





Intro

Deprecation notice! Avatar is not supported/developped anymore, it's successor is Avatar² is much better, Avatar² main page and code is currently github

Avatar: a python framework that orchestrate firmware execution and analysis.

Avatar: a python framework that orchestrate firmware execution and analysis. A communication interface to the target device, for example OpenOCD (if JTAG is available) or our in-memory stub for constrained scenarios.

A communication interface to the target device, for example OpenOCD (if JTAG is available) or our in-memory stub for constrained scenarios. S²E: a symbolic execution and analysis framework based on KLEE and Qemu.



Avatar is an event-based arbitration framework that orchestrates the communication between an emulator and a target physical device. Avatar's goal is to enable complex dynamic analysis of embedded firmware in order to assist in a wide range of security-related activities including (but not limited to) reverse engineering, malware analysis, vulnerability discovery, vulnerability assessment, backtrace acquisition and root-cause analysis of known test cases. The analysis environment consists of several components:

This modular architecture let Avatar perform dynamic analysis of firmware behaviour, such as recording and sandboxing memory accesses, performing live migration of subroutines, symbolically executing specific portion of code as well as detecting vulnerabilities.

Avatar's capabilities have been demonstrated by performing symbolic execution and vulnerability analysis of several devices, including a hard-disk controller, a GSM feature phone and a wireless sensor node.