Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/softsec-kaist/imf

Inferred Model-based Fuzzer
https://github.com/softsec-kaist/imf

fuzzer kernel-fuzzing macos

Last synced: about 8 hours ago
JSON representation

Inferred Model-based Fuzzer

Host: GitHub
URL: https://github.com/softsec-kaist/imf
Owner: SoftSec-KAIST
License: mit
Created: 2017-08-22T06:41:20.000Z (about 7 years ago)
Default Branch: master
Last Pushed: 2022-01-22T15:17:27.000Z (almost 3 years ago)
Last Synced: 2024-04-22T10:11:40.884Z (7 months ago)
Topics: fuzzer, kernel-fuzzing, macos
Language: Python
Homepage:
Size: 264 KB
Stars: 107
Watchers: 13
Forks: 25
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        IMF: Inferred Model-based Fuzzer

========================

IMF is a kernel API fuzzer that leverages an automated API model

inferrence techinque proposed in our

[paper](http://daramg.gift/paper/han-ccs2017.pdf) at CCS. IMF

currently only supports macOS. To see how to configure and run

IMF, see the followings.

# Setup

## Requirements

- python2.7

- pypy

- clang

## How to run

1. Generate hooking library for APIs

```

$ ./gen-hook [output(hooking code) path]

$ clang  -Wall -dynamiclib -framework IOKit -framework CoreFoundation -arch i386\

         -arch x86_64 hook.c -o hook

```

2. Collect logs

```

$ DYLD_INSERT_LIBRARIES=[hooking library path] [program path] [program args]

```

3. Filter logs

```

$ ./filter-log [log dir] [output dir] [# of output(filtered log)] [# of core]

```

4. Infer a model and generate a fuzzer.

```

$ ./gen-fuzz [filtered logs path] [output(fuzzer code) path] [# of core]

```

5. Compile the fuzzer

```

$ clang -framework IOKit -framework CoreFoundation -arch i386 fuzz.c -o fuzz

```

6. Run the fuzzer

```

$ ./fuzz -f [log path] -s [seed] -b [bitlen] -r [rate] -l [# of max loops]

```

7. You may want to run the generated fuzzer within a while loop.

# CVEs

- CVE-2017-7159

# Authors

This research project has been conducted by [SoftSec Lab](https://softsec.kaist.ac.kr) at KAIST.

* [HyungSeok Han](http://daramg.gift/)

* [Sang Kil Cha](https://softsec.kaist.ac.kr/~sangkilc/)

# Citing IMF

To cite our paper ([pdf](http://daramg.gift/paper/han-ccs2017.pdf)):

```

@INPROCEEDINGS{han:ccs2017,

    author = {HyungSeok Han and Sang Kil Cha},

    title = {Inferred Model-based Fuzzing},

    booktitle = {Proceedings of the ACM Conference on Computer and Communications Security},

    year = {2017},

    pages = {2345--2358}

}

```

# Acknowledgement

The work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIT).