Maat is an open-source symbolic execution framework that can be used for binary analysis, reverse-engineering, and vulnerability research. Designed with simplicity and performance in mind, its usability-driven API unveils powerful features and make it a handy tool for both seasonned reversers and beginners.
Hoping to make symbolic execution accessible to everyone, we do our best to write comprehensive tutorials that introduce each feature of the framework and show various applications to real-world examples. We also maintain API documentation for Python and C++.
Based on full emulation, Maat can be used for a wide variety of tasks, from analysing code snippets to code exploration on a whole program. Functionalities include: Symbolic Execution, Instrumentation, Constraint solving, Binary loading, OS simulation, and Assembly lifting.
Intuitive Python API
from maat import *
# Create a symbolic engine for Linux X86-32bits
engine = MaatEngine(ARCH.X86, OS.LINUX)
# Load a binary with one command line argument
engine.load("./some_binary", BIN.ELF32, args=[engine.vars.new_symbolic_buffer("password", 20)])
# Get current eax value
engine.cpu.eax
# Read 4 bytes at the top of the stack
engine.mem.read(engine.cpu.esp, 4)
# Set a callback displaying every memory read
def show_mem_access(engine):
mem_access = engine.info.mem_access
print(f"Instruction at {engine.info.addr} reads {mem_access.size} bytes at {mem_access.addr}")
engine.hooks.add(EVENT.MEM_R, WHEN.BEFORE, callbacks=[show_mem_access])
# Take and restore snapshots
snap = engine.take_snapshot()
engine.restore_snapshot(snap)
# Run the binary
engine.run()
Want to contribute?
Maat is still a very young project. We gladly welcome any feedback that can help improve the framework! Do you want to ask for new features, request a specific tutorial, submit a pull-request, or share ideas on how to improve the API? Please open tickets on the project's github page.
If you find a bug or oversights in the docs, don't hesitate to fill out an issue on github. You'll make it easier for us to track and correct bugs, and we will be thankful to you for helping improve software reliability and user experience ♥
Maat is free and open-source, and anyone can become involved! We'll always appreciate your support, whether it be contributions to the code or just your personnal feedback as a user. Dropping us a little ★ for visibility also helps!
For more informal questions and conversations join us in Github discussions