├── .cargo └── config.toml ├── .envrc ├── .gitignore ├── .gitmodules ├── Cargo.lock ├── Cargo.toml ├── Dockerfile ├── LICENSE ├── corpus ├── random └── zero ├── docs ├── decompression.md ├── emulation.md ├── images │ ├── file_output_bbfw.png │ ├── file_output_mbn.png │ ├── ghidra_clade_section.png │ ├── ghidra_import_file.png │ └── sections_clade.png ├── index.md ├── ios_firmware_extraction.md ├── qemu-hexagon.md ├── qualcomm_manuals │ ├── 80-N2040-23_K_qualcomm_hexagon_ABI_user_guide.pdf │ ├── 80-N2040-45_B_qualcomm_hexagon_v67_programmer_reference_manual.pdf │ └── 80-N2040-52_AC_qualcomm_hexagon_QEMU_user_guide.pdf ├── reverse_engineering.md ├── talk │ └── hexagon_fuzz_troopers2025.pdf ├── toolchain_setup.md └── usage.md ├── firmware_config.json ├── flake.lock ├── flake.nix ├── readme.md ├── rust-toolchain.toml ├── scripts ├── HexQEMU.py ├── ghidra_colorize_qemu_trace.py ├── ghidra_colorize_qemu_trace_per_thread.py └── tmux_bootstrap.sh └── src ├── breakpoints.rs ├── config.rs ├── fuzz.rs ├── main.rs └── utils.rs /.cargo/config.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/.cargo/config.toml -------------------------------------------------------------------------------- /.envrc: -------------------------------------------------------------------------------- 1 | use flake 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | target/ 2 | crashes/ 3 | .DS_Store 4 | qdsp6sw.mbn 5 | .direnv 6 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/.gitmodules -------------------------------------------------------------------------------- /Cargo.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/Cargo.lock -------------------------------------------------------------------------------- /Cargo.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/Cargo.toml -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/Dockerfile -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/LICENSE -------------------------------------------------------------------------------- /corpus/random: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/corpus/random -------------------------------------------------------------------------------- /corpus/zero: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /docs/decompression.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/docs/decompression.md -------------------------------------------------------------------------------- /docs/emulation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/docs/emulation.md -------------------------------------------------------------------------------- /docs/images/file_output_bbfw.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/docs/images/file_output_bbfw.png -------------------------------------------------------------------------------- /docs/images/file_output_mbn.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/docs/images/file_output_mbn.png -------------------------------------------------------------------------------- /docs/images/ghidra_clade_section.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/docs/images/ghidra_clade_section.png -------------------------------------------------------------------------------- /docs/images/ghidra_import_file.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/docs/images/ghidra_import_file.png -------------------------------------------------------------------------------- /docs/images/sections_clade.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/docs/images/sections_clade.png -------------------------------------------------------------------------------- /docs/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/docs/index.md -------------------------------------------------------------------------------- /docs/ios_firmware_extraction.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/docs/ios_firmware_extraction.md -------------------------------------------------------------------------------- /docs/qemu-hexagon.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/docs/qemu-hexagon.md -------------------------------------------------------------------------------- /docs/qualcomm_manuals/80-N2040-23_K_qualcomm_hexagon_ABI_user_guide.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/docs/qualcomm_manuals/80-N2040-23_K_qualcomm_hexagon_ABI_user_guide.pdf -------------------------------------------------------------------------------- /docs/qualcomm_manuals/80-N2040-45_B_qualcomm_hexagon_v67_programmer_reference_manual.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/docs/qualcomm_manuals/80-N2040-45_B_qualcomm_hexagon_v67_programmer_reference_manual.pdf -------------------------------------------------------------------------------- /docs/qualcomm_manuals/80-N2040-52_AC_qualcomm_hexagon_QEMU_user_guide.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/docs/qualcomm_manuals/80-N2040-52_AC_qualcomm_hexagon_QEMU_user_guide.pdf -------------------------------------------------------------------------------- /docs/reverse_engineering.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/docs/reverse_engineering.md -------------------------------------------------------------------------------- /docs/talk/hexagon_fuzz_troopers2025.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/docs/talk/hexagon_fuzz_troopers2025.pdf -------------------------------------------------------------------------------- /docs/toolchain_setup.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/docs/toolchain_setup.md -------------------------------------------------------------------------------- /docs/usage.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/docs/usage.md -------------------------------------------------------------------------------- /firmware_config.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/firmware_config.json -------------------------------------------------------------------------------- /flake.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/flake.lock -------------------------------------------------------------------------------- /flake.nix: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/flake.nix -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/readme.md -------------------------------------------------------------------------------- /rust-toolchain.toml: -------------------------------------------------------------------------------- 1 | [toolchain] 2 | channel = "1.87.0" 3 | -------------------------------------------------------------------------------- /scripts/HexQEMU.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/scripts/HexQEMU.py -------------------------------------------------------------------------------- /scripts/ghidra_colorize_qemu_trace.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/scripts/ghidra_colorize_qemu_trace.py -------------------------------------------------------------------------------- /scripts/ghidra_colorize_qemu_trace_per_thread.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/scripts/ghidra_colorize_qemu_trace_per_thread.py -------------------------------------------------------------------------------- /scripts/tmux_bootstrap.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/scripts/tmux_bootstrap.sh -------------------------------------------------------------------------------- /src/breakpoints.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/src/breakpoints.rs -------------------------------------------------------------------------------- /src/config.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/src/config.rs -------------------------------------------------------------------------------- /src/fuzz.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/src/fuzz.rs -------------------------------------------------------------------------------- /src/main.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/src/main.rs -------------------------------------------------------------------------------- /src/utils.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/srlabs/hexagon_fuzz/HEAD/src/utils.rs --------------------------------------------------------------------------------