These are some tools which were developed as part of my research. All these tools are open-sourced. You are free to use them, but please cite the corresponding project for which the tool was originally developed.


DR.CHECKER implements a Soundy analysis technique for Linux Kernel drivers. It is a static-taint based bug finding tool for Linux kernel drivers. It scopes its analysis on only drivers resulting in very precise warnings. You can use it to find zero-days :)

Source Repo, BibTex


BootStomp is a boot-loader bug finder. It looks for two different class of bugs: memory corruption and state storage vulnerabilities. Similar to DR.CHECKER, You can use it to find zero-days :)

Source Repo, BibTex


BOOMERANG, a class of vulnerabilities that stem from the semantic gap between the non-secure and secure worlds. BOOMERANG is a type of confused deputy attack, wherein a user-level application in the non-secure world can leverage a TA to read from or write to non-secure world memory that it does not own, including the untrusted OS’s.
We found exploitable BOOMERANG vulnerabilities in four TEE implementations. These vulnerabilities were detected using a combination of manual analysis and an automated static analysis tool, which is capable of locating potential vectors for exploiting BOOMERANG in a given TA. We were able to leverage vulnerabilities in two commercial TEE implementations to create proof-of-concept exploits.
we propose a novel defense Cooperative Semantic Reconstruction (CSR), which is capable of bridging the semantic gap between the two worlds with minimal modification and minimal overhead.

Source Repo, BibTex


Dynodroid is a system for automatically generating relevant inputs to Android apps. It is capable of generating both UI inputs (e.g., touchscreen taps and gestures) and system inputs (e.g., simulating incoming SMS messages). It also allows interleaving inputs from machine and human.

User guide, Source Repo, VHD, BibTex