ISO14443 - smart card protocol

[JINESH SHAH]

Hello Everyone,

I would like to know how can I define new protocols for fuzzing. I would like to fuzz smart card protocol (ISO14443 standard). -  transmission protocols for communicating with smart card

I would also like to know whether boofuzz is suitable for the task.

Thanks,

[Joshua Pereyda]

Hi Jinesh! I answered a similar question here: https://groups.google.com/forum/#!topic/boofuzz/51JkLr0QD-M

Long story short, you'll need to do a lot of the heavy lifting yourself. The trickiest part will be adapting boofuzz to work with bits and not just bytes (which is necessary for 14443 unless I'm mistaken).

[JINESH SHAH]

Hello Joshua,

Could you please post the whole answer? As I am not able to open this particular link:https://groups.google.com/forum/#!topic/boofuzz/51JkLr0QD-M

That would be helpful

Regards,

Jinesh Shah

[JINESH SHAH]

Hello Joshua,

If I open this link - https://groups.google.com/forum/#!topic/boofuzz/51JkLr0QD-M, it reverts back to my post only.

It would be great if you could direct me to the right link.

Regards,

Jinesh Shah

[Joshua Pereyda]

Sorry, try this one: https://groups.google.com/forum/#!topic/boofuzz/gS1mk8IFC4I

It's the "CAN bus protocol" question on this list.

[JINESH SHAH]

Hello Joshua,

Thank you.

I had one small doubt regarding its capabilities:

Apart from its a new branch of Sulley, how much it differs from Sulley from the programming point of view? e.g. I found some source projects(tutorial) written for Sulley and that could also work if I use boofuzz?

So the person can easily understand boofuzz who has a good understanding of Sulley. Please correct me if I have misunderstood somehow

Regards,

Jinesh Shah

[Joshua Pereyda]

Jinesh,

There have been very few (almost zero) breaking changes in boofuzz compared to Sulley. There may be bigger changes down the road, but for now if you can use Sulley you should be able to use boofuzz.

However, Sulley itself has plenty of bugs, and plenty of those have been inherited, so boofuzz will not be perfect.

Many bugs however have been fixed. So on the whole I think one would have an easier time with boofuzz.

If you find something that did work in Sulley and doesn’t now, please create an issue in GitHub.

If you haven’t seen it yet, the boofuzz-ftp repo contains a very simple example: https://github.com/jtpereyda/boofuzz-ftp


Joshua

--
You received this message because you are subscribed to the Google Groups "boofuzz" group.
To unsubscribe from this group and stop receiving emails from it, send an email to boofuzz+u...@googlegroups.com.
To post to this group, send email to boo...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/boofuzz/682cc295-1376-4006-a438-801301392adf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[JINESH SHAH]

Hello Joshua,

So i have been trying to install both : Sulley and boofuzz.

1. With sulley, it was not successful.

2. But with boofuzz, it was successful.

But i assume that boofuzz also makes use of PyDbg for monitoring. Because as part of sulley installation, i was supposed to install whole Paimei stuff. But that was not successful.

What solution do you have for boofuzz? So far i have only installed boofuzz by using - pip install boofuzz. In the documentation, you mentioned to install Pydbg (for windows only).

Please let me know

Regards,

Jinesh Shah

[Joshua Pereyda]

pydbg is required for the Windows process monitor (process_monitor.py). You can use process_monitor_unix.py without pydbg.

You can use boofuzz without the procmon. I wrote an intro here: https://medium.com/@jtpereyda/using-the-boofuzz-procmon-a77a23b34d5c