This repository contains the BaseSAFE Rust APIs, introduced by “BaseSAFE: Baseband SAnitized Fuzzing through Emulation”.
The example/ directory contains two harnesses emulating parts of the firmware for MediaTek’s Helio X10 (MT6795) baseband processor.
_EMM_ demonstrates a crash inside the decoder for
ACCEPT messages as part of the Mobility Management.
_ERRC_ emulates various ASN.1 decoders which are being used for Radio Resource Control messages. Example inputs can be found inside the
Make AFL++ and build AFLplusplus/unicorn_mode.
A single emulation run can be started by navigating into e.g. examples/errc and executing the harness on the provided data:
cd examples/errc/ cargo run data/pcch.raw
The emulated code can be fuzzed with AFL++ in Unicorn mode:
cd examples/errc cargo build --release ../../AFLplusplus/afl-fuzz -U -i connections/ -o out/ -m none -- target/release/errc_fuzz @@