Fuzzing Modern UDP Game Protocols with Snapshot-Based Fuzzers
In this post we will walk through the process of creating a fuzzer module for what the fuzz, allowing us to fuzz the packet parsing code of a popular triple-A multiplayer game title enjoyed by millions of active players. Snapshot-based fuzzers make up an advanced category of fuzzing which employ emulators to efficiently and deterministically fuzz 'hard to reach' code while leveraging powerful introspection capabilities. These types of fuzzers are typically seeded by a 'snapshot' captured from a live system precisely before executing code that a researcher is interested in fuzzing. If the emulated system crashes, the fuzzer saves the current testcase to disk and resets the emulator for the next testcase. The actual fuzzing will take place 'offline' in an emulated environment managed by the snapshot-based fuzzer. After executing each fuzzed testcase, the fuzzer automatically will reset the CPU and any dirty pages of memory for us. To start fuzzing, we first must create a few folders as outlined in the usage section of the fuzzer's readme.