You're reading from Fuzzing Against the Machine Automate vulnerability research with emulated IoT devices on QEMU

Product type Paperback

Published in May 2023

Publisher Packt

ISBN-13 9781804614976

Length 238 pages

Edition 1st Edition

Languages

Assembly

Tools

Qemu

Concepts

Cybersecurity

Authors (3):

Antonio Nappa

Eduardo Blázquez

Eduardo Blazquez

View More author details

Table of Contents (18) Chapters

Preface

1. Part 1: Foundations

2. Chapter 1: Who This Book is For FREE CHAPTER

3. Chapter 2: History of Emulation

4. Chapter 3: QEMU From the Ground

5. Part 2: Emulation and Fuzzing

6. Chapter 4: QEMU Execution Modes and Fuzzing

7. Chapter 5: A Famous Refrain: AFL + QEMU = CVEs

8. Chapter 6: Modifying QEMU for Basic Instrumentation

9. Part 3: Advanced Concepts

10. Chapter 7: Real-Life Case Study: Samsung Exynos Baseband

11. Chapter 8: Case Study: OpenWrt Full-System Fuzzing

12. Chapter 9: Case Study: OpenWrt System Fuzzing for ARM

13. Chapter 10: Finally Here: iOS Full System Fuzzing

14. Chapter 11: Deus Ex Machina: Fuzzing Android Libraries

15. Chapter 12: Conclusion and Final Remarks

16. Index

Why subscribe?

17. Other Books You May Enjoy

Setting up FirmWire for vulnerability validation

Now, we will proceed with setting up the harness for the FirmWire emulator, which emulates the CP (baseband processor) of a Samsung device. The setup instructions, as taken from the web page, are straightforward:

$ sudo apt-get -y install docker docker.io
$ git clone https://github.com/FirmWire/FirmWire.git
$ cd FirmWire
#fix for afl crash
$ sudo su
# this command must be run as root
$ echo core >/proc/sys/kernel/core_pattern
# we go out from the root command line
$ exit
$ git clone https://github.com/FirmWire/panda.git
# This will take some time
docker build -t firmwire .
# Now enter the docker with
docker run --rm -it -v $(pwd):/firmwire firmwire

The following command will start QEMU+Avatar2 with the Samsung Exynos baseband. It will also directly download the modem binary:

# Within the container you can run the firmware like this
$ ./firmwire.py https://github.com/grant-h/ShannonFirmware/raw/master/modem_files/CP_G973FXXU3ASG8_CP13372649_CL16487963_QB24948473_REV01_user_low_ship...

The rest of the chapter is locked

You're reading from Fuzzing Against the Machine Automate vulnerability research with emulated IoT devices on QEMU

Table of Contents (18) Chapters

Setting up FirmWire for vulnerability validation

Authors (2)

Personalised recommendations for you

You're reading from Fuzzing Against the Machine Automate vulnerability research with emulated IoT devices on QEMU

Table of Contents (18) Chapters

Setting up FirmWire for vulnerability validation

Unlock this book and the full library FREE for 7 days

Authors (2)

Personalised recommendations for you