Skip to content

thetaurean/periscope

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary

Setup

Prerequisites

  • An AArch64 toolchain
  • Android platform tools: adb and fastboot
  • Python and dependent packages: invoke and prettytable
  • Go and Syzkaller packages

Building and flashing boot image

  • Get kernel source code and apply our patches

  • Make sure to have the following config options set

    CONFIG_KCOV=y
    CONFIG_HWIOTRACE=y
    CONFIG_HWIOFUZZ=y
    CONFIG_KHWIO_MMIO=y
    CONFIG_KHWIO_STREAMING_DMA=y
    CONFIG_KHWIO_CONSISTENT_DMA=y
    
  • Build the kernel and create a boot image, and flash it

Building executor and fuzzer (AFL)

make executor fuzzer

# Push executables to the target device
python host/cli.py push --executables

Monitoring and seed generation

# enable tracing
python host/cli.py monitor --enable
python host/cli.py monitor --status # should return "enabled"

# enable probes
python host/cli.py monitor --list-probes
python host/cli.py monitor --activate <CTX_ID>
# enable monitoring for active probes for the specified duration
python host/cli.py monitor --trace <MONITOR_SEC>

# check trace_pipe in $PWD
python host/cli.py monitor --parse trace_pipe --generate-seed <SEED_DIR>
python host/cli.py push --seed <SEED_DIR>

Starting automated fuzzing

# create CONFIG_FILE for your needs (see default.cfg)
python host/manager.py --config <CONFIG_FILE>

Starting AFL manually

adb shell

# setup necessary dirs and provide some seed

AFL_NO_ARITH=1 AFL_FAST_CAL=1 AFL_NO_FORKSRV=1 AFL_SKIP_CPUFREQ=1 \
  /data/local/tmp/fuzzer -i /data/local/tmp/seed -o /data/local/tmp/out -t 500000+ /data/local/tmp/executor @@

Diagnosing crashes

python host/cli.py diagnose --last-crash

Citing our paper

@inproceedings{song2019periscope,
  title =        {{PeriScope}: An Effective Probing and Fuzzing Framework for
                  the Hardware-{OS} Boundary},
  author =       {Song, Dokyung and Hetzelt, Felicitas and Das, Dipanjan and
                  Spensky, Chad and Na, Yeoul and Volckaert, Stijn and Vigna,
                  Giovanni and Kruegel, Christopher and Seifert, Jean-Pierre and
                  Franz, Michael},
  booktitle =    {Network and Distributed System Security Symposium (NDSS)},
  year =         {2019}
}

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C 70.1%
  • Python 22.4%
  • C++ 5.2%
  • Go 1.1%
  • Other 1.2%