0

I'm trying to look in to whether or not it is possible to fuzz the RFCOMM protocol for bluetooth on android.

Any help is appreciated.

Thanks.

Rockyxz
  • 45
  • 5
  • Could you point me to the implementation so that I could take a look at how difficult it would be to interface it with afl-fuzz? – d33tah Oct 15 '15 at 19:36

1 Answers1

0

It is possible to fuzz anything, even smoke signals, but it will often require some work. If you can't find a pre-built tool, you'll need to build it yourself.

The basic building blocks of a fuzzer are as follows:

  • Interface: Software to talk at that protocol's level. This can be trickier for lower-level or obscure protocols.
    • In the case of Bluetooth, you might need particular hardware. Ubertooth has a reputation in the Bluetooth world.
  • Generator: Software to generate mutations of the protocol.
  • Oracle: One or more means of detecting when something goes wrong with the unit under test. The oracle tends to be very application-specific. Some options:
    • Response-checking: Check the protocol responses for anomalies (e.g., something different than the typical error response).
    • Debugger: If your target is Android, you might be able to detect these errors on the device. Maybe.
    • Crash: If the device stops talking period, you probably hit something.

If you're just getting started, I'd recommend downloading an open source tool like Sulley just to get yourself acquainted.

Edit: I forked Sulley to a similar tool called boofuzz, which I would now recommend, as it is a little more active and updated.

jtpereyda
  • 6,987
  • 10
  • 51
  • 80