This repository contains the BaseSAFE Rust APIs, introduced by "BaseSAFE: Baseband SAnitized Fuzzing through Emulation".

The example/ directory contains two harnesses emulating parts of the firmware for MediaTek’s Helio X10 (MT6795) baseband processor. _EMM_ demonstrates a crash inside the decoder for ATTACH/ACCEPT messages as part of the Mobility Management. _ERRC_ emulates various ASN.1 decoders which are being used for Radio Resource Control messages. Example inputs can be found inside the _data/_ directories.

Make AFL++ and build AFLplusplus/unicorn_mode.

A single emulation run can be started by navigating into e.g. examples/errc and calling

cargo run data/pcch.raw

The emulated code can be fuzzed with AFL++ in Unicorn mode:

cd examples/errc
cargo build --release
../../AFLplusplus/afl-fuzz -i in/ -o out/ -m none -- target/release/errc_fuzz @@