Releasing LL-Fuzzer for open source

.gitignore

@@ -0,0 +1 @@
+*.pyc

LICENSE

@@ -0,0 +1,17 @@
+LL-Fuzzer: Automated fuzzing framework for NFC devices
+
+Copyright (C) 2015, Massachusetts Institute of Technology (MIT)
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along
+with this program; if not, write to the Free Software Foundation, Inc.,
+51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

README.md

@@ -0,0 +1,131 @@
+                  ██╗     ██╗      ███████╗██╗   ██╗███████╗███████╗███████╗██████╗ 
+                  ██║     ██║      ██╔════╝██║   ██║╚══███╔╝╚══███╔╝██╔════╝██╔══██╗
+                  ██║     ██║█████╗█████╗  ██║   ██║  ███╔╝   ███╔╝ █████╗  ██████╔╝
+                  ██║     ██║╚════╝██╔══╝  ██║   ██║ ███╔╝   ███╔╝  ██╔══╝  ██╔══██╗
+                  ███████╗███████╗ ██║     ╚██████╔╝███████╗███████╗███████╗██║  ██║
+                  ╚══════╝╚══════╝ ╚═╝      ╚═════╝ ╚══════╝╚══════╝╚══════╝╚═╝  ╚═╝
+
+                       Authors: Chad Spensky ([email protected])
+                                  Hongyi Hu ([email protected])
+
+================================================================================
+
+  LL-Fuzzer is a fuzzing framework built to fuzz NFC applications on android 
+devices.
+
+
+# Dependencies
+
+  * [NFCPy](https://launchpad.net/nfcpy)
+
+  * [Sulley](https://github.com/OpenRCE/sulley)
+
+  * [PyUSB](http://sourceforge.net/projects/pyusb/)
+
+  * [Android Debug Bridge](http://developer.android.com/tools/help/adb.html)
+
+
+# Hardware Requirements
+
+  * [PN532 Breakout Board](http://www.adafruit.com/product/364)
+  * [FTDI Cable](http://www.adafruit.com/products/70)
+
+
+# Installation 
+
+To install all of the dependencies type:
+
+>$ ./install.sh
+  
+or follow the individual instructions below:
+
+ * If you're using a 64bit machine, you must install the 32 bit libraries:
+
+   >$ sudo apt-get install ia32-libs
+
+ * Some of the android stuff requires java:
+
+   >$ sudo apt-get install openjdk-7-jre
+
+ * NFCPy depends on libusb:
+
+   >$ sudo apt-get install python-pip
+   
+   >$ sudo pip install pyusb
+
+
+# Usage 
+
+For general help try:
+>$ python fuzzer.py --help
+
+An example of a real use case would be:
+>$ python fuzzer.py -r tty:usb:0 -s 4d001f274acd31cf -D fuzz-configs/ndef/ -o testing
+
+# Phone Setup 
+
+  There are some settings on android that make fuzzing a much more pleasurable 
+  experience.
+
+  * Enable USB debugging through "Developer options"
+    If you don't see this option go to "About phone" and tap the "Build number" 
+    a bunch of times.
+
+  * Enable "Stay awake" under "Developer options"
+
+  * Set "Screen Lock" to None under "Security"
+
+
+# Examples 
+
+Here are some example commands to test NFC functionality (All files in examples-nfc):
+
+ * Emulate an NFC tag:
+   >$ ./npp-test-client.py -b --mode=initiator --quirks=android < ndef
+
+ * Read data from an NFC tag:
+    >$ ./tagtool.py
+
+
+# Code Architecture
+
+* RFID Reader / FrontEnd as named by nfcpy (e.g. Proxmark, Omnikey, PN532
+board)
+ - LL-Fuzzer provides full control over what this sends over the RFID channel
+
+* RFID Device (e.g. smartphone, tablet, etc.)
+ - Provides an abstraction to interaction with NFC-enabled devices
+
+* RFID Message (e.g. NDEF, LLCP)
+ - LL-Fuzzer supports numerous NFC message types
+
+* Generator
+ - Generates inputs for fuzzing
+
+* Fuzzer
+ - Drives fuzzing operation
+ - Uses generator to generate fuzzed messages
+ - Tells RFID reader to transmit fuzzed messages
+ - Receives logs, etc. from RFID Device
+ - Controls RFID stack on RFID device to reset state
+
+# Mail 
+
+It might be useful to interface the fuzzer with e-mail for very long jobs.
+>$ sudo apt-get install sendmail
+
+
+# Complications
+
+## Unreliable RF Transmission
+During our own fuzzing, we had a very difficult time getting reliable 
+NFC communication.  To facilitate this, we used a book with the reader 
+placed inside and the phone tapped to the top to prevent it from moving.  
+A more elegant setup is certainly possible, but any reliable setup will 
+need a way of tweaking the distance and then holding the reader and 
+phone at that fixed distance for the duration of the fuzzing.
+
+
+# Disclaimer
+
+This work is sponsored by the Defense Information Systems Agency under Air Force Contract #FA8721-05-C-0002.  Opinions, interpretations, conclusions and recommendations are those of the author and are not necessarily endorsed by the United States Government.

android_rooting/README.md

@@ -0,0 +1,60 @@
+We have tested this framework on two devices.  The Galaxy S3 and the Nexus S.
+
+While rooting the phone is not required, the instructions for both are below.
+
+# Nexus S
+Below are instructions for rooting the Nexus S
+
+## Flashing ROMs
+How to Flash a Nexus Phone:
+
+
+1. Download factory image from the Android Open Source Project:
+
+	http://developers.google.com/android/nexus/images
+
+2. Put device into fast boot mode.
+
+	See http://source.android.com/source/building-devices.html
+
+2a. If needed, unlock the boot loader.  Run 
+    $ fastboot oem unlock
+
+3. Run ./flash-all.sh in the factory image directory. 
+
+## Rooting Device
+
+I used this [tutorial](http://bernaerts.dyndns.org/phone/233-ubuntu-root-nexus-s-phone)
+
+I used the following command to copy the Superuser App to the drive:
+
+        cp Superuser-3.1.3-arm-signed.zip /media/22F6-14F1/
+
+
+# Samsung Galaxy S3
+
+I followed this [tutorial](http://galaxys3root.com/galaxy-s3-root/how-to-root-galaxy-s3-on-linuxubuntu/).
+
+  Some additional commands that I used are below.  Happy Rooting!
+
+
+
+First install libusb:
+
+        sudo apt-get install libusb-1.0-0:i386
+
+Then install heimdall:
+
+        sudo dpkg -i heimdall_1.3.2_i386.deb
+
+Now flash the recovery image:
+
+        sudo heimdall flash --recovery recovery.img
+
+
+Copy our SU App over to the device:
+
+        gvfs-mount -l
+        cp CWM-SuperSU-v0.87.zip ~/.gvfs/gphoto2\ mount\ on\ usb%3A002\,111/
+
+

android_scripts/README.md

@@ -0,0 +1,8 @@
+These are scripts that must be loaded on the android phones to facilitate our 
+LL Fuzzer library. 
+
+Running ./push_scripts.sh should do this for you.
+
+Here are some references for getting more functionality out of the android shell:
+
+  [killall](http://en.androidwiki.com/wiki/Android_Shell_tips_and_tricks)

android_scripts/killall

@@ -0,0 +1,16 @@
+#!/system/bin/sh
+# usage: kill "/full/command/line -with arguments"
+for file in /proc/[0-9]* ; do
+
+ 	 cmd=$(cat $file/cmdline)	 
+ 	 iseq=${cmd%$1}
+
+ 	 if ! ( (echo ${cmd:?}) > /dev/null 2>&1) ; then
+ 	    continue
+ 	 fi
+
+    if ! ( (echo ${iseq:?}) > /dev/null 2>&1 ) ; then
+    	kill -9 ${file#/proc/}
+    fi
+
+done

android_scripts/push_scripts.sh

@@ -0,0 +1,15 @@
+ADB="../../adt-bundle-linux-x86_64/sdk/platform-tools/adb"
+APPS="killall reset_nfc"
+TMPDIR="/data/data/tmp/"
+
+echo "Creating $TMPDIR..."
+$ADB shell "su -c 'mkdir $TMPDIR'"
+$ADB shell "su -c 'chmod 777 $TMPDIR'"
+
+for A in $APPS
+do
+	echo "Uploading $TMPDIR$A..."
+	$ADB push $A $TMPDIR$A
+	echo "Chmodding $TMPDIR$A..."
+	$ADB shell "su -c ' chmod 777 $TMPDIR$A'"
+done

android_scripts/reset_nfc

@@ -0,0 +1,3 @@
+#!/system/bin/sh
+./killall com.android.nfc
+./killall com.google.android.tag

examples-data/ndef/Browser

@@ -0,0 +1,2 @@
+�

+Unfcpy.org

examples-data/ndef/Dialer

@@ -0,0 +1 @@
+�
U5555555555

examples-data/ndef/Play

@@ -0,0 +1 @@
+�android.com:pkgcom.android.vending

examples-data/ndef/Smart-Poster1

@@ -0,0 +1 @@
+�ISp�
Ulaunchpad.net/nfcpyQ
-TenPython module for near field communication

examples-data/ndef/Text1

@@ -0,0 +1 @@
+�
TenHello World!

examples-llfuzzer/example_generator.py

@@ -0,0 +1,23 @@
+#!/usr/bin/python
+"""
+
+    This is a sample application to demonstrate some of the uses of the 
+    LL-Fuzzer Library.
+    
+    (c) 2015 Massachusetts Institute of Technology
+"""
+# LL-Fuzzer
+from llfuzzer import generator
+
+g = generator.Fuzz_Generator()
+g.read_config_dir("fuzz-configs/llcp")
+generators = g.generate()
+
+for gen in generators:
+    print gen.next()
+    print gen.next()
+    print gen.next()
+    print gen.next()
+    print gen.next()
+
+