Fuzzing And Debugging Cisco Ios presented at Blackhat Europe 2011

by Sebastian Muniz (groundworks technologies ), Alfredo Ortega (groundworks technologies ),

Tags: Security

Summary : We'll present a series of alternative tools to facilitate the debugging and reverse engineering process of Cisco IOS by allowing the integration with most used existing debugging tools such as GDB and Ida Pro.
This solution consists of a modification to provide instrumentation capabilities for an existing hardware emulator called Dynamips. Among other things our modification it will allow to use existing fuzzing tools/frameworks, complete analysis of boot-loading process, debug the target IOS independently from preexisting GDB built-in on IOS image, provide more reliability without any annoying restart during debugging session (because the debugger in use isn't running inside the OS being debugged) and provide a secure environment to reproduce attacks and analyze IOS malware.
To summarize, there is not cost related to hardware devices when using this system because the emulator can run most of the IOS versions using different images hardware configurations and allowing the creation of complex network layouts in just a few minutes.