GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Riscure → Optee_fuzzer

Riscure / Optee_fuzzer

Licence: gpl-3.0
This repository contains the code for a fuzzing prototype for the OP-TEE system call interface using AFL.

Programming Languages

c
50402 projects - #5 most used programming language

Labels

fuzzing

Projects that are alternatives of or similar to Optee fuzzer

Lfuzzer
Fuzzing Parsers with Tokens
Stars: ✭ 28 (-64.1%)
Mutual labels:  fuzzing
Burpsuite Collections
BurpSuite收集:包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程,欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar
Stars: ✭ 1,081 (+1285.9%)
Mutual labels:  fuzzing
Randomjson
Provides a Kotlin/Java library to create a random json string
Stars: ✭ 70 (-10.26%)
Mutual labels:  fuzzing
Baresifter
A bare-metal x86 instruction set fuzzer a la Sandsifter
Stars: ✭ 33 (-57.69%)
Mutual labels:  fuzzing
Afl Compiler Fuzzer
Variation of american fuzzy lop for testing compilers for C-like languages, revised by Alex Groce & collaborators to fuzz tools processing source code in C-like languages
Stars: ✭ 47 (-39.74%)
Mutual labels:  fuzzing
Erlamsa
Erlang port of famous radamsa fuzzzer.
Stars: ✭ 56 (-28.21%)
Mutual labels:  fuzzing
Pbtk
A toolset for reverse engineering and fuzzing Protobuf-based apps
Stars: ✭ 791 (+914.1%)
Mutual labels:  fuzzing
Afl Patches
Patches to afl to fix bugs or add enhancements
Stars: ✭ 76 (-2.56%)
Mutual labels:  fuzzing
Dockerized fuzzing
Run fuzzing experiments in Docker
Stars: ✭ 48 (-38.46%)
Mutual labels:  fuzzing
Elmyr
A utility to make Kotlin/Java tests random yet reproducible
Stars: ✭ 68 (-12.82%)
Mutual labels:  fuzzing
Example Go
Go Fuzzit Example
Stars: ✭ 39 (-50%)
Mutual labels:  fuzzing
Afl.rs
🐇 Fuzzing Rust code with American Fuzzy Lop
Stars: ✭ 1,013 (+1198.72%)
Mutual labels:  fuzzing
Honeybee
An experimental high performance, fuzzing oriented Intel Processor Trace capture and analysis suite
Stars: ✭ 63 (-19.23%)
Mutual labels:  fuzzing
Copy2java
一键生成Java代码的burp插件/Generate Java script for fuzzing in Burp。
Stars: ✭ 32 (-58.97%)
Mutual labels:  fuzzing
Boofuzz
A fork and successor of the Sulley Fuzzing Framework
Stars: ✭ 1,180 (+1412.82%)
Mutual labels:  fuzzing
Gromit
EBNF grammar fuzzer
Stars: ✭ 12 (-84.62%)
Mutual labels:  fuzzing
Rfsec Toolkit
RFSec-ToolKit is a collection of Radio Frequency Communication Protocol Hacktools.无线通信协议相关的工具集,可借助SDR硬件+相关工具对无线通信进行研究。Collect with ♥ by HackSmith
Stars: ✭ 1,085 (+1291.03%)
Mutual labels:  fuzzing
Awesome Directed Fuzzing
A curated list of awesome directed fuzzing research papers
Stars: ✭ 77 (-1.28%)
Mutual labels:  fuzzing
Testing Distributed Systems
Curated list of resources on testing distributed systems
Stars: ✭ 1,187 (+1421.79%)
Mutual labels:  fuzzing
Book
📖 Guides and tutorials on how to fuzz Rust code
Stars: ✭ 67 (-14.1%)
Mutual labels:  fuzzing
View All Similar Projects ➔

OP-TEE Fuzzer

This repository contains the code for a fuzzing prototype for the OP-TEE system call interface using AFL. It works by having a proxy CA that works as target from the perspective of AFL and that invokes a proxy TA that performs arbitrary system calls defined through a custom function call definition format. An AFL post library is used to discard invalid input files without invoking the TEE (which is relatively slow).

The fuzzer and ideas behind it were presented at Nullcon 2019 and Linaro Connect SAN19.

Slides: https://static.linaro.org/connect/san19/presentations/san19-225.pdf Video: https://www.youtube.com/watch?v=7bYAwaJ7WZw

The code in this repository is an unpolished prototype that is released "as-is" to demonstrate the concepts of fuzzing a Trusted Execution Environment.

Build Instructions

Ensure you have a fully checked out OP-TEE build tree. Clone this repository as subdirectory of the build tree. Apply the patches to the OP-TEE build system, client library and OS itself. Then build OP-TEE using the instructions provided at https://optee.readthedocs.io/en/latest/building/gits/build.html. As last step build the fuzzer using "make fuzzer" in the OP-TEE build folder. Additionally, cross-compile AFL for ARM.

Note: the provided (raw) patches are for OP-TEE 3.3.0. Porting them to a different OP-TEE version requires most likely some changes.

Usage Instructions

Boot the system normally (using QEMU or using real hardware) and make sure the TEE functions normally (i.e. tee-supplicant running etc.) Copy the proxy TA to the correct folder (normally /lib/optee_armtz) and start AFL:

AFL_POST_LIBRARY=/path/to/fuzzer/afl_validate.so afl-fuzz -i /path/to/fuzzer/seeds -t 300+ -o /tmp/state -M $1 -- /path/to/fuzzer/tee_invoke_svc

License, Copyright and more

Copyright 2019 Riscure B.V. All rights reserved.

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

Riscure B.V. reserves the right to dual-license the code under a different license at any future moment. Therefore, patches or code contributions cannot be accepted without transferring the copyright to Riscure B.V.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].