Pishi

Pishi is a static binary rewriting tool designed to instrument basic blocks in XNU kernel and in arbitrary macOS kernel extensions (kexts).
for XNU kernel, Pishi allows you to instrument at a function, file, or folder level. For example, you can instrument everything in the /bsd/net/ directory or focus specifically on content_filter.c or just one specific function in the XNU source code, e.g vnode_getfromfd. this enables targeted fuzzing.

After building and installing Pishi, you can use my modified version of libprotobuf-mutator which requires you to apply my patch( to make libfuzzer Pishi-aware) then build LLVM to have structure-aware, feedback-aware macOS kernel KEXT fuzzing with libFuzzer.

For more technical discussions read MoreInfo. and to start fuzzing read HowToFuzz

compare so other XNU kernel instrumenations methods:

hardware-assisted, Arm CoreSight instrumenations is no avabilie in Apple silicon.
kernel.kasan.* do not have Coverage Sanitizer.
No other public static or dynamic instrumenations methods.

A note on security and safety Avoid running Pishi on your personal device; instead, use a dedicated research device that you are willing to risk damaging.

Name		Name	Last commit message	Last commit date
Latest commit History 50 Commits
fuzz		fuzz
instrument		instrument
HowToFuzz.md		HowToFuzz.md
MoreInfo.md		MoreInfo.md
Pishi_ Coverage guided macOS KEXT fuzzing. _ My interesting researches.mhtml		Pishi_ Coverage guided macOS KEXT fuzzing. _ My interesting researches.mhtml
README.md		README.md
macosbuild.sh		macosbuild.sh
vmbuild.sh		vmbuild.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Pishi

About

Uh oh!

Releases 3

Packages

Languages

R00tkitSMM/Pishi

Folders and files

Latest commit

History

Repository files navigation

Pishi

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases 3

Packages 0

Languages

Packages