Home / Series / Chaos Communication Congress / Aired Order / Season 36 / Episode 112

No source, no problem! High speed binary fuzzing

Modern grey-box fuzzers are the most effective way of finding bugs in complex code bases, and instrumentation is fundamental to their effectiveness. Existing instrumentation techniques either require source code (e.g., afl-gcc, ASan) or have a high runtime performance cost (roughly 10x slowdown for e.g., afl-qemu). We introduce Retrowrite, a binary rewriting framework that enables direct static instrumentation for both user-mode binaries and Linux kernel modules. Unlike dynamic translation and trampolining, rewriting code with Retrowrite does not introduce a performance penalty. We show the effectiveness of Retrowrite for fuzzing by implementing binary-only coverage tracking and ASan instrumentation passes. Our binary instrumentation achieves performance similar to compiler-based instrumentation.

English
  • Originally Aired December 29, 2019
  • Runtime 60 minutes
  • Production Code 10880
  • Created December 29, 2019 by
    Administrator admin
  • Modified December 29, 2019 by
    Administrator admin
Name Type Role
gannimo Creator