You're reading from Fuzzing Against the Machine Automate vulnerability research with emulated IoT devices on QEMU

Product type Paperback

Published in May 2023

Publisher Packt

ISBN-13 9781804614976

Length 238 pages

Edition 1st Edition

Languages

Assembly

Tools

Qemu

Concepts

Cybersecurity

Authors (3):

Antonio Nappa

Eduardo Blázquez

Eduardo Blazquez

View More author details

Table of Contents (18) Chapters

Preface

1. Part 1: Foundations

2. Chapter 1: Who This Book is For FREE CHAPTER

3. Chapter 2: History of Emulation

4. Chapter 3: QEMU From the Ground

5. Part 2: Emulation and Fuzzing

6. Chapter 4: QEMU Execution Modes and Fuzzing

7. Chapter 5: A Famous Refrain: AFL + QEMU = CVEs

8. Chapter 6: Modifying QEMU for Basic Instrumentation

9. Part 3: Advanced Concepts

10. Chapter 7: Real-Life Case Study: Samsung Exynos Baseband

11. Chapter 8: Case Study: OpenWrt Full-System Fuzzing

12. Chapter 9: Case Study: OpenWrt System Fuzzing for ARM

13. Chapter 10: Finally Here: iOS Full System Fuzzing

14. Chapter 11: Deus Ex Machina: Fuzzing Android Libraries

15. Chapter 12: Conclusion and Final Remarks

16. Index

Why subscribe?

17. Other Books You May Enjoy

Who This Book is For

“Do you hear that, Mr. Anderson? That is the sound of inevitability.” This is a famous phrase from the action movie The Matrix. We refer to this sound as Moore’s law. The constant and inevitable miniaturization of circuits has paved the way for the birth of thousands and thousands of new devices, all equipped with sensors, multiple connections, and operating systems. So, how can a vulnerability researcher cope with so many devices, firmware, and standards?

Owning devices is both expensive and logistically unfeasible – for example, the birth of emulators such as Bleem! In the 90s, emulating the PlayStation on a PC was surely a cheaper option than buying the console, and you could do everything on the same PC.

Nowadays, it is clear that there is a lot of space for doing vulnerability research about any kind of device. Pioneering research was done in the first decade of this century. Tools such as Quick Emulator (QEMU), PANDA, Avatar, and Avatar2 were created. They allow you to control an emulated device and interface it with simulated sensors or real ones. They do not offer 100% functionality and full code reachability for obvious reasons (they don’t replace a real device). Though, over the years, it has been demonstrated that it is possible to find vulnerabilities by emulating a real device stepping through its execution with a debugger attached through a JTAG port.

Still, if we decide to analyze a medium-sized corpus of devices, reversing the firmware code or reading the source code takes a lot of time. Hence, using a fuzzer on the interfaces that are dependent on inputs coming from the user, for instance, may stimulate anomalous behaviors that are easier to backtrack, instead of hunting for them directly.

We will not be able to cope with all devices, interfaces, and protocols, and this is outside the scope of this book. Our aim here is to provide you with the necessary toolkit to understand the process of emulating firmware and hooking it to a fuzzer to trigger anomalous conditions. The examples have been carefully picked to help you understand the process and enable you to adapt the concepts autonomously to new firmware.

In this chapter, we will cover the following topics:

Who is this book for?
A custom journey
Getting a primer
Jumping into the dirt

You're reading from Fuzzing Against the Machine Automate vulnerability research with emulated IoT devices on QEMU

Table of Contents (18) Chapters

Who This Book is For

Authors (2)

Personalised recommendations for you