These are some tools which were developed as part of my research. All these tools are open-sourced. You are free to use them, but please cite the corresponding project for which the tool was originally developed.
DIFUZE is an interface aware fuzzer for Linux Kernel Drivers. It leverage static analysis to compose correctly-structured input in the userspace to explore kernel drivers. DIFUZE is fully automatic, ranging from identifying driver handlers, to mapping to device file names, to constructing complex argument instances. It also gives you interface information which can be used in syzkaller. You can use it to find zero-days :)Source Repo, BibTex
DR.CHECKER implements a Soundy analysis technique for Linux Kernel drivers. It is a static-taint based bug finding tool for Linux kernel drivers. It scopes its analysis on only drivers resulting in very precise warnings. You can use it to find zero-days :)Source Repo, BibTex
BootStomp is a boot-loader bug finder. It looks for two different class of bugs: memory corruption and state storage vulnerabilities. Similar to DR.CHECKER, You can use it to find zero-days :)Source Repo, BibTex
BOOMERANG, a class of vulnerabilities that stem from the semantic gap between the non-secure and secure worlds. BOOMERANG is a type of confused deputy attack, wherein a user-level application in the non-secure world can leverage a TA to read from or write to non-secure world memory that it does not own, including the untrusted OS’s.
We found exploitable BOOMERANG vulnerabilities in four TEE implementations. These vulnerabilities were detected using a combination of manual analysis and an automated static analysis tool, which is capable of locating potential vectors for exploiting BOOMERANG in a given TA. We were able to leverage vulnerabilities in two commercial TEE implementations to create proof-of-concept exploits.
we propose a novel defense Cooperative Semantic Reconstruction (CSR), which is capable of bridging the semantic gap between the two worlds with minimal modification and minimal overhead.
Dynodroid is a system for automatically generating relevant inputs to Android apps. It is capable of generating both UI inputs (e.g., touchscreen taps and gestures) and system inputs (e.g., simulating incoming SMS messages). It also allows interleaving inputs from machine and human.User guide, Source Repo, VHD, BibTex