I had already show how to fuzz the windows kernel via JS, today we will introduce a new method to discover windows kernel vulnerabilities automatically without fuzzing. This Patch-Tuesday MS fixed 6 kernel information leak vulnerabilities reported by us, the details are at the end of this article. We also added support for x86 and PowerPC GUSTAVE instrumentation shims to afl-gcc.Author : and of IceSword Lab, Qihoo 360 The implementation of your own board is really easy. If you can run your target with QEMU, you can fuzz it with GUSTAVE with little effort.įor now, we provide example Intel 440FX and PowerPC PREP boards with GUSTAVE integration. The GUSTAVE implementation is architecture independent. We have implemented and tested Intel x86 and PowerPC support. you still need to implement target specific things:.covers all system calls implemented in the target kernel.can even use hardware-virtualization with kvm.really target agnostic (OS, architecture), as long as QEMU offers support.no specific devs are needed inside the target.you need to inject AFL instrumentation shims in the target kernel.GUSTAVE design choices implies the following differences: There exists comparable approaches, such as: How does it compare to existing solutions ? generated test cases translation to target system calls.To make it short, afl-fuzz will run QEMU with GUSTAVE integration as its target. However, AFL can’t directly fuzz an OS kernel and expects its target to directly parse the generated test cases. The afl-fuzz tool, from the AFL project, is used to automatically fuzz your target. However if you have a target under the hood which can be rebuilt from scratch and crafted with one or two applications to boot without any user interaction, it might be interesting to give GUSTAVE a try. It might not be the best tool to fuzz a large and complex Windows or Linux kernel. GUSTAVE has mainly been designed to target embedded OS kernels. One can see GUSTAVE as a AFL forkserver implementation inside QEMU, with fine grain target inspection. It allows to fuzz OS kernels like simple applications. It is based on QEMU and AFL (and all of its forkserver siblings). GUSTAVE is a fuzzing platform for embedded OS kernels.
0 kommentar(er)
