Super Meat Boy is a notoriously difficult side-scroller video game. I couldn’t beat it. Unable to ‘git gud’ as it were, I decided to play a new game. I call it ‘find vulnerabilities in Super Meat Boy’.
In this talk we’ll look at the process to find bugs in weird or complex code bases. We’ll talk about establishing the attack surface, hitting the low-hanging-fruit and developing in-process and stand-alone fuzzers capable of targeting specific chunks of the binary. I’ll show some bugs triggerable by tampering data in a user’s Steam cache, various parser issues and some remotely triggerable bugs too. Specifically, I’ll be focusing on how I found them in the first place.
I think there is a good balance point between automated fuzzing and reverse engineering; using reversing to understand the target and automated fuzzing to quickly hit the available attack surface. Hopefully showing you my thought process plus the way I tackled the problem will help you find your own balance point.