Closed dingiso closed 1 year ago
Scepticz
commented
1 year ago Hi Dingisoul,
sure, Contiki-NG is a valid target for fuzzing in Fuzzware. Here are some previous samples which were also Contiki-NG and tested by it: https://github.com/fuzzware-fuzzer/fuzzware-experiments/tree/main/03-fuzzing-new-targets/contiki-ng/prebuilt_samples
Best Tobi
dingiso
commented
1 year ago Hi Tobi,
I've noticed that some patches are necessary when building the target before fuzzing with Fuzzware.
I'm not quite familiar with Contiki-NG. Could you provide me with some guidance on it?
Have you tried to reproduce this CVE in fuzzware? It would be great if you provide some patches and shell scripts for building. Model file and crashing input would also be helpful.
Thanks, Dingisoul
Scepticz
commented
1 year ago You can find the build scripts here: https://github.com/fuzzware-fuzzer/fuzzware-experiments/tree/main/03-fuzzing-new-targets/contiki-ng/building
You need to build a sample application of Contiki-NG with BLE functionality. We targeted version 4.8. We will (eventually) also release something on this, but this is still our work in progress, sadly. So apart from these hints I currently cannot say much more than "stay tuned".
Tobi
dingiso
commented
1 year ago Thanks Tobias
Hi, Tobias
I have notified that CVE-2022-41972 is discovered by you. Can it be fuzzed using fuzzware ?
Thanks, Dingisoul