Code Monkey home page Code Monkey logo

tuscan-leather's Introduction

Tuscan Leather

A Linux Kernel Snapshot Fuzzer using KVM.

Late Registration is the name for a Linux Kernel snapshot fuzzer. The goal for this project is to be able to fuzz complex functionality of the Linux Kernel that would ordinarily require time consuming environment setup that would be difficult to reproduce solely using coverage based fuzzing techniques. To aid us in this project we will use the Kernel Virtual Machine Platform(KVM) to create our virtual machines. The design of the fuzzer component of this project will be based on LibFuzzer where the developer has to define the fuzzing environment through the use of a C program acting as an initrd and an ioctl-based API provided by the OS Handler character device driver.

Usage

./Tuscan-Leather <Path to bzImage> <initrd>

OS Handler

The OS Handler is a character device driver that allows the fuzz case runner to issue IOCTL commands that are received by the KVM hypervisor. Available commands are in fuzzRunner.h.

Future Plans

  1. Device Fuzzing
  • Ability to emulate physical devices to fuzz device drivers
    • emulation allows ability to have introspection at the "hardware" end
  • Possibility to fuzz PCI, USB, etc...
  1. OS Handler
  • Kernel module that allows communication between the harness and the userland in the guest vm.
  • character device driver with an ioctl-based API that issues commands via I/O ports and MMIO.
  1. Snapshots
  • Would like to implement a delta-based snapshot restoration scheme. Should lead to faster restoration times and more fuzz cases per second.
  1. Breakpoint API
  • Allows easy way to introspect kernel functions.
    • Kernel Module Loading, Kernel Panics, Coverage Info, I/O port allocation, task structures.
    • Requires way to interact with virtual memory.
  • Desired breakpoints to be fed by a text file containing kernel addresses
  1. Status Menu / Code Base Refactor
  • Show statistics about the vm
    • Clk cycles/Reset, Mem usage, % in vm code, etc...
  1. Mutator for Device Driver Fuzzing
  • Structure aware mutator for device driver ioctl fuzzing
  1. Multi-vm
  • Ability to spin up multiple virtual machines to have concurrent kernel fuzzing
  • Requires architecture restructure to manage multiple VMs
  • Would use an IPC mechanism to orchestrate threads

tuscan-leather's People

Contributors

smoothhacker avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.