Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
The idea and practice of fuzzing technology of Android

Fuzzing technology is an unavoidable topic in the field of vulnerability mining, and Wuheng Lab has been using fuzzing technology to find product problems. Although fuzzing is not a panacea, it is absolutely impossible without it. To say that it is not a panacea is actually a relative term. In an ideal state, for example, within an acceptable time frame, with sufficient computing resources and sufficiently low system complexity, fuzzing can give you any desired result. This is like asking a computer to print some text randomly. As long as the time is long enough and the efficiency of random character generation is fast enough, a “Three Body” will be printed out sooner or later.

However, the theory is full, and the reality is skinny. Although the computing resources and efficiency of human society are constantly increasing, the complexity of software systems is increasing at a faster rate. In the past, loopholes can be found through dumb fuzz. The situation is almost extinct. Therefore, the fuzzing technology must develop in the direction of sample generation with higher coverage, more efficient code path movement algorithms (mutations), and more reasonable allocation and scheduling of computing resources.

I dare not pretend to what extent fuzzing technology can develop in the future. It depends on the joint efforts of academia and industry. But if we see an AI that can solve bugs by itself when facing most unknown systems, then There is no doubt that it must use fuzzing! That’s the end of the sentimental part, let’s down-to-earth practice how to fuzz some native binary of Android.

Read More : Fuzzing
[Image: logo-white1.png]

Forum Jump:

Users browsing this thread: 1 Guest(s)