Home

Awesome

kBdysch

kBdysch is a collection of fast Linux kernel specific fuzzing harnesses supposed to be run in userspace in a guided fuzzing manner. It was designed with AFL compatibility in mind but AFL is not required to use this project.

Fuzzing targets

Currently, kBdysch is capable of testing the following aspects of the kernel:

Design

The main design ideas are:

Pre-existing works

kBdysch is not a unique approach. At least, there exist a Janus fuzzer that uses both syscall invokers and image mutators being applied to LKL. As far as I understand, their approach is slightly different:

kBdysch is more tending to an approach of requiring as less manual work as possible while more relying on similar to Pulling JPEGs out of thin air.

Building from sources

To use the bundled invoker, just run the build.sh script.

In case you would want to modify the syscall descriptions, use update_invokers.sh script. You need Java installed in this case (and it will download all other Scala-related stuff on itself).

See troubleshooting.md if something goes wrong.

Optional dependencies:

Bugs

Technically, this fuzzer has not found anything yet at the time of writing this README, since it is a partial rewrite of the original fuzzer that has found a couple tens of bugs but had quite awful code. I tried to closely replicate its behavior, so it is expected to find roughly the same bugs as its predecessor.

On the bugs found by its predecessor, almost anything matched in git log with something like Reported-by:.*anatoly.trosinenko is found via this approach (but some report can lead to 2-3 commits).

Why such name?

This is not a random sequence of characters. And I don't try to fuzz this project users' ability to read English words, as well. It is merely "K for Kernel" followed by a transliterated Russian word БДЫЩ! (an onomatopoeia denoting the sound of some crash, similar to BOOM!). Just like "borsch" but "bdysch".