Trapfuzzer - Coverage-Guided Binary Fuzzing with Breakpoints

Explore coverage-guided binary fuzzing with breakpoints in this comprehensive conference talk from HITB2021SIN. Dive into trapfuzzer, a powerful tool developed in Python and C that offers real-time test status monitoring, mutation relationship tracking, and visualized basic block execution. Learn about the tool's architecture, including its Python-based fuzz scheduling and data mutation modules, as well as its GDB plugin or custom debugger-based instrumentation module. Discover how trapfuzzer supports i386/x64 architectures and can be adapted for others like ARM. Gain insights into the tool's effectiveness, having uncovered over 200 vulnerabilities in WPS Office and other software. Follow along as the speaker demonstrates fuzzing WPS, explains GDB internals, and discusses future plans for trapfuzzer. Whether you're a security researcher or software developer, this talk provides valuable knowledge on advanced fuzzing techniques and vulnerability discovery.

Intro
What is Fuzzing?
What is Coverage-Guided Fuzzing?
Background
Inspiration
Overview
binary patcher - basic-block-info-file example
binary patcher - example
Seed Mutation
Fuzzer Module - Corpus Distillation
Trace module - Theory
Lets Fuzz WPS - Find Target Module
Lets Fuzz WPS - Linux Version of FileMon
GDB Python API
Workflow
Code - GDB Plugin
Code - Tracer Part
Speed up Instrument - accelerated mode
Lets Fuzz WPS Again!
Initial Results
GDB Internals
Modify GDB
Code for SIGTRAP
Architecture
Windows Support #2 - DbgEngTracer
Dialog Box
Preparing the Environment
Future Plans