If this parser also exists on other platforms, it probably isn’t much different ( potentially if I find the bug on Windows, it’ll exist on the other platforms).I want this to be quick, its primarily for this blog post and I know I can fuzz Windows targets faster than iOS/Android.
DIFFERENT WECHAT FOR WINDOWS INSTALL
So my next step was to simply install WeChat in a VM! Note that here I’m targeting the Windows build of WeChat, for the following reasons: Now at this point I know what WeChat is, but I have no idea what WXAM is (but its safe to guess its some format that gets parsed).
I noticed a few entries for WeChat like the below: It started by deciding I wanted to blog about fuzzing something, previously I’ve had blogs on Logic bugs and I wanted to balance that with some cool fuzzing target I haven’t looked at before, so I started by browsing ZDI to see if any displayed targets were interesting. Now that we know what WeChat is we can look at how I decided to write a fuzzer (in 1 day!) for this target! You’ll also see below some of the challenges I had in my harnessing of the target and how my initial fuzzer framework I chose had to be replaced due to lack of support for certain functionality that WeChat used (and how I debugged this). WeChat (if you haven’t heard of it) is a super popular chat app similar to the likes of WhatsApp, and runs on iOS, Android, Windows and MacOS.īeing a chat app, it handles various file formats like images and videos, and also propriety formats like “Wxam” (which honestly I haven’t researched before so you’ll see how I approached that).
0 kommentar(er)
