BusyBox, an open-source software bundling over 300 essential Linux commands into a single executable, is ubiquitous in Linux-based embedded devices. Vulnerabilities in BusyBox can have far-reaching consequences, affecting a wide array of devices. This research, driven by the extensive use of BusyBox, delved into its analysis. The study revealed the prevalence of older BusyBox versions in real-world embedded products, prompting us to conduct fuzz testing on BusyBox. Fuzzing, a pivotal software testing method, aims to induce crashes that are subsequently scrutinized to uncover vulnerabilities. Within this study, we introduce two techniques to fortify software testing. The first technique enhances fuzzing by leveraging Large Language Models (LLM) to generate target-specific initial seeds. Our study showed a substantial increase in crashes when using LLM-generated initial seeds, highlighting the potential of LLM to efficiently tackle the typically labor-intensive task of generating target-specific initial seeds. The second technique involves repurposing previously acquired crash data from similar fuzzed targets before initiating fuzzing on a new target. This approach streamlines the time-consuming fuzz testing process by providing crash data directly to the new target before commencing fuzzing. We successfully identified crashes in the latest BusyBox target without conducting traditional fuzzing, emphasizing the effectiveness of LLM and crash reuse techniques in enhancing software testing and improving vulnerability detection in embedded systems. Additionally, manual triaging was performed to identify the nature of crashes in the latest BusyBox.

翻译：BusyBox是一个开源软件，将300多个基本Linux命令打包成单个可执行文件，广泛存在于基于Linux的嵌入式设备中。其漏洞可能对众多设备造成深远影响。本研究基于BusyBox的广泛使用对其展开深入分析。研究发现，实际嵌入式产品中普遍使用旧版本BusyBox，促使我们对BusyBox进行模糊测试。作为一种关键软件测试方法，模糊测试旨在诱发程序崩溃，随后通过分析崩溃来挖掘漏洞。本研究提出两种增强软件测试的技术：第一种技术利用大语言模型（LLM）生成目标特定的初始种子来强化模糊测试。实验表明，使用LLM生成的初始种子可使崩溃数量显著增加，凸显了LLM在自动处理传统上需要大量人工投入的种子生成任务中的潜力。第二种技术是在对新目标进行模糊测试前，重复利用从相似模糊测试目标中获取的已有崩溃数据。该方法通过直接向新目标提供历史崩溃数据，简化了耗时的模糊测试流程。我们成功在不执行传统模糊测试的情况下发现了最新BusyBox版本的崩溃，验证了LLM与崩溃复用技术在增强嵌入式系统软件测试与漏洞检测中的有效性。此外，我们还通过人工分类定位了最新BusyBox中崩溃的本质特征。