OPTIMIZED FUZZING IOKIT IN IOS

Recommendations

Info

Information Extraction(II): IOExternalMethodDispatch Extracting IOExternalMethodDispatch 1. Narrow and determine the searching scope. 2. Match IOExternalMethodDispatch Table characteristics. 3. Locate IOExternalMethodDispatch Table address. 4. Dump all.
Information Extraction(II): IOExternalMethodDispatch IOExternalMethodDispatch Table characteristics • IOExternalMethodDispatch fields Function checkScalarInputCount Function∈(TEXT_START, TEXT_END) Function∈(PREL<strong>IN</strong>K_TEXT_START, PREL<strong>IN</strong>K_TEXT_END) checkScalarInputCount=0xffffffff or checkScalarInputCount∈[0,0xffff) checkScalarInputCount checkScalarInputCount=0xffffffff or checkScalarInputCount∈[0,0xffff) checkScalarOutputCount checkScalarOutputCount=0xffffffff or checkScalarOutputCount∈[0,0xffff) checkStructureOutputSize checkStructureOutputSize=0xffffffff or checkStructureOutputSize∈[0,0xffff) • Table length >= 2
Page 1 and 2: OPTIMIZED FUZZING IOKIT IN IOS LEI
Page 3 and 4: Outlines • Introduction • Infor
Page 5 and 6: Introduction(I) IOKit App-0 App-1
Page 7 and 8: Introduction(I) Our Work • Not on
Page 9 and 10: Part II Information Extraction
Page 11 and 12: Information Extraction(II) Basic In
Page 13 and 14: Information Extraction(II): Basic I
Page 25 and 26: Information Extraction(II): IOUserC
Page 33: Information Extraction(II): IOExter
Page 37 and 38: Information Extraction(II): IOExter
Page 43 and 44: Part III Fuzzing
Page 45 and 46: Fuzzing(III):Fuzzing Preparation Fu
Page 47 and 48: Fuzzing(III):Fuzzing Preparation Un
Page 49 and 50: Fuzzing(III): Fuzz Thread Client-0
Page 51 and 52: Part IV Experimental Results
Page 53 and 54: Experimental Results(IV) Vulnerabil
Page 55 and 56: Experimental Results(IV) Vulnerabil
Page 57 and 58: Experimental Results(IV): Vulnerabi
Page 59 and 60: Last Black Hat Sound Bytes

OPTIMIZED FUZZING IOKIT IN IOS

Create successful ePaper yourself

Delete template?

Save as template?