Title:

Debugger-Driven Embedded Fuzzing

 

Abstract:

Fuzzing software on embedded systems is hard. Their key components – microcontrollers – are highly diverse and cannot be easily virtualized; their software may not be changed or instrumented. Generic solutions require to make use of common features of microcontrollers, only. It turns out that most microcontrollers contain debug units, which offer programmers to analyze software with a limited amount of hardware breakpoints and hardware data watchpoints, as well as single-stepping through the code. In my talk I first present, how we can leverage a limited amount of breakpoints to allow coverage-guided fuzzing on any system. Second, I present our latest work on how we learn context-free input grammars by single-stepping through code in combination with data watchpoints. The resulting context-free grammars can subsequently be used for grammar-based fuzzing.

 

Speaker:

Max Eisele

Robert Bosch GmbH