ToothPicker Description

ToothPicker serves as an innovative in-process, coverage-guided fuzzer specifically designed for iOS, focusing on the Bluetooth daemon and various Bluetooth protocols. Utilizing FRIDA as its foundation, this tool can be tailored to function on any platform compatible with FRIDA. The repository also features an over-the-air fuzzer that showcases an example implementation for fuzzing Apple's MagicPairing protocol through InternalBlue. Furthermore, it includes the ReplayCrashFile script, which aids in confirming any crashes identified by the in-process fuzzer. This simple fuzzer operates by flipping bits and bytes in inactive connections, lacking coverage or injection, yet it serves effectively as a demonstration and is stateful. It requires only Python and Frida to operate, eliminating the need for additional modules or installations. Built upon the frizzer codebase, it's advisable to establish a virtual Python environment for optimal performance with frizzer. Notably, with the introduction of the iPhone XR/Xs, the PAC (Pointer Authentication Code) feature has been implemented. This advancement underscores the necessity for continuous adaptation of fuzzing tools like ToothPicker to keep pace with evolving iOS security measures.

ToothPicker Alternatives
LM-Kit.NET Reviews
LM-Kit.NET
(29 Ratings)
LM-Kit.NET is an enterprise-grade toolkit designed for seamlessly integrating generative AI into your .NET applications, fully supporting Windows, Linux, and macOS. Empower your C# and VB.NET projects with a flexible platform that simplifies the creation and orchestration of dynamic AI agents. Leverage efficient Small Language Models for on‑device inference, reducing computational load, minimizing latency, and enhancing security by processing data locally. Experience the power of Retrieval‑Augmented Generation (RAG) to boost accuracy and relevance, while advanced AI agents simplify complex workflows and accelerate development. Native SDKs ensure smooth integration and high performance across diverse platforms. With robust support for custom AI agent development and multi‑agent orchestration, LM‑Kit.NET streamlines prototyping, deployment, and scalability—enabling you to build smarter, faster, and more secure solutions trusted by professionals worldwide.
Learn more
VKS Reviews
VKS
(26 Ratings)
VKS makes it simple for companies to get rid of paper work instructions and transform into a digital factory. There are many benefits to our visual work instruction solution, including: No need for paper! Digital work instructions can be created with better results. You can reduce your defects up to 95% by performing in-process quality checks. Standardize best practices to increase productivity by 20% You can track your processes 100% with 100% certainty and real-time control. You can accelerate and improve the accuracy of your operational decision making. Capture tribal knowledge to close the skills gap.
Learn more
Atheris Reviews
Atheris
Atheris is a Python fuzzing engine guided by coverage, designed to test both Python code and native extensions developed for CPython. It is built on the foundation of libFuzzer, providing an effective method for identifying additional bugs when fuzzing native code. Atheris is compatible with Linux (both 32- and 64-bit) and Mac OS X, supporting Python versions ranging from 3.6 to 3.10. Featuring an integrated libFuzzer, it is well-suited for fuzzing Python applications, but when targeting native extensions, users may need to compile from source to ensure compatibility between the libFuzzer version in Atheris and their Clang installation. Since Atheris depends on libFuzzer, which is a component of Clang, users of Apple Clang will need to install a different version of LLVM, as the default does not include libFuzzer. The implementation of Atheris as a coverage-guided, mutation-based fuzzer (LibFuzzer) simplifies the setup process by eliminating the need for input grammar definition. However, this approach can complicate the generation of inputs for code that processes intricate data structures. Consequently, while Atheris offers ease of use in many scenarios, it may face challenges when dealing with more complex parsing requirements.
Learn more
Honggfuzz Reviews
Honggfuzz
Honggfuzz is a software fuzzer focused on enhancing security through its advanced fuzzing techniques. It employs evolutionary and feedback-driven methods that rely on both software and hardware-based code coverage. This tool is designed to operate in a multi-process and multi-threaded environment, allowing users to maximize their CPU's potential without needing to launch multiple fuzzer instances. The file corpus is seamlessly shared and refined across all processes undergoing fuzzing, which greatly enhances efficiency. When persistent fuzzing mode is activated, Honggfuzz exhibits remarkable speed, capable of executing a simple or empty LLVMFuzzerTestOneInput function at an impressive rate of up to one million iterations per second on modern CPUs. It has a proven history of identifying security vulnerabilities, including the notable discovery of the only critical vulnerability in OpenSSL to date. Unlike other fuzzing tools, Honggfuzz can detect and report on hijacked or ignored signals that result from crashes, making it a valuable asset for identifying hidden issues within fuzzed programs. Its robust features make it an essential tool for security researchers aiming to uncover hidden flaws in software systems.
Learn more

Pricing

Pricing Starts At:
Free
Free Version:
Yes

Integrations

View Integrations

Reviews

Total
ease
features
design
support

No User Reviews. Be the first to provide a review:

Write a Review

Company Details

Company:
Secure Mobile Networking Lab
Website:
github.com/seemoo-lab/toothpicker

Media

ToothPicker Screenshot 1
ToothPicker Screenshot 1 ToothPicker Screenshot 2
Recommended Products
$300 Free Credits for Your Google Cloud Projects Icon
$300 Free Credits for Your Google Cloud Projects

Start building on Google Cloud with $300 in free credits. No commitment, no credit card required until you're ready to scale.

Launch your next project with $300 in free Google Cloud credits—no strings attached. Test, build, and deploy without risk. Use your credits across the entire Google Cloud platform to find what works best for your needs. After your credits are used, continue with always-free tier services. Only pay when you're ready to scale. Sign up in minutes and start exploring.
Start Free Trial

Product Details

Platforms
Mac
iPhone App
iPad App
Types of Training
Training Docs
Customer Support
Online Support

ToothPicker Features and Options

ToothPicker User Reviews

Write a Review
  • Previous
  • Next