IEEE Access (Jan 2023)

Fuzzability Testing Framework for Incomplete Firmware Binary

  • Jiwon Jang,
  • Gyeongjin Son,
  • Hyeonsu Lee,
  • Heesun Yun,
  • Deokjin Kim,
  • Sangwook Lee,
  • Seongmin Kim,
  • Daehee Jang

DOI
https://doi.org/10.1109/ACCESS.2023.3297888
Journal volume & issue
Vol. 11
pp. 77608 – 77619

Abstract

Read online

Fuzzing is a practical approach for finding bugs in various software. So far, a number of fuzzers have been introduced based on new ideas towards enhancing the efficiency in terms of increasing code coverage or execution speed. The majority of such work predicates under the assumption that they have sound executable binary or source code to transform the target program as a whole. However, in legacy systems, source codes are often unavailable and even worse, some binaries do not provide a sound executable environment (e.g., partially recovered firmware). In this paper, we provide FT-Framework: fuzzability testing framework based on forced execution for binaries such as firmware chunks recovered in abnormal way so that they are hard to execute/analyze from intended booting phase. The essence of our work is to automatically classify functions inside a binary which we can apply coverage-guided fuzzing via forced execution. We evaluate FT-Framework using PX4 and ArduPilot firmwares which is based on 32-bit ARM architecture and demonstrate the efficacy of this approach and limitations.

Keywords