TUM Logo

forkever: A Framework for testing and exploiting programs

forkever: A Framework for testing and exploiting programs

Supervisor(s): Clemens Jonischkeit
Status: finished
Topic: Others
Author: Jasper Rühl
Submission: 2020-10-15
Type of Thesis: Bachelorthesis

Description

In cybersecurity it is fundamental to know your enemy. As any 
compromisation of a cyber system finds its root in an exploit of a 
vulnerable of software, their mitigation requires a thorough understanding.
When studying offensive security a lot of time is naturally spent on 
debugging programs to understand the different classes of exploits, such 
as code injection-, code reuse- or data only-attacks.

This process can be tedious:
A lot of times probing for exploits does not yield the desired effect.
The program crashes, has to be restarted and all steps need to be 
repeated to restore the possibly vulnerable state.
To speed this task up, we present a tool that simplifies this by 
providing easy interaction with memory, insertion of function calls at 
arbitrary points in time and the ability to fork the inspected program to avoid 
restarting upon crash.

We achieve this by memory mapping an additional page of memory to which 
we write instructions responsible for the added functionality, which are 
then executed by setting instruction pointer to said instructions using 
\code{ptrace}.

Additionally, we demonstrate how this framework can be used for 
evaluating inputs for fuzzing and compare the performance of our 
alternative approach with two commonly used ones to find that forking programs 
at specific points in control flow is only applicable in niche contexts.