How to fuzz firmware with Mayhem

Welcome to Mayhem Tips and Tricks series! Our goal is to help you learn about the best features of Mayhem in small bite-size chunks. Today, we will explain how you can fuzz firmware with Mayhem.

Software exists in everything from kitchen appliances to weapons systems, and just like the software that runs on your PC or in servers, software in embedded devices can have vulnerabilities. Worse, embedded devices often control critical infrastructure or have safety and privacy implications if successfully attacked. Therefore, you may want to use Mayhem to analyze embedded device firmware for vulnerabilities.

Firmware fuzzing is complex, and a subject of active research, but Mayhem can analyze device firmware under certain conditions. For example, if you have access to Linux-based firmware, Mayhem includes a tutorial that describes how you can analyze the firmware in a Netgear N300 router. While the Netgear N300 router has a processor that uses the MIPS architecture, the tutorial is generally applicable to any Linux-based firmware that runs on ARM, PPC, or x86.

For non-Linux-based firmware, one way to get started is to identify the targets you want to analyze in Mayhem and recompile them to run in Linux. Recompiling for Linux is usually the easiest way to get started but requires source code.

For non-Linux-based firmware where you don’t have access to source code, we recommend that you contact your customer success manager or support@forallsecure.com. ForAllSecure has engineers who can help and cleared resources for Federal and Defense customers.

We hope that you found this Tips and Tricks article helpful.