SyScan Singapore Coaching a Squad of

Similar documents
KiwiSDR Quick Start Guide

2. From where the latest Software Development Kit for the EVM can be downloaded?

utca mother board for FMC ADC daughter cards

2. From where the latest Software Development Kit for the EVM can be downloaded?

Sheepdog: Alternative software-defined storage on your OpenStack cloud

GETTING STARTED BEAGLEBONE PDF

Introduction to Realtime Linux

MGL Avionics EFIS G2 and iefis. Guide to using the MGL RDAC CAN interface with the UL Power engines

ethercon solutions for multichannel audio, video, and mixed signal distribution* *: and more!

PetSpy Advanced Dog Training System, Model M86N

The ALife Zoo: cross-browser, platform-agnostic hosting of Artificial Life simulations

$30, 30 Minutes, 30 Networks

Full Edition The Ultimate Dog Breeding Software free software downloading websites ]

F-CONNECTORS. Keystone Jack F-Connectors

User Manual. Senior Project Mission Control. Product Owner Charisse Shandro Mission Meow Cat Rescue and Adoptions, Inc.

PetSpy Premium Dog Training Collar, Models M919-1/M919-2

Practical Attacks against the MSP430 BSL

Scratch. To do this, you re going to need to have Scratch!

FCI LT LM UNDERGROUND

Retriever & Pup Wireless Network PRODUCT MANUAL

@DEVONPERSING DESIGNING FOR ACCESSIBILITY

Retriever & Pup Wireless Network PRODUCT MANUAL

40GBASE-T / Category 8 Update. Ing. Davide Badiali, RCDD Technical Manager CommScope Athens, 11 November 2013

Sleeping dogs don t lie

Getting Started. Instruction Manual

SET THE STAGE! by Megan E. Bryant. Scholastic Inc.

Retriever & Pup Wireless Network PRODUCT MANUAL

FPGA-based Emotional Behavior Design for Pet Robot

Pixie-7P. Battery Connector Pixie-7P Fuse* Motor. 2.2 Attaching the Motor Leads. 1.0 Features of the Pixie-7P: Pixie-7P Batt Motor

SMARTKITTY SELFCLEANING LITTER BOX

Education & Training Plan. Veterinary Office Assistant Specialist Certificate Program

GARNET STATIC SHOCK BARK COLLAR

Social Media Statistics & Trends

YELLOW VIBRATION BARK COLLAR

WEBINARS on. FCI Essentials. February 2019

Part Number: CAT6+ UTP PVC PATCH CORDS CAT6+ Patch Cord, UTP, PVC

Manual Compustam-Cloud

Pet Selective Automated Food Dispenser

log on (using IE for your browser is recommended) at

ANTIMICROBIAL CHEMOTHERAPY DOWNLOAD EBOOK : ANTIMICROBIAL CHEMOTHERAPY PDF

INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND TECHNOLOGY (IJARET)

Research Article Design of Information System for Milking Dairy Cattle and Detection of Mastitis

Design of 16-Bit Adder Structures - Performance Comparison

Bluefang. All-In-One Smart Phone Controlled Super Collar. Instruction Manual. US and International Patents Pending

Please read this entire guide before beginning

OPERATING GUIDE PLEASE READ THIS ENTIRE GUIDE BEFORE BEGINNING

OPERATING GUIDE PLEASE READ THIS ENTIRE GUIDE BEFORE BEGINNING

V EN

Components: Reader with DIGI MATERIAL cross-platform application (ios, Android, Windows, MacOSX) CLIL READERS. Level headwords.

Help Guide. Locating parts and controls. Getting ready for your life with aibo

Understanding the App. Instruction Manual

Greetings Coat Collector

Lioness Guidebook: Open Me to Get Started!

OPERATING GUIDE PLEASE READ THIS ENTIRE GUIDE BEFORE BEGINNING

GARNET STATIC SHOCK BARK COLLAR

ISL55185 EVM Getting Started

PRICE* R STANDARD (PRICE PER LOCKER) ADD CASTORS / R MINIMUM ORDER OF TWO. 600 Series

COOPER POWER SERIES. S.T.A.R. PATHFINDER variable trip TPR faulted circuit indicator installation instructions. Fault indicators MN320003EN

OPERATING GUIDE PLEASE READ THIS ENTIRE GUIDE BEFORE BEGINNING

6 Steps to Resolving Noise Nuisance Complaints

OPERATING GUIDE PLEASE READ THIS ENTIRE GUIDE BEFORE BEGINNING

Entertainment Robot aibo Announced

CALL LEAH. (Pauses to check phone again) I guess technically it hasn t been three days, because it was like 2 A.M. when I left, but still.

Comparative Analysis of Adders Parallel-Prefix Adder for Their Area, Delay and Power Consumption

Delta Smart. Owner s Manual

PYTHON FOR KIDS A Pl ayfu l I ntrodu ctio n to Prog r am m i ng J a s o n R. B r i g g s

Product Description. Competitive Analysis

MONSANTO INSECTARIUM Scavenger Hunt GRADES K-3

Historical Summary Our Mission Our Products Exhibitions ECMA Summary Contact Details and Location

User s Guide. High Performance Linear Products SLOU119

Bad to the Bone. Crafting Electronic Systems with BeagleBone and BeagleBone Black. Steven F. Barrett Jason Kridner

Schlumberger Pipesim 2017 Manual

The Impact of Gigabit LTE Technologies on the User Experience

Part Number: CAT6+ UTP PVC PATCH CORDS CAT6+ Patch Cord, UTP, PVC

SportHunter SD Operating Guide. Please read this entire guide before beginning

Getting Started. Device Overviews. Setting Up the Pro 550 System Before you can use the Pro 550 system, you must set up the devices.

Kibble. Team and Roles. Problem and Solution Overview. Contextual Inquiry Target, Stakeholders, and Participants

Welcome to the World of Patpet.com. 620 Series. Remote Dog Training Collar

PDA- Herdman for field data recording:

Microbiology & Antimicrobial Stewardship

Mission Rabies Epi Guide

A Column Generation Algorithm to Solve a Synchronized Log-Truck Scheduling Problem

OPERATING GUIDE PLEASE READ THIS ENTIRE GUIDE BEFORE BEGINNING

Contents. Page 1. . Downloading Data Downloading EIDs and Associated Ear Tag Numbers...19

Cages for Raising Pullets. Our Experience. Your Success.

Teach Your Dog To Read By Bonnie Bergin Ed.D., Sharon Hogan

Coma. Stephen Brown. Blyth, Northumberland ENGLAND

Atlas De Anatomia / Anatomy Atlas: Con Correlacion Clinica. Sistema Nervioso Y Organos De Los Sentidos / With Clinical Correlation.

S Fault Indicators. S.T.A.R. Type CR Faulted Circuit Indicator Installation Instructions. Contents PRODUCT INFORMATION

What is Parallel Structure?

Smart bark control collar BC-2. User manual

OPERATING GUIDE PLEASE READ THIS ENTIRE GUIDE BEFORE BEGINNING

An Esterel Virtual Machine (EVM) Aruchunan Vaseekaran

Fostering Q&A. Indy Homes for Huskies

L l. ladder Jack climbs up the ladder. He wants to reach the apples at the top of the tree. lake A lake is water with land all around.

FIELD TRAINER OPERATING GUIDE PLEASE READ THIS ENTIRE GUIDE BEFORE BEGINNING

Coding with Scratch - First Steps

Delta Upland XC. Owner s Manual. March 2015 Printed in Taiwan _0A

Benjamin Wang. Lakshman One School of Engineering Science Simon Fraser University Burnaby, British Columbia V5A 1S6. RE: Letter of Transmittal

A man s best friend. Get attached, wirelessly. Your Artificial Intelligence Companion

Transcription:

SyScan Singapore 26.4.2013 @miaubiz Coaching a Squad of

a.k.a. fuzzing on ARM

The speakers of SyScan

1000 cats

1e11 spiders

What do you want to do?

What do you want to do? RIP ARMS OFF

What do you want to do? RIP ARMS OFF HACK ARMS OFF

What do you want to do? RIP ARMS OFF HACK ARMS OFF meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow

What do you want to do? RIP ARMS OFF HACK ARMS OFF meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow meow weave wonderful webs

what will you do with vulns? I just like vulns We ll exploit iphone users working at XYZ We want to find vulns in ASDF

ARM is good for ARM operating systems Open source that builds on ARM ARM errata peripherals Not so good for: processes that need huge amounts of RAM x86 stuff, Intel GPUs

Operating Systems Android Linux ios (on Apple TV) Windows (probably hard) B2G (Servo) QNX and such Ubuntu Phone, Tizen, NetBSD,...

What are people using now?

1U 2x95W cpus, 12 cores 32GB ram $5000

Gamer desktop 1x Intel Core i7 32 GB RAM $1000

ODROID-U2 Exynos 4412, Cortex-A9, quad core @ 1.7ghz Mali-400 quad core GPU @ 440Mhz 2GB RAM 100mbit ethernet, 2x USB, USB host (fastboot & android), serial port (1.8v), power, mini-hdmi, sd-card, emmc ~$100

ODROID-U2 powered through DC jack (5V 2A) fwbl1 signed by Samsung bl2 signed by Hardkernel (they ll sign one for you) mali gpu driver as binary blob supported by Hardkernel (drivers, kernel)

ODROID-U2 irom loads fwbl1 and bl2 from boot media no ethernet in u-boot (possible but hard) can upload kernel & initrd via serial cable fastboot accessible from u-boot flash partitions from usb host cable

MK802 II Allwinner A10, Cortex-A8, single core @ 1.5ghz Mali 400 GPU 1GB RAM HDMI, USB host, USB, power, 802.11 4GB onboard flash, sd-card slot ~$35 Liberated by Allwinner Dev Team

considerations 1 box with 100 vms vs 100 boxen drivers kernels boot media cpu/ram/... distribution is fixed

drivers for linux, you need drivers for GPU, NIC,... chances are good with big brand names chances not so good with unknown stuff (Allwinner A10 a notable exception) check forums about your exact board! or run old version of android

optimize throughput you want to get useful stuff done usage is irrelevant don t try to use every cpu cycle don t try to use every byte of ram this applies to life in general

fuzz targets not stuff you glued together actual software browsers open source libraries peripherals mali gpu drivers kernels

Let s make a browser!

If one compiler could all platforms treat Would men and angels then fall at its feet And shun the hoary beast named GCC Enthroning thus the king of binary - Ben Nagy

cross compilation kernel builds in 18 minutes natively linking chromium takes 8 gb ram gcc is dead, use llvm build all tools from source: binutils, cmake, llvm

cross compilation use llvm revision known to work (e.g. from chromium) cmake -DLLVM_TARGETS_TO_BUILD="ARM;X86" -DLLVM_DEFAULT_TARGET_TRIPLE=arm-linuxgnueabihf /build/llvm make -j5 clang_rt.asan-arm sudo apt-get install binutils-arm-linux-gnueabihf

AddressSanitizer # Architectures supported by ASan. - x86_64 i386 powerpc64 powerpc) + arm x86_64 i386 powerpc64 powerpc) (On Android asan is a shared library.)

+Configs += asan-arm +Arch.asan-arm := arm +CFLAGS.asan-arm := $(CFLAGS) -fpic \ -fno-builtin -mllvm -arm-enable-ehabi +FUNCTIONS.asan-arm := $(AsanFunctions)\ $(InterceptionFunctions) \ $(SanitizerCommonFunctions) +elseif("${llvm_native_arch}" STREQUAL "ARM") - x86_64 i386 powerpc64 powerpc) + arm x86_64 i386 powerpc64 powerpc) + test_target_arch(arm "")

then I GYP_CROSSCOMPILE=1 GYP_DEFINES='target_arch=arm linux_use_tcmalloc=0 armv7=1 arm_thumb=1 sysroot=/ build/linaro arm_float_abi=hard enable_webrtc=0 disable_nacl=1 release_extra_cflags="-wno-asm-operandwidths -Wno-return-type-c-linkage -Wno-parenthesesequality -Wno-enum-conversion -g" remoting=0 clang_use_chrome_plugins=0 enable_google_now=0 enable_language_detection=0 enable_automation=0 linux_breakpad=0 linux_use_gold_binary=1 linux_use_gold_flags=1 asan=1' GYP_GENERATORS=ninja gclient runhooks

GYP_CROSSCOMPILE=1 target_arch=arm armv7=1 arm_thumb=1 arm_float_abi=hard sysroot=/build/linaro release_extra_cflags="-wno-asm-operandwidths -Wno-return-type-c-linkage -Wnoparentheses-equality -Wno-enum-conversion" linux_use_gold_binary=1 linux_use_gold_flags=1 ASAN_OPTIONS="malloc_context_size=0"

ARM errata

ARM errata In certain rare sequences of code, the loop buffer may deliver incorrect instructions. (this erratum is for Cortex A15 only)

This fixes random segmentation faults on Arndale for me, that mostly occured because of the broken loop buffer.

What I got (~$3000) 20 x ODROID-U2 80 cores @ 1.7ghz 40 GB ram 20 operating systems 20 ethernet ports 20 serial ports 40 usb ports 17 sd cards, 3 emmc 24-port ethernet switch

chef, puppet this actually works: rsync -ax --exclude hosts --exclude hostname --exclude ssh --exclude smsc95xx_mac_addr root@li0.local:/ /

gnu parallels parallel ssh linaro@{}.local "hostname" ::: li0 li1 li2 li3 li4 li5 li6 li7 li8 li9 lia lib lic lid lie lif li10

and then: /etc/init/fuzz.conf: exec screen -D -m -c /home/fuzz/ fuzz.screen fuzz.screen: screen -t fuzz0 stuff "while true; do ~/fuzz/fuzz.sh 0 fuzz.html; sleep 1; done\012"

reuse everything from x86 rsync bash node.js redis filesystem

I have 20 wall warts at 220V that s stupid. you should just get an ATX power supply and power them all from the 5 volt. then you could also power cycle them with a microcontroller.

I only have one serial cable you know, you could just connect all those serial ports to an fpga and multiplex the signals.

Die Datenkrake arm m3 + actel fpga ~$100 48 gpio (can do 16x power + uart) custom pcb for going down to 1.8v for odroid uart custom pcb to distribute and control DC from ATX power supply

Die Datenkrake detect system crashes power cycle devices load kernel/initrd over serial diagnose corrupt bootloader (maybe emulate sdcard later :D)

could the fpga handle sd card usb devices (yes, especially if it wasn t the cheapest fpga model) ethernet hdmi

so where is it? dc and serial connectors are in the mail custom pcb being designed as we speak I almost know VHDL dmitry is very good at this

Attribution gorilla: http://www.flickr.com/photos/mikejsolutions/ 74815604/lightbox/ spiders: http://www.flickr.com/photos/photophilde/ 2518101974/sizes/l/in/photostream/ cats: By Scott Granneman from St. Louis, MO, USA (Flickr) construction workers: http://commons.wikimedia.org/wiki/ File:Construction_Workers_in_Maracaibo.JPG odroid-u2: Dmitry Nedospasov datenkrake: Thorsten Schroeder

2024 © petsdocbox.com Privacy Policy | Terms of Service | Feedback