Dominik Maier, Lukas Seidel (TU Berlin)

Researchers spend hours, or even days, to understand a target well enough to harness it and get a feedback-guided fuzzer running. Once this is achieved, they rely on their fuzzer to find the right paths, maybe sampling the collected queue entries to see how well it performs. Their knowledge is of little help to the fuzzer, while the fuzzer’s behavior is largely a black box to the researcher. Enter JMPscare, providing deep insight into fuzzing queues. By highlighting unreached basic blocks across all queue items during fuzzing, JMPscare allows security researchers to understand the shortcomings of their fuzzer and helps to overcome them. JMPscare can analyze thousands of queue entries efficiently and highlight interesting roadblocks, socalled frontiers. This intel helps the human-in-the-loop to improve the fuzzer, mutator, and harness. Even complex bugs, hard to reach for a generalized fuzzer, hidden deep in the control flow of the target, can be covered in this way. Apart from a purely analytical view, its convenient built-in binary patching facilitates forced execution for subsequent fuzz runs. We demonstrate the benefit of JMPscare on the ARM-based MediaTek Baseband. With JMPscare we gain an in-depth understanding of larger parts of the firmware and find new targets in this RTOS. JMPscare simplifies further mutator, fuzzer, and instrumentation development.

View More Papers

Effects of Precise and Imprecise Value-Set Analysis (VSA) Information...

Laura Matzen, Michelle A Leger, Geoffrey Reedy (Sandia National Laboratories)

Read More

It Doesn’t Have to Be So Hard: Efficient Symbolic...

Vaibhav Sharma (University of Minnesota), Navid Emamdoost (University of Minnesota), Seonmo Kim (University of Minnesota), Stephen McCamant (University of Minnesota)

Read More

podft: On Accelerating Dynamic Taint Analysis with Precise Path...

Zhiyou Tian (Xidian University), Cong Sun (Xidian University), Dongrui Zeng (Palo Alto Networks), Gang Tan (Pennsylvania State University)

Read More

No Source Code? No Problem! Twenty Years of Research...

Jack W. Davidson, Professor of Computer Science in the School of Engineering and Applied Science, University of Virginia

Read More