Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/softsec-kaist/imf
Inferred Model-based Fuzzer
https://github.com/softsec-kaist/imf
fuzzer kernel-fuzzing macos
Last synced: about 1 month ago
JSON representation
Inferred Model-based Fuzzer
- Host: GitHub
- URL: https://github.com/softsec-kaist/imf
- Owner: SoftSec-KAIST
- License: mit
- Created: 2017-08-22T06:41:20.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2022-01-22T15:17:27.000Z (almost 3 years ago)
- Last Synced: 2024-04-22T10:11:40.884Z (8 months ago)
- Topics: fuzzer, kernel-fuzzing, macos
- Language: Python
- Homepage:
- Size: 264 KB
- Stars: 107
- Watchers: 13
- Forks: 25
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
IMF: Inferred Model-based Fuzzer
========================IMF is a kernel API fuzzer that leverages an automated API model
inferrence techinque proposed in our
[paper](http://daramg.gift/paper/han-ccs2017.pdf) at CCS. IMF
currently only supports macOS. To see how to configure and run
IMF, see the followings.# Setup
## Requirements
- python2.7
- pypy
- clang## How to run
1. Generate hooking library for APIs
```
$ ./gen-hook [output(hooking code) path]
$ clang -Wall -dynamiclib -framework IOKit -framework CoreFoundation -arch i386\
-arch x86_64 hook.c -o hook
```2. Collect logs
```
$ DYLD_INSERT_LIBRARIES=[hooking library path] [program path] [program args]
```3. Filter logs
```
$ ./filter-log [log dir] [output dir] [# of output(filtered log)] [# of core]
```4. Infer a model and generate a fuzzer.
```
$ ./gen-fuzz [filtered logs path] [output(fuzzer code) path] [# of core]
```5. Compile the fuzzer
```
$ clang -framework IOKit -framework CoreFoundation -arch i386 fuzz.c -o fuzz
```6. Run the fuzzer
```
$ ./fuzz -f [log path] -s [seed] -b [bitlen] -r [rate] -l [# of max loops]
```7. You may want to run the generated fuzzer within a while loop.
# CVEs
- CVE-2017-7159
# Authors
This research project has been conducted by [SoftSec Lab](https://softsec.kaist.ac.kr) at KAIST.
* [HyungSeok Han](http://daramg.gift/)
* [Sang Kil Cha](https://softsec.kaist.ac.kr/~sangkilc/)# Citing IMF
To cite our paper ([pdf](http://daramg.gift/paper/han-ccs2017.pdf)):
```
@INPROCEEDINGS{han:ccs2017,
author = {HyungSeok Han and Sang Kil Cha},
title = {Inferred Model-based Fuzzing},
booktitle = {Proceedings of the ACM Conference on Computer and Communications Security},
year = {2017},
pages = {2345--2358}
}
```# Acknowledgement
The work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIT).