Skip to content
/ Finding-exploits-in-HDF5 Public

The Hierarchical Data Format version 5 (HDF5), is an open source file format for large data used in scientific fields

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sascha47/Finding-exploits-in-HDF5

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
README.md
README.md
 
 
poc.zip
poc.zip
 
 

Repository files navigation

Finding-exploits-in-HDF5

The Hierarchical Data Format version 5 (HDF5), is an open source file format for large data used in scientific fields

Download HDF5 version 1.14.0 

https://portal.hdfgroup.org/display/support/HDF5+1.14.0

Unpack the HDF5 file

Download build essentail to get GCC compiler 

$ sudo apt install build-essential

Install AFL to get AFL-Clang-fast and AFL-CLANG-fast++ compilers 

apt-get install afl

cd into the HDF5 directory and set up the compilers and build 

export CC=/usr/bin/afl-clang-fast
export CXX=/usr/bin/afl-clang-fast++
cd ~/HDF5+1.14.0/
./configure --disable-shared --enable-static-exec && make

In the HDF5+1.14.0 directory, create an in file for the seed, and out file for the output and a file for the corpus 

cd ~/HDF5+1.14.0/
mkdir in
mkdir corpus
mkdir out

Now we prepare the seeds for fuzzing by defining the corpus and the in file with the plain_model.h5 file found in the download which is written in the same format as the HDF5 file

Download the poc into your corpus and in file for the seeding

cp ../plain_model.h5 ../corpus
cp ../plain_model.h5 ../in

Set up enviromental variables for the fuzzing 

TARGET=~/HDF5+1.14.0/tools/src/h5diff/h5diff

BASE_MODEL=~/HDF5+1.14.0/in/plain_model.h5

IN_DIR=~/HDF5+1.14.0/in

OUT_DIR=~/HDF5+1.14.0/out

Now run Afl Fuzz. 

afl-fuzz -i $IN_DIR -o $OUT_DIR -M fuzz00 $TARGET $BASE_MODEL @@

Wait for 1 minute or 2 to collect crashes and then navigate to the directory with the crashes 

~/HDF5+1.14.0/fuzz00/out/crashes

copy a crash and then run it against the HDF5 application the same way you fuzzed 

~/hdf5-1.14.0/tools/src/h5diff/h5diff ~/hdf5-1.14.0/in/plain_model.h5 ~/hdf5-1.14.0/out/fuzz00/crashes/id:000007,sig:11,src:000000,op:flip1,pos:1088

you should get a segmentation error and to see where it breaks in the actual coding we need to decompile the code with gdb after installing it 

apt-get install gdb

gdb -ex=r --args ~/hdf5-1.14.0/tools/src/h5diff/h5diff  ~/hdf5-1.14.0/in/plain_model.h5 ~/hdf5-1.14.0/out/fuzz00/crashes/id:000007,sig:11,src:000000,op:flip1,pos:1088

After running the decompiler , enter bt for backtrace

You should be able to see where the application crashed, the line and function

Next you want to recompile with default gcc and re run the application with the bug to ensure that the system still crashes and also keep the build the same 

unset CC
unset CXX
cd ~/hdf5-1.14.0/
./configure --disable-shared --enable-static-exec && make

Re run the program with the bug 

~/hdf5-1.14.0/tools/src/h5diff/h5diff ~/hdf5-1.14.0/in/plain_model.h5 ~/hdf5-1.14.0/out/fuzz00/crashes/id:000007,sig:11,src:000000,op:flip1,pos:1088

you should receive a segementation error which is the same error when compiled with afl-clang

You have succesffuly found a bug in HDF5 using afl-fuzz and are ready to file your first report

About

The Hierarchical Data Format version 5 (HDF5), is an open source file format for large data used in scientific fields

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published