The year of "re-hosting your favorite firmware target on QEMU and fuzzing it".
Just to make it clear, I'm glad it is happening.
For reference:
Broadcom Bluetooth fuzzing based on rehosting:
https://github.com/seemoo-lab/frankenstein
@bolek42 @jiska___
HALUcinator:
https://github.com/embedded-sec/halucinator
@gannimo et al
Emulating && Fuzzing UEFI with unicorn and QiLing:
https://github.com/assafcarlsbad/efi_dxe_emulator
@assaf_carlsbad @liba2k
Broadcom Bluetooth fuzzing based on rehosting:
https://github.com/seemoo-lab/frankenstein
@bolek42 @jiska___
HALUcinator:
https://github.com/embedded-sec/halucinator
@gannimo et al
Emulating && Fuzzing UEFI with unicorn and QiLing:
https://github.com/assafcarlsbad/efi_dxe_emulator
@assaf_carlsbad @liba2k
Rehosting MediaTek Baseband and plug AFL to it:
https://github.com/fgsect/BaseSAFE
@domenuk @ad_ili_rai_en et al
Fuzzing MediaTek Remote Stacks by Emulating them:
@marcograssi and Kira et al
https://github.com/fgsect/BaseSAFE
@domenuk @ad_ili_rai_en et al
Fuzzing MediaTek Remote Stacks by Emulating them:
@marcograssi and Kira et al
Fuzzing Mediatek Stacks by statically linking them with proper ABI and HALs:
https://comsecuris.com/blog/posts/path_of_least_resistance/
@esizkur et al
Emulating and Fuzzing Samsung's Real-Time Kernel Protection:
http://phrack.org/papers/emulating_hypervisors_samsung_rkp.html
@_athallas et al
https://comsecuris.com/blog/posts/path_of_least_resistance/
@esizkur et al
Emulating and Fuzzing Samsung's Real-Time Kernel Protection:
http://phrack.org/papers/emulating_hypervisors_samsung_rkp.html
@_athallas et al
Emulating and Fuzzing Samsung Exynos TEEGRIS:
http://allsoftwaresucks.blogspot.com/2020/05/on-samsung-and-exynos-hacking-again.html
@astarasikov
Rehosting Qualcomm's Trustlets by emulating Trustzone over qemu:
https://cfp.recon.cx/reconmtl2019/talk/DYGNJQ/
Slava Makkaveev
http://allsoftwaresucks.blogspot.com/2020/05/on-samsung-and-exynos-hacking-again.html
@astarasikov
Rehosting Qualcomm's Trustlets by emulating Trustzone over qemu:
https://cfp.recon.cx/reconmtl2019/talk/DYGNJQ/
Slava Makkaveev
In case I made any mistake, please let me know!