Event

In this talk, the maintainers of the AFLplusplus organization present the QEMU-based instrumentation engines developed as part of AFL++ and LibAFL to fuzz advanced binary-only targets. We discuss our extensions to QEMU, the well-known emulator, to allow high-performance, cross-architecture fuzzing and target instrumentation.

We present LibAFL QEMU, a library that offers convenient APIs to hook the target using Rust. Unlike other public fuzzers, tools built with LibAFL can scale over cores and machines to find vulnerabilities faster and at a large scale. We showcase how we built a custom fuzzer for a binary-only Android library using this new emulator API for fuzzing that scales to 80+ cores almost linearly, reaching a whopping number of executions per second!

Finally, we demo a proof of concept using LibAFL to find injection vulnerabilities in the binaries, going beyond the typical fuzzing for memory corruptions.