Skip to content

Latest commit

 

History

History

JustSTART_paper

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 

JustSTART: How to Find an RSA Authentication Bypass on Xilinx UltraScale(+) with Fuzzing

This folder contains the complete results related to our paper about the ConFuzz framework. The respective fuzzer implementations are located in our framework's /fuzzers directory. For each board we executed our experiments on, a subfolder contains the .db files generated by ConFuzz. Only crashes were recorded in these files to improve the fuzzing performance. Further, for each fuzzer, a .log file is stored containing the runtime and terminal output of the fuzzer. A summary and explanation of the content of the .db and .log files can be found in the fuzzing_summary. This table is split into the results for 7-series (basys3) and UltraScale(+) (kcu116/xem8320). The table structure is explained in the first sheet of the table.

Commands used to generate the .db and .log files

We started our fuzzers with the following commands. The fuzzer names can be found in the fuzzing_summary. Note that for the starbleed fuzzers, the correct AES key (e.g., test key) must be loaded to the BBRAM.

basys3

Since we used 15 basys3 boards in parallel, we started these fuzzers using the cluster_fuzzer.py script, which splits the test case range over multiple boards, resulting in multiple .db files for each fuzzer.

(time python cluster_fuzzer.py FUZZER_NAME) > results/basys3/FUZZER_NAME.log 2>&1

kcu116

(time python main_fuzzer.py -b kcu116 -fn FUZZER_NAME -q) > results/kcu116/FUZZER_NAME.log 2>&1

xem8320

(time python main_fuzzer.py -b xem8320 -fn FUZZER_NAME -q) > results/xem8320/FUZZER_NAME.log 2>&1

Note: The passed test cases in the .log files also include the failed test cases. We fixed this bug after the experiments were carried out. The other values are accurate.

Opening the .db files

To open the .db files in the results directory, install boofuzz and run the following command from the virtual Python environment:

boo open PATH_TO_DB_FILE