Exploring the Frontiers of Firmware Fuzzing: μAFL's Application on Cortex M4 and Unix Programs

Safayat Bin Hakim, Muhammad Adil, Jordi Mongay Batalla, Constandinos X. Mavromoustakis, Houbing Herbert Song

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

The aim of this study is to investigate into μ AFL, a non-intrusive, feedback-driven fuzzing framework, evaluated on Cortex M4 embedded systems and Unix platforms, focusing on the STM32F407VE Cortex M4 microcontroller. By leveraging the SEGGER J-Trace Pro for trace collection, it demonstrates μAFL's utility beyond its traditional scope, showcasing its efficacy in both embedded and general-purpose computing environments. Our analysis, enriched by juxtaposing μAFL's capabilities with traditional AFL, emphasizes the adaptability and effectiveness of fuzzing methodologies in firmware security enhancement. Furthermore, the study provides a deep understanding of fuzzing execution on different hardware, presenting an execution strategy for the STM32F407VE that highlights the framework's potential in identifying vulnerabilities, evidenced by tests on specific firmware programs such as an LED blinking program integrated with semihosting breakpoints and ETM tracing. The use of uninitialized memory sections and strategically placed break-points offers significant insights into the firmware's execution flow. The results of our comparative analysis clearly show that μ AFL excels at uncovering vulnerabilities, reinforcing the need for evolving fuzzing methodologies to build stronger security systems for embedded devices. This contribution underscores the importance of refining fuzzing techniques to meet the intricate security demands of contemporary computing environments.

Original languageEnglish
Title of host publication20th International Wireless Communications and Mobile Computing Conference, IWCMC 2024
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1141-1148
Number of pages8
ISBN (Electronic)9798350361261
DOIs
Publication statusPublished - 2024
Event20th IEEE International Wireless Communications and Mobile Computing Conference, IWCMC 2024 - Hybrid, Ayia Napa, Cyprus
Duration: 27 May 202431 May 2024

Publication series

Name20th International Wireless Communications and Mobile Computing Conference, IWCMC 2024

Conference

Conference20th IEEE International Wireless Communications and Mobile Computing Conference, IWCMC 2024
Country/TerritoryCyprus
CityHybrid, Ayia Napa
Period27/05/2431/05/24

Keywords

  • Embedded Trace Macrocell
  • firmware fuzzing
  • firmware security
  • STM32F407VE
  • μAFL

Fingerprint

Dive into the research topics of 'Exploring the Frontiers of Firmware Fuzzing: μAFL's Application on Cortex M4 and Unix Programs'. Together they form a unique fingerprint.

Cite this