Bridging the Final Gap: Fuzzing Template Generation from Protocol Reverse Engineering
Security testing for proprietary or undocumented protocols is par- ticularly challenging, as it depends on reverse-engineering tech- niques to infer protocol formats. This process involves analyzing network traffic or program binaries to deduce message structures and semantics. However, the resulting specifications cannot be di- rectly used as input for fuzz testing. To enable efficient automated security testing, a crucial conversion step is required: systemat- ically transforming the reverse-engineered format specifications into PEACH-compatible Pit file. To address this need, this paper presents PRE2Fuzz, an extensible and integrated protocol analy- sis and conversion system. PRE2Fuzz integrates multiple reverse- engineering tools, supports parallel analysis, and automatically converts the inferred results into executable Pit file, thereby bridg- ing the gap between protocol reverse engineering and automated fuzz testing. Evaluations demonstrate the system’s practicality and generality: tests using PRE2Fuzz-generated Pit templates on eight widely used protocols achieved branch coverage. Architecturally, PRE2Fuzz employs a decoupled design where each component is containerized, ensuring environmental isolation and consistency while providing a foundation for scalability.
Fri 17 AprDisplayed time zone: Brasilia, Distrito Federal, Brazil change
11:00 - 12:30 | Testing and Analysis 15Demonstrations / Journal-first Papers / Research Track at Oceania IX Chair(s): Manish Motwani Oregon State University | ||
11:00 15mTalk | Bridging the Final Gap: Fuzzing Template Generation from Protocol Reverse Engineering Demonstrations Wenlong Zhang Central South University, Yongjun Xie Central South University, Yuanliang Chen Tsinghua University, Fuchen Ma Tsinghua University, Dalong Shi AVIC International Digital Network Technology Co., Ltd., Dongyi Yu AVIC International Digital Network Technology Co., Ltd., Heyuan Shi Central South University Media Attached | ||
11:15 15mTalk | The Havoc Paradox in Generator-Based Fuzzing Journal-first Papers Ao Li Carnegie Mellon University, Madonna Huang University of British Columbia, Vasudev Vikram Carnegie Mellon University, Caroline Lemieux University of British Columbia, Rohan Padhye Carnegie Mellon University | ||
11:30 15mTalk | Visualization Task Taxonomy to Understand the Fuzzing Internals Journal-first Papers Sriteja Kummita Paderborn University, Miao Miao The University of Texas at Dallas, Eric Bodden Heinz Nixdorf Institute at Paderborn University & Fraunhofer IEM, Shiyi Wei University of Texas at Dallas | ||
11:45 15mTalk | FrameShift: Resizing Fuzzer Inputs Without Breaking Them Research Track Harrison Green Carnegie Mellon University, Claire Le Goues Carnegie Mellon University, Fraser Brown CMU | ||
12:00 15mTalk | On Interaction Effects in Greybox Fuzzing Research Track Konstantinos Kitsios University of Zurich, Marcel Böhme MPI for Security and Privacy, Alberto Bacchelli IfI, University of Zurich Pre-print | ||
12:15 15mTalk | Configuration-Sensitive Linux Kernel Fuzzing Research Track Yuheng Shen , Jianzhong Liu Tsinghua University, Yuhan Chen Central South Sniversity, Yifei Chu Tsinghua University, Qiang Zhang Hunan University, Guoyu Yin Central South University, Heyuan Shi Central South University, Yu Jiang Tsinghua University | ||