Multi‑Architecture Fuzzing Technique Presented by JD Security Lab at BRUCON

During the recent BRUCON security conference, researchers from JD Security’s "牧者实验室" presented a novel fuzz‑testing operation they have been developing.

They introduced the topic with a high‑school combinatorial problem to illustrate the inefficiency of brute‑force enumeration, drawing a parallel to traditional fuzz‑testing approaches.

The article explains that fuzz testing—automatically feeding random data into a program to trigger crashes—suffers from three major drawbacks: poor support for closed‑source software, slow processing speed, and limitation to x86 architectures.

To address these issues, the team built upon the AFL fuzzer, adding custom instrumentation developed jointly by JD Security’s KJ and Dr. Quynh from Nanyang Technological University. This enhancement speeds up processing and adds compatibility for multiple CPU architectures, including X86, X86_64, ARM, ARM64, MIPS, and SPARC.

The collaboration also leverages the capstone, unicorn, and keystone engines, which are well‑known reverse‑engineering toolkits.

Further details of the operation will be shared at the upcoming 2018 JD‑HITB Security Summit (October 29 – November 2), where the researchers will present additional progress.

The article concludes with promotional images, QR codes, and links for readers to learn more about the BRUCON presentation and the upcoming summit.