Fuzzing Against the Machine

By : Antonio Nappa, Eduardo Blázquez

Fuzzing Against the Machine

By: Antonio Nappa, Eduardo Blázquez

Overview of this book

Emulation and fuzzing are among the many techniques that can be used to improve cybersecurity; however, utilizing these efficiently can be tricky. Fuzzing Against the Machine is your hands-on guide to understanding how these powerful tools and techniques work. Using a variety of real-world use cases and practical examples, this book helps you grasp the fundamental concepts of fuzzing and emulation along with advanced vulnerability research, providing you with the tools and skills needed to find security flaws in your software. The book begins by introducing you to two open source fuzzer engines: QEMU, which allows you to run software for whatever architecture you can think of, and American fuzzy lop (AFL) and its improved version AFL++. You’ll learn to combine these powerful tools to create your own emulation and fuzzing environment and then use it to discover vulnerabilities in various systems, such as iOS, Android, and Samsung's Mobile Baseband software, Shannon. After reading the introductions and setting up your environment, you’ll be able to dive into whichever chapter you want, although the topics gradually become more advanced as the book progresses. By the end of this book, you’ll have gained the skills, knowledge, and practice required to find flaws in any firmware by emulating and fuzzing it with QEMU and several fuzzing engines.

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Get in touch

Share Your Thoughts

Download a free PDF copy of this book

Part 1: Foundations

Free Chapter

Chapter 1: Who This Book is For

Who is this book for?

Prerequisites

A custom journey

Getting a primer

Ladies and gentlemen, start your engines

Summary

Chapter 2: History of Emulation

What is emulation?

Why is emulation needed?

Emulation besides QEMU

The role of emulation and virtualization in cybersecurity through history

Summary

Chapter 3: QEMU From the Ground

Approaching IoT devices with emulation

Code structure

QEMU emulation

QEMU extensions and mods

Summary

Part 2: Emulation and Fuzzing

Chapter 4: QEMU Execution Modes and Fuzzing

QEMU user mode

QEMU full-system mode

Fuzzing and analysis techniques

American Fuzzy Lop and American Fuzzy Lop++

Summary

Chapter 5: A Famous Refrain: AFL + QEMU = CVEs

Is it so easy to find vulnerabilities?

Full-system fuzzing – introducing TriforceAFL

Summary

Further reading

Appendix

Chapter 6: Modifying QEMU for Basic Instrumentation

Adding a new CPU

Emulating an embedded firmware

Reverse engineering DMA peripherals

Emulating UART with Avatar2 for firmware debugging – visualizing output

Summary

Part 3: Advanced Concepts

Chapter 7: Real-Life Case Study: Samsung Exynos Baseband

A crash course on mobile phone architecture

Setting up FirmWire for vulnerability validation

Summary

Chapter 8: Case Study: OpenWrt Full-System Fuzzing

OpenWrt

Building the firmware

Fuzzing the kernel

Post-crash core dump triaging

Summary

Chapter 9: Case Study: OpenWrt System Fuzzing for ARM

Emulating the ARM architecture to run an OpenWrt system

Installing TriforceAFL for ARM

Running TriforceAFL in OpenWrt for ARM

Obtaining a crash

Summary

Chapter 10: Finally Here: iOS Full System Fuzzing

A brief history of iOS emulation

iOS basics

Setting up an iOS emulator

Preparing your harness to start fuzzing

Triforce’s driver mod for iOS

Summary

Chapter 11: Deus Ex Machina: Fuzzing Android Libraries

Introducing the Android OS and its architecture

Fuzzing Android libraries with Sloth

Summary

Chapter 12: Conclusion and Final Remarks

Index

Why subscribe?

Other Books You May Enjoy

Packt is searching for authors like you

Share Your Thoughts

Download a free PDF copy of this book

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: “Extract the JDK distribution (the .tar.gz file) to your desired location, and add the JDK’s bin directory to your PATH: directory.”

A block of code is set as follows:

#include <stdio.h> 
int main() { 
     printf("Hello, qemu fans!\n"); return 0; 
}

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

docker pull iot-fuzz/openwrt_x86
docker run --rm -it -v $(pwd)/owrtKFuzz:/krn iot-fuzz/openwrt_x86
root@5930beaa2553:/TriforceLinuxSyscallFuzzer# md5sum krn/bzImage
f59f429b02f6fa13a6598491032715ce  krn/bzImage

Any command-line input or output is written as follows:

wget https://corretto.aws/downloads/latest/amazon-corretto-11-x64-linux-jdk.tar.gz

Bold: Indicates a new term, an important word, or words that you see onscreen. For instance, words in menus or dialog boxes appear in bold. Here is an example: It’s executed using a support program called an emulator.

Tips or important notes

Appear like this.

Fuzzing Against the Machine

By : Antonio Nappa, Eduardo Blázquez

Fuzzing Against the Machine

By: Antonio Nappa, Eduardo Blázquez

Overview of this book

Related Content you might be interested in

Current Title:

Fuzzing Against the Machine

Ghidra Software Reverse Engineering for Beginners

Mobile App Reverse Engineering

Conventions used