Open-source contribution made to AFL++ to better resolution of testing roadblocks
The R&D team at Hitachi India has developed a technology to intervene and fix testing roadblocks in pre-compiled software under test. The technology benefits testing software like AFL++*1 that execute the software via the QEMU*2 emulator.
Pre-compiled software is tested in circumstances where source code is difficult to obtain, e.g. for third-party libraries, for legacy device firmware, and from creators when transfer of intellectual property is a concern.
Whether it is to obtain runtime code coverage or for CPU*3 architecture neutral execution, testing suites like AFL++ often utilize the QEMU emulator.
Even so, testing frequently encounters roadblock conditions within the software that are difficult to meet, e.g., missing peripherals, missing dependencies, serial number checks, etc. In such cases, it is required to hook and fix the instructions that lead to the roadblocks. At present, QEMU does not provide the support to achieve this for testing use cases.
Figure 1.Design overview (TCG: Tiny Code Generator)
Due to this, we have developed bridging components that interact with the QEMU core to enforce user hooks and allow on-the-fly manipulation of memory/register to fix the roadblocks (Figure 1).
Essentially hooks are handled as breakpoints and appropriate provisioning specifications are provided to enable this handling.
To ensure minimal changes to QEMU, we have introduced two lightweight blocks in the GNU*4 Debugger (GDB*5) backend of QEMU to handle and route breakpoints to a Tiny Code Generator (TCG) plugin that performs all the heavy-duty tasks.A prototype equipped with this technology has been built and provided as a component of the popular open-source fuzz testing software AFL++.*6
In the future, Hitachi will work towards integrating this solution into a larger framework that aims to better the experience of software testers, especially for those testing IoT*7/OT*8 software.
A brief of this solution would be presented at the Linux Foundation Secure Open Source Software (SOSS) Fusion*9 to be held on October 22-24, in Atlanta, Georgia, USA.
*1 AFL++: American Fuzzy Lop plus plus https://github.com/AFLplusplus/AFLplusplus
*2 QEMU: Quick Emulator https://www.qemu.org/
*3 CPU: Central Processing Unit
*4 GNU: GNU’s Not Unix (https://www.gnu.org/)
*5 GDB: GNU Debugger https://www.sourceware.org/gdb/
*6 https://github.com/AFLplusplus/AFLplusplus/tree/stable/qemu_mode/hooking_bridge
*7 IoT: Internet of Things
*8 OT: Operational Technology
*9 https://events.linuxfoundation.org/soss-fusion/program/schedule/
For more information, use the enquiry form below to contact the Research & Development Group, Hitachi, Ltd. Please make sure to include the title of the article.
https://www8.hitachi.co.jp/inquiry/hitachi-ltd/hqrd/news/en/form.jsp
