Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/nstarke/bootfuzz

A MBR Fuzzer
https://github.com/nstarke/bootfuzz

boot-sector fuzzer fuzzing mbr nasm security-tools

Last synced: 3 months ago
JSON representation

A MBR Fuzzer

Host: GitHub
URL: https://github.com/nstarke/bootfuzz
Owner: nstarke
License: mit
Created: 2024-03-23T23:36:19.000Z (10 months ago)
Default Branch: main
Last Pushed: 2024-04-03T14:50:57.000Z (10 months ago)
Last Synced: 2024-10-07T21:23:01.981Z (4 months ago)
Topics: boot-sector, fuzzer, fuzzing, mbr, nasm, security-tools
Language: Assembly
Homepage:
Size: 150 KB
Stars: 28
Watchers: 2
Forks: 2
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Bootfuzz

![Bootfuzz Screenshot](/bootfuzz-screenshot.png "Bootfuzz Screenshot")

A small fuzzer written to test motherboards / system BIOS for MBR-based hosts

## What does this test?
This fuzzer will test Port IO using the x86 `in` and `out` instructions. It uses a BIOS Service Timer to generate random word values and then supply those random word values as operands to the `in` and `out` instructions.

There are also testing modes for BIOS Services provided by `int 0x13` - specifically disk read/write.

## Contributing
If you are able to run this on actual hardware, please open an issue and let us know your system specs and your results.

## Assembling
You can assemble `bootfuzz.asm` with NASM thusly:

```
nasm -f bin -o bootfuzz.img bootfuzz.asm
```

## Running

[!["Bootfuzz Running on Physical Hardware"](https://img.youtube.com/vi/_j66cVXjqEk/0.jpg)](https://www.youtube.com/watch?v=_j66cVXjqEk "Bootfuzz Running on Physical Hardware")

_Video of Bootfuzz running on physical hardware_

After you have assembled the fuzzer into `bootfuzz.img`, you can run the fuzzer in qemu thusly:

```
qemu-system-i386 -fda bootfuzz.img -nographic -accel kvm
```

In VirtualBox, you will need to add a "Floppy" controller in the VM settings and then add a floppy drive. After the floppy drive is created, you can point it at `bootfuzz.img` and then boot up.

## Precompiled
You can also use the provided `bootfuzz.img` in this repository as a precompiled mbr for fuzzing.

## Crashing Test Cases
I have seen repeatable crashes in QEMU, VirtualBox, and VMWare Workstation Player already, but I do not have the time or interest in triaging them. I'm more interested in getting it running on physical hardware.

**Crashing Testcase 1: QEMU and VirtualBox**

* `QEMU emulator version 8.0.4 (Debian 1:8.0.4+dfsg-1ubuntu3.23.10.3)`
* `VirtualBox Version 7.0.14 r161095`

```
org 0x7c00

start:
mov dx, 0x03ff
in ax, dx

times 510-($-$$) db 0
db 0x55, 0xaa
```

**Crashing Testcase 2: VMWare Player**

* `VMWare Workstation Player Version 17.5.1 build-23298084`

```
org 0x7c00

start:
mov dx, 0x04ba
mov ax, 0x00a8
out dx, ax

times 510-($-$$) db 0
db 0x55, 0xaa
```

**Crashing Testcase 3: VMWare Player**

* `VMWare Workstation Player Version 17.5.1 build-23298084`

```
org 0x7c00

start:
mov ax, 0x163e
mov dx, 0x043e
in ax, dx

times 510-($-$$) db 0
db 0x55, 0xaa
```

## Bugs
If you find bugs using this fuzzer I would appreciate a shout out or a link back to this project.

### Qemu
Here is a list of instructions that will cause problems at least with QEMU:

```
mov ax, 0x9090 (Any 16bit word)
mov dx, 0x0cfe ; 0x03fb
out dx, ax
```