http://www.openrce.org/rss/feeds/blog OpenRCE: The Open Reverse Code Engineering Community Wed, 28 Mar 2007 15:06:45 -0500 https://www.openrce.org/blog/view/676/What_do_IDA_pro_and_fuzzing_have_to_do_with_one_another? camill8 <email-suppressed@example.com> Why does IDA pro exist?&nbsp;&nbsp;Simply stated, because humans can look at assembly and make more sense out of it better than a program can decompile it.&nbsp;&nbsp;And the prevalence of IDA pro means people think this isn't going to change anytime soon.&nbsp;&nbsp;<br /> <br /> So, what does this have to do with fuzzing?&nbsp;&nbsp;Well, a lot of time has been spent recently discussing how to make fuzzers &quot;smarter&quot;.&nbsp;&nbsp;By this people generally mean either 1) more protocol aware or 2) cabable of incorporating runtime information into it's decisions, i.e. by looking at code coverage.&nbsp;&nbsp;<br /> <br /> The fundamental question comes, like in IDA pro, as to whether this is a job more suited to a human or a program.&nbsp;&nbsp;I'm starting to lean toward the former - mostly because I've seen how hard it is to do the latter!&nbsp;&nbsp;If you start to believe this is always going to be a human endevor, it makes sense to start building tools which make it easier for a human to interact and change the way a fuzzer behaves, much like IDA makes it easier for a human to understand a disassembled program.&nbsp;&nbsp;<br /> <br /> To this end, I've started writing a program VisFuzz which helps an analyst describe a protocol to a &quot;fuzzer&quot; in an intuitive way.&nbsp;&nbsp;Then the fuzzer can take this information and fuzz the target.&nbsp;&nbsp;The important fact being the focus is not on &quot;fuzzing&quot; but the interaction between the user and the fuzzer.<br />