TUM Logo

Towards high-performance full system fuzzing of IoT firmware

Towards high-performance full system fuzzing of IoT firmware

Supervisor(s): Fabian Franzen
Status: finished
Topic: Others
Author: Tobias Holl
Submission: 2022-05-16
Type of Thesis: Masterthesis

Description

Low security and wide availability make IoT devices tempting targets for attackers. In order to automatically 
identify vulnerabilities in such devices before they can be exploited, we frequently make use of fuzzing. Fuzzing
the firmware directly on the device has a number of drawbacks; therefore, we typically resort to emulation. 
However, accurate emulation of the low-level components of a target system is slow, with a significant amount of
overhead incurred by emulating the translation from virtual to physical addresses. Hardware-assisted virtualization
allows us in many cases to efficiently perform this translation using the host's MMU.
In this work, we design and implement a QEMU accelerator that employs hardware-assisted virtualization to speed up
address translation in a cross-architecture setting, and demonstrate the viability and usefulness of our approach
on the SPEC CPU2017 benchmark. Using this accelerator, we construct a fuzzing framework that connects QEMU's 
system-mode emulation with AFL++, and achieves significant performance improvements over existing full-system 
fuzzers like TRIFORCEAFL.