{ "info": { "author": "Petr Svenda", "author_email": "svenda@fi.muni.cz", "bugtrack_url": null, "classifiers": [ "Development Status :: 3 - Alpha", "Intended Audience :: Developers", "Programming Language :: Python", "Programming Language :: Python :: 2.6", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Topic :: Security" ], "description": "Installation\n============\n\nPip install\n-----------\n\n::\n\n $> pip install apdu-fuzzer\n\n $> apdu-fuzz --help\n usage: apdu-fuzz [-h] [--start_ins START_INS] [--end_ins END_INS]\n [--output OUTPUT_FILE] [--no-trust]\n\n Fuzz smartcard api.\n\n optional arguments:\n -h, --help show this help message and exit\n --start_ins START_INS\n Instruction to start fuzzing at\n --end_ins END_INS Instruction to stop fuzzing at\n --output OUTPUT_FILE File to output results to\n --no-trust\n\n $> apdu-afl-fuzz --help\n\nInstallation on Debian based Linux\n----------------------------------\n\nFor the fuzzer to work we need https://github.com/mit-ll/LL-Smartcard\nand its dependencies:\n\n::\n\n git clone https://github.com/mit-ll/LL-Smartcard\n cd LL-Smartcard\n ./install_dependencies.sh\n python2 setup.py install\n\nInstallation on MacOS\n---------------------\n\nFor the fuzzer to work we need https://github.com/mit-ll/LL-Smartcard\nand its dependencies:\n\n::\n\n brew install swig\n brew install pcsc-lite\n pip install llsmartcard-ph4\n\nExperimental installation with pip\n----------------------------------\n\n::\n\n # Create virtual environment\n python -m venv --upgrade venv\n cd python\n\n # Install all project dependencies\n ../venv/bin/pip install --find-links=. --no-cache .\n\n # Install AFL deps (cython required)\n # Mac:\n brew install afl-fuzz\n\n # Others:\n cd /tmp\n wget http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz\n tar -xzvf afl-latest.tgz\n cd afl-*\n make\n sudo make install\n\n # Install python dependencies\n ../venv/bin/pip install --find-links=. --no-cache .[afl]\n\nAFL fuzzing\n-----------\n\n::\n\n AFL <-> Client <-> Server <-> Card\n\n +----------------------------------+\n | AFL |\n | | | | +-------------------+\n | | | +----------------+ | +------------------+ | |\n | | | stdin | | | socket | | | +---+ |\n | | +----------| Client |------------ Server -------- |-|-| Card |\n | | | | | | | | +---+ |\n | | +------+ +--------|-------+ | +------------------+ | |\n | +-| SHM |------------+ | +-------------------+\n | +------+ |\n | |\n +----------------------------------+\n\n(ascii by https://textik.com/)\n\nNotes:\n\n- Server is started first, connects to the card and listens on the\n socket for raw data to send to the card. Does not process input data\n in any way.\n\n- Server stores raw responses from the card to the data files.\n\n- Server is able to reconnect to the card if something goes wrong.\n\n- Client is started by AFL. AFL sends input data via STDIN, forking the\n client with each new fuzz input. PCSC does not like forking with AFL\n this server/client architecture was required.\n\n- Client is forked by the AFL after python is initialized. Socket can\n be opened either before fork or after the fork. After fork is safer\n as each fuzz input has a new connection but a bit slower. Opening\n socket before fork also works but special care needs to be done on\n broken pipe exception - reconnect logic is needed. This is not\n implemented now.\n\n- Client post-processes input data generated by the AFL, e.g.,\n generates length fields, can do TLV, etc.\n\nCommunication between server/client:\n\n- Client sends ``[0, buffer]``. Buffer is raw data structure to be sent\n to the card. ``0`` is the type / status\n\n- Server responds with:\n ``status 1B | SW1 1B | SW2 1B | timing 2B | data 0-NB``\n\n::\n\n +----+----+----+--------+------------------------+\n | | | | | |\n | 0 | SW | SW | timing | response data |\n | | 1 | 2 | | |\n +----+----+----+--------+------------------------+\n\nClient then takes response from the socket, and uses modified\n`python-afl-ph4 `__ to add trace\nto the shared memory segment that is later analyzed by AFL to determine\nwhether this fuzz input lead to different execution trace than the\nprevious one.\n\nCurrently the trace bitmap is done in the following way:\n\n.. code:: python\n\n afl.trace_offset(hashxx(bytes([sw1, sw2])))\n afl.trace_offset(hashxx(timing))\n afl.trace_offset(hashxx(bytes(data)))\n\nFowler-Noll-Vo hash function used in ``afl.trace_buff`` is not very good\nwith respect to the zero buffers. The timing was usually not affecting\nthe bitmap so we switched to very fast hash function ``hashxx`` for the\noffset computation.\n\nRunning\n~~~~~~~\n\nStart server sitting on the card:\n\n::\n\n python main_afl.py --server\n\nTesting if the client works:\n\n::\n\n echo -n '0000' | ../venv/bin/python main_afl.py --client --output ydat.json --log ylog.txt\n cat ylog.txt\n\nAFL with forking & TCP communication with the server:\n\n::\n\n ../venv/bin/py-afl-fuzz -m 500 -t 5000 -o result/ -i inputs/ -- ../venv/bin/python main_afl.py --client --output ydat.json --log ylog.txt\n\nLocal development\n-----------------\n\nThe apdu\\_fuzzer package is using relative imports. For development and\ndebugging in the local directory is thus required to load main package\n``apdu_fuzzer`` first. Otherwise you get the following error:\n\n::\n\n Traceback (most recent call last):\n File \"../apdu_fuzzer/main_afl.py\", line 17, in \n from .utils.card_interactor import CardInteractor\n ModuleNotFoundError: No module named '__main__.utils'; '__main__' is not a package\n\nFor the local execution use the wrappers in the main directory:\n\n::\n\n ../venv/bin/python ../main_afl.py --help", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/petrs/APDUFuzzer", "keywords": "", "license": "MIT", "maintainer": "", "maintainer_email": "", "name": "apdu-fuzzer", "package_url": "https://pypi.org/project/apdu-fuzzer/", "platform": "", "project_url": "https://pypi.org/project/apdu-fuzzer/", "project_urls": { "Homepage": "https://github.com/petrs/APDUFuzzer" }, "release_url": "https://pypi.org/project/apdu-fuzzer/0.0.3/", "requires_dist": null, "requires_python": "", "summary": "APDU fuzzer", "version": "0.0.3" }, "last_serial": 3980550, "releases": { "0.0.1": [ { "comment_text": "", "digests": { "md5": "ae4dc938764052541efe52ecff2e2b32", "sha256": "f8a12d26bce87bef37b36960eb65453d4f4430145df19d4ffbb9ebb2c5c48cc4" }, "downloads": -1, "filename": "apdu-fuzzer-0.0.1.tar.gz", "has_sig": true, "md5_digest": "ae4dc938764052541efe52ecff2e2b32", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 12963, "upload_time": "2018-06-20T08:09:41", "url": "https://files.pythonhosted.org/packages/39/c1/14da6e9409b9793e93d50b9561a2794fb9fb9d6768cec9dae404f11e2f3f/apdu-fuzzer-0.0.1.tar.gz" } ], "0.0.2": [ { "comment_text": "", "digests": { "md5": "fda72649f9e45169c7a0cf8783a97686", "sha256": "be6cc3ccd31bee50cde0a3c2ce6cb1b603f5ecbb18f80c3b54642f23ed728ef4" }, "downloads": -1, "filename": "apdu-fuzzer-0.0.2.tar.gz", "has_sig": true, "md5_digest": "fda72649f9e45169c7a0cf8783a97686", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13128, "upload_time": "2018-06-20T08:11:32", "url": "https://files.pythonhosted.org/packages/64/47/c77e5f114d71bc16eaf5f6e56e32a8de1b4743c0ed3c63744ad588c1d726/apdu-fuzzer-0.0.2.tar.gz" } ], "0.0.3": [ { "comment_text": "", "digests": { "md5": "84880242be3c54221e919c4b99969e1a", "sha256": "c3e19075b8e8ad9aef879be6a70ac892d4aee69d7eb4efe132b95e0bd2369d9a" }, "downloads": -1, "filename": "apdu-fuzzer-0.0.3.tar.gz", "has_sig": true, "md5_digest": "84880242be3c54221e919c4b99969e1a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13713, "upload_time": "2018-06-20T08:38:11", "url": "https://files.pythonhosted.org/packages/4e/bd/97eb3e8ccb10df75d4ae7265c60658e913354f8b933067094dedd305ae24/apdu-fuzzer-0.0.3.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "84880242be3c54221e919c4b99969e1a", "sha256": "c3e19075b8e8ad9aef879be6a70ac892d4aee69d7eb4efe132b95e0bd2369d9a" }, "downloads": -1, "filename": "apdu-fuzzer-0.0.3.tar.gz", "has_sig": true, "md5_digest": "84880242be3c54221e919c4b99969e1a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13713, "upload_time": "2018-06-20T08:38:11", "url": "https://files.pythonhosted.org/packages/4e/bd/97eb3e8ccb10df75d4ae7265c60658e913354f8b933067094dedd305ae24/apdu-fuzzer-0.0.3.tar.gz" } ] }