Papers
Topics
Authors
Recent
Search
2000 character limit reached

AIRFUZZ: Protocol-Aware AirDrop Fuzzing

Updated 4 July 2026
  • AIRFUZZ is a protocol-aware fuzzer for Apple AirDrop that reconstructs the complete seven-layer protocol stack to accurately emulate client-server interactions.
  • It employs a novel pre-compression mutation strategy on raw property list and CPIO formats before DVZip compression, significantly increasing payload acceptance from 3.2% to over 90%.
  • Experimental results show AIRFUZZ reaching 950 coverage edges and triggering 72 unique crashes, validating its efficacy in uncovering critical AirDrop vulnerabilities.

AIRFUZZ is a protocol-aware fuzzer for Apple AirDrop developed in the cross-platform vulnerability study "Protocol Prying: Systematic Vulnerability Research in the Apple AirDrop and Android Quick Share Proximity Transfer Protocols" (Ebrahim et al., 25 Jun 2026). It was built after reconstructing AirDrop’s seven-layer protocol stack and receiver-side state machine from static and dynamic analysis of sharingd and the private Sharing.framework. Its defining technical feature is pre-compression mutation: instead of corrupting compressed payloads directly, it mutates the raw binary property list and CPIO representations and then re-encodes them with a re-implemented DVZip adaptive compression routine. In the reported evaluation, successive AIRFUZZ versions increased acceptance from 3.2% to 92.3%, reached 950 coverage edges, and produced 72 unique crashes in sharingd over 250 K executions, including three AirDrop vulnerabilities designated V1–V3 (Ebrahim et al., 25 Jun 2026).

1. Position within the AirDrop protocol stack

AIRFUZZ is tightly coupled to a reconstructed model of AirDrop’s application-layer pipeline. The receiver processes each incoming TLS connection bound to AWDL port 8770 through seven layers: link layer (AWDL/BLE discovery and sync), network layer (IPv6 link-local on awdl0), security layer (TLS 1.2/1.3 with self-signed certificates), transport layer (HTTP/1.1 POST paths /Discover, /Hello, /Ask, /Upload, /Exchange, /SharedIdentity, /Error), encoding layer (Apple binary property lists, bplist00), compression layer (DVZip/gzip chunking), and archive layer (CPIO newc/BOM) (Ebrahim et al., 25 Jun 2026).

At the HTTP layer, the receiver implements a seven-state state machine in SDAirDropConnection, with three request slots—Discover, Ask, and Upload—and a dispatch semaphore that blocks processing of Upload and Exchange until user consent. A nominal protocol run is Discover from client to server, returning StatusCode=100/200/401, followed by Ask, which raises a UI prompt and blocks on the semaphore, and then Upload, which carries a DVZip-CPIO payload.

AIRFUZZ embeds at layer boundaries so that it can both satisfy protocol preconditions and inject mutations at the last structurally meaningful representations of the input. It drives the state machine by emulating a client over a single TLS session: it first issues Discover, then Ask with optional Hello to set Exchange keys, and finally fuzzes Upload. This arrangement is significant because AirDrop is not a flat parser interface; reaching deeper parser and application logic requires valid protocol progression rather than isolated malformed packets.

2. Pre-compression mutation model

The central design decision in AIRFUZZ is to mutate pre-compression artifacts rather than the compressed stream. Early versions that mutated the compressed stream directly achieved less than 1% acceptance because of zlib checksum failures. The reported alternative is to operate on the raw representation and then perform standard DVZip compression, which raised server acceptance to more than 90% (Ebrahim et al., 25 Jun 2026).

At the binary property list level, AIRFUZZ uses grammar-driven insertion and deletion of keys, cross-type substitution such as string-to-integer replacement, oversize numeric values, and controlled recursion. At the CPIO level, it applies path traversal strings such as ../../etc/passwd, symlink and device node injection, and deep pathname nesting. The approach preserves the structural expectations of the downstream parser while still perturbing semantically sensitive fields.

The paper formalizes the binary property list grammar as G=(N,T,P,S)G = (N,T,P,S) over object types including Dictionary, Array, String, Integer, and Data. A grammar-aware mutation operator μ:SS\mu : \mathbb{S} \rightarrow \mathbb{S} is defined such that, for a parse tree τL(G)\tau \in L(G), μ(τ)=τ\mu(\tau)=\tau' where τ\tau' is obtained by replacing a subtree of type ANA \in N with a subtree drawn uniformly from Gen(A)\mathrm{Gen}(A), subject to the size bound τατ|\tau'| \le \alpha \cdot |\tau|. Field-level mutation is defined as

Mfield(plist,k,δ):if kplist then plist[k]plist[k]δreturn plistM_{\text{field}}(\text{plist}, k, \delta): \quad \text{if } k \in \text{plist} \text{ then } \text{plist}[k] \leftarrow \text{plist}[k] \oplus \delta \quad \text{return plist}

where δ\delta may be an integer offset, bitmask, or injected byte sequence.

The same principle is reflected in the reported FuzzUpload procedure: parse a seed CPIO archive, clone it, probabilistically mutate file headers and pathnames, serialize the mutated archive, compress it with DVZip_compress, and send the result as an HTTP POST to /Upload. This architecture makes AIRFUZZ less a generic mutator than a structured transformer parameterized by the protocol’s last uncompressed representations.

3. DVZip reconstruction and compression-preserving generation

AIRFUZZ depends on a reverse-engineered reconstruction of DVZip, the adaptive compression format used in AirDrop’s upload path (Ebrahim et al., 25 Jun 2026). Binary analysis in the source study indicates that DVZip uses an adaptive chunk format in which each chunk header is a 4-byte big-endian length μ:SS\mu : \mathbb{S} \rightarrow \mathbb{S}0. The chunk payload is ordinarily a zlib DEFLATE block, but when compressibility falls below a threshold μ:SS\mu : \mathbb{S} \rightarrow \mathbb{S}1, the compressor switches to raw gzip. If the receiver does not advertise SupportsDVZip, the client falls back to standard gzip.

The AIRFUZZ re-implementation partitions data into fixed-size windows μ:SS\mu : \mathbb{S} \rightarrow \mathbb{S}2 such as 32 KB, compresses each with zlib_deflate, and replaces the result with gzip_compress(W_i) when the compression ratio exceeds μ:SS\mu : \mathbb{S} \rightarrow \mathbb{S}3. It then emits emit_be32(len(C_i)) ∥ C_i for each chunk. The adaptive rule is given as

μ:SS\mu : \mathbb{S} \rightarrow \mathbb{S}4

with final output

μ:SS\mu : \mathbb{S} \rightarrow \mathbb{S}5

This reconstruction is operationally important because AirDrop’s receiver expects a compression context consistent with sharingd’s implementation. AIRFUZZ therefore does not merely preserve parseable structure at the archive and property-list layers; it also preserves the framing discipline of the adaptive compression layer. A plausible implication is that, for proprietary protocols with application-specific compression envelopes, input generation and protocol reverse engineering are inseparable tasks.

4. Instrumentation, coverage collection, and state progression

AIRFUZZ uses layer-boundary instrumentation rather than heavy in-process rewriting. At layer 4, a Frida Interceptor hook is placed on the HTTP path router to provide coverage feedback on each incoming POST path and to bypass the UI semaphore by forcing canAutoAccept→true. At layer 5, it hooks CFPropertyListCreateWithData to mark edge transitions in the property-list parser. At layers 6 and 7, it intercepts the DVZip header parser and the CPIO header extractor to observe chunk-level and archive-level accept or reject decisions (Ebrahim et al., 25 Jun 2026).

Coverage-guided mutation selection is driven by these layer-boundary hooks. The study reports 100+ hook points, seed corpus prioritization by novelty and boundary values, and layer-specific mutation strategies spanning HTTP, bplist, DVZip, CPIO, DER, memcorrupt, and havoc. The Discover and Ask requests establish protocol state, while the Frida auto-accept hook removes the blocking user-consent dependency and enables continuous Upload fuzzing.

The well-formedness strategy is explicit. Pre-compression mutation preserves zlib framing and avoids immediate rejection. Grammar-based property-list mutations preserve parseable structure through balanced tags and correct length tags. Field-level mutations target single keys or numeric fields rather than collapsing the whole format. Boundary checks are applied to maximum HTTP body size and maximum CPIO pathname length to avoid trivial rejections. These measures indicate that AIRFUZZ is designed to maximize execution beyond syntactic front gates and into deeper logic paths.

5. Experimental configuration and quantitative results

The reported test harness spans multiple platforms. For Apple targets, the study used macOS 15.7.4/26.3 on Apple Silicon (arm64e) and Intel (x86_64) with AWDL enabled, and iOS 18.1/26.3 on iPhone (arm64e). For the broader study context, the authors also evaluated Android 16 with Samsung Quick Share v13.8.01.11 on a Galaxy S23 Ultra and Windows 10 with Google Quick Share 1.0.2472.1. Each target ran a Frida agent for auto-accept and coverage collection, and orchestration was performed by a Python fuzzer over SSH/Wi-Fi (Ebrahim et al., 25 Jun 2026).

The published version-by-version results are as follows:

Version Acceptance / Coverage Crashes / V-bugs
AF1 3.2%; 120 edges 5; V1
AF2 7.5%; 230 edges 12; V1, V2
AF3 45.1%; 610 edges 34; V1–V3
AF4 92.3%; 950 edges 72; V1–V3

Figure 1 in the source paper is described as plotting cumulative unique edges covered versus fuzzing time and showing a sharp coverage gain when pre-compression mutation is enabled in AF4. Over 250 K executions, AIRFUZZ triggered 72 unique crashes in sharingd, including the three AirDrop bugs V1–V3.

These figures delimit AIRFUZZ’s empirical role precisely. AF1 and AF2 expose the limited effectiveness of earlier strategies; AF4 corresponds to the fully protocol-aware, pre-compression design. The progression suggests that acceptance rate, coverage growth, and vulnerability yield are tightly linked to correct modeling of the protocol’s serialization and compression layers rather than to random mutation volume alone.

6. Vulnerability discoveries and broader significance

AIRFUZZ is credited with three AirDrop findings. V1 is an unhandled HTTP path at layer 4: an HTTP POST to /UnknownPath with any nonzero Content-Length invokes Swift’s fatalError() default switch case in the path router and kills sharingd, producing a denial of service. It was discovered within the first 200 AF2 test cases through HTTP path corruption strategies. V2 is an XML plist recursion stack overflow at layer 5: grammar-based injection of 200 nested <dict> elements in a /Discover request exhausts the 512 KB stack of Foundation’s XMLPlistScanner, causing SIGBUS. V3 is an HTTP/1.1 parser NULL dereference across layers 4 and 3: malformed chunked framing with negative chunk-size or conflicting Content-Length headers drives Network.framework’s HTTP/1.1 framer into an inconsistent state and dereferences a NULL pointer (Ebrahim et al., 25 Jun 2026).

The same study complements AIRFUZZ with targeted hand-written analyses of Samsung Quick Share and Google Quick Share for Windows. Those analyses found two Samsung protocol-layer flaws—V4, a pre-authentication bypass in which the dispatcher processes KEEP_ALIVE, BANDWIDTH_UPGRADE, and CONNECTION_RESPONSE before UKEY2 completes, and V5, an encryption bypass in which three post-handshake OfflineFrame types are accepted as plaintext—and one Google Quick Share for Windows heap use-after-free, V6, caused by a multi-threaded race between endpoint collision teardown and OnEncryptionFailed leading to a vtable dereference on a freed EndpointChannel. Google awarded a bounty for V6, and Apple, Samsung, and Google acknowledged the reports.

The broader significance is that AirDrop and Quick Share are reachable from wireless proximity without prior pairing and process complex serialized content inside privileged daemons. This suggests that application-layer protocol structure, not only link-layer discovery or transport encryption, determines much of the zero-click attack surface. The study’s stated lessons generalize accordingly: decompose proprietary stacks into layered models, instrument each layer’s input boundary, mutate the last uncompressed representation before adaptive compression, combine random havoc with field-level and grammar-based mutation, and automate protocol state progression through mechanisms such as auto-consent and handshake completion. The paper states that these principles apply broadly to fuzzing complex, multi-layer proximity transfer and structured-serialization protocols, including proprietary IoT stacks, custom RPC frameworks, and adaptive compression pipelines (Ebrahim et al., 25 Jun 2026).

Definition Search Book Streamline Icon: https://streamlinehq.com
References (1)

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to AIRFUZZ.