Fuzzing embedded systems is hard. Their key components - microcontrollers - are highly diverse and cannot be easily virtualized; their software may not be changed or instrumented. However, we observe that many, if not most, microcontrollers feature a debug interface through which a debug probe (typically controllable via GDB, the GNU debugger) can set a limited number of hardware breakpoints. Using these, we extract partial coverage feedback even for uninstrumented binary code; and thus enable effective fuzzing for embedded systems through a generic, widespread mechanism. In its evaluation on four different microcontroller boards, our prototypical implementation GDBFuzz quickly reaches high code coverage and detects known and new vulnerabilities. As it can be applied to any program and system that GDB can debug, GDBFuzz is one of the least demanding and most versatile coverage-guided fuzzers.
History
Preferred Citation
Max Eisele, Daniel Ebert, Christopher Huth and Andreas Zeller. Fuzzing Embedded Systems Using Debug Interfaces. In: International Symposium on Software Testing and Analysis (ISSTA). 2023.
Primary Research Area
Threat Detection and Defenses
Name of Conference
International Symposium on Software Testing and Analysis (ISSTA)
Legacy Posted Date
2023-05-17
Open Access Type
Green
BibTeX
@inproceedings{cispa_all_3950,
title = "Fuzzing Embedded Systems Using Debug Interfaces",
author = "Eisele, Max and Ebert, Daniel and Huth, Christopher and Zeller, Andreas",
booktitle="{International Symposium on Software Testing and Analysis (ISSTA)}",
year="2023",
}