Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Fuzzing Against the Machine

You're reading from   Fuzzing Against the Machine Automate vulnerability research with emulated IoT devices on QEMU

Arrow left icon
Product type Paperback
Published in May 2023
Publisher Packt
ISBN-13 9781804614976
Length 238 pages
Edition 1st Edition
Languages
Tools
Arrow right icon
Authors (3):
Arrow left icon
Antonio Nappa Antonio Nappa
Author Profile Icon Antonio Nappa
Antonio Nappa
Eduardo Blázquez Eduardo Blázquez
Author Profile Icon Eduardo Blázquez
Eduardo Blázquez
Eduardo Blazquez Eduardo Blazquez
Author Profile Icon Eduardo Blazquez
Eduardo Blazquez
Arrow right icon
View More author details
Toc

Table of Contents (18) Chapters Close

Preface 1. Part 1: Foundations
2. Chapter 1: Who This Book is For FREE CHAPTER 3. Chapter 2: History of Emulation 4. Chapter 3: QEMU From the Ground 5. Part 2: Emulation and Fuzzing
6. Chapter 4: QEMU Execution Modes and Fuzzing 7. Chapter 5: A Famous Refrain: AFL + QEMU = CVEs 8. Chapter 6: Modifying QEMU for Basic Instrumentation 9. Part 3: Advanced Concepts
10. Chapter 7: Real-Life Case Study: Samsung Exynos Baseband 11. Chapter 8: Case Study: OpenWrt Full-System Fuzzing 12. Chapter 9: Case Study: OpenWrt System Fuzzing for ARM 13. Chapter 10: Finally Here: iOS Full System Fuzzing 14. Chapter 11: Deus Ex Machina: Fuzzing Android Libraries 15. Chapter 12: Conclusion and Final Remarks
16. Index 17. Other Books You May Enjoy

Ladies and gentlemen, start your engines

If you have ever been in a playground, you know there are different levels of difficulty in the equipment you can use. Our book is designed to help you figure out which is the best combination of exercises and tools to get your hands dirty with, without getting lost. In our case, the equipment will be different devices, made by different vendors, with different software. Given that we are working with embedded devices, we have had to carefully choose which hardware and software to play with so that you can have the most fun and get the most out of this book.

QEMU basic instrumentation

Instrumentation in computer science is a term that signals that some extra code has been added to an application to analyze or observe a particular behavior or a class of several behaviors. We will explain how it is possible to introduce a new CPU in QEMU and start to execute the first bits of firmware. The code will be almost entirely written in Python. Here, you will see how far this horizon can go, but immediately, you’ll understand the difficulties of running software that expects to interact with sensors, actuators, radio signals, and so on.

OpenWrt full system emulation

OpenWrt (https://openwrt.org/) is a Linux operating system dedicated to baseband routers. It’s a very powerful mod of the world’s favorite penguin software. It is quite easy to install on many old and recent routers and it brings them back to life with a smooth web UI and support for many features of the network. It also includes a package manager. For example, OpenWrt could be instrumented to eavesdrop on HTTPS and save it locally through USB storage if your router has such hardware. At the time of writing, OpenWrt supports almost 2,000 devices. This means that a vulnerability in this system can potentially expose millions of users. Since this firmware embeds an entire operating system, we will be able to perform full system emulation and plug in our harness to hunt for some vulnerabilities. We will show this harness for x86 and ARM32 architectures.

Samsung Exynos baseband

Shannon is the software that’s running within the Exynos chips of Samsung. In this book, we will use it to fuzz into the protocol stack to rediscover some nasty vulnerabilities. This research has been foundational to exploiting GSM and gaining root privileges within cellular phones’ radio chips and eventually escalating to the application processor through the kernel driver. In Android, this interface driver is called RILD (https://hernan.de/research/papers/firmwire-ndss22-hernandez.pdf).

iOS and Android

We will embark on a difficult journey and show how mobile operating systems and their libraries can be executed and fuzzed on your PC. Standing on the shoulders of many giants, we have taken the chance to explain the nuts and bolts of these gems, to empower everyone that has the will to access these precious resources. The final chapter will include a syscall fuzzer for iOS and a library fuzzer for Android.

You have been reading a chapter from
Fuzzing Against the Machine
Published in: May 2023
Publisher: Packt
ISBN-13: 9781804614976
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image