IoTcube Logo
IoTcube

Security Platform

User Guide : Blackbox-testing zfuzz

INTRODUCTION

ZigBee Fuzzer (zfuzz) is a tool for discovering implementation errors of 802.15.4-enabled devices by using smart and stateful fuzzing techniques. The fuzzing engine automatically generates possible vulnerable inputs regarding the 802.15.4 protocol specification to find unknown vulnerabilities in the 802.15.4 stack of target devices.

USAGE

Requirements

  • <strong>A ZigBee dongle</strong> connected to the host machine
  • Recommended model : <a href="https://www.advanticsys.com/shop/mtmcm5000msp-p-14.html" target="_blank" class="text-[#B0434B] hover:underline">MTM-CM5000-MSP</a>, MTM-CM5000-SMA (TelosB)
  • <strong>(Important!)</strong> In case of running the tool on virtual machine, avoid using the VirtualBox. We recommend you to run on the VMware because zfuzz is not fully compatible in the VirtualBox.

Step 1. Getting Started

To begin zfuzz, click Blackbox Testing in the main page of IoTcube, then proceed by clicking Wireless Testing.

Step 1. Getting Started

Step 2. Downloading zfuzz

On the following page, download zfuzz, which is a zip containing the main fuzzer.

Linux (32 and 64 bit) is supported at the moment.

Step 2. Downloading zfuzz

Step 3. Unarchiving Package

Please unzip the package "zfuzz.zip" downloaded in the previous step with your own unarchiving tool.

Step 3. Unarchiving Package
  • zfuzz: You can launch a fuzzing process by executing this program. zfuzz must be run with <strong>root priviledge (sudo)</strong>

After unzipping the package, you will have a file for the fuzzing.

Step 4. Running Program

Open terminal and go to the zfuzz directory.

Step 4. Running Program
  • Ex) sudo ./zfuzz –s
  • If no options are given, it will start in device input mode, which requires knowing the target device's PANID and channel in advance.

Then run zfuzz with sudo command.

Additional content 1

If you want to start in scan mode, you can do so by entering the -s option at the beginning of the program.

Step 5. Selecting A Dongle

Select a ZigBee dingle you've connected and select a target device after scanning (if you are in scan mode).

Step 5. Selecting A Dongle
Additional content 1
Additional content 2

Or input your known-device's information.

Additional content 3

Then it automatically starts! If you want to stop the fuzzing process, press Ctrl + C

Step 6. Uploading Your Log

Find the log_{data}.wfl file created in the same directory as the fuzzing program and upload it to IoTcube.

Step 6. Uploading Your Log

POSSIBLE COLLABORATION

For inquiries, suggestions or possible collaboration please send an email to cssa@korea.ac.kr.