidScope to support both Dalvik virtual machine (DVM) and Android Run Time (ART). Our NDSS'18 paper provides some technical details about this tool and presents exensive study on current status of packers, unpackers and packed Android malware. The source code can be found within DroidScope.


Genius is a bug search engine for cross-platform/cross-architecture binary code. Please read our CCS'16 and CCS'17 papers for technical details. Part of the source code is available at this GitHub repository. The firmware dataset can be downloaded from here (about 57GB).

Whitebox Fuzzing

This whitebox fuzzing tool based on DECAF and BAP 1.0. An instruction trace is collected using the tracecap plugin in DECAF, and then the symbolic execution in BAP is used to compute path constraints and generate new inputs for fuzzing. Source code can be found here.