Fuzzing Against the Machine: Automate vulnerability research with emulated IoT devices on QEMU

Find security flaws in any architecture effectively through emulation and fuzzing with QEMU and AFL

Purchase of the print or Kindle book includes a free PDF eBook

Key Features

• Understand the vulnerability landscape and useful tools such as QEMU and AFL
• Explore use cases to find vulnerabilities and execute unknown firmware
• Create your own firmware emulation and fuzzing environment to discover vulnerabilities

Book Description

Emulation and fuzzing are among the many techniques that can be used to improve cybersecurity; however, utilizing these efficiently can be tricky. Fuzzing Against the Machine is your hands-on guide to understanding how these powerful tools and techniques work. Using a variety of real-world use cases and practical examples, this book helps you grasp the fundamental concepts of fuzzing and emulation along with advanced vulnerability research, providing you with the tools and skills needed to find security flaws in your software.

The book begins by introducing you to two open source fuzzer engines: QEMU, which allows you to run software for whatever architecture you can think of, and American fuzzy lop (AFL) and its improved version AFL++. You'll learn to combine these powerful tools to create your own emulation and fuzzing environment and then use it to discover vulnerabilities in various systems, such as iOS, Android, and Samsung's Mobile Baseband software, Shannon. After reading the introductions and setting up your environment, you'll be able to dive into whichever chapter you want, although the topics gradually become more advanced as the book progresses.

By the end of this book, you'll have gained the skills, knowledge, and practice required to find flaws in any firmware by emulating and fuzzing it with QEMU and several fuzzing engines.

What you will learn

• Understand the difference between emulation and virtualization
• Discover the importance of emulation and fuzzing in cybersecurity
• Get to grips with fuzzing an entire operating system
• Discover how to inject a fuzzer into proprietary firmware
• Know the difference between static and dynamic fuzzing
• Look into combining QEMU with AFL and AFL++
• Explore Fuzz peripherals such as modems
• Find out how to identify vulnerabilities in OpenWrt

Who this book is for

This book is for security researchers, security professionals, embedded firmware engineers, and embedded software professionals. Learners interested in emulation, as well as software engineers interested in vulnerability research and exploitation, software testing, and embedded software development will also find it useful. The book assumes basic knowledge of programming (C and Python); operating systems (Linux and macOS); and the use of Linux shell, compilation, and debugging.

這本書介紹了如何透過模擬和模糊測試（fuzzing）有效地找出任何架構中的安全漏洞，並使用QEMU和AFL進行操作。

購買印刷版或Kindle電子書的讀者將獲得免費的PDF電子書。

主要特點：

- 了解漏洞風險和QEMU、AFL等有用工具
- 通過實際案例探索尋找漏洞和執行未知韌體的用例
- 創建自己的韌體模擬和模糊測試環境，以發現漏洞

書籍描述：

模擬和模糊測試是提升網絡安全的眾多技術之一，但有效地利用這些技術並不容易。《Fuzzing Against the Machine》是一本實踐指南，幫助讀者了解這些強大工具和技術的運作方式。通過多種實際案例和實用示例，本書幫助讀者掌握模糊測試和模擬的基本概念，以及高級漏洞研究，並提供發現軟體漏洞所需的工具和技能。

本書首先介紹了兩個開源的模糊測試引擎：QEMU，它可以讓您運行各種架構的軟體；以及AFL及其改進版本AFL++。您將學習如何結合這些強大的工具，創建自己的模擬和模糊測試環境，並使用它來發現iOS、Android和三星的Mobile Baseband軟體Shannon等各種系統中的漏洞。在閱讀介紹並設置環境後，您可以隨意選擇任何章節進行深入研究，儘管隨著書籍的進展，主題逐漸變得更加高級。

通過閱讀本書，您將獲得模擬和模糊測試QEMU和多個模糊測試引擎的技能、知識和實踐，從而能夠發現任何韌體中的漏洞。

學到的內容：

- 了解模擬和虛擬化的區別
- 了解模擬和模糊測試在網絡安全中的重要性
- 掌握對整個操作系統進行模糊測試的方法
- 學習如何將模糊測試器注入專有韌體
- 瞭解靜態和動態模糊測試的區別
- 探索QEMU與AFL和AFL++的結合
- 研究模糊測試外設，如調制解調器
- 瞭解如何在OpenWrt中識別漏洞

適合閱讀者：

本書適合安全研究人員、安全專業人員、嵌入式韌體工程師和嵌入式軟體專業人員。對模擬感興趣的學習者，以及對漏洞研究和利用、軟體測試和嵌入式軟體開發感興趣的軟體工程師也會覺得有用。本書假設讀者具備基本的編程知識（C和Python）、操作系統知識（Linux和macOS）以及使用Linux shell、編譯和調試的能力。

1. Who this book is for
2. History of emulation
3. Qemu from the ground
4. Qemu Execution Modes and Fuzzing
5. A Famous Refrain: AFL+QEMU = CVEs
6. Modifying QEMU for basic instrumentation
7. Real-life Case Study: Samsung Exynos Baseband
8. Case Study: OpenWRT full system fuzzing
9. Case Study: OpenWRT System Fuzzing for ARM
10. Finally Here: iOS Full System Fuzzing
11. Deus Ex Machina: Fuzzing Android Libraries
12. Conclusion and Final Remarks

1. 這本書適合的讀者是誰
2. 模擬器的歷史
3. 從頭開始學習 QEMU
4. QEMU 的執行模式和模糊測試
5. 一個著名的口頭禪：AFL+QEMU = CVEs
6. 修改 QEMU 進行基本儀器化
7. 實際案例研究：三星 Exynos 基帶
8. 案例研究：OpenWRT 完整系統模糊測試
9. 案例研究：OpenWRT ARM 系統模糊測試
10. 終於來了：iOS 完整系統模糊測試
11. 造物主：模糊測試 Android 函式庫
12. 結論和最後的話