The year of "re-hosting your favorite firmware target on QEMU and fuzzing it".
Just to make it clear, I& #39;m glad it is happening.
For reference:
Broadcom Bluetooth fuzzing based on rehosting:
https://github.com/seemoo-lab/frankenstein
https://github.com/seemoo-la... href="https://twitter.com/bolek42">@bolek42 @jiska___
HALUcinator:
https://github.com/embedded-sec/halucinator
https://github.com/embedded-... href="https://twitter.com/gannimo">@gannimo et al
Emulating && Fuzzing UEFI with unicorn and QiLing:
https://github.com/assafcarlsbad/efi_dxe_emulator
https://github.com/assafcarl... href="https://twitter.com/assaf_carlsbad">@assaf_carlsbad @liba2k
Broadcom Bluetooth fuzzing based on rehosting:
https://github.com/seemoo-lab/frankenstein
https://github.com/seemoo-la... href="https://twitter.com/bolek42">@bolek42 @jiska___
HALUcinator:
https://github.com/embedded-sec/halucinator
https://github.com/embedded-... href="https://twitter.com/gannimo">@gannimo et al
Emulating && Fuzzing UEFI with unicorn and QiLing:
https://github.com/assafcarlsbad/efi_dxe_emulator
https://github.com/assafcarl... href="https://twitter.com/assaf_carlsbad">@assaf_carlsbad @liba2k
Rehosting MediaTek Baseband and plug AFL to it:
https://github.com/fgsect/BaseSAFE
https://github.com/fgsect/Ba... href="https://twitter.com/domenuk">@domenuk @ad_ili_rai_en et al
Fuzzing MediaTek Remote Stacks by Emulating them:
https://www.youtube.com/watch?v=OSJdAGtn8Qw
https://www.youtube.com/watch... href="https://twitter.com/marcograssi">@marcograssi and Kira et al
https://github.com/fgsect/BaseSAFE
https://github.com/fgsect/Ba... href="https://twitter.com/domenuk">@domenuk @ad_ili_rai_en et al
Fuzzing MediaTek Remote Stacks by Emulating them:
https://www.youtube.com/watch?v=OSJdAGtn8Qw
https://www.youtube.com/watch... href="https://twitter.com/marcograssi">@marcograssi and Kira et al
Fuzzing Mediatek Stacks by statically linking them with proper ABI and HALs:
https://comsecuris.com/blog/posts/path_of_least_resistance/
https://comsecuris.com/blog/post... href="https://twitter.com/esizkur">@esizkur et al
Emulating and Fuzzing Samsung& #39;s Real-Time Kernel Protection:
http://phrack.org/papers/emulating_hypervisors_samsung_rkp.html
https://phrack.org/papers/em... href="https://twitter.com/_athallas">@_athallas et al
https://comsecuris.com/blog/posts/path_of_least_resistance/
https://comsecuris.com/blog/post... href="https://twitter.com/esizkur">@esizkur et al
Emulating and Fuzzing Samsung& #39;s Real-Time Kernel Protection:
http://phrack.org/papers/emulating_hypervisors_samsung_rkp.html
https://phrack.org/papers/em... href="https://twitter.com/_athallas">@_athallas et al
Emulating and Fuzzing Samsung Exynos TEEGRIS:
http://allsoftwaresucks.blogspot.com/2020/05/on-samsung-and-exynos-hacking-again.html
https://allsoftwaresucks.blogspot.com/2020/05/o... href="https://twitter.com/astarasikov">@astarasikov
Rehosting Qualcomm& #39;s Trustlets by emulating Trustzone over qemu:
https://cfp.recon.cx/reconmtl2019/talk/DYGNJQ/
Slava">https://cfp.recon.cx/reconmtl2... Makkaveev
http://allsoftwaresucks.blogspot.com/2020/05/on-samsung-and-exynos-hacking-again.html
https://allsoftwaresucks.blogspot.com/2020/05/o... href="https://twitter.com/astarasikov">@astarasikov
Rehosting Qualcomm& #39;s Trustlets by emulating Trustzone over qemu:
https://cfp.recon.cx/reconmtl2019/talk/DYGNJQ/
Slava">https://cfp.recon.cx/reconmtl2... Makkaveev
In case I made any mistake, please let me know!