What is ToothPicker?
ToothPicker is an advanced in-process, coverage-guided fuzzer that is specifically tailored for iOS, with a primary focus on the Bluetooth daemon and a variety of Bluetooth protocols. Built on the FRIDA framework, this tool can be customized to operate on any platform that supports FRIDA. Additionally, the repository includes an over-the-air fuzzer that provides a practical example of fuzzing Apple's MagicPairing protocol via InternalBlue. It also comes with the ReplayCrashFile script, which helps verify any crashes detected by the in-process fuzzer. This straightforward fuzzer works by altering bits and bytes in inactive connections and, while it does not incorporate coverage or injection methods, it effectively demonstrates its functionality in a stateful manner. Only requiring Python and Frida to run, it dispenses with the need for further modules or installations. Since it is based on the frizzer codebase, it is recommended to create a virtual Python environment to ensure optimal performance with frizzer. The introduction of the iPhone XR/Xs has brought about the implementation of the PAC (Pointer Authentication Code) feature, highlighting the importance of continuously evolving fuzzing tools like ToothPicker to align with the changing landscape of iOS security protocols. As technology advances, maintaining and updating such tools becomes crucial for security researchers and developers alike.
Pricing
Price Starts At:
Free
Free Version:
Free Version available.
Integrations
Similar Software to ToothPicker
Ditto
Ditto is the only mobile database that comes with built-in edge connectivity and offline resilience, allowing apps to sync data without depending on servers or continuous access to the cloud. As billions of mobile and edge devices—and the deskless workers using them—form the backbone of modern operations, organizations are running into the constraints of conventional cloud-first systems. Used by leaders like Chick-fil-A, Delta, Lufthansa, and Japan Airlines, Ditto is at the forefront of the edge-native movement, reshaping how businesses operate, sync, and stay connected beyond the cloud. By removing the need for external hardware, Ditto’s software-based networking lets companies develop faster, more fault-tolerant applications that perform even in disconnected environments—no cloud, server, or Wi-Fi required.
Leveraging CRDTs and peer-to-peer mesh replication, Ditto allows developers to build robust, collaborative applications where data remains consistent and available to all users—even during complete offline scenarios. This ensures business-critical systems remain functional exactly when they’re needed most.
Ditto follows an edge-native design philosophy. Unlike cloud-centric approaches, edge-native systems are optimized to run directly on mobile and edge devices. With Ditto, devices automatically discover and talk to each other, forming dynamic mesh networks instead of routing data through the cloud. The platform seamlessly handles complex connectivity across online and offline modes—Bluetooth, P2P Wi-Fi, LAN, Cellular, and more—to detect nearby devices and sync updates in real time.
Learn more
Gym Assistant
Bio-Logic Inc. presents Gym Assistant, a user-friendly membership management solution designed specifically for small to medium-sized gyms, fitness facilities, and health clubs. This software equips gym managers with essential tools to facilitate informed decision-making in their business operations. With a comprehensive array of features such as access control, front desk check-ins, payment processing, billing management, a membership database, customizable forms and letters, as well as extensive reporting capabilities, it addresses a wide range of operational needs. Furthermore, users can enhance their experience by upgrading to MemberConnect digital Services, which offers SMS capabilities and a dedicated mobile app for members. Gym Assistant stands out as a simple, powerful, and cost-effective solution for fitness enterprises. It truly transforms the way gyms manage their memberships and engage with their clients.
Learn more
Jazzer
Jazzer, developed by Code Intelligence, is a coverage-guided fuzzer specifically designed for the JVM platform that functions within the process. Taking cues from libFuzzer, it integrates several sophisticated mutation capabilities enhanced by instrumentation tailored for the JVM ecosystem. Users have the option to engage with Jazzer's autofuzz mode through Docker, which automatically generates arguments for designated Java functions and detects as well as reports any anomalies or security issues that occur. Furthermore, users can access the standalone Jazzer binary from GitHub's release archives, which launches its own JVM optimized for fuzzing operations. This adaptability enables developers to rigorously assess their applications for durability against a variety of edge cases, ensuring a more secure software environment. By utilizing Jazzer, teams can enhance their testing strategies and improve overall code quality.
Learn more
Atheris
Atheris operates as a fuzzing engine tailored for Python, specifically employing a coverage-guided approach, and it extends its functionality to accommodate native extensions built for CPython. Leveraging libFuzzer as its underlying framework, Atheris proves particularly adept at uncovering additional bugs within native code during fuzzing processes. It is compatible with both 32-bit and 64-bit Linux platforms, as well as Mac OS X, and supports Python versions from 3.6 to 3.10. While Atheris integrates libFuzzer, which makes it well-suited for fuzzing Python applications, users focusing on native extensions might need to compile the tool from its source code to align the libFuzzer version included with Atheris with their installed Clang version. Given that Atheris relies on libFuzzer, which is bundled with Clang, users operating on Apple Clang must install an alternative version of LLVM, as the standard version does not come with libFuzzer. Atheris utilizes a coverage-guided, mutation-based fuzzing strategy, which streamlines the configuration process, eliminating the need for a grammar definition for input generation. However, this approach can lead to complications when generating inputs for code that manages complex data structures. Therefore, users must carefully consider the trade-offs between the simplicity of setup and the challenges associated with handling intricate input types, as these factors can significantly influence the effectiveness of their fuzzing efforts. Ultimately, the decision to use Atheris will hinge on the specific requirements and complexities of the project at hand.
Learn more
Screenshots and Video
Company Facts
Company Name:
Secure Mobile Networking Lab
Company Website:
github.com/seemoo-lab/toothpicker
Product Details
Deployment
Mac
iPhone
iPad
Training Options
Documentation Hub
Support
Web-Based Support
Product Details
Target Company Sizes
Individual
1-10
11-50
51-200
201-500
501-1000
1001-5000
5001-10000
10001+
Target Organization Types
Mid Size Business
Small Business
Enterprise
Freelance
Nonprofit
Government
Startup
Supported Languages
English
