Missing I/Q data for FSK_Messaging_Service example

Question

Missing I/Q data for FSK_Messaging_Service example

rbdixon opened this issue 6 years ago · comments

I'm working on duplicating the examples from Fuzzing the Unfuzzable and ran into some missing parts:

FSK_Messaging_Service binary: I built this from the cb-multios repo
Valid input data for the test binary. I thought this would be in the cb-multios repo but if it is I've not found it.

My planned contribution is to create a simple test suite (pytest) that mirrors the two blog posts. These are great examples and It would be good to make sure they keep working as the project evolves.

Nathan Voss · Answer 1 · Tue Jan 23 2018 04:36:28 GMT+0800 (China Standard Time)

I really like the idea of creating a pytest suite!

You've found my dirty little secret...I had to hack up the 'pov.c' file in the FSK_Messaging_Service binary in order to get a valid IQ input that I could use. I've attached the modified version of pov.c that I used to generate the sample input (no promises on cleanliness, it was a quick hack). You can build this by just dropping it in temporarily over the pov.c that is in the cb-multios repo.

pov_modified.zip

One other potential pitfall is making sure that any addresses used in the PoC unicorn test harness are valid, as I think those could change if the binary is compiled on different systems. This could be mitigated by shipping the binary itself pre-built with the correct addresses.

Brad Dixon · Answer 2 · Thu Jan 25 2018 21:33:53 GMT+0800 (China Standard Time)

Thank you. I've got some time next week to put this together.

LagrangedWho · Answer 3 · Thu Nov 29 2018 19:26:53 GMT+0800 (China Standard Time)

Thank you. I build you pov_modified.c and get the new binary. And I also want to know how can I use the binary pov_1.pov to generate the sample input. Should I run ./pov_1.pov > output? but the context in this output file likes a binary file.
I also try the follow command:

~$ ./FSK_Messaging_Service < ./pov_1.pov # 1st
[[RECEIVER STARTED -- TIMESTAMP: 1453110580]]
[[RECEIVE ERROR]]
~$ ./pov_1.pov | ./FSK_Messaging_Service # 2nd
[[RECEIVER STARTED -- TIMESTAMP: 1453110580]]
Total 12 bytes received and 0 invalid packets.
Displaying 2 received packets:
Displaying packet 0 type 3:
[CONNECT MESSAGE]ASDF connected
Displaying packet 1 type 3:
[CONNECT MESSAGE]ASDF connected
^C # Ctrl+C
~$ ./FSK_Messaging_Service < output # 3rd
[[RECEIVER STARTED -- TIMESTAMP: 1453110580]]
Total 12 bytes received and 0 invalid packets.
Displaying 2 received packets:
Displaying packet 0 type 3:
[CONNECT MESSAGE]ASDF connected
Displaying packet 1 type 3:
[CONNECT MESSAGE]ASDF connected
~$

I think the 2nd and 3rd example are right, but it is just only one valid IQ input, isn't it?

Nathan Voss · Answer 4 · Thu Nov 29 2018 22:42:58 GMT+0800 (China Standard Time)

It's been a while since I actually ran this so my memory is a bit fuzzy on this, but I believe that you are correct. Generate sample inputs using ./pov_1.pov > output, since the pov binary 'transmits' by writing to stdout. Within the pov.c file, you'll see multiple calls to cgc_transmit_all. I beiieve that the receiver code parses the output as multiple packets, causing the output that you see above (2 packets on each run).