book

Fuzzing Against the Machine

Name: Fuzzing Against the Machine
ISBN: 9781804614976

by Antonio Nappa, Eduardo Blázquez

May 2023

Intermediate to advanced

238 pages

5h 30m

English

Packt Publishing

Read now

Unlock full access

Fuzzing Against the Machine
ForewordsContributorsAbout the authorsAbout the reviewers
Preface
Who this book is forWhat this book coversTo get the most out of this bookDownload the example code filesDownload the color imagesConventions usedGet in touchShare Your ThoughtsDownload a free PDF copy of this book
Part 1: Foundations
Chapter 1: Who This Book is For
Who is this book for?PrerequisitesA custom journeyGetting a primerThe utility beltLadies and gentlemen, start your enginesQEMU basic instrumentationOpenWrt full system emulationSamsung Exynos basebandiOS and AndroidSummary
Chapter 2: History of Emulation
What is emulation?Why is emulation needed?Differences between emulation and virtualizationEmulation besides QEMUMAMEBochsRetroPieThe role of emulation and virtualization in cybersecurity through historyAnubisTEMUEtherThe Cuckoo sandboxCommercial solutions – VirusTotal and Joe SandboxSummary
Chapter 3: QEMU From the Ground
Approaching IoT devices with emulationCode structureQEMU emulationQEMU IRA deep-dive into QEMU architectureQEMU extensions and modsA brief example of Avatar2PANDASummary
Part 2: Emulation and Fuzzing
Chapter 4: QEMU Execution Modes and Fuzzing
QEMU user modeQEMU full-system modeFuzzing and analysis techniquesThe Rosetta Stone of program semanticsFuzzing techniquesAmerican Fuzzy Lop and American Fuzzy Lop++Advantages of AFL and AFL++ versus my own fuzzerFuzzing with AFL and AFL++Fuzzing ARM binariesSummary
Chapter 5: A Famous Refrain: AFL + QEMU = CVEs
Is it so easy to find vulnerabilities?Downloading and installing AFL++Preparing a vulnerable VLC instanceVLC exploitFull-system fuzzing – introducing TriforceAFLPassing inputs to the guest systemSummaryFurther readingAppendix
Chapter 6: Modifying QEMU for Basic Instrumentation
Adding a new CPUEmulating an embedded firmwareReverse engineering DMA peripheralsEmulating UART with Avatar2 for firmware debugging – visualizing outputSummary

Part 3: Advanced Concepts
Chapter 7: Real-Life Case Study: Samsung Exynos Baseband
A crash course on mobile phone architectureBasebandBaseband CPU familyApplication processor and baseband interfaceA talk with ShannonA note on GSM/3GPP/LTE protocol specificationsSetting up FirmWire for vulnerability validationCVE-2020-25279 – emulator fuzzingCVE-2020-25279 – OTA exploitationSummary
Chapter 8: Case Study: OpenWrt Full-System Fuzzing
OpenWrtBuilding the firmwareTesting the firmware in QEMUExtracting and preparing the kernelFuzzing the kernelPost-crash core dump triagingSummary
Chapter 9: Case Study: OpenWrt System Fuzzing for ARM
Emulating the ARM architecture to run an OpenWrt systemInstalling TriforceAFL for ARMRunning TriforceAFL in OpenWrt for ARMObtaining a crashSummary
Chapter 10: Finally Here: iOS Full System Fuzzing
A brief history of iOS emulationiOS basicsWhat it takes to boot iOSCode signaturesPlist files and entitlementsBinaries compilationIPSW formats and research kernelsSetting up an iOS emulatorPreparing the environmentBuilding the emulatorBoot preppingBooting iOS in QEMUPreparing your harness to start fuzzingTriforce’s driver mod for iOSSummary
Chapter 11: Deus Ex Machina: Fuzzing Android Libraries
Introducing the Android OS and its architectureThe Android architectureFuzzing Android libraries with SlothIntroducing Sloth's mechanismsIntroducing AFL coverageRunning the ELF linkerRunning LibFuzzerAddressing issues with the Sloth fuzzing methodRunning SlothSummary
Chapter 12: Conclusion and Final Remarks
Index
Why subscribe?
Other Books You May EnjoyPackt is searching for authors like youShare Your ThoughtsDownload a free PDF copy of this book

Overview

Fuzzing Against the Machine is your ultimate guide to mastering emulation and vulnerability research in cybersecurity. Through practical examples, this book teaches you to use QEMU, AFL, and other open-source tools to build your own emulation and fuzzing environments, empowering you to discover and mitigate vulnerabilities in various systems and firmware.

What this Book will help me do

Learn the fundamentals of emulation and the difference between emulation and virtualization.
Understand fuzzing techniques and how they are applied to locate vulnerabilities in software.
Combine tools like QEMU and AFL to create effective fuzzing workflows.
Explore real-world case studies and create your own device emulation setups.
Identify and mitigate vulnerabilities in IoT and embedded systems software.

Author(s)

Antonio Nappa and Eduardo Blázquez are seasoned experts in cybersecurity and software engineering, specializing in emulation and fuzzing for vulnerability research. With years of experience in teaching and applied research, they bring practical and academic insights together in this book. They have designed the content to be hands-on and approachable, ideal for learners eager to improve their expertise.

Who is it for?

This book is designed for security researchers and professionals, embedded firmware engineers, and software developers interested in cybersecurity. Readers should ideally have a foundational understanding of operating systems, programming in C and Python, and Linux shell basics. It's perfect for those wanting to advance their penetration testing and vulnerability research skills.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Fuzzing: Brute Force Vulnerability Discovery

Publisher Resources

ISBN: 9781804614976

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills