Skip to content
Corana is a Dynamic Symbolic Execution Engine for ARM Cortex-M aiming to incrementally reconstruct the precise Control Flow Graph (CFG) of IoT malware under the presence of obfuscation techniques.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
corana ReUpload Repository May 7, 2019
extraction ReUpload Repository May 7, 2019
libs ReUpload Repository May 7, 2019
testing ReUpload Repository May 7, 2019
LICENSE ReUpload Repository May 7, 2019


Corana is an on-going project providing a Dynamic Symbolic Execution tool for ARM Cortex-M. It takes an ARM binary file as the input and outputs its precise Control Flow Graph (CFG) under the presence of obfuscations like indirect jumps. Since it is currently a preliminary version and still being regularly improved, bugs may occur. The number of supported instruction is also limited.


Important note: This installation is for Linux/MacOS only. For Windows, please take a look at the detailed instruction of each individual component.

Java and File

Corana is written entirely in Java. Thus, make sure that you already installed Java (version 1.8+). In addition, Corana use file command to check the format of an input binary file. In fact, file is already installed by default in Linux/MacOS, but for Windows, please install it first.

Capstone Engine

Corana utilizes Capstone as a single-step disassembler engine. It is worth noting that, we use the older version cloned by TRANScurity instead of the latest one since the maven library used in Corana is not compatible with newer releases. Please follow the installation below:

Z3 Solver

Corana uses Z3 as a back-end SMT Solver to check the satisfiability of path constraints. Z3 can be installed either from source code or command line.

  • Using command line: sudo apt-get update -y; sudo apt-get install -y z3
  • From source code: Please clone Z3 repository (or using the Z3 repository included in /libs) and follow its instruction.

Build Corana

We provide a pre-built Corana as a .jar file. However, you can still re-build it by simply creating a new artifact from sources. After successfully building, make sure that corana.jar is successfully generated.


Corana inputs an ARM binary file and outputs its CFG. The CFG is represented as .dot file, thus you can arbitrarily further plot it in any graphic or data structure format as you want. Use this command to execute Corana:

 java -Xss16m -Xmx10240m -jar corana.jar -execute /path/to/input/file


  • -Xss: the maximum memory allocated for stack size. We recommend to set it around 16MB or larger.
  • -Xmx: the maximum memory allocated for the execution. We recommend to set it as much as possible since the dynamic symbolic execution consumes a lot of memory.
  • /path/to/input/file: the path to the ARM binary file for analyzing.

If you want to specify an ARM variation, please append the variation name (M0, M0_Plus, M3, M4, M7, M33) to the end of the command above. Otherwise, Corana runs with the general ARM configurations.

 java -Xss16m -Xmx10240m -jar corana.jar -execute /path/to/input/file M7


Anh V. Vu - Project maintainer - Email


This project is licensed under the MIT License.


We thank JAIST for financially supporting our project and thank Jan Willem Janssen for his useful library for effectively parsing ELF binary file:

You can’t perform that action at this time.