8/16/2023 0 Comments Afl qemu mode tutorial![]() The same applies for any other functionality that’s not required for the fuzzing harness to work. Since this is quite slow and is not required for the fuzzer at all, this has to be skipped. Of course the emulator spins up a GUI every time it’s launched. This catches bugs that only occur after some time, like corrupting internal memory of the emulator while playing a game. Let it parse the file and do initialization. ![]() I’ve decided to fuzz the GameBoy ROM files. There’s parsing functionality for the game ROMs and the save states, built-in cheating support and then there’s all that video and audio I/O related stuff. The attack surface of emulators is quite large because of their complex functionality and various ways to pass user input to the application. ![]() I’ve previously reported all my fuzzing discoveries to the developer team of VBA-M on GitHub. VBA-M seems to be a fork of VisualBoyAdvance, for which development seems to have stopped in 2006.ĭisclaimer: I’m publishing this blog post to share some fuzzing methodology and tooling and not to blame the developers. At the time of writing the emulator was still being maintained. The target of choice is a GameBoy and GameBoy Advance emulator called VisualBoyAdvance-M, which is also called VBA-M. After doing some research, I’ve decided to fuzz a gaming emulator. Recently I’ve started a little fuzzing project.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |