Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Fuzzing Against the Machine
  • Table Of Contents Toc
Fuzzing Against the Machine

Fuzzing Against the Machine

By : Antonio Nappa, Eduardo Blázquez
4.5 (15)
Buy this Book
close
close
Fuzzing Against the Machine

Fuzzing Against the Machine

4.5 (15)
By: Antonio Nappa, Eduardo Blázquez
Buy this Book

Overview of this book

Emulation and fuzzing are among the many techniques that can be used to improve cybersecurity; however, utilizing these efficiently can be tricky. Fuzzing Against the Machine is your hands-on guide to understanding how these powerful tools and techniques work. Using a variety of real-world use cases and practical examples, this book helps you grasp the fundamental concepts of fuzzing and emulation along with advanced vulnerability research, providing you with the tools and skills needed to find security flaws in your software. The book begins by introducing you to two open source fuzzer engines: QEMU, which allows you to run software for whatever architecture you can think of, and American fuzzy lop (AFL) and its improved version AFL++. You’ll learn to combine these powerful tools to create your own emulation and fuzzing environment and then use it to discover vulnerabilities in various systems, such as iOS, Android, and Samsung's Mobile Baseband software, Shannon. After reading the introductions and setting up your environment, you’ll be able to dive into whichever chapter you want, although the topics gradually become more advanced as the book progresses. By the end of this book, you’ll have gained the skills, knowledge, and practice required to find flaws in any firmware by emulating and fuzzing it with QEMU and several fuzzing engines.
Table of Contents (18 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Download the example code files
Icon
Download the color images
Icon
Conventions used
Icon
Get in touch
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book
1
Part 1: Foundations
Icon
Part 1: Foundations
Lock Free Chapter
2
Chapter 1: Who This Book is For
Icon
Chapter 1: Who This Book is For
Icon
Who is this book for?
Icon
Prerequisites
Icon
A custom journey
Icon
Getting a primer
Icon
Ladies and gentlemen, start your engines
Icon
Summary
3
Chapter 2: History of Emulation
Icon
Chapter 2: History of Emulation
Icon
What is emulation?
Icon
Why is emulation needed?
Icon
Emulation besides QEMU
Icon
The role of emulation and virtualization in cybersecurity through history
Icon
Summary
4
Chapter 3: QEMU From the Ground
Icon
Chapter 3: QEMU From the Ground
Icon
Approaching IoT devices with emulation
Icon
Code structure
Icon
QEMU emulation
Icon
QEMU extensions and mods
Icon
Summary
5
Part 2: Emulation and Fuzzing
Icon
Part 2: Emulation and Fuzzing
6
Chapter 4: QEMU Execution Modes and Fuzzing
Icon
Chapter 4: QEMU Execution Modes and Fuzzing
Icon
QEMU user mode
Icon
QEMU full-system mode
Icon
Fuzzing and analysis techniques
Icon
American Fuzzy Lop and American Fuzzy Lop++
Icon
Summary
7
Chapter 5: A Famous Refrain: AFL + QEMU = CVEs
chevron up
Icon
Chapter 5: A Famous Refrain: AFL + QEMU = CVEs
Icon
Is it so easy to find vulnerabilities?
Icon
Full-system fuzzing – introducing TriforceAFL
Icon
Summary
Icon
Further reading
Icon
Appendix
8
Chapter 6: Modifying QEMU for Basic Instrumentation
Icon
Chapter 6: Modifying QEMU for Basic Instrumentation
Icon
Adding a new CPU
Icon
Emulating an embedded firmware
Icon
Reverse engineering DMA peripherals
Icon
Emulating UART with Avatar2 for firmware debugging – visualizing output
Icon
Summary
9
Part 3: Advanced Concepts
Icon
Part 3: Advanced Concepts
10
Chapter 7: Real-Life Case Study: Samsung Exynos Baseband
Icon
Chapter 7: Real-Life Case Study: Samsung Exynos Baseband
Icon
A crash course on mobile phone architecture
Icon
Setting up FirmWire for vulnerability validation
Icon
Summary
11
Chapter 8: Case Study: OpenWrt Full-System Fuzzing
Icon
Chapter 8: Case Study: OpenWrt Full-System Fuzzing
Icon
OpenWrt
Icon
Building the firmware
Icon
Fuzzing the kernel
Icon
Post-crash core dump triaging
Icon
Summary
12
Chapter 9: Case Study: OpenWrt System Fuzzing for ARM
Icon
Chapter 9: Case Study: OpenWrt System Fuzzing for ARM
Icon
Emulating the ARM architecture to run an OpenWrt system
Icon
Installing TriforceAFL for ARM
Icon
Running TriforceAFL in OpenWrt for ARM
Icon
Obtaining a crash
Icon
Summary
13
Chapter 10: Finally Here: iOS Full System Fuzzing
Icon
Chapter 10: Finally Here: iOS Full System Fuzzing
Icon
A brief history of iOS emulation
Icon
iOS basics
Icon
Setting up an iOS emulator
Icon
Preparing your harness to start fuzzing
Icon
Triforce’s driver mod for iOS
Icon
Summary
14
Chapter 11: Deus Ex Machina: Fuzzing Android Libraries
Icon
Chapter 11: Deus Ex Machina: Fuzzing Android Libraries
Icon
Introducing the Android OS and its architecture
Icon
Fuzzing Android libraries with Sloth
Icon
Summary
15
Chapter 12: Conclusion and Final Remarks
Icon
Chapter 12: Conclusion and Final Remarks
16
Index
Icon
Index
Icon
Why subscribe?
17
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book

A Famous Refrain: AFL + QEMU = CVEs

In this chapter, we will focus on finding our first vulnerability, which is a VLC remote code execution from 2011, also known as CVE-2011-0531. We will start by discussing a user space program vulnerability and how we can discover it using a fuzzer. Then, we will take another step and apply the fuzzer to an entire system to perform full-system fuzzing and vulnerability discovery.

We will begin by explaining the process of finding a single program vulnerability using a fuzzer, which is easier to grasp conceptually. Then, we will use the example of VLC to illustrate the principles of fuzzing and vulnerability research. Later on, we will apply the same approach to a full-system fuzzing harness.

Overall, we aim to provide a clear and comprehensive guide to the process of fuzzing and vulnerability discovery. By starting with a single program and gradually moving to full-system fuzzing, we hope to equip readers with a solid understanding of the fundamentals...

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Fuzzing Against the Machine
End of Section 7
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon