GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → 0xf4b1 → bsod-kernel-fuzzing

0xf4b1 / bsod-kernel-fuzzing

Licence: other
BSOD: Binary-only Scalable fuzzing Of device Drivers

Programming Languages

c
50402 projects - #5 most used programming language
python
139335 projects - #7 most used programming language
shell
77523 projects
Dockerfile
14818 projects
CMake
9771 projects
Makefile
30231 projects
Meson
512 projects

Labels

kernelqemufuzzing

Projects that are alternatives of or similar to bsod-kernel-fuzzing

Kafl
A fuzzer for full VM kernel/driver targets
Stars: ✭ 204 (+56.92%)
Mutual labels:  qemu, fuzzing
Aflplusplus
The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
Stars: ✭ 2,319 (+1683.85%)
Mutual labels:  qemu, fuzzing
FirmWire
FirmWire is a full-system baseband firmware emulation platform for fuzzing, debugging, and root-cause analysis of smartphone baseband firmwares
Stars: ✭ 555 (+326.92%)
Mutual labels:  qemu, fuzzing
Sloth
Sloth 🦥 is a coverage guided fuzzing framework for fuzzing Android Native libraries that makes use of libFuzzer and QEMU user-mode emulation
Stars: ✭ 91 (-30%)
Mutual labels:  qemu, fuzzing
SourceWolf
Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥
Stars: ✭ 132 (+1.54%)
Mutual labels:  fuzzing
5-AFL-suite-docker
Dockerfile for AFL++ and helpful other tools
Stars: ✭ 20 (-84.62%)
Mutual labels:  fuzzing
fuzzing-101-solutions
Companion repository to the Fuzzing101 with LibAFL series of blog posts.
Stars: ✭ 93 (-28.46%)
Mutual labels:  fuzzing
qemu-arm
Approximation Raspberry Pi Emulator in Docker Container
Stars: ✭ 31 (-76.15%)
Mutual labels:  qemu
titanm
This repository contains the tools we used in our research on the Google Titan M chip
Stars: ✭ 149 (+14.62%)
Mutual labels:  fuzzing
roboxtractor
Extract endpoints marked as disallow in robots files to generate wordlists.
Stars: ✭ 40 (-69.23%)
Mutual labels:  fuzzing
AndroidFuzz
JavaFuzz 4 Android
Stars: ✭ 27 (-79.23%)
Mutual labels:  fuzzing
vaf
Vaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (+126.15%)
Mutual labels:  fuzzing
virgo
Crowdsourced fuzzing cluster. 🚀
Stars: ✭ 21 (-83.85%)
Mutual labels:  fuzzing
Regaxor
A regular expression fuzzer.
Stars: ✭ 35 (-73.08%)
Mutual labels:  fuzzing
Melvix
💻 A small operating system written from scratch
Stars: ✭ 69 (-46.92%)
Mutual labels:  qemu
afl-dyninst
American Fuzzy Lop + Dyninst == AFL Fuzzing blackbox binaries
Stars: ✭ 65 (-50%)
Mutual labels:  fuzzing
Instruction-Stomp
Cross-architecture instruction counting for CTF solving
Stars: ✭ 32 (-75.38%)
Mutual labels:  qemu
blog
retrohunblog
Stars: ✭ 46 (-64.62%)
Mutual labels:  qemu
qinst
Draft of generic instrumentation tool based on QEMU using eBPF to implement trivial instrumentations with trivial code
Stars: ✭ 17 (-86.92%)
Mutual labels:  qemu
ras-fuzzer
RAS(RAndom Subdomain) Fuzzer
Stars: ✭ 42 (-67.69%)
Mutual labels:  fuzzing
View All Similar Projects ➔

bsod-kernel-fuzzing

bsod paper

This repository contains the implementations described in "BSOD: Binary-only Scalable fuzzing Of device Drivers".

The paper and the project are based on my master's thesis with the title "Closed-Source Kernel Driver Fuzzing Through Device Emulation in QEMU", which I wrote at the Chair for Security in Telecommunications (SecT) at the TU Berlin.

During the experiments, we found and reported three vulnerabilities in the NVIDIA graphic drivers identified by CVE-2021-1090, CVE-2021-1095, and CVE-2021-1096.

Requirements

  • kvm-vmi

    The fuzzing setups rely on the KVM-VMI project that provides introspection capabilities for KVM. It consists of a modified KVM kernel module and QEMU, libkvmi and libvmi. To prepare the host, follow the Setup instructions.

  • A guest file system image for fuzzing.

    For Linux, you should consider creating a minimal rootfs.

bsod-afl

Kernel fuzzing with AFL initially based on kernel-fuzzer-for-xen-project.

bsod-syzkaller

Modified syzkaller kernel fuzzer with patches for using syz-bp-cov, a small tool that provides coverage feedback via breakpoints intended for fuzzing closed-source targets.

bsod-fakedev

QEMU with pci-replay device and implementation based on a nvidia reference device and scripts to extract pci-replay data out of QEMU's vfio trace data.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].