1. HVFUZZ

1-1) Summary

Hyper-V Fuzzer using hAFL2
This fuzzer was manufactured based on hAFL2, and HyperViper’s technology is partially included.
Since the targets of these two fuzzers were different from my target, I developed a new fuzzer.
Github Repository: blackcon/HVFUZZ

1-2) Architecture (/source hAFL2)

1-3) Sequence Diagram

    sequenceDiagram
    participant CPHarnless.sys
    participant storvsp.sys
    participant CrashMonitoring
    participant hAFL2
    loop Fuzzing
        hAFL2->>storvsp.sys: Check Coverage
        hAFL2->>CPHarnless.sys: Generate Payload
        CPHarnless.sys->>storvsp.sys: Send Payload
    end
    loop CrashMonitoring
        CrashMonitoring->>storvsp.sys: Monitoring the crash
    end
    CrashMonitoring->>hAFL2: Crash Dump

1-4) Reference

2. Modules

CPHarness
- Running on kernel of level2
- It only targets storvsp/storvsc.
- Send payload from guest to host
packet_sender (In progress)
- Running on user land of level2
- Send payload from user to kernel(CPHarness)

3. Appendix

This is that I recorded my shoveling journey for fuzzer setting.

HVFUZZ

1. HVFUZZ

1-1) Summary

1-2) Architecture (/source hAFL2)

1-3) Sequence Diagram

1-4) Reference

2. Modules

3. Appendix

Further Reading

Hyper-V 분석하기 위한 환경설정 하는 방법

블루투스 이어폰 해킹하기

1. 뇌를 해킹하자.