Dominik Maier, Lukas Seidel (TU Berlin)

Researchers spend hours, or even days, to understand a target well enough to harness it and get a feedback-guided fuzzer running. Once this is achieved, they rely on their fuzzer to find the right paths, maybe sampling the collected queue entries to see how well it performs. Their knowledge is of little help to the fuzzer, while the fuzzer’s behavior is largely a black box to the researcher. Enter JMPscare, providing deep insight into fuzzing queues. By highlighting unreached basic blocks across all queue items during fuzzing, JMPscare allows security researchers to understand the shortcomings of their fuzzer and helps to overcome them. JMPscare can analyze thousands of queue entries efficiently and highlight interesting roadblocks, socalled frontiers. This intel helps the human-in-the-loop to improve the fuzzer, mutator, and harness. Even complex bugs, hard to reach for a generalized fuzzer, hidden deep in the control flow of the target, can be covered in this way. Apart from a purely analytical view, its convenient built-in binary patching facilitates forced execution for subsequent fuzz runs. We demonstrate the benefit of JMPscare on the ARM-based MediaTek Baseband. With JMPscare we gain an in-depth understanding of larger parts of the firmware and find new targets in this RTOS. JMPscare simplifies further mutator, fuzzer, and instrumentation development.

View More Papers

Bitcontracts: Supporting Smart Contracts in Legacy Blockchains

Karl Wüst (ETH Zurich), Loris Diana (ETH Zurich), Kari Kostiainen (ETH Zurich), Ghassan Karame (NEC Labs), Sinisa Matetic (ETH Zurich), Srdjan Capkun (ETH Zurich)

Read More

DOVE: A Data-Oblivious Virtual Environment

Hyun Bin Lee (University of Illinois at Urbana-Champaign), Tushar M. Jois (Johns Hopkins University), Christopher W. Fletcher (University of Illinois at Urbana-Champaign), Carl A. Gunter (University of Illinois at Urbana-Champaign)

Read More

Sn4ke: Practical Mutation Analysis of Tests at Binary Level

Mohsen Ahmadi (Arizona State University), Pantea Kiaei (Worcester Polytechnic Institute), Navid Emamdoost (University of Minnesota)

Read More

Understanding Worldwide Private Information Collection on Android

Yun Shen (NortonLifeLock Research Group), Pierre-Antoine Vervier (NortonLifeLock Research Group), Gianluca Stringhini (Boston University)

Read More